Attn. MPAA: There are much worse ways to copy movies than with a computer.

In 2007 prosecutors in Anchorage Alaska accused 34 year old stripper Mechele Linehan of plotting a murder based on the 1994 movie "The Last Seduction". Life so closely imitated art, said prosecutors, that they even tried to have the movie played for the jury.

Rockstar Games Grand Theft Auto

In 2008 a teenager confessed that he was trying to imitate scenes from the video game "Grand Theft Auto" when he robbed a murdered a taxicab driver in Bangkok Thailand. Movies like "The Deer Hunter" (1978) are even believed to have inspired several "copycat" suicides in the late 1970's and early 80's.

All of this may seem like fodder for censorship advocates, but that debate has largely come and gone in favor preserving the First Amendment's right to free speech. Wise as the framers of the U.S. Constitution may have been, few would accuse them of being clairvoyant. After all, who could have predicted the impact the Internet would some day have on both the precept of free speech and the concept of privacy?

Though many speak of the "right to privacy", it is not, at least as far as the U.S. Constitution is concerned, a right at all. It is, nonetheless, an ethos that has long been coveted by Americans, and is implicit in the Fourth Amendment's:

...right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures...

Of course, mention the term "search" to most people today, and it's far more likely to conjure thoughts of friends lists", home pages and e-books, than actual people, houses and papers. And while, in just the past few years, popular culture has come to embrace the sharing of intimate, private and personal details with virtual strangers, the desire to remain "secure" seems to be very much alive in the 21st Century. In fact, more than any other, the Fourth Amendment has played a central, albeit contested, role in the litigation of hi-tech criminal evidence.

I know what you watched last summer...

So, what does all this have to do with your Netflix queue? Though Americans, and many other people around the world, may be willing to voluntarily divulge personal information, either in trade for modern conveniences and services, or increasingly, for a sense of online significance, we're not quite as enthusiastic when it's taken from us and shared without any tangible return. It's no longer a secret that the monetary value of data has been pre-calculated into the return on investment (ROI) of so many of today's business models, but consumers still tend to expect a certain level of security. In recent years the bar has been set pretty low. Still, it may surprise many to learn that "anonymous" usage data can be deciphered into personally-identifiable intelligence, as proven by a pair of researchers at the University of Texas using what was thought to be anonymous user data provided to contestants in the three-year $1 million "Netflix Prize" to improve the site's recommendation results.

The UT's results brought both unwanted attention from the Federal Trade Commission and a lawsuit from a private firm, resulting in Netflix's decision last week to cancel a planned sequel to the prize awarded last year.

It's not hard to imagine how this sort of data could be exploited to peddle shoes to people who have rented all six seasons of "Sex in the City", or BestBuy ads targeted at fans of NBC's "Chuck".

Dreamworks Minority Report (2002)

It's no longer extraordinary to see similar data exploited in the process of investigating crimes either. Certainly the viewing interests and habits of the individuals mentioned above have been considered relevant discovery by law enforcement. In these cases, there's little, if anything, to decipher.  Anything that Netflix knows about you, your account, and your viewing habits, is subject to a warrant, and, with or without much imagination, could be incriminating. How many of us haven't seen a good fictional car case, a well-written murder plot, a scripted street-fight, or a perfectly executed crime? The consumption of such fiction could be hazardous to your defense, if it proceeds similar accusations.

Now, imagine the same evidence available to anyone, without a warrant, subpoena, or probable cause. Perhaps someone at the FTC had the movie "Minority Report" in their queue.

What do you call the sacrifice of one person's privacy in an attempt to save the privacy of over 1300? If you're a bank, you call it collateral damage.

When I was a kid I earned my first paycheck passing out fliers for a neighbor who was starting a pool cleaning business. With my first $13 in hand, my grandfather took me to the a bank in walking distance to my home, got me a tour of the vault from the branch manager, a neat pouch to hold all my coin, a full explanation of the principals of savings and loans, and helped me open my very first savings account. Believe it or not, back then, all my account information was stored on a double-sided index card behind the teller.

Today, things are much more complicated. Gone are the index cards and passbooks, most of the employees, tellers and branches, a good deal of the service, interest-bearing accounts with only $13 in them, and a lot of the customers' money. Today, it's all computerized, and most banks even attach various penalties to discourage human contact.

I know an awful lot about electronic data systems, but I don't pretend to fully understand how the modern banking system works. Sometimes, I think I do--from a mechanical (as opposed to financial) perspective. But then something convinces me that I don't. For instance, you know how every so often your bank emails its customers' names, addresses, Social Security numbers, and loan information to Gmail?

To be completely honest, I didn't know they did that either, until I found out recently that The Rocky Mountain Bank in Wyoming had sent 1,325 such records to the wrong Gmail account. (Mind you, most would have trouble imagining who could possibly be the right recipient.) Once the error was noticed, the bank attempted to contact the recipient to request immediate destruction of the email and its attachment. When the bank received no response, a request was made to Google for the recipient's identity. Citing its privacy policy, Google refused to provide the information requested, and the bank filed suit.

According to court documents:

"On August 12, 2009, Plaintiff received a request from one of its customers for Plaintiff to send certain loan statements to a third-party representative of that customer. That same day, an employee of Plaintiff attempted to send the requested information to the customer’s representative via email. The next day, Plaintiff discovered that its employee had inadvertently sent the email to the wrong Gmail email address. In addition, Plaintiff discovered that attached to the email was a file containing confidential customer information for 1,325 individual and business customer accounts for customers other than just the customer who requested information. The confidential information includes names, addresses, tax identification numbers, and loan information for each of the 1,325 customer accounts.

After learning of its inadvertent disclosure of confidential customer information, Plaintiff tried to recall the email without success. It then sent another email to the Gmail address, instructing the recipient to immediately delete the prior email and the attached file in its entirety without opening or reviewing it. Plaintiff also requested that the recipient contact Plaintiff to discuss his or her actions. The recipient has not responded to Plaintiff’s email."

Ironically, in a case that pits the privacy interests of innocent parties against each other, the protagonists of this story had some privacy concerns of their own. The Bank's lawyers attempted to file their suit under seal -- which was denied by the U.S. District Court. Though not mentioned in the court's ruling on this issue, most states have security breach notification laws that require disclosure of any records that may have gotten into the hands of unauthorized individuals. Wyoming does, indeed, have such a law (40-12-502. "Computer security breach; notice to affected persons"). It states:

"(a) An individual or commercial entity that conducts business in Wyoming and that owns or licenses computerized data that includes personal identifying information about a resident of Wyoming shall, when it becomes aware of a breach of the security of the system, conduct in good faith a reasonable and prompt investigation to determine the likelihood that personal identifying information has been or will be misused. If the investigation determines that the misuse of personal identifying information about a Wyoming resident has occurred or is reasonably likely to occur, the individual or the commercial entity shall give notice as soon as possible to the affected Wyoming resident."

While the bank was compounding errors by ignoring its obligations to its customers and state law, their case against Google was being reviewed by another judge who ordered Google to disable the account, and disclose the recipient's identity.

The Rocky Mountain Bank maintains that it contacted the recipient more than once and requested that the individual respond to requests to "discuss his or her actions". The implication is that, had the recipient responded, this whole matter could have been handled amicably and honorably -- among gentlemen, as it were. I wonder if, from the perspective of the bank, its customers, or even the email recipient, a "discussion" would have really sufficed. I know, as a bank customer, John Doe's word that he had deleted all my personal information from his Gmail account wouldn't satisfy me at all. If I were in charge of bank security, I don't think I'd be very satisfied either. In either case, I suppose I would be demanding proof that had been deleted, never copied, forwarded, or printed, and probably some kind of connotative memory-wipe.

Years ago, I was consulted by a judge after a District Attorney's office "accidentally" obtained access to a defense lawyer's hard drive (quotes inserted to cite the provided explanation, not my personal feelings about the explanation). The negotiated remedy and order was an extensive forensic search of the DA's hard drives, and a complete wipe of their contents -- even when the search turned up no conclusive evidence that the DA had ever examined any privileged materials. But I doubt any accidental recipient would agree to that -- especially a civilian. And why should they?

Of course, no one knows, at this point, if the recipient ever saw the message. Many reading this web site would likely have dismissed it, and any subsequent messages from the bank as a phishing scam. The Rocky Mountain Bank even has a link to an oddly nondescript PDF addressing the subject of phishing scams.

There's really no reason to believe that the bank ever considered litigation to be an entirely avoidable option, no matter how cooperative the recipient might have been. Nor am I convinced that the court's decision has provided any comfort to the individual's who's privacy has been sacrificed -- including the one who's email account has been disabled, and personal information shared with a bank that's already demonstrated that they can't be trusted with the information.

So, if suing Google won't assure its customers' privacy and financial security, what should the bank have done? That's an easy one. Ask any programmer. They'll tell you: The only way to fix a 1D10T error is to upgrade your wetware and reboot.

How Twitter says they'll hide your location from twits with subpoenas.

Recently, Twitter announced that they would be adding geolocation features to their service, allowing users to embed their physical location in their Twitter feed. As not to alarm: Twitter has always maintained that this would be an opt-in feature. But, frankly, any web site you visit is privy to some information about your physical location by virtue of the IP address assigned to your computer by your Internet Service Provider (ISP) from a group of IP addresses reserved for your neighborhood. The logs kept by a web server, combined with a subpoena to the appropriate ISP, usually yield a street address for the subscriber assigned that IP address.

SmarterWare's Gina Trapani (formerly of Lifehacker.com) is attending the Twitter Conference in LA. She's posted updates explaining how Twitter plans to deploy this service and how they intend to protect its Twitter geolocation users from subpoenas. According to Gina, "Twitter will scrub geo-data stored in tweets more than 14 days old to avoid getting subpoena’d about a user’s location in the past. They will outright delete the location information from their database, not just anonymize."

She also reports that while,

"Twitter usually encourages developers and applications to cache data, in the case of geo, they recommend dropping historical location data so that application developers don’t become a subpoena target, either. They also recommend 'fuzzing' location and time data, so that instead of knowing that Joe Smith was at 8th avenue and 15th street at 2:11PM Eastern time on March 7, 2008, you only show that Joe was in Brooklyn on that day. The geodata-scrubbing isn’t a permanent solution. They are looking into ways to store this data in a 'safe' (anonymized?) way in the future, so they won’t always scrub +14 day old data, just at first."

Purging data that isn't mission critical, but likely to be subpoenaed makes a lot of sense. After all, no one writes "Satisfy search warrants in a timely, efficient, and effective manner" into their corporate mission statement.

While I'm convinced that Twitter's motivation is for the sanctity of the corporation, rather than its user-base, it is a step in the right direction. In fact, the direction is so right that one has to wonder why all personally identifiable user data isn't "scrubbed" every 14 days from most online services. Of course, Twitter's raison d'être, is -- among other things -- to give it's user's messages some life and legacy. It's likely that most of those users would also like to take credit for their various flashes of 140 character brilliance.

Not so, however, every time an individual fires off an instant message (IM), or searches Google. Most instant messaging services, for instance, don't store messages after they are sent, but they do store the sender and recipient's IP addresses, with their account information, and the time they logged in. While Google relies on demographic data, such as geography, income, and search interests, in order to sell ads, it doesn't need to be personally attributable to me. Companies like Google, Yahoo!, Facebook, MySpace and AOL are not in the subpoena response business. But, all of these companies employ subpoena compliance personnel, who add to the cost of doing business, but contribute nothing to the bottom-line. Worse yet, where nearly every individual in these companies, in some way, does something, either directly or indirectly, to add to the end-user experience, subpoena compliance often works in direct opposition to that objective.

As many companies learn when they're sued, subpoena compliance is often so expensive that it's cheaper to settle. A company can't be forced to produce what they don't have. And, with some significant exceptions, a company can't be forced to archive what they don't need.

By the way, I'm not just an end-user of all the services listed above, I'm also one of the twits writing the subpoenas.

One body. One suspect. Two theories. A laptop. A birdcage. A bloody crime scene. Two trials. Two hung juries. No convictions. One unsolved mystery.

From Investigation Discovery:

"When a beloved music professor -- David Stagg -- discovers the dead body of his long-time partner, Bill Jennings, he claims he's walked into the aftermath of a tragic suicide. But as investigators descend on the scene, they immediately realize that this reported suicide is clearly a homicide. Is it possible the professor is behind this vicious crime, or has he been falsely accused? The forensic experts on each side battle it out. Which side will you agree with?" (60 min. - First aired 9/14/2009 on Investigation Discovery / Discovery ID's "Forensics: You Decide)

Suicide letter, or coverup?

Friends from the couple's active social group were in total disbelief. Few could imagine David Stagg involved in the murder of his long-time partner. Forensic evidence was inconclusive. Though blood evidence was found throughout the crime scene, no blood or defensive wounds could be found on David Stagg. An unknown set of fingerprints were found at the scene. Computer evidence from Jennings' laptop showed--at least from Jennings' perspective--a tumultuous relationship. But, enough to justify a motive for murder?

There were also a series of suicidal emails and typed letters left by Jennings that charted a history of both love for Stagg, and deep emotional turmoil. And, one final letter--typed on April 24, 2004, the night of the murder--would become one of the most contested pieces of evidence that two juries would have to consider.

On one thing, both sides agreed: Bill Jennings did not take his own life.

The embedded four-minute clip above is edited from the one-hour Investigation Discovery episode dedicated to the Bill Jennings murder, investigations, and trials.

I have worked for both attorneys, Tom Bath and Scott Toth, had many encounters with the Johnson County Crime Lab and the Heart of America's Regional Computer Forensics Laboratory (HARCFL), and kept in contact with other experts from both sides. This case demonstrates that, even when some of the best experts from the most highly technical fields agree on the evidence, it still may not be enough to tell a jury who's responsible.

My entire interview was shot early in the morning on February 28, 2009 in Las Vegas, NV. I was scheduled to meet the crew in Los Angeles the day after I finished a trial in Vegas. The trial ran so long that I missed my return flight and needed to come back to court first thing the next morning. I purchased a razor and a toothbrush on the way to my hotel, and steamed my suit in my shower at the Golden Nugget. The crew from Siren's Media was, coincidentally, in Las Vegas on the 27th interviewing someone else, and seemed overjoyed to stay a little longer.

The B-roll was "reenacted" in the wee hours of the morning before the court opened, in the server room of a client's law office, across the street from the Clark County Regional Justice Center. (No, that is not actual work product in the background.) The interview was shot first--in a quiet space about the size of a walk-in closet. My client--who asked to remain nameless--was kind enough to send someone to let us in before office hours.

In the "credit where credit is due" department: The video was captured to a thumb-drive from live television using a $99 stand-alone Pinnacle Video Capture device. It was edited using Avidemux a free open-source video editing program that I highly recommend. The entire process took about an hour and a half in a coffee shop, from raw MP4 video to YouTube upload.

You probably won't find much sympathy for Elane Cioni. A mistress scorned, she's been convicted of hacking into the email account of her former-boss, the man with whom she was having an affair, and then his wife, his other girlfriends, and even his kids. (I suppose, that doesn't engender much sympathy for her main-target either.) But, you might be surprised to find out Cioni's not a very good hacker.

You might also be surprised to learn that there's a market for professional hacking and, similar to many legitimate professions, the jobs are going offshore. When it comes to password hacking, those who can, do. Those who can't, outsource. When Cioni wanted back into her boyfriend's life she turned to one of an increasing number of web sites with offers like this:

"Need to monitor your Child? Your Spouse? Your Boyfriend/Girlfriend? We Hack Passwords for $100 USD. We Crack all major web based emails. This include Hotmail, Yahoo! AOL and Gmail. We Provide Proofs Before payment."

Passwords for $100

One particular web site even states: "This unique service is 100% legal".

The Washington Post conducted an interview with the FBI to find out why these services remain online. "The FBI is aware of these illegal services," spokesman Paul Bresson said, "and we have been successful in the past in identifying criminal activity and working with prosecutors to bring indictments. Users of these services should know that just because a product is marketed on the Internet doesn't mean it's legal."

While Cioni had an agenda, the same password could have granted her access to her victims' bank accounts, insurance policies--access to practically any service that allows individuals to "log in". Once access has been gained, she could have reassigned passwords, and even rerouted email communications, effectively allowing her to assume the individual's identities. Fortunately, that wasn't her agenda. But, it's unknown how many of the nation's tens-of-millions of identity theft victims had their passwords purchased.

Making a case against Cioni wasn't very difficult. Of course, it helped that she mentioned things to her boyfriend that only someone who would have read his email would have known.  And, she used her own PayPal account to pay for the password hacking service. In case that wasn't enough, IP address records were subpoenaed from her Internet Service Provider (ISP), and her computer was searched to find fragments of her targets' email cached to her hard drive.

Then again, Elane Cioni is not a very good hacker.

You can listen to below an NPR interview on this topic, and hear more about this story:

Washington Post (http://www.washingtonpost.com/wp-dyn/content/article/2009/09/06/AR2009090602238.html)

Source: Wikipedia

In a match between Bird-brain vs. broadband, you might be surprised to see who wins.

An old friend of mine pointed out what sounded like an interesting story out of South Africa. Tired of slow download speeds, a South African call center pitted a racing pigeon against Telkom South Africa Ltd.’s ADSL data service to see which could move a 4GB file faster. In total it took just under three hours for the bird to fly approximately 50 miles--about 30 times faster than the ADSL service, which had only downloaded 4% of the file in the same time.

I'm afraid we're not really comparing apapane to apapane, or even apapane to ostriches. I doubt, for instance, that the pigeon would fair quite as well over, say, a 500 or 5000 mile "data run".

The experiment, however, raises what is perhaps a more relevant conclusion: You probably couldn't find a more secure method for moving data than via carrier pigeon. While all Internet traffic is subject to both warranted, and illicit intercept and monitoring at multiple gateways, routers, interconnection points, and hosts, one would be hard pressed to serve a warrant on--or even physically intercept--a carrier pigeon. Not to mention, even if they occasionally drop a "packet", it's hard to argue with their wireless range.

It's certainly something to think about.

Thanks Ron!

More at:

Bloomberg (http://www.bloomberg.com/apps/news?pid=20601116&sid=aB5JSWQt0XYY)

News.com.au (http://www.news.com.au/technology/story/0,28348,26053119-5014239,00.html)

It's sometimes hard to remember, but it wasn't that long ago that most carry-on's bypassed so much as an x-ray screening. Then came the obligatory laptop and shoe removal. And, eventually, the "drink 'em or lose 'em" rule, accompanied by the ever-perplexing debate over what constitutes a "liquid", and how many ounces of it you can carry through a TSA line.

(I once overheard a TSA agent explaining to a traveler that, "anything that can be liquefied is a liquid". I felt compelled to explain that, at the right temperature, the whole airplane could be liquefied--but kept my mouth shut, for fear of missing my flight.)

In recent months, some international travelers have been greeted with an indignity that makes the "patdown" look like a "fist-bump". In the past 10 months, over 1000 people had their laptop computers "detained" and subsequently searched. Most would assume that this was with probable cause, but, the DHS maintains that probable cause is not required for such a search.

What some might consider an electronic cavity search, became policy in 2008 when the Department of Homeland Security's U.S. Customs and Border Enforcement published their "Policy Regarding Border Search of Information" (July 16, 2008), which, among other things, allowed Custom's Agents broad discretion to detain "electronic devices, or copies thereof, for a reasonable period of time to perform a thorough border search." Though protocols were established for an "expeditious" response time by assisting agencies, no definition for "reasonable period" was provided.

The rationale cited for this policy, is described in its fourth paragraph, "Review of Information in the Course of Border Search":  "In the course of a border search, and absent individualized suspicion, officers can review and analyze the information transported by any individual attempting to enter, reenter, depart, pass through, or reside in the United States..." While, in the past, this objective could be met with a visual inspection, computers, iPods, smart-phones, and the like, require complex procedures, software and hardware to preserve the integrity of the data being examined. Therefore, such a search is typically conducted in a laboratory setting, and not something that cannot likely be accomplished during even the longest of layovers.

The DHS provides the following definition of a "detention":

"A detention occurs when CBP or ICE determines that the devices need to be kept for further examination to determine if there is probable cause to seize as evidence of a crime and/or for forfeiture. This is a temporary detention of the device during an ongoing border search. Many factors may result in a detention, for example, time constraints due to connecting flights, the large volume of information to be examined, the need to use off-site tools and expertise during the search (e.g., an ICE forensic lab), or the need for translation or other specialized services to understand the information on the device. In a detention, CBP or ICE will keep either the original device (e.g., the laptop) or an exact duplicate copy of the information stored on the device, so as to allow the traveler to proceed with the original device. Once the border search has concluded, the device will be returned to the traveler unless there is probable cause to seize the device. Any copies of the information in the possession of CBP or ICE will be destroyed unless retention of the information is necessary for law enforcement purposes and appropriate within CBP or ICE Privacy Act systems of records."

Effectively, a "detention" is a seizure without probable cause, followed by an unwarranted search. Fortunately, the CBP has taken measures to assure that it only retains information from "detained" devices that are consistent with probable cause, as outlined in Section D:

"Absent probable cause, CBP may only retain documents relating to immigration matters, consistent with the privacy and data protection standards of the system in which such information is retained."

And,

"Except as noted in this section, if after reviewing information, there exists no probable cause to seize the information, CBP will retain no copies of the information."

Which should make passengers a little less uncomfortable, if not a little less violated--were it not for the following:

"Officers may encounter information in documents or electronic devices that is in a foreign language and/or encrypted. To assist CBP in determining the meaning of such information, CBP may seek translation and/or decryption assistance  from other Federal agencies or entities."

The FBI could, for example, aid in this circumstance. But:

At the conclusion of the requested assistance, all information must be returned to CBP as expeditiously as possible. In addition, the assisting Federal agency or entity must certify to CBP that all copies of the information transferred to that agency or entity have been
destroyed... In the event that any original documents or devices are transmitted, they must not be destroyed; they are to be returned to CBP unless seized based on probable cause by the assisting agency.

And that, of course, reads like an invitation to convert a random search without probable cause from one agency, into a "line of sight" search by another.

Now, more than a year later, come new rules intended to preserve passengers' rights and insure domestic tranquility. On August 20, 2009 DHS Secretary Janet Napolitano announced new directives said to "strike the balance between respecting the civil liberties and privacy of all travelers while ensuring DHS can take the lawful actions necessary to secure our borders."

Unfortunately, the new rules won't change much, other than the definition of "reasonable period". According to a "Privacy Impact Assessment for the
Border Searches of Electronic Devices", published by the DHS:

"For CBP, the detention of devices ordinarily should not exceed five (5) days, unless extenuating circumstances exist."

Devices may, however, be released to Immigration and Customs Enforcement Agents for further examination.

"As federal criminal investigators, ICE Special Agents are empowered to make investigative decisions based on the particular facts and circumstances of each case... The ICE Directive requires that Special Agents complete the border search of any detained electronic device or information in a reasonable time, but typically no longer than 30 days, depending on the facts and circumstances of the particular search. The length of detention depends on several factors, but primarily the amount of information requiring review and the format of that information, which can greatly affect the amount of time necessary to complete a search."

What about sensitive, say attorney-client privileged or classified materials?

"Officers may encounter materials that appear to be legal in nature, or an individual may assert that certain information is protected by attorney-client or attorney work product privilege. Legal materials are not necessarily exempt from a border search, but they may be subject to the following special handling procedures: If an Officer suspects that the content of such a material may constitute evidence of a crime or otherwise pertain to a determination within the jurisdiction of CBP, the Officer must seek advice from the CBP Associate/Assistant Chief Counsel before conducting a search of the material..."

Of course, one would anticipate that many lawyers might carry "evidence of a crime", or multiple crimes, on their laptops. Though, quite honestly, I doubt that this is the intention, the ambiguity should not be taken lightly.

Effectively, little has changed, except perhaps the use of FedEx and UPS by people who really have something to hide.

USCBP: Policy Regarding Border Search of Information (2008) U.S. Customs and Border Protection Policy Regarding Border Search of Information (July 16, 2008) size: 160.67KB added: 31/08/2009 popularity: 1

USCBP: Inspection of Electronic Devices (Tearsheet) U.S. Customs & Border Protection: "Inspection of Electronic Devices". size: 39.52KB added: 31/08/2009 popularity: 0

USCBP: Border Search of Information (2009) U.S. Customs & Border Protection: Border Search of Information (August 20, 2009) size: 4.87MB added: 31/08/2009 popularity: 1

Privacy Impact Assessment for the Border Searches of Electronic Devices (2009) Department of Homeland Security Privacy Impact Assessment for the Border Searches of Electronic Devices (August 25, 2009) size: 5.64MB added: 31/08/2009 popularity: 2

ICE: Border Searches of Electronic Devices (2009) Immigration and Customs Enforcement Policy for Border Searches of Electronic Devices (August 18, 2009) size: 452.57KB added: 31/08/2009 popularity: 0

TrueCrypt Real-time on-the-fly industry-recognized encryption of entire hard drive, portion, or removable media. (FREE / Peer-Reviewed / Multi-OS) size: added: 01/09/2009 popularity: 110

In People v. Michael James Tecklenburg, (2009, 169 Cal. App.4th 1402) the California Court of Appeals considered the relevance and applicability of involuntary "pop-ups" and temporary Internet files (TIF or "cache") to the applicable statute. California's Penal Code section 311.11(a) makes it illegal to "knowingly posses or control" depictions defined as child pornography according to state law (P.C. 314, subd. d). The court specifically considered the variables required to establish "control".

In Tecklenburg, the court denied appeal based on the State's discovery having established the cumulative applicability of the following variables:

1. the user actively searched for child porn;
2. the user visited child porn web sites;
3. the user explored beyond the first page of said web sites;
4. the user clicked on images on, at least, one web site;
5. the images appeared and were accessed multiple times;
6. the user enlarged thumbnail images;
7. the images were “part of a series or collection”;
8. the size and format did not match that of a pop-up;
9. similar, and sometimes identical, images were found on both the user’s home and work computers.

While I don't agree with the entirety of the court's findings, nor am I comfortable that the court fully appreciates the non-standardized and ever-evolving nature of the Web, or the limitations of computer forensics, I do think that the decision itself serves as a good minimum benchmark, or litmus test, for both prosecution and defense in similar cases.

The items above serve to establish a means or mechanism more than motive, opportunity, identity, or proclivity. A complete prosecution should consider these elements as well as those above. The State would be well served to measure their discovery against these variables, and/or strive to meet them. At the same time, defendants would be well advised to measure their chances at trial against the established pre-conceptions of the court.

CA v. Tecklenburg, (2009) 169 Cal. App.4th 1402 (CA 311.11) "Knowing possession": The CA Court of Appeals outlines variables necessary to determine “control” of child pornography, as opposed a lesser-defined "possession" within an electric storage device. size: 2.16MB added: 29/08/2009 popularity: 4

Find more useful downloads HERE.

When searching a spreadsheet containing the drug test results of 104 professional baseball players federal prosecutors went too far, says the 9th U.S. Circuit Court of Appeals.

After lawfully executing a warrant on a Long Beach, CA drug testing lab for the test results of 10 players, agents uncovered a Microsoft Excel spreadsheet with results of every player that was tested in the program. The government argued that 94 of those results were in "plain sight".

In a 9-2 decision, the court ruled:

"The government should, in future warrant applications, forswear reliance on the plain view doctrine or any similar doctrine that would allow it to retain data to which it has gained access only because it was required to segregate seizable from non-seizable data. If the government doesn’t consent to such a waiver, the magistrate judge should order that the seizable and non-seizable data be separated by an independent third party under the supervision of the court, or deny the warrant altogether."

Citing US v. Hill, 322 F. Supp. 2d 1081 (C.D. Cal. 2004), Chief Judge Alex Kozinski, writing for the majority states the objective to,

"maintain the privacy of materials that are intermingled with seizable materials, and to avoid turning a limited search for particular information into a general search of office file systems and computer databases. If the government can’t be sure whether data may be concealed, compressed, erased or booby-trapped without carefully examining the contents of every file...then everything the government chooses to seize will, under this theory, automatically come into plain view. Since the government agents ultimately decide how much to actually take, this will create a powerful incentive for them to seize more rather than less: Why stop at the list of all baseball players when you can seize the entire Tracey Directory? Why just that directory and not the entire hard drive? Why just this computer and not the one in the next room and the next room after that? Can’t find the computer? Seize the Zip disks under the bed in the room where the computer once might have been."

Four players whose names also appeared in the seized spreadsheet were leaked to The New York Times. Alex Rodriguez, David Ortiz, Manny Ramirez and Sammie Sosa were not included in the search warrant, but Kozinski added, "those players suffered harm as a result of the government's seizure."

The decision crafts Miranda-style guidelines for prosecutors and judges to protect Fourth Amendment privacy rights while conducting computer searches.

I have participated in testimony to a similar effect, whereby courts have ruled that spouses cannot provide consent to search an entire hard drive when directories are clearly controlled by one individual. Likewise, I have been asked by the court, on many occasions to parse data applicable to a search warrant from a mountain of otherwise inadmissible data.

Although this decision only addresses computer hard drives, it clearly has long-reaching implications. After all, nearly every electronic device has become, or will become, computerized to some extent.

While the US government is considering its next move, I expect this may be a sign of things to come.