Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.misc > #11515

Re: FBI Agent: Decrypting Data ?Fundamentally Alters' Evidence

From Sylvia Else <sylvia@not.at.this.address>
Newsgroups comp.misc
Subject Re: FBI Agent: Decrypting Data ?Fundamentally Alters' Evidence
Date 2016-07-13 21:38 +1000
Message-ID <dumnhrF1ao4U1@mid.individual.net> (permalink)
References <e+d317Jr8Eani9MRhTtbVK6L@dont-email.me>

Show all headers | View raw

On 13/07/2016 8:21 PM, Rich wrote:
> http://motherboard.vice.com/read/fbi-agent-decrypting-data-fundamentally-alters-evidence
>
> Quoting from the URL above:
>
>     An FBI agent has brought up an interesting question about the nature of
>     digital evidence: Does decrypting encrypted data "fundamentally alter"
>     it, therefore contaminating it as forensic evidence?
>
>     According to a hearing transcript filed last week, FBI Special Agent
>     Daniel Alfin suggested just that.
>
>     The hearing was related to the agency's investigation into dark web
>     child pornography site Playpen. In February 2015, the FBI briefly
>     assumed control of Playpen and delivered its users a network
>     investigative technique (NIT) - or a piece of malware - in an attempt to
>     identify the site's visitors.
>
>     That malware grabbed suspects' IP address, MAC address, and other
>     technical information, and then sent it back to a government computer.
>     None of that evidence was encrypted, however.
>
>     "That claim holds no water at all."
>
>     According to experts called by the defense in the affected case, the
>     fact that the data was unencrypted means there is a chance that
>     sensitive, identifying information of people who had not been convicted
>     of a crime was being sent over the internet, and could have been
>     manipulated. (Alfin paints this scenario as unlikely, saying that an
>     attacker would have to know the IP address the FBI was using, have some
>     sort of physical access to the suspect's computer to learn his MAC
>     address, and other variables.)
>
>     Had that data been encrypted, "It would still be valid, it still would
>     have been accurate data; however, it would not have been as forensically
>     sound as being able to turn over exactly what the government collected,"
>     Alfin said.
>
>     ...
>

Clearly, physical access to the suspect's computer is not required to 
obtain any of the information returned by the NIT, given that the NIT is 
able to do it.

Data passing over the Internet is subject to all sorts of 
transformations on the way. In that regard, encryption and decryption 
(which might conceivably have occurred anyway) are nothing special.

I'd have thought such data had no evidential value at all, being at best 
a source of clues, and probable cause, to indicate where other 
investigations should take place.

Sylvia.

Back to comp.misc | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

FBI Agent: Decrypting Data ?Fundamentally Alters' Evidence Rich <rich@example.invalid> - 2016-07-13 10:21 +0000
  Re: FBI Agent: Decrypting Data ?Fundamentally Alters' Evidence Sylvia Else <sylvia@not.at.this.address> - 2016-07-13 21:38 +1000
    Re: FBI Agent: Decrypting Data ?Fundamentally Alters' Evidence David LaRue <huey.dll@tampabay.rr.com> - 2016-07-14 01:22 +0000
      Re: FBI Agent: Decrypting Data ?Fundamentally Alters' Evidence Sylvia Else <sylvia@not.at.this.address> - 2016-07-14 12:38 +1000

csiph-web