I heard the other day that Ryan Giggs was having an affair. Let’s use him as an example; say he took out a super injunction to prevent people reporting that online. How would I know it even exists? There does not appear to be any way I can find out that there is a gagging order on the information. The major newspapers are informed, but I wonder if all the smaller local ones are. Bloggers certainly are not.

It seems like the only choice for bloggers is to not write about anything that could be covered by a secret injunction, but clearly that is unacceptable as it would mean the end of free speech and amateur reporting. Not just online, but in newsletters and books too.

On Newsnight they were discussing the nature of these super injunctions and apparently many of them are in place to prevent blackmail. Random celebrity is threatened with “exposure” by someone so they try to prevent that person going to the papers. Chances are at least some of these cases are genuine blackmail where the victim has done nothing wrong and simply wishes to protect their reputation, but since we can’t know that when it does eventually leak out it is impossible to present both sides of the story. I generally don’t go in for this kind of tittle-tattle but people like Sir Fred Goodwin and the various private companies using super injunctions should be reported on and it is clearly in the public interest, and therefore the situation is intolerable.

Real life isn’t like CSI where they get a perfect sample and the computer flashes up a perfect match. In fact, CSI does that for fingerprints too… Shocking for a show supposedly based on science.

I just hope it was some kids who will get bored soon. The thought that an adult would intentionally do something like that is too disturbing to contemplate for long.

I opened a PayPal dispute and they closed it because it had been longer than 45 days since I bought it. Some stuff takes nearly that long just to arrive from China! As usual PayPal are cocks.

I left the seller negative feedback because he refused to accept a return. I asked Santander about a charge-back but they refused too, the asshats.

An interesting article.

Summary: Using power fluctuations in the national grid police claim to be able to date a recording precisely. The fluctuations affect any mains connected equipment, and allegedly even battery powered devices.

The police seem to love this kind of highly dubious forensic evidence. Let’s look at their record.

Fingerprints – not unique and never a perfect match like on TV, in fact matching is very much an art. Unreliable.

DNA – started out as a 1 in 1,000,000,000 chance of a sample matching two people, now it turns out that even with a good sample it’s more like 1 in 1,000,000 (i.e. 60 other people in the UK match).

DNA amplification – taking a small sample of DNA and build it up. The Omagh bombing trial collapsed after it was revealed to be bunk.

Firearms residue – a single spec was enough to convict Barry George until it was revealed that it was worthless as evidence. An innocent man spends years in jail.

CCTV – video evidence is powerful and solves crimes, except that most of the time it doesn’t.

Lie detectors – need I even go into them?

http://spawnlinux.dyndns.org/Bliss-Box/technical.html

It violates my copyright on some of the images such as the schematic and connector diagrams. It also violates the GPL by using V-USB and not publishing the relevant code. Chances are it probably uses some of my GPL’ed code, and the author admitted that it is based off some of Ralph’s code too (also GPL).

I emailed the guy but he is refusing to give any attribution, publish anything or provide any links back to the relevant sites.

Since he used his own server in dyndns I tracked him back to somewhere in Florida, using Warner Cable via Road Runner. I have sent complains to both of them.

amimojo:

This should not really come as a surprise to anyone. Like all evidence that has to be interpreted, the interpretation can be flawed.

Shows like CSI have computers getting an exact match on fingerprints and DNA, but the real world is not like that. Fingerprint matching is entirely subjective and the print recovered from a crime scene is rarely a nice clean one like they show on TV. DNA often has to be manipulated before a match can be made (due to the sample found at the scene being too small or of poor quality) and even then it often matches more than one person.

Even when you do get a match, it’s not proof that someone was at a specific place because DNA and fingerprints can easily be transferred. Someone broke in to my car a few years ago and despite there being fingerprints the police decided not to prosecute because they were on the outside of the car and the accused could just claim he lent on it on his way home from the pub.

There have been a few cases where fingerprint and DNA evidence have been challenged in the UK courts and shown to be unreliable, with innocent people spending years in jail before being cleared. Yet, the police seem to have started asking for everyone in the area of a crime to “volunteer” their DNA. Presumably if you don’t “volunteer” you become a suspect.

The idea that handwriting is any more unique than those two and at all reliable is laughable.

abigsmurf:

There was a good article here (or possibly some other social news type site) about the inherent flaw in DNA databases and the weight given to DNA evidence.

The theory goes like this: the chances of getting a false positive on a part sample are something like 1/50million. You have 50 million people on the database. This means You’d expect a false positive on every search. If you’re unlucky enough to live close enough to a crime to have committed it, you could easily find yourself in court.

You’ll then have to defend yourself based on a 1 in 50 million probability to a jury who won’t understand the statistics. If you haven’t got a solid alibi, it would be a tough thing to do.

There’s probably a good Terry Pratchett quote about 1 in a million chances to be used here.

amimojo:

An excellent point well made.

There is also danger of a match being made on another member of your family, but you being the one somehow tied to the case (in the same city or something) and so you get arrested. Siblings have close enough DNA that such matches can apparently be made.

I question the “1 in 50 million” statistic too. It’s far too simplistic, as there are different ways of collecting and matching DNA. Also, so-called experts have been wrong about this sort of thing in the past. Remember that poor woman who spent years in jail because some idiot said that there was a “1 in a million” chance of having three children all die of cot-death?

A quick overview of what we are up against. In the UK the following is recorded:

• Every IP address assigned to an internet connection
• Every web site visited
• Every email address sent from and sent to and time of sending
• Every instant messenger screen name
• Time and destination of every instant message
• IP address at the time of every website/email/IM access
• Every phone number dialled from and to, time of call and duration
• Location to within a few feet of any mobile phones at time of call
• All mobile cell information related to a mobile phone (e.g. times and locations, so they know where your phone is whenever it’s turned on)
• Postal data, basically what is written on the outside of any letter/package
• Vehicle location, recorded by CCTV cameras with automatic numberplate recognition

Other information is probably kept too. The police also have the capability to record phone conversations (and probably email/IM as well), and turn any phone that is turned on into a listening device (bug). Presumably if they did this with your mobile phone you would notice the battery draining pretty fast though. (Source: http://en.wikipedia.org/wiki/Telecommunications_data_retention

Basically, it’s a modern high-tech surveillance society, and now the police are looking at trying to hack people’s PCs/wifi and trying to install viruses on target computers.

The first line of defence is your home network. It needs to have a secure firewall. Due to the possibility of there being flaws or backdoors in commercial routers, it’s probably best to use a well tested open source router such a m0n0wall or pfSense. If you have wifi, it needs to be secured with WPA2 and a very strong password (i.e. at least 60 characters, and a mix of upper/lowercase letters, numbers and punctuation.)

Physical security of your PC is important. Make sure you can see the back of it, so that if someone installed a hardware keylogger you would spot it.

You need to harden your OS from attack. Obviously using a strong password is a start, but really you need to use TrueCrypt to encrypt your entire HDD. Since you can be forced to reveal your password or face two years in prison, you should use TrueCrypt’s hidden OS feature and set up a dummy OS you can reveal the password for. Since there is no way to prove that there is a hidden OS, you are protected. Be sure to make the dummy OS look realistic – it needs to have files saved on it, applications installed, the web browser used. You should use it at least once a week to keep file access dates current. If possible, it should be used for non-sensitive use regularly.

There is are vulnerabilities in TrueCrypt if the attacker has physical access to your PC. Firewire and PCMCIA ports can be used to dump the computer’s memory and recover the encryption key, as well as read files off the HDD. It is therefore necessary to disable Firewire and PCMCIA ports. I have seen devices that exploit this vulnerability in use. You should also disable the Windows “autorun” feature on all drives to prevent similar attacks via CDs or USB flash memory. The workstation should remain locked when not in use, and require a password to unlock. The system should be powered down as often as possible.

In theory if an attacker has access to the machine while an encrypted OS is loaded, they could recover the key from the computer’s RAM, either by rebooting it into a special Linux OS or by removing the RAM and placing it in another PC. The best defence against this is to prevent the attacker gaining access to the key in RAM by performing an emergency shut-down (i.e. press the power button). TrueCrypt will clear the key on shut-down. Setting the BIOS to do a full memory test and setting a BIOS password do it cannot be disabled will erase the key during the POST cycle. None of this is foolproof.

An alternative method would be to use an OS that leaves no traces on the PC for sensitive things, such as a Linux Live CD. TrueCrypt could be used for data storage, with the above issues in mind.

Securing the OS against police viruses and keyloggers is vitally important. Up to date anti-virus software from a non-UK company (e.g. Avira) is essential. Never open email attachments. Use a secure browser such as Firefox, with Java/Javascript/Flash/etc disabled. Make sure your PC has it’s own firewall as your network may be penetrated, either via WiFi or another virus infected PC.

For accessing the internet, at a minimum you should use a VPN service terminating in a less draconian country. Relakks seems to be a possibility. Using Tor is also a good idea. Any internet related software needs to be carefully checked for security. Using open source software is a good idea. Remember to validate any checksums available on downloads.

At all times remember that all communications and movements of your mobile phone and car are being monitored. CCTV is everywhere, and virtually unavoidable. Plausible deniability is the key. Try to avoid anything that can create a paper trail for police fishing expeditions. If you think you details may have been compromised (e.g. bank details, identity theft) report it immediately – the police usually don’t bother to check but it will be of vital importance in court.

Even if you do all this, all it takes is to be in the wrong place at the wrong time to have your life destroyed:

‘I was falsely branded a paedophile’ (BBC News)
Police witness on perjury charge (Men’s Aid)
Student researching al-Qaida tactics held for six days (Guardian Online)
A hard look at file-sharing evidence (BBC News)
Judge rules out child porn charge (BBC News)
Four suicides in child porn case (BBC News – most of the accused were later cleared)

Natually the spokesman for Liberty they had on was worried, pointing out the huge civil liberties issues when a man (remember, all paedophiles are men) cannot go to a public park on his own. The members of the public who rang in only seemed to care about protecting their kids though, which while understandable does bring me to the point (finally) of this post: it seems like most people are too stupid to think for themselves.

There is a lot of hysteria thanks to newspapers using paedophiles are boogy men, hiding in every bush and outside every school, ready to snatch a child away. Of course, most victims are abused by someone they know, not grabbed off the street. Would a paedophile be so stupid as to go into a public park, surrounded by adults and masses of CCTV, and try to snatch or lure a child away? It just doesn’t happen that way, and it should really be obvious to anyone who has thought a little bit about it and bothered to find out the most basic facts.

The result is the kind of idiots who called the show today, more than happy to throw away basic freedoms for a little bit of extra cotton wool to wrap their kids in. One poor caller had apparently been sitting in his van outside a park, eating lunch when a man shouted “pervert” at him. It makes you wonder, if a paedophile really did do something to draw attention to themselves, would anyone try to stop them for fear of being branded one too simply by going near a child? If you saw a child on their own in the street, crying and looking for their parents, would you help them or would you be scared of some idiot thinking you were trying to abduct them?

I know I would think twice.

The real problem is that the majority of people don’t seem to see a problem with things like this. They just hear “paedo” and will accept anything, no matter how draconian. It’s not just crimes against children though, it’s just about everything. The BBC Have Your Say pages are full of Daily Mail reading dipshits who can’t seem to tell some journalists rantings from fiction – they appear totally disconnected from reality, unaware of the situation in the real world and unable to understand or consider opposing points of view because the arguments don’t fit into their skewed world view. Worse than that, it seems like a lot of them are not even capable of rational, logical thought – they simply cannot work an idea or argument through in their own minds.

Maybe I’m being pessimistic and there is some huge, silent majority who are not like that, but all the evidence suggests otherwise. The Sun and the Mail are the two most popular papers in the UK. Speaking to random people seems to back this up. Not very scientific but the people who have presumably done some scientific research on the general public – the political parties – seem to agree too judging by their policies.

I wish I could see a way out of this, but it’s difficult. I think a lot of the problem stems from us never having had a revolution, only a half-arsed civil war that was based on religion rather than ideals of freedom and equality. Maybe people are no less stupid in other countries… Well, okay, maybe not that much cleverer, shall we say, but because they have cultural ideals they can at least try to move things in the right direction.

The tech discovered two criminals on the database with remarkably similar DNA, close enough in fact to satisfy a court of a match in most cases. One was white, the other black. She went on to discover nearly 1000 more matching pairs.

Police in the UK are still using discredited Low Copy Number DNA evidence, despite it being the cause of the collapse of the Omagh bomb trial. In that case there were also two people that the DNA pointed too, one of whom was a schoolboy living in England.

Claims that the chances of a false DNA match are billions to one are now clearly discredited, yet the police carry on using DNA in this way and relying on it in court. Unsurprisingly, lawyers are now starting to demand extensive database searches and finding their own expert witnesses to counter this. Like fingerprint evidence, it appears that soon DNA evidence will be reduced in importance and police will have to rely on other, more traditional forms of proof when bringing a case.

It will be interesting to see the outcome of the Barry George re-trial too – yet again, forensic evidence (a single particle of gunpowder) has been overstated at trial.