[HN Gopher] Reliability of police mobile phone evidence question...
___________________________________________________________________
Reliability of police mobile phone evidence questioned after hack
Author : donohoe
Score : 227 points
Date : 2021-04-26 10:40 UTC (12 hours ago)
(HTM) web link (theferret.scot)
(TXT) w3m dump (theferret.scot)
| cto_of_antifa wrote:
| always carry a book
| thrower123 wrote:
| I was on a jury in the US for a case where the prosecution used
| text messages as a large chunk of how they tried (very badly) to
| make their case. Screenshots taken from one party's device, with
| sporadic timestamps, no indications whether messages could have
| been deleted. It was a farce, I'd disbar someone who tried to
| make a case on such a flimsy reed.
| tantalor wrote:
| Can you elaborate on "whether messages could have been
| deleted"?
| thrower123 wrote:
| Some of the exchanges seemed rather nonsensical, to my mind,
| like there were pieces missing.
|
| It's not like the default Android SMS app indicates that
| messages have been deleted. And there was no provenance
| information provided as to where or when they were collected.
| neodymiumphish wrote:
| This is a difficulty that comes with most law enforcement
| interactions with victims, now. For example, the military
| is required to offer an attorney to a victim before
| conducting an interview. Often, these attorneys jump
| straight to "you can't have any evidence from my victim"
| without a detailed description of what you're seeking. This
| usually means we can only get screenshots from his/her
| phone of conversations between victim and subject, along
| with any contemporaneous conversations with other
| witnesses.
|
| I hate this, because screenshots come out looking like
| trash and it's very difficult with most messaging apps to
| show the timestamps for all messages. Eventually, this
| pendulum is going to swing (when cases start getting thrown
| out for this lack of timestamps/evidence of deleted
| messages, etc) and law enforcement (at least in the
| military environment) will have a bit more support in
| pulling relevant (and only relevant) data from victim
| devices for the purpose of evidence collection.
|
| One additional thing about screenshots: They can be totally
| faked, and the "contact" can't be validated from
| conversation screenshots. For example, if you buy a burner
| phone, you can create a whole conversation as though the
| burner phone is the assailant, then change the contact's
| number to the real assailant. Some chat apps keep the whole
| conversation, despite the number change, in the same chat
| and make it impossible to tell which number sent the
| messages. Cellebrite indicates the number (assuming we're
| talking about SMS here) where the message came from, even
| if the contact changes.
| tfehring wrote:
| Military law enforcement is going to have more leeway to
| conduct warrantless searches of the devices of people who
| haven't even been accused of a crime? On what basis? I'm
| skeptical, but if you're right that's horrifying.
| Wohlf wrote:
| Because military law is fundamentally separate from US
| law, most civil rights are suspended for members of the
| uniformed services during their service period. Off the
| top of my head the 1st, 4th, 5th, 6th, and 8th (to an
| extent) amendments do not apply to those under the
| Uniform Code of Military Justice. Servicemembers can be
| compelled to what would be considered unreasonable search
| and seizure by their commanding officer, it doesn't even
| require a judge.
| atat7024 wrote:
| Shockingly common for people to not understand the
| consequence of the US' overly complex legislative.
| kevin_thibedeau wrote:
| SMS messages are logged by telcos. It's pretty easy to get
| corroborating evidence.
| londons_explore wrote:
| You would hope that if there were other messages which said the
| same story differently, the defence would have brought them to
| court.
|
| Unfortunately, I don't have faith in all defence lawyers to do
| this kind of thing - some "free because you're poor" lawyers
| might spend only 20 minutes per case...
| Waterluvian wrote:
| It's because they are overworked and underresourced. Public
| defenders are some of the best people our legal systems have.
|
| Another possibility is that the investigators fail to share
| evidence as required.
| giantg2 wrote:
| "Another possibility is that the investigators fail to
| share evidence as required."
|
| They also don't maintain good Gugilo records. You can
| request that information, but they won't give it to you
| because they don't keep good records of the past issues, on
| purpose. I had a trooper contradict himself in court and
| official reports 3 or 4 times. The prosecution still found
| him to be a reliable witness. Anyone else would have their
| testimony thrown out.
|
| Because they don't keep good records of these
| contradictions, I guarantee future cases requesting this
| information will not get it.
| dylan604 wrote:
| You are just as much a part of your defense as your
| attorney. If you have knowledge that will help your
| attorney, then start sharing. This also has the benefit
| that this info would then be familiar to the attorney for
| future clients.
| londons_explore wrote:
| In many cases investigators don't look very hard for
| evidence which makes their case fall apart.
|
| Imagine a murder case where the accused claims he was at
| the cinema at the time. Often the police won't go to the
| cinema and get CCTV tapes to back up the claim - they'll
| just use blurry footage from the murder scene and claim
| "looks kinda like the same guy ish".
|
| I suspect there are a _lot_ of cases of innocent people in
| prison simply because evidence of them being innocent was
| deliberately overlooked or not collected.
| giantg2 wrote:
| "In many cases investigators don't look very hard for
| evidence which makes their case fall apart."
|
| I recently witnessed a case where a trooper charged the
| wrong statute. How can you make a thorough investigation
| if you don't even know the elements of the offense
| because you are looking at the wrong statute?
|
| He made about 5 other mistakes too, even lying to the
| judge. The system doesn't care. The investigation into
| the lie was found to be a "just a misunderstanding"
| eventhough that same report also notes that the statement
| was false and that he made the correct version of that
| statement 10 minutes prior to that.
| speeder wrote:
| We had a case in Brazil that was both sad and absurdly
| silly.
|
| A woman was found murdered in a cemetery. She was in town
| for a university-related festival/party, and was staying
| temporarily with some other students.
|
| The police suspected the other students first, and went
| to their house, and found out:
|
| 1. One was an RPG player, had RPG books.
|
| 2. The other was a heavy metal fan and had heavy metal-
| related posters.
|
| 3. The other guy was into literature and had some 'dark'
| literature.
|
| So conclusion of the officers: it was a satanic cult, and
| the woman was killed in a "RPG Satanic Ritual"
|
| The prosecutor's office at first went with it too.
|
| Later, already mid-trial, the prosecutor changed, the new
| prosecutor found a lot more formerly-useful now useless
| evidence that the police seemly deliberately ignored:
|
| 1. The police had in evidence storage some bloodied
| clothes that they never ran DNA tests on, the DNA was now
| useless (it has been years since the actual murder). Also
| the evidence was probably contaminated, the storage
| consisted of stuffing all the evidence in trash bags and
| leaving them in a random room in the police station.
|
| 2. People told the police multiple times, that the woman
| had drug debts, but they were ignored.
|
| 3. A known drug dealer was seen on the day past the
| murder, riding a bike around town, with his t-shirt
| having red stains on it, police even seen the guy
| themselves, and didn't bother stopping him and checking
| his t-shirt.
|
| The new prosecutor despite seeing all this, had hands
| tied and just went along with what the police wanted, and
| tried to prove in court that they were "satanists".
|
| The ruling was this (the judge was quite upset at it
| too):
|
| 1. The prosecution failed to prove they were satanists,
| evidence pointed out to the accused living there by
| coincidence, and their hobbies being "dark" or "fantasy"
| were coincidence too, only one of them was an RPG player,
| only one of them was a heavy metal fan, and so on, they
| didn't shared their hobbies with each other.
|
| 2. And even if they WERE satanists (they weren't), in
| Brazil being a satanist is not a crime.
|
| 3. For some reason the prosecution provided zero evidence
| that was actually related to the murder, they only tried
| to prove the accused were satanists and presumed this
| would be enough to know they were the murderers, but they
| never tried to link the accused with the crime scene,
| didn't even tried to explain when they would been at the
| cemetery.
| a0-prw wrote:
| Certainly disgraceful, but I had to laugh because it read
| like one of those logic puzzles
| https://riddles.guru/riddles/einstein-zebra-puzzle/203/
| bellyfullofbac wrote:
| Off-topic, but Boy Einstein couldn't have created the
| puzzle like exactly described with those cigarette
| brands, because some of them were introduced much later
| in his life...
| bryanrasmussen wrote:
| ok but it's not the Einstein Zebra puzzle, more like the
| Mo Fine Zebra puzzle (for a contemporary, albeit not
| peer)
| neodymiumphish wrote:
| To be fair, the amount of effort involved in verifying
| every little detail a witness/victim/subject provides is
| astronomical, not to mention the potential for a defense
| case based on the lack of effort to verify one fact when
| other facts were verified.
|
| In my old agency, we were required to do that type of
| thing. For example, we had a rape case where the rape
| occurred in a short-stay house (kind of like a hotel, but
| for families that require room for multiple kids/pets,
| etc). The subject only rented the house for one night,
| and the rape occurred in one of the bedrooms. By the time
| we got to the house, there had already been another guest
| for the night between him checking out and us arriving.
| We went to housekeeping and interviewed the staff who
| cleaned the room, we dug through the trash to verify the
| drinks the victim claimed to have drank, we got camera
| footage from the gas station where he bought alcohol (she
| was also underage). There's a ton more that was done to
| verify key facts, most of which were essentially
| meaningless, but we did them because we are required to.
|
| Now, imagine if a victim tells you a story that includes
| 10 things that could be independently verified (through
| searching a location for CCTV, pulling receipts,
| whatever) and you only look for 7 of those things. This
| opens up the defense to make an argument that you
| intentionally skipped looking for those other 3 things
| because they were exculpatory. It's impossible to think
| through all the different details that could be verified,
| along with their probative value to a case, and
| organizing them by how long you have until the evidence
| is no longer available (there's no standard timeframe for
| how long before a given store's CCTV recycles).
|
| I'm not saying investigators shouldn't do this ground
| work, but I am saying that it's a shitload to ask of them
| and potentially opens up the prosecution to a very bad-
| faith defensive argument that certain seemingly-obvious
| factors weren't considered during evidence collection.
|
| In your murder example, sure, they could say "looks kinda
| like the same guy ish" and hope that's good enough for a
| jury, but the defense can (and should) tear that to
| shreds. If a subject told us they were at the cinema at
| the time of a murder, my first thought would be to ask
| them to provide any evidence they themselves have (social
| media check-in, location data from their phone,
| receipts/credit card statement, etc), but I would also
| absolutely be checking the cinema for video evidence. If
| I can prove he lied, that's a huge win for the
| prosecution. Alternatively if he's telling the truth that
| he has a verifiable alibi, then the real killer is
| stacking up time while evidence entropies.
|
| The reality is that cops are burdened enough that the
| only evidence that's persistently worth verifying are
| usually statements made by subjects. This is where case
| where it's worthwhile to talk to cops: if there is
| potentially verifiable evidence of innocence that stands
| a good chance of diminishing as time goes by. Giving
| specific details like the place and time that you saw a
| movie at a theater along with any receipts or ticket
| stubs, would be a huge factor in preventing future law
| enforcement / prosecutor interactions.
| syshum wrote:
| >> Giving specific details like the place and time that
| you saw a movie at a theater along with any receipts or
| ticket stubs, would be a huge factor in preventing future
| law enforcement / prosecutor interactions.
|
| This is only true if the cops are actually looking for
| the Truth, not just a way to close the case as fast as
| possible.
|
| You seem to have faith that the cops / prosecutors are
| attempting to find the truth, unfortunately I do not
| share your faith in the system. So the better plan, for
| your own personal safety, is to NEVER TALK TO THE POLICE
| [1]
|
| [1] https://www.youtube.com/watch?v=d-7o9xYp7eE
| thathndude wrote:
| This is largely true. Especially when it comes to knowing
| and understanding the system. A public defender is so
| comfortable in that role that it gives them a huge
| advantage. But we also have to recognize the reality that
| the PD jobs are generally low paying and tend to be sought
| out and filled by less qualified graduates (to the extent
| we equate good grades with qualifications, which is
| obviously a heck of a logic leap).
| thathndude wrote:
| Lawyer here. I'd hope the Defense lawyer raised a slew of
| objections. There are serious foundation, authenticity, and
| chain of custody issues here.
|
| On top of that, another way around this is under the
| confrontation clause. The accused has the right to question any
| witnesses against them. So I'd demand to cross examine the
| "tech" that ran the scan and make it apparent that no one knows
| how the box works (that's the whole point; it's proprietary).
| And then ask them simple questions like "cookies images have
| been placed on my clients device if no one knows how the box
| works?"
|
| The real advantage of these celebrite boxes, for law
| enforcement, that they give them leads to otherwise admissible
| evidence. So that's why I'm shocked to hear that they actually
| tried to use information from the phone.
| omgwtfbyobbq wrote:
| _And then ask them simple questions like "cookies images have
| been placed on my clients device if no one knows how the box
| works?"_
|
| I'm sure the answer to that would be delicious. ;)
| meowster wrote:
| I imagine it was an autoincorrect of "could imagines
| have..."
| dylan604 wrote:
| or even an autoincorrect of "could images have..."
| generalizations wrote:
| I thought it was "could these images have..."
| salawat wrote:
| >could imagines have...
|
| Auto-correct was a mistake. Either that or a malicious
| undertaking cleverly disguised in the cloak of legitimate
| best intentions.
|
| _Could images have._
| omgwtfbyobbq wrote:
| When I first read that line I had an image of the cookie
| monster sitting in court as a defendant.
| sodality2 wrote:
| Related post: "Exploiting vulnerabilities in Cellebrite UFED and
| Physical Analyzer" https://news.ycombinator.com/item?id=26891811
|
| Blog post from moxie: https://signal.org/blog/cellebrite-
| vulnerabilities/
| DyslexicAtheist wrote:
| in the US some blowback is on the way too:
|
| https://twitter.com/mtmdlawyer/status/1386733853298069505
|
| (imho) sobering thoughts on this to consider:
| https://twitter.com/meganmcgraham/status/1385328533711450114
| ycomnews2021 wrote:
| The reason for this is chain of custody. They should be able to
| prove that from the time that the person last had the device
| until the point when the evidence was collected, no one modified
| it. And from the point where the evidence was collected, until
| when its presented to the court, no one modified it.
|
| But these type of vulnerabilities present a problem, in that
| reading the device could/would modify timestaps of the data
| captured. The solution is to not use Cellebrite, there are lots
| of forensic analysis tools. To be effective Signal would need to
| exploit the major vendors equally.
| qwertox wrote:
| > To be effective Signal would need to exploit the major
| vendors equally.
|
| Maybe they could, and that would be the problem. Cellebrite's
| case now raises the issue of what will happen to those
| decisions where Cellebrite's products were used. This can void
| those court decisions retroactively, which could also happen to
| any major vendor in the next couple of years.
|
| In any case, I doubt that this will make them stop using their
| products.
| _wldu wrote:
| Most forensic analysts use write blockers when capturing an
| image of a device to ensure data integrity (no tampering). If
| Cellebrite altered something during extraction, investigation,
| etc. it would be easy to go back to the original image
| (collected with the aid of a write blocker) or the device
| itself to show that discrepancy.
|
| Edit - For the uninitiated:
| https://www.geeksforgeeks.org/write-blockers-an-introduction...
| sjy wrote:
| This doesn't apply to mobile devices, since it's not feasible
| to remove the internal storage device and take a bit-perfect
| image of it using another computer. You need to plug the
| device into a Cellebrite kiosk, trust Cellebrite to send
| read-only commands over the USB interface, and trust the
| device firmware not to write data when it receives those
| commands.
| ycomnews2021 wrote:
| The modified content would be on the Cellebrite system. And
| the investigator may not notice until much later. The write
| blocker has no effect when the reader is exploited.
|
| You are correct that the source system would not be modified.
| But the content you are presenting and analyzing via
| Cellebrite would.
| _wldu wrote:
| Exactly, but it could be easily proven that the data was
| tampered with as you still have the original/clean image
| and the device itself. So if they are altering data, it can
| be shown.
| ycomnews2021 wrote:
| I'm not a lawyer, but my understanding is the best time
| to present exculpatory evidence is after the prosecutor
| has prepared their case. In theory, if the investigator
| doesn't notice the tainted data and the case is built
| around the tainted data they could argue that everything
| from that source (system/lab/department) should be thrown
| out and that the experts who collected it can't be
| trusted anymore due to incompetence. Sounds like a
| prosecutors worst nightmare.
| _wldu wrote:
| Right and if they have a file or group of files that are
| central to the case, all the accused has to do is say,
| "those were not on my phone" and then the 'experts' go
| back and look at the read-only image to verify.
|
| If the phone could have been altered to add data before a
| forensic image was acquired in a way that looks like it
| was via normal use (reasonable timestamps, browser logs,
| etc.) then we'd have a real problem. Cellebrite
| potentially being used to do this as it reads the image
| is not that problem.
| outworlder wrote:
| > To be effective Signal would need to exploit the major
| vendors equally.
|
| I bet they could. Any industry that's shrouded in secrecy tend
| not to have the sort of incentives that would ensure better
| security practices.
| KuroSaru wrote:
| IT is also know in the forensics community. that on older burner
| style phones. cellebrite can fail to retrieve all messages. No
| tool is perfect and frankly Forensics tools are tested for
| repeatability not for potential exploits. Zip bombs would crash
| FTK until version 2 came out.
| drdec wrote:
| Is this really different from the police taking a physical file
| folder and adding or removing pieces of paper?
|
| Isn't the point that the people operating the software and
| collecting the evidence are the ones that are supposed to
| safeguard it against tampering?
|
| Is there any type of evidence that could stand up if we no longer
| trust the people handling it?
| ycomnews2021 wrote:
| Imagine you opened the folder and made a Xerox copy of the
| documents, but the words or dates in the copies never match the
| original documents.
|
| The crazy thing about this attack, is the person making the
| copy may never know until its presented in court and
| challenged. Then everything from the folder has to be thrown
| out.
| nucleardog wrote:
| > Imagine you opened the folder and made a Xerox copy of the
| documents, but the words or dates in the copies never match
| the original documents.
|
| Turns out that's actually a real thing...
|
| https://www.dkriesel.com/en/blog/2013/0802_xerox-
| workcentres...
| kschwab wrote:
| Probably a better analogy is that the back door to the evidence
| room that leads outside has been unlocked for an extended
| period of time.
| fuzzylightbulb wrote:
| "Probably a better analogy is that the back door to the
| evidence room that leads outside has been unlocked for an
| extended period of time."
|
| And the evidence logs are written in pencil
| simion314 wrote:
| From my understanding, police could scan phone A, if phone A
| had the malicious code then the scanner is infected, now when
| scanning phone B the results are invalid, it could always show
| a "All OK" message or it could plant evidence. There was a news
| on the first page a few days ago where many postal workers were
| put in jail because of a software bug - so we know for sure if
| a computer says X the "experts" will confirm it.
|
| The first thing this Celerbrite dudes need to do is to
| guarantee that the device gets a full reset before each use.
|
| We as society we need to force our police and government to use
| only open source software, otherwise we don't know what
| backdoors or shit this guys put in, we could evaluate the code
| and see if we are wrongfully convicted by a shitty algorithm
| and transparency would also prevent (hopefully) people selling
| some open source software with a logo and a python script for
| milions.
| JumpCrisscross wrote:
| > _if phone A had the malicious code then the scanner is
| infected, now when scanning phone B the results are invalid_
|
| I think it was more insidious. Police scans phone A and
| stores a log. Police scan phone B with said code on it, which
| infects the scanner. This code not only tampers with the logs
| for phone B, but goes back and tampers with the logs for
| phone A. There is thus no log that one can definitively say
| represents the true state of any scanned phone at the time it
| was scanned.
| m463 wrote:
| It is more like opening a folder to look for evidence and
| encountering a spring-loaded creme pie that hits you in the
| face and knocks the contents and all the folders in the room
| onto the floor in one big mixed-up pile.
| betterunix2 wrote:
| Actually, we do not fully trust the police to handle evidence,
| which is why evidence bags with tamper-evident seals are
| supposed to be used, along with chain-of-custody records. There
| have been problems in the past with evidence tampering and
| sometimes it results in large numbers of cases being retried or
| verdicts being overturned because the invalidated evidence was
| so central to the prosecutor's case that a retrial would not be
| worth it. The problem here is that the "tampering" may not even
| involve the people handling the evidence, which allows a
| defense attorney to cast plenty of doubt on the evidence
| without having to challenge police procedures at all (after
| all, it could be that the evidence was corrupted by some random
| third party that has nothing to do with the case -- so why
| should the jury pay any attention to it?).
| [deleted]
| bena wrote:
| The problem is that in this case, is that the act of collecting
| that piece of paper can cause other pieces of paper to appear
| or disappear not only in this file, but in every file in the
| building and you won't know if it happened or not.
|
| At that point, you cannot trust any of the files in the
| building.
|
| It's not a matter of operator error. This exploit works during
| normal operation of the software in question, it depends on the
| software being operated in a typical fashion.
|
| It's not a choice of the person running the software. The only
| choice is to stop running the software.
|
| It also calls into question all evidence ever collected by this
| program because we can't know if some other company already
| figured this out or not.
| chris37879 wrote:
| Sorta. Here's what's actually going on, sticking to your folder
| analogy: This would be more like if, upon an officer reading
| the paper, some arcane force caused them to die, or change what
| was on the paper, or add or remove some papers. Or _literally
| anything else in the cops scope of power_.
|
| Because that's what this does, it lets the data on a suspect's
| device potentially cause the software to run arbitrary code
| with elevated permissions, practically, you could use this to
| craft a packet of data that, when read by Cellebrite's
| software, simply shuts off the machine, or kills the Celebrite
| software, or, worse, connects to the internet and downloads
| some other payload to do something else. Cause there's no way
| these machines aren't connected to the internet at some point
| since the software validates its license that way.
| jedimastert wrote:
| The vulnerabilities also proved that a third party could tamper
| with evidence without the police detecting it.
| syshum wrote:
| High Trust vs Low Trust society.
|
| Clearly we are entering a time of Low Trust Society, and the
| institutions have only themselves to blame as they have abused
| the populations trust for decades only now with free flow of
| information are regular people able to directly see the abuse
| that has existed for a very very long time.
|
| We used to have a High Trust society, not because the people in
| power were trust worthy but because the people in power
| directly controlled the information.
|
| This is no longer the case, and as that power is shifting we
| are now seeing the people that control information today
| looking for ways to retain that control and instead of allowing
| it to flow freely inject their own filters into the streams.
| smhost wrote:
| you have it almost exactly backwards. we haven't lived in a
| high trust society (as you defined it) since before the
| protestant reformation, when the printing press liberated
| information that had been previously monopolized by the
| church.
|
| we're returning to a high trust society out of necessity
| because of economic forces that incentivize information
| asymmetry.
| _jal wrote:
| Pretty sure the difference of opinion between the last two
| comments comes down to differing understandings of the word
| 'trust', and very different time scales.
| gnarbarian wrote:
| I love that you are considering things on that scope but
| there are still many high trust areas in the US. Small
| towns that are culturally and ethnically homogenous with
| fewer transients are almost always high trust.
|
| It's pointless to steal someone's car in a town of 30
| families. everyone would know exactly where it went. You
| also know exactly who you are doing harm to so your sense
| of sympathy kicks in making you less likely to do it.
|
| These tight knit low population towns seem to naturally
| create a high-trust honor culture. Small towns have a
| higher level of social integration so wronging someone
| creates repercussions that flow back to the perpetrator
| through every one of their social bonds.
| akiselev wrote:
| _> I love that you are considering things on that scope
| but there are still many high trust areas in the US.
| Small towns that are culturally and ethnically homogenous
| with fewer transients are almost always high trust._
|
| Some places are higher trust than others but the
| developed world is based exclusively on a high level of
| trust. An actual low trust society is so starkly
| different from what most of us on HN are used: it
| practically enforces a feudal, subsistence farming
| society.
|
| Living in the US, I don't remember the last time I had to
| show my receipt at the fast food counter or show any sort
| of identification when picking up food that I had paid
| for online. I've never once paid for a major/emergency
| medical operation or auto repair ahead of time. Hell, I
| left the dealership with my last car a full week before
| they received the check from my bank (in the Seattle
| area, so definitely not a small town). I don't think
| anyone has ever really verified my income or finances
| beyond a cursory credit check and some PDF that could be
| easily faked by anyone with a little computer literacy.
| Most mortgages are paid back over thirty years! In my old
| country, most people don't fully trust that the
| _currency_ will even last that long.
|
| The systems reinforcing social behavior in larger groups
| are more complicated and easier to game, but they are
| definitely still part of a system based on high levels of
| trust.
| true_religion wrote:
| It's pointless to steal a car and keep it in town, but
| small towns still have petty theft.
|
| Everyone from a small town has a tale of "that family of
| thieves" who you know to watch when they come in your
| store. Sometimes they are legit thieves, sometimes it's
| just bias.
| giantg2 wrote:
| That might be true of the local government. Just ask them
| how feel about the Feds...
| betterunix2 wrote:
| The irony is that corruption and abuse of power is far
| worse at the local level...
| giantg2 wrote:
| In the small tight knit towns? I have seen some, but in
| my experience usually the occurrence goes up as the size
| of the town goes up. Rumors of any kind can spread
| rapidly in small towns. That can come back to bite the
| people (and their family) doing it.
| betterunix2 wrote:
| In my experience, corruption is worse in tight-knit
| communities, but because the community is so small it
| winds up having a tiny impact / nobody cares. You can see
| an example right now in the Matt Gaetz case -- he is
| under investigation only because a corrupt county tax
| collector had been under investigation; that tax
| collector was under investigation because he took
| taxpayer money and bought a bunch of servers that he
| planned to use for some cryptocurrency side hustle, and
| then wound up burning down his office (apparently did not
| understand wiring and started an electrical fire). To put
| it another way, had it not been for a fire, the fact that
| this tax collector was embezzling the county's funds
| would have gone unnoticed, as would his involvement in
| the sex trafficking of teenagers (which is where the
| story with Gaetz starts).
|
| People only pay attention when things are happening at a
| scale they consider worthy of their attention. The reason
| corruption is less common at the higher levels is that
| people are focused on higher level officials; meanwhile,
| the fact that their local officials are breaking this
| rule or that rule goes unnoticed, unreported, or worse,
| happens with everyone's full knowledge and just gets
| shrugged off.
| giantg2 wrote:
| Gaetz is a US House representative. How is that local
| corruption or abuse of power? Did he actually use his
| position, or was it just that he committed a private
| crime while in power?
|
| Also you mention a county tax collector. I wouldn't
| consider that a tight knit small _town_. I think there is
| a lot more corruption at a county level than a small town
| (from what I 've seen).
|
| I sort of get your point about more eyes watching someone
| the higher they go. Some of it is also the position of
| those watchers and their opportunities. In many small
| towns, people know a pot about you and you have plenty of
| nosy (for lack of a better term) neighbors. Arguably,
| they make for better watchers.
| betterunix2 wrote:
| Not continuing the argument, just wanted to point out the
| the reason I mentioned Gaetz is that the whole
| investigation into him started with the investigation
| into a corrupt local official, not that I was calling him
| a local politician (he obviously is not).
| giantg2 wrote:
| But it was also a county official, not a local
| official...
| giantg2 wrote:
| Government is increasingly transparent compared to past
| history. You can see that in things like right to know,
| freedom of information, etc. There are still information
| issues in both discovery and presentation. The public trust
| is still very low.
|
| https://www.pewresearch.org/politics/2020/09/14/americans-
| vi...
| giantg2 wrote:
| There's still a lot that is obscured. For example, most
| states restrict complaint information against judges to the
| point that even if it contains exculpatory evidence they are
| still allowed to keep it secret. The reason they give for
| keeping it secret is to maintain the integrity and public
| trust. Transparency only threatens that objective if the
| system is inappropriately dealing with the complaints.
| darkpicnic wrote:
| I don't think this analogy works. I think it is more akin to
| police opening a folder and seeing paper evidence, but having
| no idea who put the paper there, when it was last
| opened/modified and unable to determine if the evidence is
| legitimate.
|
| For me, this story isn't about fear that police could leverage
| the bugs to manipulate a case. It's about the constant fear
| that laymen rely on unverified "experts" to put people behind
| bars for years.
| [deleted]
| an_opabinia wrote:
| Yes, but you can't join ("intersectionality") your campaign
| against ad tech companies with a campaign against the police
| if you're this busy being intellectually honest.
| chris37879 wrote:
| Since the bug allows for arbitrary code execution, it's more
| akin to the officer reading the piece of paper and by doing
| so, he becomes the subject of some sort of curse that
| completely controls his actions.
| alias_neo wrote:
| I'm not sure you can draw parallels here. Who are the people
| "handling it", Cellebrite, the police?
|
| The vulnerability allows any device plugged in to the "kiosk"
| with a malicious file to do anything it wants to any existing
| report on the "kiosk" as well as plant code for future
| execution in order to do anything else it wants.
|
| Let's assume the device which does this does so silently, at
| what point are the police or Cellebrite supposed to know
| nothing in the kiosk can be relied on, ever?
|
| With a piece of paper on the other hand, the other sheets in
| the folder don't suddenly rot when you add a maliciois sheet of
| paper, although this does sound like an interesting and
| potentially novel attack vector.
| drdec wrote:
| > The vulnerability allows any device plugged in to the
| "kiosk" with a malicious file to do anything it wants to any
| existing report on the "kiosk" as well as plant code for
| future execution in order to do anything else it wants.
|
| It is not clear from the article that analyzing a phone with
| malicious files will trigger the issue, unbeknownst to the
| operator. (E.g. it says "it is possible to execute code
| that...", etc.) However, I'll take your word for it and
| assume it was poor reporting in this case.
|
| That does change things, thanks for the clarification.
| alias_neo wrote:
| You're correct, the reporting is pretty poor, Moxie's own
| account of this on the Signal blog[1] is better.
|
| [1] https://signal.org/blog/cellebrite-vulnerabilities/
| outworlder wrote:
| > Is this really different from the police taking a physical
| file folder and adding or removing pieces of paper?
|
| I wish we would stop trying to come up with analogies to
| computing concepts.
|
| But since you insist: this is like the file folder came from
| Harry Potter and could be possessed by an evil spirit that
| could change the contents without your knowledge.
| Isthatablackgsd wrote:
| We can't stop using analogies. It helps us to bridge the
| information and use it as a reference to get a better
| understanding of it.
|
| Analogies help those people are not familiar with the jargon
| or the field of study. You may be an expert in the computing
| concept, but the rest of us are not an expert in that field.
| Analogies is where it helps to understand it better.
|
| So the answer is no, we can't stop using analogies.
| tupac_speedrap wrote:
| It is an advisory panel so I suspect Police Scotland will just
| ignore them or do some vague measure to look like they are doing
| something about it.
| protoman3000 wrote:
| Couldn't you always claim that malware caused the offending
| clicks/placed the illegal files on your disk and is
| hiding/obfuscating itself so well that it's not detectable by
| forensic methods? What's the logic here to still get the
| criminal?
| edenhyacinth wrote:
| "Your honour, I think you'll find that someone broke into my
| house and planted drugs"
|
| This type of logic has been used plenty in court, it being in
| your possession, digital or not, is sufficient.
|
| The claim here is that due to the vulnerabilities Cellebrite
| has, the offending item may never have been on your device.
| This is more similar to saying that the images the police took
| in your house of drugs were kept on an unsecured server, there
| are recorded vulnerabilities for it, and therefore the images
| could have been digitally edited to show drugs where none were
| present.
| dylan604 wrote:
| Possesion is 9/10ths goes both ways
| sjy wrote:
| Yes, and it's not an uncommon defence in child pornography
| cases. Similarly, you can always claim that the police framed
| you by lying about the device being found in your possession,
| or not being tampered with between seizure and forensic
| analysis. It is up to the jury to decide whether the defence
| gives rise to a reasonable doubt.
|
| The standard is not as high as most technically-minded people
| think. Juries can convict defendants on the uncorroborated
| testimony of a single witness:
| https://newrepublic.com/article/152305/who-to-believe-sexual...
| giantg2 wrote:
| Yep, and society tends to view defendants as guilty from
| start.
| mc32 wrote:
| It's even worse now with social media handing verdicts
| before juries are even assembled.
|
| Infamous cases were difficult in the age of newspapers when
| they got hold of a story, but now everyone can begin their
| own agendum.
| acdha wrote:
| Social media is way less influential than the local news
| media in this regard. That's a long running problem -
| think about how many cases have been covered based on
| police statements which turned out to be completely
| fictitious -- and social media tends to amplify those
| stories more than it contributes original coverage.
| gogopuppygogo wrote:
| Especially in Japan.
| giantg2 wrote:
| True. I was mostly talking about the "innocent until
| proven guilty" saying effectively being BS in the US.
| bena wrote:
| There's a game, Judgment, which opened my eyes to this.
| Because a core part of the backstory of the game is that
| the main character won a case as the defense which is
| seen as a huge deal. He's like one of the few defense
| attorneys to have ever gotten to not guilty.
|
| The game takes place in a slightly fictionalized version
| of Japan and is made by a Japanese game developer noted
| for making games steeped in contemporary Japanese
| culture. I guess that's important to note.
| zionic wrote:
| Exactly, you are "guilty" if a prosecutor can convince 12
| people who couldn't get out of jury duty to convict you.
| acdha wrote:
| Which is exactly why nobody should encourage trying to get
| out of jury duty: the legal system depends on everyone
| doing their civic duty so juries represent the community.
|
| If you jokingly imply that jury duty is for suckers, you're
| undercutting the system and supporting bad outcomes. For
| example, one of the few checks on the drug war or bad
| policing has been juries refusing to accept bad police
| work.
| jimbob45 wrote:
| It's a bit moot though. Even if you're ra-ra wild about
| jury duty, the chance that you actually get selected
| isn't especially high.
|
| I think most people know this and figure they're just
| going to have to waste a few hours only to be sent home
| (or worse, get selected and then sent home after
| settlement).
| bena wrote:
| Thank you. People who treat jury duty as a burden and a
| job for suckers are playing the game that they will never
| be in a trial where a jury will decide their fate.
|
| And while that's likely a game you win, I also wear my
| seatbelt despite not betting on crashing my car.
| [deleted]
| abakker wrote:
| My experience is that you have to "play dumb" not to get
| kicked off. The last time I was impaneled, the prosecutor
| asked if I, as a juror, would be comfortable if the
| injured party (an assault case) did not testify. I said,
| sure, since the prosecution wasn't representing them.
|
| I didn't mean to be glib, but it got me dismissed
| immediately. It seems to me that any knowledge of law or
| procedure will get you dismissed.
|
| point is, if you want to be on a jury, work hard NOT to
| give away any knowledge of the legal system.
| betterunix2 wrote:
| I would take it a step further -- if you want to serve on
| a jury, you need to pretend to have no education at all.
| The last time I was called up for jury duty, all I did
| was (truthfully) state that I was a PhD student during
| voir dire, and that was that, I was out.
| betterunix2 wrote:
| ...or maybe it is time to reconsider jury trials,
| especially as cases become more technically complex. The
| fact that lawyers reflexively kick highly educated jurors
| off during voir dire speaks volumes about a typical
| jury's ability to understand technical details. There is
| a good case to be made that a diverse panel of judges is
| better able to decide the facts of a case (and before
| anyone asks, it is trivial to have a separate judge or
| panel of judges determine sentencing).
| tryonenow wrote:
| I think technically minded HN types normally get filtered
| out during jury selection anyway, as lawyers seek
| witnesses who are less logical and more malleable. Not
| sure if it's an urban legend but I've heard it quite a
| few times from people who were summoned but not selected.
| [deleted]
| ycomnews2021 wrote:
| claiming that porn on your device isn't yours is not the
| problem. the theoretical problem is if you received porn via
| Signal on 04/01/2020 2:23AM but Cellebrite says you received it
| on 04/26/2020 5:34PM (while in custody). Or 12/23/2019 at
| 2:00PM (before you bought the phone). If the dates on the data
| in Cellebrite can't be aligned to the dates of the actual
| events AND the last modification of the device was AFTER you
| last had control of it, nothing can be trusted from it.
| btilly wrote:
| No, that is not the problem.
|
| The problem is that a report about a phone scanned on
| 2020-02-01 can be altered by a phone scanned on 2020-05-01 to
| say that there was porn when there wasn't. Oh, and that scan
| left a running program which will cause 5% of the phones
| scanned after that to randomly also claim porn that is not on
| the device.
|
| Therefore if a single phone with Signal was scanned at the
| kiosk, NOTHING from that kiosk can be trusted.
| ycomnews2021 wrote:
| This is a problem, but I don't think Moxie would do this as
| it _could_ make him liable for evidence tampering. If the
| protection mechanism applies to the device being scanned,
| its a defensive measure, if it is applied to unrelated
| devices, it looks like a malicious destructive action.
|
| If the USER could select the action, for research purposes,
| that might a different story.
| btilly wrote:
| Moxie might or might not have done so. But he made it
| clear that he could have, and went out of his way to
| create reasonable doubt about whether he did.
|
| If he winds up in court, I'd love it if he sticks to his,
| "the files are there for artistic effect".
| myself248 wrote:
| Since after all, Cellebrite claims their device doesn't
| alter evidence on the way through. If that claim is true,
| Moxie's artistically-beautiful files obviously can't
| affect it.
|
| Saying those decorative files tampered with evidence is
| equivalent to admitting that everything the Cellebrite
| claims to do, it doesn't do and never has done.
| ikonst wrote:
| It's the news article that was already widely published and a
| local take (not by any government body, "campaigners have
| called") in Scotland.
___________________________________________________________________
(page generated 2021-04-26 23:01 UTC)