<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Chuck Fullerton wrote:
<blockquote cite="mid200509041405.j84E5pCM004925@ylpvm07.prodigy.net"
type="cite">
<meta http-equiv="Content-Type" content="text/html; ">
<meta content="MSHTML 6.00.2900.2722" name="GENERATOR">
<div align="left" dir="ltr"><span class="000330314-04092005"><font
color="#0000ff" face="Arial" size="2">All,</font></span></div>
<div align="left" dir="ltr"><span class="000330314-04092005"></span> </div>
<div align="left" dir="ltr"><span class="000330314-04092005"><font
color="#0000ff" face="Arial" size="2">I do find this like of
discussion very interesting. However, there has been so much
discussion that it's getting difficult to folllow. Therefore, I'd like
to make the following recommendation for future posts.</font></span></div>
<div align="left" dir="ltr"><span class="000330314-04092005"></span> </div>
<div align="left" dir="ltr"><span class="000330314-04092005"><font
color="#0000ff" face="Arial" size="2">1. Minimize the text you to
which you are replying to the pertinent info.</font></span></div>
<div align="left" dir="ltr"><span class="000330314-04092005"><font
color="#0000ff" face="Arial" size="2">2. Everyone use the same method
of replying.. (i.e. inline, top or bottom) I don't care which but
it's really getting tough to follow.</font></span></div>
<div align="left" dir="ltr"><span class="000330314-04092005"><font
color="#0000ff" face="Arial" size="2">3. Keep the discussion going as
I'm really getting alot out of this. ;-)</font></span></div>
<div align="left" dir="ltr"><span class="000330314-04092005"></span> </div>
<div align="left" dir="ltr"><span class="000330314-04092005"><font
color="#0000ff" face="Arial" size="2">Sincerely,</font></span></div>
<div align="left" dir="ltr"><span class="000330314-04092005"></span> </div>
<div align="left" dir="ltr"><span class="000330314-04092005"><font
color="#0000ff" face="Arial" size="2">Chuck Fullerton</font></span></div>
<div align="left" dir="ltr"><span class="000330314-04092005"></span> </div>
<br>
</blockquote>
It is a pretty complex issue due to the questions raised. I'll try to
clip things a bit. It was hard to look at it in a simple manner because
it involves several interelated ares I tried to break it into the main
issues. Perhaps I should have tried to spell out my points a little
more clearly. But it gets down to the whole meat of all sorts of legal
things, like the questions of knowingfully and willfully doing
something proscribed. The attempts to seperate this from just
overlooking of something or the concerns of privacy. The interesting
thing for me was when someone brought up the concept of "virtual
children" as that was actually legally looked into.<br>
<br>
What I think would be really edifying is what things are like in other
legal systems such as the EU systems and world courts. I say this
because one of the big uses of electronic evidence in prosecutions has
been with the federal courts attempts to prosecute sex tourists and the
not quite underground in that area. By that I mean one can buy the
"Have Sex Fun in Asia" books on the secondary open market. <br>
<br>
My suspicion is there is convert attempt to push things into a more
interventionist stance in the hopes that things might be discovered.
The problem I see in states with extensive privacy like California is
how much one can go through a user's files without their leave. As far
as I can tell there has been no real legal precedent and prosecution on
the ideas of that say sysadmins are overlooking something.<br>
<br>
The really insteresting issue is whether the beginning of thread
question behavior was highly illegal because it involved destruction of
potential evidence. That means it would have to be pretty egregiously
say "child porn" and not just say soi disant 18 year olds who weren't.
Curious that the 18 as age of adulthood allows two precious years for
porn folks to say "Hot Teens" etc. and still be on the safe side.<br>
<br>
Now the other interesting thing and I am worrying I am making it more
complicated than it should be is the hope by some prosecutors that the
US would sign treaties the US might have to at least try to obey that
would accomplish what they want without getting it passed or having
legal precedent in the US. <br>
<br>
Note MI-6 tried this in reverse about another issue and it died a quiet
death. There is a site on the net run by a certain architect and he has
been a thorn in the side of MI-5 and MI-6 and "Gardie" (sorry can'r
remember real spelling) in Ireland(North and South). Due to the strong
First Amendment in the US it has been impossible to block publishing in
the US and on the Internet of this information which actually involved
pictures of Northern Ireland's Internal Police Folks that work in
terrorism supression. They were hoping a treaty would allow them to get
at the US publishers and that failed.<br>
<br>
Overall my suspicion is that overall this end-run technique will fail
in general. It is interesting because the failure of the Michael
Jackson prosecution pretty much left the Federal Prosecutors as the
lone rangers who seldom fail at these various sex crimes prosecutions.
It would be their ability to win consistently and get people declared
accesories that would change things. I don't think that ios going to
happen.<br>
<br>
Note I won't extend this because it is already longer and more
convoluted than I intended it. I am going to kind of shut up now
because this is sort of the state of knowledge and practice as I am
aware of it. Again if someone knows about these things in other legal
systems or has any insights into the attempts to stop people using
encryption I would like to hear it.<br>
<br>
Have Fun,<br>
Sends Steve<br>
<br>
P.S. If anyone finds interesting cases or precedents I would like to
hear of them. All that stuff of knowing the cases that set precedent
like one knows good novels one has read or movies one has watched that
made a tatement has finally began to sink in. It took a long time and a
lot of reading but I now know why they quoted things involving
Youngstown Tool and Die cases in Constitution Rights cases.;)<br>
<br>
Have Fun,<br>
Sends Steve<br>
<br>
P.S. Note I have bcc'd many recipients in case they aren't on the list
and trying to keep the email to have get moderator approval...<br>
<br>
<blockquote cite="mid200509041405.j84E5pCM004925@ylpvm07.prodigy.net"
type="cite">
<div class="OutlookMessageHeader" align="left" dir="ltr" lang="en-us">
<hr tabindex="-1"><font face="Tahoma" size="2"><b>From:</b>
<a class="moz-txt-link-abbreviated" href="mailto:full-disclosure-bounces@lists.grok.org.uk">full-disclosure-bounces@lists.grok.org.uk</a>
[<a class="moz-txt-link-freetext" href="mailto:full-disclosure-bounces@lists.grok.org.uk">mailto:full-disclosure-bounces@lists.grok.org.uk</a>] <b>On Behalf Of </b>Steve
Kudlak<br>
<b>Sent:</b> Sunday, September 04, 2005 1:45 AM<br>
<b>To:</b> dave kleiman<br>
<b>Cc:</b> 'Craig, Tobin (OIG)'; <a class="moz-txt-link-abbreviated" href="mailto:echow@videotron.ca">echow@videotron.ca</a>; 'Sadler,Connie';
<a class="moz-txt-link-abbreviated" href="mailto:jbeauford@EightInOnePet.com">jbeauford@EightInOnePet.com</a>; 'Full-Disclosure';
<a class="moz-txt-link-abbreviated" href="mailto:security-basics@securityfocus.com">security-basics@securityfocus.com</a><br>
<b>Subject:</b> Re: [Full-disclosure] RE: Computer forensics to
uncover illegalinternet use<br>
</font><br>
</div>
dave kleiman wrote:
<blockquote cite="mid200509040455.j844tDhR030996@ylpvm20.prodigy.net"
type="cite">
<pre wrap="">Steve,
Inline..
</pre>
<blockquote type="cite">
<pre wrap="">Hate to play alwyer here but doesn't all of this get shot down by 3rd
Circuit Federal Court of Appeals decisions regarding the FBI's
Innocent Images project? It basicly shot down the concept of "you
clicked on a chold porn link therefore you're guilty."
</pre>
</blockquote>
<pre wrap=""><!---->
Well that applies to when it is determined that it was innocent. This could
be via pop-up, trojan, or maleware of some kind.
</pre>
<blockquote type="cite">
<pre wrap="">This is all enshired in Federal
Cases. No one must admit that a good prosecutor can indioct a ham
sandwich and all that. But overall that doesn't happen.
Now Federal Prosecutors and Investigations staffs are very good at
sort of getting warrants and raiding someone's house or business and
going thru everything. But if the person doesn't scare and cop to
something they never did, then federal prosecutors generally have to
back off in cases where it is just things accumulating on disks etc.
</pre>
</blockquote>
<pre wrap=""><!---->
Well they do not usually prosecute ham sandwiches, BLT's maybe.
I love how everyone is quick to say things just magically accumulated on
their H/D. However, they tend not back of when a file structure is found
with hundreds of images, often burned to CD's.
</pre>
<blockquote type="cite">
<pre wrap="">Futhermore in
states with a high privacy expectation like California there is a good
reason to say "We don't go through our customers data looking for
things out of the ordinary". One might argue it to be different it
were one's employees. However if you are offering a primo privacy
service then you can legitimately scrub disks as a part of the biz
plan.
</pre>
</blockquote>
<pre wrap=""><!---->
Well that may be, of course you missed the beginning of these threads, where
Mr. Combs suggested after discovering contraband on and employees H/D, to
make a copy of it take the copy to the companies attorney. Wipe the original
and "best course of action is to purposefully falsify the record of the
company's response to the incident"
The full threads can be read here:
<a class="moz-txt-link-freetext"
href="http://seclists.org/lists/security-basics/2005/Sep/subject.html">http://seclists.org/lists/security-basics/2005/Sep/subject.html</a>
<a class="moz-txt-link-freetext"
href="http://seclists.org/lists/security-basics/2005/Aug/subject.html">http://seclists.org/lists/security-basics/2005/Aug/subject.html</a>
</pre>
<blockquote type="cite">
<pre wrap="">Much of Law Enforcement and theiir Public Providers of services
depends on scaring people and businesses into good behavior when it is
neither necessary or ethical. My suspicion is that one can ignore this
tactic if one wishes as one is reasonably careful.. I am sure that
people will be offereing "Computer Forensics Services" to find the
scary things on your compnys disks for $500 a pop but no good reason
one has to engage in such silliness.
</pre>
</blockquote>
<pre wrap=""><!---->
Yes that crazy scaring people into good behavior....... Oh wait that is
right only reasonably prudent people follow the law, criminals tend to not
care if there is law against something, they are not scared into not
committing crimes, that is why they are criminals.
Kind of like the lawlessness that is occurring in the situation you
mentioned below. Some people would say that the devastation has turned
these people into criminals. Although, the reality is the people committing
the crimes are the same ones that were committing them before the
devastation.
</pre>
<blockquote type="cite">
<pre wrap="">Excuse my flipness. I just got through friends caught up in this call
people stranded and alone by the hurricane in the SOuthland and all
these other things do ring silly right now.
</pre>
</blockquote>
<pre wrap=""><!---->
Regards,
Dave
</pre>
</blockquote>
For a long time I sysop'd an open system, I dunno how much time I ended
up deleteing "girl with vaccum cleaner" pictures. This is getting
weirder and weirder because with photoshop people can create things
that do not exist in real reality. Of course you have really funny
things like this one image that was from Japanese advertizing. They had
a 10 year girl with this incredibly large pretty phallic looking squirt
gun which she was squirting with a look of bliss on her face. It was
pretty funny. It was funny how when showed this image it became a
"cynicism filter". People would divide into the group that thought this
was completely enmgineerd from the get-go and those who thought it was
just some werid thing that came out and no one noticed it, or that it
was the product of the fact that much of Japanese Culture doesn't
quite go looking for all possible suggestive variants. It really
became a filter.<br>
<br>
Now my suspicion about people in the US Southland is that it is a bit
of opppurtunism in the face of despair and the feeling that "whitey has
been shitting on us for centuries". Me being on the North American
West Coast doesn't notice that because there were no slave quarters and
slave markets in California, Washington, Oregon, British Columbia and
we are apt to think a "quadroon" is a small gold coin that would be
nice to find in one's progentitors coin collection. I don't think it is
because there is just a massive criminal element hidden from us. Now
some of the behavior sounded like what I found in my tenure at a small
residential hotel. From the last week of the month to the first week of
the next month a number of curious items would end up for sale. It was
always curious to imagine where these items came from, some were
legitimatgely obtained, others probably not. There was always an
argument among the low rent district types that universally almost
always aligned as "crazy white guys accusing mexicans of shop lifting
and reselling, whereas many of the items they had could be seen as
coming from equally questionable sources. <br>
<br>
Now if one talks to Federal Proscutors they will tell you that they
feel comfortable with their "Vacuum Cleaner" approach. They feel if
they do go and get everyone questionables stuff and go through it, then
one will be able to determine how many folks had thing accumulating on
their disk and how many actively collected it etc. Now interestingly
with the Third Circuit's Decision which is close to rock solid at this
point in precdent, people like journalists would sort of get wide
descretion especially if they were working on stories and doing
investigations etc. <br>
<br>
Two other things come in here. In both the US Ninth Circuit and Upper
Level Courts of British Columbia it has been held that one can not
commit crimes against "virtual children" or "animated descriptions of
children etc". This means the general belief in liberal democracies
that "thought crimes" are questionable is beginning to be enshired in
code and precedent. I am pretty sure this is well embedded in North
American Culture and is apt not to go away even with the idea, darfe I
say spectre two very conservative reversalist judges on the Supreme
Court. Note I have not had time to study how things work in the EU or
even Australia. <br>
<br>
Now technoculturally want this may eventually provoke is the use of
high grade encryption by more people. Right now I know even artists who
hqave become more technologically saavy and who encrypt things even
when legal code is on their side overall. In the 1970s and 1980s there
were a number of legal razzlements of artists who used their children
as nude models no matter how innocent. This went too far and eventaully
what got established is the concept that "simple nudity is not
obscene". It is interesting because artists are not usually seen as
users or consumers of secuiity products and things like encryption.<br>
<br>
Anyway this is all very interesting and we do live in interesting
times. So it will be interesting to see how this will go and whether
the bizness idea of trying to safe from all possible wrongdoing or
perceived wrongdoing will win out overall. I know lots of vendors and
security consultants have been hoping that "porn protection" would turn
into a lucerative field but so far it doesn't compare to virus and
malware protection. <br>
<br>
Interestingly in artist circles the whole imaging thing has turned into
"sousveillence" and artists have been having way too much fun turning
the cameras back on the people who usually use them. It is interesting
that people like Sudo Chiles House who was one of the first people to
install a "cam" which in her case was a 35mm camera that took pictures
regularly of her bedroom is all buit forgotten in the modern
installatiion of cams in various public and private spaces. Note the UK
and places in Florida have been very much into the "you are being
watched" theory of crime control. I also have heard tales of "spy
camera destroyers" who have been running around spray painting cameras
but I think that is not widespread at this point. Hmmm, indeed these
are interesting times. whether it is a blessing or a curse is an open
question.<br>
<br>
Have Fun,<br>
Sends Steve<br>
<br>
<br>
</blockquote>
<br>
<br>
</body>
</html>