Boston Police Consider Using Linux to be Ground for Suspicion

This is pretty awful. More war on the unexpected.

EDITED TO ADD (4/16): On further analysis, this seems more reasonable than I first thought.

Posted on April 16, 2009 at 6:48 AM • 95 Comments

Comments

Pete AustinApril 16, 2009 7:22 AM

From the report PDF, it seems that the probable cause was based on information from a witness, who was known to be reliable, and who said that Mr Calixte had the opportunity to commit the alleged crime (because of his employment) and that he has previously hacked an official computer system (to change school grades). Linux doesn't seem relevant.

"On 01/27/09 Officer Eng filed a report regarding two Boston College
students who were having domestic issues. The reporting party was
identified as XXXXXX and the other student was identified as
Riccardo F. Calixte. The roommate issues are being addressed by
Residential Life staff at this time XXXXXX also advised Officer Eng
that Mr. Calixte is involved in some computer hacking incidents.
XXXXXX advised officer Eng that Mr Calixte has changed grades for
other students by accessing the Boston College computer system. Mr
Calixte is also reported to be an employee of the Information Technology
department here at Boston College. It should be noted that XXXXXX
is not only a named witness to these allegations but also a reliable witness
in another investigation which he brought to our attention"

Super DaveApril 16, 2009 7:34 AM

So being a snitch in one case now makes a person a reliable witness? Are my fellow Americans ever going to wake up before it's too late or is it already too late?

Tom OlzakApril 16, 2009 7:36 AM

I agree with Pete Austin's comment. I've been out of law enforcement for some time, but this looks like a valid seizure of evidence. In other words, there is a reasonable belief that one or more crimes were committed, that the owner of this equipment committed them, and that the items seized were used in the commission of the crimes or contain evidence of them.

Tom WelshApril 16, 2009 7:39 AM

Nothing much has changed since the Salem Witch Trials. Mass education was supposed to improve the quality of average people's thinking and the facts and figures on which it is based - but it has not. What can you expect of apes in clothes, anyway?

pegrApril 16, 2009 7:41 AM

Um, he called someone a fag? Sure, its junior high school, but criminal? You would think the cops have something better to do...

PsudonymApril 16, 2009 7:43 AM

Regardless of the context, the statement" [he] uses two different operating systems to hide his illegal activities" Shows an abundance of ignorance on the part of the investigator. That statement says to me at least that this investigator views the use of Linux as an indication of illegal activities.

This reminds me of http://www.msnbc.msn.com/id/30211146/ article. Stating a particular technology makes a crime worse. In the case of guns, this is a valid argument, In the case of operating systems... Not so much

uk visa lawyerApril 16, 2009 7:44 AM

If the defendant had hacked campus computers with nefarious intent the university should not have employed him.
If Linux wasn't relevant it should not have been cited.
Boston police should mindful that they operate in America not a police state.

Never too earlyApril 16, 2009 7:45 AM

pegr: it's never too early to get them used to selective enforcement of the Whatever We Feel Like Act.

Jared LesslApril 16, 2009 7:58 AM

Great, so their star witness claims he had means and opportunity. What's lacking is motive and, oh yeah, evidence of any actual crime having taken place.

GoatRiderApril 16, 2009 8:04 AM

When command prompts are outlawed, only outlaws will use command prompts.

jeffApril 16, 2009 8:09 AM

@ uk_visa_lawyer

> If Linux wasn't relevant it should not have been cited.

I'm not sure why you say this? Have you seen many warrants? There is often a lot of information in them which doesn't go to probable cause, but provides the police additional information to either identify the materials to be seized or to provide related information.

It is certainly relevant to the officers investigating this allegation that the computers in question may have a second operating system on them which would not be immediately apparent to the casual non-techie observer. You could say that its not strictly relevant to the warrant and you would probably be right, but it is a long jump from there to a "police state".

What would you do if you saw a warrant that mentioned that the accused drove a red convertible? Accuse them of being anti-car?

Based on the little information that's available, I think it very likely that Bruce is misinterpreting the situation here.

Jeff

A nonny bunnyApril 16, 2009 8:12 AM

I would think that if two students are having "domestic issues", neither would make a reliable witness with regards to supposed crimes of the other for which there isn't even evidence they happened.

dan kApril 16, 2009 8:32 AM

I agree that this is pretty bad. But it doesn't help things when people overreact, and I've seen more overreaction than sensible reaction. For example, according to the warrant, someone (name redacted) reported that this guy uses dual boot to hide stuff. It doesn't say that they found out the guy was using dual boot and that they deemed that suspicious. It says that someone reported that he uses dual boot to hide stuff (top of p. 7 of the pdf that containts the warrant application). If I told someone I'd seen you hide illegal drugs in your closet, police would have some reason (perhaps not enough for a warrant) to search your closet. It wouldn't mean they don't understand closets.

Unquestionably people do use dual boot to hide stuff sometimes. And it would be pretty effective against casual snooping, or even extended snooping by anyone who isn't particularly tech-savvy. I don't know if this guy uses dual boot to hide stuff or not, but the warrant says that someone told them he does, and it's certainly not implausible if they otherwise think it's reliable information.

AnonymousApril 16, 2009 8:37 AM

"XXXXXX advised officer Eng that Mr Calixte has changed grades for other students by accessing the Boston College computer system."

First, this accusation lacks supporting facts.

Second, there is no averment that the alleged incident involve an unauthorized access to the Boston College computer system.

The officer doesn't he checked and made sure that Mr Calixte had never, ever graded papers. The officer doesn't say that Mr Calixte had never assisted a professor as part of his IT job. The officer did not check.

A nonny bunnyApril 16, 2009 8:42 AM

@dan k

It seems very doubtful to me that someone, especially a CS student, would use dual boot to hide things. If you want to hide things, you use whole disk encryption with a hidden volume.
Using two OSes doesn't hide anything, not even between the two OSes, not unless you combine it with encryption.

Trichinosis USAApril 16, 2009 8:48 AM

Wow, I guess all those Linux-based home security system appliances out there are going to give the Kops a field day. Then again what do you expect from a law enforcement community that sees a little neon-sign cartoon as a terrorist threat?

DavidApril 16, 2009 8:48 AM

"Never ascribe to malice that which can adequately be explained by incompetence" - sums up this police investigation.

tcliuApril 16, 2009 8:48 AM

Bruce, in this case there were many other things that factored into the "probable cause". Idiot Linux fanboys are up in arms, smart Linux fanboys read the whole application.

Another thing: When reporting what you witnessed - report what you see, not what you think you see. If you read the warrant application, it never mentions "Linux" - only a "black screen with white font". If the application had read "linux" and the guy had used OpenBSD, well, there's one false statement.

Dave AronsonApril 16, 2009 9:06 AM

Of course, in Boston, *breathing* is cause for suspicion, if the ossifer says it is. And now the PHPTBs will be trying to outlaw white on black command prompt screens, but ignoring those using, say, yellow on blue....

Liam SpencerApril 16, 2009 9:06 AM

Add me to the list of people considering this a legitimate seizure.

The Linux part of the warrant is extraneous and only mentioned as part of the roommate's statement under probable cause.

The evidence collected from the IT director is a little more damning, seeing as it shows that the suspect's laptop was likely used to create a fraudulent profile of the suspect's roommate on a gay-oriented website, and a screenshot thereof was presented as legitimate and sent to the BC mailing list.

Does this not fall under potential harassment/fraud/libel?

NostromoApril 16, 2009 9:09 AM

Reading the article, there's no evidence that any computer crime was committed, apart from the unsupported accusation by a student who was having some sort of dispute with the person he accused.

What I find even more disturbing than the fact that police seized all this equipment after an unsupported accusation, is that some people here seem to find the seizure reasonable. The Constitution says "probable cause", not unsupported accusation.

Can anyone who reads this blog get the police to seize Bruce Schneier's computer just by making a malicious accusation?

Liam SpencerApril 16, 2009 9:14 AM

Nostromo:

Did you read the article or the warrant? The article is INCREDIBLY disingenuous. The warrant itself definitely presents probably cause through evidence presented by the IT director.

JackApril 16, 2009 9:17 AM

Let's just backup here a moment - what is essentially going on here is incompetence, period. Worse, that of the officer's superiors, too.

I think this is the same animal as a politician who proposes giving the President a "kill switch" for the Internet, or any of a thousand instances of stupidity.

Anyone can be incompetent at anytime. The danger, of course, is when the incompetent person has authority over others. That's what typically enrages people.

ChrisApril 16, 2009 9:24 AM

Looks valid.

However, the statement about the "prompt commands" illustrates something I learned pretty early on: Computer expertise both amazes and frightens people. We've known for ages that people are afraid of the unknown, and in this case I think cultural influences have only exasperated the problem. I can't tell you how many times I opened the command prompt in Windows, typed in a few things, and had people ask "Oh, are you a hacker?" Simply put, the vast majority of individuals are not computer savvy, and the moment they see something out of the ordinary, they have a tendency to suspect the worst.

Liam SpencerApril 16, 2009 9:24 AM

The incompetence is where?

I agree with 99% of the things Bruce posts here, but please read pages 6 and 7 of the warrant and tell me that there is no reason to believe that the suspect may have deliberately fabricated an online profile and disseminated a screenshot specifically to harass his roommate.

AnonymousApril 16, 2009 9:25 AM

The incompetence is where? The pull-quotes come nearly exclusively from the suspect's roommate's statements.

I agree with 99% of the things Bruce posts here, but please read pages 6 and 7 of the warrant and tell me that there is no reason to believe that the suspect may have deliberately fabricated an online profile and disseminated a screenshot specifically to harass his roommate.

BobApril 16, 2009 9:41 AM

Looks fairly typical to me. All of the "damning" statements are statements made by the roommate. The descriptions are written to be read by people who have no familiarity with computers. The evidence that he created the mass-mailing for harassment certainly seems solid enough to execute a search.

AlanSApril 16, 2009 9:54 AM

@Liam Spencer

Well, the material from the previous investigation of the listserver mailing on pages 6 and 7 provided to the police by David Escalante does appear to be very credible but it is irrelevant to probable cause. Where is there any credible evidence that a crime was committed? There is none. There's just unsupported assertions made my the roommate.

Stephen PetersApril 16, 2009 9:56 AM

I'll grant that the warrant seems to show probable cause, but it's good to read the full memorandum from the EFF as well. There's a reasonable point made there that the only specific "crime" under investigation is that of sending an email to a mailing list, which is not a crime at all. As such, the search warrant should have been denied.

The hacking activity noted is based on the hearsay testimony of one witness, and there's no other evidence corroborating that any hacking attempts occurred. That strikes me as sort of like "I saw Lizzie Proctor speakin' with the devil."

Ward S. DenkerApril 16, 2009 9:58 AM

Clearly these police officers watch too much television.

Nearly every hacker on television or the movies who is doing something nefarious is doing it from the command prompt of a *nix system. In addition, there are usually a few shots of a hex editor or some source code screens which appear to be nonsense code.

Anyone who works with those tools is a terrorist because television told them so.

Fucking tools.

Liam SpencerApril 16, 2009 10:04 AM

@AlanS

There is evidence that the computer used both to create the falsified profile (on a particularly racy personals website) and disseminate the harassing email belonged to the suspect.

Fraud, harassment and violation of privacy. Most likely a violation of the terms of use of the network and terms of employment of the suspect. I think they have enough to take a look at this guy's computer.

MusashiApril 16, 2009 10:04 AM

First they complain about that viral advertising campaign with the robots; then they complain about that MIT student wearing a circuit board (pretty stupid that, but still), then their mifare travel card gets hacked, and now this... Boston has a lot to answer for...

RFDApril 16, 2009 10:09 AM

I'd like to offer a minor clarification of the headline for this item. The Boston Police were not involved in this particular silliness. The Boston College Campus Police, with some advice or assistance from the Massachusetts State Police, is the law enforcement agency pursuing this.

AnonymousApril 16, 2009 10:15 AM

I think this particular case is a little sketchy, but I think generally its pretty true that if you use Linux, people suspect you more of wrongdoing. How many times have you been in a public location and had people look at you like you were doing something bad just because it wasn't their familiar Windows screens?

Stephen PetersApril 16, 2009 10:17 AM

@Liam Spencer

Read it again -- there's no evidence that the suspect's computer created the fake profile; only that it accessed the personals website. There is no tangible evidence suggesting that the suspect's computer sent the email beyond a similar computer name.

Henning MakholmApril 16, 2009 10:21 AM

Many commenters seem to assume that "the police mentioned X in the warrant application" is evidence that "the police considers X to be incriminating". This inference is easy to make, but I don't think it is valid.

I don't know the precise rules that govern this in Massachusetts, but in any system that takes judicial oversight of police searches seriously, the policeman requesting a warrant must be required to tell the judge any information in his possession that counts AGAINST probable cause as well as the information that counts for. Once the police has interviewed the informer, they may have had no choice other than relaying to the judge all of the informant's statements that could conceivably have a bearing on whether or not probably cause exists -- no matter whether the police considers it incriminating or not.

It would be much worse to allow (or even require!) police to remove witness statements from the application when the police does not think the statements support probably course. That would amount to giving the police a free pass to hide exculpatory information from the judge, simply by deeming it irrelevant -- and THAT surely would be a step in the direction of a police state.

cdek421April 16, 2009 10:23 AM

I believe that creating a false profile on a social networking site can be considered a crime. I would think that the prosecution of Lori Drew for the Myspace/Megan Meier incident might give one the perspective that (right or wrong) laws can be considered to be broken, if not federal, than at least at the state level where they have passed "anti-cyberbullying" laws.

John CampbellApril 16, 2009 10:23 AM

I went to Lowe's last night looking for a replacement circuit breaker (Home Depot didn't carry the right kind, either) and noticed, while the person was hunting for it on the 'puter system, that the workstations are running Linux + KDE.

*WHOA*

So, I guess, this makes a bunch of companies... ummmm... rogue organizations?

Pat CahalanApril 16, 2009 10:23 AM

@ Liam

Standard disclaimer: I'm not a lawyer.

> Fraud, harassment and violation of privacy

That's not fraud, it's libel, and it's a civil matter, not a criminal one.

That's not harassment (unless I've missed a law update), since Massachusetts has no "online harassment" statute... again, it's just libel, and that's a civil matter, not a criminal one.

It's not "violation of privacy" unless the student is actually gay, and in either event... again, that's a civil matter, not a criminal one.

A search warrant is not appropriate in any of the above cases, although a subpoena is.

Brandioch ConnerApril 16, 2009 10:24 AM

@Liam Spencer
"There is evidence that the computer used both to create the falsified profile (on a particularly racy personals website) and disseminate the harassing email belonged to the suspect."

Who cares? That's pathetic.

"Fraud, harassment and violation of privacy. Most likely a violation of the terms of use of the network and terms of employment of the suspect. I think they have enough to take a look at this guy's computer."

OMG!!!111eleventyone

He may have violated his ToS!!!!

They'd better confiscate all of his kit.

The real problem is how people stretch "fraud" and "harassment" to cover childish pranks like that.

AnonymousApril 16, 2009 10:25 AM

Not looking to convict, only for probable cause. If the suspect DIDN'T commit said crime, he'll likely be exonerated after the computer search.

Having now read the EFF memo, I'll buy that the accused charge is weak, and the officer should have gone for a more general harassment charge. However, it's fuzzy enough such that the fact that IANAL and I don't know anything about MA law leaves me dry for further argument.

I'll close on this point:

This isn't simply a case of linux==terrorist. the case is a little more nuanced than that, and the demonized statements come more from the roommate than the police themselves.

AnonymousApril 16, 2009 10:26 AM

The Commonwealth of Massachusetts Administrative Office of the Trial Court
Judicial Institute

"Anatomomy of a Search Warrant"
http://massclerksassociation.com/...

"Does the affidavit contain facts and circumstances (based upon the affiant's knowledge and reasonably trustworthy information) sufficient to warrant a person of reasonable caution to believe an offense has been or is being committed?"

(p.26)

JosephApril 16, 2009 10:30 AM

Relax everybody, jeez. The dual-boot system was listed on the warrant because they had a statement from a witness describing the dual-boot system being involved in a crime.

If there is an anthrax poisoning by mail, and the police get a tip that someone specific committed the crime using a box of envelopes in their house, the warrant will include the box of envelopes so it can be easily taken into evidence.

That does NOT mean the police now think envelopes are an indicator of crime. It means they have connected envelopes to a specific crime and a specific suspect so they are taken into evidence.

This does also NOT mean that the person was convicted because he had envelopes. There is an initial collection of evidence (in order to prevent destruction of evidence) and then we look to the court system to decide what was used to commit the crime and what wasn't. The police force is just trying to preserve as much evidence as possible.

It's amazing to me that police procedures, that have been used for as long as memory serves, are suddenly so scary when they involve a piece of computer hardware. If we really want to prevent abuse of police powers in the technical arena, confusing non-issue cases like this is not going to help our cause.

Liam SpencerApril 16, 2009 10:33 AM

I concede on the civil matter point. The courts will work it out.

I'll note that I'm Canadian, and our privacy laws run far deeper.

Can others concede that the linux use likely had no bearing on whether this warrant was granted?

Liam SpencerApril 16, 2009 10:39 AM

On a next-to-unrelated note, it's actually illegal in my province for university staff to host student data in the US or to take student data across the border on a portable device. That's how scared we are of the patriot act :P.

John CampbellApril 16, 2009 10:44 AM

@Liam

"Can others concede that the linux use likely had no bearing on whether this warrant was granted?"

You have to realize that a lot of the problem is a desire for conformity. It's all part of the "war on the unexpected", and, if I was *really* paranoid enough to wear an aluminium foil hat, would see this as a FUD effort from Microsoft (which, likely, has all kinds of tracking metadata hidden in various files) to kill off competing OSes. (It is bad enough that the "Secure Empty Trash" on Mac OS X has aroused suspicions.)

So the use of Linux may correlate with super-villians in one direction but it is not commutative. Using Linux does not make you a super-villain... unless you have orbiting brain lasers, genetically enhanced cyber-goats and a beowulf cluster of atomic supermen. :-)

kangarooApril 16, 2009 10:45 AM

It seems all your posters are missing the point: "There are no assertions that a commercial (i.e. for pay) commercial service was defrauded, a necessary element of any "Obtaining computer services by Fraud or Misrepresentation" allegation. Similarly, the investigating officer doesn't explain how sending an e-mail to a campus mailing list might constitute "unauthorized access to a computer system."

That's the question in the case -- whether lying about who you are on a profile, or sending an untrue email (and lying about who you are) are actually crimes -- and crimes justifying a search.

They probably are against the conditions of use for the listserv and the website -- but generally, that's a civil issue, not a criminal issue.

I've never heard of someone being prosecuted just for spreading malicious rumors (and how malicious? He's not accusing him of any crime -- he's just saying that the guy is gay! I thought we were over that. Accusing a college student of being gay is about as malicious as accusing him of being a fan of Whatsamatta U, instead of the local team).

The only reason that this isn't just an administrative incident is because scary "computers" were used.

From the warrent, it's pretty clear that Calixte isn't even a decent cracker -- he doesn't spoof or proxy his connections. He's at most a script kiddy.

It's about at the level of telling folks that Mary like-likes John, when Mary really thinks John is a doofus. The "police state" issue is that even the most mundane incidents are now police issues -- that's what a police state is, folks. It's nothing fancier than that all relations are ultimately mediated by the police.

RSaundersApril 16, 2009 11:59 AM

We're all upset that the fact he used a command line window was included in a warrant. It's not at all like "drove a red car", which might be useful in finding the person sought. Before we decide to let the police put nonsense in warrants "because there's no harm in it", consider the the reaction if the warrant said "subject is a black person" (which passes the red car test) "and black people commit many crimes" (statistically true but with no bearing on the warrant).

Would anybody be surprised to see a bunch of civil rights lawyers on the police for such a statement? Would we expect the police folks that write warrants to know better than to put this sort of irrelevant stuff in a warrant? I think that's the test we should apply to the warrant, does it show the police don't know enough to be writing warrants. This warrant fails to pass the "not stupid" test.

Davi OttenheimerApril 16, 2009 12:09 PM

The problem clearly was with his use of "black screen with white font".

That's why I always run amber font, green in a pinch, but never white on black.

White on black is just asking for trouble.

AnonymousApril 16, 2009 12:26 PM

"They probably are against the conditions of use for the listserv and the website -- but generally, that's a civil issue, not a criminal issue."

@kangaroo

It's irrelevant whether the he alleged emails might or might not have violated a ToS--because the officer failed to the state the fact.

A diligent officer would have included in his affidavit something like, "I talked to the listserv admin and he provided me with the url for the listserv terms of service. Those terms state (yada yada)."

A diligent magistrate should have caught the officer's failure to allege facts to support an essential element of the offense.

The magistrate did not have a substantial basis to approve this warrant. The magistrate rubber-stamped it.

Leprechaun LiamApril 16, 2009 12:36 PM

Let's break this down a bit:
1. Lots of info in the warrant that appears to be extraneous.
2. Lots of unreviewed claims by biased person included
3. Linux listed as potentially circumstantial evidence
4. no evidence of criminal activity presented

WRT 4 -- the EFF covers that pretty well point by point. The actual criminal issue isn't covered properly by never specifying what commercial service was defrauded of its services. Prima facie reason to throw it out.

That's it. Game over. However, to address some of the other issues.

WRT 3 -- Not considered a crime, but if the non-criminal activity investigated occurred where they thought it did and the records are correct, the accused did have one of the two most likely systems to be involved. Unfortunately for the cops, this is kind of like, "A witness says a white four-door was involved and the accused owns one of two white four-doors seen in the area recently." No idea who owns the other or whether the other one belongs to a resident or was "just visiting".

WRT 1 & 2 -- As the EFF brief explains, a warrant is judged on its own merits and must stand alone. No additional info is allowed, before or after. (The "four corners" comment. If it ain't in there, it doesn't exist.) Because of this, cops include everything they know or suspect in the warrant application. If the judge decides to ignore it or complain about it, that's his issue. If there is any beef about the warrant (like now) nothing in the officer's notes, memory, conversation with the judge or DA's office, counts towards why the warrant was good or bad. Only what's on the paper. Therefore, everything goes in there.

I believe that the issue here is really not with the officer so much (he's not a lawyer) but with the DA or judge involved. They are supposed to know that the issue of name-calling, harassment, cyberbullying, etc. doesn't get investigated this way. They should have caught that there was no commercial service defrauded in the paperwork.

On the other hand, the way all this was done is of the proverbial, "throw it all at the wall and see what sticks." Again, the judge is supposed to review these before signing.

I hope he has a new roommate by this time.

BF SkinnerApril 16, 2009 1:55 PM

A CI is a valid source of information for searches. The LEO doesn't have to like them or trust them (many snitches are bottom feeders). For them to be considered "reliable" the CI only has to have given reliable information before.

The lack of crime is more relevant.

@Anon "If the suspect DIDN'T commit said crime, he'll likely be exonerated after the computer search."

Uh no. For this accusation maybe. But once they have the media ANY thing on it that can be construed as evidence in a court is admissable IF the seizure is valid.

Wanna bet he rips? That's a federal beef.

factory123April 16, 2009 2:38 PM

Leprechaun Liam, on your point 3 - In this case, they also have the license number of the car involved. IT logs showed that the computer that sent the email was registered under the name "bootleg-laptop". The logs also showed that this student had used this name in the past. The logs also showed a flurry of activity on the gay personals site prior to the email, and that traffic came from a computer literally registered in the student's name.

I agree that whether what he did constitues a crime is an issue, but the reference to Linux in the affidavit is on the level. It's just used to identify the student and confirm the reliability of the witness. That's on the level.

PhillipApril 16, 2009 3:17 PM

@Liam Spencer
Liable is a tort, not a crime. I can say your significant other is a prostitute. If I'm wrong, you can bring suite against me, but you can't have the police put me in jail (under current criminal law) -- unless I said so at trial and I knew it to be false when I said it (perjury).

PhillipApril 16, 2009 3:22 PM

@Liam

"deliberately fabricated an online profile and disseminated a screenshot specifically to harass his roommate"

Show me what crime is being committed?

Most harassment statues define such crime as a pattern of behavior that continues despite requests that it stop. Was a restraining order issued that was violated? I don't see a crime here.

A tort -- most certainly -- but not a crime.

PhillipApril 16, 2009 3:26 PM

@Liam

"Fraud, harassment and violation of privacy. Most likely a violation of the terms of use of the network and terms of employment of the suspect. I think they have enough to take a look at this guy's computer."

This doesn't meet the definition of Fraud, maybe you should spend some time on Wikipedia and tell me what part of that Fruad definition this case meets.

As far as terms of service, terms of employments, blah blah blah, yes, I agree with you -- but these are all CIVIL matters.

PhillipApril 16, 2009 3:39 PM

@BF Skinner

"Wanna bet he rips? That's a federal beef."

I rip, so do many ther people who have iTunes. In fact, Steve Jobs and company included a feature that makes it easy to rip. I insert a Music CD, if iTunes is open it asks me if I want to rip it.

...We better start investigating those evil iTunes users.

Chris HallgrenApril 16, 2009 4:16 PM

I think Leprechaun makes a good point about the responsibility of the person approving the search warrant. It is the job of the police to aggressively investigate potential crimes. The judiciary is there to insure things are done properly.

We don't know all the facts in this case and there are always 2 sides to every story, but I find the issuance of this warrant troubling. First, because I don't see anything that shows probable cause of an actual crime. Second, because there is a LOT of technical information included in the warrant that has nothing at all to do with the allegations of criminal behavior. How much of that information did the assistant clerk who authorized the warrant understand, and is it possible that, by not understanding the technology, she may have given greater weight to the allegations than was justified?

Clive RobinsonApril 16, 2009 5:45 PM

Err there apears to be an issue that everybody is missing (conflict of interest).

The informant knows one heck of a lot about the person under investigation, and there is no explanation as to how they know or if they are competent to make the statments...

Further it is extreamly likley that the informant is well known to the "room mate" and may be a friend etc to them.

Therefore it is quite likley that the room mate or informant have IT skills capable of doing the alleged activities.

From a brief reading of the info there is actually no evidence that the person under investigation did anything.

There is some hearsay evidence that a machine that may or may not have been under their control at the time was possibly used to do various things (again it is unclear as to exactly what).

Further it is known that the person under investigation had many laptops in their posession at one time or another.

Which also means that they where quite likley to have one or more just sitting around their room or work area that others could easily have had access to, without the knowledge of the person under investigation.

The information against the person under investigation has come from two parties neither of who are independent of the accusation.

From the little I can see from the IT Director I would be extreamly worried about if the supposed evidence against the person under investigation was either biased or tainted, or if other information had been left out (like if the person was connected to the campas network at two geographicaly seperated points).

Ask yourself a question,

It the person who was called a "fag" was to sue BC how much would they get out of it, especially if it could be shown that BC had failed in it's duty of care?

Then turn it around and ask how much BC has to save by providing what is at best incompleate and misleading information against the person under investigation.

Also note it's the "campas police" that started this investigation. Now I don't know what relationship the campas police have to the educational institutions in Mass. But in some places in the US campas police are realy only untrained security guards and police "in name only" (although in other places they are real Police with extra specialised training).

If it is the case that the campas police have little or no training, have at best ambiguous powers on the institution property and are paid for by the institution, then you would need to take a carefull look at their motivation.

There is way to much that smells wrong about this over and above anything the "campas police" and Boston Police might have done badly/incompatently/incorectly/illegaly.

I have a feeling that there are a number of people with sufficient cause to "scapegoat" the person under investigation simply because he is "convienient", and they have much to gain by it...

As was once noted "follow the money".

MichaelrhApril 16, 2009 6:36 PM

So does the fact that I use Fusion to run Vista on my iMac make me a suspect?

Liam SpencerApril 16, 2009 7:11 PM

To all those still "educating" me about tort:

I conceded that this was a civil matter WAAAAAYYY up there^^. You win, you don't need to keep beating me with the stick.

Oh, and the informant IS the roommate. That's fairly clear in the warrant.

ThankgodforCliveApril 16, 2009 11:13 PM

Oh thank God. The thread just isn't complete without a lengthy post from Clive. We can all rest well now.

Richard SchwartzApril 16, 2009 11:44 PM

The grounds laid out in support of the warrant are sufficient for seizure of the property if violating the acceptable use policies of Boston College (which the student has presumably been obligated to agree to) is in and of itself an element of the crimes "Obtaining computer services by Fraud or Misrepresentation" and/or "Unauthorized access to a computer system."

I'm not a lawyer, and I don't like the implications of criminalizing violations of an AUP, but I can certainly see that Massachusetts' AG could make a pretty strong argument in favor of that position.

I hope that the courts disagree in the end.

TarkeelApril 17, 2009 5:32 AM

Re: "Never ascribe to malice that which can adequately be explained by incompetence" - sums up this police investigation.

I counter you with; "Sufficiently advanced incompetence is indistinguishable from malice"

AnonymousApril 17, 2009 5:53 AM

@Richard Schwartz

As the EFF points out, "Obtaining computer services by fraud or misrepresentation" is defined as a crime against a "commercial computer service". A "commercial computer service" is further defined as one provided ***for monetary consideration.***

http://www.mass.gov/legis/laws/mgl/266-33a.htm

First, the affiant does not swear to any facts that would cause a magistrate to believe the computer service are provided "for monetary consideration".

The magistrate is allowed to use ordinary common sense, but the magistrate is not allowed to read things into the affidavit that just aren't there. If the affidavit doesn't say "monetary consideration" then the magistrate can't find the money.

Second, applying some common sense and general knowledge here, we're talking free services.

AnonymousApril 17, 2009 6:20 AM

@Richard Schwartz

Whatever else "Unauthorized access to computer system" might entail, it's plain that lack of authorization is a core element.

http://www.mass.gov/legis/laws/mgl/266-120f.htm

The magistrate's job is not to rubber-stamp the warrant application.

Instead, the magistrate must make an independent finding of probable cause, based on the facts sworn in the affidavit.

A bare averment that someone violated a statute is not a "fact".

Nowhere does this affidavit state facts which would cause a person of ordinary prudence to believe that the access was unauthorized.

We're not talking hyper-technicalities here. There's no particular fashion that facts have to be stated in. But the facts must be stated. And sworn to.

The magistrate can even make reasonable inferences from the facts. But the magistrate can't just pretend that facts are there when they're not.

The affidavit doesn't even say that there's an AUP. Even if it's likely that there's an AUP, the affidavit provides no basis whatsoever to conclude that it was violated.

If the officer doesn't swear that he has a factual reason to believe the access was unauthorized, then it's just unreasonable for the magistrate to guess that it could have been. Possibly. Or possibly not.

This was an unreasonable warrant.

BF SkinnerApril 17, 2009 6:48 AM

@Phillip "I rip, ... iTunes"

This is a canard. You rip under license of Itunes. Not all media owners are so...ummm, understanding. Getting the music industry to aggree to Itunes was an example of why Jobs is called a genius.

But have you ever ripped a DVD? DL'd an ISO of copywrited material? Do you have a utility to decrypting CSS? As I understand it - all can be construed as crime. And as long as the original search and seizure were valid can be used for additional charges. (actually I think that's changed (again this is for the US) I think the court ruled in favor of "good faith" of their LEO's and even if the seizure was tainted still might be open for prosecution.)

Do you feel comfortable with the idea of a feebee looking around your disks?

BF SkinnerApril 17, 2009 6:54 AM

@Richard Schwartz "I don't like the implications of criminalizing violations of an AUP"

Ditto. AUP is a contract of sorts. If the AUP becomes criminally (as opposed to a tort) prosecutable under sec 1030 of most state's law. Then I can write all kinds of things in my AUP. "You must wear a red shirt while using this service...or...Any violation of these terms and aggreements means that user must become my willing slave"

Citizens making de facto law? That's like anarchy ain't it?

DouglasApril 17, 2009 7:32 AM

Jeff,
> If Linux wasn't relevant it should not have been cited.

>I'm not sure why you say this? Have you seen many warrants? There is often a lot of information in them which doesn't go to probable cause, but provides the police additional information to either identify the materials to be seized or to provide related information.

>It is certainly relevant to the officers investigating this allegation that the computers in question may have a second operating system on them which would not be immediately apparent to the casual non-techie observer. You could say that its not strictly relevant to the warrant and you would probably be right, but it is a long jump from there to a "police state".

The officer on scene does not need to know the OS because they should not be touching the computer unless he is trained in comupter forensics. The hard drive image will reveal any OSes installed.

>What would you do if you saw a warrant that mentioned that the accused drove a red convertible? Accuse them of being anti-car?

I would argue that the equivalent of "red convertible" would be "15-inch Mac Book Pro (Silver)" -- a description only.

I agree with the argument that the seizure may have been warranted, but the manner in which it was handled was shoddy -- CIs are notoriously unreliable.

billswiftApril 17, 2009 8:07 AM

"Sufficiently advanced incompetence is indistinguishable from malice"

There was an essay in Whole Earth Review Spring 1987 "The Basic Laws of Human Stupidity" (I don't know if it's available on the Web) that fairly strongly suggested stupidity is worse than malice.

factory123April 17, 2009 8:23 AM

Douglas - the server logs indicated that linux machines had sent the email and accessed one of the sites, and that only 2 students used Linux in the dorm. This kid's Linux use helps identify him.

Read the warrant, the Linux mention is innocuous.

DavidApril 17, 2009 3:24 PM

@billswift

Ever read Stephen King's "Firestarter"? It has one of the scariest things he ever wrote about: a Federal investigative agency that is brutal, completely free of accountability or legal limits, and really stupid.

Fred BlotzApril 19, 2009 12:31 PM

Hmmm, as a Linux user (knoppix and ubuntu) I guess that makes me suspect. I've used Linux on several occasions to repair a non-functional Windows system. Does that make me suspect?

As to records, you can boot Linux from a CD/DVD and it leaves no records of your session. Grabbing a Linux distribution disk makes no sense for that reason.

The fear of the unknown makes some people behave irrationally.

Alberto GonzalesApril 19, 2009 1:17 PM

Much ado about nothing if you ask me. Yes, I am a notorious rogue Linux user.

What I want to know is where Bruce and the rest of you lot stand on this

http://www.thewhir.com/web-hosting-news/...

in which presumably innocent companies who happened to co-locate in a data center with companies suspected of fraud had their equipment seized by the FBI. There seems to be little if any additional news (searching via Google, anyway) since 04/08.

The latter seems far more scary from any point of view you care to take than the "Boston Police Consider Using Linux to be Ground for Suspicion" non-story.

Harry JohnstonApril 20, 2009 4:15 AM

Putting aside the question of evidence for the moment, I'm puzzled by various comments to the effect that no actual crime is alleged. Creating a profile in somebody else's name is certainly fraudulent in the general sense of the word, and it would seem surprising if it were legal.

Consider a non-computer-related analogy: suppose someone placed a personal ad in a newspaper, giving someone else's (a woman's) name and number and asking men to call for no-strings sex? Would that really be legal in Boston?

BF SkinnerApril 20, 2009 6:32 AM

@Harry "Creating a profile in somebody else's name is certainly fraudulent"

We'd need a lawyer but in general I'm told that to be fraud you have to intend to get money. That's why calling yourself other than your name isn't fraudulent.

Harrassement, using deception, is a different crime (in some jurisdictions) and not fraud.

AnonymousApril 20, 2009 9:37 AM

@Harry Johnston

Vague allegations of wrongdoing are insufficient to support probable cause. In order for a valid warrant to issue, the application must allege specific and definite crimes.

Indeed, this application does list two potential crimes:

M.G.L. 266: 33A. Obtaining computer services by fraud or misrepresentation
http://www.mass.gov/legis/laws/mgl/266-33a.htm

M.G.L. 266: 120F. Unauthorized access to computer system
http://www.mass.gov/legis/laws/mgl/266-120f.htm

It's necessary for the application to allege specific crimes in order for a neutral magistrate to make an independent finding on the question:

"Does the affidavit contain facts and circumstances (based upon the affiant's knowledge and reasonably trustworthy information) sufficient to warrant a person of reasonable caution to believe an offense has been or is being committed?"

A neutral magistrate can't independently find a reasonable answer to that question without a defined crime specifically alleged in the warrant application.

It's not the magistrate's job to hunt through the facts to puzzle together some other possible violation that the prosecutor is unwilling to charge.

Clive RobinsonApril 20, 2009 11:31 AM

@ Harry,

"Creating a profile in somebody else's name is certainly fraudulent"

Hmm not sure you mean quite what you said there.

First off names are not unique as I'm well aware (there are several people in the UK that work in the same or related fields as myself and we have the same not so comon name).

Under UK law you have been in the past been "who you say you are" unless you have intent to gain advantage in some way recognised under law (of which their are several).

In fact a number of people have been put in jail in the UK under "assumed names".

The Police where reasonably certain the person was not "of that name" but had no evidence of what their real name might have been. So "a Rose by any other name...".

Also legaly changing your name in the UK was(/is) relativly easy in the UK requiring a fee as little as 21USD to get the paperwork to change bank accounts passports and all manner of identification documentation.

Fraud is a funny thing, and often is used as a "catch all" in the UK. A classic example of this was Robert Schiffren and Steve Gold. They where prosecuted and convicted of fraud for accessing HRH Duke of Ed's mailbox on BT's Prestel system many years ago.

It was appealed to the House of Lords, who threw the case out, and sent a message back to the Police and the House of Commons to get their respective acts together.

The result was eventually "computer misuse" legislation (which steadily gets augmented in quite unseamly and draconian ways).

Often the crux for fraud is "using deception to gain XXXX advantage".

Where XXXX differs from juresdiction to juresdiction, but is often "pecuniary" (which is an odd word the roots of which appear to be shared with "picayune" which is a coin of little worth).

Basicaly in the legal sense deception is not fraud but fraud is deception with the intent of gaining some (material) advantage.

Pretending to be some other person for another reason is not "fraud" but it may well be "fraudulent" depending on which dictionary you look in 8)

Harry JohnstonApril 20, 2009 7:04 PM

@BF Skinner: according to my dictionary, the word fraud describes a fake profile perfectly; the legal definition may well be more restrictive. So, the question becomes: is there a more appropriate statute the officer should have referenced, and if not, why not? :-)

Harry JohnstonApril 20, 2009 7:10 PM

@Anonymous: not really what I was talking about - I was curious about the claims that there had been no crime, not about the legal details of the application.

However, it does seem that a reasonable argument could be made for 120F. The suspect is alleged to have used an account that, it could be argued, properly belonged to the person whose name it was in. (The fact that the suspect created that account does not necessarily give him ownership of it!)

I don't know whether this argument would work in real life, but I bet it would work on TV. ;-)

Harry JohnstonApril 20, 2009 7:18 PM

@Clive: I'm aware that using a non de plume is not in and of itself illegal, but I would suppose that if your intent was to confuse people into thinking you were a specific other individual that would be a different matter.

For example, if I were to say my name was Terry Pratchett, that would be OK; but if I were to then offer to come and give a speech at a Terry Pratchett fan club, that would be impersonation and (at least in the dictionary sense of the word) fraud.

AnonymousApril 20, 2009 8:43 PM

"The suspect is alleged to have used an account that, it could be argued, properly belonged to the person whose name it was in. (The fact that the suspect created that account does not necessarily give him ownership of it!)"

@Harry Johnston

So you're arguing that Mr Calixte was acting as the unidentified student's agent or ostensible agent?

I think the unidentified student would have to ratify Mr Calixte's acts on his behalf. That is, you've successfully argued that the access was *authorized* by the unidentified student.

But it's unneccessary to reach that point, as there's still no statement that the access was unauthorized.

Harry JohnstonApril 20, 2009 11:12 PM

@Anonymous wrote: "So you're arguing that Mr Calixte was acting as the unidentified student's agent or ostensible agent?"

I don't think so, although as IANAL I'm not certain I know the precise intended meaning of the word "agent" in this context.

However, I would argue that the profile and the associated account belong to the person whose name they are in, rather than to the person who caused them to be created.

For example, if Sally were to help John to create a gmail account, the account would still belong to John. If Sally were to log into the account a month later without John's permission, this would be unauthorized access even if Sally had done all the work to set up the account.

If you accept this premise, then I don't see that it makes any difference whether John knew about the account in the first place or not. I wouldn't care to argue about whether setting up the account without permission was or was not criminal, but under this theory accessing it would be.

It's a bit of a stretch, of course, but there's a fine old legal tradition of this sort of thing when necessary to punish someone who came up with a crime the legislators hadn't thought of yet. (The classic example of this, although unjust by modern standards, was charging masochists with aiding and abetting an assault upon themselves. Sometimes you really have to admire the ingenuity of the legal profession.)

AnonymousApril 21, 2009 4:40 AM

@Harry Johnston

An 'agent' is someone who is authorized to perform some act on behalf of another. You probably didn't mean that, so let's move to the concept of an 'ostensible agent'.

Suppose that Alice falsely pretends to be Bob's agent and enters into a contract with Carol.

Does it occur to you already that the law might be vaguely familiar with this story?

Bob has a choice: he can either disclaim the contract, or he can keep the benefit of the contract, by ratifying Alice's acts. But he can't do both.

In your Sally, John, and gmail scenario, the computer system which is being accessed belongs to Google. Don't forget that. Sombody must be bound by Google's ToS, and the court isn't going to let that slip through the cracks of the law in a more sophisticated fraud.

AnonymousApril 21, 2009 6:07 AM

"It's a bit of a stretch, of course, but there's a fine old legal tradition of this sort of thing when necessary to punish someone..."

@Harry Johnston

This deserves special comment: Because it's a pernicious tradition. And ought to be stopped cold wherever found.

In another context, I was just reminded of--

Bouie v. City of Columbia, 378 U.S. 347 (1964)
http://supreme.justia.com/us/378/347/case.html

That decision quotes precedents from a more just tradition:

"No one may be required at peril of life, liberty or property to speculate as to the meaning of penal statutes. All are entitled to be informed as to what the State commands or forbids."

(Quoted from Lanzetta v. New Jersey).

Bouie was a criminal trespass case. In some ways, the statutes which criminally forbid unauthorized computer access can be analogized to criminal trespass.

It's the legislature's job to broaden the criminal laws. Not the magistrate's job.

Harry JohnstonApril 21, 2009 3:44 PM

@Anonymous:

The question isn't whether Bob is entitled to the benefit of the contract but whether Alice is. If said contract is the basis for being authorized to access a computer system, is Alice authorized or not? Seems to me the contract is invalid, so the access is unauthorized.

As for your comments about that old "pernicious tradition" all I can say is: bah, humbug.

AnonymousApril 21, 2009 6:32 PM

"... is Alice authorized or not?"

@Harry Johnston

In the context of criminal law, the authorization depends on whether it's 'fraud in the factum' or 'fraud in the inducement.'

Google on those terms.

Meanwhile, here is--

Commonwealth's Memorandum in Opposition to Motion to Quash
http://www.eff.org/files/filenode/inresearchBC/...

And also, the EFF informs us--

"On April 21, a Newton District Court judge without comment denied EFF's motion to quash. Next up will be an appeal of the District Court ruling to the Superior Court."

TTYL

lachelpApril 23, 2009 12:52 PM

I admittedly did not read the data on this subject, but the picture I got of the Boston Police going after the NSA (NSALinux anyone?) was hilarious...

AnonymousJune 3, 2009 5:13 PM

The email was traced back to Mr Calixte's computer. The fact that he was seen using command prompt is just a trivial sidenote.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..