As police begin the tedious task of sifting through Tory frontbench spokesman Damien Green’s computer effects, politicians and professionals have expressed concern that computer investigations are becoming a source of serious injustice, in need of reform and regulation. If you are suspected of an offence that involves the use of …
If you have a mac seized it will take even longer - I have been told that experts in apple and linux are almost non existant for prosecution cases
The whole hog
The point about the cops taking your PC is that in reality, they don't need or even want it, as they'll have to store it. If they were able to streamline the process, and simply take away either the original disk, or a validated copy of the same, then not only would the "victim's" life be easier, but the fuzz would have a smaller logistic problem as they wouldn't need so much storage space for the "evidence".
However, I have an unshakable feeling that a lot of the time, when the police impound a person's property (whether a PC or a car) they are either doing it as a form of unofficial punishment, or to assert their own might on the situation, thereby coercing the individual concerned into co-operating in the forlorn hope of getting their stuff back before it becomes obsolete.
No reason for them to keep the data
Even if the police have some real reason to keep the original PC (other than deliberately and maliciously causing problems for the computer owner), they are *already* taking copies of the hard drive. So they have no reason not to make another copy to give to the owner.
Unless it really is deliberate. Unless they are doing this to 'punish' the owner, without bothering with trivialities like a trial.
I wonder if you encrypt your data and use "the right to remain silent" to not tell them the decryption codes can they still do you? They can't MAKE you turn over the codes as that would be a breach of human rights and as far as i'm aware the Terrorism Act nor Protection of Children act can not take that right away from you unlike the USA PATRIOT Act.
There is a semi-fix available: make TWO clone disks and give one back to the investigatee. They might have to get a computer to put it in, but they'd still have their data, and the police would still have the original system to use as evidence.
That's what backups are for.
Go and buy another PC and restore the backup. You do have a backup don't you?
Er, if you are lost without the disc which has been raided, surely this means that your data is not being properly protected? A desktop PC may not be as likely to be lost as a laptop, but the basics of good data management *should* mean that there is a scrambled copy of the data elsewhere, ready to be used if your house burned down or the plod took away your machinery. For them to be able to physically sieze all copies of your data is inexcusable.
Anyway, perhaps what's needed is a cookbook for shadow ministers on how to keep leaked electronic information securely. From mailinatoresque dead letter drops to online storage accessed via a sandboxed browser, with 35 pass autodelete on exit. It really isn't that hard (though would probably be classed as assisting terrorists, sigh).
It is an offence to withhold encyption keys in the UK under the Regulation of Investigatory Powers Act. Up to two years in prison, or longer for terrorism/national security issues.
In the UK we have the RIPA act, which amongst other things forces you to hand over the keys to your encrypted data.
Of course, you could just encrypt things using a key in RAM that you don't actually know so long as you don't mind the risk of losing your data if your PC crashes (best not use Windows then...). A UPS will avoid power glitches.
Or you could just claim you can't remember it - not sure how they prove whether you're lying.
@Dex - No right to remain encrypted :(
Under the Regulation of Investigatory Powers Act it's an offence (punishable by up to 2 years in prison) in itself not to turn over passwords/encryption keys if PC Dibble wants to read through your emails.
See http://news.bbc.co.uk/1/hi/technology/7102180.stm, for example.
Sure I remember a while ago an article or write up about this that basically compared the computer to an electronic safe. If there is a physical key, the police can take it from you but if it only a software encryption or two part (think finger print and code) then they cant demand it.
Never want to really test this out but yeah, it is a possiblity. Also a reason why none of my passwords are wrote down... anywhere... <-- they become a physical key...
errr Dex, just one point, or two..
First, you dont have the right to remain silent in the UK, its assumed to be an admission of guilt if you dont respond, not to mention you could then be had for contempt of court etc.
Oh and they can make you hand over the codes per the RIP Act (not sure which section) which makes it a crime carrying both a fine & prison sentence if you dont hand over decryption codes/passwords etc when asked to do so by the 'security' services.
Unfortunately this has not been correct since October 2007 when part III of RIPA came into force. See http://security.homeoffice.gov.uk/ripa/encryption/disclosure-of-keys/ for details.
Would I be right in saying that even if you were careful enough to make backups that are held off site the police would just take these as well to see if the offending article is on them?
3 years and counting
We reported to the police the receipt of an e-mail that contained a thumbnail child porn image. Plod turned up and seized the hard disks of any server or computer that had held the e-mail, eight in total, and then went on their way.
Three years later, we're still waiting for the disks back...
A lot of police don't even grasp the basics. I was on the periphery of in a case a while ago where a colleague had been up to no good on his office desktop. Coppers turn up, nick him, plonk his machine in the back of the van and then proceed to try to cart off the (business critical) server he'd been keeping data on. They started to take away the monitor and the network hub as well as the main box...
Fortunately, they did understand the problem and solution after I'd patiently explained it a couple of times - the machine was essential to the running of the business, so 5 minutes work with a screwdriver and they left with just the primary hard disk. We slotted in a spare and let the RAID play catchup.
I think the law needs revising here - by all means, the coppers need a pristine copy of a hard drive to work from, but they should be required to make a evidential copy or even a working copy for the owner and return it within a reasonable time (less than a day for most operations). Less important if it's a single person obviously, as they'll be detained anyway, but the police should not be allowed to compromise a non-suspects work or usage.
Re: Semi-easy fix
The semi-fix is fine. The problem is, how can we get the scofflaw Stasi pigs to apply it? As someone has pointed out, one of their main reasons for seizing evidence is to punish the victim. And don't forget the trick where they confiscate some documents that you are legally required to produce, then prosecute you for failing to produce them.
I've heard of that being done in the UK, but, to be fair, I don't think it was the police in that case. I think it Defra who seized all of a farmer's documents relating to his cattle, then ordered the cattle destroyed because the farmer was unable to produce the documents relating to them - a massive financial loss for the farmer.
Of course, these people would not have any problem if they stored backup data etc in off-site backups or online vaults... heck, even SkyDrive will store 25Gb these days and it's very simple to get multiple live accounts if you need more.
Then all you need to do is nip out and buy a cheapo laptop.... you could even backup your program installs on-line and store the producy keys in text files for easy access.
Data not just the issue.
My small business was raided by the Police and all of our PCs and servers taken for forensic examination. We got our business data back from West Yorkshire Police on unencrypted CDs through the post about a week later, luckily for us they didn't go astray in the post. We just about struggled through the week without the data, but the real problem for us was the lack of hardware. As a small business we couldn't afford to go out and replace our PCs and servers just like that, so for nearly three months we struggled with what we could beg, borrow and scrape together until the hardware came back. The windows PCs were examined in-house apparently, but the Linux ones had to be sent to Liverpool to be analysed by a private company, and they kept all of the hardware until that was done incase they had to go back and re-do them.
Of course they found nothing, the whole thing was based on faulty technical evidence, and no charges brought. But it cost us dearly.
This happened to me!
My house was raided and all my computers were taken for forensic examination.
The police also took away my sons lapyop and my employers equipment
I lost my job and couldn't find another.
8 months later it was all returned "No Further Action"
2 weeks prior to the equipment return, I was declared Bankrupt
@ everyone discussing RIPA
Yes, they can force you to reveal a key, but only if they can prove there are encrypted files there. Use Truecrypt or similar and you can easily set up encryption with plausible deniability, so they see an encrypted archive (which is actually fake, containing files that look confidential but aren't really what you are hiding, e.g. bank details or some pron), while the archive also contains your actual files, encrypted with a second key.
Anon because I don't want the gov to add me to a database of people with plausible deniability.
Let them raid the RAID
Run a RAID 1. No reason not to these days. Then when the front door is being beaten down you might have enough time to whip out one of the drives and feed it to the dog. You then have about 3 months before you get another visit from one puzzled Plod.
My two cents
If the Police don't have the resources to examine every single computer immediately (and they don't) then they need to be stored until they can be examined. They can't very well give someone a computer back that may contain indecent images...that would be illegal.
Easy way (or is it the hard way)....
....is to form your own language. The police would need an expert interpretor, who would not exist because it's your own language! Solved.
Seriously, I wonder what would happen if you needed to access encryption keys from a foriegn server? For example, if you encrypted a document, saved the one and only key in a foriegn country's server, would the police have power to access and retrieve a key stored on foriegn soil - not EU member country.
Graham Robinson: Yes, that's right. The police will grab all your backups as well. After all, can you *prove* that there's nothing extra on those backups that isn't on the main disk?
The only way a lot of them care about trashing someone's business and life is in the feeling of power it gives them to be able to do that.
Never ascribe malice ...
... where incompetence or lack of time will suffice.
The Met recovered my laptop after a robbery, but it then spent over a year in an evidence locker. The reason given was that they did not have enough staffing to dedicate someone to the full time job of returning stolen property. After I moved out of London, my house was burgled. The local police got almost everything back to me within a week. It looks like some regions have the resources to provide an excellent service, and others do not.
@ errr Dex, just one point, or two..
'You dont have the right to remain silent in the UK, its assumed to be an admission of guilt if you dont respond, not to mention you could then be had for contempt of court etc.'
Close, but no Banana Dave.
"You have the right to remain silent, but it may harm your defence if you fail to mention anything that you later rely on in court. Anything you do say may be given in evidence."
So remaining silent is not illegal but the prosecution can portray it as suggesting guilt in court.
for Dex - can't tell random data from encrypted
The interesting thing about having to reveal passwords is who is responsible for proving there is one, in the first place?
For example, take a disk partition and fill it with random data. Now you have a slice of disk that may, or may not contain an encrypted filesysytem. Unless you manage to decrypt it, you don't know if there's any data on it or not. Now, when plod arrives and seizes everything you own, they'll ask you for the password of the encrypted data. When you rightfully tell them there isn't a password and there's no encrypted data, how can you be found guilty of with-holding the password?.
Presumably they'll just find you guilty of something else: wasting police time, perverting the CoJ or just trump-up a kiddie-porn charge instead.
Re: No reason for them to keep the data
"So they have no reason not to make another copy to give to the owner."
Errr. Are you sure?
Doesn't it depend on the alleged crime?
Should Garry Glitter have been given a copy of his data? What if the system was used to control a botnet? Or holding the pages for a phishing bank site? Or had a file with stolen credit card details? Or the artwork for fake share certificates?
Would you give back the jemmy and lock picks to a burglar while he is awaiting trial?
It would be very, very time consuming to delete all data that may relate to an offence. And there's no guarantee that all data had been identified. The only safe way is for the accused to be able to ask for copies of specific files. Please can I have copies of my address book and my letters.
>> Or you could just claim you can't remember it - not sure how they prove whether you're lying.
They don't need to prove anything. If you fail to hand over the key (regardless of the reason) then it's straight to prison. Do not pass "go".
Always demand a written, detailed receipt for seized evidence
Otherwise, you can claim "someone purporting to be a cop took it away and refused to give me a receipt.Here's a video recording of the incident. I filed a police report of this impersonation and theft."
You guys need a political party with a platform plank "purge police forces nationwide of Stasi types."
Just like management types, you would do better hiring random people from the nearest bus stop than using the current incumbents.
The point being that they don't know that there is illegal data there. If they do then the problem doesn't arise anyway.
Why should they be able to hold your very valuable property just in case they may later find something dodgy in it?
"We think you might have been receiving stolen goods ('we had an anonymous phone call'), so we'll ban you from your own house for a year or two until we get round to sending someone to search it. No, you don't get to go in there to retrieve things you can't do without. No, we don't compensate you for the rent you have to pay while waiting, or the clothes and household goods you have to buy. No, we won't give you any clue as to when we might bother letting you back in."
"Right to remain silent"
Dex, that's an American thing. Most countries, now including the UK, have no such right. You are correct here (I'm an American myself) the police can not compel you to hand over the password to your encrypted data. Unfortunately our friends across the pond live under RIPA and are presumed guilty until proven innocent.
The parliamentary system has served my cousins (literally) well for the past couple centuries but it does have it's weaknesses.
A great, well researched artile... would've been nice
Sorry, you're saying that theres problems with the police wanting EVIDENCE? Courts sort of demand that sort of thing.
Is this the murder weapon?
No your honour, its a copy of it. But it was made by an expert and the MD5 checksum is the same.
I see, and the original?
That's been returned to the suspect.
Yeah, I can see that working alright. IF this was an article with any more substance than "well I was talking to my mate Dave and he says it took him ages to get his PC back" it might be useful.
Is there a code of practice for the collection, duplication and retention of computer data by police Is there? Is it working? is it ECHR compliant? Who knows, the author of the article doesn't suggest they've checked.
Re RIPA n encryption keys: That has been enacted but has not yet been used. Its like wasting police time or failing to assist a constable, there in theory but never used in practice.
Backups are fine as long as they don't seize them too.
Surely there must be a way for someone to sue the plod for lost earnings when they take business equipment and not return it for months? Especially if no charges are laid from the incident.
And before anyone mentions it, yes i know this a very American attitude but after the plod have been sued successfully a couple of times for not returning goods in a reasonable amount of time, they might spend some resources on the problem!
> Yes, they can force you to reveal a key, but only if they can prove there are encrypted files there.
Section 49 of RIPA allows a notice to be served "If any person with the appropriate permission under Schedule 2 believes, on reasonable grounds" that there are encryptred files there.
Failure to provide a key is an offence, and you can get two years for it - even if there is no key because it's not an encrypted archive.
Whether any court would be crazy enough to sentence you is another matter, of course - I sincerely hope not, but who can tell these days...
"presumed guilty until proven innocent"
don't be silly! Over here in the UK so much has been made into a crime that it's probably not possible to be innocent anymore.
Ever ripped a cd to your ipod? if so then you're guilty of copyright infringement, as there are no fair use laws. ditto for videotaping your favourite soap and not destroying the recording immediately after. If you've ever watched porn, then you've probably broken some law or another.
interesting thing about RIPA
is that if I remember correctly, they can't force you to turn the information over, only sentence you to 2 years for refusing to hand it over. So if you were to commit a crime which likely meant a long spell at HM's pleasure, then refusing to hand over the keys would prob be the best option, plus they couldn't try you for the offence again. Though they might eventually be able to crack the encryption if you lived long enough and computers kept gaining processing power.
AC as I smell a "night of the long knives" approaching
Why must the whole machine be taken away?
I have never been able to understand why the whole machine must be taken away.
Surely just the hard drive(s) would be sufficient.
I regularly access data from externally attached hard drives. Why cannot the forensic labs simply have machines with removable caddy slots?
For the "victim", loss of computer equipment can be devastating for individuals and companies alike. Especially if the raid is based merely on a malicious, anonymous phone call.
For the police force / tax paying public, the storage and transportation costs would be significantly cheaper.
Meanwhile in the real world
Despite popular belief there's little joy or appetite in ruining someone's business or livelihood, even the worst of criminals have innocent dependents. Indeed many of us conspicuously go to great lengths to avoid this where ever possible - but unfortunately we are frequently required to undertake tasks beyond our direct control or influence; you just have to get on with it.
Property storage has long been a serious problem for the Police, the difficulties seem to multiply incrementally with each passing year. Each station contains secure holding stores (and now frequently overspill locked offices and garages) absolutely crammed with found and 'miscellaneous' property of all kinds awaiting collection by owners (or their agents) who, for what ever reason never seem to turn up for it; not to mention those owners who cannot, or will not, be readily traced.
Patrol officers and Detectives are routinely bombarded with urgent disposal requests and owner trace enquiries. Its a major pain in the arse.
The issues surrounding Crime Property is nothing short of a logistical nightmare; it is hugely costly and ludicrously manpower intensive. For example (and I'll exclude all IT related items for now):
1) We have to be able to produce a meticulous audit trail from the point of initial seizure, through all the forensic or other examinations, including transit and temporary storage all the way up to trial - and often for many years beyond. Errors or gaps in the audit trail will invariably render the evidence inadmissible.
2) Much of this can be large or bulky items such as cars, furniture/bedding, kitchen appliances, baths and WC's etc or multiple items (we recently seized over 500 shotguns stashed by dealer who turned to the dark side)
3) Significant quantities of crime property can be fragile, subject to decay, carcinogenic, toxic, otherwise hazardous or dangerous; all of which will require special handling, packaging and storage. In my time I've seized prodigious quantities of explosives, munitions, acids, poisons (including a Tupperware box full of liquid cyanide stored in a garden shed adjoining to a primary school!), radioactive articles not to mention prodigious quantities of drugs and booby trapped items (thank you so much IRA & ALF!)
4) An ever increasing proportion of crime property requires preservation for DNA or other specialist forensic examination, this dictates specific handling, packaging and storage - the demands of which evolve as quickly as the science advances. It is clearly only a matter of time before SOCOs (UK CSI) and Police Search Teams are required to wear total environmental protection suits and BA lest their forensic evidence is dismissible as potentially contaminated (breath born Officer DNA has already been considered as a defence).
5) In many cases that either go to trial - or remain unsolved - the police are required to safely preserve all of the related case and enquiry papers (often a van full) and all of the evidence (including human remains and DNA) in case of subsequent appeal. This will never be less than 5 years and in the unsolved matters, for decades; as illustrated by the increasing number of Cold Case reinvestigations from the pre-DNA days which have since become solvable.
For example, in one serious night club shooting we were required to seize and preserve every item that a) potentially bore traces of DNA (bottles, glasses, cans, fag ends, lolly sticks, chewing gum etc) and b) map exactly where in the building each item was found and what relationship it was to everything else discovered (contemplate the logistics of that for a second). It took the best part of a week and produced one and a half removal vans full of plastic bags. The case has long since been to trial and the offender convicted of multiple shootings but all of the seized evidence is still being stored in a secure and protected warehouse; audit trail still intact. The rental of such warehouses costs the Police a small fortune - and we are rapidly running out of space and secure locations - we'd rather we didn't have to, but we are not given the choice.
Incidentally, despite the offender's constant denials and apparently bullet proof alibi ('scuse pun), the HO laboratory conclusively found his DNA amongst all those items thus putting him squarely at the scene (finding the gun components in his washing machine's motor and rammed up the WC U-bend helped a bit too!)
With regard to Computers and storage devices, they are invariably examined by a High Tech Crime Unit which are usually civilian employees. Whenever there is a known potential for problems such as cunning encryption, PGP (or similar), LAN/WLAN storage etc the HTCU usually turn up with the Search Team. With the notable exception of Paedophiles and Animal Rights Groups, few people seem concerned enough to secure or conceal their data regardless how incriminating or otherwise it might be.
Evidential seizures are invariably dictated by the terms of a Warrant, the Warrants are sworn out by one of the investigating officers. In the majority of cases, such searches are carried out by a specialist Police Search Teams who will have no other knowledge of or involvement in the case, indeed in the larger forces the Search Officers will not even know the investigating officers in question. The Searchers are usually uniformed officers and tend to cherish their independence, particularly as they go from job to job and go to great lengths to avoid unnecessary court appearances - and you do that by being systematic, meticulous, structured and strictly accountable - this is where that particular job satisfaction lies.
Search Teams usually contain one or two computer literate officers, but not necessarily so; but then again they are also likely to contain those trained or interested in mechanics, construction, electric's, body recovery, diving, working at heights or in confined spaces and a myriad of other skills of relevance to the varied demands of that role.
Like so many aspects of Police work, the quality of Warrant execution and dedication of such Search Teams varies from Force to Force - and as in most matters, the MET are conspicuously different in their approach both in terms of professionalism and ability - there is a certain (and not always desirable) 'liassez-faire' inherent in the larger metropolitan Forces. The recent non-warrant search of the Parliamentary offices being yet another typical MET balls-up that's once again left the rest of us disappointed, bemused but not in the least surprised!
To assert, however, that Police routinely seize property as part of the 'punishment' process is a nonsensical exaggeration with no constructive purpose. Yes, like in every other occupation, there are dumb heads at work in our midst's but the vast majority of experienced officers (and I concede that's increasingly becoming an oxymoron) have a fairly well developed sense of stoical indifference: you'll have long since learned to maintain a health detachment and avoid personal involvement where ever possible; you simply couldn't function otherwise - I've just attended my 38th murder scene in the last 7 years.
In the modern Police Force, pitfalls, cock-up, allegations and criticism await you at every opportunity, so why risk your career and pension over events that, in reality, have little lasting consequence to you? Its illogical, unnecessary and utterly pointless. None of which I know fits the prevailing prejudice here, but at least I've got it off my chest.
Is there any reason to visit England left anymore?
Is there any sane reason to come to your country anymore, that you can recommend?
Great idea........except the police will take EVERY piece of computer equipment they find....including any backups, e.g. removable hard drives, servers, tapes, disks, CDs and even your kid's games.
I suppose a remote backup could be a solution....unless they find out about it and they will then freeze that as well.
Send your stuff to BT Digital Vault or equivalent.
They take your gear - buy a new comp, download. Job sorted.
Also encrypt, just for the crack.
"Ever ripped a cd to your ipod? if so then you're guilty of copyright infringement, as there are no fair use laws. ditto for videotaping your favourite soap and not destroying the recording immediately after."
But Copyright infringement is a Civil, not Criminal offence, at least here in Blighty, right?
"If you've ever watched porn, then you've probably broken some law or another."
Well what about my matter........
police come around, search the computer on site, of course dont find anything because nothing to find and say a kind of sorry in their own kind of sheepish way. They do NOT take the computer or anything at all and make no copies. Please someone, does that show someone the Police think is guilty ? No.
THEN later in a civil proceeding brought by me they plead that I told them I had wiped the hard
drive, when in fact I told them I formatted it just so I was being open. Drawing a comparison a bit like the police coming around to a suspected bank robbers house, finding no money and then
pleading that they had done nothing because the suspect said he had spent the money.
What a police state we live in.
Sony Tiny Micro Vault
I recently bought an 8GB "tiny" Sony Micro Vault USB disk. It's the size of a postage stamp, and pretty robust, so can be hidden in all kinds of places like, say, behind a loose brick in your garden wall. I'm gonna buy a few more, and use them for backups of my really important data.
they couldn't try you for the offence again
Oh dear, Anonymous Coward, please try to keep up. Double Jeopardy has been abandoned. They can keep trying you until they get the result they want . . .
Mr Anonymous Coward Policeman, just because you have practical problems that doesn't justify you turning them into our problems nor of your ongoing abuse of the innocent and the now-prevalent attitude that we are all guilty until we can prove ourselves to be innocent.
"Ever ripped a cd to your ipod? if so then you're guilty of copyright infringement"
No you're not, there's a levy on all blank media sold in the UK, this allows you to make a copy of copyrighted material "for personal use".
In fact police advice is to never store the original CD's in your car, always use copies, it's less theft-worthy.