Man Sues Microsoft Because The FBI Was Able To Access His Encrypted Files

from the quite-a-challenge dept

A man who was arrested for gun-related charges is apparently now suing Microsoft for allowing FBI agents to view the contents of his hard drive. He bought a Compaq computer from Circuit City loaded up with various security and encryption products. When he was arrested on gun charges, the Bureau of Alcohol, Tobacco and Firearms took his computer as well. Agents there were unable to access his computer, but handed it off to the FBI who was able to access the content by making a copy of the hard drive. The man was then embarrassed, because, among other things, his hard drive included "sexually explicit videos of him and his girlfriend" as well as "evidence that he frequented pornographic Web sites." He claims that he had Microsoft IE set to erase his history every five days, and between that and the FBI being able to access his computer, Microsoft owes him a couple hundred thousand. Apparently, he already convinced both HP and Circuit City to pay up for their part. Either way, you have to wonder if there's a reasonable expectation that when you buy this kind of security software that folks like the government wouldn't ever be able to break it.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Mit, 5 Mar 2007 @ 7:09am

    If you sell something as secure isnt that ment to mean from everyone no matter who? Or does it just mean secure from anyone who doesnt know better?

    link to this | view in chronology ]

  • identicon
    Mercury_merlin, 5 Mar 2007 @ 7:09am

    Two suggestions...

    (1) Don't use Microsoft

    (2) Do use Truecrypt

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 5 Mar 2007 @ 8:17am

      Re: Two suggestions...

      whats wtong with truecrypt (sorry for OT)

      link to this | view in chronology ]

      • identicon
        Mercury Merlin, 5 Mar 2007 @ 8:43am

        Re: Two suggestions...

        To AC:

        Nothing's wrong with Truecrypt, as far as I know, I use it myself and recommend it.

        That's why I said "Do use Truecrypt" rather than whatever other products this gentleman purchased and used ... ?

        link to this | view in chronology ]

    • identicon
      Anonymous Coward, 6 Mar 2007 @ 9:16am

      Re: Two suggestions...

      I second that. It's my understanding that M$ has built back doors into the OS for years to the gov't can access encrypted stuff (not sure if this is true with current versions of windows).

      It is also my understanding that there are lots of encryption tools (like Truecrypt) that allow encryption that pretty much can't be broken.

      I'm assuming the guy mentioned in the article is just an idiot...

      link to this | view in chronology ]

  • identicon
    Enrico Suarve, 5 Mar 2007 @ 7:22am

    Unusual one

    At first my reaction was 'seems fair' the guy bought a product but it didn't work - case closed

    However unless it came with an absolute guarantee that cracking was impossible I think this is a little far-fetched

    The precedents it would set would be mind-numbing - if you can't absolutely guarantee the effectiveness of your product against someone actively trying to break it, you could be sued

    Lock Manufacturers, Anti-Virus Companies and Pharmaceutical manufacturers would probably all have to hang up their boots if this goes through

    I think the fact that ATF couldn't get into the drive on their own is proof enough that the defences do what they say on the box - however nothing is 100%

    link to this | view in chronology ]

  • identicon
    Rob Zello, 5 Mar 2007 @ 7:23am

    umm, so

    So this guy was outted for making naked videos with his girlfriend and viewing lots of porn... in other words he was outted as a perfectly normal straight male...and that embarrassed him enough that he should be compensated?

    link to this | view in chronology ]

  • identicon
    James, 5 Mar 2007 @ 7:32am

    Dumb

    This guy is an idiot and shame on HP and CC for not knowing better. EVEN if IE had deleted his files every 5 days, any technical person knows that the FBI could still retreive the information from his harddrive.

    The magnet signature from your data stays a very, very long time even after defragging, and re-writing, etc. etc. Even firms that promise DOD-level erasure through software know that there is still a possibility that a smart person can retreive data from that drive. The only true security would be to completely destroy the drive.

    link to this | view in chronology ]

    • identicon
      Vincent Clement, 5 Mar 2007 @ 8:02am

      Re: Dumb

      Ah, the good old magnetic signature anomaly. At best, all a company or government could 'recover' is a bunch of 1s and 0s and then make some assumptions to determine exactly what that data is. Sorry, I'm not buying into the whole magnetic signature theory.

      link to this | view in chronology ]

      • identicon
        Betaflame, 5 Mar 2007 @ 8:29am

        Re: Re: Dumb

        Um... Do you know that all digital data is, is 1s and 0s right? There does tend to be a pattern with it to help them piece it all together. But hey, if you don't think the FBI can get those 1s and 0s to mean anything, even tho they can break the encription on it, then thats your gamble, isn't it.

        link to this | view in chronology ]

        • identicon
          me, 5 Mar 2007 @ 12:22pm

          Re: Re: Re: Dumb

          I believe his point was that these 1's and 0's are read only as 1's and 0's, and nothing more. Residual magnetic signatures could result as analog traces after rewriting a bit, but is undetectable to be of any information in relation to the original information as it is lost in the margin of error of a certain amount of rewrites (not many at all, I assume).

          link to this | view in chronology ]

      • identicon
        James, 5 Mar 2007 @ 1:10pm

        Re: Re: Dumb

        magnetic signature theory? where the hell did you come up w/that??

        open your eyes,... there are companies who SPECIALIZE in data recovery services, if your hard drive ever dies look them up... they may be your saving grace.

        link to this | view in chronology ]

    • identicon
      DD, 5 Mar 2007 @ 11:20am

      Re: Dumb

      James I agree this guy is an idiot, but you have to understand that most of us are not even slightly technical, so when you purchase a product that clearly states your data is protected by encryption you will believe it. HP and Compaq are paying out because their profits will far exceed all judicial payouts...so who's the idoit now?

      link to this | view in chronology ]

    • identicon
      BigDogRMF, 5 Mar 2007 @ 11:58am

      Re: Dumb

      Also, according to the article, he had IE set to erase his history... which is just a set of shortcuts and has nothing to do with cache, cookies, or temporary Internet files, etc., etc... Maybe he's upset because now a bunch of guys at the FBI know how little his thing is and that his girlfriend fakes her "Big O's"...

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 5 Mar 2007 @ 4:16pm

      Re: Dumb

      1 Gauss it
      2 Burn it
      3 Shred it
      4 Butn it again
      5 Put the ashes into an oil barrel
      6 Add water and mix throughly
      7 Bury in toxic waste dump

      link to this | view in chronology ]

  • identicon
    uh, 5 Mar 2007 @ 7:51am

    I think this article isn't specific enough. What are the specific gun charges against this guy.... Maybe the computer has nothing to do with the other charges, so it's like they took away all of his privacy

    link to this | view in chronology ]

    • identicon
      TheDock22, 5 Mar 2007 @ 8:01am

      Re:

      Maybe the computer has nothing to do with the other charges, so it's like they took away all of his privacy

      True, but he did commit a felony and under the laws if the police have a warrant they can take whatever they want. I'm not surprised the cops took his computer since he could have admitted to the crime via e-mail, instant message, etc.

      Now suing Microsoft because he assume that deleting his file more than a week old means it totally deletes them is absurd. For one thing Internet Explorer is considered a free product, so chances of him winning are slim to none.

      Secondly, ignorance is no excuse to the law. All those companies say that nothing is guaranteed as far as security when it comes to the Terms of Use. There are way too many variables to take into account.

      And honestly, you think these companies want to develop software to keep the feds out of suspected criminal's computer? That's a whole different legal battle, and you don't want the government on the other side.

      link to this | view in chronology ]

      • identicon
        Shawn, 5 Mar 2007 @ 8:34am

        Re: Re:

        [quote]True, but he did commit a felony and under the laws if the police have a warrant they can take whatever they want.[/quote]

        Not so true. That would have to be included in the warrant (when serving a warrant, you have to specify such things in the warrant to the judge, to have it allowed in the search. You wouldn't look for a dictionary inside a calculator, its an 'unreasonable search and seizure'. (Just an example of what I'm trying to relay, it has to be within a reasonable search and seizure, which might be exactly what he is basing the suit on). Now, the articale says gun charges. The only reason I can think of such a reason to take his computer, would be if he were arrested on trafficing, he would have used the computer in the course of the crime, which they would reasonably have to identify in the search and seizure.

        Now you got me off on a tangent. :P

        link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Mar 2007 @ 7:56am

    Who makes a silencer for an air rifle? That's like putting laser sights on a slingshot.

    link to this | view in chronology ]

  • identicon
    Paul, 5 Mar 2007 @ 7:58am

    ?

    If it is about piracy it doesn't make sense either. so the FBI knows he made the videos and looks at porn. He just shared that info with a lot more people by suing. That they saw correspondence with his attorney may mean something though.

    link to this | view in chronology ]

  • identicon
    Encrypted?, 5 Mar 2007 @ 8:19am

    BB gun seller

    1. It's supposed to be encrypted, so whether they could read the bits off the disk or not is unimportant.

    2. "True, but he did commit a felony"
    Actually the story says he's charged with selling an AIR RIFLE with a SILENCER. He's not convicted yet of anything and it was only a BB gun.

    He's not suing the FBI for doing their job, he's suing Microsoft for not doing theirs. It should have gone to court, the judge would decide if the guy had to give up the password with the option of appeal if he disagreed.
    It's quite possible the judge would decide the case is so piffling (and air rifle?? a BB gun!?) that it doesn't warrant his privacy being taken away.

    But it means the encryption can't be used because if the FBI can access the drive, so can thieves.

    link to this | view in chronology ]

  • identicon
    CptCalicoJack, 5 Mar 2007 @ 8:27am

    Personal Privacy?

    I think there is a more important issue at stake here. Should the federal government be allowed to break/crack/hack someone's personal information that they have obviously tried to secure? Doesn't the DMCA protect against this type of thing? I guess the DMCA doesn't apply to the federal government, like most of the laws in this country.

    If someone is arrested for a gun related (non-computer) charge, should they no longer have rights to personal privacy?

    It has be illustrated many times that encryption / information protection technology can be broken. I don't see the point of trying to sue the companies that made the products that have been broken. I see a bigger problem with whether the federal government can use the technology available to crack this type of data protection when someone has been charged with a non-computer related crime.

    To me the software and encryption products that were used held up to 'reasonable expectations' of what they said they were doing. To expect otherwise would be to expect that technology couldn’t be broken or cracked. This has been proven over and over that this is not the case.

    So for me the fact that his privacy was violated was not the fault of the softwarehardware makers, but that of the federal government. To me someone’s digital information which they are trying to keep private should not be violated simply because they have been charged with a gun related crime.

    If someone is being charged with a gun related crime and have a gun safe located in their house, I could see justification for breaking or cracking the safe. But, to break or crack the technology being used to protect his personal privacy (digital data in this case), which has nothing to do with the charge, is not acceptable.

    For this to be thought of as acceptable then you would have to have the mindset that anyone charged with a crime no longer has a right to personal privacy. I think this is a more dangerous precedent to set than it would be that companies are responsible for their technology being broken (by the federal government, as in this case).

    I also must state that my views and opinios are based on a very limited access to the information of what actually happened. In today’s world of inaccurate and objective information, who knows what really happened.


    “Look at things for what they REALLY are, not for what others want them to be perceived as.”

    link to this | view in chronology ]

    • identicon
      Dave Vick, 5 Mar 2007 @ 9:19am

      Re: Personal Privacy?

      "I see a bigger problem with whether the federal government can use the technology available to crack this type of data protection when someone has been charged with a non-computer related crime."

      I don't think that being a computer crime should be a prerequisite for having your computer examined. The use of computers is so wide spread now that they can be seen as simple tools that almost everyone uses. So accessing his computer would be seen as looking at one of the tools that he might have used to commit the crime he has been accused of. In the same way that they look over someones accounting books if they are accused of money laundering. Or they examine your clothes if you are accused of killing or kidnapping someone even though you didn't kill them with your clothes.

      link to this | view in chronology ]

      • identicon
        CptCalicoJack, 5 Mar 2007 @ 9:55am

        Re: Re: Personal Privacy?

        I agree to some extent. I don't think the only time a computer should be searchable in a crime investigation is when it is a computer crime. If they have substantial reasons to believe a computer was used to commit a crime or assist with committing a crime, then YES it should be searchable. But, if a crime is committed and the investigative party has no substantial evidence that a computer was used in or to assist with a crime, I don't think the investigative party should be able to obtain and crack someone's protected personal data.

        The same way a police officer cannot search your car for pulling you over for a traffic violation. That is why the government has to get search warrants or have reasonable cause (in theory: to protect against unreasonable search and seizure).

        So I guess a good question would be: Is our digital data protected against unreasonable search and seizure, they same way our house and car, and other personal privacy are protected against unreasonable search and seizure?

        Encryption is a lock and the encryption key is the key to the lock. So like the real world equivalent of something being protected with a lock and key, law enforcement should have a warrant specifically stating that they can break/crack/hack the digital lock and key just like in the real world scenario. This is what protects our personal privacy from unreasonable search and seizure and it should apply to the 'digital world' as well.

        As far as the article that started this discussion, I don't know enough information to make an intelligent assumption of what 'truly' happened. Therefore, I cannot say if what happened in that instance what a violation of personal privacy or not.


        "What is right and wrong is a matter of opinion, and peoples' opinions will always be different."

        link to this | view in chronology ]

  • identicon
    Rediculous, 5 Mar 2007 @ 8:28am

    Too bad. Its the same as the FBI finding pictures in his "secure" safe. Why blame M$?

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Mar 2007 @ 8:54am

    In Internet Explorer, there is a file called Index.dat that doesn't "clear" itself as you think it would. It simply goes ahead and wipes it from YOUR visibility but still leaves that file with the history still in it. Unless you get a 3rd party tool that can wipe that file clean - you're better off using Firefox.

    link to this | view in chronology ]

  • identicon
    Poomer, 5 Mar 2007 @ 9:16am

    Encryption standards

    Please correct me if I am wrong.
    As a student of Computer Science, I came to know that National Institute of Standards and technology (NIST) has approved Advanced Encryption Algorithm (AES) and a few other standards such as DES and DES3 etc. for use to protect data from common public or for securing data overseas from US. They have done this because they can break those if need be.

    Also is this true - That you cannot develop and use a "home-made" encryption algorithm that the FEDS cannot break using their "super-computers"?

    I believe that this ties in the Patriot act. The Government agencies such as NSA/FBI/CIA has to be able to monitor the public.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Mar 2007 @ 9:23am

    I think you're right for the Patriot Act. But not every people live in USA.

    And another thing, you could use multiple layer of encryption... hardware encryption, filesystem encryption, file encryption, ... and then it would be really hard for the governement agencies to decrypt the file.

    And you can "forget the passwords you used" if you are asked to reveal them.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Mar 2007 @ 9:24am

    Advertising claims

    What did M$, HP, and Circuit City claim about this encryption. If they said it meant totally safe, then they deserve what they go. If they provide reasonable warnings that encryption can be broken, then this guy is clueless along with being a jerk.

    But a few hundred thousand? To whom did the FBI publish this information? If he did it to himself, he is stupid along with being a jerk. Regardless, the most a court should award him is $1.99

    link to this | view in chronology ]

  • identicon
    TheDock22, 5 Mar 2007 @ 9:43am

    New light...

    I found an interesting article here:

    http://www.realtechnews.com/

    Where it states:
    Michael Alan Crooker had his home raided in 2004 based on reports that he owned bomb-making materials. And in fact, the FBI found apparent IEDs and chemicals and equipment used in the production of ricin.

    So with this in light, it wasn't a simple gun charge (I was wondering why the FBI would get involved in a gun related case anyway).

    Do to the Patriot Act, the police had full discretion to seize the computer, especially if they thought he was a terrorist.

    I doubt Crooker would win the case against Microsoft if they decided to go to trial simply because Microsoft offers no hint that history is "permanently deleted" off your hard drive when you set that option.

    I bet Microsoft settles though. I wouldn't want to be known for selling some security products and then having a lawsuit about how they don't work.

    link to this | view in chronology ]

    • identicon
      misha van leuven, 12 Jun 2012 @ 8:26pm

      Re: New light...

      Hey, I guess you didnt actually read the article or do any real research. He didnt actually have ricin or dangerous chemicals. These "items" were found in 2008, which was 4 years after the illegal search of his house. They found the stuff in his computer in 2004 while investigating his air pistol, which was legal to own. In 2004 he was convicted of having a firearm, even though air pistols are not legally considered firearms and anyone of any age, no restrictions, can own them, even children. In 2006 he was acquited on appeal as they found that he hadnt broken the law after all, and then in 2008 they found ingredients which could have been used to make the chemicals but the chemicals ricin wernt made yet.

      I will explain further. They found caster bean plants and they found rosary pea plants. With high enough skill it is possible to take the fruit of those 2 plants and make ricin and abrin. Abrin comes from the rosary peas and ricin from the castor plants. But the huge side not is that both of these plants are extremely popular as decorational plants and lots and lots of people have them. In fact some people might have them and might not even know that they can be used to make poison. Making ricin poison is extremely hard and complicated. I doubt that he had the skill to do it. They basically arrested him for having house plants, because they were angry that they looked stupid when he got out on appeal. He didnt have ricin or abrin in his house, he had the plants that could have made them. Do you know that the leaves of a tomato plant are very poisonous? How would you like it if someone came to your house and you were growing tomatoes and accused you of making poisons because you had tomatoes. You cant just take castor beans and the peas from rosary pea plant and squish them up to make the poison. You have to have a full chemistry lab as well. So unless they found a lab as well this case is a farce.

      link to this | view in chronology ]

  • identicon
    Erstazi, 5 Mar 2007 @ 9:48am

    ...

    He could have erased the hard drive with a powerful magnet. BUT that would have incriminated him more.

    link to this | view in chronology ]

  • identicon
    CptCalicoJack, 5 Mar 2007 @ 10:00am

    *previous comment*

    Sorry, I didn't state this in my previous comment.

    My comment #27 was in response to Mr. Dave Vick's #23 comment.

    link to this | view in chronology ]

  • identicon
    TheDock22, 5 Mar 2007 @ 10:25am

    Some light on the issue...

    It seems the article was misinformed about the charges against the man:
    Michael Alan Crooker had his home raided in 2004 based on reports that he owned bomb-making materials. And in fact, the FBI found apparent IEDs and chemicals and equipment used in the production of ricin.

    http://www.realtechnews.com/

    Considering this, and the Patriot Act, they had every right to confiscate his computer. I was wondering why the FBI would be involved in a simple gun case, but it seems more serious than that.

    As far as suing Microsoft, let him try. Although I bet Microsoft will just settle as they do not want a whole lot in the news pointing to security flaws in Internet Explorer. But if it went to court, my money is on Microsoft for the win.

    link to this | view in chronology ]

  • identicon
    Sparky, 5 Mar 2007 @ 10:33am

    No guarantee

    This is not a technicel question.....Did Microsoft mislead the customer thru design or negligence to believe that his data was compeltly safe? If so, it is likely that he will be compensated and he can use the money to defend himself against the gun charges....

    FBI should be covered under the Patriot Act.

    link to this | view in chronology ]

  • identicon
    MacPaddy, 5 Mar 2007 @ 11:16am

    ya know...

    link to this | view in chronology ]

  • identicon
    gimpydwarf, 5 Mar 2007 @ 11:19am

    FBI loves computers...

    The goal of the govenment is to have us all living in fear of it. Frightened people will never rise up to fight the corruption. Not being able to buy functioning software for security is just one facet of of the plan.

    There is a case here in AZ. where a man was found guilty of having 3 pictures of girls that appeared to be underage porn on his computer (out of over 1000 pics). The pictures were found in the "temp internet files" folder of his windows program after his angry wife turned it over to the police. He claims they were just from porn pop-ups, and he had no intentions of viewing them in the first place, much less to keeping the pics. But, because they are on his computer, he was forced to plead to a lesser charge, he is now doing 3 years and has to register as a sex offender for the rest of his life.

    Almost any adult who has surfed porn on the internet has had these pop-ups. You don't have to look for them, they make themselves obvious. And once they pop up, they are on your computer, and you now are in possession of illegal of child porn, And you are now a criminal.

    You can't always control what pops up on your screen, but you can decide how you deal with it. So you can run out and buy software designed to clean out your computer of all these pics and pages that you did not solicit. BUT NO! Thanks to our intrusive govenment, The software is designed so that if someone wants to look close enough, they can see everything you tried to delete or encript. Even if you try to distroy the pictures that you didn't look for, didn't want to see, and don't want to keep, there is still evidence that can come back a burn you someday.

    Privacy is an enemy of the state. The more they know about you, the more they can intimidate and control you.

    Gimpydwarf

    "It only hurts when i laugh ;-D "

    link to this | view in chronology ]

  • identicon
    wtf, 5 Mar 2007 @ 11:32am

    Big Brotha Pwnz joo

    The real question is why the hell did the FBI need his computer in the first place? Didn't they have enough evidence without stealing his personal property?

    The side show question is that why did he trust m$? Everyone screws everyone and nobody cares anymore, everyone accepts it and moves on.

    Personal is no longer a word that should be associated with property or privacy. Both can be taken by the government at will.

    link to this | view in chronology ]

  • identicon
    CS, 5 Mar 2007 @ 11:52am

    WTF?

    Yes and criminals that get caught by phone tap should sue their phone companies!

    link to this | view in chronology ]

  • identicon
    Justin, 5 Mar 2007 @ 12:02pm

    Oh come on....

    FTA: "when Bureau of Alcohol, Tobacco and Firearms agents raided Crooker's home in June 2004 as part of an investigation into the sale of an air rifle equipped with a silencer and seized his computer."

    I keep seeing over and over here that they (the ATF) did not have reason for "breaking" the security of this poor saps computer. But as you can READ from TFA it clearly stakes a SALE of a firearm. So by no reasonable stretch of reason the computer could have clearly been used in the commission of this "alleged" crime.

    link to this | view in chronology ]

  • identicon
    misanthropic humanist, 5 Mar 2007 @ 1:09pm

    poor standards all round

    Firstly I would like to agree with Enrico that it is unrealistic to suppose that companies should be held to impossible standards. Of course they should not make fantastic claims in the first place. There is no absolute security and any software or hardware is no different than a lock that can be circumvented, or brute force broken. If Microsoft are to be guilty of anything for which damages are due it is making false advertising claims.

    Secondly, it never ceases to amaze me that weak minded beliefs such as "The police can do whatever they like" are so often aired. It is no wonder that corrupt officials find it easy to abuse their powers when so many people maintain this rubbish. I wonder, where do they get these beliefs? Watching too much television? Or making defeatist assumptions based on twisted authoratarian ideas?

    Gimpydwarf: "The software is designed so that if someone wants to look close enough, they can see everything you tried to delete or encript. Even if you try to distroy the pictures that you didn't look for, didn't want to see, and don't want to keep, there is still evidence that can come back a burn you someday."

    While it's widely held that Microsoft furnish the NSA with backdoors into their software I am personally very sceptical that there is a proper conspiracy between these organisations. There is no need. Microsoft software is so defective by negligent design that anyone with the most basic knowledge can gain access to a Windows computer. Why would any organisation risk exposure by explicitly coding in backdoors when all they have to do is maintain their current standards of security? Rather it is the case that most software doesn't actually behave the way most users assume it does.

    But Gimpydwarf raises a very interesting point in this observation.

    The first point is that because of its intrinsic weakness a user of a Microsoft Windows system is not in control of that system. I have made this point several times, that there can be no mens rea, no guilt attached to the mere presence of certain data because the users actions cannot demonstrably be proven. There are many self-proclaimed computer "experts" who dispute this, but they are either misinformed, partially informed or outright lying. Many cases I have heard of in this regard revolve around circumstantial evidence, implication and assumption.

    But let us assume what many people erroneously believe, that every keystroke and action is logged on a system and that such evidence equates to incontrovertible evidence of intent. In that case there is actually enough information there to acquit a user that has unwanted data on their system (say, by the mechanism of malware or popups). As Gimpydwarf says, that the user " didn't look for, didn't want to see, and don't want to keep" the data, if provable is evidence enough for any intelligent and honourable judge to find for the defendent, at least for her/his character.

    But because most laymen, policemen and judges are not experts in computing any accused person is at the mercy of an investigator to absolutely and thoroughly discharge their duty without error, and not to selectively filter the evidence.

    The problem is that the investigative software is not designed to execute this task in an impartial manner, it is desgned with a task model which is affirmative, ie looking for positives, rather than attempting to build a picture that could equally acquit or convict a criminal. I know this because I've studied many forensic applications used by the police in a detailed way. Furthermore, it is often used by inexperienced investigators who do not have the time to be thorough.
    In many circumstances the shreds of evidence that are uncovered by these present methods should never be admissable as evidence in criminal case, and if presented to a jury of non-experts would certainly be misleading.

    link to this | view in chronology ]

  • identicon
    ReDeYeZ, 5 Mar 2007 @ 3:28pm

    What self-respecting heterosexual man would be "embarassed" about porn and/or videos after he deliberately choose to make of video of himself 'boffing' his girlfriend?

    Is she a big fat grotesque sweat hog?

    I say: 'No case, No settlement, and let the punishment fit the crime; one shot in each limb with the air rifle...'
    Compaq/Hp and Microsoft are actually entertaining this friggin nonsense?

    The man is clearly mentally incompetent.

    He should be more worried about the broad he videotaped then the feds, or his own embarassment, - she's got him by the short hairs.

    link to this | view in chronology ]

  • identicon
    |333173|3|_||3, 6 Mar 2007 @ 1:21am

    M$ backdoor

    I have heard from a reliable source who works for the Australian Governement that the use of M$ drive encryption has been explicitly forbidden because of the backdoor. As it was explained to me, under US law, the makers of commercial drive encryption systems are required to tell certain govt. agencies how to easily (i.e. not by brute-forcing the password or forcing the owner to tell you) break the system in order to be allowed to sell the system in the USA, and M$ complied with this by providing a complex backdoor, a sort of master key. THis is waht Poomer in 22:2 is refering to.

    One way you could get around this law (apart from downloading a system from overseas, setting the password to be, say 256MB and storing it on a USB, with a 4pt printout that you can supply to the police if they dmmand it) would be to make your own modified form of Linux with an obscure and mangled file system which is so thoroughly intertwined in hardware specific version of the OS that they have to try to use your computer, store a heap of viruses on your HDD which can be accessed by a normal file system, and setting up your version of Linux to format the HDD if they do not use a certain key combo when booting. This would mean that the data is wiped when they try to read it.

    Alternaltively, store all incriminating data on a USB, which can be easily smashed/flushed down the toilet/eaten/thrown in the fire or otherwise destroyed or hidden. THen if tehy demmand teh data and passwords, you can provide them safely.

    link to this | view in chronology ]

  • identicon
    Angus S-F, 6 Mar 2007 @ 8:14am

    Old News - Schneier noted this in May '06

    See this page:

    ========================================
    Schneier on Security: Man Sues Compaq for False Advertising
    http://www.schneier.com/blog/archives/2006/05/man_sues_compaq.html
    Posted on May 03, 2006 at 09:26 AM
    Convicted felon Michael Crooker is suing Compaq (now HP) for false advertising. He bought a computer promised to be secure, but the FBI got his data anyway:

    He bought it in September 2002, expressly because it had a feature called DriveLock, which freezes up the hard drive if you don't have the proper password.

    The computer's manual claims that "if one were to lose his Master Password and his User Password, then the hard drive is useless and the data cannot be resurrected even by Compaq's headquarters staff," Crooker wrote in the suit.

    Crooker has a copy of an ATF search warrant for files on the computer, which includes a handwritten notation: "Computer lock not able to be broken/disabled. Computer forwarded to FBI lab." Crooker says he refused to give investigators the password, and was told the computer would be broken into "through a backdoor provided by Compaq," which is now part of HP.

    It's unclear what was done with the laptop, but Crooker says a subsequent search warrant for his e-mail account, issued in January 2005, showed investigators had somehow gained access to his 40 gigabyte hard drive. The FBI had broken through DriveLock and accessed his e-mails (both deleted and not) as well as lists of websites he'd visited and other information. The only files they couldn't read were ones he'd encrypted using Wexcrypt, a software program freely available on the Internet.

    I think this is great. It's about time that computer companies were held liable for their advertising claims.
    =========================================

    Interesting discussion there as well.

    link to this | view in chronology ]

  • identicon
    User, 6 Mar 2007 @ 11:27am

    The amazing part is how people actually believe big box stores know anything:

    he "felt secure in Circuit City's claims of impenetrability and security."

    link to this | view in chronology ]

  • identicon
    Rick, 6 Mar 2007 @ 2:09pm

    "...but handed it off to the FBI who was able to access the content by making a copy of the hard drive."

    So they ghosted the machine and suddenly everything was decrypted?

    link to this | view in chronology ]

  • identicon
    Phill, 30 Jun 2008 @ 12:14pm

    Man Sues Microsoft Because The FBI Was Able To Access His Encrypted Files

    First of all,the ATF was only supposed take anything that was related to the gun crime. I never seen anyone being shot with a computer.And second is that the FBI violating his privacy by cracking into his computer's hard drive. That should tell you something there. Have you ever thought while you are talking on your home phone or your cellphones that your conversation is being recorded by the government.

    link to this | view in chronology ]

  • identicon
    misha van leuven, 12 Jun 2012 @ 8:11pm

    He did nothing wrong

    http://www.masslive.com/news/index.ssf/2010/06/conviction_overturned_for_mich.html

    according to this website crocker had his home raided because he had a previous felony conviction and was in possession of a air rifle. But, the thing is that according to the law felons, while not being allowed firearms, are allowed air rifles. Air rifles, according to the law, are not firearms and it is legal for convicted felons to have them. His business was not selling air rifles, it was selling the silencers. His job was selling silencers. They illegally intercepted his packages he was sending out to his clients, then raided his home illegally, and then took his computer and hacked it and basically raped him of all rights that we as american citizens have. It is illegal for the government to intercept mail UNLESS they have reasonable suspicion that a crime is being commited. The only evidence they had was the silencer they found in the package and they only found it after they seized the mail illegally. for them to legally have obtained the mail they would have had to have reasonable proof before intercepting the package.

    After raiding his home illegally, exposing his embarrasing information, they had him arrested for being a felon in possession of a firearm, even though federal law says that air guns are exempt from this law. Then they sentenced him to 22 years in prison for something he did that was NOT ILLEGAL. He was convicted in 2004 and the conviction was overturned in 2006 because in appeal they realized that air rifles are not by law firearms. With him being in jail for 2 years in prison where aweful things might have happened to him he deserves way more then 200k, he deserves 200mil. The fact is that even though the software companies might have had a backdoor for the government the government must have a warrant to get this information. I am not talking about a warrant for the computer in the house. After that they need another warrant to be issued to HP and COMPAQ. They legally needed a warrant from a judge for Compaq and HP to break the code because when the guy bought his program they promised it to be unbreakable and they are only legally able to break that promise with a legal order from a judge. And a judge would never give a warrant for a computer related in a non computer crime. Therefore, the only explanation is the HP and COMPAQ broke the agreement without a warrant and therefore commited a breach of contract with MR. Cooker.

    Not only should he have sued all the companies involved but he should have sued the ATF for coming after him for having a non firearm, and the FBI for breaking into the computer when they had no legal basis for doing so.

    link to this | view in chronology ]

  • identicon
    misha van leuven, 12 Jun 2012 @ 8:27pm

    He did nothing wrong

    http://www.masslive.com/news/index.ssf/2010/06/conviction_overturned_for_mich.html

    according to this website crocker had his home raided because he had a previous felony conviction and was in possession of a air rifle. But, the thing is that according to the law felons, while not being allowed firearms, are allowed air rifles. Air rifles, according to the law, are not firearms and it is legal for convicted felons to have them. His business was not selling air rifles, it was selling the silencers. His job was selling silencers. They illegally intercepted his packages he was sending out to his clients, then raided his home illegally, and then took his computer and hacked it and basically raped him of all rights that we as american citizens have. It is illegal for the government to intercept mail UNLESS they have reasonable suspicion that a crime is being commited. The only evidence they had was the silencer they found in the package and they only found it after they seized the mail illegally. for them to legally have obtained the mail they would have had to have reasonable proof before intercepting the package.

    After raiding his home illegally, exposing his embarrasing information, they had him arrested for being a felon in possession of a firearm, even though federal law says that air guns are exempt from this law. Then they sentenced him to 22 years in prison for something he did that was NOT ILLEGAL. He was convicted in 2004 and the conviction was overturned in 2006 because in appeal they realized that air rifles are not by law firearms. With him being in jail for 2 years in prison where aweful things might have happened to him he deserves way more then 200k, he deserves 200mil. The fact is that even though the software companies might have had a backdoor for the government the government must have a warrant to get this information. I am not talking about a warrant for the computer in the house. After that they need another warrant to be issued to HP and COMPAQ. They legally needed a warrant from a judge for Compaq and HP to break the code because when the guy bought his program they promised it to be unbreakable and they are only legally able to break that promise with a legal order from a judge. And a judge would never give a warrant for a computer related in a non computer crime. Therefore, the only explanation is the HP and COMPAQ broke the agreement without a warrant and therefore commited a breach of contract with MR. Cooker.

    Not only should he have sued all the companies involved but he should have sued the ATF for coming after him for having a non firearm, and the FBI for breaking into the computer when they had no legal basis for doing so.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.