Publication: an ethical dilemma for DF research?
by Chris Hargreaves
Ethical issues in science are commonplace; examples such as cloning, climate change and genetic engineering are all subject to different ethical debates. Some subjects have clearly defined areas of potential ethical problems, for example in Psychology much consideration is given to the welfare of human participants involved in any experiments conducted. This would involve the consideration of concerns such as participants’ confidentiality, privacy, consent, right to withdraw etc. However, the welfare of human participants in experiments is not the only form of ethical debate and in some research areas there are other particular issues, such as animal rights, or indeed whether a particular technology should be researched at all. This article is not an attempt to identify all the potential ethical issues that digital forensics research could be subject to, but instead highlights a particular issue – the potential impact of making the results of some digital forensics research publicly available…
Please use this thread for discussion of Dr Hargreave's latest column.
Publication an ethical dilemma for digital forensics research?
Sounds like a research subject. Is there any evidence to suggest that publication harms justice? Or perhaps benefits it? Or even affects it all?
Hi, I side with athulin,
Technological advances and gradual public awareness of "how to do stuff with a computer" is, as they say, inevitable.
Not wishing to hijack the discussion but a similar argument may be posed for Crypto software. Leaving my tinfoil hat aside, as a pc user, I would prefer not to entirely trust the advertising hype and rather know that Truecrypt / Bitlocker et al had been examined, tried and tested and any flaws published full disclosure style. As for obtaining Crypto keys and passwords there is always the $5 wrench, http//xkcd.com/538/
Likewise I use Heidi eraser, bcwipe and similar tools just because I can. If there's no other intelligence or evidence to impliy a crime apart from a random fishing expedition on my computer why is it being searched? What next, ban Dropbox, Drop.io, online storage? Laws only stop honest people.
I still keep trying to convince every crime TV series writer not to include the part about where they use fingerprints to catch the bad guy… What if the criminals find out that that's one of the ways we can catch them…?!
People who really want to hide something would need to use more advanced tricks to completely erase all traces on all possible systems (and in reality almost always make a mistake or simply don't even use these tools (hey, we still catch criminals by using fingerprints, even though you can buy gloves for a couple of dollars and the use of fingerprints is more or less common knowledge)).
And to come back to the fingerprints example trying to hide our knowledge is just a poor effort of 'security by obscurity' - IMHO we won't prevent any crimes by doing that.
Dr. Hargreaves makes an interesting point (and one with which I have grappled) but it may be more theoretical than practical in many applications
As an example, a few years ago the CMU-CERT developed a tool for detecting the "signatures" of many of the most common drive wiping tools. They, supposedly, released this tool only to law enforcement but we found in one of our investigations that a private entity also had access to the tool, perhaps through an employee who had formerly been in LE (or who formerly worked for CERT, I was never able to determine).
The theory of restricting access was the idea that if the developers of the wiping tools were alerted to the artifacts of the use of the tool, they might be prompted to changing it to no longer produce those artifacts.
The problem with that line of reasoning is that information about many of the signatures was already public having been discussed in various Internet blogs and forums and, in fact, a few of the developers of the software had already made changes in response to the public knowledge.
Finally, there is the problem of when the information gets used. Knowing it is one thing but if you have to go to court, then what you know becomes public knowledge unless you can convince the court that the information is so sensitive that making knowledge of it public would jeopardize ongoing investigations or national security. This is a hard argument to make, however and it relies on the discretion of the court which is often a risky proposition.
Finally, there is the problem of when the information gets used. Knowing it is one thing but if you have to go to court, then what you know becomes public knowledge
Indeed. Perhaps for certain research, if it is shared with law enforcement only initially, and when it eventually gets to court, this is the point where general publication is ok?