Have you ever wondered how it is that if your hard drive or mine fails, there’s no hope of ever recovering a thing from it. But if the police get the same hard drive they explain that there’s no way to completely delete anything on it?
In a related vein, Bruce Schneier today on software as evidence, “We in the security field know the risks associated with trusting digital data, but this evidence is routinely assumed by courts to be accurate.”
What are we talking about?
[N]ot just the RIAA suing people — and getting it wrong — based on automatic systems to detect and identify file sharers. It’s forensic programs used to collect and analyze data from computers and smart phones. It’s audit logs saved and stored by ISPs and websites. It’s location data from cell phones. It’s e-mails and IMs and comments posted to social networking sites. It’s tallies from digital voting machines. It’s images and meta-data from surveillance cameras.
Schneier points to a paper by Sergey Bratus, Ashlyn Lebree and Anna Shubina, Software on the Witness Stand: What Should it Take for Us to Trust it?
We discuss the growing trend of electronic evidence, created automatically by autonomously running software, being used in both civil and criminal court cases. We discuss trustworthiness requirements that we believe should be applied to such software and platforms it runs on. We show that courts tend to regard computer-generated materials as inherently trustworthy evidence, ignoring many software and platform trustworthiness problems well known to computer security researchers. We outline the technical challenges in making evidence-generating software trustworthy and the role Trusted Computing can play in addressing them.
And a presentation Bratus gave on the topic:
Constitutionally, criminal defendants have the right to confront accusers. If software is the accusing agent, what should the defendant be entitled to under the Confrontation Clause? […]
Witnesses are sworn in and cross-examined to expose biases & conflicts — what about software as a witness?
I know innocent people convicted of crimes based on evidence they didn’t have the resources to refute. As I have pointed out before, computer forensics is a complex, time consuming, and expensive process poorly understood outside the world of experts. Computer data is volatile and a good computer forensics expert must be skilled in the acquisition, analysis and presentation of computer evidence. For the average person, especially outside of big metropolitan areas, that’s impossibly hard to find. Inside big metropolitan areas, it’s impossibly hard to afford.
What we need is a Computers Forensics version of the Innocence Project. We need experts who believe in the presumption of innocence and are willing to spend the time it takes to dig through logs, registry entries and hard drives to find exculpatory material when present. Prosecutors who look for – and presume – guilt do selective searches for data supporting guilt; those accused rarely have the resources to counter such selective evidence.
Schneier points to the additional burden of a judicial system biased towards trusting proprietorial interpretations of that evidence.