Feeds

Feds publish computer search manual

One word: crypto

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

When the Feds lack evidence sufficient to hustle a judge into issuing a warrant to examine a computer's contents, they often politely ask the owner or someone who shares it if they might just have a quick peek at the contents of its HD. Incredibly, a significant number of people foolishly cooperate, and so reveal enough evidence for the nosey buggers to bring to a judge and get the desired warrant.

So Lesson One of the US Department of Justice's latest how-to publication, "Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations", is 'Just Say No'.

Not that it always works. Your idiot roommate, parent or spouse, if s/he shares your computer, can give the Feds permission to search it. The way to defeat that is to encrypt any file you'd prefer agents of Uncle Sam not see. This puts your data in a category similar to the contents of a locked box to which your housemates haven't got a key. They are assumed not to have authority to open it, and obviously not to have the authority to let anyone else do so either.

Another risky practice is leaving potentially incriminating data unencrypted on a disk when the box is sent to a repairman. Here the repair flake may not authorise the Feds to search your box; the law assumes you have a reasonable expectation of privacy from government snooping when you surrender property for the limited purpose of getting it fixed.

Ah, but nothing can stop the ten-thumbed technician from doing his own, private search of the machine, and alerting the Feds to your collection of bestiality pics. In that case, the coppers are authorised to recapitulate the private search, and if that bit of cherry picking should turn up enough evidence to get a warrant, you're stuffed (not to mention keenly embarrassed).

"The fact that a private person has uncovered evidence of a crime on another person's computer does not permit agents to search the entire computer. Instead, the private search permits the agents to view the evidence that the private search revealed, and, if necessary, to use that evidence as a basis for procuring a warrant to search the rest of the computer," the manual explains.

And in some instances the Feds can lie to you, or anyone else in control of your machine, and still conduct a legal search with consent.

One William Roberts last year was told by agents at an airport that they were searching for "currency" and "high technology or other data" that could not be exported legally.

Of course what they were really looking for was just what they found; the large collection of kiddie porn Roberts had on his laptop machine. Poor Roberts imagined that by consenting to let the Feds look for something he knew he didn't have, the rest of his data would be protected by Constitutional requirements of specificity in searches. Little did he know that while en route to France he and his possessions occupied a Constitutional nether-world. He was being treated to a so-called 'border search', in which the Feds enjoy grossly expanded powers.

And there is the growing trend towards executing 'no-knock' searches of computers, which the DoJ thinks is a splendid practice.

"Agents may need to conduct no-knock searches in computer crime cases because technically adept suspects may 'hot wire' their computers in an effort to destroy evidence. For example, technically adept computer hackers have been known to use 'hot keys,' computer programs that destroy evidence when a special button is pressed. If agents knock at the door to announce their search, the suspect can simply press the button and activate the program to destroy the evidence," the DoJ warns.

Here again, as in all the previous cases, there's only one reliable way to protect your privacy: encryption. Use it. ®

Related Story

Hollywood, software groups push DoJ copyright busts

Providing a secure and efficient Helpdesk

More from The Register

next story
Scrapping the Human Rights Act: What about privacy and freedom of expression?
Justice minister's attack to destroy ability to challenge state
WHY did Sunday Mirror stoop to slurping selfies for smut sting?
Tabloid splashes, MP resigns - but there's a BIG copyright issue here
Hey Brit taxpayers. You just spent £4m on Central London ‘innovation playground’
Catapult me a Mojito, I feel an Digital Innovation coming on
Google hits back at 'Dear Rupert' over search dominance claims
Choc Factory sniffs: 'We're not pirate-lovers - also, you publish The Sun'
EU to accuse Ireland of giving Apple an overly peachy tax deal – report
Probe expected to say single-digit rate was unlawful
Inequality increasing? BOLLOCKS! You heard me: 'Screw the 1%'
There's morality and then there's economics ...
While you queued for an iPhone 6, Apple's Cook sold shares worth $35m
Right before the stock took a 3.8% dive amid bent and broken mobe drama
EU probes Google’s Android omerta again: Talk now, or else
Spill those Android secrets, or we’ll fine you
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.