Cyber cops want new laws to allow remote searches of seized hard drives in the hope they will help reduce long digital forensics backlogs - of up to two years for some forces. It would mean specialised officers in London could access data held on hard drives in police evidence rooms nationally. How such information sharing would …
Am I fundamentally misunderstanding this...
...or are they saying that they do not currently have the legal go-ahead to put a confiscated hard drive onto their own network and look at its contents form another location? - That they must be in the same room as it or something? Or is this just FUD to disguise the fact that they have a backlog of actual police work because they are too busy beating innocent passers-by to death and shooting Brazilians in tube stations?
AC 'cos I don't fancy a visit from that black helicopter...
i just cant see any mixups as the minimum wage monkey sticks wrong drive into wrong slot.
Time to move all your data storage out of the country, along with running all internet access through a TOR network. Store all your data on the cloud, and run SSD drives at home, remembering to frequently format your drives. SSD are very quick to completely and securely erase all data traces.
What is to stop police tampering with evidence?
We all know the current police kill people without provocation and hide their identifying numbers, and wear terrorist style gear to keep from them be identified as they club out paramilitary justice.
Does anyone actually trust them not to tamper with evidence?
What does that even mean?
We don't have time to look at it properly now, so we'll give it back to the suspect with a trojan on it and trust them not to delete stuff until we get around to looking?
Or is it the more sinister option of not bothering to collect hard drives in the first place, just hacking the machine and grabbing the info?
The former case is just damned stupid.
In the latter case I fail to see how that would affect the backlog in any way, just give police an even easier time spying on us.
(on my part if I've missed an option, on theirs if it's either of these)
The UK .gov is pushing for a nation of Neo-Luddites, aren't they?
C'mon, admit it. Nothing else would make sense.
So some dipshit plod wants to search my hard-drive remotely do they?
Am I going to get phone call to ask me to turn on the machine and leave it attached to the internet? Firewall and anti-virus off preferably?
Would they also like me to install Windows so my system fits in with the tools they have for hacking and the vulnerabilities they'd like to exploit rather than use a funky file system they don't know jack about?
What do they plan doing if they come across a file ending .tc et al?
Do I need to make sure my external hard drives are permanently attached?
This fucksmack's wet dream has so many faults it's barely worthy of the effort involved in utter contempt. These pricks should stop watching Hollywood tripe and get out there catching granny bashers, burglars, rapists, murderers i.e. uphold the law in general not look for low hanging fruit.
Perhaps the answer (for us) is not to try and lock it all down, but to buy the biggest drives we can find and set the browser caches to maximum. That should keep them busy...
What you talkin bout Willis?
I think this article is saying that an iPlod wants to be able to hack any PC which has NOT yet been subject to a warrant.
Well if iPlod Central doesn't have the resources to scan disks they physically possess as fast as they arrive, how will remote, and undoubtedly covert, abilities help?
Would I be excessively cynical to suggest that they want to eliminate the wearisome intrusion of the judiciary into their work?
Secret warrant-less PC tapping, trojans and officially mandated backdoors in hardware and software?
I was under the impression that whenever a hard drive was seized, the very first thing they did was create a sector-for-sector image of the disk and then performed any forensics on that, rather than the original.
If that is the case, then surely a copy of that image could be farmed out anywhere around the world for analysis ?
And no, no-one uses Magnetic Force Microscopy to recover overwritten data in the real world, despite what Peter Gutmann's paper might say.
Folks I should imagine what they mean is "we have a huge backlog so rather than employing competent techies in the UK, we want to send your confiscated hard drives to Russia to be inspected for us by this chap we met while on a fact-finding mission learning crowd control techniques in Burma. Unfortunately the law prohibits us from doing this, some triviality like chain of evidence or reliability of investigators, so we want to repeal the relevant law."
/me hides in tunnel to avoid helicopters
Is this the Vague News or what?
That story is so vague it tells us nothing. "Today a policeman somewhere said something, but refused to elaborate."
For a start what exactly is meant by the word "remote" in this case? More information please.
I guess what they actually mean is sending it off to someone else to do the analysis because they haven't got the resources in house to do it. Or they haven't got the money for the duplicate disks that I hope they use (the first thing you ever do in a forensics analysis of a disk is to duplicate it and work on the duplicate - if you don't do that when it comes to court any half decent lawyer will claim the evidence has been tampered with).
What the fuck does that even mean?
Remote searches of seized hard drives? Is P.C. Genius here planning to remotely seize them too?
No wonder the various scammers and phishers are running rings round the cops if even the most senior copper in the entire field is a moron who hasn't the first idea how computers work. ACAB.
Vague news + 1
Oops. I hit Post on that last one before I'd finished.
Anyway I'm assuming (unlike several of the idiots above) that since the drives in question have already been seized we "remote" does not mean leaving the drives in the posession of their owners and scanning them remotely. I am assuming that it means that the e-forensics guys can scan the drives fromt their own office rather than having to travel around the country to visit the force that holds the drives. Presumably the delays are caused by all the travelling.
Now maybe I'm being obtuse, but wouldn't it be better to transfer copies of the drives to the e-forensics officers? After all I hope they don't work on the originals as it is, that would make it too easy for the evidence to be compromised (either by accident or on purpose). It ought to be standard procedure that step one is that copies are taken of the drive and that the original is stored securely in one place and a master copy in another, the forensics should be carried out on copies. This would make it difficult to tamper with the data without leaving a trace, especially if a copy were handed to the defence. If they did it this way then there would be no problem with shipping a copy to the e-forensics officers.
Actually I'd like to see them scanning a nice full large capacity disk over the links they currently have between forces. It would take longer than getting the officer to drive out to site to carry out the investigation.
You are exhibiting Teh Fail (along with a few others). This is all about remotely analysing hard disks which have already been seized and are in police custody. That's why El Reg uses the word "seized" in the article.
search warrant please
as it stands i believe that a search warrant is required to 'access' anything on my property, and to get a search warrant, they need to show good reason. eliminates random and unethical fishing trips, and reduces the probability of 'evidence' being planted by the coppers just cos they don't like you...
now, if they change the law to make remote access and search of people's PCs legal, then imagine how easily they could access your computer and plant all sorts in there, and then arrest you for possessing that..
and what about encrypted stuff? is it that we could at any time get a visit out of the blue, by someone saying: you have encrypted files. hand over the keys or face a jail term.. ??.. and what about an encrypted file being planted, to which you don't even have the key? how do you defend against that?
no warrant, no probable cause, no way to prove or prevent false evidence being planted...
this just stinks and i can't help wondering how many innocent people will be jailed on false charges, just because they don't like gordon brown and his cronies.
Well said Sir!
This is the 'enabler'...
...to allow the cops to access private, personal PCs (or even business ones) remotely. By carefully couching this in terms of being able to remotely access 'seized HDDs' all it does is pave the way for the law to be quietly amended at some later date to allow just about any PC's HDD to be snooped on.
I wouldn't be surprised to find the filthy fingerprints of CEOP all over this. In these days of an ever-dwindling supply of fresh kiddie pr0n online (and see the IWF's latest annual report for the facts) this is nothing more than a pretty shabby job creation scheme to guarantee next year's £multi-million budget in the face of overwhelming competition from so many other 'partner agencies' in these hard economic times. LOL.
I don't get it
How does being able to search a drive remotely (i.e. across the slow internet rather than a drive cable) help reduce their two year back log? Sure it saves one trip in a truck to their lab which I guess is in the UK so 1 day max. There is something about "search remotely" which we're not getting or not being told. Is this just a case of Thames Valley Police are not allowed to receive drives which were seized by Kent Police so if KP have spare capacity it goes to waste remote searches would get around this prohibition?
Stop and Remote Search
In a change to the law, the Home Secretary announced today that the police can randomly stop and search any hard drive at any time in any location.
In response to those people calling her a batty old cow whose completely lost it, she says "we must protect the most vulnerable people from the moomins who live in the lint trap of my computer, gedugida gedugida, funge funge barble".
"Those moomins hate our freedoms, when people ask me how far I would go to protect us from the evil moomins, I say 'I would go all the way!' barble gurgle frisbot, ALL THE WAY!"
"Doing nothing about the moomins is not an option, the do nothing approach only encourages them furt furt furt"
Maybe I read it wrong but,
From my understanding they are looking for a way to outsource the work. This will mean that some little knob-jockey will have the information to look over. Find evidence and then due to over work, lack or pay, in ability to understand basic commands, files the evidence against the wrong person.
I have no problem with this.
I have to format and reinstall my OS once every 3 to 6 months anyway.
they can dig thought he magnetic layer 8 layers deep and still won't find anything.
Besides using norton ghost wipes the black spaces with their older product with annoying SYMANTEC SYMANTEC SYMANTEC SYMANTEC SYMANTEC SYMANTEC SYMANTEC SYMANTEC SYMANTEC SYMANTEC SYMANTEC SYMANTEC SYMANTEC SYMANTEC SYMANTEC SYMANTEC SYMANTEC SYMANTEC SYMANTEC SYMANTEC SYMANTEC SYMANTEC
So any evidence then they will have to go to symantec for it HAHAHAHAHA
Also doing a defrag premantenly wipes data also.
So no amount of law enforcement spyware or taking my hard drives away form me or taking my mp3 players that also double as a hard drive will ever incriminate me.
Those that get caught are plain idiotic fools.
Those that get caught perhaps want to get caught?
As for a backlog of unsearched hard drives. Just make a Virtual image of them and add it to a virtual OS then one OS with Windows Desktop Search 4.0 can find everything instantly.
You just need a dept that can hold thousands of terabytes of data. easy to do if you got the money.
as the second poster said , albeit cowardly anonymously , wtf?
surely the can lok at a seized hard drive however they want?
I assumed they were!
and @ the various people talking about their unseized pcs in their houses - I think you missed the gist
Will someone please tell us what "remote searches of seized hard drives" actually means?
So which option is it?
Option 1: "remote intelligence work"? ... whats that? ... exactly what is it? ... If thats simply outsourcing searching hard drives to other forces, but still holding onto the physical drive themselves, then ok maybe, just maybe thats ok. Although it places huge trust in the 3rd party not to download evidence which they can then say they found, and hey presto, they have a nice bonus for being such good researchers. (Wherever there are opportunities for career advancement and/or more money, then there's always sooner or later examples of corruption). Probably the only way I can see to make this safe from tampering, is the first thing they do is put the drives into a hard wired (i.e. not a computer) replication machine, so all it can do is do a couple of whole drive copies. Then they can let the "remote intelligence" people search one copy until their hearts content. That should work ok as then no computer is connected to the original drive, its simply copied by a machine that isn't a computer. So then before trial a comparison with an unaltered drive can be made to make sure no remote tampering had occurred.
Option 2: If however remote intelligence means going on a fishing trip using a back door into everyone computer. Then thats another big move (of so many) moves towards a full on totalitarian state, with Jackboot Smith sitting in the middle of the information spiders web, feasting on ever more tax payers money, while looking over everyones shoulders, to see if anyone wants to stop her and her corrupt friends from robbing us all. ... judging from the way Jackboot Smith behaves I'm sure she prefers this option and would do it in a heart beat, if she thought she could get away with it (and she probably thinks she could get away with it, given how she is behaving with big moves towards Phorm style Big Brother monitoring of everyone).
I hope we are talking about option 1 ... because if we are talking about any moves towards option 2 at all, in any way at all, then that self centered tyrannical leader Jackboot Smith will find she is abusing people's privacy to far. That evil minded frankly bitch needs to learn that just because they now have ever more technology to abuse peoples privacy, doesn't mean thats the right think to keep doing ever more. She has the technology to knock down everyones door, drag the people out of the house and strip search them in the road, but that doesn't mean thats what everyone wants them to do. “Think of the terrorrroorrrooorists” isn't the answer to ever more abuse of peoples lives, for the peace of mind of the ever more corrupt plutocratic leaders abusing their position of power.
I think I can see what is happening here
due to the backlog we have decided to employ outside contractors from (for example India or Ireland) to do the donkey work for us. So we plug the hard drive into the internet, said operator from Bangalore/Belfast will remotely access the drive and search using a bunch of pre-defined terms suggested by us.
The evidence (drive) would never leave our presence. So what could go wrong? Discuss.
Suggested search terms: Liberty, freedom, Jacqui, London Landmarks, Paris
Um, how will this help?
Knowing who actually does this work, the issue isn't where the disks actually are, but the number of people qualified to actually do the work, and the time it takes individuals to do it.
Lets face it , the average perp probably keeps their nefarious activities bound up with gigabytes of daily dross that we all keep on our PCs, so in amongst the nuggets of useful information our brave boys in blue have to sift through countless eMails to Aunty Joan on the heath of her pet budgie, photographs of young sharon & tracys big night out and so on, before finding anything of use. More serious perps, naturally encrypt their hard drives, so you have to break the encryption first, so how saving a couple of days in the chain of custody of a hard drive helps, I'm not sure, quite apart from the evidential integrity issues, to show that they haven't, in the process of their remote examination changes the content of the disk.
(Mind you isn't this a great application for VPro(TM))
Calm down dears. There seems to be some confusion here. To clarify:
"Remote" means not in the same place.
"Seized" means physically obtained by the police.
So, they want powers to gather data from hard drives that are physically located in police facilities around the country and pool any intelligence centrally. Their thinking that because most regional forces have little to no computer crime expertise, this will help reduce the backlog.
As the story says, what it means legally isn't clear at the moment, or they're not saying, but rest assured The Reg is on it. Cheers,
- Chris Williams
but if the delays are in the experts will the hdds just sit at the local police stations waiting to be delt with remotely not sitting at a central station waiting to be dealt with locally? and you have the added slowness of the connection slowing things down I still can not see how this helps
@no problem with this
I'm afraid you may qualify under your own "plain idiotic fools" category.
Reformat, defrag nor Ghost permanently delete the data. Sorry. Even super deep reformat doesn't delete everything and the other two options don't really do diddly-squat to inhibit advanced forensics. Regularly using these options may make them wait a few minutes (hours) longer while everything is processed but the bits (haha) are still there.
Therefore, if you are doing something illegal you're about to become the poster child for stupid criminals who can't stop talking about their law breaking and end up in jail, Cuba, or the Thames.
Have a nice day.
I can see it now...
I'm working away on my computer and up pops a remote console message...
"Hi. My name is Tom. I represent the call center in India that your local police force has contracted to remotely search your hard drive for illegal files, documents, software, photos, or anything we think would be fun to look at and post on YouTube. Control of your computer will be returned to you when we are done. It is illegal to interfere with this search and any such interference will result in a mandatory stay in the local for you. Have a nice day."
Seems like a sensible proposal
Makes sense, might save a bit of dosh. Might even mean suspect get their hardware back quicker.
@pixel: I think you dropped this. [Picks up tinfoil hat^H^H^Hsuit]
Police P2P !!!
Quick tell the RIAA
Read before you leap
@ Mark "Am I going to get phone call to ask me to turn on the machine and leave it attached to the internet? Firewall and anti-virus off preferably?""
... I think a lot of you are reading into this completely the wrong way.
This is for hard disks that have ALREADY been confiscated, and are sitting in boxes in evidence rooms. Instead of filing paperwork and getting these shipped around to offices as needed, they could be plugged in on-site and accessed securely over VPN etc, making the job more efficient.
Surely you'd want the time it takes to search drives to go down -- catching criminals quicker and for innocent people, getting their hardware back sooner?
As for the implementation, they could probably image the contents of each disk and store it on a single server per site, and have a properly audited system that'll prevent 'wrong disk' scenarios occuring, etc.
Erm, this is for HDs ALREADY SEIZED, no?
...So, who cares - if you've already had your door kicked in and they've stolen, I mean `seized` all your kit, you is probably already fucked - how they then sniff around it is surely the least of your worries!
Don't get the issue with this.
@ Solomon Grundy....hmm....interesting. What pray tell is a `super deep format`?! Sounds like you really know your stuff ;) ... You could always run a few passes of something of the Guttman/Schneier camp, then, if you are REALLY paranoid, drill a few holes in the casing, fill with mix of aluminium and iron oxide, and ignite with a strip of magnesium or glycerin/permanganate (potassium). I assure you, this will do the trick. Of course, you gotta have something really troublesome to go to these extents. And if it's a TLA after you then they more than likely already know what you've done anyway, they just don't care as much as you think!
Fill your computer den with 100's of old HDDs.
By the time the old Bill searches thru that lot, you'll be dead of the old age...
there goes the convictions
lawyers will have a field day with remotely pushed around data
the evidence has been passed over the Internet (secure or not thats going to be a big plaything for the rich people who talk to judges)
and @ seems like a sensible proposal AC, No the 'suspect' wont get their gear back quicker
nor will it be in working order when they do get it back.
AC because they will be after me (ooo that rhymes! :) )
Er...I believe that searching remote hard drives is what Dixon of Dot Com wants to do. How does your suggestion help?
I doubt this can be made into a workable solution any time soon anyway. It'll probably morph into third-party "sherrifs" doing the work on behalf of the short-staffed plod.
And the best part? You guys in my old homeland will let them. Look at what you've let them do since I left for good in 1991. Cameras everywhere, ASBOs (what a great innovation - legislation that proves that it doesn't work every day of the week), you've built yourselves the world of 1984 through apathy and indifference.
What's needed, of course, is a shirtload of ultra violent, technologically-equipped masked vigillantes with nifty names like "Hooded Justice".
Perhaps GCSE English should be a requirement before you can post a comment. What part of "access data held on hard drives in police evidence rooms nationally" didn't @pixel @Mark @Mark_T @Sillyfellow understand?
Police forces already outsource the analysis of seized computers to private companies (located in the UK). So there should be no legal obstacle to having the analysis performed by another force.
Instead, I suspect the goal is to expand the role and size of PCeU. First you allow PCeU to search the discs in the possession of any police force. Then you find PCeU is overloaded so Charlie McMurdie can ask for more money in recognition of this national role. Finally, perhaps, the computer crime units in each force come under the control of PCeU. This is empire building. There's a long way to go before PCeU reaches the size of NHTCU.
Why not use a courier
Shipping a computer from one end of the country to another by courier takes under 3 days so they could just ship them to a central site. This request sounds very fishy to me - at the least it sounds like they want to do the data extraction offshore and probably as far away from proper oversight as possible.
@AC 12:01 - you are correct, the ACPO guidelines say that any disk seized should be imaged, and it is the image that they examine, not the original drive.
@AC 11:48 - the ACPO guidelines are there specifically to ensure that a correct procedure is followed. If it cannot be shown that the evidence is untampered with (e.g. it's the image that has been examined) then it is inadmissable and the case is probably going to get thrown out of court.
Having read the article a couple of times, it seems to me that the problem is that they are short of trained personnel. It makes no matter where the disk is - if they don't have the trained bodies to do the work, they either have to get others in or use untrained personnel. If they use untrained personnel, then it is highly likely they won't use correct procedures - and the vidence will be suspect at best.
"How such information sharing would work technically hasn't been decided."
So the probability they will make it ftp over the public network on a "secure" server (secure as in "we didn't give the IP to anyone") is close to 1 I guess...
Or one young pimply enthusiast will read something about P2P solution being the most efficient way to transfer files, and they'll do just that, without realizing that it's efficient only if you distribute to a large number of clients.
Overheard on a radio drama recently: "take an image of that computer, Sergeant"
On my old (main) computer with 160GB of data and only a USB1.1 connection, that would take about two days, so there is some advantage in not being too up-to-date. Almost worth having USB1, which would then require nearly a fortnight!
when they kick at your front door
So after they have kicked your door down and billed you for the pleasure, they take your drive away for 2 years.
Cops = luddites.
From another angle, could their systems not then be compromised? The filth ('Coz thats what they are) have previous for not securing evidence, so who is to say that the moment they gain remote access someone won't leave them a nice little present that will shaft their enitre network.
As for that made old harridan in the HO, well another few months she'll be picking up her P45 and getting a relality check - as who the fuck in their right mind would employ someone like her outside of the Nazi - I mean Zanu, sorry, Labour party.
>> Perhaps GCSE English should be a requirement before you can post a comment. What part of "access data held on hard drives in police evidence rooms nationally" didn't @pixel @Mark @Mark_T @Sillyfellow understand?
Even better, for each article, the author could create a multiple choice exam covering (say) 5 to 10 of the most important points in the article. If El Reg wanted to make it a llittle more tricky, they could perhaps use comprehension exercises, like we used to have at school. It'd surely save the moderators a lot of work.
is an overrated skill these days, particularly amongst el Reg commentards (perhaps some would be better suited on HYS).
I presume the legal issue is that somewhere in ye old law it states that the examination of evidence must be performed with the evidence physically in your presence as such requiring either a lot of moving of hard-drives, or forensic people since the law hasn't caught up with the technology. Probably no loopholes exist since evidence tampering would be every bent coppers' wet-dream loophole, so the law actually has to be amended.
I think we should encourage them
The more they ship stuff around the better their chances of losing it, leaving it on a lorry, back seat of a cab, train.... Anyway; all of that will likely destroy a secure chain of control and invalidate any "evidence" which may be subsequently found on the drive(s). Me, personally; I don't trust any of them not to screw with the contents..heck, I hardly trust myself...wait a mo'
Where did I leave that tin foil?
I would like...
to get a contract as the supplier of tinfoil hats, specially hand-constructed to protect the evidence handlers from possible contamination by the dirty data on these drives. With the obviously already distressed way of thinking from which they suffer, they just might buy into the protective gear idea.
But seriously, they are concerned with someone in what passes for central IT being able to "look" at a drive in another location and still call the results "evidence." I am sure the chain of custody won't hold up even if this were written into law.
Imagine the testimony:
"How do you know you were examining the correct 'hard drive' then?"
"'Cause the local constable told me it was."