Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.misc > #11520

Re: FBI Agent: Decrypting Data ?Fundamentally Alters' Evidence

Show key headers only | View raw

On 14/07/2016 11:22 AM, David LaRue wrote:
> Sylvia Else <sylvia@not.at.this.address> wrote in
> news:dumnhrF1ao4U1@mid.individual.net:
>
>> On 13/07/2016 8:21 PM, Rich wrote:
>>> http://motherboard.vice.com/read/fbi-agent-decrypting-data-
> fundamental
>>> ly-alters-evidence
>>>
>>> Quoting from the URL above:
>>>
>>>      An FBI agent has brought up an interesting question about the
>>>      nature of digital evidence: Does decrypting encrypted data
>>>      "fundamentally alter" it, therefore contaminating it as forensic
>>>      evidence?
>>>
>>>      According to a hearing transcript filed last week, FBI Special
>>>      Agent Daniel Alfin suggested just that.
>>>
>>>      The hearing was related to the agency's investigation into dark
>>>      web child pornography site Playpen. In February 2015, the FBI
>>>      briefly assumed control of Playpen and delivered its users a
>>>      network investigative technique (NIT) - or a piece of malware -
>>>      in an attempt to identify the site's visitors.
>>>
>>>      That malware grabbed suspects' IP address, MAC address, and other
>>>      technical information, and then sent it back to a government
>>>      computer. None of that evidence was encrypted, however.
>>>
>>>      "That claim holds no water at all."
>>>
>>>      According to experts called by the defense in the affected case,
>>>      the fact that the data was unencrypted means there is a chance
>>>      that sensitive, identifying information of people who had not
>>>      been convicted of a crime was being sent over the internet, and
>>>      could have been manipulated. (Alfin paints this scenario as
>>>      unlikely, saying that an attacker would have to know the IP
>>>      address the FBI was using, have some sort of physical access to
>>>      the suspect's computer to learn his MAC address, and other
>>>      variables.)
>>>
>>>      Had that data been encrypted, "It would still be valid, it still
>>>      would have been accurate data; however, it would not have been as
>>>      forensically sound as being able to turn over exactly what the
>>>      government collected," Alfin said.
>>>
>>>      ...
>>>
>>
>> Clearly, physical access to the suspect's computer is not required to
>> obtain any of the information returned by the NIT, given that the NIT
>> is able to do it.
>>
>> Data passing over the Internet is subject to all sorts of
>> transformations on the way. In that regard, encryption and decryption
>> (which might conceivably have occurred anyway) are nothing special.
>>
>> I'd have thought such data had no evidential value at all, being at
>> best a source of clues, and probable cause, to indicate where other
>> investigations should take place.
>>
>> Sylvia.
>>
>
> Actually they should be talking about authentication of the message
> data.  That is what insures that the data came from a certain source and
> has not been altered.  It is often used with encryption, which by itself
> doesn't insure the data hasn't been modified.
>
> David
>

Authentication is not much use when the source is not trusted anyway.

Sylvia.

Back to comp.misc | Previous | Next — Previous in thread | Find similar

Thread

FBI Agent: Decrypting Data ?Fundamentally Alters' Evidence Rich <rich@example.invalid> - 2016-07-13 10:21 +0000
  Re: FBI Agent: Decrypting Data ?Fundamentally Alters' Evidence Sylvia Else <sylvia@not.at.this.address> - 2016-07-13 21:38 +1000
    Re: FBI Agent: Decrypting Data ?Fundamentally Alters' Evidence David LaRue <huey.dll@tampabay.rr.com> - 2016-07-14 01:22 +0000
      Re: FBI Agent: Decrypting Data ?Fundamentally Alters' Evidence Sylvia Else <sylvia@not.at.this.address> - 2016-07-14 12:38 +1000

csiph-web