|
snoot
look alive ∞




Registered: 01/30/05 
Posts: 9,640
Loc: 45º parallel
Last seen: 1 day, 10 hours
|
irc logs as evidence in court?
#14160099 - 03/21/11 04:11 PM (12 years, 10 months ago) |
|
|
I've read a few contradictory things lately pertaining to this subject, and the expectation of privacy when it deals with internet chat rooms and messages. I've read a few presidence say that they cannot be used in the courts as evidence, and some say they can. Some say that it is analogous to emails in regards to privacy rights,. I guess my question is what do you think? What do you know? I know this is going to be different in different states. I was just reading this from 07' regarding monitoring techniques and legal issues regarding irc chat rooms;
http://wvuscholar.wvu.edu:8881//exlibris/dtl/d3_1/apache_media/L2V4bGlicmlzL2R0bC9kM18xL2FwYWNoZV9tZWRpYS8xMzY1OA==.pdf
It is fairly obvious that the only way to conduct a thorough investigation online via a chat room or something would be to do it like a narcotics investigation, lots of man power, lots of time spent listening to nothing, and watching for those lil nuggets of goodness, lots of money, lots of hardware. Here is an exert from that article on the subject of legality etc..;
Quote:
4.2 Why the Appeal The previous section discussed the many types of internet crimes which occur in chat rooms on the web. Now, the question at hand is: why are these individuals and groups drawn to the medium that is the internet chat room? These are reasons such as: 1 User Anonymity 2 Lack of Conversation Records 3 Laws Restricting Logging 4.2.1 Anonymity Anonymity is a luxury that can not be afforded in person beyond an individual not revealing his or her name. The handle or username that a person uses while online acts as a veil to mask the user’s true identity. This quality goes hand-in-hand with a chat room’s feature for giving users the ability to pretend they are someone they are not. While in a chat room users may assume the identity of someone by another name, a person of another gender or age group, or even create a whole new image or personality for themselves. This offers an initial layer of protection for the user which begins the multiple layers of discovery law enforcement must peel away during their investigation in order to determine the true identity of criminals in an internet chat room. 11 4.2.2 Lack of Records The lack of conversation logs recorded by many chat sites is another difficulty possibly facing law enforcement officials in an investigation; and, by the same right, this is an aid to criminals in the online chat world due to the lack of readily available evidence. This lack of logging by server owners leaves the task to groups conducting investigations or their associated investigation tools to capture the logs that would be used in a criminal prosecution. 4.2.3 Legal Issues There exists a potential need for investigators to collect conversation logs in chat rooms for evidence. However, law enforcement officers need to consider the legal aspects associated with this action. As stated previously, wiretapping laws do not apply in chat rooms, for the reason that speaking in a chat room is akin to speaking in a crowded room. Officers only need be aware of restrictions within the specific jurisdiction in which the case applies. An example of one such restriction is a New Hampshire law requiring both parties involved to consent to being recorded in order for the log to be admissible as evidence in court [2]. 4.3 Difficulties When tracking the perpetrator of a crime in an internet chat room from the handle used in the crime back to the user sitting behind a keyboard, there is an array of difficulties facing law enforcement officers that also coincide with some of the factors that lend appeal to the criminal element. These obstacles must be considered very carefully when determining how to proceed with an investigation. 12 There are three prevalent categories in which these issues may be grouped; these categories are: 1 Lack of Logs Maintained by Chat Owners 2 Identifying Users Based on Logon Information 3 Legal Obstacles Preserving the Rights of Chat Users 4.3.1 Lack of Logs The lack of logs kept by owners of chat room hosting servers is perhaps the easiest to overcome of the challenges encountered by investigating officers in a criminal case. This obstacle comes in two forms: no records or records with a short life-span. Many sites only keep records of users rather than the discussions in chat rooms. On top of this, if a site does keep records of the conversation taking place in their chat rooms, most likely they will not exist for long. It is common practice in the business world to only keep certain types of data for a set period of time; that is to say that discussion records may be destroyed in the course of the business’s day-to-day operations. This inconvenience may be overcome by the investigating officer in the chat room through implementation of a purchased or developed logging application (such as the algorithm proposed in Appendix E) for use while monitoring in the room. Leaving the investigator to capture logs also provides the benefit of having a copy of the evidence already stored for later prosecution. These logging applications could capture the text of the chat room conversation (example shown in Appendix C), or it could capture screen-shots to create a digital video similar to a flip book. This scenario leaves an investigating officer with the task of building a case and obtaining a warrant to gather the information on a company’s server in a timely manner so as to acquire user information before it is removed from the 13 server. This data removal leaves law enforcement less time to build a case, thus creating an additional challenge. 4.3.2 Identifying Users The next major obstacle investigators encounter in their endeavors to trace a username back to the identity of a real person is being able to prove who was sitting at the keyboard at the time of the criminal act. This obstacle may result through several means: Dynamic Usernames – Allowing users to create a new handle every time they enter the room preventing investigators from associating a username with a particular individual that frequently uses that name. Password and Identity Theft – Stolen passwords or identities can allow a malicious user to create an account for a chat room using another person’s identifying information, thereby impeding an investigation while the investigators attempt to find the true user. Poor Computer or Network Security – This could indicate something as simple as walking away from an unlocked account for a few moments or saving their password in a public location such as an internet café. Additionally, many home users now implement wireless networks within their home; however, some fail to secure their network. These unsecured networks offer the opportunity for a malicious user to park near the house and make use of this network, thus the evidence points back to the owners of the network rather than the malicious user. 14 Redirection by a Malicious User –.This would involve the malicious user spoofing, or changing, their IP or MAC addresses. In the case of IP addresses, this could lead investigators to the wrong location; and in the case of the MAC address, the wrong computer at the correct location. But even after these issues, the case comes down to either proving that a particular person was at the keyboard at the time of the crime such as those in an internet café, or determining for a fact that a crime was committed on a home PC and identifying the responsible party. 4.3.3 Legal Obstacles Among the considerations, officers of the law must determine if the evidence gathered may be used in a court of law. All Americans, whether their acts have been deemed criminal or not, are constitutionally guaranteed against unlawful search and seizure [5]; meaning that the law enforcement official involved must obtain a warrant from a judge specifying precisely when, where, and what is to be searched. This constitutional protection also extends to the digital world where wiretapping (the act of intercepting wired transmission) is prohibited without a signed warrant. However, in the case of chat room investigation, the Supreme Court has ruled that conversations within a chat room offer no expectation of privacy [1]. The specific text of the ruling in US v. Charbonneau is as follows: There is a limited expectation of privacy for emails sent/received on AOL. Email is like regular mail. When it is sent, the sender’s expectation of privacy diminishes. Once an email (like a letter) is received the recipient controls it and the sender’s expectation of privacy is gone. There is even less expectation of 15 privacy in a chat room. When someone posts in chat room, he/she runs the risk that an undercover agent is in the chat room. Therefore, anything said in chat room is admissible in court [1]. This ruling allows for the use of internet chat logs to be admissible as evidence in crimes where a chat room discussion was involved. In the case of a personal message, this would not be admissible without the perpetrator first inviting the investigating agent into the private chat. However, exceptions do exist; in states such as New Hampshire, there exist laws maintaining that even a chat room log is inadmissible as evidence in court unless all parties involved have consented to the recording of the conversation [2]. Therefore, investigating officers must be aware of laws in the jurisdiction of the offending user before pursuing criminal charges; thereby adding a degree of complexity in getting the user to consent to logging without being accused of entrapment.
--------------------
∞ I am incapable of conceiving infinity, and yet I do not accept finity. - Simone de Beauvoir -
|
Seuss
Error: divide byzero



Registered: 04/27/01
Posts: 23,480
Loc: Caribbean
Last seen: 2 months, 21 days
|
Re: irc logs as evidence in court? [Re: snoot]
#14163347 - 03/22/11 06:56 AM (12 years, 10 months ago) |
|
|
> I've read a few presidence say that they cannot be used in the courts as evidence, and some say they can.
I'm not a lawyer, but I am qualified as an expert witness in the US in the areas of computer security and data recovery. I cannot offer an expert opinion regarding the privacy question that you asked, but my guess is that since a chat room is public, anything recorded is admissible, much like pictures taken in public are admissible. In the case of a private chat room, since the person logging must have been invited into the chat room, again, I would suspect any logs are admissible. Regardless, the big problem with IRC chat logs is proving that the chat log is accurate (unaltered) and that you were the person actually typing what was being logged. The first (unaltered logs) will be "proven" by questioning the person that recorded the logs while that person is under oath. The second (that it was you) is much more difficult, and often impossible, to prove. (Remember to keep your mouth shut and let your lawyer do the talking for you. Don't make excuses, don't try to talk your way out. Keep your mouth shut!)
To prove that it was you that was typing, I would need one of several things: 1) somebody (or something, such as a camera) that witnessed you, in person, in the chat room. 2) your admission that it was you in the chat room.
With enough logs, I could show that it was your computer that was being used to connect to the chat room... but that still does not prove that it was you using the computer.
As an expert witness, I could definitely shoot holes into the prosecution's claim that what was logged was typed by you, assuming that nobody saw you and that you kept your mouth shut. Whether the judge would deny evidence, or the jury would find reasonable doubt, would probably depend upon other circumstantial evidence.
Again, I'm not a lawyer... the above is based upon my experiences as an expert witness.
|
snoot
look alive ∞




Registered: 01/30/05 
Posts: 9,640
Loc: 45º parallel
Last seen: 1 day, 10 hours
|
Re: irc logs as evidence in court? [Re: Seuss]
#14173842 - 03/24/11 01:33 AM (12 years, 10 months ago) |
|
|
yeah thats what I was thinking, kinda like email, or IMs, this day in age spoofing is so easy, and with botnets and spyware, its so easy to remote someone elses computer, it would nearly be impossible to prove the person in question was the one typing. Like you said the only real way would be for investigators to trick you into admitting it was you typing. So why would they allow something nearly impossible to prove allowed in as evidence in court? Or does such things like this happen alot?
--------------------
∞ I am incapable of conceiving infinity, and yet I do not accept finity. - Simone de Beauvoir -
|
Seuss
Error: divide byzero



Registered: 04/27/01
Posts: 23,480
Loc: Caribbean
Last seen: 2 months, 21 days
|
Re: irc logs as evidence in court? [Re: snoot]
#14174371 - 03/24/11 06:37 AM (12 years, 10 months ago) |
|
|
> So why would they allow something nearly impossible to prove allowed in as evidence in court?
In the cases I have been involved with, there are evidentiary hearings done before the trial, in front of the judge, where the attorneys argue over what evidence should be allowed. On something like IRC logs, the defense would call an expert witness to testify that the logs could have been altered and that there is no way to prove who was typing. The prosecution would call an expert witness to testify that the logs were not altered and that they almost certainly had to have been typed by the defendant. The judge will then decide, based upon precedence from other cases, and upon the testimony from the experts, if the logs should be allowed as evidence or not.
If I'm working for the prosecution, I am going to show that there was no spyware on the computer... that there was no open access point (wireless) on the network... that there was nobody else living at the residence where the computer was located (or more to the point, that there was no history of anybody else using the computer other than the defendant)... that logs from the ISP show it was your computer online at the time... that you have IRC software installed on your computer... that your computer was turned on at the time the logs were made... that your computer is protected by a login password... that you logged into various websites at the same time that the logs were created, and from your home computers... etc... Given the amount of circumstantial evidence, the judge will probably leave it to the jury to decide how much importance to place on the logs.
Expert witnesses are not cheap. Depending upon the type of case, I bill out anywhere from $150/hr to $250/hr and usually end up working 20 to 40 hours, at least. Most of the cases I have been involved with are murders and I am usually asked to pull data from security camera systems in the area.
|
|