Print 14 comment(s) - last by GolobResearch.. on Nov 20 at 11:17 PM

If you chose to open your data to the public, it is "open and obvious" to law enforcement

In one episode of the long-running reality TV show cops, an officer approaches a person whose car is parked in the street.  The sleeping man awakens and the officer asks if he has taken drugs.  The man denies that of course.  And the cop asks him if he's sure, and says "Then what's that?"
The camera pans down, and sitting on his lap is a bag of powdered drugs.  The groggy suspect looks down and his face suddenly transforms into a look of shocked recollection as if to say "how did I forget THAT was there?"  "Oh SH-T!" he exclaims.
I. Open and Obvious for the Digital Age
This textbook example of open and obvious illustrates in the offline world the kinds of cases in which a police officer can search your property and person without warrant.
In the digital case, despite the mess of technically ignorant and overreaching laws, one bright point is that a relatively reasonably "open and obvious" analogy is being adopted for law enforcement.  Federal courts in the 11th Circuit, 10th Circuit, 8th Circuit, and now 2nd Circuit (namely, the U.S. District Court for the District of Vermont) have ruled that the Fourth Amendment protection against warrantless searches does not apply to digital content made publicly available by a suspect.

While cybercrime requires courts to develop a level of tech savvy, many principles of offline law enforcement can still be reasonably applied. [Image Source: TechieNews]

Namely, the case in question deals with Derek Thomas, Douglas Neale, and Stephan Leiker -- a trio that stands accused of sharing child pornography via publicly available torrents.
The lawyers for the defendants in the case sought a relatively creative, although questionable defense claiming that law enforcement officers' search violated their Fourth Amendment rights by inspecting "private" files on their clients' computers.  They asked a federal judge to suppress that evidence -- which in turn could allow the suppression other evidence potentially found after investigators obtained warrants based on the probable cause incited by these shared files.
II. Evidence is Admissible if Collected From Publicly Available Materials
In the end, the defense never quite explained how files made publicly available from torrents could constitute anything but an open and obvious piece of digital property.  Predictably District Court Judge Christina Reiss denied the motion ruling that the suspects had given up their right to privacy when they made their information publicly available to the internet.

District Judge Reiss
USDC Chief Judge Christina Reiss presides over her court. [Image Source: Burlington Freepress]

She writes:

Defendants conveyed certain information to the public when they used peer-to­-peer file sharing software and made certain files available for sharin

Because there is no evidence that law enforcement's use of automated software reached information on Defendants' computers that was not made available for sharing by the public, Defendants' motions to suppress on the basis of a warrantless search in violation of the Fourth Amendment must be DENIED.

The investigators used a piece of software by TLO plc dubbed the Child Protection System (CPS), which searches public torrent hosting sites for terms that might relate to child pornography.  Once a positive hit has been verified the tool investigates the site where the torrent was posted (as most major torrent sites like The Pirate Bay remove such links, child pornography torrents are typically hosted by individuals actively involved in criminal child pornography) and records the "IP address, the files' hash values, the actual file names, date and time of response, and other computer detail" according to a blog by Sophos plc.
BitTorrent is the world's most popular means of filesharing, with the death of older proprietary P2P networks (such as Limewire and Kazaa) due to legal issues.  BitTorrent is estimated to account for 3.35 percent of total global internet traffic and is used by over 150 million people.  Unfortunately, a small minority exploits the popular filesharing protocol to distribute abusive content, such as videos of murder, rape, or child abuse.

BitTorrent downloads are controlled by trackers which are downloaded along with other file metadata by a user.  This metadata typically includes the file's cryptographic hash (which uniquely identifies it) and a brief description, including keywords.

The investigators in the Vermont case used a piece of software by TLO plc dubbed the Child Protection System (CPS), which searches public torrent hosting sites for terms that might relate to child pornography.  The Judge in the case offers a fairly sound technical description of the tool, stating:

This software is designed to replace the searches that were previously done manually by law enforcement and the public. The software reports information that is discoverable by the general public using publicly available P2P software.

She rejected the defense's complaints that the tool was automated and proprietary as she pointed out that a manual search -- no matter how time-consuming -- would have yielded identical results.

III. Automated Tools are a Valid Means of Fighting Child Pornography

From a technical standpoint CPS and similar tools first scan large blocks of IPs or alternative crawl indexed lists of web addresses via indexed content sources like Google Inc.'s (GOOG) search.  When torrents are encountered, the metadata is inspected for the keyword terms denoting illegal content.  

Investigators then inspect the file to determine that it's indeed illegal content, not a false positive.  Once confirmed, the tool downloads the torrent and proceeds to ping the users listed by the tracker to see if they have a shared file mashing the hash, as per the standard BitTorrent protocol.  After collecting these IPs, the tool then logs off without downloading the file.

Be aware of what you share.  Sharing is caring, but if you share something publicly, you reveal that you possess that thing.  If that thing happens to be illegal, you may be in trouble. [Image Source: KSWP]

In this case each of the suspects was verified to be openly sharing files whose hash exactly matched the confirmed file depicting child pornography.  Subsequently search warrants were obtained and more child pornography was found on the suspects' computers.

The outcome is "the same as probably 50 other cases", according to John Wesley Hall, a criminal defense lawyer, who maintains the Fourth Amendment blog.  He notes:

The only thing that's surprising to me is that people still raise that issue. It's a settled issue beyond peradventure as far as I'm concerned.

IV. The Devil is in the Details -- So Tread Lightly

A couple of key points to note to put the ruling in context follow.

First, it's been established by some responsible, tech-literate federal judges that an internet protocol (IP) address does not uniquely identify a person or user.  If this were the only evidence against a plaintiff, then the defense would have a much stronger argument.  But unfortunately for the defense, their clients' seized computers contained pornographic files.  Barring signs of tampering, that's about as conclusive a law enforcement finding as can be.

Cybersecurity wide
While activity on an IP does not clearly imply guilt by  a specific person, it is a fair reason for probable cause. [Sen. Collins]

The distinction between initial suspicion and confirmation that the suspect has illegal materials is important as some law enforcement officers have behaved inexcusably during the warranted search phase in past cases, manhandling homeowners, only to finding the illegal content was downloaded by a cybersquatter who was piggybacking on their network.  In such cases, the warrant and search seemed reasonable, but the execution proved troubling, as the officers actions seemed indicative of a false assumption of guilt that was by no means justified by mere IP verification.
Some might say, "secure your networks", but it's important to remember that many forms of popular network encryption are easily crackable.  Thus it's inexcusable to assume that a user with an average degree of tech savvy can completely secure their wireless networks from advanced users.  That makes the "innocent until proven guilty" paradigm all the more important.
Second, there's a big difference between a public law enforcement entity collecting records of users who share criminal content and a private entity collecting information on users who share copyrighted content.  In the latter case the typical goals is to collect a list of internet subscribers to try to extort money from with threat letters.

RIAA police
There's a massive difference between responsible law enforcement and extortion schemes designed around unproven allegations of copyright infringement. [Image Source: Sodahead]

The latter tactics are highly questionable, as the private enforcement groups involved typically make little to no effort to verify that the person receiving the threats (the network owner) actually engaged in the content.  Further they almost never (save for a few rare occurrences) take their targets to court, so there's no real due process.
Further, such efforts often operate under the false premise that making available is akin to sharing.  Making available simply means you have the content.  The Vermont case gets this correct, as the men were charged with the possession of child pornography.  If a file is illegal, often you shouldn't be in possession of it.  
But the offense is possessing the file, not sharing it as it's impossible to determine in most cases whether a user's data was access via filesharing, much less how many users a certain user ultimately shared pieces of a file with.  As copyright extortion typically focuses on the act of sharing to balloon the amount of damages is sought, it's typically founded on a fallacious and technically ignorant premise.
Last, but not least there is clearly a distinction between encrypted, unshared data -- which is not open or obvious -- and unencrypted, publicly shared data.  Hopefully law enforcement and the courts recognize and respect that distinction.

Sources: Fourth Amendment, ComputerWorld, Naked Security

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

Netherland based usenet provider
By ipay on 11/14/13, Rating: 0
RE: Netherland based usenet provider
By BioHazardous on 11/14/2013 11:32:18 AM , Rating: 1
Or perhaps because it's not available and you're going to buy it when it is available. Downton Abbey is a good example, as it's aired in the UK already, and we're stuck here in the US to wait to watch it. It airs for free on PBS. If they would just air it the same dates in the US as they do in the UK, there would be no issue at all, but they don't.

RE: Netherland based usenet provider
By ipay on 11/14/2013 12:43:13 PM , Rating: 2
Top Gear UK is another example. When we get it here it is not the full episode since it is cut for commercials on BBC America.

The ethics of that is debatable, but that's not the main point: why risk the exposure that comes with P2P?

RE: Netherland based usenet provider
By hughlle on 11/14/2013 2:58:33 PM , Rating: 2
I have often used P2P as a result of the number of times i've bought something to find it a load of crap. So these days i tend to give it a try before i feel it's worth handing my hard earned money over for. Take Ghosts and BF4 as examples. I'd feel pretty damned angry if i'd wasted my money on those two, so i'm very glad i gave it a go for free to learn that they were a waste of my time.

By Reclaimer77 on 11/14/2013 5:37:10 PM , Rating: 2
Shhhhh. First rule of Dutch usenet service is - you know the rest :)

So My Mail Is Public Too?
By bitmover461 on 11/15/2013 9:27:03 AM , Rating: 2
Let's use a postal analogy. I write a letter (document) and put it in an envelope (encryption), and address it to the person I intend it for (private key exchange). Using the above judge's reasoning, my mail is subject to be opened by the government because I sent it through a public pathway (USPS).

RE: So My Mail Is Public Too?
By JasonMick (blog) on 11/15/2013 2:31:05 PM , Rating: 2
Let's use a postal analogy. I write a letter (document) and put it in an envelope (encryption), and address it to the person I intend it for (private key exchange). Using the above judge's reasoning, my mail is subject to be opened by the government because I sent it through a public pathway (USPS).
Your analogy is flawed. Your data sent over the network is perhaps a letter, but this did not use packet inspection. Rather it examined a tracker. This would be like if a copy searches a criminal and finds an address book of "drug sources" and the cops right you a letter asking if you have drugs (asking your machine if it has the hashed file in question, which the tracker thinks it has). If your machine writes the feds back "Yes" then yea you're going to be in legal trouble -- duh.

If you do this, you've allowed your computer to communicate with the feds (and anyone else, for that matter) and tell them you have illegal materials.

Again this is NOT a case about packet inspection. It's about using publicly shared trackers and querying publicly accessible machines which openly announce themselves and are listed in the tracker.

If you willfully public announce what data lives at your address (your machine) and some of that data is criminal, you only have yourself to blame for future legal trouble.

RE: So My Mail Is Public Too?
By Totally on 11/16/2013 9:51:00 PM , Rating: 2
No his analogy isn't flawed just incomplete, the intended person/recipient was a fedex kinkos that prints a copy for anyone that requests one. One such request came from an undesired party(the cops), who simply went after the person they found at the return address.

By HostileEffect on 11/14/2013 7:03:18 PM , Rating: 2
A no records kept VPN like BT guard and public WiFi seems to help maintains privacy... true crypt and pgp software for full drive encryption... its not like it slows your stuff down that much.

Another password is just inconvenient until you need it.

RE: anon
By lexluthermiester on 11/17/2013 8:02:48 PM , Rating: 2
Excellent points! Anyone NOT privatizing, IE encrypting through various means, their digital existence are fools. True Crypt and programs like it are much needed and can not be defeated easily[or at all in some cases].

In the case of whole drive encryption suites like True Crypt, passwording Windows accounts becomes superfluous as the entire drive/partition itself is password protected. If more than one account is needed for children and guests, simple passwords are all that are needed in most cases.

By futrtrubl on 11/14/2013 5:59:21 PM , Rating: 2
Apple-Tracker should use this in their defence,

After all they just did automated harvesting of publicly available data same as here.

private tracker
By mmarianbv on 11/15/2013 3:09:02 AM , Rating: 2
what they will do in that case ?
i mean, they will make a difference between an user/pass site and a free one ?

By GolobResearch on 11/16/2013 10:26:32 PM , Rating: 2
"...[T]here is clearly a distinction between encrypted, unshared data -- which is not open or obvious -- and unencrypted, publicly shared data." Good point.

Nevertheless, consider further:
That any person has a "reasonable expectation of privacy" in regards to his/her encrypted data transmitted over the communications lines. This is contrary to the policies of Presidents Bush and Obama, who believes that any data transmitted over the communications lines is "public," without the protection of the Fourth Amendment to the U.S. Constitution.

By GolobResearch on 11/20/2013 11:17:14 PM , Rating: 2
In the U.S., SBC / AT&T, et al. collects data - both metadata and content - from 'Room 641A' in the SBC Communications Building in San Francisco (Ref: "Room 641A," Wikipedia), and from other similar facilities in the United States. Verizon and other companies, no doubt, are involved also.

When collecting the communications, both 'metadata' and 'content' are are being transmitted across communications lines together.

The act of filtering, scanning for key words, extracting content, etc. which contains metadata/content in bulk would be considered a 'search and seizure' and require a court issued search warrant.

A copy of the original communications can be diverted to two or more communications lines with an optical beam-splitter (on a fiber optics line) similar to the way a cable router transmits data to multiple destinations. One of the data transmissions then goes to the NSA, a contractor, or similar agency, where the copied data is processed, stored, and searched for specific content. Once the NSA or other agency has a copy of the bulk metadata/content, the agency searches the copied data for both foreign and domestic intelligence.

If the NSA finds information relating to a U.S. resident, it may forward such information to relevant law enforcement without notifying persons identified in the bulk collection of metadata/content communications. This is a very serious problem considering federal, state and local governments throughout the U.S. have access to personally identifiable information.

The diversion of data to the NSA, by any means, is illegal and unconstitutional without a search warrant since this violates Federal Statutes and violates the provisions of the Fourth Amendment to the United States Constitution.

Prior to the enactment of the Patriot Act, AT&T, et al. entered into an agreement to provide the U.S. Government with copies of the metadata/content combination it intercepts. This was and is illegal without a search warrant. Congress then protected AT&T and others and granted the telecommunications companies immunity from court action.

"Paying an extra $500 for a computer in this environment -- same piece of hardware -- paying $500 more to get a logo on it? I think that's a more challenging proposition for the average person than it used to be." -- Steve Ballmer

Copyright 2015 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki