Sunday, February 26, 2006

Personal computers

Orin Kerr at the Volokh Conspiracy discusses the utility of personal computer seizures versus network surveillance as a law enforcement tool.

Personal computer searches will maintain their critical importance in computer crime cases for two very practical reasons. First, no matter how much people store information remotely as a general matter, they tend to keep evidence of crime and digital contraband close to home. Second, it is quite difficult for the government to prove a case beyond a reasonable doubt based solely on evidence obtained from a network. You never know who had acccess to the network, or when, or whether the account was hacked or stolen. As a result, nearly every computer crime case ends with a retrieval and search of the suspect's personal computer(s). Finding evidence of the crime on the suspect's personal computer is damning evidence, quite persuasive to a jury. As a result, even if lots of the action happens at the network surveillance level, most investigations still end up with a personal computer search.


This controversy goes to the very heart of the notion of what constitutes a persons computer. Mr. Kerr might be right when he says that most people keep "digital contraband" close to home, but I suspect that for a growing number of people, their information stores are scattered over physical computing resources whose actual location they have no idea of. Consider a person who has one or more web e-mail accounts. That person's computer effectively uses a remote mail server as data storage. Consider this blog. The majority of a person's intellectual property may actually be stored on a remote server owned by the Google corporation.

In the extreme case, consider a person whose operates exclusively from coin-operated Internet machines or Internet cafes to transact his business. It's perfectly possible to do this, provided one is willing to take the risk that passwords may be captured by spyware on the client machine. Where is his computer? But on the other hand, if the network is to be considered a virtual computer, all kinds of Fourth Amendment problems associated with a "vacuum cleaner" approach to surveillance will be encountered.


Blogger Unknown said...

We all use aliases when interacting with another. Be it through a digital network or through one-to-one personal contact, one can never be sure who one is really dealing with. But one can certainly eliminate unwanted aliases.

That's what Holocaust Denial Laws are all about. (Yes Doug, HDL cholesterol is the good kind).

2/26/2006 09:42:00 AM  
Blogger Unknown said...


2/26/2006 09:45:00 AM  
Blogger Doug said...

"the good kind"
...promoted by good beer.
"In the extreme case, consider a person whose operates exclusively from coin-operated Internet machines or Internet cafes to transact his business. It's perfectly possible to do this, provided one is willing to take the risk that passwords may be captured by spyware on the client machine. Where is his computer?"
What about a computer w/no hard drive?
If data was kept in Ram rather than Flash, couldn't one just turn off the computer after use and be clean?

2/26/2006 09:58:00 AM  
Blogger Doug said...

Tony, or anyone,
re Google Desktop Search:
I indexed my hard drive, and images and web pages all seem to be accessible, but old rtf and doc files are not found unless freshly saved.
What's up with that?

2/26/2006 10:03:00 AM  
Blogger Unknown said...

...promoted by good beer.

Let's put the Klan on campus. Hiding behind the guise of academia, doesn't mean the message is academic.

2/26/2006 10:10:00 AM  
Blogger ed said...


Very small and highly portable flash-based thumb drives. Or they can use their iPod as a portable storage unit.

It would be extremely trivial to convert highly sensitive files into a binary format suitable for storage on an iPod. It would just as easy to merge this binary data with other more common binary formats such as music, image or video files.

If you've got an iPod with 4,000 songs on it and only 15 have sensitive data merged with them, then it would be almost impossible for most law enforcement agencies to either find or crack those files and retrieve that sensitive data.

Once the data is merged into a common format binary file then it would be simplicity to upload that file to internet based open storage sites that usually host music or image files. The resulting "song" file may suck to listen to but there's a lot of bad music out there anyways so it would get lost in the noise.

2/26/2006 10:14:00 AM  
Blogger Unknown said...

Very good point Ed. That's where warez is heading. Actually that's where it's at already. Encrypt, put a false file extension, rename, and upload to a temporary storage solution.

2/26/2006 10:20:00 AM  
Blogger Doug said...

Is it possible that people that listen to that kind of music might get the message, since all other coherent thought has already been filtered out?

2/26/2006 10:47:00 AM  
Blogger Doug said...

With a small Flash Drive, one could keep it on his person at all times w/a little battery powered electromagnetic mass eraser!
Kind of like the panic button in a bank.

2/26/2006 10:50:00 AM  
Blogger Doug said...

Is "HDL" the Hamas Defense League?

2/26/2006 10:52:00 AM  
Blogger Doug said...

You call that good?

2/26/2006 10:52:00 AM  
Blogger rasqual said...

Well here's an interested conundrum. The concern for proof is that anything "on a network" is likely to be held in doubt by a jury. But if the person's "own computer" is also "on a network," then why would that be any less doubtful?

I suspect juries are confounding notions of personal property -- "it's on 'his' computer" -- with questions of access. Determinations about "what is known about the limits and range of who could have accessed something" are what they are, regardless of ownership or even possession.

Frankly, I'd be more worried about physical access. There's a point at which notions of proof have to acknowledge common sense. If I'm prosecuting a two-bit pornographer, there are ways of defeating network security which would require genuine conspiracies among many vendors. How likely is that, in this, or that, instance?

It all boils down to reasonable doubt, and the rub just there is "reason." Some juries are insane.

2/26/2006 12:20:00 PM  
Blogger Unknown said...

Doug: You call that good?

I'll wait to the day of the Sabbath to decide. In the mean time, I'm flushing out the memory on my iPod nano.

2/26/2006 12:51:00 PM  
Blogger Doug said...

I knew who you were all along, but I never guessed the price was two-bits.
That bytes.

2/26/2006 01:38:00 PM  
Blogger Arthur Dent said...

Cryptainer is a program I've been VERY happy with.


I can make easy to use password protected vaults, up to several GIGS in size, on my laptop HDD. Windows treats the file as if it is a removable drive. I can easily back up on DVD if needed.

2/26/2006 02:26:00 PM  
Blogger Fat Man said...

Why would anybody think that information he leaves on Google's servers is private? Check the ads they feed you on the right side of the screen. Its not private. If you want to keep something private, don't store it on Google. Is that too difficult to deal with?

If you want to keep something secret, the first thing you must do is to not tell anybody.

2/26/2006 04:02:00 PM  
Blogger Unknown said...

There's a Spider
Or so it seems
Incessantly weaving
Such gossamer schemes
As should make one wonder
What blueprint within
Instinctively causes
The spider to spin

Spiders do
What they do
In spidery nets
Intrinsic insiders
Who cover all bets
With polymer silver
They gossamer spin
Wait, wait, wait
For dinner
It soon may drop in

2/26/2006 04:30:00 PM  
Blogger Bob Smith said...

Arthur Dent - thanks for the encryption link to cypherix. Very free and very cool. Technology rules while we waste so much hand-holding on dysfunctional societies.

2/26/2006 04:53:00 PM  
Blogger RWE said...

At the Pentagon we used removable hard drives in order to enable us to lock up the computer data at night in a safe. The drives had everything in the computer, including the operating system, in order to make sure that all data was locked up.
Have not seen a computer set up that way since I left the 5 Sided Ft Fumble, but I am sure you could still get one like that if desired. On one hand you could take it with you and secure it in some way - on the other, if caught with it you would have little or no plausible deniability.

The other thing we worried about was TEMPEST - the ability to read emissions from a computer. To prevent such RF leaks, the computers were built as if they were WWII battleship radio sets. Turns out they found it was not as easy to read computers in the building as they had feared, - being next to an airport helped a lot - but no doubt the standard commercial PCs today are veritable broadcast stations that could be picked up by surveillance equipment. I assume that would be illegal with a court order, just like wiretapping - but since you are broadcasting with your PC, maybe not.

2/26/2006 04:56:00 PM  
Blogger Arthur Dent said...

Mika, very good poem.

Many people do not know that ticks are a type of spider that feed on warm blooded creatures.

Once engorged, the nymph drops off its host into the leaf litter and molts into an adult. These adults actively seek new hosts....

Sounds like Pan Islam?

2/26/2006 04:57:00 PM  
Blogger Unknown said...


I loosely transcribed it from audio. The author is Ken Nordine. Cont..

How lovely
The glint of the sun
Is gracing with highlight
The web being span
Dear God
Of all Spiders
Hear this small prayer
Is Spidery Heaven
One infinite snare
Will there be gravity
So food will fall by
Have you ever tasted
A goo bottled Fly
Never had Scorpion
Do they have a God
Ticks you might fancy
But the flavor is odd
I wonder if Spiders
Would like eating Mite
Those juicy small Monsters
That louse up the night
Spider might like mites
And get used to the taste
Spiders will do what they must
It's the spidery way

2/26/2006 05:29:00 PM  
Blogger ed said...


1. Encrypt, put a false file extension, rename, and upload to a temporary storage solution.

Actually that's not what I'm saying. What I'm saying is that you can merge sensitive encrypted data with a valid image, music or video file and end up with something that would act like a normal file of that type. Additionally the decryption key could itself be encoded into the same file at a predetermined point. I.e. the decryption key is 256 bytes long and starts at offset byte 4096.

It would be extremely difficult for people to crack that system as the inclusion of the decryption key into the datastream interrupts the flow of the encryption. In effect the presence of the decryption key acts as a randomiser that will cause problems for anyone trying to crack the encryption.

2/26/2006 06:23:00 PM  
Blogger Unknown said...


I'm not a software engineer, but wouldn't the extra (encrypted) bytes be easy to separate from the legitimate content?

2/26/2006 06:47:00 PM  
Blogger Unknown said...


Sorry for the misunderstanding. I was just commenting on what is already happening in the warez world. Encrypt, put a false file extension on, rename, and upload to some temporary storage like RapidShare, where files are kept for 30 days and then erased.

2/26/2006 06:52:00 PM  
Blogger Unknown said...

For web anonymity you can use an onion routing network.

2/26/2006 08:30:00 PM  
Blogger Unknown said...

Of course, the best way to safeguard yourself from the Feds, is to enroll in a Terrorism course at Yale University. Like this guy.

2/26/2006 08:47:00 PM  
Blogger Annoy Mouse said...

The best policies are to have no secrets. With government prerogative in the control of networks, the people you’d hope to keep your secrets from are the first ones to have a peek at your activities. This whole NSA spying case is a load of sh!t. They can drill into any thing that peeks their interest. In recent years, identity theft has become the most prolific crime. On the internet, someone can commit crimes in your name. It is easy to get an anonymous account and run it through a proxy server. But one can never be quite sure who might be skulking around your data. PGP can do wonders to change that. In the end, it is hard to know what information is secure and what has been compromised.

2/26/2006 09:02:00 PM  
Blogger Unknown said...

And you just know, that fellow Doug is a Fed. Always tries to put you in a compromised position. He and his coconut dancers.

2/26/2006 09:14:00 PM  
Blogger Cowgirl said...

I can't imagine there is anything more sensitive on my computer or thumb drives than my tax return, which information the Feds already have, so that's basically already in the public arena.

If the Feds want to read my genealogy database, or look at my family's photographs, well.... knock yourself out!

2/27/2006 04:57:00 AM  
Blogger Unknown said...

I first posted this on 25th Feb 2006 in a couple of blogsites and I maintain the declaaration of Emergency Rule was unjustified.

The State of Emergency apparently was declared on the basis of a foiled coup d'état.

If that's the case, then Palace spin that they foiled a coup d'état was preposterous and technically wrong! In military legal parlance, the act or acts by by BGen Danilo Lim does not fall under the military crime of coup d'état, least of all by government spin of COUP D'TAT FOILED!

By tradition, a coup d'état is the violent overthrow of the government launched by the military but which could be aided and abetted by civilian components of the Republic. To say that they foiled a coup d'etat means that a VIOLENT overthrow had been initiated by the military or a component of the military.

Contrary to Palace spin and innuendoes, BGen Danilo Lim, when he approached CSAFP Senga to persuade him to withdraw his support was technically espousing mutiny and not a coup d'état in the same manner when Gloria and her husband had persuaded Gen Angie Reyes to commit mutiny by withdrawing their support for the Erap government.

That the mutiny might have later on generated into a coup d'état is another matter but at the time Lim was arrested, technically, the act being committed by Lim was inciting to mutiny and not a coup d'état.

Palace spin therefor that they FOILED A COUP D'ETAT is absolute nonsense! There was no physical evidence that Lim had launched a violent assault on Gloria's government so, how could they foil something that had not even started?

That there may be grounds to believe that a coup d'état might have been launched by Lim remains to be seen - Gloria's government and her spin masters have to prove that Lim had sequestered military logistics and ammos for the purpose of a violent overthrow. Until then, the only real case here is that Gloria overreacted because a general had tried to incite his superior to commit mutiny.

Now on a real coup d'état board: Oakwood was a FOILED coup d'état. It had all the elements of a planned violent overthrow of the Republic, yet they were only charged with mutiny.

Incidentally, two of the most well-known proponents of a coup d'état was Gloria and her husband when they encouraged and gave firm backing to a military general to launch the violent overthrow of the Erap government.

It was Gloria's favorite general BGen Espinoza, former Marines chief and the supplier of the infamous Marines' helmets (that got Admiral Wong, former FOIC later into trouble with the Marines for denouncing the Espinoza helmets) who would have led a violent coup d'état against Erap had Angie Reyes not been able to persuade Major Service Commaders to agree to withdraw support.

2/27/2006 08:17:00 AM  
Blogger ed said...


I'm not a software engineer, but wouldn't the extra (encrypted) bytes be easy to separate from the legitimate content?

No not really. Consider a binary image file. Usually there's a header strip of about 100-300 bytes, depending on specific type, that notes the color palettes, length of the file and other structure information. All of the binary data after this strip consists of the image data.

So what you'd do is simply combine the encrypted data, encryption prior to merging is suggested, with this binary image data on a byte by byte basis. Doing so will result in another byte that now replaces the original image data.

To unlock the encrypted data all you need is a clean copy of the original image. Feed the clean origina image into a computer program along with the merged image and you'll get back the encrypted data. If you include the decryption key along with the encrypted data in the combined image, then you don't need anything else to decrypt the data.

And quite frankly you could use any widely available images, porn images or even photos taken on your last vacation.

In essence:

Encrypted data + original image data = new encrypted data

New encrypted data - original image data = original encrypted data.

The actual technique depends on the specific file type. As an example a GIF format allows for mutliple images within a specific file. You could encode special data into each individual image just along the borders. The image itself would look perfectly fine, but that data would still be available.

Transmission of this data would be as easy as someone visiting a webpage.

If this is of any real interest I could probably work up a script based example within a couple days. I've got a few deadlines I've got to meet so it couldn't be sooner.

2/27/2006 08:53:00 AM  
Blogger Unknown said...

(This is going to be a little technical so skip it if that does not interest you.) There are two area of networks, public and private (i.e. Phone networks and the internet). You can't really be called spying if you are on the internet since it is an open network and you must think of traffic the same as a postcard viewable by everybody. There are limited internet connections in and out of the country (Mae-east & Mae-west and in Europe mae-paris). I'm sure that Mae-east and Mae-west have a lot of exceptions in their routing tables for Mid East Ip address ranges going to some special sniffers. It is very easy to secure IP address using openVPN for instance and various proxy servers. What is not so easy to secure is where the traffic is going to and coming from which will be very interesting. There is nothing to stop a terrorist parking outside an open wireless internet router in somebodies home, or creating a zombie robot PC to proxy traffic both here and in Europe. What you get down to is net warfare. I'm sure the NSA is closely watch the habits of key terrorist who work on inter cell communications. I doubt if we are worried about a computer hard drive as much as identifying the source and target locations of key players.

The majority of spying we are talking about is taking place on the private networks AT&T, MCI etc. The NSA I guess has been data mining these the phone companies database to look for phone traffic patterns to specific regions and specific houses in the US. I heard on the news that they had 350,000 people world wide of interest. This is what they are talking when they are talking of spying. It is much more likely that all that complicated technology is outside the knowledge base of you average terrorist cell so they are forced to use the plain of telephones plus the addage loose lips sink ships. This is where I imagine most the the NSA's interest lies.

2/27/2006 09:02:00 AM  
Blogger Doug said...

But if we simply persist in filing on paper, sorting us all out remains a non-trivial matter.
Why folks VOLUNTEER to provide the government a free computer ticket to search their lives, I'll never understand.

2/28/2006 02:44:00 AM  

Post a Comment

<< Home

Powered by Blogger