This is the article
http//
A federal court decision so it carries some weight.
Might we JUST be entering the era of Clueful Courts?
Nah… that is way, way off.
Clueless, you mean. A file hash is not a "cryptographic signature" in spite of what the judge thinks.
"Rather, a hard drive is comprised of many platters, or magnetic data storage units, mounted together," the judge wrote. In essence, she said, each platter constituted its own separate container and the acquaintance's search of one didn't breach the others.
Huh? You mean that we have to get a per platter search warrant? Can you tell me what platter a folder is on? Talk about junk science!
Clueless, you mean. A file hash is not a "cryptographic signature" in spite of what the judge thinks.
"Rather, a hard drive is comprised of many platters, or magnetic data storage units, mounted together," the judge wrote. In essence, she said, each platter constituted its own separate container and the acquaintance's search of one didn't breach the others.
Huh? You mean that we have to get a per platter search warrant? Can you tell me what platter a folder is on? Talk about junk science!
It's an interesting quote, and is technically accurate. It is, I agree, a bit of a leap to suggest that accessing the disk is only likely to hit one platter !
However, given that you tend to get a warrant to search an address, rather than a room, I think that you should be ok on that count …
I read the last two paragraphs (or at least the layman's synopsis) as the Judge hinting at belated recognition of the massive size of modern disks. And that the Old Ways need to be brought current.
A hard disk is NOT an "address" anymore than it is a container equal to a backpack, for instance. Magnitude is the issue. A full 300 gig drive easily contains hundreds of thousands of files. What "address" has a similar number of individual rooms?
The Great Hope is that judges are starting to ken that "the law" is decades behind technology. Might there be room for optimism? Remains to be seen.
It's a bit difficult without reading the full ruling to pass judgement if the law is catching up, or if they are grasping at a few things that they have heard, and are getting them badly muddled !
It looks more to me that the judge has been explained the physical structure of a hard disk and has managed to grasp that concept, but has either failed to be explained to or has failed to grasp that the data stored on there has an existence that isn't directly mapped to the physical structure, that indeed a file or folder could be spread accross multiple platters, or that several "virtual" containers (partitions) could exist on a single platter.
I personally happen to think that this ruling is incorrect, as the drive, to my mind had already been opened, and thus was fair game.
I think that the precedent for random stop & search against hashes without due cause is good, but in this case, due cause was present (someone had reported the images), the device had been accessed, and the search was made reasonably (not to mention effectively !).
I used the address _analogy_, because the statement was about "warrants per platter" - in terms of orders of magnitude rooms to platters seems a reasonable match. If you would prefer to match orders of magnitude for files or folders - I would get a warrant to search a library, not one for every shelf or book …
The problem that I have is that it unnecessarily invokes a technological argument (which is irrelevant to the matter at hand), thereby creating confusion which could hamper legitimate investigations.
The defendant had been served a notice of eviction and when the date passed, the remaining contents of the defendant's apartment were put out onto the street for disposal. A friend of one of the persons clearing out the apartment was called and told that they were throwing away a computer and did he want it, which he did. The defendant arrived back at the apartment and, finding his computer missing, asked where it had gone. The movers claimed ignorance and so the defendant reported the computer stolen.
When the friend got the computer home, he found videos which appeared to be CP. He called the police and, at the time, stated that he had "found" the computer though, later, he admitted where he had gotten it. There is conflicting testimony as to whether the police were aware of the computer's owner and that it had been reported stolen at the time that they took possession of the computer.
What should have happened next is clear. The police should have obtained a search warrant before doing anything with the computer. They attempted to claim that they were unaware of the computer's owner at the time but the court did not accept that explanation.
From that point, forward, it doesn't really matter what was done or why. Certainly, the technology used should not have been an issue as the real issue was whether any examination of the computer was lawful.
That has nothing to do with hash codes and/or platters. It is pure junk science.
I appologise, my knowledge of the US constitution is lacking. ( My knowledge of the UK legal system is limited, but better -) )
Where does the fact that the disk had already been opened by the acquaintence come into play ? Surely with this being the case, and a direct report of unlawful material, a warrant is not neccessary ( that is certainly what is implied by the article - which is really my only point of reference ) ? I agree that this is the key point, and the rest is dependant on the answer to this question.
The ongoing question as to if hash values constitute search I think _is_ relevant though - I think of the sniffer dogs at airports, they don't search for explosives or drugs per se, but the signature of these substances by smell - how does this differ from hash analysis ? Does a warrant exist for the dogs or is there a generic overarching allowence ?
I've always understood the term "junk science" to mean things that were either patently false, or based on dubious corrolations ("All x are y, therefore all y are x" kind of thing … ), I don't see how any of the _statements_ made so far, that we can read ( although the final interpretation seems … interesting … again I'm going on the article alone ) - I've not seen the court reports, fit these criteria.
I appologise, my knowledge of the US constitution is lacking. ( My knowledge of the UK legal system is limited, but better -) )
Apologies are unnecessary. I could claim a similar lack of familiarity with UK law.
Where does the fact that the disk had already been opened by the acquaintence come into play ? Surely with this being the case, and a direct report of unlawful material, a warrant is not neccessary ( that is certainly what is implied by the article - which is really my only point of reference ) ? I agree that this is the key point, and the rest is dependant on the answer to this question.
Good question. What complicates the issue are the facts that the possessor of the computer lied to police about where he had gotten the computer (he said he found it, making the identification of the owner an issues), and the fact that the computer had been reported stolen but it was unclear when the police knew that this was the stolen computer. Even more complicating is the fact that the owner was not formally evicted and had begun the process of moving his things out. Thus, central to the issue was whether the owner had a reasonable expectation of privacy.
Legally, if the the computer had been "found" and if the owner was unknown, the police have much more freedom to explore the contents. The judge clearly did not believe that the police had no idea whose computer it was or, at least, that they made no attempt to find out short of looking at the drive contents.
On the basis of not believing the police, the judge concluded that the search exceeded their authority since it went beyond what the police had been shown by the person who salvaged it. That is key to the issue, that they should have known that the computer was reported stolen (rather than abandoned). When something containing private information is stolen, the user does not give up their expectation of privacy.
The technical issues are superfluous here. This is no different than if the salvage guy had taken a diary and opened to a particular page and found the same evidence. If the police knew who was the owner, they should have obtained a warrant.
Thus by bringing into the mix the technology used to image the drive, the court created a distinction without a difference, which is bad legal precedence.
The ongoing question as to if hash values constitute search I think _is_ relevant though - I think of the sniffer dogs at airports, they don't search for explosives or drugs per se, but the signature of these substances by smell - how does this differ from hash analysis ? Does a warrant exist for the dogs or is there a generic overarching allowence ?
We can't say because there was no warrant. Typically the warrants are written in such a way as to clearly describe what police are and are not allowed to do. That would normally include the ability to do a hash comparison of suspect files to known files. Since there was no warrant, the police exceeded their authority simply by imaging the drive rather than noting the suspect files of interest which had been disclosed to them by the possessor of the computer.
I've always understood the term "junk science" to mean things that were either patently false, or based on dubious corrolations ("All x are y, therefore all y are x" kind of thing … ), I don't see how any of the _statements_ made so far, that we can read ( although the final interpretation seems … interesting … again I'm going on the article alone ) - I've not seen the court reports, fit these criteria.
First of all, the judge referred to the organization of information on the drive in terms of the platters on the drive. That's mixing apples and oranges. The drive firmware determines how the data are written to and read from the drives. The forensic software (whether it be EnCase or some other package), does not do a platter by platter acquisition and it would be meaningless to do so. Therefore, the technology by which data are laid out onto the drive in firmware is meaningless insofar as whether the search was reasonable. The implication was that the search could have been limited to certain platters. But how would this be possible (or desirable).
Junk science is not only bad science, it is the inappropriate application of science to a legal issue. In this case, the "science" had nothing to do with why the search was unconstitutional. Similarly, hashing had no relevance for the following reason.
Suppose you are gathering evidence. You tag that evidence with an evidence number to identify it, uniquely. Well, the hash value is nothing more than a unique tag. Obtaining the hash is not an invasion of privacy because the hash is the property of the file, not the owner.
The invasion of privacy resulted from the complete examination of the drive without a warrant and this was based upon the judge's skepticism regarding the police account of events.
Legally, the ruling was correct, IMHO, but not for any of the technical reasons cited by the judge.
I've always understood the term "junk science" to mean things that were either patently false, or based on dubious corrolations
In the US the term has added connotations in the legal world, mainly associated with the establishment of the Daubert standard in 1993. Peter W. Huber's book "Galileo's revenge junk science in the court room" from 1991 shows some aspects of why that happened.
D
Thank you so much for taking the time to explain that, I'm sure that I'm not the only person who has gained a far better understanding of this case compared to the information & interpretation presented in the Register article.
Kind Regards,
Azrael