UK Cops Want "Breathalyzers" For PCs 545
An anonymous reader writes "One of the UK's top cyber cops, detective superintendent Charlie McMurdie, says the top brass want to develop the equivalent of a breathalyzer for computers, a simple tool that could be plugged into a machine during a raid and retrieve evidence of illegal activity. McMurdie said the device was needed because of a record number of PCs were being seized by police and because the majority of cops don't have the skills to forensically analyse a computer."
Right (Score:5, Insightful)
That's pretty much like building a mind-reader to figure out if a person has ever committed a crime. Good luck with that.
I have four words for them... (Score:1, Insightful)
This should be entertaining.
Re:So they want GOV spyware? (Score:4, Insightful)
Good job managing to misread the summary.
Good luck with that (Score:5, Insightful)
Don't quit your day job, detective superintendent (Score:5, Insightful)
Re:Right (Score:5, Insightful)
Hey asshole, aren't search warrants supposed to explicitly specify what you're looking for? You seized the computer, it should've been for a specific reason, not to conduct a fishing expedition.
Outlaw encryption (Score:4, Insightful)
The next inevitable step for the UK gov't will be to outlaw using encryption on personal computers, because it's "too hard" to break.
This isn't a slippery slope for the UK anymore, it's a landslide, rushing down the mountain, annihilating everything in its way.
Sad.
Yeah, right... (Score:5, Insightful)
Re:Right (Score:3, Insightful)
That's pretty much like building a mind-reader to figure out if a person has ever committed a crime. Good luck with that.
Or like exploiting three people capable of seeing into the future [imdb.com] in order to generate police reports and make arrests.
As we learned, nothing can possibly go wrong!
Re:Outlaw encryption (Score:5, Insightful)
Too late - in Britain, it is a crime to refuse to turn-over your encryption key to the police when requested (no 5th amendment rights).
Dumbest. Idea. Ever. (Score:5, Insightful)
What next, a breathalyser for paedophiles? Murderers? Terrorists? Why does not the UK police use that money to train their people or hire new specialists instead of trying to build a perpetuum mobile? Any criminal worth spending this project's money on is savvy enough to fully encrypt his hard disk. If they are so dumb not to encrypt compromising data, any cop with a few hours of training could find it. So what is this project really aiming at?
Probable Cause (Score:2, Insightful)
The Truth (Score:5, Insightful)
Re:Probable Cause (Score:3, Insightful)
Three things:
1) Plain sight rule. If there is something incriminating on the screen, then the evidence is admissible.
2) A warrant can include a search of the computer.
3) If the person is suspected of using the computer to commit a crime, such as luring a child or sending threatening emails as harassment, then the police have probable cause.
Why do cops always want an easy job? (Score:5, Insightful)
I think this is another example of relatively well-meaning people who fail to comprehend how dangerous their intentions are because they don't think them through. Let's say there is a device that can be plugged into a PC (maybe the USB port?) and almost instantly tell you whether it has illegal content with no need for expert analysis. Yeah I know that I should also posit the existence of the tooth fairy but bear with me. Who makes this device? How trustworthy are they? Do competitors or other rivals oddly happen to have a higher percentage of "illegal" PCs? Is the device a black box or can the average person examine and scrutinize it? If the cops already don't have the staff or the expertise to perform forensic analysis on PCs, what's our guarantee that they will correctly use this device or that they can offer any sort of assurance that the way it is used won't violate anyone's civil rights? What's to prevent criminals from obtaining one (by whatever means) and making sure that their illegal data isn't where this thing is looking? If I can think of this in a few minutes, WTF are these people smoking that they consider this a serious proposal? Or do they simply not care about these concerns?
You know what you'll probably never see? The police "top brass" asking for a device to help make sure that their officers don't violate anyone's civil rights and that they follow all the laws concerning due process.
Re:Not too hard to guard against this breathalyzer (Score:3, Insightful)
Usually, only the stupid ones get caught. Knowing to do what you have suggested, moves one out of the realm of stupid.
The Headline (Score:4, Insightful)
Re:Outlaw encryption (Score:4, Insightful)
That scheme falls apart when the investigators know what TrueCrypt does.
"Give me your password. No, the one for the hidden volume."
Re:Dumbest. Idea. Ever. (Score:2, Insightful)
Re:Right (Score:5, Insightful)
Re:Don't quit your day job, detective superintende (Score:4, Insightful)
Her day job is architect of the UK's Police Central E-crime Unit, so it might be a bit late for that.
Having said that, I get the distinct impression from RTFA that this is pie-in-the-sky "this is the sort of tool we'd like in an ideal world, not that it's even remotely practical" rather than something that's in active development:
said frontline police ideally need a digital forensic tool as easy to use as the breathalyser, to help them deal with growing numbers of computers being seized during raids on suspects' homes
Yep, and I bet they'd like a machine which they can just turn on, punch in details of an unsolved crime and bingo! it tells you the perpetrators name, address, telephone number, the car they drive, their plans for the next 48 hours and where sufficient evidence to obtain a conviction can be found. It's fairly obvious from the article that whatever qualification this woman has, none of them involve technology.
Re:Right (Score:1, Insightful)
Well, it's easy enough to build up a database of SHA1 hashes for kiddie porn and such.
Keep in mind, anything that matches a crypto hash, at least in the U.S., means the media depicts an actual child who was found to be sexually assaulted/violated. It's not just someone who may or may not look underage; it's someone who was proven in some court to be underage.
... as SHA-1 collision attacks become more prevalent (it's a guarantee they will), how will law enforcement ensure accurate results? Will they compare SHA-1 hashes plus file sizes in bytes, to account for files that have been "padded"? Will they just inspect content (what does it say about somebody who wants that job)? Will they switch over to whatever NIST picks from their hash function competition? In which case, how do they recompute hashes? Do they wipe their database clean and start over, or compare against 2 sets of hash functions (the old SHA-1 and the new [insert whatever here])? Or, are they stashing full copies of the media where they could just re-compute the new hashes? And if they are, why in the world are they hanging on to it? Is that Constitutional? What about pervert insiders who leak it back out, thus creating more "child porn traffic"? What about power tripping cops who sneak copies of it and plant it on people's computers?
... How long will it take the _actual_ child porn traffickers to figure out that flipping a single bit defeats a crypto hash? And what happens if that becomes an epidemic? Would a bit twiddling epidemic result in law enforcement's supposed right to maintain copies of known child porn? How does that affect the victims' rights to privacy? Or will law enforcement do something else entirely?
Makes you wonder
And a better question
All questions, no answers.
Re:Right (Score:5, Insightful)
Except we want cops to catch people with illegal drugs etc.. Why restrain the cops from doing what we all need them to do? Whether its illegal aliens or a bundle of dope I prefer that 100% be detected and punished.
They cannot even keep illegal drugs out of prison (don't take my word for it -- do the research yourself). How do you propose that we do this in a relatively free society? The way it has worked is that some amount of crime is tolerated in exchange for having a free society with things like legally recognized civil rights. With drugs and lately with terrorism the (dangerous) mentality has been that we need to stop $EVIL_THING no matter how high the cost is to the rest of society. This is tunnel vision at best, a step towards a totalitarian government at worst.
But I am curious. Once you see for yourself with your own research that they cannot even keep drugs out of prisons, I would like to know this: what environment even more restrictive than prison would you propose for the entire population in order to better meet your 100% detection/punishment rate? I'd also like to know whom you would entrust with the management of this environment.
Re:Good luck with that (Score:2, Insightful)
Heh....and I bet it won't work under linux....NOTHING works under linux.... *Disclaimer: Most everything on my linux box works.
Ah but that's the beauty of it! If the program doesn't work, then it's obstruction of justice. Muahahaha!
Re:Right (Score:5, Insightful)
Except we want cops to catch people with illegal drugs etc..
What do you mean "we", white man?
Why restrain the cops from doing what we all need them to do?
So that they don't trample all over innocent people in their race to jail stoners? So that we can maintain some sort of privacy instead of throwing our doors open to anyone with a badge so that they can rifle through our homes in case we may have been doing something wrong? So that we can keep some kind of checks on the cops so that they might work to protect us while respecting our rights instead of just busting people and feeling like tough-guys on a power trip?
Pick which ever one speaks to you best.
Re:Right (Score:2, Insightful)
>>>doesn't mean you have to IGNORE it.
According to the U.S. Supreme Court, that is exactly what it means. Mapp v. Ohio establishes that if the police are searching for one item (in this case a fugitive) may not then collect other items and prosecute for that crime (they found porn in the basement).
Re:Right (Score:3, Insightful)
What statements? They're not going to be able to lie about whether or not they had a warrant.
Re:Dumbest. Idea. Ever. (Score:3, Insightful)
Why does not the UK police use that money to train their people or hire new specialists instead of trying to build a perpetuum mobile?
Because the "top brass"'s nephew only sells USB trinkets, not training for specialists.
Re:Right (Score:3, Insightful)
It's a fine line between hampering catching criminals by giving "too many rights" and stepping over the bounds of innocent until proven guilty...
Oh yes, it's so fine a line that it is in fact the same line approached from opposite sides.
Re:Outlaw encryption (Score:1, Insightful)
Perjury...one of my favorite crimes.
why police like drug offenses (Score:5, Insightful)
As other posters have noted, cyber fraud is hard to prove, since the evidence it leaves behind (data, transactions, account numbers) looks so much like legal commerce. It takes a lot of smart work by educated professionals to prove the difference.
Now you know one of the reasons that the police like drug laws so much: The key facts can be understood and collected by an officer with an IQ of 80 and just a couple months of training.
Re:So they want GOV spyware? (Score:5, Insightful)
What?
It's an apt post.
Spyware snoops around and grabs whatever it finds and deems to be unbecoming of a law abiding computer user.
They then hand that off (and the pc itself, likely) to a group of people who will do the analysis.
The post above you implies that this tool will not be of much actual help, and I agree. A "clean" report from the tool means nothing, and for any actual raids the computers will still be combed over by a forensic team. Any "dirty" report from the tool will result in the same outcome.
What this is really about is passing the buck and keeping face - the cops don't want to look incompetent, so they create this tool and publicize it.
Any failure of the cops will be blamed on the tool still being a work in progress, hackers actively working against the tool, etc.
Any responsibility on the part of the cops will be passed off immediately to the forensics teams. When the tool gives out a "dirty" report, the cops will fill out the green "Suspicion of Illegal Digital Bits on Electrical Personal Computing Device" form and hand over the report and the pc to the forensics team.
Once the tool is accepted as good and trustworthy, departments will find any excuse at all to use them to harass and extort money from the public.
Noise complaint?
Let's bang on the doors, give them shit, and check their computers for illegal activity. You just KNOW that music isn't paid for.
No, sir, since we heard music from the street, and we clearly can see you have a computer, and sound system, and a lack of physical CDs/tapes/records, in plain sight. We have reason to believe a crime has been committed. We don't need a warrant to perform a cursory search. If the search turns up anything, your equipment will be confiscated as evidence.
Re:Right (Score:3, Insightful)
Just encrypt all of your crap, and don't have illegal stuff.
Amen. With all the practically unbreakable, freely available encryption solutions out there, I don't understand why any criminal who, even occasionally, touches a computer, doesn't use a generous amount of encryption. Encryption stymies any attempt at, after the fact, detection.
Anyway, I guess nobody complains when the dumb criminals make it easy.
IT'S IN THE GODDAMN RFC! (Score:4, Insightful)
It's in the goddamn rfc, they HAVE to follow it. What are you, from Microsoft?
Re:Outlaw encryption (Score:5, Insightful)
They cannot prove that a hidden volume even exists, that is the whole point.
Re:Right (Score:5, Insightful)
Except we want cops to catch people with illegal drugs etc.. Why restrain the cops from doing what we all need them to do?
You seem to be excluding people with illegal drugs from this group you erroneously label as "all". Be careful you do not find yourself similarly excluded.
And sometimes they're not even caught with drugs but rather caught with "too much" cash on their person.
Whether its illegal aliens or a bundle of dope I prefer that 100% be detected and punished.
"Vote Fascist for a Third Glorious Decade of Total Law Enforcement."
If every law is enforced 100% of the time, you live in a police state and have no real freedom, where even the tiniest of harmless infractions will bring harsh penalties:
Re:Right (Score:3, Insightful)
To hell with that. The current classification for which drugs are legal and illegal is totally messed up in my opinion. We need to re-evaluate what we're banning before we go off on such tangents.
The problem is that there's not much political power to be had under this sort of reasoning. No new bureaus and departments to be created, no new positions to staff with your cronies, and no excuses to expand budgets and governmental power. It's such a good idea that it'll never happen without radical changes to the way things are done.
Re:Right (Score:3, Insightful)
I don't understand why any criminal who, even occasionally, touches a computer, doesn't use a generous amount of encryption. Encryption stymies any attempt at, after the fact, detection.
Because most criminals are idiots to begin with. Seriously. Ask any cop how many criminals they've arrested whom would have gotten away with whatever crime they committed if they had kept their mouths shut. Combine that level of stupidity with the fact that the typical criminal isn't going to be very computer savvy and you can see why few of them use encryption.
easy to use -- easy to fool (Score:3, Insightful)
The first thing that occurs to me is that any appliance easy enough for a beat cop to use couldn't be very high-grade forensics. If there is a standard set of techniques used by the appliance, there will almost immediately (as soon as one is stolen) be a standard set of work-arounds. After which, only the profoundly stupid and/or set-up will ever be caught.
On the other hand, it occurs to me that the authorities only need the occasional high-profile arrest to keep funding going, so maybe it's a win-win for all -- the gov'ment gets credit for "cracking down on porn" and the hard cores have a known set of procedures to keep their stuff under cover.
Re:Probable Cause (Score:3, Insightful)
I think people misunderstand the nature of law enforcement in the UK (and elsewhere)
1) we have LOTS of laws
2) Every one is guilty of something
3) The police know that you are guilty
4) At the moment they have to specify what of.
The primary strategy is to try and remove requirement ( 4) but an automated identification of your special crime would be a big help.
Re:Right (Score:3, Insightful)
The point is, that the original suspicion - the one they got the warrant for - is completely made up and fake. Our whole law system is set up in a way, that there always is something you did "wrong". Always. That's the basic idea of laws nowadays.
So the trick is, that they can put anyone to jail if he does not fit their agenda.
It's like a mafia you can bribe. They will go, make up some "suspicion", search your house, find some obscure thing that's in law book 5000, paragraph 9574 section v, subsection 385, (that of course "every citizen has to inform himself about"), and put you to jail.
Same thing with the terms and conditions of contracts. Deliberately written so that you can't understand it, in tiny fonts, on 20 separate pages, that you first have to download on "www.companysite.com" (notice the omission of a direct link). If they can fuck you, they will.
It's the rule of power like in the times where people still used clubs to beat each other. It's just better hidden nowadays.
Re:So they want GOV spyware? (Score:3, Insightful)
Conducting a search due to a crime in progress or evidence in plain sight is significantly more difficult -- at least in the US -- than you make it out to be. Never mind that copyright infringement is, except in a few cases, a civil matter and not criminal (meaning the police cannot investigate it, and could not possibly claim there was open evidence of a crime).
The problem with the original post is that it called the desired tool spyware. Spyware has a particular meaning: it is software that is installed surreptitiously (or installed intentionally under the auspices of legitimate software) that actively monitors or alters the computer's actions and/or your interactions with it. What they want is actually a first-response forensic tool, where when they serve a warrant for the seizure of computers, they can run first run this tool to quickly scan for obvious evidence of interest, rather than simply conveying the seized computers to a forensic lab.
In other words, it's very much like a breathalyzer, whereas spyware is somewhat more akin to a network of cameras with automated behavioral monitoring software in a mall.
The United Kingdom is now The Village (Score:3, Insightful)
And you're ALL Number 6.
Do you have the courage that Number 6 had? Will you fight back against Number 2?
Are you just "A number" or are you Free Men & Women?
The choice is yours.
Re:Dumbest. Idea. Ever. (Score:3, Insightful)
So what is this project really aiming at?
Do you really want to know? Think about what breathalyzers do. They are used by the cops to get a number off you. That number has been used by law makers and such that anything above a number is instant DWI, anything between some numbers is up to the cop, and anything below a certain number the cops just let you go because they know that they it's too low to make get through a court.
That's what this person wants. A black box that any idiot cop can use on a computer and return a score that they can use like a blood alcohol level. That magic number would be used in jury trials and what not instead of showing you know the actual evidence that they are required to produce now. Jury this guy has a computer with a .10 porn level, .02 child porn level, .01 drug level, .01 credit card fraud level, .02 hacking index, .3 pirated software level, and .5 unlicensed media content level.
It's to reduce things down to a few numbers produced by a tool that the defendant can't argue with.
Re:Right (Score:4, Insightful)
Since this is the UK you will hand over your encryption keys [linuxworld.com.au], have a nice day.
Re:So they want GOV spyware? (Score:5, Insightful)
The cops can and will search and bust you with a reasonable suspicion / in plain sight excuse SO easily. Yes, in the USA.
Do you really think that such a tool, if created, would not be spyware?
Spyware has no particular meaning. Malware, Adware, Spyware, Greyware, Foistware, Crapware, Bloatware, etc. have all been coined in a feeble attempt to classify and categorize programs. There is no official designation or definition.
The term is a merging of the word "spy" and the word "software". Literally, spyware is software that spies. What is spying? Spying is looking for and collecting information, often secretly.
Do you honestly believe that, if such a tool were created, the police would have you a report of what information was obtained, and what information was looked for?
Do you believe that there won't be cases where they use the tool on your computers and simply don't tell you?
Do you believe that such a tool, if implemented, would respect your rights and remove all traces of itself from your machine?
You jumped at the chance to shoot someone down and farm some karma by accusing them of not reading the summary.
In doing so, you missed the point of the post entirely (that people will still need to look at the data).
I called you out on it.
You got pedantic, saying the problem with the original post was the use of the term "spyware".
I'm calling you out again.
Re:Right (Score:4, Insightful)
Yeah, or they want remote access:
"McMurdie also discussed the possibility of setting up a "central forensic server", where digital forensic experts from across the UK could log in and analyse whatever systems were plugged into it."
Wow, are police in the UK really that dumb? They either want a magic wand that tells you if a computer has "illegal" content on it, or they want what has already existed since before the internet?
Re:So they want GOV spyware? (Score:5, Insightful)
Let me get this straight. McMurdie is basically saying, We need a pervasive technology solution to compensate for the fact that I have the wrong and/or incompetent personnel.
Yea....
Re:Right (Score:3, Insightful)
Sadly, yes (Score:4, Insightful)
A lot of "common sense" powers have had to be denied to police, because they've proven themselves incapable of not abusing them. Every counter-intuitive restriction placed on government officials can be traced to an incident of abuse so horrific, that society opted to "tie the hands" of everyone rather than entrust anyone with that power any longer. Really, it takes quite a lot for anyone in government to advocate a limit on governmental powers.
Re:Right (Score:3, Insightful)
Automated methods for finding hidden partitions could mean checking the bios report on the device against it's partitioned size, or just looking for large binary files that don't have known signatures.
FOREACH [file] in device
IF [file].size>MAX_SIZE && !hasKnownSignature([file])
ARREST_FOR_THOUGHTCRIME('Zekespeak')
IF isImage([file]) && fleshTones([file])>5.0
flagForAnalysis([file])
END FOREACH
Re:"Reasonable suspicion" (Score:4, Insightful)
What you say is true, HOWEVER, the GPs post is on point.
On Law & Order, they call it the "Plain View Exception".
Apparently it exists IRL too: http://www.policelink.com/training/articles/2043-plain-view-doctrine- [policelink.com]
Sad But True (Score:3, Insightful)
The odds of an older IE install not having downloaded something illegal under British law are slimmer than the odds of a U.S banknote not having minute traces of cocaine. Theoretically possible, highly improbably, and great for the police to abuse.
Re:So they want GOV spyware? (Score:2, Insightful)
Currently all analysis of computers must be done by computer forensic specialists, who are relatively expensive and limited in number.
There are tons of people out there that could do this work, the problem is that the computer crime labs are run by police bureaucracies that use the good ole boy system of advancement. Rather than hiring computer specialists and training them what little they would need to know about police work, they take police officers who have put in their time on highway patrol and spend huge amounts of money for computer forensics training.
Virtually any computer science grad could be trained to do computer forensics in *weeks*. The problem is that you will never recruit a computer science grad when you tell them that they will have to put two years in the highway patrol before they can even *think* about applying to transfer to the computer crime unit. And then there is the issue that the computer crime unit spends 90+% of its time investigating child porn, and quite frankly, who the *hell* wants to do that?
All this info is from the state where I live. I imagine its the same other places, but hopefully it's not, lol.
Re:Right (Score:3, Insightful)
Except we want cops to catch people with illegal drugs etc..
Why? What difference does it make if someone uses "legal" or "illegal" drugs?
Re:So they want GOV spyware? (Score:3, Insightful)
It's nothing like a breathalyser. A breathalyser detects one specific chemical compound in exhaled air and estimates the concentration of it in the blood.
What will this thing do, put up a progress bar with "Scanning for evidence of wrongdoing..."? It's just too generic and vaguer a target for it to work. Except on TV.
Re:Outlaw encryption (Score:3, Insightful)
What happens if you "forget" the key? Like this: "Your honour, I once experimented with encryption, but could not understand how it worked. The files must be leftovers of that installation. I never used them and they must be empty." How can they prove you are lying, short of breaking the encryption and finding the evidence?
You'll like this. They assume you're lying. Guilty until proven innocent.
It's a complete travesty of justice, and was highlighted by the comedian/activist Mark Thomas when it first became law. He had this idea that people should get illegal porn, encrypt it, send it to Jack Straw M.P. (one of the architects of the law, I believe) and then report him to the police, that he had illegal porn in his possession. The M.P. of course would not know the password of any encrypted data in his possession, and might then realise the stupidity of the law.
Didn't work. The law stands.