Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

Spyware, Data Retention, and Burning the Innocent

From: David Farber <dave () farber net>
Date: Mon, 29 Jan 2007 15:13:47 -0500


Begin forwarded message:

From: Lauren Weinstein <lauren () vortex com>
Date: January 29, 2007 3:10:10 PM EST
To: dave () farber net
Cc: lauren () vortex com
Subject: Spyware, Data Retention, and Burning the Innocent


Dave,

I cannot emphasize enough what a disaster this sort of situation is
for utterly innocent people.  It's been building up for a long time
and is getting much worse -- fast -- thanks to overbroad data
retention (either voluntarily by Web services, or the mandated
retention that DOJ and some misguided members of Congress are
pushing).  Innocent people's lives are being ruined, and it's only a
matter of time before someone's life will be lost as a direct result
of these issues.

I talked about this a bit back in December:

"How Pop-Ups Could Brand You a Pervert or Crook"
  http://lauren.vortex.com/archive/000203.html

But this is actually a much bigger problem.  Innocent people have
been convicted (or taken pleas to avoid even worse potential
outcomes if they went to trial) in situations where common sense
suggests they were not guilty of the charges, but authorities pressed
charges solely due to the presence of data on their PCs, with no
evidence to suggest that the data had been placed there voluntarily.

Similarly, some people are pulled into this maelstrom merely on the
basis of ip-address data or other Web site/ISP retained data, which
in significant numbers of cases is in error.  In one recent notorious
case, an armed team burst into a home on a porn bust, only to learn
later that the ISP had confused the dynamic IP addresses involved
and sent the authorities to the wrong location.  An innocent could
have easily been killed.  We've seen similar (though less serious)
situations related to RIAA and MPAA actions tied to retained data
that yielded highly problematic and unlikely defendants, where data
errors again appear to have been involved.

Especially in the case of c-porn -- the current third rail of law
enforcement -- the results of such errors and misguided assumptions
about the presence of data on computers can be devastating.  They
could easily lead to innocent people being imprisoned for years,
branded with the "pervert" label forever, and forced to move to the
boonies with a GPS monitor shackled on their ankle for life.

I'm going to say this as loudly as I can and I'll keep saying it.
With current and forseeable systems, the mere presence of
incriminating data on someone's computer doesn't mean that they put
it there voluntarily.  It may have gotten there through a pop-up or a
virus.  It may have been purposely planted by a remote party with an
axe to grind.  There are innumerable possible vectors.  Similarly,
just because server-retained logs claim that a particular ip address
accessed particular Web sites or entered specific search queries,
again does not guarantee that any of those actions took place under
the direction of that computer's owner and user, even assuming that
the ip address involved is accurate.

These systems and data are frequently contaminated, unreliable,
untrustworthy, and frankly just plain dangerous when simply assumed
to be matters of fact.  That isn't to say that real crooks don't
exist, obviously they do.  But the trend toward treating these kinds
of technical data -- in and of themselves, and in the absence of
other proof -- as sufficient for arrests and convictions is
incredibly abusive to justice, and yes, to human rights in general.

This must not be tolerated.

--Lauren--
Lauren Weinstein
lauren () vortex com or lauren () pfir org
Tel: +1 (818) 225-2800
http://www.pfir.org/lauren
Co-Founder, PFIR
   - People For Internet Responsibility - http://www.pfir.org
Co-Founder, IOIC
   - International Open Internet Coalition - http://www.ioic.net
Founder, CIFIP
   - California Initiative For Internet Privacy - http://www.cifip.org
Founder, PRIVACY Forum - http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
DayThink: http://daythink.vortex.com

 - - -



Begin forwarded message:

From: Brett Glass <brett () lariat net>
Date: January 29, 2007 1:48:14 PM EST
To: dave () farber net, ip () v2 listbox com
Subject: Re: [IP] Spyware may lead to jail - for recipient, not sender

Dave:

What is scandalous about this conviction (yes, the substitute teacher
was convicted by a jury) is that the Judge refused to admit technical
evidence from the defense which clearly would have demonstrated that
she was not responsible

 ...


-------------------------------------------
Archives: http://archives.listbox.com/247/
Powered by Listbox: http://www.listbox.com
Previous By Date Next
Previous By Thread Next

Current thread: