WendyMcElroy.com
The Sad State of Computer ForensicsA recent posting on Groklaw highlights a problem that has figured into some of Wendy's recent columns -- the fact that computer forensics is still in its infancy, and much of the "expert testimony" being offered is flim-flam of the first order.
The posting is of a deposition in the case of UMG v. Lindor, an in which the RIAA (through UMG) sued Marie Lindor for music piracy. Lindor's attorney was primed with some good questions to ask the RIAA's expert witness, and the deposition is worth reading in full if computer forensics is of interest to you.
What's really striking is the tapdancing of the expert as he tries to avoid admitting a well known fact: an IP address provided by an Internet Service Provider does not uniquely identify a computer. At most, it identifies an Internet connection (customer account); it does not tell what computer was used to perform that access. Especially if a NAT router is being used. To make that final link, you need evidence from the computer, and it sounds like that evidence was sadly lacking in this case. (No trace of music files or file-sharing software was found on Lindor's hard drive.)
The posting is of a deposition in the case of UMG v. Lindor, an in which the RIAA (through UMG) sued Marie Lindor for music piracy. Lindor's attorney was primed with some good questions to ask the RIAA's expert witness, and the deposition is worth reading in full if computer forensics is of interest to you.
What's really striking is the tapdancing of the expert as he tries to avoid admitting a well known fact: an IP address provided by an Internet Service Provider does not uniquely identify a computer. At most, it identifies an Internet connection (customer account); it does not tell what computer was used to perform that access. Especially if a NAT router is being used. To make that final link, you need evidence from the computer, and it sounds like that evidence was sadly lacking in this case. (No trace of music files or file-sharing software was found on Lindor's hard drive.)
Also noteworthy was the expert's cavalier attitude toward the evidentiary trail. He neglected to perform some elementary tests, and neglected to document others that he performed. I do not mean to denigrate his technical skills, but his knowledge of the requirements of law is clearly even weaker than my own (I am not a lawyer). Considering this and the Matt Bandy case, it's clear that prosecutors and civil lawyers are relying on slipshod evidence to make their computer-crime cases. And I rather suspect they're relying upon the authority of their "experts" to bamboozle the juries into believing that they have proven a link, when really they haven't.
The problem is, unless the defendant can afford a knowledgable lawyer and a true technical expert, this hornswoggle is likely to prevail. Innocent parties will be convicted, or be convinced to plead to crimes they haven't committed. Would you know how to prove that your computer had not transmitted a file over the Internet?
It seems to me that there are practically no standards for computer forensics, and the procedures which have evolved ad hoc are sadly deficient. Until some meaningful standards are in place, defense attorneys are going to need to start learning more about computer internals. And techies who value justice are going to have to start sounding off about the nonsense being passed off as evidence.
The problem is, unless the defendant can afford a knowledgable lawyer and a true technical expert, this hornswoggle is likely to prevail. Innocent parties will be convicted, or be convinced to plead to crimes they haven't committed. Would you know how to prove that your computer had not transmitted a file over the Internet?
It seems to me that there are practically no standards for computer forensics, and the procedures which have evolved ad hoc are sadly deficient. Until some meaningful standards are in place, defense attorneys are going to need to start learning more about computer internals. And techies who value justice are going to have to start sounding off about the nonsense being passed off as evidence.
| Donate with Paypal |
 | Donate Bitcoins! |
New Bitcoin address - 30 Nov 2020
1Ee7g7zAUReViPRWtLPBEgnPDRP62qxq3J
1Ee7g7zAUReViPRWtLPBEgnPDRP62qxq3J
Our news can be syndicated by using these rss feeds.
