Sunday, August 24, 2008

Using Inferior Language

I was having dinner the other day with my wife and son at the local Cracker Barrel. My son is graduating this semester from UNC-Pembroke in Religion and Philosophy. At one point, the conversation turned to blogging and writing in general. My son loves the Puritan writers such as Jonathan Edwards as well as the writings of Charles Spurgeon. All of them are great writers, but not easy reads.

My son is enamored with language, which is a good thing. Since he will soon have to turn to learning biblical Greek and Hebrew when he enters seminary next fall.

But the conversation was about communicating and using the language he has learned in different venues such as his blog, or in papers he writes.

He was saying that he didn’t like to use inferior language, but preferred to use the more descriptive terms and scholarly language that he had learned through his study of the Puritans and other great authors of the reformed movement.

He asked me what I thought and I explained to him that what mattered was being a good communicator. While the Puritan writers were great communicators in the language of their day, that is no longer the language of the day now.

I explained to him that to me, inferior language is not the use of common or modern terms, but using words and examples your intended audience does not understand. For instance, if you are speaking to a group of 1,000 people and you use language that 500 don’t understand, you have an audience of 500, and are failing to communicate to the other 500.

He thought that really made sense. Dad strikes another blow for old people wisdom!

And that leads me to the subject of giving expert testimony. The expert in the Lacy Peterson trial is a great example of how not to give expert testimony. His testimony was so disjointed and laced with so many terms that he assumed the jury would understand, that I had trouble following it. And I do understand the technical terms.

You can read an excerpt of his testimony here at Postcard Mysteries.

One of the ways that I use to explain technical concepts is through analogies. For instance, defragmenting a hard drive:

Imagine that you are holding a roll of quarters in your hand and you toss them up in the air. Now, if you need to get 3.00 in quarters back, you have to go all around the room and pick them up one at a time. That is a very slow and inefficient process. But if you go around the room and pick up all the quarters and put them back into a roll in your hand, getting 3.00 in quarters is very fast because they are all next to each other again. That is what the computer does when it defrags the hard drive. It puts things next to each other again so it does not have to go all over the hard drive to get something it needs.

In my mind, explaining technical concepts using easy to understand language and analogies is a far better way to communicate to an audience, the jury, when you do not have any idea of their baseline of technical expertise.

I consider using the technical jargon of my field in general conversation as speaking Klingon. I can only effectively communicate like that if I am talking to other people fluent in Klingon. And the people I normally most need to communicate with are not fluent in Klingon.

When I interviewed someone the other day for a position with our company, I asked him to explain to me what a router is and what it does. On the condition that he explained it like I was his Grandmother who never used a computer.

Because that is what you are dealing with when you talk to laypersons about technical concepts in the computer and forensic fields.

Just because computers are everywhere these days and a lot of people use them, it is irresponsible to assume that means they understand how they work.

Lots of people drive cars and have no idea how they work either

...

Saturday, August 23, 2008

A little housekeeping

I decided to unpublish two of my posts: The one on the Obama birth certificate issue, since it appears to be of little vaue other than a curiosity. And this is not a political rag.

And the one on Detecting Fake Digital Documents as it was a little more technical than I want this blog to be.

My purpose for this blog is to write about issues and cases, not to be a technical blog.

There are plenty of those around already.

Friday, August 22, 2008

PI Licensing for Computer Forensics

The debate goes on in many states about whether or not Computer Forensics practitioners must be licensed as Private Investigators.

The primary argument for this in most states is twofold:

Requiring a PI license will protect the public interest.

The current law covers computer forensics via the statement:
(v) Securing evidence to be used before a court, board, officer, or investigating committee.

The issue that those of us in the computer forensics field have with this is not whether or not we should be licensed. That would be a step in the right direction in my opinion. However, by lumping us in with PI's, it grants them credibility in our field by holding a license in a totally unrelated discipline, and excludes those who are qualified from practicing in the field until they obtain a PI license.

For instance, Michigan just revamped their licensing law to include computer forensics.
(viii) Computer forensics to be used as evidence before a court, board, officer, or investigating committee.

Honestly, I have no issue with obtaining a PI license in a state that requires one provided that:

The qualifications and experience I have count toward obtaining the license equally with that of private investigators. If you are going to have one law, then the qualifications should be able to be met by experience in any field you lump into the law.

That the law does not but an undue burden on the licensee to do business in that state. Of course, that is relative I suppose, since most states to not seem to have a residency requirement for licensing as long as you post a bond if required and meet the other qualifications for the license.

What is kind of nutty though is that if I obtain a PI license, then I can do anything in their business arena that I want, such as surveillance, investigations, etc.

So the catch 22 is, if I can qualify for a PI license based on my computer forensics experience, the board is potentially unleashing someone with no PI type experience on the public to perform services for which I know I am not qualified.

If a private investigator can perform forensics without any training or experience, then the licensing board is potentially unleashing an equally unqualified person on the public to perform scientific analysis of computer data.

The other part of the quandary is in states that do not require licensing of any kind for computer and cell phone forensics; the public is in a "buyers beware" situation since anyone can hang out a shingle and provide what is a scientific forensic service, even if they have never turned on a computer in their life.

To me, the right answer is to professionally license computer forensics examiners based on a state accepted competency examination, like public engineers or general contractors. Or at the very least requiring a vendor neutral certification from a nationally recognized body such as the Certified Computer Examiner certificate from the International Society of Computer Forensics Examiners.

The wrong answer is to lump what is a forensic science discipline in with a totally unrelated profession without consideration for competency in the discipline.

Musings on Cyberspace

Is child porn on the rise?

Considering the increase in arrests for child pornography and internet predators; is it an indication of a growing interest in this type of activity or an indication of how widespread this behavior is and has been for a long time? With new tools and increased attention, arrests are on the rise mainly due to better law enforcement efforts. However, the number of arrests is probably a small fraction of the number of offenders. I think it is the proverbial tip of the iceberg and that arrests will continue to rise as law enforcement and community efforts continue to improve to combat these types of crime.

Where does the responsibility lie when an on-line service provides a venue for illegal or malicious activity?

Consider the following:

Chat rooms are a huge attraction for people attempting to meet children and groom them for sexual encounters. In my mind, if this is the case, it is just like opening a public park for kids and allowing adults to hang around and interact with the children, completely unsupervised by anyone. The adults are free to groom the kids with impunity. If such a park existed, and it had the amount if illicit activity that exists in chat rooms, would it not be declared a public nuisance and shut down?

Do internet providers like AOL or MSN have any responsibility for trying to make these virtual areas reasonably safe?

Cyber bullying is becoming a weapon of choice for many who want to attack someone else, with or without cause. MySpace, Facebook and Craigslist, to name a few, are prime venues for doing just that. While people constantly violate their terms of service by creating accounts with completely false information, the desire to acquire more hits appears to be greater than the desire to protect the public from misuse of their products. Some effort to tighten up compliance with their terms of service would seem to be in order. Which leads to the next musing:

Anonymity on the Internet may very well be one of its greatest appeals and greatest potential for harm.

Consider free email accounts on the web; these are by far the communication vehicle of choice for people having extra-marital affairs, trading illegal drugs, including offshore pharmacies, sending pornography to children and conducting various illegal activities, because they think the information cannot be recovered since it is on the internet.

Consider the potential damage done by anonymous experts, who can claim to have expertise in any area from medicine to law to forensics science. They freely give advice and expert opinions to unsuspecting people with impunity, shielded by the anonymous nature of the internet.

The internet is becoming the propaganda medium of choice for everyone from businesses to Al-Qaeda. Terrorist organizations have embraced the internet as their recruiting and fund raising medium of choice. No longer just looking like a bunch of fanatics hiding in caves, they are building a web presence that is very modern and hopefully to them, appealing.

Free Speech and Identity Protection

Of course the opposite side of the argument is that anonymity protects the personal information of people who use it. That is a fair position to take I suppose. But to say that it is needed to protect our first amendment right to free speech in America would be incorrect. Of course, not all countries’ citizens have that right and need anonymity to protect themselves from their own government if they want to express a dissenting opinion about conditions or political issues in their country.

These issues will continue to be a legal and ethical struggle for some time as the explosion of internet use and technology continues to outpace legal decisions in the courts and tests the personal responsibility of individuals and the social responsibility of corporations providing services in Cyberspace.

Monday, August 4, 2008

Child Porn - What's going on?

Here's a few interesting articles you should definately read.

DOJ Wants More Money To Scour P2P Networks for Child Porn

Officials Find Child Pornography on 20,000 Va. Computers

Letter to Sen. Tom Coburn from Grier Weeks regarding Operation Fairplay

Rick Rolled to Child Porn = You're a pedophile says the FBI

FBI posts fake hyperlinks to snare child porn suspects


Operation Fairplay

"Through the existing Fairplay system, investigators log onto peer-to-peer file-sharing networks as any other person would and search for files containing certain keywords that are likely to indicate child pornography is involved. Then they download files--frequently videos, sometimes as long as 20 to 30 minutes, with names like "children kiddy underage illegal.mpg" and much more obscene--to their own machines. The Fairplay software allows the investigator to obtain the IP address of the file's sender and, in some cases, display its geographic location in map form.
Once armed with an IP address and date and time of the download, investigators can subpoena the Internet service provider for more information, such as name and address of the subscriber who was assigned it at that moment. It's not clear whether any wiretaps are also conducted to monitor ongoing file-swapping.
Through that process, investigators have identified more than 600,000 unique computers allegedly trafficking in child pornography and traced them to the United States. But Biden and others have voiced dismay that they're only equipped with the resources to investigate about 2 percent of those potential cases. " Source C-net News

Ouch!

Not one of the finer moments in computer forensics...

Bogus Computer Expert Goes From Witness To Federal Prisoner

...

No minor matter

An interesting read...


"BISMARCK – Steve Harstad remembers the cold winter night when he first became a teenage girl.

Sitting at his computer, Harstad entered an Internet chat room. All it took was a few clicks on the keyboard to establish a new identity: that of a 13-year-old girl.
It didn’t take long to make new friends."

http://www.in-forum.com/News/articles/210339

...

Friday, August 1, 2008

To plea or not to plea? That is the question.

I do a lot of criminal defense work, especially in the areas of sex crimes. As I follow cases, work with attorneys and talk to attorneys about these types of cases, I am wondering just how many of them get pled out without the benefit of a balanced perspective on the technical evidence.

Let me present a hypothetical scenario:

Joe Coach is accused of possession of child pornography. It makes all the local papers and is picked up up by the bigger newspapers so that it is broadcast via television, newspapers and web sites statewide.

What typically happens in these cases? Let's be honest. Most people who read about these types of charges assume guilt, not innocence. It is such a heinous thing to want to look at sexual pictures of children, that this attitude is understandable, even though it goes against our system of "innocent until proven guilty."

So Joe Coach makes the papers because of allegations of child pornography. He may not be charged at this juncture, however his computer gets taken by law enforcement and analysed. The law enforcement agency's forensic person issues a report back to the investigating officer who then presents it to the DA to determine if there are chargable pictures.

The forensics report looks something like this:

48 images of interest were located in the internet cache and are included in the report for review by the DA.
9 images of interest were recovered from unallocated space and are included in the report for review by the DA.

Upon review of the images, the DA decides to charge Joe Coach with 57 counts of possession of child pornography.

Joe Coach gets arrested, is taken to jail to await a bail hearing. Joe Coach makes the papers again.

Joe's defense attorney files a motion for discovery to get a copy of the forensics report and the charges, search warrants, inter alia.

By this time of course, Joe has either resigned his position or been fired. He is the subject of public disgust. His friends abandon him in disbelief. Maybe his wife leaves him and takes the kids. At this point, no one believes he is innocent, even though we are "supposed" to believe exactly that, until his case is heard and decided.

Joe's attorney reviews the forensics report from the prosecution and then goes and views the chargable pictures. They are all very graphic and disturbing.

Joe maintains that he has no interest in child porn and does not look for it or view it on the web. Joe admits to his attorney that he likes to surf porn sites and prefers the teen porn sites. He remembers that sometimes, the web sites he visits will open other web sites in windows that he has to close. He also remembers that some of the web sites he visits have galleries showing web sites with other types of porn, some of which could be child porn sites, but he never clicks on any of the links.

Joe's attorney explains to him that he is facing a possible sentence of at least 25 years in prison for possessing these pictures, maybe more depending on the judge, if he is convicted.

Let's review the facts in this case at this point:

  • Joe's computer was siezed via a legal search warrant based on good probable cause.
  • Forensic analysis of Joe's computer did in fact reveal 57 pictures of child pornography located on his hard drive.
  • Joe admits to surfing porn and searching for teen porn on the computer.
  • Forensic analysis of the computer showed searches for terms such as "barely legal", "teen hardcore", cheerleader porn", and so forth.
  • In addition to the chargable pictures, there were hundreds of other porn images on the computer, many of which would appear to be "on the line" between of-age and under-age models.
  • Joe's maintains that he never searched for or looked at child porn.
  • The prosecution's computer forensics expert will testfiy to the facts of locating the chargable images on Joe's computer.
  • No one else uses Joe's computer and it is password protected.
  • No one is willing to testify as a character witness for Joe at this point. Everyone he knows is too horrified at these charges and doesn't want their name associated with an alleged "pedophile." (Even though Joe has not been charged with anything involving contact with a child.)
At this point a couple of things can happen:


Knowing that all the State has to do is prove possession, that there is clearly evidence of possession, and that the pictures are disturbing, going to court at this point to present a defense in front of a jury is not a good scenario for Joe Coach.

Basically you have three options at this point:

1. Go to court with what you have.
2. Try to negotiate a favorable plea bargain for Joe.
3. Hire a defense expert to help you. Preferably one experienced in this type of crime.

The problem is that many attorneys, at least in my state, are not even aware that such defense experts exist, what they can bring to the case and how to find the right expert.

Many experts in my field will not take these cases for various reasons. Additionally, even if you find one who will take the case, do they have the experience and technical qualifications to bring to the table?

This is why I believe that the present situation is causing am imbalance of justice. The State will always have an expert on their side. Like it or not, people are predjudiced against people who are arrested for these crimes.

Is there a history of many of the people accused of these crimes being guilty. Yes. Are all of them guilty? No.

Is it not in the best interest of the client and the justice system to present the best defense possible? Of course it is.

Are the scales of justice really balanced based on the resources available to the State and to the defense? I will leave that for you to decide.

...