Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
| From | Sylvia Else <sylvia@not.at.this.address> |
|---|---|
| Newsgroups | comp.misc |
| Subject | Re: FBI Agent: Decrypting Data ?Fundamentally Alters' Evidence |
| Date | 2016-07-14 12:38 +1000 |
| Message-ID | <duoca1FdlrnU1@mid.individual.net> (permalink) |
| References | <e+d317Jr8Eani9MRhTtbVK6L@dont-email.me> <dumnhrF1ao4U1@mid.individual.net> <XnsA644D968E5C89507d764ee9285@46.165.242.75> |
On 14/07/2016 11:22 AM, David LaRue wrote: > Sylvia Else <sylvia@not.at.this.address> wrote in > news:dumnhrF1ao4U1@mid.individual.net: > >> On 13/07/2016 8:21 PM, Rich wrote: >>> http://motherboard.vice.com/read/fbi-agent-decrypting-data- > fundamental >>> ly-alters-evidence >>> >>> Quoting from the URL above: >>> >>> An FBI agent has brought up an interesting question about the >>> nature of digital evidence: Does decrypting encrypted data >>> "fundamentally alter" it, therefore contaminating it as forensic >>> evidence? >>> >>> According to a hearing transcript filed last week, FBI Special >>> Agent Daniel Alfin suggested just that. >>> >>> The hearing was related to the agency's investigation into dark >>> web child pornography site Playpen. In February 2015, the FBI >>> briefly assumed control of Playpen and delivered its users a >>> network investigative technique (NIT) - or a piece of malware - >>> in an attempt to identify the site's visitors. >>> >>> That malware grabbed suspects' IP address, MAC address, and other >>> technical information, and then sent it back to a government >>> computer. None of that evidence was encrypted, however. >>> >>> "That claim holds no water at all." >>> >>> According to experts called by the defense in the affected case, >>> the fact that the data was unencrypted means there is a chance >>> that sensitive, identifying information of people who had not >>> been convicted of a crime was being sent over the internet, and >>> could have been manipulated. (Alfin paints this scenario as >>> unlikely, saying that an attacker would have to know the IP >>> address the FBI was using, have some sort of physical access to >>> the suspect's computer to learn his MAC address, and other >>> variables.) >>> >>> Had that data been encrypted, "It would still be valid, it still >>> would have been accurate data; however, it would not have been as >>> forensically sound as being able to turn over exactly what the >>> government collected," Alfin said. >>> >>> ... >>> >> >> Clearly, physical access to the suspect's computer is not required to >> obtain any of the information returned by the NIT, given that the NIT >> is able to do it. >> >> Data passing over the Internet is subject to all sorts of >> transformations on the way. In that regard, encryption and decryption >> (which might conceivably have occurred anyway) are nothing special. >> >> I'd have thought such data had no evidential value at all, being at >> best a source of clues, and probable cause, to indicate where other >> investigations should take place. >> >> Sylvia. >> > > Actually they should be talking about authentication of the message > data. That is what insures that the data came from a certain source and > has not been altered. It is often used with encryption, which by itself > doesn't insure the data hasn't been modified. > > David > Authentication is not much use when the source is not trusted anyway. Sylvia.
Back to comp.misc | Previous | Next — Previous in thread | Find similar
FBI Agent: Decrypting Data ?Fundamentally Alters' Evidence Rich <rich@example.invalid> - 2016-07-13 10:21 +0000
Re: FBI Agent: Decrypting Data ?Fundamentally Alters' Evidence Sylvia Else <sylvia@not.at.this.address> - 2016-07-13 21:38 +1000
Re: FBI Agent: Decrypting Data ?Fundamentally Alters' Evidence David LaRue <huey.dll@tampabay.rr.com> - 2016-07-14 01:22 +0000
Re: FBI Agent: Decrypting Data ?Fundamentally Alters' Evidence Sylvia Else <sylvia@not.at.this.address> - 2016-07-14 12:38 +1000
csiph-web