Saturday, 26 November, 2005

On Monday and Tuesday this week I went to court to testify against the guy who had Child Porn on his computer. After two days of arguing over the admissibility of evidence the case was thrown out by the Judge. What a farce!

When we did the initial recovery from the person's PC we inserted a second hard-drive in to the machine that was taken from another office computer. This hard-drive was unformatted and contained data from the machine's previous use. It was argued by the defense's barrister that since we didn't follow the government's computer forensics guidelines the evidence was flawed. The Judge was satisfied that the defendant was responsible for getting this content on to the computer in the first place but felt the evidence was not pristine enough to proceed with the case.

So after 18 months of waiting it's all over, just like that. To say I am disappointed would be one of the grandest understatements a person could make. It makes me physically sick that a man in possession of 865 indecent images of children is free to walk the streets, free to take pictures of children indiscriminately, free to the use the Internet in any manor he might choose, free to see his young children. In short, the only person who won this week was the defendant. Everybody else, his family included, lost.

If it'd gotten to a trial by Jury and they'd found him innocent I would have accepted that. What annoys me is that it never even got that far. A Jury could have been told about the problems with the evidence and they could have weighed that in their minds when the deliberated over a verdict. Instead, the Judge made that decision for them and I think that's a disgrace. I understand that Judges are incredible legal minds and the Judge's decision was probably consistent with other cases of this nature but let's not forget who pays the sallary of these Judges: the tax payer.

Ultimately, These people are here to protect us from the people who do these disgusting things. I don't think anybody would disagree with me when I say it's very important we get people like this off the streets. Yes, the defendant has a right to a fair trial but surely we have a right to be protected too. My experience of this entire thing has highlighted two big problems:

  1. It is almost impossible to bring a computer case to trial where the evidence was discovered by a layperson.
  2. Blaming everything on a virus is surprisingly effective.

Let's start with issue 1. Do we really expect every person in the IT sector who undertakes any data recovery operation of any kind to do it to the standards that the Crown Prosecution Service demands during in a criminal investigation?

Bear in mind that when I started the recovery we were just looking for his database, we had no-knowledge of the material on the person's drive. The mere fact we introduced a second volume in to the machine to do this recovery had tainted the evidence from the get-go. In order to prosecute anybody we therefore have to be sure that everybody who does a recovery for any purpose follows these guide-lines.

I have no problem with such a strict criterion for data recovery provided that everybody knows the rules. I had no idea what the rules were and I bet that 99% of the IT professionals out there have no idea what the rules are. I call for legislation to mandate a specified recovery procedure for any purpose and a program of education to spread the word about these rules.

The second issue is less easy to fix. Right from the start this guy claimed a virus did it. The virus defense is such a smoke screen that we can only remove through education. Just because something is possible on a computer does not mean it is a reasonably likely thing to happen. This is obvious in the real world. It is possible that I am responsible for the death of Princess Diana but in order for me to be responsible I would have to steal a Fiat Punto at thirteen years of age and drive it down to Paris. I would then have had to stalk the Princess and nudge her car in the Parisian underpass. While this sequence of events is certainly possible it is by no means plausible.

The problem I have with the virus defense is that often involves absurdities like the Diana story above yet people willfully accept it because it happened on a computer. Perhaps the latest generation will see through the smoke more perceptively and the power of this defense will subsequently diminish with time.

I've written two previous posts on this issue that I have restricted access to while the case was in progress. Now that the case has closed I have released the lock on these posts and you can view them in the archives as normal.

Simon

12:25:55 GMT | #Life | Permalink
XML View Previous Posts