| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun Sep 4 15:51:13 2005 From: chromazine at sbcglobal.net (Steve Kudlak) Subject: RE: Computer forensics to uncover illegalinternet use Chuck Fullerton wrote: > All, > > I do find this like of discussion very interesting. However, there > has been so much discussion that it's getting difficult to folllow. > Therefore, I'd like to make the following recommendation for future posts. > > 1. Minimize the text you to which you are replying to the pertinent info. > 2. Everyone use the same method of replying.. (i.e. inline, top or > bottom) I don't care which but it's really getting tough to follow. > 3. Keep the discussion going as I'm really getting alot out of this. ;-) > > Sincerely, > > Chuck Fullerton > > It is a pretty complex issue due to the questions raised. I'll try to clip things a bit. It was hard to look at it in a simple manner because it involves several interelated ares I tried to break it into the main issues. Perhaps I should have tried to spell out my points a little more clearly. But it gets down to the whole meat of all sorts of legal things, like the questions of knowingfully and willfully doing something proscribed. The attempts to seperate this from just overlooking of something or the concerns of privacy. The interesting thing for me was when someone brought up the concept of "virtual children" as that was actually legally looked into. What I think would be really edifying is what things are like in other legal systems such as the EU systems and world courts. I say this because one of the big uses of electronic evidence in prosecutions has been with the federal courts attempts to prosecute sex tourists and the not quite underground in that area. By that I mean one can buy the "Have Sex Fun in Asia" books on the secondary open market. My suspicion is there is convert attempt to push things into a more interventionist stance in the hopes that things might be discovered. The problem I see in states with extensive privacy like California is how much one can go through a user's files without their leave. As far as I can tell there has been no real legal precedent and prosecution on the ideas of that say sysadmins are overlooking something. The really insteresting issue is whether the beginning of thread question behavior was highly illegal because it involved destruction of potential evidence. That means it would have to be pretty egregiously say "child porn" and not just say soi disant 18 year olds who weren't. Curious that the 18 as age of adulthood allows two precious years for porn folks to say "Hot Teens" etc. and still be on the safe side. Now the other interesting thing and I am worrying I am making it more complicated than it should be is the hope by some prosecutors that the US would sign treaties the US might have to at least try to obey that would accomplish what they want without getting it passed or having legal precedent in the US. Note MI-6 tried this in reverse about another issue and it died a quiet death. There is a site on the net run by a certain architect and he has been a thorn in the side of MI-5 and MI-6 and "Gardie" (sorry can'r remember real spelling) in Ireland(North and South). Due to the strong First Amendment in the US it has been impossible to block publishing in the US and on the Internet of this information which actually involved pictures of Northern Ireland's Internal Police Folks that work in terrorism supression. They were hoping a treaty would allow them to get at the US publishers and that failed. Overall my suspicion is that overall this end-run technique will fail in general. It is interesting because the failure of the Michael Jackson prosecution pretty much left the Federal Prosecutors as the lone rangers who seldom fail at these various sex crimes prosecutions. It would be their ability to win consistently and get people declared accesories that would change things. I don't think that ios going to happen. Note I won't extend this because it is already longer and more convoluted than I intended it. I am going to kind of shut up now because this is sort of the state of knowledge and practice as I am aware of it. Again if someone knows about these things in other legal systems or has any insights into the attempts to stop people using encryption I would like to hear it. Have Fun, Sends Steve P.S. If anyone finds interesting cases or precedents I would like to hear of them. All that stuff of knowing the cases that set precedent like one knows good novels one has read or movies one has watched that made a tatement has finally began to sink in. It took a long time and a lot of reading but I now know why they quoted things involving Youngstown Tool and Die cases in Constitution Rights cases.;) Have Fun, Sends Steve P.S. Note I have bcc'd many recipients in case they aren't on the list and trying to keep the email to have get moderator approval... > ------------------------------------------------------------------------ > *From:* full-disclosure-bounces@...ts.grok.org.uk > [mailto:full-disclosure-bounces@...ts.grok.org.uk] *On Behalf Of > *Steve Kudlak > *Sent:* Sunday, September 04, 2005 1:45 AM > *To:* dave kleiman > *Cc:* 'Craig, Tobin (OIG)'; echow@...eotron.ca; 'Sadler,Connie'; > jbeauford@...htInOnePet.com; 'Full-Disclosure'; > security-basics@...urityfocus.com > *Subject:* Re: [Full-disclosure] RE: Computer forensics to uncover > illegalinternet use > > dave kleiman wrote: > >>Steve, >> >>Inline.. >> >> >> >>>Hate to play alwyer here but doesn't all of this get shot down by 3rd >>>Circuit Federal Court of Appeals decisions regarding the FBI's >>>Innocent Images project? It basicly shot down the concept of "you >>>clicked on a chold porn link therefore you're guilty." >>> >>> >> >>Well that applies to when it is determined that it was innocent. This could >>be via pop-up, trojan, or maleware of some kind. >> >> >> >> >> >>>This is all enshired in Federal >>>Cases. No one must admit that a good prosecutor can indioct a ham >>>sandwich and all that. But overall that doesn't happen. >>>Now Federal Prosecutors and Investigations staffs are very good at >>>sort of getting warrants and raiding someone's house or business and >>>going thru everything. But if the person doesn't scare and cop to >>>something they never did, then federal prosecutors generally have to >>>back off in cases where it is just things accumulating on disks etc. >>> >>> >> >>Well they do not usually prosecute ham sandwiches, BLT's maybe. >> >>I love how everyone is quick to say things just magically accumulated on >>their H/D. However, they tend not back of when a file structure is found >>with hundreds of images, often burned to CD's. >> >> >> >>>Futhermore in >>>states with a high privacy expectation like California there is a good >>>reason to say "We don't go through our customers data looking for >>>things out of the ordinary". One might argue it to be different it >>>were one's employees. However if you are offering a primo privacy >>>service then you can legitimately scrub disks as a part of the biz >>>plan. >>> >>> >> >>Well that may be, of course you missed the beginning of these threads, where >>Mr. Combs suggested after discovering contraband on and employees H/D, to >>make a copy of it take the copy to the companies attorney. Wipe the original >>and "best course of action is to purposefully falsify the record of the >>company's response to the incident" >> >>The full threads can be read here: >> >>http://seclists.org/lists/security-basics/2005/Sep/subject.html >>http://seclists.org/lists/security-basics/2005/Aug/subject.html >> >> >> >> >>>Much of Law Enforcement and theiir Public Providers of services >>>depends on scaring people and businesses into good behavior when it is >>>neither necessary or ethical. My suspicion is that one can ignore this >>>tactic if one wishes as one is reasonably careful.. I am sure that >>>people will be offereing "Computer Forensics Services" to find the >>>scary things on your compnys disks for $500 a pop but no good reason >>>one has to engage in such silliness. >>> >>> >> >> >>Yes that crazy scaring people into good behavior....... Oh wait that is >>right only reasonably prudent people follow the law, criminals tend to not >>care if there is law against something, they are not scared into not >>committing crimes, that is why they are criminals. >> >>Kind of like the lawlessness that is occurring in the situation you >>mentioned below. Some people would say that the devastation has turned >>these people into criminals. Although, the reality is the people committing >>the crimes are the same ones that were committing them before the >>devastation. >> >> >> >>>Excuse my flipness. I just got through friends caught up in this call >>>people stranded and alone by the hurricane in the SOuthland and all >>>these other things do ring silly right now. >>> >>> >>> >> >>Regards, >> >>Dave >> >> >> >> >> > For a long time I sysop'd an open system, I dunno how much time I > ended up deleteing "girl with vaccum cleaner" pictures. This is > getting weirder and weirder because with photoshop people can create > things that do not exist in real reality. Of course you have really > funny things like this one image that was from Japanese advertizing. > They had a 10 year girl with this incredibly large pretty phallic > looking squirt gun which she was squirting with a look of bliss on her > face. It was pretty funny. It was funny how when showed this image it > became a "cynicism filter". People would divide into the group that > thought this was completely enmgineerd from the get-go and those who > thought it was just some werid thing that came out and no one noticed > it, or that it was the product of the fact that much of Japanese > Culture doesn't quite go looking for all possible suggestive > variants. It really became a filter. > > Now my suspicion about people in the US Southland is that it is a bit > of opppurtunism in the face of despair and the feeling that "whitey > has been shitting on us for centuries". Me being on the North > American West Coast doesn't notice that because there were no slave > quarters and slave markets in California, Washington, Oregon, British > Columbia and we are apt to think a "quadroon" is a small gold coin > that would be nice to find in one's progentitors coin collection. I > don't think it is because there is just a massive criminal element > hidden from us. Now some of the behavior sounded like what I found in > my tenure at a small residential hotel. From the last week of the > month to the first week of the next month a number of curious items > would end up for sale. It was always curious to imagine where these > items came from, some were legitimatgely obtained, others probably > not. There was always an argument among the low rent district types > that universally almost always aligned as "crazy white guys accusing > mexicans of shop lifting and reselling, whereas many of the items they > had could be seen as coming from equally questionable sources. > > Now if one talks to Federal Proscutors they will tell you that they > feel comfortable with their "Vacuum Cleaner" approach. They feel if > they do go and get everyone questionables stuff and go through it, > then one will be able to determine how many folks had thing > accumulating on their disk and how many actively collected it etc. Now > interestingly with the Third Circuit's Decision which is close to rock > solid at this point in precdent, people like journalists would sort of > get wide descretion especially if they were working on stories and > doing investigations etc. > > Two other things come in here. In both the US Ninth Circuit and Upper > Level Courts of British Columbia it has been held that one can not > commit crimes against "virtual children" or "animated descriptions of > children etc". This means the general belief in liberal democracies > that "thought crimes" are questionable is beginning to be enshired in > code and precedent. I am pretty sure this is well embedded in North > American Culture and is apt not to go away even with the idea, darfe I > say spectre two very conservative reversalist judges on the Supreme > Court. Note I have not had time to study how things work in the EU or > even Australia. > > Now technoculturally want this may eventually provoke is the use of > high grade encryption by more people. Right now I know even artists > who hqave become more technologically saavy and who encrypt things > even when legal code is on their side overall. In the 1970s and 1980s > there were a number of legal razzlements of artists who used their > children as nude models no matter how innocent. This went too far and > eventaully what got established is the concept that "simple nudity is > not obscene". It is interesting because artists are not usually seen > as users or consumers of secuiity products and things like encryption. > > Anyway this is all very interesting and we do live in interesting > times. So it will be interesting to see how this will go and whether > the bizness idea of trying to safe from all possible wrongdoing or > perceived wrongdoing will win out overall. I know lots of vendors and > security consultants have been hoping that "porn protection" would > turn into a lucerative field but so far it doesn't compare to virus > and malware protection. > > Interestingly in artist circles the whole imaging thing has turned > into "sousveillence" and artists have been having way too much fun > turning the cameras back on the people who usually use them. It is > interesting that people like Sudo Chiles House who was one of the > first people to install a "cam" which in her case was a 35mm camera > that took pictures regularly of her bedroom is all buit forgotten in > the modern installatiion of cams in various public and private spaces. > Note the UK and places in Florida have been very much into the "you > are being watched" theory of crime control. I also have heard tales > of "spy camera destroyers" who have been running around spray > painting cameras but I think that is not widespread at this point. > Hmmm, indeed these are interesting times. whether it is a blessing or > a curse is an open question. > > Have Fun, > Sends Steve > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050904/240da79d/attachment.html
Powered by blists - more mailing lists