Interesting People mailing list archives
Spyware, Data Retention, and Burning the Innocent
From: David Farber <dave () farber net>
Date: Mon, 29 Jan 2007 15:13:47 -0500
Begin forwarded message: From: Lauren Weinstein <lauren () vortex com> Date: January 29, 2007 3:10:10 PM EST To: dave () farber net Cc: lauren () vortex com Subject: Spyware, Data Retention, and Burning the Innocent Dave, I cannot emphasize enough what a disaster this sort of situation is for utterly innocent people. It's been building up for a long time and is getting much worse -- fast -- thanks to overbroad data retention (either voluntarily by Web services, or the mandated retention that DOJ and some misguided members of Congress are pushing). Innocent people's lives are being ruined, and it's only a matter of time before someone's life will be lost as a direct result of these issues. I talked about this a bit back in December: "How Pop-Ups Could Brand You a Pervert or Crook" http://lauren.vortex.com/archive/000203.html But this is actually a much bigger problem. Innocent people have been convicted (or taken pleas to avoid even worse potential outcomes if they went to trial) in situations where common sense suggests they were not guilty of the charges, but authorities pressed charges solely due to the presence of data on their PCs, with no evidence to suggest that the data had been placed there voluntarily. Similarly, some people are pulled into this maelstrom merely on the basis of ip-address data or other Web site/ISP retained data, which in significant numbers of cases is in error. In one recent notorious case, an armed team burst into a home on a porn bust, only to learn later that the ISP had confused the dynamic IP addresses involved and sent the authorities to the wrong location. An innocent could have easily been killed. We've seen similar (though less serious) situations related to RIAA and MPAA actions tied to retained data that yielded highly problematic and unlikely defendants, where data errors again appear to have been involved. Especially in the case of c-porn -- the current third rail of law enforcement -- the results of such errors and misguided assumptions about the presence of data on computers can be devastating. They could easily lead to innocent people being imprisoned for years, branded with the "pervert" label forever, and forced to move to the boonies with a GPS monitor shackled on their ankle for life. I'm going to say this as loudly as I can and I'll keep saying it. With current and forseeable systems, the mere presence of incriminating data on someone's computer doesn't mean that they put it there voluntarily. It may have gotten there through a pop-up or a virus. It may have been purposely planted by a remote party with an axe to grind. There are innumerable possible vectors. Similarly, just because server-retained logs claim that a particular ip address accessed particular Web sites or entered specific search queries, again does not guarantee that any of those actions took place under the direction of that computer's owner and user, even assuming that the ip address involved is accurate. These systems and data are frequently contaminated, unreliable, untrustworthy, and frankly just plain dangerous when simply assumed to be matters of fact. That isn't to say that real crooks don't exist, obviously they do. But the trend toward treating these kinds of technical data -- in and of themselves, and in the absence of other proof -- as sufficient for arrests and convictions is incredibly abusive to justice, and yes, to human rights in general. This must not be tolerated. --Lauren-- Lauren Weinstein lauren () vortex com or lauren () pfir org Tel: +1 (818) 225-2800 http://www.pfir.org/lauren Co-Founder, PFIR - People For Internet Responsibility - http://www.pfir.org Co-Founder, IOIC - International Open Internet Coalition - http://www.ioic.net Founder, CIFIP - California Initiative For Internet Privacy - http://www.cifip.org Founder, PRIVACY Forum - http://www.vortex.com Member, ACM Committee on Computers and Public Policy Lauren's Blog: http://lauren.vortex.com DayThink: http://daythink.vortex.com - - -
Begin forwarded message: From: Brett Glass <brett () lariat net> Date: January 29, 2007 1:48:14 PM EST To: dave () farber net, ip () v2 listbox com Subject: Re: [IP] Spyware may lead to jail - for recipient, not sender Dave: What is scandalous about this conviction (yes, the substitute teacher was convicted by a jury) is that the Judge refused to admit technical evidence from the defense which clearly would have demonstrated that she was not responsible
... ------------------------------------------- Archives: http://archives.listbox.com/247/ Powered by Listbox: http://www.listbox.com
Current thread:
- Spyware, Data Retention, and Burning the Innocent David Farber (Jan 29)