A Linux-Based "Breath Test" For Porn On PCs 345
Gwaihir the Windlord writes "A university in Western Australia has started beta testing a tool that's described as 'a random breath test' to scan computers for illicit images. According to this article it's a clean bootable Linux environment. Since it doesn't write to the hard drive, the evidence is acceptable in court, at least in Australia. They're also working on versions to search for financial documents in fraud squad cases, or to search for terrorist keywords. Other than skimming off the dumb ones, does anyone really expect this to make a difference?" The article offers no details on what means the software uses to identify suspicious files.
About the only way it COULD work... (Score:3, Interesting)
Psych-Ops (Score:5, Interesting)
The article offers no details on what means the software uses to identify suspicious files.
I highly suspect that the police don't want people to know the details of how sophisticated their technology is because they don't want to embarrass themselves. Keeping an aura of mystery and FUD around themselves and their techniques is also a form of psych-ops; it's the chrome facade of a lemon.
Re:About the only way it COULD work... (Score:4, Interesting)
And trivial ways to get around it. An encrypted file system is the obvious solution, but hell if they're just checking hashes you could use ImageMagick and a very small shell script to very slightly alter the image, giving you an entirely new hash.
Yes. Encryption is rare. (Score:3, Interesting)
A local forensics expert says the same thing of his practice. In fact, last time I heard him speak about it, he said he'd never encountered encryption in a case he handled.
There's some sample bias going on there, because he refuses to handle some cases, and child pornography is one of the things he won't touch.
BitLocker may make encryption more mainstream.
Re:Can't be challenged forensically? (Score:4, Interesting)
Re:Quick! Whats the... (Score:5, Interesting)
'Human skin tones' is a pretty wide range though. Even just restricting it to 'white' people gives you a big range of colours if you consider the various shades of tan / sunburn - anything from deep red to pale white through dull brown. If you want to find naked black- or yellow-skinned people then it's an even bigger range. If something is blue or green you could probably guess it's not naked skin (unless the person is bruised, or wearing body paint), but without factoring in shape as well it's pretty difficult to tell if something is human coloured or not.
Actually, human skin is pretty much all the same hue, it just has different saturation levels. If you convert each image to HSV from RGB, you can just look at the hue component and people all pretty much look the same. This is common in computer vision techniques for identifying skin.
-Taylor
Re:Quick! Whats the... (Score:5, Interesting)
Re:Randoms searches, Yay. (Score:4, Interesting)
It's not the folks descended from criminals that worry me. It's the folks who are descended from the prison wardens who cause all the trouble.
Re:About the only way it COULD work... (Score:3, Interesting)
I have an encrypted disk that is full of encrypted disks. They are labeled backup_date and important_documents_date, etc. I have a special one named long_term_storage that is for 'special' files I do not want the rest of the world to have access to but do not belong in a category I set up.
So not only do you need my encryption password to boot my notebook, but then you need to know the password of the individual containers to see what is inside them. That is of course assuming I don't have any hidden containers or keyfiles.
Re:Illicit? (Score:2, Interesting)
Owners of said machines must be hiding something.
-- punt!
Re:About the only way it COULD work... (Score:1, Interesting)
Pretty hard to beat, unless you just encrypt everything.
Re:Illicit? (Score:3, Interesting)
Last time I checked, porn was not illegal.
While the summary says "porn", the article is referring to child pornography - which is illegal.
Re:Quick! Whats the... (Score:5, Interesting)
One of the environments I worked in had a sniffer that grabbed all the images (and associated session information) it could see on the wire for that organization (or at least a subset - there was a LOT of traffic involved). It would then process those images and generate a "skin folder" of suspect imagery. We could then sift through that skin folder looking for illicit browsing, etc.
Yeah - it caught porn. But it also contained a lot of imagery of furniture, mars landscapes, deserts (it really liked the time pictures of camel spiders in Sandland were the hot topic of emails) and other such not-skin-oriented imagery.
Re:A porn breath test? (Score:3, Interesting)
False negatives are something which gets less press but can still be funny.
Girl I worked with was being driven home by her boyfriend. They get stopped at a checkpoint. He's cold sober but she's had enough alcohol to knock out a bull elephant.
The officer taps on the window, window rolls down "could you blow on this please", "no problem", DING green light.
At this point my very drunk workmate leans across her boyfriend "CAN I HAVE A GO!TEHEHEHE! You don't have to change the mouthpiece!". The police officer rolls her eyes but lets the mad drunk passenger blow into it as there were no other cars waiting.
You guessed it.
*DING green light*
Que some odd looks from the officer and a great deal of lost faith in the technology.
Re:About the only way I it COULD work... (Score:4, Interesting)
As you demonstrate, the MD5 technique does not work. However there are other image "hashing" techniques that do work. For example, take the first three statistical moments of the histogram of the R, G and B intensities. To compare two images take a simple L1 distance between those moments. If it's below some threshold they are the same.
Disclaimer: The above algorithm works best for detecting differences between two video streams even when those video streams are distorted by color shifts. (I have personal experience with using it on production software.) For detecting similarities of images you may have to use slightly different techniques.
Dumb Criminals get caught.... (Score:2, Interesting)
It's a fair comment to say that images that are changed are going to have different hash values. But how many non tech people who download images en masse that are of interest to law enf0rcment are going to reneame them? Often, it's those that don't think about what they are doing that these tools are designed to catch; end users as such.
Tools like these I believe are for the majority of cases and the occasional big ring crackdown. It's not so that they can shut down kiddy pr0n, but to tell everyone that they are doing something about it while putting in minimal effort and thus justifying a government job. It's amazing how many people in government jobs will keep a cruisy job going if all they have to do is justify it every now and again. I see it around me every day in my job. Maximum output on paper, with minimal input in reality.
Then again I could be wrong, but I've been known to lean on my government 'shovel' from time to time aswell.