Feeds

Feds publish computer search manual

One word: crypto

  • alert
  • submit to reddit

Intelligent flash storage arrays

When the Feds lack evidence sufficient to hustle a judge into issuing a warrant to examine a computer's contents, they often politely ask the owner or someone who shares it if they might just have a quick peek at the contents of its HD. Incredibly, a significant number of people foolishly cooperate, and so reveal enough evidence for the nosey buggers to bring to a judge and get the desired warrant.

So Lesson One of the US Department of Justice's latest how-to publication, "Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations", is 'Just Say No'.

Not that it always works. Your idiot roommate, parent or spouse, if s/he shares your computer, can give the Feds permission to search it. The way to defeat that is to encrypt any file you'd prefer agents of Uncle Sam not see. This puts your data in a category similar to the contents of a locked box to which your housemates haven't got a key. They are assumed not to have authority to open it, and obviously not to have the authority to let anyone else do so either.

Another risky practice is leaving potentially incriminating data unencrypted on a disk when the box is sent to a repairman. Here the repair flake may not authorise the Feds to search your box; the law assumes you have a reasonable expectation of privacy from government snooping when you surrender property for the limited purpose of getting it fixed.

Ah, but nothing can stop the ten-thumbed technician from doing his own, private search of the machine, and alerting the Feds to your collection of bestiality pics. In that case, the coppers are authorised to recapitulate the private search, and if that bit of cherry picking should turn up enough evidence to get a warrant, you're stuffed (not to mention keenly embarrassed).

"The fact that a private person has uncovered evidence of a crime on another person's computer does not permit agents to search the entire computer. Instead, the private search permits the agents to view the evidence that the private search revealed, and, if necessary, to use that evidence as a basis for procuring a warrant to search the rest of the computer," the manual explains.

And in some instances the Feds can lie to you, or anyone else in control of your machine, and still conduct a legal search with consent.

One William Roberts last year was told by agents at an airport that they were searching for "currency" and "high technology or other data" that could not be exported legally.

Of course what they were really looking for was just what they found; the large collection of kiddie porn Roberts had on his laptop machine. Poor Roberts imagined that by consenting to let the Feds look for something he knew he didn't have, the rest of his data would be protected by Constitutional requirements of specificity in searches. Little did he know that while en route to France he and his possessions occupied a Constitutional nether-world. He was being treated to a so-called 'border search', in which the Feds enjoy grossly expanded powers.

And there is the growing trend towards executing 'no-knock' searches of computers, which the DoJ thinks is a splendid practice.

"Agents may need to conduct no-knock searches in computer crime cases because technically adept suspects may 'hot wire' their computers in an effort to destroy evidence. For example, technically adept computer hackers have been known to use 'hot keys,' computer programs that destroy evidence when a special button is pressed. If agents knock at the door to announce their search, the suspect can simply press the button and activate the program to destroy the evidence," the DoJ warns.

Here again, as in all the previous cases, there's only one reliable way to protect your privacy: encryption. Use it. ®

Related Story

Hollywood, software groups push DoJ copyright busts

Beginner's guide to SSL certificates

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Reducing the cost and complexity of web vulnerability management
How using vulnerability assessments to identify exploitable weaknesses and take corrective action can reduce the risk of hackers finding your site and attacking it.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.