Interesting People mailing list archives
IP: proving guilt
From: Dave Farber <farber () cis upenn edu>
Date: Thu, 23 Dec 1999 05:52:40 -0500
Date: Wed, 15 Dec 1999 09:27:09 -0500 From: Russ <Russ.Cooper () rc on ca> Subject: Re: Melissa perpetrator faces five years in prison (RISKS-20.68) IMO, there many risks that the case against Mr. Smith for Melissa may bring to reality. 1. That a GUID may be accepted in court as a "signature" uniquely identifying a particular human being. At best the GUID is circumstantial, and it is far to easy to show GUIDs belonging to others (mistakenly or intentionally) resident on your machine. 2. That it may be accepted as possible to prove the route which a particular virus has traveled to get to the point where its deemed "in the wild", and presumably therefore actionable, solely on the basis of computer evidence. 2a. What is the crime? Making the virus, or releasing it "in the wild"? Surely making a virus is not a crime, so the test comes down to proving who released it "in the wild". Since that action must be done with intent, computer data alone, demonstrating that a particular file originated from a particular disk, still does not prove intent. If I were to co-opt Peter's machine and use it to send a virus to a Usenet list, should Peter be held liable for the damages of the virus? 2b. How is it proven? Computer data is malleable, and while Word documents may store revision information, and even information from RAM totally unrelated to the original document, it is possible that all of that information can be placed into another file either in addition to, or replacing, the 2nd document's original information. As such, its again circumstantial evidence of origin and even ownership. It is quite easy to villainize virus writers and infectors in the same way "two Arab men" were responsible for the Oklahoma bombing. An entire industry is available for testimony as to the damage suffered by Corporate America every day as a result of the actions of the few virus writers. The NIPC, and therefore the FBI, are desperate to show they have the savvy to catch Cyber-criminals and justify their stance and actions. IOWs, there's a significant weight against Mr. Smith if we allow prosecution testimony to go unchallenged for the vapor-thoughts it may well be. It must be shown that such conclusions, based solely on computer data, can easily be manufactured against anyone. I have thought long and hard about how it may be possible to prove an individual is guilty of a particular computer crime. A confession, today, could be given simply to garner the publicity and reap the benefits after the jail term is served (do you think any conference would not pay to have Mr. Smith talk after he was released, if he could speak intelligibly? ... book deals ... guest spots ...) Criminals used to take the rap and not talk in order to get the loot when they were released ...;-] Without another human being present during each of the steps required to release a virus into the wild with malicious or harmful intent, a conviction on circumstantial computer evidence would lead to many serious problems, IMO. If the above evidence, assuming its present and the basis of the case against Mr. Smith, is accepted in court and the jury finds its credible, it will be far too easy to convict innocent individuals of computer crimes in the future. Smith may well be guilty, and he is not my focus here. We must ensure that his conviction does not establish the wrong precedence's, lest we give the "enemy" the ammunition to get each and every one of us convicted of something, somewhere, based on the same quality of evidence. I remind you that I, like most of you, have not seen the evidence against Mr. Smith and this is based solely on the media reports about its content ... therefore, I may be totally off-base ... but the risk is real no matter. Russ - NTBugtraq Editor
Current thread:
- IP: proving guilt Dave Farber (Dec 23)