Clive D. W. Feather | 1 Dec 08:52 2008

The Road to Damascus


Apparently the editor of the Daily Mail, following the arrest of an 
opposition front bench MP last week, has recanted on his support for ID 
cards and "if you have nothing to hide you have nothing to fear".

--

-- 
Clive D.W. Feather                       | Home: <clive@...>
Tel: +44 20 8495 6138 (work)             | Web:  <http://www.davros.org>
Fax: +44 870 051 9937                    | Work: <clive@...>
Please reply to the Reply-To address, which is:  <clive@...>

Roland Perry | 1 Dec 11:24 2008

Re: The Road to Damascus

In article <BgEMASDze5MJFws9@...>, Clive D. W.
Feather 
<clive@...> writes
>Apparently the editor of the Daily Mail, following the arrest of an 
>opposition front bench MP last week, has recanted on his support for ID 
>cards and "if you have nothing to hide you have nothing to fear".

One of the things that seems to upset the politicians who are 
investigated by the police, is the time it takes.

Lots of bleating about being held by the police for "9 hours" in this 
latest case. Similar complaints were heard when they were investigating 
"cash for honours".

(So even the innocent have something to fear: their day being 
interrupted, as well as their house turned upside down).

I don't blame the police for that - the same happens in most 
investigations. But I do wonder how many politicians realise the
day to day disruption to people's lives their laws often causes ?

ps It's a bit the same with ID cards. Perhaps most applications will go 
smoothly, but if it's like applying for your first passport (new rules 
requiring travelling to a special centre to have an interview) then 
it'll take at least half a day out of most people's lives, on top of the 
"cost" of £80 or whatever.
--

-- 
Roland Perry

(Continue reading)

David Hansen | 1 Dec 12:42 2008
Picon

Re: The Road to Damascus

On 1 Dec 2008 at 10:24, Roland Perry wrote:

> Lots of bleating about being held by the police for "9 hours" in this 
> latest case. Similar complaints were heard when they were investigating 
> "cash for honours".

I am in two minds about this. There does seem to be some special 
pleading by these bods, when what they should be doing is eliminating 
the relatively recent penchant for political policing which much of the 
police have eagerly taken on [1]. It does make me smile when MPs whine 
about things which they don't object to when it happens to "little 
people".

OTOH people do have an expectation that their communications with their 
MP will be private. However, this expectation is no more or less than 
with other people, such as a priest, lawyer and so on.

[1] the recent attempt by the police and Observer to smear 
environmental campaigners is an example. That followed the fine 
upstanding people going to the climate camp at Kingsnorth exposing the 
police as being highly political.
--

-- 
  David Hansen, Edinburgh 
 I will *always* explain revoked encryption keys, unless RIP prevents 
me   
http://www.opsi.gov.uk/acts/acts2000/00023--e.htm#54

Roland Perry | 1 Dec 14:18 2008

Re: The Road to Damascus

In article <4933CD8D.27025.F8A28C0@...>, David
Hansen 
<davidh@...> writes
>people do have an expectation that their communications with their
>MP will be private. However, this expectation is no more or less than
>with other people, such as a priest, lawyer and so on.

I wonder if this is regarded as "so obvious" that it's not actually 
enshrined in recent laws? [I don't have time to research this at the 
moment].

The crime allegedly committed recently seems to be along the lines of 
"soliciting a whistleblower". It would be useful to get the status of 
all these communications clarified.
--

-- 
Roland Perry

Peter Sommer | 1 Dec 12:46 2008

Re: BBC 'vague' reporting again!

Check out the following URL to see what is available:

http://www.guidancesoftware.com/products/fim_index.aspx

Encase is a very widely used product to preserve and examine computer 
media.    Normal investigation depends on seizing hard disks etc,  
preserving them correctly and then using the Encase software to recover 
and analyse the contents.   A few years ago Encase introduced a new 
product for deployment across corporate networks and which allowed all 
the facilities of the "local" product but remotely.  To make this work 
each computer that was to be subjected to remote inspection needed to 
have a "servelet" program installed.  Fuctionally there is no difference 
between a covert remote control trojan and a servelet.  In a corporate 
environment,  legalities are taken care of because the employee consents 
or consent is implied or the enquiry falls within the terms of the 
Telecommunications (Lawful Business Practice) (Interception of 
Communications) Regulations 2000 or something similar.

In a law enforcement situation in most countries police etc would 
require a warrant or other authorisation to seek to place a servelet on 
a suspect's machine.   But the same technology as is used in the 
corporate world works.  

Encase apparently only sell is Field Intelligence Model to law enforcement.

There is of course a big problem with this class of evidence.  The 
police have had access to the suspsect's computer and in a relatively 
uncontrolled and non-audited manner.   Some defendants are highly likely 
to suggest that any evidence in this way has been so contaminated as to 
be unusable.
(Continue reading)

David Hansen | 1 Dec 14:57 2008
Picon

Re: BBC 'vague' reporting again!

On 1 Dec 2008 at 11:46, Peter Sommer wrote:

> There is of course a big problem with this class of evidence.  The 
> police have had access to the suspsect's computer and in a relatively
> uncontrolled and non-audited manner.   Some defendants are highly likely
> to suggest that any evidence in this way has been so contaminated as to be
> unusable.

I would certainly point this out, if the police were to catch me:-)

We now know that "scientific" "evidence" is not as infallible as its 
proponents claimed (and the more ill-informed still claim). Computers 
are far simpler to plant false evidence on.

--

-- 
  David Hansen, Edinburgh 
 I will *always* explain revoked encryption keys, unless RIP prevents 
me   
http://www.opsi.gov.uk/acts/acts2000/00023--e.htm#54

Andrew Cormack | 1 Dec 16:09 2008
Picon

RE: BBC 'vague' reporting again!

If a Trojan of this kind counts as an interception (and something that
can read incoming and outgoing mail between me and my correspondents
certainly sounds like it) then presumably it couldn't be used as
evidence anyway under RIPA s.17?

Andrew

--
Andrew Cormack, Chief Regulatory Adviser
JANET(UK), Lumen House, Library Avenue, Harwell Science and Innovation
Campus, Didcot, OX11 0SG, UK
Phone: +44 (0) 1235 822302
Fax: +44 (0) 1235 822399

JANET, the UK's education and research network 

> -----Original Message-----
> From: ukcrypto-admin@... [mailto:ukcrypto-
> admin@...] On Behalf Of Peter Sommer
> Sent: 01 December 2008 11:46
> To: ukcrypto@...
> Subject: Re: BBC 'vague' reporting again!
> 
> Check out the following URL to see what is available:
> 
> http://www.guidancesoftware.com/products/fim_index.aspx
> 
> Encase is a very widely used product to preserve and examine
> computer
> media.    Normal investigation depends on seizing hard disks etc,
(Continue reading)

PeteM | 1 Dec 16:14 2008

Re: BBC 'vague' reporting again!

Paul Vigay wrote  on 1-12-08 11:13:
> 
> Just spotted this item on the BBC news -
> http://news.bbc.co.uk/1/hi/technology/7758127.stm where they claim "Remote
> searches of suspect computers will form part of an EU plan to tackle
> hi-tech crime."
> 
> They don't state how these 'remote searches' will work, but either they're
> assuming Windows has some backdoor in it, people are too stupid to
> configure an effective firewall, the BBC don't understand the technology
> involved or I've misread something in the story. :-)

Probably a combination of all four ... Windows certainly does have back 
doors, albeit mostly unintentional ones. And many people are incapable 
of configuring an effective firewall, although I wouldn't necessarily 
attribute that to stupidity.

The most frightening passage, for two reasons, is: "In particular the 
strategy aims to tackle the trade in images of children being sexually 
abused. In a statement outlining the strategy the EU claimed "half of 
all internet crime involves the production, distribution and sale of 
child pornography". " Firstly, anyone who really believes this can't be 
trusted even to straighten bananas and fill cheese lakes, let alone 
create a transcontinental secret police force. Second, it means that 
nobody will dare to object to their proposals, since that would be 
tantamount to confessing you're a practising paedophile.

--
Pete Mitchell

(Continue reading)

Peter Sommer | 1 Dec 16:37 2008

Re: BBC 'vague' reporting again!

Andrew Cormack wrote:
> If a Trojan of this kind counts as an interception (and something that
> can read incoming and outgoing mail between me and my correspondents
> certainly sounds like it) then presumably it couldn't be used as
> evidence anyway under RIPA s.17?
>
> Andrew
>   

Andrew:

The law in this area is both complex and relatively untested,  but here 
goes:

If the email has been delivered to the PC being remotely investigated 
then I think the argument would be that there is no interception so that 
s 17 RIPA would not apply (in the way it would if you had set up a 
monitorung device between the PC and the owner's ISP and had captured 
the email in transit).  I do recognise, though,  there'd be an 
interesting case to be made in respect of an email delivered to the PC 
but not yet read by the owner - a fact which could be established by 
looking at the flags within the email archive.

The technique can be used for anything on the PC including  deleted but 
recoverable material.  If by any chance an investigator or prosecutor 
became worried that particular classes of material might be inadmissible 
they could then seek to make their case with material that was 
definitely admissible.  After all, that is how intercept material is 
used today - the inadmissible content of the phone call tells the 
investigators that the narcotics shipment is arriving/that a bomb 
(Continue reading)

Benjamin Donnachie | 1 Dec 17:01 2008
Picon

Re: BBC 'vague' reporting again!

2008/12/1 Peter Sommer <peter-dr0oxk7mE8FWk0Htik3J/w@public.gmane.org>

A few years ago Encase introduced a new product for deployment across corporate networks and which allowed all the facilities of the "local" product but remotely.  To make this work each computer that was to be subjected to remote inspection needed to have a "servelet" program installed.

LiveWire from WetStone claims to do the same thing without requiring dedicated software on the target machine; it just requires administrator access.  See https://www.wetstonetech.com/cgi/shop.cgi?view,14 for details.

The vast majority of the home installs of Windows I have encountered have had no passwords set for the admin account.  For obvious reasons, WetStone are a bit vague on the exact method used to connect but it's fairly safe to assume that a significant proportion of the people who have a machine without Admin passwords will also not have a correctly configured firewall.

Ben

Gmane