UK Police Want Magic 'This Computer Is Used By A Criminal' Alert Software

from the and-a-pony! dept

Fri, Dec 12th 2008 5:25am — Mike Masnick

It seems that some folks in the UK police department are in their "wishful thinking" mode as we approach the holidays -- and those wishes seem to include everything. Specifically, detective superintendent Charlie McMurdie is asking for a theoretical device that would basically tell police when they're in the presence of a computer being used for criminal purposes, which he refers to as a "breathalyzer" for computer crimes:

"Do we need to seize five computers in a suspect's house or could we use a simple tool to preview on site and identify there's that one email we are looking for and we can then use that and interview the person now, rather then waiting six to 12 months for the evidence to come back to us?

"For example, look at breathalysers - I am not a scientist, I could not do a chemical test on somebody when they are arrested for drink driving but I have a tool that tells me when to bring somebody in."

I mean, sure, it would be good to be able to do that... but how could you possibly develop an algorithm that would work that way. A breathalyzer works because you have one single (measurable) thing to measure: blood-alcohol levels. For crime, there's simply no way to do something like that. Yes, it is a good idea for police to be able to do better computer forensics, and not have to wait forever for computer contents to be examined -- but this seems like pure wishful thinking.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: computer crime, forensic tools, uk

48 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Ima Fish, 12 Dec 2008 @ 5:36am

What they should really be making is a device to scan babies to determine whether they'll grow up to be criminals. Then they should kill those babies before they have a chance to commit any crimes. In a couple of generations the UK will be crime free.
[ link to this | view in thread ]
The Arbiter, 12 Dec 2008 @ 6:00am

Re:
Hell, let's do that the world over. We'll eliminate crime and fix the overpopulation problem.
[ link to this | view in thread ]
Anonymous Coward, 12 Dec 2008 @ 6:09am

I think it's funny that he references the breathalyzer, a device that has been proven inaccurate time and time again.
[ link to this | view in thread ]
Anonymous Coward, 12 Dec 2008 @ 6:09am

I can imagine Charlie McMurdie's tech guy gets really annoyed with him. Always run into people that don't know left from right when sat in front of a computer then think you are a lazy jerk for not coming up with a computer solution that would be pure magic for all intents and purposes.
[ link to this | view in thread ]
mslade, 12 Dec 2008 @ 6:15am

This is clearly just...
A remark made by an uninformed person. She might be asking for the impossible, but she's on the right track. I'm not in law enforcement so I don't know what tools they currently have, but if they DON'T already have a tool for 'profiling' a computer quickly for suspicious activity, they need one. As long as it was presented as a tool that could easily have false positives, then this isn't a bad idea.

The problem occurs if somebody makes a profile device and then says "This will tell you if there's crime on a computer!".
[ link to this | view in thread ]
kilroy, 12 Dec 2008 @ 6:21am

Re: but honestly ...
maybe the breathalyzer has been proven inaccurate from time to time .... but just try to imagine how many times they have been right. You cannot use the argument that just because it isn't perfect that it is worthless ... at least not about road-side alcohol testing.
[ link to this | view in thread ]
hegemon13, 12 Dec 2008 @ 6:23am

Re: This is clearly just...
How would that possibly work. Everybody discussing Call of Duty tactics by email or IM would be flagged as a terrorist. Anyone talking about the cool stunt he pulled in GTA could be flagged as a criminal/murderer. Sorry, in most cases, this type of evidence is subjective and requires too much circumstantial evidence.
[ link to this | view in thread ]
Anonymous Coward, 12 Dec 2008 @ 6:33am

ohhhh noessss!!!
"A breathalyzer works because you have one single (measurable) thing to measure: blood-alcohol levels."

WTB device to measure how moral a person is... ZOMG!! morals aren't real!

All hells breaks lose and humanity realizes being 'good' is fake.
[ link to this | view in thread ]
Simon Lynch, 12 Dec 2008 @ 6:34am

Not too stupid
We spend a lot of time catching bad guys posting fradulent stuff on www.justlanded.com, and I am sure it would be possible for a tool to be created to scan a PC for bad stuff if it's one the HDD without encryption - for fraud stuff, simple keyword stuff would be able to flag bad comms, for kiddie-porn looks for video files and do keyword stuff. It wouldn't be tough to do and could be useful in a time-sensitive situations. Bad news is that this wouldn't prove the PC was clean, so I guess if they don't find anything they will cart it off anyway.

I would be more worried about the fact that plod finds it increasingly easy to get hold of someone's PC in the first place.
[ link to this | view in thread ]
reech, 12 Dec 2008 @ 6:41am

This made my day..
Everytime I think things can't get any more ridiculous....

These 'cops' should really lay off the CSI.
[ link to this | view in thread ]
Ima Fish, 12 Dec 2008 @ 6:42am

Re: Re: This is clearly just...
"How would that possibly work."

It could scan for credit card information. Certainly a list of credit card numbers would be suspicious.

It could scan for large numbers of MP3s and video files, which could indicate copyright infringement.

It could scan for cracks and keygens. Which again could indicate copyright infringement.

It could scan for mass mailing software, which could indicate spamming.

I could scan image files for high amounts of flesh colors which could indicate porn.
[ link to this | view in thread ]
Ima Fish, 12 Dec 2008 @ 6:44am

Re: Re: Re: This is clearly just...
"I could scan image files"

The use of "I" clearly was a Freudian slip!
[ link to this | view in thread ]
John, 12 Dec 2008 @ 6:50am

Stress and shame.
Have a device that can detect lingering scents of fear, shame and guilt. You will either hit paydirt with 'cybercrime'...

or find out that, yes it is indeed true, for every conceivable fetish there is a porn for it.
[ link to this | view in thread ]
John, 12 Dec 2008 @ 6:52am

Re: Re: Re: This is clearly just...
Didn't know porn was illegal.
[ link to this | view in thread ]
John, 12 Dec 2008 @ 6:53am

Re: Not too stupid
Or they could just take all of the computers, lock the fucker up in jail for a year while they go through evidence.
[ link to this | view in thread ]
Thom, 12 Dec 2008 @ 6:54am

already available
"A breathalyzer works because you have one single (measurable) thing to measure: blood-alcohol levels."

Things have probably changed in the 20 years since I looked at the schematic for a breathalyzer, but at the time there were two things to measure. Breath-alcohol levels were one and, I believe, acetone was the other. It's present in the breath of diabetics and absorbs some of the same wavelengths of light as alcohol and, coincidentally, the ones used to measure alcohol levels in breath.

On topic, the RIAA already has such software. The instant it detects that it's been connected to a computer it alerts to the presence of a criminal, because everyone pirates music.
[ link to this | view in thread ]
Anonymous Coward, 12 Dec 2008 @ 7:00am

Re: Re: but honestly ...
"maybe the breathalyzer has been proven inaccurate from time to time .... but just try to imagine how many times they have been right. You cannot use the argument that just because it isn't perfect that it is worthless ... at least not about road-side alcohol testing.

here in America you're innocent until proven guilty. If you put one person away who didn't deserve it based on bogus breathalyser data, the system has failed. So, maybe you can use your argument in Britain, but not in the US. A voting machine that miscounts votes is worthless. A breathalyser that 99% of the time works everytime is worthless as well. Close only counts in horseshoes and hand grenades.
[ link to this | view in thread ]
Ima Fish, 12 Dec 2008 @ 7:00am

Re: Re: Re: Re: This is clearly just...
"Didn't know porn was illegal."

Child porn is. And in the US "obscene" porn is illegal, but it's hard to prosecute because no one really knows what "obscene" porn is. It's based on "community standards" which even juries cannot agree upon.
[ link to this | view in thread ]
f2point8, 12 Dec 2008 @ 7:03am

You're missing the point
"...tool to preview on site and identify there's that one email we are looking for and we can then use that..."

It looks to me like a simple scan and compare this person is asking for. And sure it could go beyond that to find email replies in the same thread of email exchanges with the same address.

You guys a missing the point. The cop is not looking for miracles, just a portable drive scan program.
[ link to this | view in thread ]
The Arbiter, 12 Dec 2008 @ 7:03am

Re: Re: Re: This is clearly just...
All of which would be rediculously intrusive. Also, it's entirely possible that a person could legally have all this material on their computer.
[ link to this | view in thread ]
CJ, 12 Dec 2008 @ 7:07am

To play devil's advocate here, it doesn't sound like what's being wished for is a magic scanner that says 'hey, you committed a crime, now I'm going to arrest you,' from the quoted material it sounds like what's being said is 'When we execute a warrant on someone's home and there are 5 computers in a home, some of which might not even belong to the suspect, it would be nice if we could just quickly run a scan on the computers and see which ones have no evidence of criminal activity right there, so we don't have to waste our time seizing them and having our forensic techs run them when they could be focusing on the ones that do pass a preliminary test for potential evidence of crime.' Which to me doesn't seem like that bad of an idea, after all we use luminol to look for blood to cut out just that square of carpet for testing rather than ripping up the entire carpet and taking it back to the lab so see if there might be some blood on it. You still have to find the legitimate evidence to make a case and have your warrants in order, but it could narrow how much evidence you have to sift through.

Of course whether something like this is possible, who knows, maybe someday if there was enough money invested in development. (Or if the UK has a lot of Bond villlians with powerpoint presentations called MyCriminalPlanForWorldDomination.ppt on their C drives, it might be closer than we think.)
[ link to this | view in thread ]
O. Duh, 12 Dec 2008 @ 7:13am

Silly...
We're ALL criminals... didn't you hear... if you break any of a websites Terms of Service... you are guilty of computer hacking!

My website's ToS involves you handing over your first born to me every full moon - but only if it's a girl, she's over 18 and very hot! Failure to meet any of those terms and you are a computer hacker!
[ link to this | view in thread ]
Chuck Norris' Enemy (deceased), 12 Dec 2008 @ 7:23am

Re: Breathalyzer
They use the breathalyzer for the in field test. If positive they take you to the station and get a sample by more accurate means. I've seen Cops episodes where they take a blood sample at the station. So you can call the breathalyzer a preliminary check.
[ link to this | view in thread ]
JokersWild, 12 Dec 2008 @ 7:26am

Already there
Actually this is easier than it appears. In fact this is well documented in RFC 3514 (the Evil Bit): http://tools.ietf.org/html/rfc3514
[ link to this | view in thread ]
Matt, 12 Dec 2008 @ 7:32am

Re: Re: Re: This is clearly just...
Yes, because none of these would have false positives like I don't know, 95% of the time?
[ link to this | view in thread ]
Anonymous Coward, 12 Dec 2008 @ 7:36am

Not that hard.
From the quote above it sounds like what he's looking for can already be done.. and done easily.
If he has a list of documents he wants to find, or suspects might be on a computer, a hash can be made of that file(s).
Then in 20 minutes each of those computers can be hashed on the spot(every individual file, not the hard drive as a whole), and any hashs that match your list of known files will pop up.

If that's all he's looking for, it's already ont eh market, or could be with almost no extra work.
[ link to this | view in thread ]
Anonymous Coward, 12 Dec 2008 @ 7:44am

Re: Re: Re: This is clearly just...
"How would that possibly work."

"It could scan for credit card information. Certainly a list of credit card numbers would be suspicious."
Unless you had a lot of credit cards and used a digital wallet program to keep up with them, or if you owned a small business with, say, consultants who had company cards and you wanted to keep the numbers on file.

"It could scan for large numbers of MP3s and video files, which could indicate copyright infringement."
Unless you happend to be a DJ, or wedding videographer, or just someone who happens to have a large CD collection and prefers the convenience of the mp3 format.

"It could scan for cracks and keygens. Which again could indicate copyright infringement."
Unless you happened to have purchased a video game with non-functional, draconian DRM for which the game publisher suggested that you download the crack so you could play your legally purchased game.

"It could scan for mass mailing software, which could indicate spamming."
Unless you happen to be a marketer or even just a small business owner for whom these tools would be invaluable.

"I could scan image files for high amounts of flesh colors which could indicate porn."
You could, but then you'd find all of my family photos taken in my living room where my wife painted the walls "Bare Essences", which looks amazingly like nude flesh.

Honestly, the potential for false positives that would have to be more closely scrutinized makes any kind of tool like this useless and a waste of time.
[ link to this | view in thread ]
Henry, 12 Dec 2008 @ 7:50am

that hard
It will never be fast to scan a device (PC), because the police will need to get the hard disk out of the device. (A boot will alter data on the disk making the proof not hold up in court)

disclamer: IANAL
[ link to this | view in thread ]
Deanb, 12 Dec 2008 @ 7:54am

One of my friends does Digital Forensic's and he had pointed me out to a similar tool made by Microsoft for police forces.
If what I understand of it, it's a USB dongle that'll break through majority of password's they've put on it, include encryption, and most handily copy over anything stored on the RAM, which obviously goes if they seize the computer.
Here's the first link I came across - http://seattletimes.nwsource.com/html/microsoft/2004379751_msftlaw29.html
[ link to this | view in thread ]
Zabi, 12 Dec 2008 @ 8:08am

Re:
I think this is by far the best idea ever.....
[ link to this | view in thread ]
Anonymous Coward, 12 Dec 2008 @ 8:13am

Re: that hard
That's not entirely true.. there are a number of of well tested tools which function on intact computer s that have been upheld in courts and properly peer tested. But in general, it does require the removal of the hard drive for any in depth analysis.

Plus it should be noted, that if the police find anything, it's a given that they will seize and process every other computer as well. No cop will ever find one piece of evidence, and then call the search quits and leave. If a cop searchs your car and finds a crack pipe, you know they are going to tow that car to the station and tear it apart looking for anything else.
[ link to this | view in thread ]
Jesse, 12 Dec 2008 @ 8:17am

The point the guys over at slashdot were making was this: don't police officers need a warrant to look for something specific? If they bust into a house looking for drugs, and then do a scan of a computer, isn't that sort of violating the search warrant? If today, you have to bring a computer in for forensics, then it is less likely that police will violate a warrant. But if they can do a quick scan, which indicates "maybe" criminal activity, then that can be classified as in plain site = violating warrant.

Seems like a shitty idea all around.
[ link to this | view in thread ]
Tony, 12 Dec 2008 @ 8:39am

I'll make it
I'll make their scanning program. Of course, I'll add in some code that will automatically declare any computer used by ME to be completely clean. And maybe some additional code to put clearly illegal content on the computers of people I don't like.

The potential for abuse is huge.
[ link to this | view in thread ]
Michael, 12 Dec 2008 @ 8:45am

While they're at it, they can try out these ideas...
1. They can put cameras in how homes.
2. Daily polygraph test.
3. Fit breathalysers / drug detectors to our cars.
4. Direct all internet traffic thro' central filters.
5. Do away with the need for trials (the police know who is guilty - why waste money on lawyers and let criminals off the hook)
6. Mandatory prison time every 5 years just in case they miss something (use a suitably prot name like "peoples' work camp").

...Remember, if you're innocent you've got nothing to hide. :)
[ link to this | view in thread ]
CVPunk, 12 Dec 2008 @ 8:47am

Re: Re: Not too stupid
so, guilty until proven innocent?
So the person can be falsely imprisoned for a year only to find out there was nothing illegal on his PC?
[ link to this | view in thread ]
Strofcon, 12 Dec 2008 @ 9:00am

Re: Re: Re: but honestly ...
By your logic, we could never arrest anyone for any crime, regardless of the evidence. Even if you were to catch them committing a crime on film, it wouldn't be sufficient to arrest them because it's possible that a glitch in the operations of the camera could have altered details of the image such that it looked like the suspect, but was actually someone else.

You must never use any product, ever, because it doesn't have a 100% success rate. You must have typed your asinine response on the most advanced piece of computing machinery in the universe, given that it obviously can't fail - otherwise you'd have nothing to do with it.
[ link to this | view in thread ]
Difranco, 12 Dec 2008 @ 9:05am

breathalyzers are even accurate....
.... its mostly common perception produced by a publicity campaign to keep potential jurors in the dark. You can about this over at the DUIBLOG.com

The thought of a similar 'tool' horrifies me when applied to computers...
[ link to this | view in thread ]
billy, 12 Dec 2008 @ 9:05am

This code should work very nicely.

if ( user->isOrWillBeACriminal() ) {
sendMessageToPolice();
}

such code can be easily implemented into almost every operating system!
[ link to this | view in thread ]
Stute, 12 Dec 2008 @ 9:55am

Clearly what they want is a boolean function
bool crime();

returns either a true or false based off of nothing, since what he really wants is some sort of voodoo magic thing. Someone needs to outsource this to a shaman programmer.
[ link to this | view in thread ]
Interpritation of speach, 12 Dec 2008 @ 10:28am

I think he means
I think the police officer, SPECIFICALLY was looking for a way to scan an Email and find out what computer originated the email.
[ link to this | view in thread ]
Anonymous Coward, 12 Dec 2008 @ 10:32am

Re: Re: Re: This is clearly just...
Credit Card Numbers look like any other sort of number.

MP3s and Video files are used for legitimate reasons more often then illegal ones

Cracks and Keygens are programs, and hence very difficult to decode without running them. Other programs have similar outputs to Cracks and Keygens. That is to say 'Legitamate copies' and 'Random number generators'

Mass mailing software... see same program problem

Image files with high amounts of flesh color? Since when was my faimly album with about 700 photos of my faimly illegal? Even if some of them are closeups of their faces?
[ link to this | view in thread ]
Anonymous Coward, 12 Dec 2008 @ 10:40am

"At least 23% (that's about one out of every four) of all individuals tested will have a BAC reading higher than their actual BAC. 1 Therefore, many people convicted of DUI/DWI simply on the basis of a breath test results alone will be innocent drivers who are falsely convicted."

-David J. Hanson, Ph.D.
[ link to this | view in thread ]
zs450, 12 Dec 2008 @ 10:48am

Wishful thinking
Wishful thinking is the way that innovation comes about.

Think about someone hundreds of years ago who would have wished to be able to get from Maryland to California in less than a month.... I'm sure they wished they could fly.

Yes, this seems like something on the verge of impossible but there are those people who make the impossible possible.
[ link to this | view in thread ]
Rob, 12 Dec 2008 @ 11:17am

Re: Re: Re: This is clearly just...
Scanning for large numbers of MP3s/digital music is nonsense in this day and age. I own all my music - to the tune of 170+ GB and 7000+ songs.

I'm sure most professional photographers would be pissed at the implication that large numbers of photos with "flesh colors" would be considered porn.

How about we go the other way and the police bugger off unles they have prior evidence of a crime being committed?
[ link to this | view in thread ]
PaulT (profile), 12 Dec 2008 @ 12:33pm

Re: Re: Re: This is clearly just...
"It could scan for credit card information. Certainly a list of credit card numbers would be suspicious. "

How would you determine "credit card numbers"? Strings of 16 numbers? That could be anything, especially if the data is encrypted, and thieves could just as easily encrypt the data using non-numeric characters to bypass the filter.

"It could scan for large numbers of MP3s and video files, which could indicate copyright infringement. "

Or someone running a video production company. Or a DJ transferring his collection to a backup server. Or someone transferring CC-licenced material.

"It could scan for cracks and keygens. Which again could indicate copyright infringement. "

Or someone trying to bypass the stupid CD keys on his own legally purchased software. Not to mention, how would you quantify a "crack" or "keygen"? Filenames? Pirates will name them something else. Content? How do people determine which sequence of 0s and 1s constitutes such a thing?

"It could scan for mass mailing software, which could indicate spamming. "

Or companies running a legitimate mass mailing marketing campaign to opted-in subscribers.

"I could scan image files for high amounts of flesh colors which could indicate porn."

Or someone with a lot of wedding, school or photos of other groups of people (and/or any legitimate glamour photographer you can think of). This has been tried with little success btw - slight old example here: http://www.dansdata.com/pornsweeper.htm, but there's many other failures.

Basically, there's no way of a system like this working without generating a huge amount of false positives while blocking massive amounts of legitimate usage.
[ link to this | view in thread ]
reech, 13 Dec 2008 @ 4:43am

Re: Re: Re: This is clearly just...
Copyright infringement is not a criminal offence. What qualifies 'large numbers' ? This would place just about everyone I know 'under suspicion'. Ludicrous.

Mailing software!? - like sendmail, postfix and qmail - or wait for it - outlook !?
[ link to this | view in thread ]
zs450, 15 Dec 2008 @ 3:25am

Wishful thinking
Wishful thinking is the way that innovation comes about.

Think about someone hundreds of years ago who would have wished to be able to get from Maryland to California in less than a month.... I'm sure they wished they could fly.

Yes, this seems like something on the verge of impossible but there are those people who make the impossible possible.
[ link to this | view in thread ]
zs450, 15 Dec 2008 @ 3:27am

???
I left my computer on this site and when I came back to it my comment reposted? Sorry for the double post.
[ link to this | view in thread ]