UK Police Want Plug-In Computer Crime Detectors

An anonymous reader writes "UK police are talking to private companies about using plug-in USB devices that can scour the hard drive of any device they are attached to, searching for evidence of illegal activity. The UK's Association of Chief Police Officers is considering using commercial devices that can perform targeted searches of text, pictures and computer code on hard drives, allowing untrained cops to detect anything from correspondence on stolen goods to child pornography. Police in the UK are desperate for a way of slashing the backlog of machines seized by the police in raids, with many forces having a backlog that will take a year to process." Maybe they shouldn't seize so many computers.

Should be easy in the UK.

[BitterOak]

This should be easy to accomplish in the UK where citizens are required by law to turn over all their encryption keys or face jail time. It would be harder to make it work in the US, where people can use encryption. I suppose the Brits could employ TrueCrypt hidden volumes to keep their stuff private.

Great...

[Chabo]

Now instead of having trained forensic experts, we'll have common beat cops searching your computer.

Attorney: How do you know he had illegal material on his computer?
Officer: I pushed the button, and the computer told me to arrest him.

Hmm

[Co0Ps]

I think the UK Police got this idea while watching CSI.

If voting machines are anything to go by....

[MasseKid]

Then there will be no problems with this technology!

Re:Encryption=suspicious?

[SatanicPuppy]

That whole "innocent until proven guilty" thing is something that the Founding Fathers felt strongly about...having lived in England.

Re:A year?

[Idiot with a gun]

Then the cops wouldn't pick up any computers at all, which would be silly. I'd rather see compensation come out of the police budget if computers aren't turned over in a reasonable amount of time, similar to how US citizens technically have the right to a "a speedy and public trial, by an impartial jury."

Umm, these devices are security risks people...

[KreAture]

Why has noone pointed out that these devices are using security holes to gain access and that these holes are being or should be blocked on most OS'es. It's probably just a matter of time before they will need a different ploy anyways.

A simple web-search turns up a tonn of comercial solutions already.
Many companys already require usb security suits to be installed on all company computers.

In the meantime disabeling drivers and locking down the policys required to re-enable (in windows that is) might be one way.

How desperate are they?

[fluch]

"...allowing untrained cops to detect anything from correspondence on stolen goods to child pornography. Police in the UK are desperate for a way of slashing the backlog of machines seized by the police in raids..."

How about investing more into proper trained cops? How about better education? That might help a bit... together with "Maybe they shouldn't seize so many computers".

Re:Inspired!

[Idiot with a gun]

Its an unfortunate situation when cops are more afraid of not seizing a machine carrying illicit material, than they are afraid of seizing hundreds or thousands of machines containing nothing illegal, and taking forever to return them.

Re:Perfectly Legitimate

[MozeeToby]

Who ever said that this technology was going to replace the officers doing the work right now? I could definately imagine a system where low profile cases are automatically checked with this software and if anything is found it is flagged for review by an expert. High profile cases would, obviously, always be investigated by someone who knew what they were doing.

Re:Great...

[commodore64_love]

Attorney: Yeah I have chubby porn. It's not illegal or a crime. Are you in the habit of arresting citizens for violating non-existent laws?
Officer: ...uh...
Attorney: Your case history indicates you make many false arrests. Like this one: Arresting an elderly woman because she refused to let you enter her house. What have you to say to that?
Officer: She refused to comply with our request to enter.
Attorney: Ahhh you REQUEST to enter... so you didn't actually have a warrant..
Officer: ...uh...
Attorney: But you decides to arrest her anyway. Wasn't she later freed?
Officer: Yes but...
Attorney: And here's another case where you broke into the wrong house and damaged the door.
Officer: It was an accident.
Attorney: Yes but you never replaced the door, forcing the innocent person to spend $500 in repairs. You have a long, long history of abuse against the residents...
Officer: Now see here!
Attorney: ...and have been reprimanded multiple times by your superiors. Could it be you searched my client's computer without provocation?
Officer: I had a warrant.
Attorney: An *invalid* warrant. It's not signed by a judge, you never swore an oath, you just photocopied it and filled-in the details yourself. Isn't that true?
Officer: No!
Attorney: Remember you're under oath Officer Chiklas. This is clearly your handwriting, is it not?
Officer: .......
Attorney: Well?
Officer: Yes.
Attorney: Your eminence, I submit that this was an illegal search and seizure without a warrant and all evidence should be dismissed.

Re:Should be easy in the UK.

[geekgirlandrea]

Considering that the product in question involves booting the system from a 'forensically sound' operating system on CD (I guess someone hasn't thought too much about the prospects for a virtualization-based rootkit hidden in the BIOS...), it's a safe bet TrueCrypt volumes won't be mounted.

Re:and the companion product....

[twidarkling]

RTFS, says specifically "USB." And you know why? Simple. Netbooks. No CD drive. If they only used CDs, then any netbook would be immune, unless an external CD drive was hooked up, and since the point is to make it easy for untrained cops, that's not gonna work.

Either way, it's a massively stupid project on their part, and anyone with 20 minutes and a drive to not go to prison can find a way around it.

Re:Inspired!

[Dunbal]

and taking forever to return them.

      Who said anything about returning them?

Hello, United Kingdom?

[Chris Tucker]

You are all now living in The Village.

You have a choice.

You can be numbers, or you can be free men and women.

The choice is yours.

Choose wisely.

Re:Great...

[Chabo]

Not to mention that if you've published copyrighted material, they might get a false positive, indicating that you're infringing against yourself! ;)

Re:A year?

[Bert64]

That's the fault of the police for not keeping the evidence secure. You can't expect the suspects to be punished because they could well be innocent, after all there is no proof to the contrary.

Re:Should be easy in the UK.

[shadowknot]

This is fine in theory but the policy of seizure is generally a yank the power, bag it up and send it to the sweaty geeks (us). So even if the TrueCrypt volume is mounted when seized it will be a big old pile of meaningless binary junk once the pro's get their hands on it! Most of the time I have seen TC installed on a suspect's machine (maybe twice to be honest) I have found the passphrase in a handy text file (normaly named passwords.txt or secrets.doc)!

Re:Should be easy in the UK.

[Joce640k]

Being realistic, most criminals aren't that sophisticated...

Very easy to do...

[Anonymous Coward]

...all it takes is to load up some FM onto the USB device.

*FM = "Fucking Magic"

Problem...

[denzacar]

How about investing more into proper trained cops? How about better education?

Cops receiving official training as computer forensics are no longer simple beat cops - they are computer forensics experts and they should be treated and paid as such.
So, besides their police training they would probably require something equivalent to a BA/BS.

And even if there was enough time and money to educate and pay them later - system needs its beat cops too. Not just highly trained computer forensics.

What they would like to have is a "breathalyser-style tool for computers that could instantly flag up illegal activity on any PC it's attached to".
Which is delusional, even when you limit it to "a simple tool to preview on site and identify there's that one email [they] are looking for [so they] can then use that and interview the person now, rather then waiting six to 12 months for the evidence to come back" in cases such as "credit card fraud or selling stolen goods online".

Re:Inspired!

[Anonymous Coward]

You're missing the point of seizures... or at least one possible point. In a significant number of cases, they're actually not carried out because of a strict need but rather to harass.

This can be on many levels, too. Maybe it's just the low-level plod on a power trip that thinks he's gonna stick it to you for being a toffee-nosed git; maybe it's some higher-up that wants to get you into trouble (for your political views or actions, perhaps).

Re:Just one thing to say:

[ion.simon.c]

The point is, if an adversary knows that you have a TrueCrypt Hidden OS, then it's no more secure than a plain old TrueCrypt-encrypted partition.

Aye. But if your adversary *really* *strongly* *believes* that you have a TrueCrypt Hidden OS where one does not actually exist, they're gonna wander off on a very expensive and time consuming snipe hunt.

Re:Perfectly Legitimate

[John Hasler]

Most people would hand over the laptop because they believe they must obey the police. Handing over the computer would be construed as giving permission for the search so no warrant would be required.

Re:What about "extreeeeme" pr0n?

[rtb61]

Now if you are going to get down to the nitty gritty, how about reading the warranty 'er' end used licence agreement on the windows operating system. You know the bit, where it says that they do not warrant the operating system is free of viruses (illegal content) when they sell it to you. Now the law wants to make every person 100% legally responsible for all the content on a computer when the operating system supplier will emphatically not take any responsibility for the security, stability or reliability for that software when thy initially supply it to the consumer.

As it stands now, just the contents of a hard disk drive should never ever be considered the sole defining evidence of a persons innocence or guilt for any crime because only the most competent computer security experts are capable of keeping a computer secure and safe when connected to the internet and they must make continued efforts to keep it that way. So the law and the courts are turning a blind eye to the reality of the situation.

How many computer geeks out there actually believe that the typical computer using noob should be held legally liable for the activity of their computer, so when it is used in a botnet to commit credit card fraud should that family spend the next five years in jail for the crime they have committed for which they must now prove innocence. You can't even claim that there was no evidence of a virus, as the operating system warranty itself states that they may exist (benefit of the doubt) and of course a smart criminal will clean up any evidence that leads to them after using someone else's device in a major crime.

So the police hook up a device based upon using a operating system that does not warrant that it is free of viruses, to a suspects PC, and claim that the device is now free of viruses when the manufacturer directly refutes that claim, so the police will try to claim they did not infect the suspects machine and put the illegal content on that computer. A a very minimum I would hope they use publicly audited software, open source and not closed source proprietary software that the manufacturer believes already contains viruses as per their warranty and that includes the whole and complete evidence chain.