Featured Post

Welcome to the Forensic Multimedia Analysis blog (formerly the Forensic Photoshop blog). With the latest developments in the analysis of m...

Tuesday, April 19, 2011

An interesting article

This article was posted recently by some scholars at Dartmouth College. Here's some of the highlights:

"We discuss the growing trend of electronic evidence, created automatically by autonomously running software, being used in both civil and criminal court cases. We discuss trustworthiness requirements that we believe should be applied to such software and platforms it runs on. We show that courts tend to regard computer-generated materials as inherently trustworthy evidence, ignoring many software and platform trustworthiness problems well known to computer security researchers. We outline the technical challenges in making evidence-generating software trustworthy and the role Trusted Computing can play in addressing them."

"It may be inferred that the court assumed that the software and algorithm were infallible and therefore fairly and accurately represented what was on [Lindor’s] computer. ... This attitude ignores the crucial fact that computer software and systems can be and have been programmed and configured to incorporate biases and malfeasant logic that skewed their functionality and reporting output to suit the interests of their programmer or vendor. In other words, putting a bias or an expression of an ulterior motive into the form of a computer program is not unthinkable; it is not even very hard (but, as we will show, much harder to detect than to commit)." "Thus, a natural question to ask is, “How trustworthy are computer-generated timestamps?” The answer is common wisdom among computer scientists: not very trustworthy, unless either a rigorous clock synchronization mechanism is in place or the system has the benefit of a high-precision external clock (which may synchronize with the true wall clock time by its own means such as GPS or the atomic clock time signal)."

"A constitutional, country-wide, specific rule has yet to be clearly established in the United States on the issue of the admissibility of, reliability of, and cross- examination of the validity of the underlying theory or algorithm contained in software used as evidence, the machine used to create a report, the source code used on the machine, or the humans operating, maintaining, and otherwise in contact with the machine and source code. However, it can be concluded that, by and large, defendants in the United States will have to demonstrate their need to obtain pre-trial records and testimony on these people, things, and topics and may bear the initial burden in challenging their admission into evidence at trial. A review of cases admitting evidence and expert testimony based on evidence reveals that distrust of the machines used to create evidence and the software running on these machines is a fairly rare commodity, despite technical challenges to accuracy of such machines and their source code."

Enjoy.

No comments: