FW: RE: Computer forensics to uncoverillegalinternet use

["dave kleiman" <dave () isecureu com>]

Saw this article just know, referencing UK law on the subject:

http://castlecops.com/article-6223--0-0.html

"Under existing UK legislation, companies and their senior managers can
already be criminally and civilly liable for illegal and inappropriate
images found in the workplace. Yet in a recent survey conducted by PixAlert
and The Chartered Institute of Personnel and Development, over 50% or
managers were unaware of this."

Dave

> -----Original Message-----
> From: Craig, Tobin (OIG) [mailto:tobin.craig () va gov]
> Sent: Sunday, September 04, 2005 11:14
> To: chromazine () sbcglobal net; full-disclosure () lists grok org uk
> Subject: Re: [Full-disclosure] RE: Computer forensics to
> uncoverillegalinternet use
>
> The following are my personal opinion, and in no way represent those
> of my employer....
>
> Actually Steve, the issue of "virtual children" never even came up.
> The discussion has evolved from a call from the community for help in
> investigating what may or may not turn out to be child pornography.
> Based on some highly questionable advice from a member of this list
> (and I apologize to the list moderators, it was the decision of the
> same individual to spread the discussion here too), I and others have
> intervened to bring to focus the potential legal consequences of this
> persons dubious advice, that being the willful destruction of evidence
> which otherwise might be used in the investigation of crimes against
> children.
>
> Just my opinion,
>
>
> Tobin
>
>
>
>
> -----Original Message-----
> From: Steve Kudlak <chromazine () sbcglobal net>
> To: 'Full-Disclosure' <full-disclosure () lists grok org uk>
> Sent: Sun Sep 04 10:51:42 2005
> Subject: Re: [Full-disclosure] RE: Computer forensics to uncover
> illegalinternet use
>
> Chuck Fullerton wrote:
>
>       All,
>
>       I do find this like of discussion very interesting.
> However, there has been so much discussion that it's getting difficult
> to folllow.  Therefore, I'd like to make the following recommendation
> for future posts.
>
>       1.  Minimize the text you to which you are replying to the pertinent

> info.
>       2.  Everyone use the same method of replying..  (i.e.
> inline, top or bottom)  I don't care which but it's really getting
> tough to follow.
>       3.  Keep the discussion going as I'm really getting alot out of
this.
> ;-)
>
>       Sincerely,
>
>       Chuck Fullerton
>
>
>
> It is a pretty complex issue due to the questions raised.
> I'll try to clip things a bit. It was hard to look at it in a simple
> manner because it involves several interelated ares I tried to break
> it into the main issues. Perhaps I should have tried to spell out my
> points a little more clearly. But it gets down to the whole meat of
> all sorts of legal things, like the questions of knowingfully and
> willfully doing something proscribed. The attempts to seperate this
> from just overlooking of something or the concerns  of privacy. The
> interesting thing for me was when someone brought up the concept of
> "virtual children" as that was actually legally looked into.
>
> What I think would be really edifying is what things are like in other
> legal systems such as the EU systems and world courts. I say this
> because one of the big uses of electronic evidence in prosecutions has
> been with the federal courts attempts to prosecute sex tourists and
> the not quite underground in that area. By that I mean one can buy the
> "Have Sex Fun in Asia" books on the secondary open market.
>
> My suspicion is there is convert attempt to push things into a more
> interventionist stance in the hopes that things might be discovered.
> The problem I see in states with extensive privacy like California is
> how much one can go through a user's files without their leave.  As
> far as I can tell there has been no real legal precedent and
> prosecution on the ideas of that say sysadmins are overlooking
> something.
>
> The really insteresting issue is whether the beginning of thread
> question behavior was highly illegal because it involved destruction
> of potential evidence. That means it would have to be pretty
> egregiously say "child porn" and not just say soi disant 18 year olds
> who weren't. Curious that the 18 as age of adulthood allows two
> precious years for porn folks to say "Hot Teens" etc. and still be on
> the safe side.
>
> Now the other interesting thing and I am worrying I am making it more
> complicated than it should be is the hope by some prosecutors that the
> US would sign treaties the US might have to at least try to obey that
> would accomplish what they want without getting it passed or having
> legal precedent in the US.
>
> Note MI-6 tried this in reverse about another issue and it died a
> quiet death. There is a site on the net run by a certain architect and
> he has been a thorn in the side of MI-5 and MI-6 and "Gardie" (sorry
> can'r remember real spelling) in Ireland(North and South). Due to the
> strong First Amendment in the US it has been impossible to block
> publishing in the US and on the Internet of this information which
> actually involved pictures of Northern Ireland's Internal Police Folks
> that work in terrorism supression. They were hoping a treaty would
> allow them to get at the US publishers and that failed.
>
> Overall my suspicion is that overall this end-run technique will fail
> in general.  It is interesting because the failure of the Michael
> Jackson prosecution pretty much left the Federal Prosecutors as the
> lone rangers who seldom fail at these various sex crimes prosecutions.
> It would be their ability to win consistently and get people declared
> accesories that would change things.  I don't think that ios going to
> happen.
>
> Note I won't extend this because it is already longer and more
> convoluted than I intended it. I am going to kind of shut up now
> because this is sort of the state of knowledge and practice as I am
> aware of it. Again if someone knows about these things in other legal
> systems or has any insights into the attempts to stop people using
> encryption I would like to hear it.
>
> Have Fun,
> Sends Steve
>
> P.S. If anyone finds interesting cases or precedents I would like to
> hear of them. All that stuff of knowing the cases that set precedent
> like one knows good novels one has read or movies one has watched that
> made a tatement has finally began to sink in. It took a long time and
> a lot of reading but I now know why they quoted things involving
> Youngstown Tool and Die cases in Constitution Rights cases.;)
>
> Have Fun,
> Sends Steve
>
> P.S. Note I have bcc'd many recipients in case they aren't on the list
> and trying to keep the email to have get moderator approval...
>
>
>
> ________________________________
>
>       From: full-disclosure-bounces () lists grok org uk
> [mailto:full-disclosure-bounces () lists grok org uk] On Behalf
> Of Steve Kudlak
>       Sent: Sunday, September 04, 2005 1:45 AM
>       To: dave kleiman
>       Cc: 'Craig, Tobin (OIG)'; echow () videotron ca;
> 'Sadler,Connie'; jbeauford () EightInOnePet com;
> 'Full-Disclosure'; security-basics () securityfocus com
>       Subject: Re: [Full-disclosure] RE: Computer forensics
> to uncover illegalinternet use
>
>
>       dave kleiman wrote:
>
>               Steve,
>
>               Inline..
>
>
>
>                       Hate to play alwyer here but doesn't
> all of this get shot down by 3rd
>                       Circuit Federal Court of Appeals
> decisions regarding the FBI's
>                       Innocent Images project?  It basicly
> shot down the concept of  "you
>                       clicked on a chold porn link therefore
> you're guilty."
>
>
>
>               Well that applies to when it is determined that
> it was innocent.  This could
>               be via pop-up, trojan, or maleware of some kind.
>
>
>
>
>
>                       This is all enshired in Federal
>                       Cases. No one must admit that a good
> prosecutor can indioct a  ham
>                       sandwich and all that. But overall that
> doesn't happen.
>                       Now Federal Prosecutors and
> Investigations staffs are very  good at
>                       sort of getting warrants and raiding
> someone's house  or business and
>                       going thru everything. But if the
> person  doesn't scare and cop to
>                       something they never did, then  federal
> prosecutors generally have to
>                       back off in cases where  it is just
> things accumulating on disks etc.
>
>
>
>               Well they do not usually prosecute ham
> sandwiches, BLT's maybe.
>
>               I love how everyone is quick to say things just
> magically accumulated on
>               their H/D.  However, they tend not back of when
> a file structure is found
>               with hundreds of images, often burned to CD's.
>
>
>
>                       Futhermore in
>                       states with a high privacy expectation
> like California there is a good
>                       reason to say "We don't go through our
> customers data looking for
>                       things out of the ordinary". One might
> argue it to be different it
>                       were one's employees. However if you
> are offering a primo privacy
>                       service then you can legitimately scrub
> disks as a part of the biz
>                       plan.
>
>
>
>               Well that may be, of course you missed the
> beginning of these threads, where
>               Mr. Combs suggested after discovering
> contraband on and employees H/D, to
>               make a copy of it take the copy to the
> companies attorney. Wipe the original
>               and "best course of action is to purposefully
> falsify the record of the
>               company's response to the incident"
>
>               The full threads can be read here:
>
>
> http://seclists.org/lists/security-basics/2005/Sep/subject.html
>
> http://seclists.org/lists/security-basics/2005/Aug/subject.html
>
>
>
>
>                       Much of Law Enforcement and theiir
> Public Providers of services
>                       depends on scaring people and
> businesses into good behavior when it is
>                       neither necessary or ethical. My
> suspicion is that one can ignore this
>                       tactic if one wishes as one is
> reasonably careful.. I am sure that
>                       people will be offereing  "Computer
> Forensics Services" to find the
>                       scary things on your compnys disks for
> $500 a pop but no good reason
>                       one has to engage in such silliness.
>
>
>
>
>               Yes that crazy scaring people into good
> behavior....... Oh wait that is
>               right only reasonably prudent people follow the
> law, criminals tend to not
>               care if there is law against something, they
> are not scared into not
>               committing crimes, that is why they are criminals.
>
>               Kind of like the lawlessness that is occurring
> in the situation you
>               mentioned below.  Some people would say that
> the devastation has turned
>               these people into criminals. Although, the
> reality is the people committing
>               the crimes are the same ones that were
> committing them before the
>               devastation.
>
>
>
>                       Excuse my flipness. I just got through
> friends caught up in this call
>                       people stranded and alone by the
> hurricane in the SOuthland and all
>                       these other things do ring silly right now.
>
>
>
>
>               Regards,
>
>               Dave
>
>
>
>
>
>       For a long time I sysop'd an open system, I dunno how
> much time I ended up deleteing "girl with vaccum cleaner"
> pictures. This is getting weirder and weirder because with
> photoshop people can create things that do not exist in real
> reality. Of course you have really funny things like this one
> image that was from Japanese advertizing. They had a 10 year
> girl with this incredibly large pretty phallic looking squirt
> gun which she was squirting with a look of bliss on her face.
> It was pretty funny. It was funny how when showed this image
> it became a "cynicism filter". People would divide into the
> group that thought this was completely enmgineerd from the
> get-go and those who thought it was just some werid thing
> that came out and no one noticed it, or that it was the
> product of the fact that much of  Japanese Culture doesn't
> quite go looking for all possible suggestive variants.  It
> really became a filter.
>
>       Now my suspicion about people in the US Southland is
> that it is a bit of opppurtunism in the face of despair and
> the feeling that "whitey has been shitting on us for
> centuries". Me being on the North American  West Coast
> doesn't notice that because there were no slave quarters and
> slave markets in California, Washington, Oregon, British
> Columbia and we are apt to think a "quadroon" is a small gold
> coin that would be nice to find in one's progentitors coin
> collection. I don't think it is because there is just a
> massive criminal element hidden from us. Now some of the
> behavior sounded like what I found in my tenure at a small
> residential hotel. From the last week of the month to the
> first week of the next month a number of curious items would
> end up for sale. It was always curious to imagine where these
> items came from, some were legitimatgely obtained, others
> probably not. There was always an argument among the low rent
> district types that universally almost always aligned as
> "crazy white guys accusing mexicans of shop lifting and
> reselling, whereas many of the items they had could be seen
> as coming from equally questionable sources.
>
>       Now if one talks to Federal Proscutors they will tell
> you that they feel comfortable with their "Vacuum Cleaner"
> approach. They feel if they do go and get everyone
> questionables stuff and go through it, then one will be able
> to determine how many folks had thing accumulating on their
> disk and how many actively collected it etc. Now
> interestingly with the Third Circuit's Decision which is
> close to rock solid at this point in precdent, people like
> journalists would sort of get wide descretion especially if
> they were working on stories and doing investigations etc.
>
>       Two other things come in here. In both the US Ninth
> Circuit and Upper Level Courts of British Columbia it has
> been held that one can not commit crimes against "virtual
> children" or "animated descriptions of children etc".  This
> means the general belief in liberal democracies that "thought
> crimes" are questionable is beginning to be enshired in code
> and precedent. I am pretty sure this is well embedded in
> North American Culture and is apt not to go away even with
> the idea, darfe I say spectre two very conservative
> reversalist judges on the Supreme Court. Note I have not had
> time to study how things work in the EU or even Australia.
>
>       Now technoculturally want this may eventually provoke
> is the use of high grade encryption by more people. Right now
> I know even artists who hqave become more technologically
> saavy and who encrypt things even when legal code is on their
> side overall. In the 1970s and 1980s there were a number of
> legal razzlements of artists who used their children as nude
> models no matter how innocent. This went too far and
> eventaully what got established is the concept that "simple
> nudity is not obscene".  It is interesting because artists
> are not usually seen as users or consumers of secuiity
> products and things like encryption.
>
>       Anyway this is all very interesting and we do live in
> interesting times. So it will be interesting to see how this
> will go and whether the bizness idea of trying to safe from
> all possible wrongdoing or perceived wrongdoing will win out
> overall. I know lots of vendors and security consultants have
> been hoping that "porn protection" would turn into a
> lucerative field but so far it doesn't compare to virus and
> malware protection.
>
>       Interestingly in artist circles the whole imaging thing
> has turned into "sousveillence" and artists have been having
> way too much fun turning the cameras back on the people who
> usually use them.  It is interesting that people like Sudo
> Chiles House who was one of the first people to install a
> "cam" which in her case was a 35mm camera that took pictures
> regularly of her bedroom is all buit forgotten in the modern
> installatiion of cams in various public and private spaces.
> Note the UK and places in Florida have been very much into
> the "you are being watched" theory of crime control. I also
> have heard tales of  "spy camera destroyers" who have been
> running around spray painting cameras but I think that is not
> widespread at this point.  Hmmm, indeed these are interesting
> times. whether it is a blessing or a curse is an open question.
>
>       Have Fun,
>       Sends Steve
>
>
>
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/