1. 13
  1. 16

    Unchallengeable proprietary code used in law enforcement is equivalent to having secret laws.

    1. 2

      This is an issue that plagues other industries serving the common good, for example healthcare, credit rating, banking, electronic voting, and so on and so forth.

      1. 1

        Less so however. Your bank isn’t going to take your rights away, nor is a credit agency. Government alone is authorized to remove your civil liberties, other groups can only choose not to help you.

    2. 8

      Hardware changes are also making it harder for forensics. Back in the good old days, you could clone a suspect’s hard disk by using an IDE cable with one wire (23: I/O write) removed. If you had any bugs in the imaging software, the original remained pristine and you could store it in a tamper-evident evidence bag with a strict custody chain. If someone had any objections to the output, a second entity could do a similar clone and an expert witness could make contradictory claims in court.

      Now, SATA looks far more like a network protocol than a ‘90s disk protocol: you talk to a microcontroller (or seven) on the disk and it will do something. In some cases, reads can trigger writes (for example, some SSD controllers will do remapping in response to read-heavy workloads so that a write-heavy phase that follows won’t hit GC pauses and bugs in the remap logic can destroy data). It’s basically impossible to guarantee that the act of reading a disk didn’t tamper with it and malicious firmware on the disk can even exploit vulnerabilities in the machine doing the forensic analysis. There really isn’t an equivalent of keeping the sample of air that the breathalyser used.

      1. 4

        I completely agree. The right to confrontation has been eroded by claims of privilege. I wish that in general confrontation precluded evidence that prosecutors wish to withhold, even executive and national security privilege.