[LINK] Is police spyware in your computer??
Roger Clarke
Roger.Clarke at xamax.com.au
Fri Oct 2 14:32:12 AEST 2009
[At face value, this is a pretty disturbing report. It seems fairly
likely that it's full of misinformation from the source that fed it
to the reporter and/or misunderstandings by the reporter.]
Spy software, then police, swoop on child porn file sharers
Date: October 1 2009
The Sydney Morning Herald
John Silvester
http://www.smh.com.au/text/articles/2009/09/30/1253989955217.html
POLICE have secretly identified thousands of suspects who are
allegedly trading child pornography images through online networks.
Detectives expect to make hundreds of arrests, having used a
breakthrough software program to spy on files held in private
computers.
[Note "[a] program to spy on files held in private computers", most
readily interpreted as meaning software installed in those 'private
computers', aka spyware.]
Designed in the US to pinpoint computers holding known child
pornographic images, the software has been used in Queensland for six
months.
[Firstly, the use of "in Queensland" rather than "by Queensland
Police" is consistent with the interpretation that this is spyware,
rather than software installed on police devices.]
[Secondly, a reasonable interpolation would seem to be that the
spyware contains, or has access to, hashes of the file-content of
"known child pornographic images", and computes the same hash for
all, or at least some, files found on a device it is installed in,
and 'calls home' when it finds matches.]
Victorian police made their first arrest using the technology earlier
this month. A 60-year-old office worker, married with two adult
children, will be charged on summons with possessing and transmitting
child pornography.
[Note that it's charge by summons. So the seriousness of the charge
is apparently not sufficient to justify arrest, and opposition to
bail in expectation of a custodial sentence. (The fact is that these
crimes, when successfully prosecuted, typically result in suspended
sentences and/or community service).
[But the low seriousness of the charge is apparently sufficient to
justify breach of the security of devices used by suspects?]
Known in the US as Operation Fairplay, the method enables detectives
to identify the contents and images on computers without applying for
search warrants and without raiding suspects.
[Australian Parliaments have granted law enforcement agencies
extraordinary, extra-judicial powers, using the excuse of
post-September 2001 terrorism. Have those powers leaked across to
child porn??]
Detective Sergeant Peter Ravlich, from Brisbane's Taskforce Argos,
said his officers had made 40 arrests since investigators started
using the program in March. "It just doesn't make mistakes,'' he said.
[Ouch.
[Let's see now. In Queensland, is possession alone an offence, and
is mens rea - the intention to commit the criminal act - irrelevant?
There are a great many ways in which, and contexts within which, a
file can come to be on a device.]
In just two days, the team [are we back to the Victorian team now, or
still talking about the US or Queensland teams?] identified thousands
of computers in Victoria that hold child porn images. The computer
hits are then matched with Google maps to confirm locations.
[Um. Could we have some clarity about the way in which 'computers'
are identified, and how that is related to a geographical location?
Perhaps IP-address, and ISPs' records of the subscriber and premises
to whom the IP-address was allocated at the time? Google maps would
then represent a marginal advantage over a UBD.]
The imaging, seen by the Herald, covers a map in red dots, each
representing a suspect computer. One Melbourne suburb shows hundreds
of hits - and the CBD has thousands, indicating widespread abuse of
office networks.
[So the computer wasn't a suspect when the spyware was installed on
the device, but became one when the spyware 'called home'?]
[So Melbourne CBD doesn't contain the same density of flats as Sydney?]
[More importantly, the numbers of devices involved suggest that the
police may well have breached any requirement for 'reasonable grounds
for suspicion'. Have they been installing spyware willy-nilly??]
The suspects use technology similar to that used to share music files
between computers. One computer has more than 200 suspect share
files, of which 192 have been confirmed as holding illegal child porn
images. Police have seized computers with ''tens of thousands'' of
such images.
[Ah, the expression "technology similar to that used to share music
files between computers" raises the question as to whether there
really *is* spyware involved.
[Just suppose the police were using an *existing* P2P package, and
had searched for instances of "known child pornographic images", and
extracted the IP-addresses, and identified which ISP administers
them, and hit the ISPs with warrants for the subscriber and premises
information, and then went to that location. (Note that the
subscriber may not be a user of the device, and that there may be two
or more users of the device. Life wasn't meant to be easy, and
isn't).
[Subject to some provisos, people who are horrified by what's in this
article might not be particularly put out by this alternative modus
operandi, if that's what they actually did.]
The system effectively grades suspects - identifying "contact
offenders", those likely to molest children - by analysing the
material.
[That's also a serious worry. What material? And what criteria?]
The head of Victoria's sexual crimes squad, Detective Inspector Glen
Davies, said high-risk suspects will be targeted first and police
would raid houses where they feared children were at risk. The first
priority was to rescue potential victims.
[Note that the sole prosecution mentioned is a "60-year-old office
worker, married with two adult children" and he's "charged on
summons". Maybe the prioritisation of high-risk suspects starts
*next* week?]
[In short, the article is a disastrous piece of substandard
journalism that a broadsheet should be ashamed of releasing. Send
the kid back to school and teach him to ask questions, not publish
media releases.]
[Declaration: I've given expert evidence on matters of this kind,
and have been underwhelmed by the level of understanding of the
people involved, and by the evidence that has been claimed to prove
guilt.]
--
Roger Clarke http://www.rogerclarke.com/
Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au http://www.xamax.com.au/
Visiting Professor in the Cyberspace Law & Policy Centre Uni of NSW
Visiting Professor in Computer Science Australian National University
More information about the Link
mailing list