Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
FW: [Full-disclosure] RE: Computer forensics to uncoverillegalinternet use
From: dave kleiman (daveisecureu.com)
Date: Mon Sep 05 2005 - 15:31:09 CDT
Saw this article just know, referencing UK law on the subject:
"Under existing UK legislation, companies and their senior managers can
already be criminally and civilly liable for illegal and inappropriate
images found in the workplace. Yet in a recent survey conducted by PixAlert
and The Chartered Institute of Personnel and Development, over 50% or
managers were unaware of this."
> -----Original Message-----
> From: Craig, Tobin (OIG) [mailto:tobin.craigva.gov]
> Sent: Sunday, September 04, 2005 11:14
> To: chromazinesbcglobal.net; full-disclosurelists.grok.org.uk
> Subject: Re: [Full-disclosure] RE: Computer forensics to
> uncoverillegalinternet use
> The following are my personal opinion, and in no way represent those
> of my employer....
> Actually Steve, the issue of "virtual children" never even came up.
> The discussion has evolved from a call from the community for help in
> investigating what may or may not turn out to be child pornography.
> Based on some highly questionable advice from a member of this list
> (and I apologize to the list moderators, it was the decision of the
> same individual to spread the discussion here too), I and others have
> intervened to bring to focus the potential legal consequences of this
> persons dubious advice, that being the willful destruction of evidence
> which otherwise might be used in the investigation of crimes against
> Just my opinion,
> -----Original Message-----
> From: Steve Kudlak <chromazinesbcglobal.net>
> To: 'Full-Disclosure' <full-disclosurelists.grok.org.uk>
> Sent: Sun Sep 04 10:51:42 2005
> Subject: Re: [Full-disclosure] RE: Computer forensics to uncover
> illegalinternet use
> Chuck Fullerton wrote:
> I do find this like of discussion very interesting.
> However, there has been so much discussion that it's getting difficult
> to folllow. Therefore, I'd like to make the following recommendation
> for future posts.
> 1. Minimize the text you to which you are replying to the pertinent
> 2. Everyone use the same method of replying.. (i.e.
> inline, top or bottom) I don't care which but it's really getting
> tough to follow.
> 3. Keep the discussion going as I'm really getting alot out of
> Chuck Fullerton
> It is a pretty complex issue due to the questions raised.
> I'll try to clip things a bit. It was hard to look at it in a simple
> manner because it involves several interelated ares I tried to break
> it into the main issues. Perhaps I should have tried to spell out my
> points a little more clearly. But it gets down to the whole meat of
> all sorts of legal things, like the questions of knowingfully and
> willfully doing something proscribed. The attempts to seperate this
> from just overlooking of something or the concerns of privacy. The
> interesting thing for me was when someone brought up the concept of
> "virtual children" as that was actually legally looked into.
> What I think would be really edifying is what things are like in other
> legal systems such as the EU systems and world courts. I say this
> because one of the big uses of electronic evidence in prosecutions has
> been with the federal courts attempts to prosecute sex tourists and
> the not quite underground in that area. By that I mean one can buy the
> "Have Sex Fun in Asia" books on the secondary open market.
> My suspicion is there is convert attempt to push things into a more
> interventionist stance in the hopes that things might be discovered.
> The problem I see in states with extensive privacy like California is
> how much one can go through a user's files without their leave. As
> far as I can tell there has been no real legal precedent and
> prosecution on the ideas of that say sysadmins are overlooking
> The really insteresting issue is whether the beginning of thread
> question behavior was highly illegal because it involved destruction
> of potential evidence. That means it would have to be pretty
> egregiously say "child porn" and not just say soi disant 18 year olds
> who weren't. Curious that the 18 as age of adulthood allows two
> precious years for porn folks to say "Hot Teens" etc. and still be on
> the safe side.
> Now the other interesting thing and I am worrying I am making it more
> complicated than it should be is the hope by some prosecutors that the
> US would sign treaties the US might have to at least try to obey that
> would accomplish what they want without getting it passed or having
> legal precedent in the US.
> Note MI-6 tried this in reverse about another issue and it died a
> quiet death. There is a site on the net run by a certain architect and
> he has been a thorn in the side of MI-5 and MI-6 and "Gardie" (sorry
> can'r remember real spelling) in Ireland(North and South). Due to the
> strong First Amendment in the US it has been impossible to block
> publishing in the US and on the Internet of this information which
> actually involved pictures of Northern Ireland's Internal Police Folks
> that work in terrorism supression. They were hoping a treaty would
> allow them to get at the US publishers and that failed.
> Overall my suspicion is that overall this end-run technique will fail
> in general. It is interesting because the failure of the Michael
> Jackson prosecution pretty much left the Federal Prosecutors as the
> lone rangers who seldom fail at these various sex crimes prosecutions.
> It would be their ability to win consistently and get people declared
> accesories that would change things. I don't think that ios going to
> Note I won't extend this because it is already longer and more
> convoluted than I intended it. I am going to kind of shut up now
> because this is sort of the state of knowledge and practice as I am
> aware of it. Again if someone knows about these things in other legal
> systems or has any insights into the attempts to stop people using
> encryption I would like to hear it.
> Have Fun,
> Sends Steve
> P.S. If anyone finds interesting cases or precedents I would like to
> hear of them. All that stuff of knowing the cases that set precedent
> like one knows good novels one has read or movies one has watched that
> made a tatement has finally began to sink in. It took a long time and
> a lot of reading but I now know why they quoted things involving
> Youngstown Tool and Die cases in Constitution Rights cases.;)
> Have Fun,
> Sends Steve
> P.S. Note I have bcc'd many recipients in case they aren't on the list
> and trying to keep the email to have get moderator approval...
> From: full-disclosure-bounceslists.grok.org.uk
> [mailto:full-disclosure-bounceslists.grok.org.uk] On Behalf
> Of Steve Kudlak
> Sent: Sunday, September 04, 2005 1:45 AM
> To: dave kleiman
> Cc: 'Craig, Tobin (OIG)'; echowvideotron.ca;
> 'Sadler,Connie'; jbeaufordEightInOnePet.com;
> 'Full-Disclosure'; security-basicssecurityfocus.com
> Subject: Re: [Full-disclosure] RE: Computer forensics
> to uncover illegalinternet use
> dave kleiman wrote:
> Hate to play alwyer here but doesn't
> all of this get shot down by 3rd
> Circuit Federal Court of Appeals
> decisions regarding the FBI's
> Innocent Images project? It basicly
> shot down the concept of "you
> clicked on a chold porn link therefore
> you're guilty."
> Well that applies to when it is determined that
> it was innocent. This could
> be via pop-up, trojan, or maleware of some kind.
> This is all enshired in Federal
> Cases. No one must admit that a good
> prosecutor can indioct a ham
> sandwich and all that. But overall that
> doesn't happen.
> Now Federal Prosecutors and
> Investigations staffs are very good at
> sort of getting warrants and raiding
> someone's house or business and
> going thru everything. But if the
> person doesn't scare and cop to
> something they never did, then federal
> prosecutors generally have to
> back off in cases where it is just
> things accumulating on disks etc.
> Well they do not usually prosecute ham
> sandwiches, BLT's maybe.
> I love how everyone is quick to say things just
> magically accumulated on
> their H/D. However, they tend not back of when
> a file structure is found
> with hundreds of images, often burned to CD's.
> Futhermore in
> states with a high privacy expectation
> like California there is a good
> reason to say "We don't go through our
> customers data looking for
> things out of the ordinary". One might
> argue it to be different it
> were one's employees. However if you
> are offering a primo privacy
> service then you can legitimately scrub
> disks as a part of the biz
> Well that may be, of course you missed the
> beginning of these threads, where
> Mr. Combs suggested after discovering
> contraband on and employees H/D, to
> make a copy of it take the copy to the
> companies attorney. Wipe the original
> and "best course of action is to purposefully
> falsify the record of the
> company's response to the incident"
> The full threads can be read here:
> Much of Law Enforcement and theiir
> Public Providers of services
> depends on scaring people and
> businesses into good behavior when it is
> neither necessary or ethical. My
> suspicion is that one can ignore this
> tactic if one wishes as one is
> reasonably careful.. I am sure that
> people will be offereing "Computer
> Forensics Services" to find the
> scary things on your compnys disks for
> $500 a pop but no good reason
> one has to engage in such silliness.
> Yes that crazy scaring people into good
> behavior....... Oh wait that is
> right only reasonably prudent people follow the
> law, criminals tend to not
> care if there is law against something, they
> are not scared into not
> committing crimes, that is why they are criminals.
> Kind of like the lawlessness that is occurring
> in the situation you
> mentioned below. Some people would say that
> the devastation has turned
> these people into criminals. Although, the
> reality is the people committing
> the crimes are the same ones that were
> committing them before the
> Excuse my flipness. I just got through
> friends caught up in this call
> people stranded and alone by the
> hurricane in the SOuthland and all
> these other things do ring silly right now.
> For a long time I sysop'd an open system, I dunno how
> much time I ended up deleteing "girl with vaccum cleaner"
> pictures. This is getting weirder and weirder because with
> photoshop people can create things that do not exist in real
> reality. Of course you have really funny things like this one
> image that was from Japanese advertizing. They had a 10 year
> girl with this incredibly large pretty phallic looking squirt
> gun which she was squirting with a look of bliss on her face.
> It was pretty funny. It was funny how when showed this image
> it became a "cynicism filter". People would divide into the
> group that thought this was completely enmgineerd from the
> get-go and those who thought it was just some werid thing
> that came out and no one noticed it, or that it was the
> product of the fact that much of Japanese Culture doesn't
> quite go looking for all possible suggestive variants. It
> really became a filter.
> Now my suspicion about people in the US Southland is
> that it is a bit of opppurtunism in the face of despair and
> the feeling that "whitey has been shitting on us for
> centuries". Me being on the North American West Coast
> doesn't notice that because there were no slave quarters and
> slave markets in California, Washington, Oregon, British
> Columbia and we are apt to think a "quadroon" is a small gold
> coin that would be nice to find in one's progentitors coin
> collection. I don't think it is because there is just a
> massive criminal element hidden from us. Now some of the
> behavior sounded like what I found in my tenure at a small
> residential hotel. From the last week of the month to the
> first week of the next month a number of curious items would
> end up for sale. It was always curious to imagine where these
> items came from, some were legitimatgely obtained, others
> probably not. There was always an argument among the low rent
> district types that universally almost always aligned as
> "crazy white guys accusing mexicans of shop lifting and
> reselling, whereas many of the items they had could be seen
> as coming from equally questionable sources.
> Now if one talks to Federal Proscutors they will tell
> you that they feel comfortable with their "Vacuum Cleaner"
> approach. They feel if they do go and get everyone
> questionables stuff and go through it, then one will be able
> to determine how many folks had thing accumulating on their
> disk and how many actively collected it etc. Now
> interestingly with the Third Circuit's Decision which is
> close to rock solid at this point in precdent, people like
> journalists would sort of get wide descretion especially if
> they were working on stories and doing investigations etc.
> Two other things come in here. In both the US Ninth
> Circuit and Upper Level Courts of British Columbia it has
> been held that one can not commit crimes against "virtual
> children" or "animated descriptions of children etc". This
> means the general belief in liberal democracies that "thought
> crimes" are questionable is beginning to be enshired in code
> and precedent. I am pretty sure this is well embedded in
> North American Culture and is apt not to go away even with
> the idea, darfe I say spectre two very conservative
> reversalist judges on the Supreme Court. Note I have not had
> time to study how things work in the EU or even Australia.
> Now technoculturally want this may eventually provoke
> is the use of high grade encryption by more people. Right now
> I know even artists who hqave become more technologically
> saavy and who encrypt things even when legal code is on their
> side overall. In the 1970s and 1980s there were a number of
> legal razzlements of artists who used their children as nude
> models no matter how innocent. This went too far and
> eventaully what got established is the concept that "simple
> nudity is not obscene". It is interesting because artists
> are not usually seen as users or consumers of secuiity
> products and things like encryption.
> Anyway this is all very interesting and we do live in
> interesting times. So it will be interesting to see how this
> will go and whether the bizness idea of trying to safe from
> all possible wrongdoing or perceived wrongdoing will win out
> overall. I know lots of vendors and security consultants have
> been hoping that "porn protection" would turn into a
> lucerative field but so far it doesn't compare to virus and
> malware protection.
> Interestingly in artist circles the whole imaging thing
> has turned into "sousveillence" and artists have been having
> way too much fun turning the cameras back on the people who
> usually use them. It is interesting that people like Sudo
> Chiles House who was one of the first people to install a
> "cam" which in her case was a 35mm camera that took pictures
> regularly of her bedroom is all buit forgotten in the modern
> installatiion of cams in various public and private spaces.
> Note the UK and places in Florida have been very much into
> the "you are being watched" theory of crime control. I also
> have heard tales of "spy camera destroyers" who have been
> running around spray painting cameras but I think that is not
> widespread at this point. Hmmm, indeed these are interesting
> times. whether it is a blessing or a curse is an open question.
> Have Fun,
> Sends Steve
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/