mnemonic@walt.cc.utexas.edu (Mike Godwin) (09/08/90)
Gene Spafford lectures on evidence law: >Believe it or not, it has to do with your rights to trial and to >challenge evidence. As it has been explained to me by lawyer-types >(prosecutors and "private" lawyers alike), there is the concept of >"best evidence." The "best evidence rule" has been modified by the Federal Rules of Evidence both in reference to duplicates and in reference to computer data. These rules were adopted by Congress in 1975. See below. > If something is going to be introduced as evidence >in a trial, the law requires that the best version of the evidence be >produced, i.e., the original version, if possible. If a copy was >introduced, the defense could challenge it and claim that the copy was >not the same as the original -- that it had been doctored by the >prosecution to make it look bad, or that accidental changes had been >made, or that it wasn't a complete copy. According to both statute >and case law, that objection would probably have to be sustained. >Thus, a copy might not be admissable as evidence, and it is difficult >to make a case when you can't introduce evidence! It would help if you actual read some evidence law rather than relying on anedotal recitations of common-law evidence rules from the prosecutors you talk to. Consider the following excerpts from Article X of the Federal Rules of Evidence: Rule 1001. Definitions For purposes of this article the following definitions are applicable: [text omitted] (3) Original. An "original" of a writing or recording is the writing or recording itself or any counterpart intended to have the same effect by a person executing or issuing it. An "original" of a photograph includes the negative or any print therefrom. If data are stored in a computer or similar device, any printout or output readable by sight, shown to reflect the data accurately, is an "original." (4) Duplicate. A "duplicate" is a counterpart produced by the same impression as the original, or from the same matrix, or by means of photography, including enlargements and miniatures, or by mechanical or electronic re-recording, or by chemical reproduction, or by other equivalent techniques which accurately reproduce the original. Rule 1002. Requirement of Original [This is the common-law Best Evidence Rule as it has been codified in the Federal Rules of Evidence; it is therefore the rule to which Spafford refers.] To prove the content of a writing, recording, or photograph, the original writing, recording, or photograph is required, except as otherwise provided in these rules or by Act of Congress. Rule 1003. Admissibility of Duplicates. [This is the rule Spafford hasn't heard of.] A duplicate is admissible to the same extent as an original unless (1) a genuine question is raised as to the authenticity of the original or (2) in the circumstances it would be unfair to admit the duplicate in lieu of the original. Two points should be noted here. First, it is clear that a printout of the contents of a hard disk counts as an original under the definitions section. Second, duplicates are admissible unless there is some dispute as to their provenance. As a practical matter, all the Assistant U.S. Attorney would have to do is direct that duplicates be made, then put on witnesses as to the duplication process. The duplicated data would then be admissible. (Of course, as a practical matter, only "duplicates" would ever be admitted into evidence--the actual hard disk would almost certainly NOT be admitted into evidence, since its mere presence is not evidence of of its content.) >That's one reason why, when something is under investigation, they >continue to hold the system long after the search warrant has been >executed -- if an indictment is brought later, they need the system as >evidence in the trial. If a challenge is made by the defendant about >the material introduced as evidence, the prosecution needs to be able >to fire up the system in the courtroom to prove their point. They need to do this about as often as they need to drive cars into the courtroom to demonstrate getaway tactics. Even if the prosecution anticipates that there will be a dispute over the provenance of any duplicates made, it hardly prevents the U.S. Attorney's office from giving the defendant *duplicates* of the siezed information. And few if any judges will sustain an objection over the prosecution's expert testimony showing chain of custody. Moreover, Spafford's comment does not address the First, Fourth, and Fifth Amendment implications of seizure of a *non*-defendant's property. >(I'm told that the normal course of prosecution is such that it may >take upwards of 2 years for an indictment to be made. Thus, the >equipment needs to be held all that time. This is a hardship for the >defendant, but not at all unusual -- cases involving the seizure of >cars, boats, printing presses (in counterfeiting cases), business >records and so on often result in in the material being held for >similar lengths of time. The belief is that it is more important to >preserve the evidence to allow you to challenge it in court than it is >to return it to you quickly.) It is also believed that any pressure brought to bear on the defendant provides additional motivation for plea bargains. >Certainly, the prosecution could produce the experts to claim that a >copy was a true and accurate copy, but the defense could have a lot of >fun trying to cast doubt in the jury's minds by holding up 3.5" floopy >disks and pointing at mounds of printouts and asking the experts to >explain how they know it's a true copy, and how all that data is >encoded, and how the know the software is correct and.... Ever try >explaining all that to someone who is doesn't know about computers and >may be mildlu computer-phobic? I do not share Spafford's contempt for juries. Juries have managed to learn and make decisions about complex matters since the beginning of the Republic. And the fact that a 3.5-inch floppy disk can hold the equivalent of pages and pages of text is not a complex matter; I defy you, Spafford, to find a single potential juror who would have trouble believing that such a disk could hold that much data, once you assured him that it could. >Now imagine explaining that to a jury >of 12 similar people and convincing them beyond any reasonable doubt. This is no great challenge. >(I'm also told {and have seen} that the law enforcement >agencies have very limited equipment resources, and the only way they >can be sure to have a printer that works with the hardware/software on >the confiscated system is to take the printer that's already >attached.) So we're too believe that the Feds have to keep Steve Jackson's LaserJet because the federal government can't afford one of its own? Been down to the federal courthouse lately, Gene? Back when I was a law clerk, I used to visit it all the time. Amazingly, they seem able to afford all sorts of equipment. >(Someone made a snide comment earlier about SJ Games' laser printer >being taken. It is my understanding that the above rationale is >standard practice with the Feds. If you look in the NIJ (National >Institutes of Justice) handbooks and similar texts on organizing >computer crime investigation, you will see the same thing given as >advice to local law enforcement types. If you don't like it, contact >your Congress-criter about amendments to the Federal rules of evidence >-- don't continue to abuse me for reporting information that I have >spent time researching.) Your research is minimal, so far as I can tell. Example: the NIJ handbooks are *not statutory law*. You don't need to have your Congressman amend the Federal Rules of Evidence to change the handbook provisions. Rather than take Spafford's "researching" at face value, I advise readers of this conference to take a look at legal scholarship concerning the Best Evidence Rule. A good place to start is Cleary and Strong, "The Best Evidence Rule: An Evaluation in Context," 51 Iowa L.Review 825, 1966. The authors note, inter alia, that the need for strict readings of the Best Evidence Rule has been reduced by modern legal procedures as well as by modern technology. --Mike Mike Godwin, UT Law School | "We need a new cosmology. mnemonic@ccwf.cc.utexas.edu | New Gods. New Sacraments. (512) 346-4190 | Another drink." | --Patti Smith
fnord@spdcc.COM (Dan Schaeffer) (09/13/90)
Let's keep in mind also the purpose of the "Best Evidence Rule," a concept which manages to elude a fairly steady stream of lawyers and judges, despite its simplicity. The Best Evidence Rule, as codified in Federal Rule of Evidence 1002, says the following: "To prove the content of a writing, recording, or photograph, the original writing, recording, or photograph is required, except as otherwise provided in these rules or by Act of Congress." What does this mean? The key phrase is "[t]o prove the content". All it says is that a witness can't just get up on the stand and say, "Yes, the document in issue says X." If you want to prove that the document says X, you have to have the document. Whether it can be a duplicate or must be an original is dependent on factors noted in other rules. There are some exceptions to this Best Evidence Rule, such as for expert witnesses, but essentially, that's it: you can't say what a document contains; you have to produce the document itself. D. J. Schaeffer "Loewenstein, Loewenstein." [fnord@ursa-major.spdcc.com]
jmc@Gang-of-Four.usenet (John McCarthy) (09/13/90)
As far as I can see, no-one actually answered Gene Spafford's question about whether the law sees a difference between the New York Times and a basement produced sheet. I have never heard of such a difference being argued in a censorship case. The legal movement has been in the direction off erasing differences. For example, advertisements have been granted First Amendment protection to some extent. Concerning "best evidence". There obviously needs to be some compromise here between keeping evidence and letting someone get on with his work. There are several possibilities. 1. A person's disk could be printed and he could stipulate via his lawyer that the printout was correct. Then he could have his disk back. When facts are stipulated by the prosecution and defense, judges permit reneging on the stipulation only in exceptional cases. 2. He could have a right to a copy of the confiscated files. 3. If his computer was an IBM PC XT, this could be stipulated, and he could get his computer back. Any PC XT or the documentation of the PC XT would be acceptable evidence if he should destroy the one he got back. I believe courts would support such compromises on the grounds that refusal by prosecutors to make them would constitute "unreasonable search and seizure".
mnemonic@walt.cc.utexas.edu (Mike Godwin) (09/13/90)
In article <856.26ed16bf@iccgcc.decnet.ab.com> browns@iccgcc.decnet.ab.com (Stan Brown, Oak Road Systems) writes: > >Mike, how can the contents of a hard disk be printed in a way that meets >this definition? I'm not thinking of ASCII files, which obviously >present no problem. I suppose dBASE files and spreadsheet commands can >be printed using their internal print commands. But what about .EXE >files and similar binary stuff? Well, let me note first of all that in most of the seizures I know about, it's been the text files that have been of primary interest to law-enforcement folks. But let's say they want to prove software piracy. Since the rules of evidence allow some kinds of duplicates to be considered, in effect, originals, and other kinds of duplicates to be just as admissible as originals, the logical thing to do, it seems to me, would be to have the government witness download binary files from the system in question, then run it on her own system or on the government's. That should be testimony sufficient to persuade a jury that software theft was going on. The problem is, neither the issues nor the procedures have been hammered out yet. There may be cases we haven't anticipated, and the procedures err on the side of inclusiveness precisely because the law-enforcement establishment is so hazy on what the legal and social issues are. >Does this definition include ordinary photocopies as duplicates? Yes. >I understand handwritten copies are not "duplicates" as defined above, >but are they completely invalid or valid only when nothing better is >available? The latter. >> Rule 1003. Admissibility of Duplicates. >> [This is the rule Spafford hasn't heard of.] >> A duplicate is admissible to the same extent as an original unless >> (1) a genuine question is raised > >Presumably as opposed to a frivolous question, just to delay things? Right. Judges know when the challenge is frivolous. >> as to the authenticity of the original > ^^^^^^^^ >Shouldn't that be duplicate? No. This clause applies, I think, to cases in which it is not the document's contents but the document's authenticity that is in question. (E.g., the Howard Hughes will that left money to Melvin Dummar.) >> or (2) in the circumstances it would be unfair to admit the duplicate >> in lieu of the original. > >I'm curious--couldd you give an example of (2)? Not offhand. It may be that the drafters had no particular example in mind, but wanted to leave an out in the event that an obvious unfairness came along. >> It is also believed that any pressure brought to bear on the defendant >> provides additional motivation for plea bargains. > >Seems like one of the many unfair parts of RICO, that it >institutionalizes seizure onm indictment. And the seizure itself may >work irretrievable harm, even if the defendant is found innocent and the >property ultimately restored. You'll find no disagreement here on that score. --Mike Mike Godwin, UT Law School |"If the doors of perception were cleansed mnemonic@ccwf.cc.utexas.edu | every thing would appear to man as it is, (512) 346-4190 | infinite." | --Blake
a577@mindlink.UUCP (Curt Sampson) (09/13/90)
> brad@looking.on.ca writes: > > If I were a computer criminal, I might just create a very special printer > with a bank of non-volitile storage in it. Or, for that matter, just buy one > of the modern printers you can get these days with 4 megs ram, etc. > > I would use that storage, normally, to keep all the stolen access codes, > calling card numbers, and other incriminating data. Pretty easy, with the > high speed link I have to my printer, to fetch the codes from it. Sounds like a lot of trouble to me. Why not just take your infomation and DES encrypt it with any of the popular packages that do this (such ask PKZIP, which will compress it while you're at it)? Then just conveniently "forget" the password. If you want to hide it a little better you might write a program that will attach it to the end of a .EXE file, so that it looks like just another overlay. It would take 30 seconds to encrypt or decrypt and attach or unattach a largish file to, say, TELIX.EXE (or substitute your favourite executable for your favourite OS here) if you knew the password. -cjs ( Curt_Sampson@mindlink.UUCP )
brad@looking.on.ca (Brad Templeton) (09/14/90)
I have always been amused at reading how the goons confiscate printers when they move in. How silly! Yet it got me thinking... If I were a computer criminal, I might just create a very special printer with a bank of non-volitile storage in it. Or, for that matter, just buy one of the modern printers you can get these days with 4 megs ram, etc. I would use that storage, normally, to keep all the stolen access codes, calling card numbers, and other incriminating data. Pretty easy, with the high speed link I have to my printer, to fetch the codes from it. (I would also have the machine erase stuff if disconnected improperly, keeping backups somewhere far away.) Or I could hide this info in little hidden places in all kinds of semi-smart or smart peripherals -- including some off the shelf. So if we fight (correctly) to stop them from confiscating everything, this may drive the real criminals to such tricks, which may lead to grander confiscation. I point this out -- I don't know if there's an answer. -- Brad Templeton, ClariNet Communications Corp. -- Waterloo, Ontario 519/884-7473
iceman@Apple.COM (Ice) (09/15/90)
|> (Curt Sampson) writes: |Sounds like a lot of trouble to me. Why not just take your infomation and DES |encrypt it with any of the popular packages that do this (such ask PKZIP, which |will compress it while you're at it)? Then just conveniently "forget" the |password. If you want to hide it a little better you might write a program |that will attach it to the end of a .EXE file, so that it looks like just |another overlay. It is one thing to talk about conveniently forgetting your password, and quite another thing to say that when the SS guys have you handcuffed to your sofa describing your upcoming prison term. I personally know that in such a situation I would find that my memory was working pretty well. If the SS KNOWS that the files are encyrpted, they will lean on you. Better to disguise them, via your overlay idea or whatever. As a standard security measure, I rewrote parts of the Resource and File Managers on my Mac. Files created under the modified system look like junk to the old system, but the new system can read the old files. Thus, I do most of my daily work under the old system, but when I am doing very sensitive work, I boot off a floppy that installs the appropriate toolbox patches, and -presto!- text files appear where there was only garbage'd resource files before. Nice and transparent, and even a Mac Hacker would write off the "encrypted" files as junk, since the normal OS can't even read them. :-) As for SS-proof backup, I recommend taking your valuable text files and posting stories to alt.sex.bondage that have the data encoded in them via the first word of each sentence, first char of every word (except 'a' and 'the'), etc. That way, you can be sure to get your data back by going to any NetNews site and downloading stuff from the story archives :-)! =short example= Samuel's erotic carresses ravaged the exquistely taunt stomach, each raking violently into crying Eve, gyrating openly, her orgasm making every neural-receptor open wide. Hey, it worked for those Rose-Cross fellows! Perhaps someone could write an a.s.b. auto-encryptor - you give it the text file, it turns it into an a.s.b. story. I can't imagine the algorithm would be too difficult. -ice "Um..." - Zippy the pinhead
n357cw@tamuts.tamu.edu (Kevin Alexander) (09/17/90)
Let me ask this of the Usenet readersip... Suppose I were to post 100's of Credit Card numbers, or login procedures for sensitive computers, or AT&T proprietary source code on one of the newsgroups.. When this message would be distributed throughout the world, would the Secret Service be able to confiscate each machine which that particular posting resides? This is the same thing that happens to many BBS operators (SysOps) when a user or two posts "non-public-domain" messages and the SS catches it before the SysOp can delete it.. Makes you wonder......... ------ Kevin Alexander n357cw@tamuts.tamu.edu (no fancy .sig needed)
brnstnd@kramden.acf.nyu.edu (Dan Bernstein) (09/18/90)
In article <8306@helios.TAMU.EDU> n357cw@tamuts.tamu.edu (Kevin Alexander) writes: > Let me ask this of the Usenet readersip... Suppose I were to post > 100's of Credit Card numbers, or login procedures for sensitive > computers, or AT&T proprietary source code on one of the newsgroups.. > When this message would be distributed throughout the world, would the > Secret Service be able to confiscate each machine which that particular > posting resides? Suppose you were to publish the same information in an advertisement in a national newspaper. When that advertisement would be distributed throughout the world, would the Secret Service be able to confiscate each newspaper in which that particular advertisement resides? One might ask the same question about any other communications medium. ---Dan
bzs@world.std.com (Barry Shein) (09/20/90)
Reading over these discussions indicates to me there really is a need for some overview or reference to basic law as regards freedom of speech and freedom of press and other related issues. >The newspaper would not publish the list in the first place. Electronic media >is special in that frequently there is no editor. This raises all sorts of issues I am only dimly aware of. A "newspaper" has more than one part, as far as freedom of the press is concerned. Parts which are "news" are much freer from various allegations of wrongdoing than parts which are editorials, ads etc. The basic rationale is that in order to publish real news in a timely fashion there is limited ability (time) to substantiate all facts. However, the same does not apply to sections like opinion columns which, one presumes, are authored with more time to check facts. On a related note, I believe the copyright laws as apply to news proper are quite different than other publishing copyrights (don't they only retain rights for something like four days? Maybe that was hearsay, but I'd like to hear from someone who knows.) And ads have their own set of standards entirely, not the least of which is caused by multiple independent parties being involved. For example, a paper might take an innocuous sounding classified ad which turns out to be quite criminal in its intent (e.g. fraudulant claims) and not be held liable in any way. Obviously the paper can't check every ad although some things are considered to fall within the purview of common sense (e.g. full page miracle cancer-cure ads, blatant advertisements for prostitution the paper could be held (ir)responsible for.) On another dimension, the telephone company, by virtue of its being a common carrier and having no editorial function, is not held responsible in the slightest for whatever criminal acts you might commit over their lines. The extent of their responsibility is to cooperate with law enforcement agencies when requested (properly.) Now, on yet another dimension (!) there certainly seems to be some sort of perception of "ability and intent to edit" smattered throughout. For example, short of the obscenity laws perhaps, there would seem to be a difference between my doing a live "man on the street" TV segment and one of those street-men blurting into the mike "Candidate George is in bed with the Mafia!" versus the station's manager using his/her editorial spot to make the same claim. The point being, the existence and/or claim of a editorial presence seems to be in there somewhere, at least conceptually, but what does the law actually say? These issues seem, to me anyhow, to be very critical and fundamental to the entire issue of "electronic speech". What does the law say about common carriers? What does the law say about an editorial presence? Timeliness? How do these relate to e-mail, electronic publications, public access systems (BBS), USENET, etc? Interesting questions. But I feel like we're all groping around in the dark (perhaps everyone is!) -- -Barry Shein Software Tool & Die | {xylogics,uunet}!world!bzs | bzs@world.std.com Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD
lars@spectrum.CMC.COM (Lars Poulsen) (09/21/90)
In article <26938:Sep1814:48:2390@kramden.acf.nyu.edu> brnstnd@kramden.acf.nyu.edu (Dan Bernstein) writes: DB> Suppose you were to publish [stolen credit card numbers] in an DB> advertisement in a national newspaper. When that advertisement DB> would be distributed throughout the world, would the Secret DB> Service be able to confiscate DB> each newspaper in which that particular advertisement resides? In article <4572@qip.UUCP> john@qip.UUCP (John Moore) writes: JM> The newspaper would not publish the list in the first place. JM> Electronic media [are] special in that frequently there is no editor. For a small publication, the editor and publisher are often the same person. No big deal. The reason that most publications would hesitate to print this hypothetical ad, is that the publisher may be held criminally liable for what appears in his publication. Indeed, for a small publication, the printing apparatus might be confiscated. By analogy, it may not be unreasonable to hold the "publisher" (i.e. the owner/SYSOP) jointly liable with the poster for whatever appears on the bulletin board. Indeed, this may require that the SYSOP not allow unmoderated discussion except within closed user groups whose members have all signed a pledge of responsible behaviour and are all known to the SYSOP. Seems pretty reasonable to me ... -- / Lars Poulsen, SMTS Software Engineer CMC Rockwell lars@CMC.COM
mnemonic@walt.cc.utexas.edu (Mike Godwin) (09/22/90)
In article <4619@qip.UUCP> john@qip.UUCP (John Moore) writes: > >It is true that the Pentagon Papers were not for the public's eyes. However, >they were not of criminal value (unlike credit card numbers) and did >bear on major public issues. Actually, the federal government argued strongly for the position that the Pentagon Papers should be regarded as stolen *property*. --Mike Mike Godwin, UT Law School |"If the doors of perception were cleansed mnemonic@ccwf.cc.utexas.edu | every thing would appear to man as it is, (512) 346-4190 | infinite." | --Blake
karl@sugar.hackercorp.com (Karl Lehenbauer) (09/30/90)
In article <1990Sep20.221955.10879@spectrum.CMC.COM> lars@spectrum.CMC.COM (Lars Poulsen) writes: >By analogy, it may not be unreasonable to hold the "publisher" (i.e. the >owner/SYSOP) jointly liable with the poster for whatever appears on the >bulletin board. >Indeed, this may require that the SYSOP not allow unmoderated discussion >except within closed user groups whose members have all signed a pledge >of responsible behaviour and are all known to the SYSOP. >Seems pretty reasonable to me ... If this were the case, it would be the end of Usenet. Further, it would have a chilling effect on free speech via bulletin boards. As a sysop, I would have to be very careful to never allow anything out that was in the least bit controversial, and would always want to err on the side of not allowing a message to go out unless I was really sure there was no chance of me getting in trouble for it. Shouldn't the poster of the message be accountable for its contents? Or by your reasoning, shouldn't the phone company have to listen to *all* the phone conversations going on at any time to make sure nothing illicit was being said, done or planned? They tried this in Eastern Europe, you know. Further, this would be a new and time-consuming burden on sysops and introduce potentially long delays in messages getting out. If a sysop let a bad message go out and it was gatewayed to a bunch of other machines, or one was forged or somehow illicitly injected into the network, by your reasoning wouldn't the owner/sysops of all the machines the message went to be liable? If that were the case, it would definitely be the end, because nobody has the resources to monitor, for example, all the traffic on the Usenet. I used Prodigy several times, and it is a heavily censored system, i.e. Prodigy's censors examine every article posted before it goes into the message base, and people on it were complaining that the censors were capricious, arbitrary and would not state reasons why specific articles had been censored. Not only is there nothing like talk.religion.*, talk.politics.*, soc.motss on Prodigy (they dropped a forum in which fundamentalist Christians and homosexuals and homosexual rights advocates were going at it, although they claimed it was for a different reason), but you can't even mention or talk about most products by name because advertising is a big part of their revenue base (about 20% of your display is permanently dedicated to advertising when using it -- ads are continually updated in this area the whole time you're on) and they don't want anyone to get free advertising. Consequently messages of the "Yeah, I bought a Frobozz 917 and it works really well" are censored. If this is IBM's view of the future of personal electronic communications (Prodigy is a joint-venture of IBM and Sears), and there is every reason to believe it is since this is what they chose to provide, it is a bleak future indeed. (The reason they do this, I think, is that Prodigy is supposed to be a "family" system. Under your one account you can set up logins for your other family members. So they don't want anything in there that some kid is going to read. But that restricts everything on the system to a very low common denominator, namely that every message must be so inoffensive that *nobody* is going to be offended by it... and that is censorship. -- -- uunet!sugar!karl -- Usenet access: (713) 438-5018