Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

US District Court Says Calculating a Hash Value = Search

timothy posted more than 5 years ago | from the fair-enough dept.

Data Storage 623

bfwebster writes "Orin Kerr over at The Volokh Conspiracy (a great legal blog, BTW) reports on a US District Court ruling issued just last week which finds that doing hash calculations on a hard drive is a form of search and thus subject to 4th Amendment limitations. In this particular case, the US District Court suppressed evidence of child pornography on a hard drive because proper warrants were not obtained before imaging the hard drive and calculating MD5 hash values for the individual files on the drive, some of which ended up matching known MD5 hash values for known child pornography image and video files. More details at Kerr's posting." Update: 10/28 16:23 GMT by T : Headline updated to reflect that this is a Federal District Court located in Pennsylvania, rather than a court of the Commonwealth itself.

cancel ×

623 comments

It's good to see. (5, Informative)

UseTheSource (66510) | more than 5 years ago | (#25541399)

The courts are finally getting up to speed on technology.

Re:It's good to see. (5, Funny)

larry bagina (561269) | more than 5 years ago | (#25541411)

Or the joys of child porn

Re:It's good to see. (5, Informative)

UseTheSource (66510) | more than 5 years ago | (#25541459)

It's not that child pornographers shouldn't be prosecuted, but like it or not, they're still entitled to the same due process as normal, "non-pervert" criminals. This "it's for the children" stuff shouldn't fly when we claim to follow the rule of law.

Re:It's good to see. (5, Insightful)

jollyreaper (513215) | more than 5 years ago | (#25541501)

It's not that child pornographers shouldn't be prosecuted, but like it or not, they're still entitled to the same due process as normal, "non-pervert" criminals. This "it's for the children" stuff shouldn't fly when we claim to follow the rule of law.

And anything we can do to deflate the "think of the children" hysteria will help protect our society. It's not that protecting children is a bad thing, it's that turning people into frothing flesh-rending mobs at the drop of a hat is a bad thing. If I were a nasty sort of black-hatted individual, the quickest way I can think of for destroying an enemy would be planting kiddie porn on his computer and dropping a dime to the authorities. Kiddie porn will be the new "baggie of drugs to plant on a perp." I wouldn't be surprised to see cops dropping usb drives on accidentally shot guys. "No, don't worry, I just planted kiddie porn on the guy. Disciplinary action? We'll probably get a medal for this."

Incidentally, your tagline: "Ein Volk, Ein Reich, Ein Messiah." Is that an inept slam against Obama?

Re:It's good to see. (-1, Troll)

tjstork (137384) | more than 5 years ago | (#25541763)

And anything we can do to deflate the "think of the children" hysteria will help protect our society

These children that you speak of aren't some imaginary thing you can airly dismiss. They are the hopes and dreams of the parents who raised them, the future of our society, innocent and worthy of our very best efforts to protect them. Honestly, I'd have to question the humanity of someone who is NOT outraged by any crime against a child, and least we can understand now that, that, given the active choice to let child molestors walk, that, all this other so-called liberal talk about children is a lie. They aren't interested in trying to save anyone, not the working man or the children. They are a cancer who deliberately brings countries down and ruins cultures in order to secure power for themselves. If the left can paint the current economic crisis as evidence of the failure of right wing greed, we can work our narrative too, the stabbed in the back narrative, and with ridiculous cases like this, we can and will make it stick. You just wait until Obama pardons Mumia...

Re:It's good to see. (4, Insightful)

BLKMGK (34057) | more than 5 years ago | (#25542169)

Speaking of frothing.... This wasn't an "active choice" to free a child molester it was a judge using common sense and realizing that this was a search without a proper warrant and throwing it out just as he would\should if an officer kicked your door down without a proper warrant.

Troll indeed!

Re:It's good to see. (4, Insightful)

Shadow Wrought (586631) | more than 5 years ago | (#25542205)

It is more a difference of scale. They are not happy that this guy had the search thrown out so much as the general, larger idea that the Constitutional limits of unreasonable search and seizure are being followed. The problem isn't the imaging or generation of hash values so much as it is then using those values to determine if they match any known values. Next time they'll have a warrant. And once the standard is set, the State will follow it and act accordingly.

Those who deal in child pornography and prey on children are, to my mind, some of the worst exxamples of humanity out there. I wouldn't bat an eye if they increased the prison sentences for them to life or allowed capital punishment. But it still has to remain within the bounds of our laws, the core of which is the Constitution.

Re:It's good to see. (5, Insightful)

nahdude812 (88157) | more than 5 years ago | (#25542223)

You misunderstand the parent post. He's not saying, "it's only children, who cares," he's saying, "whether or not it's children has nothing to do with whether a suspect's constitutional rights should be violated."

The thing is that you don't have perfect knowledge of whether the suspect is a child pornographer or not. Lacking perfect knowledge, you should seek it out by following the appropriate channels.

If you are sure that someone is involved in any crime (whether or not it involves children), you should be sure enough that you can convince a judge to issue a search warrant. If you don't have enough evidence to convince a judge to set aside this person's rights, then you shouldn't just go ahead and set aside those rights even if you're really, really sure.

That's due process. That's how we protect the rights of innocent citizens from being abused by the power granted to police and other government agents. It completely doesn't matter what the nature of the crime you're investigating is. I'll say that again. It is wholly immaterial what crime you suspect someone has participated in; if you don't have enough evidence to convince a judge to issue a search warrant, you should not take the law into your own hands anyway.

The only time you might convince me otherwise is if there was an imminent threat - such as in the case of kidnappings or (since you're talking about child porn), a live feed of a child being abused, and the only as far as is necessary to secure the immediate safety of that child. This again has nothing to do with it being children though - this is just as true in my mind for securing the immediate safety of adults.

Re:It's good to see. (4, Insightful)

jo_ham (604554) | more than 5 years ago | (#25542287)

And nowhere in the post you quoted was the inference that you applied to it, you're one of the "frothing flesh rending mob" if you believe what you state about the post in question.

No one, not even the leftiest lefty on the left of a leftie is arguing that crimes against children are not abhorrent (maybe my grammar is though - double negatives aside).

The issue here is "do the ends justify the means?" While you may agree that anything should be permitted to catch and convict child molesters and kiddie porn collectors, you have to watch the slippery slope.

If a law enforcement agency can scan your drive and compare MD5 sums without a warrant, you have removed due process from the equation - one of the things that you are entitled to in the US justice system, regardless of your suspected crime, because like it or not, you are innocent until proven guilty.

This whole bollocks of "if you have nothing to hide, you won't mind" is bullshit. If they come to scan your drive with no proof to justify a warrant then they might as well just say that everyone's drives need to be scanned when the law asks, and if they find anything that flags you, you then have the burden of proof on yourself to assert your innocence.

It just doesn't (or shouldn't) work that way.

Do I want child molesters arrested and put away? Absolutely. Do I want them to be arrested through an illegal search of their property? Absolutely not.

It's a hot button issue, much the same as terrorism - we're in danger of severely crippling our society if we stoop to "prove you're not a terrorist/child molester/communist or we'll lock you up!"

Re:It's good to see. (3, Interesting)

UseTheSource (66510) | more than 5 years ago | (#25541777)

Kiddie porn will be the new "baggie of drugs to plant on a perp." I wouldn't be surprised to see cops dropping usb drives on accidentally shot guys. "No, don't worry, I just planted kiddie porn on the guy. Disciplinary action? We'll probably get a medal for this."

Or, a good excuse to turn a neighbor or family member in to the party. It wouldn't be hard for private citizens to plant evidence in that manner, either.

Incidentally, your tagline: "Ein Volk, Ein Reich, Ein Messiah." Is that an inept slam against Obama?

Actually, given that the Nazi's brand of national socialism was ideologically very similar to Soviet Communism in many ways, I think I prefer this [youtube.com] . ;)

That's a terrible argument (-1, Flamebait)

tjstork (137384) | more than 5 years ago | (#25541633)

It's not that child pornographers shouldn't be prosecuted, but like it or not, they're still entitled to the same due process as normal, "non-pervert" criminals. This "it's for the children" stuff shouldn't fly when we claim to follow the rule of law

The law exists to serve the public good, and if the public loses confidence in that law, then we have no law at all.

"It's for the children" stuff is not some abstract thing that you can so handily dismiss. With this decision, the courts have just given license to all of those who kidnap or exploit children to make this pornography, by giving them a cash cow.

How would you feel about this man if it was your child's photograph on this man's notebook.

Quite honestly, the judicial tradition of suppressing evidence entirely because it was produced without a proper warrant is absurd. The man was clearly guilty and the evidence was there. Instead, fine the police for doing the wrong thing, take it out of their pay, but, still keep the evidence.

This judiciary system is madness.

Re:That's a terrible argument (5, Insightful)

BLKMGK (34057) | more than 5 years ago | (#25541779)

Or maybe get a proper warrant and follow procedures properly? Sorry, I am no fan of kiddie abusers but if we bent the rules the way you'd like them for this instance then what comes next? I break down your door as an officer, find nothing, and suffer a fine for having made a mistake? Sorry, the officers must follow rules same as you and I or they will become simple bullies. Oh wait....

Better a few guilty men go free on a technicality than allow officers to become a law unto themselves.

Re:That's a terrible argument (2, Informative)

Sun.Jedi (1280674) | more than 5 years ago | (#25542089)

Better a few guilty men go free on a technicality than allow officers to become a law unto themselves.

The largest US gang [thinblueline.org] has a well documented [aclu.org] record [nytimes.com] that would seem to indicate your statement is out of date.

As another everyday example, here's a big surprise [georgia-sp...t-blog.com] , no?

I'm not intending to troll/flamebait here, but MY perception is there is very little accountability for the 'on the job' crew in blue amongst themselves. It is also my perspective that there is very little integrity once one subscribes to the original meaning of the thin blue line [wikipedia.org] .

Re:That's a terrible argument (1)

liquidpele (663430) | more than 5 years ago | (#25541803)

You're advocating lynch mobs, do do realize that right?

Re:That's a terrible argument (5, Insightful)

Volante3192 (953645) | more than 5 years ago | (#25541813)

Quite honestly, the judicial tradition of suppressing evidence entirely because it was produced without a proper warrant is absurd.

So you're saying you have no problem with warrentless searches? Shall we continue this thought to it's logical extreme conclusion?

There's a reason the judicial system has the structure it does: so there's a strong trail of evidence, to ensure the rights of everyone involved have not been broken by law enforcement, to ensure nothing has been tampered with.

The law HAS to follow the law, otherwise what authority does it really have to enforce it?

Re:That's a terrible argument (5, Insightful)

InsaneMosquito (1067380) | more than 5 years ago | (#25541855)

How would you feel about this man if it was your child's photograph on this man's notebook.

How would you feel if it was your laptop that was seized without a warrant? "Oh I don't have child porn" you say. Sure...but without that warrant the cops may just plant the evidence. Now what say you?

Or, that friend you let borrow your machine last week, remember him? Yeah, he's not the church going fun loving person you thought. On that USB key with all of his work related stuff was a nice folder of child porn. Its a good thing he copied everything to your machine so you could work together on that big project that boss is asking about.

Or, that teenager in your house, yeah dirty young man. He's out browsing the internet looking for pictures. He accidently clicks on a link with under age "actors". Fortunately, he's a good kid and backs out of the site right away. Didn't look at anything, didn't mean to go there. Hell, you've even trained him well enough to erase cookies and temporary files. Hear that knocking? Yeah, that's the police showing up without a warrent and taking your machine. Oh look, they just found deleted child porn images on your computer. You sick bastard.

Without the warrant you have one more leg to stand on to fight these charges. Its there to protect the innocent.

Re:That's a terrible argument (2, Insightful)

RingDev (879105) | more than 5 years ago | (#25541861)

The man was clearly guilty and the evidence was there.

What evidence? Some md5 hashes that happen to match hashes from a select number of images? Odds are if we hash out every file on your hard drive we will also find matches to that same list. There for, by your own logic, we should arrest you, put your name on the sexual offenders list, and drag you into court, all with out a warrant.

If you really want to live in a country with that much legitimate power in the government, there are numerous flights to China every day.

In short:
Good: Civil liberties defended.
Bad: Possible case against alleged child porn possessor blown.
Worse: Cops too f'ing incompetent/lazy/ill-trained to get a freaking warrant.

The problem here is not civil liberties getting in the way of prosecution, it's the prosecution failing to follow the law.

-Rick

Re:That's a terrible argument (4, Informative)

msuarezalvarez (667058) | more than 5 years ago | (#25541953)

What evidence? Some md5 hashes that happen to match hashes from a select number of images? Odds are if we hash out every file on your hard drive we will also find matches to that same list.

Actually, odds are the hashes will not match...

Re:That's a terrible argument (4, Informative)

johnlcallaway (165670) | more than 5 years ago | (#25542185)

Odds yes.

But no guarantee.

A better check is hash and file size, since it is more difficult for two files of the same size to have the same hash by chance. Especially using compression due to images or videos of the same dimensions reducing to different sizes.

Hash and file size checks are useful for checking if a file is intact and possibly not altered. They are great for lookups.

But, in the end, you still need the file to validate the correct item is found. Hashmaps store both the key and hash for this very reason. The hash is a quick lookup, but the key is needed to verify the right element has been found.

Unless the hash is the same size as the key.....

Re:That's a terrible argument (1)

hedwards (940851) | more than 5 years ago | (#25542053)

Actually md5s are usually sufficient, it takes a lot of time and energy to determine if the photos really are children. Sometimes it's obvious, but when you're talking about teens, some adult women do look like kids. Unfortunately in many cases without knowing the person it's nigh impossible to determine with any real precision.

The reason why they'd want to use checksums would be that these images aren't generally one offs most pedophiles with pictures aren't making all of them themselves, the hope of using this technique was presumably to find a couple and then do a further search later.

It is also as the judge noticed an end run around the rules involved in procuring evidence and really shouldn't have been allowed into evidence.

Re:That's a terrible argument (3, Insightful)

2short (466733) | more than 5 years ago | (#25541939)

"How would you feel about this man if it was your child's photograph on this man's notebook."

How would you feel if it was your notebook I said had a picture of a child in it?

If our judicial system doesn't work right, we should fix it; I'm not taking a position on whether it works right in general. But let's assume we carefully figure out a set of rules and get our judicial system to work right for all manner of crimes from shoplifting to murder; rules that properly balance the rights of the (possibly innocent) accused. Turning around and throwing those rules aside for certain crimes is madness. That's what we mean by "think of the children" stuff: it doesn't help children any to do an intentionally bad job running the justice system for crimes related to children.

Re:That's a terrible argument (1)

smidget2k4 (847334) | more than 5 years ago | (#25541957)

No, using wrongfully obtained evidence is madness. If you allow it to be used in court cases, then wrongfully obtained evidence will start happening more and more in different kinds of cases.

Due process will go out the window, and you'll end up with people either fabricating evidence or just walking in to houses w/o warrants and searching whatever they damn well please.

And whose to say that if a cop searches your computer for child porn, tjstork, and doesn't find any but you get charged anyway for some cracked game that you own (legally bought, still a DMCA violation!) because that evidence was collected without a warrant stating that is what they were looking for.

Or if they knew someone was in a particular neighborhood and just turned it all upside down without warrants or permission. Cases can get very personal, and it wouldn't surprise me for a cop to be willing to take a slap on the wrist to use illegal evidence.

Re:That's a terrible argument (-1, Troll)

tjstork (137384) | more than 5 years ago | (#25542045)

And whose to say that if a cop searches your computer for child porn, tjstork, and doesn't find any but you get charged anyway for some cracked game that you own (legally bought, still a DMCA violation!) because that evidence was collected without a warrant stating that is what they were looking for.

Then don't break the law! What is so hard about not breaking the law. What you are essentially doing is tolerating a certain amount of crime because you do not agree with the law? If the law is as important as you say it is, then should we not follow it. If you don't to pay for a game, then don't crack it! if you think games should be free, then, have copyright reform to do so. Pick one! Don't be saying that you don't have to follow laws you don't agree with and then use the 4th amendment to hide your criminal activity, otherwise, you render the law just as meaningless as the police you condemn would.

Re:That's a terrible argument (1)

Ethanol-fueled (1125189) | more than 5 years ago | (#25542225)

Miscegnation [thefreedictionary.com] used to be against the law in many places. Our laws have improved since those days, but who's to say that they couldn't use more improvement?

Re:That's a terrible argument (1)

silent_artichoke (973182) | more than 5 years ago | (#25542295)

He said the game was legally bought. The crack is (I presume) just for the convenience of not having to keep the CD it came on in the drive while playing. Instead, the CD can be safely kept out of harm's way.

Re:That's a terrible argument (1)

plague3106 (71849) | more than 5 years ago | (#25542021)

The law exists to serve the public good, and if the public loses confidence in that law, then we have no law at all.

The public needs to stop and think. I for one don't care how much people would prefer to return to Dark Ages mentalities on crime and justice, it doesn't make it a good idea.

"It's for the children" stuff is not some abstract thing that you can so handily dismiss. With this decision, the courts have just given license to all of those who kidnap or exploit children to make this pornography, by giving them a cash cow.

It most certainly can be dismissed. The entire argument boils down to "the ends justify the means." Exactly the opposite of what our founders wanted, and for good reason. Oh, this ruling doesn't give a license to kidnap kids; it means cops must follow proper Constitutional procedure and get a warrant before searching. There are plenty of cases where those exploiting children HAVE been arrested following the letter of the law.

How would you feel about this man if it was your child's photograph on this man's notebook.

Ahh, good old "pleas to emotion" argument. That doesn't change the fact that a warrant should be required. I for one think it's a bad idea for police to be able to barge into anyone's house with cause and perform a search. I feel children are more in danger from that kind of behavior than requiring a warrant.

This judiciary system is madness.

No, you're reactionary knee jerk reaction given the historical evidence of what happens WITHOUT a 4th Amendment is madness. The laws are there to protect the people from the whims of those in charge. You don't believe it's an issue, you don't think it could ever happen... but it can and does all the time, all throughout history. If you're really that scared for your kids, I suggest you never let them out of your sight.

The rest of us will go on, realizing that our children are not in any danger, and that predators are not around every corner.

Re:That's a terrible argument (4, Insightful)

mea37 (1201159) | more than 5 years ago | (#25542141)

"The law exists to serve the public good"

No, it doesn't. Government exists to uphold rights, and the law exists to provide government one of the tools to do that. Rights belong to individuals, not "the public".

What makes a child pornographer a criminal is the concrete harm he does to an individual -- not some abstract harm to "the public good".

The system is designed around that. The bill of rights gives weight to the rights of the accused for two reasons. First, it is the job of the justice system to protect everyone's rights -- to defeind the rights of the victim while still respecting the rights of the accused. Second, when we don't respect the rights of the accused, we tend to conflate "accused" with "guilty", and then nobody's rights (including the victim) are protected.

If you dont respect the rules of the system even when they make it harder to catch the bad guy, then you're really asking for a rule-less system that enforces your will. But watch out -- yours isn't the will that's going to prevail if the system heads that way.

"With this decision, the courts have just given license to all of those who kidnap or exploit children to make this pornography"

No, they haven't. They have not made child porn legal; they have reminded the authorities that they still have to do their job according to the rules even when it's a job that really needs to be done.

"How would you feel about this man if it was your child's photograph on this man's notebook."

If we left 'justice' in the hands of how those harmed by the crime feel, it would be revenge (which is not the same thing -- and which incidentally doesn't serve the "public good", either).

"the judicial tradition of suppressing evidence entirely because it was produced without a proper warrant is absurd. The man was clearly guilty and the evidence was there. Instead, fine the police for doing the wrong thing"

Here, I agree -- to a point. It doesn't change the fact that in the context of the system as it exists, the court's action is correct, though; today the remedy for illegal search is suppression of evidence.

But yes, I think holding law enforcement personally responsible when they violate the rights of the accused would be more just than penalizing the victim (and any potential future victims) by preventing a conviction when the accused really is guilty -- if such a system can be made to work.

There are two problems with that, though, which I don't know how to resolve:

1) Having performed an illegal search, which results in the conviction of a child pornographer, a police officer goes on trial. What jury will convict him? If the answer is none and that's ok with you, then you're really saying that the accused shouldn't have had rights in the first place.

2) Being personally liable for mistakes can create an incentive to do less work. I'm not saying this justifies a lack of personal accountability in general, but you do have to have a system in which the police are confident "if I do the right thing, I won't be punished". That's harder than it sounds.

It doesn't matter. (1)

mcgrew (92797) | more than 5 years ago | (#25541911)

What good is a phone call if you're unable to speak, Mister Anderson?

From one of my journals last year:

The cops called her number, and the boyfriend siad he'd locked the screen by mistake. They gave Chris a ride home. "We'll close your gate for you", the cop said, "and your garage door."

My garage! "My lawnmower!" I exclaimed.

"It's ok" the cop said, "we opened it to look around."

So much for the 4th amendment on the day we remember the fallen heros who died defending the Constitution.

It also journals an attempted drug bust ("attempted" because there were no drugs).

Yeah, this SOUNDS like good news, but so long as law enforcement and the legislature holds the Constitution in the utter contempt that they do, it doesn't really matter what the court rules.

Liberty? What Liberty? [kuro5hin.org]

Re:It doesn't matter. (1)

UseTheSource (66510) | more than 5 years ago | (#25542251)

That's what scares me about this presidential election. If Obama wins, the far left will have control of the executive and legislative branches of government. With the Justice Department, federal law enforcement and the military under their control, they can pass and enforce whatever they like, and if the judiciary has a problem with its constitutionality the new prez can just tell them to get bent. Once a couple of far left, activist SCOTUS justices are appointed, that won't even be a problem anymore.

that's basically what they were doing. (5, Informative)

yincrash (854885) | more than 5 years ago | (#25541405)

you can't generate md5s w/o actually looking at all of the data in the file.

Re:that's basically what they were doing. (3, Insightful)

grapes911 (646574) | more than 5 years ago | (#25541449)

And why did the technicians generating the md5's not know this? I'm all for the ruling, but how hard would it have been for someone to stand up and say, "We got this guy, but let's get a warrant before we scan his hard drive."

Re:that's basically what they were doing. (1)

autocracy (192714) | more than 5 years ago | (#25541511)

I think it's likely they know. It's possible that they didn't bother with the warrant because the computer was handed over by some other party. Now they're trying to still use it in court. Stupid to not get the warrant, though.

Re:that's basically what they were doing. (3, Informative)

Anonymous Coward | more than 5 years ago | (#25541785)

"We got this guy, but let's get a warrant before we scan his hard drive."

The odd thing is that the computer was in the landlord's friend's friend's (brother's dogwalker's sister-in-law's... whoops, got carried away) possession having been seized during the eviction. The vast majority of precedent (used whenever the government wants data from phone companies and mail servers, etc) says that if the guy with the data freely gives it to the cops, they don't need no steenkin warrant.

While the overall decision is welcome (that the government can't just force their way into my house and hash my drive on a whim), the method by which the decision was arrived at is unsound, and will almost certainly be overturned on the grounds that it wasn't the pedophile's drive anymore, therefore the pedophile had no standing to object to the search.

Re:that's basically what they were doing. (2, Insightful)

DeepDarkSky (111382) | more than 5 years ago | (#25541481)

Very true. It's almost like simply taking a picture of evidence in a residence after busting down the door, even though there's no search warrant to search the residence.

Re:that's basically what they were doing. (1, Interesting)

Anonymous Coward | more than 5 years ago | (#25541685)

Besides, hashing all "known offending pictures" is a stupid idea anyways... All that needs to be done is alter 1 whole bit of the image file (hell, shift the color of a random pixel 1 shade) and it's impossible for them to find it unless you upload your new file into a database.

Re:that's basically what they were doing. (2, Insightful)

blitzkrieg3 (995849) | more than 5 years ago | (#25541697)

That's what I don't understand. IANAL, but how is this different than just simply opening the images or videos of the CP? You have to access the hard drive either way.

Which stage was the search - the creating the duplicate? The running of the hash? It's not really clear.

I would say creating the image counts as a search, since you have to actually go in and read the data from his hard drive.

help please (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#25541473)

Slashdot janitors are of no use.

Why the hell are the stories pushed all the way down to the bottom of the page in Firefox 3.0.1?

The Sections menu and the Slashboxes are taking up a lot of real estate and leaving dead space to scroll through to reach the submitted articles.

Bad way to search for kiddie porn (5, Interesting)

betterunixthanunix (980855) | more than 5 years ago | (#25541483)

This sounds like the worse possible way to search for kiddie porn, because a suspect who wanted to conceal his activities could just change a single pixel, and the entire hash would change. They would need a signature method that doesn't change dramatically when a single bit changes, like something based on a frequency analysis.

Re:Bad way to search for kiddie porn (1)

flajann (658201) | more than 5 years ago | (#25541559)

This sounds like the worse possible way to search for kiddie porn, because a suspect who wanted to conceal his activities could just change a single pixel, and the entire hash would change. They would need a signature method that doesn't change dramatically when a single bit changes, like something based on a frequency analysis.

Or they can just look at the pictures. At least, that's the way it used to be done.

Re:Bad way to search for kiddie porn (1)

gnick (1211984) | more than 5 years ago | (#25541701)

I would assume that this is just a "first pass" search. Many criminals will simply be too lazy to flip a bit (how many confessed copyright violators out there take the time to flip a bit on their ill-gotten mp3s or avis?) It's a quick, easy search with bullet-proof results. After you scan for known hashes, you search for '.jpg', '.gif', etc. even though simply changing the extension on a file would elude that search technique - Many people will leave them intact so that they're easier to view. That search is more time-intensive because somebody actually has to look at the list and see if there's anything named '3yo_covered_hot_grits.jpg' or, alternatively, actually open a bunch of stuff up and look at thumbnails. From there you can imagine any number of more involved search techniques, but you get my point.

Re:Bad way to search for kiddie porn (0)

Anonymous Coward | more than 5 years ago | (#25542239)

You would think that the criminals would be lazy and stupid but the comedian Doug Stanhope received a CREEEEEPY email from a fan who responded to him making a joke about pedophiles that was very enlightening. The writer mentioned how the internet had made all the pedos go super-high tech in terms of encryption and anonymity. Multiple proxies and anonymous remailers seemed to be at their backbone. The guy also mentioned that he had a collection ranging in terabytes and that he didn't have a large collection compared to others.

Re:Bad way to search for kiddie porn (3, Insightful)

blitzkrieg3 (995849) | more than 5 years ago | (#25541859)

Or they can just look at the pictures. At least, that's the way it used to be done.

That's kind of the point. For some reason the courts used to think that looking at the pictures would count as search w/o a warrant, but comparing files against known md5 hashes wouldn't. By running the md5 hashes, the detective had a way to prosecute this guy w/o getting a search warrant. This ruling effectively puts a stop to that.

Re:Bad way to search for kiddie porn (1)

2short (466733) | more than 5 years ago | (#25541959)

But then you can't pretend it's not a search and you don't need a warrant.

Re:Bad way to search for kiddie porn (1)

avandesande (143899) | more than 5 years ago | (#25542177)

Assuming you are not a pervert, how much would someone have to pay you to look through CP all day? What effect would this have on your mental health?

Re:Bad way to search for kiddie porn (1)

aproposofwhat (1019098) | more than 5 years ago | (#25541569)

Would you expect the sort of sad-sack who gets his jollies from kids to understand that?

Now that this case has highlighted the use of hash values, I'm sure some of the more intelligent kiddy-fiddlers will start to modify the images, but the vast majority of perverts will still be caught.

Nice idea for a different sort of signature, though - perhaps it might be a good project to highlight the usefulness of Open Source.

Re:Bad way to search for kiddie porn (1)

betterunixthanunix (980855) | more than 5 years ago | (#25541853)

Keep in mind that pædophilia does not imply a lack of intelligence or a lack of knowledge. We like to think of pædophiles as these sad, sick men who look creepy and go around unshaven, but the reality is that a lot of them appear perfectly normal, and some hold jobs in the computer industry. Such people would very quickly realize that they could defeat a system based on hash signatures by merely modifying a single low-order bit in some random position in the image. Worse, if the people at the production and distribution levels realize this, it will not take a long time before the process is automated and a pædophile looking for images has images with random low-order bits changed.

An open source frequency analysis project would be pretty cool, and it would probably have applications beyond simple police work.

Re:Bad way to search for kiddie porn (0)

Anonymous Coward | more than 5 years ago | (#25541635)

It seems easier than it is. Manually changing a pixel on a thousand images is way too much work. And how can it be made automatic? I don't want stray pixels on my child's penis.

Re:Bad way to search for kiddie porn (1)

eosp (885380) | more than 5 years ago | (#25541733)

A lot of formats have places that you can modify that don't actually change the picture. For example, if I recall correctly, appending anything to a GIF won't change it (but will leave it valid).

In addition, you can normally just open it up and re-save it; that will often change the hash without changing the data. (Don't do this too much with JPEGs, of course.)

And I suspect that find(1) and ImageMagick will solve most such needs.

Re:Bad way to search for kiddie porn (1)

Ambiguous Coward (205751) | more than 5 years ago | (#25541835)

And I suspect that find(1) and ImageMagick will solve most such needs.

Ohhhhh, I get what you're saying: those tools are used by child pornography consumers and producers in order to circumvent law enforcement agencies' efforts. All right, fair enough. New legislation outlawing those tools in 3, 2, 1...

-G

Re:Bad way to search for kiddie porn (0)

Anonymous Coward | more than 5 years ago | (#25541757)

You don't need a stray pixel on your child's penis. You need to flip a single low-order bit somewhere. Maybe a few pixels on your child's penis become a slightly different shade of pink. it doesn't matter.

Re:Bad way to search for kiddie porn (0, Offtopic)

purpledinoz (573045) | more than 5 years ago | (#25541647)

You're assuming that the suspect is a computer geek. 95% of the people don't even know what a hash is (in the computer sense). This is a good automated way of searching. However, if they run into someone who is a computer expert, the authorities will probably face decrypting volumes.

Re:Bad way to search for kiddie porn (3, Interesting)

Chyeld (713439) | more than 5 years ago | (#25541707)

More than likely the hashes are generated against the picture not the file data, and are 'fuzzy' enough that minute changes in the image are ignored. That was many 'Usenet duplicate image detectors' do. For instance, one of the old programs I used to use did this:

* Render image and convert it to grayscale.
* Resize image to 128x128 or some other 'thumbnail' size.
* Create a hash based on the thumbnail.

You'd have to mangle a picture a good amount for it not to show up as a positive match. The problem is you'd have a good number of false positives. On the other hand, if you are using this as a fishing expedition to find an excuse for a more through search, that really isn't a problem... is it?

Re:Bad way to search for kiddie porn (1)

treeves (963993) | more than 5 years ago | (#25542245)

A "fuzzy hash"? Seems like an oxymoron. Maybe I don't understand.

Re:Bad way to search for kiddie porn (1)

blitzkrieg3 (995849) | more than 5 years ago | (#25541787)

The point is that most people don't think about this that much, and that most people won't bother to change that bit. After all, the guy got caught using the md5sum, didn't he?

Just because the tool will not catch all CP videos doesn't mean that it's ineffective.

Re:Bad way to search for kiddie porn (1)

aswtech (1302583) | more than 5 years ago | (#25541889)

Hash code writers need to get busy on new algorithms that are robust and not subject to the Birthday Attack.

Re:Bad way to search for kiddie porn (1)

avandesande (143899) | more than 5 years ago | (#25541983)

I kind of doubt that if there is a ton of evidence that someone is downloading this stuff they would stop at using a hash; they probably use several different techniques.

Re:Bad way to search for kiddie porn (1)

Kokuyo (549451) | more than 5 years ago | (#25542173)

You seem to believe that all consumers of kiddie porn are computer literate uber haxx0rs.

Have you ever downloaded a porn collection via BitTorrent or the likes? I'd imagine if you know a few guys who know a few guys who can get you in touch with this stuff, then you'll have a few thousand individual pictures or some dozen movie snippets in no time. How is Joe Regular supposed to edit one pixel in all of them without quitting his job? Hell, I am not sure myself how I'd tackle such a project.

The idea in and of itself isn't so bad. And I do think it's a good thing the judge got wise on this case and seemed to understand the technical implications.

RE It's good to see (3, Funny)

phatvw (996438) | more than 5 years ago | (#25541493)

Hash is ~$30/gram depending on quality. Seems like those folks in PA have been smoking something else if they thought they needed to calculate an emmm-dee-five.

Re:RE It's good to see (2, Funny)

pak9rabid (1011935) | more than 5 years ago | (#25541621)

Man, you're getting ripped off.

Re:RE It's good to see (1)

Frosty Piss (770223) | more than 5 years ago | (#25542055)

Hash is ~$30/gram depending on quality.

If you can find it.

I dont see how the 4th amendment applies here (5, Interesting)

Phizzle (1109923) | more than 5 years ago | (#25541497)

The guy whose computer was searched, abandoned the computer and gave up any rights at that point, the person who found the porn was computers new owner. Just like any trash tossed out becomes public domain, there should have been zero expectation of privacy at that point. I am not a legal scholar, but I do not see how the 4th amendment applies here. It would be no different than if this was a diary in a different language and the person who inherited the diary found a translator, upon finding criminal evidence it would be fully admissible.

good point (1)

Reality Master 201 (578873) | more than 5 years ago | (#25541527)

Anyone who's not talking out their ass care to comment on this?

Re:good point (5, Informative)

liquidpele (663430) | more than 5 years ago | (#25541653)

FTA "First, the facts. Crist is behind on his rent payments, and his landlord starts to evict him by hiring Sell to remove Crist's belongings and throw them away. Sell comes a cross Crist's computer, and he hands over the computer to his friend Hipple who he knows is looking for a computer. Hipple starts to look through the files, and he comes across child pornography: Hipple freaks out and calls the police. The police then conduct a warrantless forensic examination of the computer" So yea, I agree that the question here is whether they had a right to search it or not. Seems like the DA realized that they didn't, and tried to bypass the 4th with the "hash" theory, which the court rightly smacked down.

Re:good point (3, Interesting)

LWATCDR (28044) | more than 5 years ago | (#25541739)

The problem I have here is I would think that this would come under reasonable cause.
Someone calling the police and saying "Hey I found kiddie porn on this computer." seems to be reasonable cause to me.

Re:good point (1)

Phizzle (1109923) | more than 5 years ago | (#25541841)

Finding child porn on an abandoned computer constitutes ample cause, and considering the computer was abandoned removes any constraints from investigators as to the tools they choose. Seems cut and dry... Now I got to read more on this case - maybe there is more to it not apparent from the immediately linked article.

Re:good point (1)

Locklin (1074657) | more than 5 years ago | (#25542195)

Seems cut and dry to me too. *If* they had asked for a warrant, they surely would have gotten it.

Re:good point (1)

liquidpele (663430) | more than 5 years ago | (#25541913)

Yea, I'm not sure why it would be illegal for them to search. I know cops can legally take anything that's in your trash. I suspect there was some loophole he got out of.

Basically, it's a sad day for prosecuting scum-bags, and a good day for technological sanity in the court room.

Re:good point (1)

LWATCDR (28044) | more than 5 years ago | (#25542039)

Not really.
We can at best hope that they don't toss out all of it because it was a legal search after all.

Re:good point (0)

Anonymous Coward | more than 5 years ago | (#25542181)

Someone calling the police and saying "Hey I found kiddie porn on this computer." seems to be reasonable cause to me.

And would be sufficient to get a warrant to verify it was actually the case.

unless there is more to the story (1)

Phizzle (1109923) | more than 5 years ago | (#25541769)

Unless there is more to the story, which is not obvious from the RTFA, the evicted party forfeits the rights to what they chose to leave behind during the eviction. I am a firm believer in due process (14th) and in the 4th amendment, but again, I do not see how they apply here. In this one rare case court seems to have gone overzealous on the technological aspect of the case.

why not? (1)

mikeee (137160) | more than 5 years ago | (#25542227)

Even if he thought the search was ok, if he wasn't 100% sure, the DA was just giving himself a second chance to win by arguing it wasn't a search at all. He wins if either argument holds up, so why not make both? (And he has to make them in that order; you can hardly argue 'the search was legal, and also, we didn't search it'.) This is standard legal tactics.

It's a Redundant Array of Independent Arguments.

Re:I dont see how the 4th amendment applies here (1)

jgtg32a (1173373) | more than 5 years ago | (#25541567)

That's the first thing I thought as well.

What was the chain of custody (0)

Anonymous Coward | more than 5 years ago | (#25541617)

It would be really scary if I junked a computer and months to years later someone might accuse me of child porn.

Wouldn't you have to prove exatcly where the hard drive was and who had custody of it all all times?

Sounds kindof like those people who give away a junker car without getting the new owner to properly take the title. The new owner gets into a hit-and-run and the state goes after the person who is the owner of record.

And really, encrypt your porn, guys! (0)

Anonymous Coward | more than 5 years ago | (#25541525)

You never can tell if something you download off of the Internet is "child porn" or not, so you should always encrypt.

Moreover, you should probably run ImageMagik on all your files anyway (assuming they are images) to confound any md5 checking. For video, you can transcode it to the same effect.

Don't be stupid. I am NOT advocating "child porn", but knowing whether a model is 17 or 18 is not something I would want to risk going to jail over.

Re:And really, encrypt your porn, guys! (0)

Anonymous Coward | more than 5 years ago | (#25541615)

It's probably too hard for the authorities to "prove" that a model was 17 or 18 also. Especially considering she'll probably be 18 by the time any real distribution occurs, which means they'll have to prove the film was made x months ago, at which time she wasn't 18, blah blah.

They generally go after the guys trading the 13 y/o girls crowd, where anybody in their right mind can tell she's not anywhere near 18.

Re:And really, encrypt your porn, guys! (1)

avandesande (143899) | more than 5 years ago | (#25542035)

It's no different than doing a keyword search on a directory of text files.

search = search (4, Insightful)

drfireman (101623) | more than 5 years ago | (#25541551)

Calculating hash values isn't search. Calculating them and comparing them to a database is. Not only is it quite clearly search (searching for files that match known MD5 signatures), it's hard to imagine another way to describe it without being deliberately obfuscatory.

Re:search = search (5, Insightful)

characterZer0 (138196) | more than 5 years ago | (#25541693)

To calculate the hash values they had to read the contents of the drive. That is a search of a person's effects without a warrant.

Re:search = search (1)

pilgrim23 (716938) | more than 5 years ago | (#25542083)

Question from a non-tech: Is a hash values somewhat of a signature value? That is, would it be possible for a jpg of "Little Suzie does the Walrus" possibly have the same hash value as "Aunt Gertude writes us about her knitting"?

Re:search = search (2, Insightful)

frieko (855745) | more than 5 years ago | (#25542121)

Here's a hash algorithm: Go into a room and write down everything you see. The list is now a hash of the room. It doesn't matter if you compare the list to a database of illegal things or not. A hash is a search.

MD5 Collisions... (1)

languagehacker (1317999) | more than 5 years ago | (#25541563)

...are like a mistaken identity sitcom waiting to happen--especially when that mistaken identity is a pedophile. I mean, they've covered that in probably like four Seinfelds, three Curb Your Enthusiasms, and a couple of Arrested Developments, right?

Re:MD5 Collisions... (3, Informative)

liquidpele (663430) | more than 5 years ago | (#25541745)

Oh God, I knew someone would go there...

The chances of a md5 collision are more remote than the chances that someone else's DNA at a crime scene will match yours. Want to see for yourself? Get a calculator and do 36^32 and that's the number of different hashes you can get. Give me a break. The fact that there are collisions is a fun anomoly as long as you can't generate collisions with an algorithm, not anything useful.

Re:MD5 Collisions... (0)

Anonymous Coward | more than 5 years ago | (#25542231)

And hell, beyond that... this was pretty clearly only meant as a first pass search, were it to go to trial (especially on the basis of a single collision - we'll have to agree the odds of two separate collisions are too small to consider) the relevant file would certainly be shown. And then either it's kiddy porn or it isn't.

Re:MD5 Collisions... (1)

Kokuyo (549451) | more than 5 years ago | (#25542275)

Considering the news a few weeks back that some of the FBI's DNA entries matched several offenders or some such thing you really shouldn't make a comparison using DNA ;)

Re:MD5 Collisions... (2, Informative)

Trevin (570491) | more than 5 years ago | (#25541931)

Even if the hard drive has a couple of million files on it and there are a few thousand known hashes of illegal files, the odds of having a different file with a matching hash are in the neighborhood of 10^28 to 1 against.

Re:MD5 Collisions... (1)

Locklin (1074657) | more than 5 years ago | (#25542243)

And if there is a Collisions, I'm quite sure someone would actually *look* at the file in question before locking you up in pound-me-in-the-ass prison.

Law Enforcement Storage of Naughty Things (5, Interesting)

tripdizzle (1386273) | more than 5 years ago | (#25541661)

"some of which ended up matching known MD5 hash values for known child pornography image and video files." Wait, so law enforcement has a database of kiddie porn and kiddie porn md5's? Some perverted bureaucrat found himself the right job.

Re:Law Enforcement Storage of Naughty Things (1)

Markimedes (1292762) | more than 5 years ago | (#25541935)

You know that's probably why they made the md5's? Because they didn't want to actually store the porn?

Otherwise they would just do a binary comparison.

Re:Law Enforcement Storage of Naughty Things (1)

tripdizzle (1386273) | more than 5 years ago | (#25541965)

I knew that, I just felt like making a joke, but someone had to look at it before it was hashed.

Re:Law Enforcement Storage of Naughty Things (1)

Markimedes (1292762) | more than 5 years ago | (#25541989)

They should have children do it. They are pure and sinless, and it wouldn't scar them for life.

Yes. (2, Insightful)

Markimedes (1292762) | more than 5 years ago | (#25541703)

Yes, I would qualify parsing someone's file system into file sized chunks and processing them bit by bit and feeding that data into a hashing algorithm as searching.

Error made by Slashdot in headline (5, Informative)

bfwebster (90513) | more than 5 years ago | (#25541715)

When I submitted this story, I gave it the headline "US Court:...". Someone changed that to "PA Court Says...". That's wrong. This is a ruling from a US District (Federal) court, not a Pennsylvania state court, and so carries much more weight. ..bruce..

Interesting. (0)

Anonymous Coward | more than 5 years ago | (#25541753)

If they mantain such database, I would expect that ISP filters in some countries also check on traffic and compare against this database.
I wonder how many unsuspecting downloaders were caught this way. (there are many of them who probably know how to never get caught though).

Still, all this pedophilia hype shows how effective society can be at censoring certain information.

I love how... (0)

kuzb (724081) | more than 5 years ago | (#25541907)

...we speak of finding now inadmissible evidence that someone is collecting/distributing child porn, and you guys tag it as "suddenoutbreakofcommonsense". Really, people.

Re:I love how... (1)

Fished (574624) | more than 5 years ago | (#25542079)

I'm probably best known on Slashdot as being a rabid conservative (at least from the point of view of the typical Slasdotterati--check out my history), but in this case, I agree with the Slashdot consensus. Civil rights are only meaningful if they apply to the worst of our society. I have no sympathy with this man's crime, but it is evident to me that the police should have gotten a warrant before "hashing" his hard drive. That they failed to do so is inexcusable, and the recognized remedy in these cases is for the tainted evidence to be excluded.

Re:I love how... (1)

mikeee (137160) | more than 5 years ago | (#25542159)

Well, yes and no. The court apparently ruled that the hard drive was searched; it's not clear at this point if it was ok to do the search (because it wasn't his hard drive anymore) or not. The DA had hoped to avoid any doubt on that point by arguing that just taking md5 hashes and seeing if they match wasn't a search... which, of course, it is.

Re:I love how... (5, Insightful)

MikeBabcock (65886) | more than 5 years ago | (#25542115)

Bad police work is bad police work, no matter the criminal.

Here's a clue: be upset with the stupid officers that could've followed procedure and actually nabbed the guy instead of being lazy and screwing up the case instead of the judge for enforcing the law.

These are YOUR freedoms too.

Re:I love how... (1)

rhsanborn (773855) | more than 5 years ago | (#25542249)

Just because we don't always like the results of due process and the application of the Constitution doesn't nullify the idea that it is indeed good to see it (although infrequently) upheld.

I'm pretty sure that suddenoutbreakofcommonsense wasn't in reference to letting pedophiles free, but was rather in reference to defense of the Constitution.

Please don't take the above as an opinion on the judgement indicated on the article. I'm not making one, but rather as an explanation in contrast of the above comment.

I don't think 4th amendment applies in this case.. (0)

Anonymous Coward | more than 5 years ago | (#25541973)

The biggest issues I see with going 4th amendment rights on this is the fact that the defendant doesn't own the computer anymore. From the article he lost it because of problems not paying rent. It changed hands to an uninvolved third party who noticed the files were on, now his, computer. He did what I would see as the right thing reporting it. He allowed the policy to look over the computer.
 
Does it count as a search? Yes without a doubt.
 
Does it break 4th amendment rights? If it still belonged to the defendant, sure, but it didn't at this point.

auto hash changer (1)

cinnamon colbert (732724) | more than 5 years ago | (#25542077)

don't child porn creeps and ordinary privacy obsessed /. ers have a utility whihc automatically changes any file of type x so that the hash changes ?

I don't know anything about computing, but it can't be that hard to have a utility which automatically edits any .tif or.doc or .mp4 so that the MD5 hash is changed ?

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...