When Government Sides With The Crackers

 
 
By Larry Seltzer  |  Posted 2007-02-27 Print this article Print
 
 
 
 
 
 
 

Opinion: Are some crimes so awful that we must use the work of criminals to gather suspicious evidence?

Sometimes standing up for individual rights is not just a matter of principle, its common sense. The prosecution of former Orange County, Calif., Superior Court Judge Ronald C. Kline for child pornography is a case that stands out in this respect, and for reasons which have a lot to do with computer security.

Kline had downloaded images of child porn, including some that contained a trojan horse and had been left there by Brad Willman, a Canadian who calls himself Citizen Tipster. Based on what Ive read, it appears that the images probably exploit some vulnerability that allows them to run malicious code.

Once Kline loaded the images, Willman, like any other bot herder, could gain access to his computer and do what he wished, including looking for evidence of who Kline was and passing it on to the authorities, and this he did. The government was willing to accept this evidence even though it was obtained by clearly illegal means. And the government made it clear they werent going to prosecute Willman, which effectively encourages him to continue his activities.

Indeed the legal standard is that such evidence can still be admissible if it wasnt obtained by the government or an agent of theirs. The government successfully made the case to the famously liberal 9th Circuit Court of Appeals that Willman was not an agent of the government.

The case, believe it or not, is far from unique. I wrote about a very similar case several years ago. The hacker in that case was not even identified in court except by the handle "Unknownuser" and turned out to be a resident of Turkey. But the FBI, and later the state of Virginia, were willing to accept evidence from an unnamed foreigner, who couldnt be cross-examined, and eventually the courts were willing to accept it, too.

The Virginia case was worse in many ways, in that the government actually had actively encouraged Unknownuser to continue his hacking activities based on earlier evidence he provided in another case, and they also made it clear to him that they werent going to prosecute him. To my mind this makes him clearly an agent of the government, but the famously conservative 4th Circuit Court of Appeals sided with the FBI. There the case ended, at least so far.

Based on the reports Ive read, and especially since he recently pleaded guilty, its tempting to believe that Kline is guilty. But its also possible that he just copped a plea based on the strength of the evidence against him.

In the hands of a talented hacker, a rootkit can do anything on your system and good luck proving that its there. Click here to read about F-Secures analysis of this "kernel malware."

And make no mistake about it, the evidence found by Willman and Unknownuser is not reliable. Trojan horses of the type they use (Unknownuser used Subseven) give them just as much ability to plant evidence as to find it. Under such a standard, I could hack into your computer (yes, you), plant kiddie porn on it and call the FBI anonymously to rat you out. I could also threaten to do this if you dont pay me. Hows that for a legal system?

I can only understand the courts attitude as indicating either that they didnt appreciate just how tainted the evidence was, or that they overlooked it because of what the defendant was accused of. In Klines case, he had been publicly pilloried for years, with one radio station camping outside his house.

Nowadays youd garner a lot more respect defending the rights of al Qaeda members than alleged child porn owners. Theres a good reason why everyone has certain rights, no matter what theyre accused of. Some people accused of crimes are not guilty of them, and the evidence against them needs to be held to a high standard. Relying on the likes of Unknownuser and Willman doesnt meet that standard. You better hope they dont take a disliking to you.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983. Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog. More from Larry Seltzer
 
 
 
 
Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement—,he graduated from the University of Pennsylvania in 1983.

He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.

For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.

In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.

Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel