Schneier on Security
A blog covering security and security technology.
« Research on Movie-Plot Threats |
| Arming the Boston Police with Assault Rifles »
June 2, 2009
Update on Computer Science Student's Computer Seizure
In April, I blogged about the Boston police seizing a student's computer for, among other things, running Linux. (Anyone who runs Linux instead of Windows is obviously a scary bad hacker.)
Last week, the Massachusetts Supreme Court threw out the search warrant:
Massachusetts Supreme Judicial Court Associate Justice Margot Botsford on Thursday said that Boston College and Massachusetts State Police had insufficient evidence to search the dorm room of BC senior Riccardo Calixte. During the search, police confiscated a variety of electronic devices, including three laptop computers, two iPod music players, and two cellphones.
Police obtained a warrant to search Calixte's dorm after a roommate accused him of breaking into the school's computer network to change other students' grades, and of spreading a rumor via e-mail that the roommate is gay.
Botsford said the search warrant affidavit presented considerable evidence that the e-mail came from Calixte's laptop computer. But even if it did, she said, spreading such rumors is probably not illegal. Botsford also said that while breaking into BC's computer network would be criminal activity, the affidavit supporting the warrant presented little evidence that such a break-in had taken place.
Posted on June 2, 2009 at 12:01 PM
• 41 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
@: "Anyone who runs Linux instead of Windows is obviously a scary bad hacker."
Or just smarter than the average bear.
"Or just smarter than the average bear."
And therefore a threat.
Ach, those Masschusetts activist judges again.
Uh, it's Linux. How about we say "Smarter than the average Penguin..."
> In April, I blogged about the Boston police seizing a student's computer for, among other things, running Linux.
There was no indication that running Linux was presented as an argument for issuing the warrant. It was simply related as something the witness had said, in the course of a longer interview that the police relied on. The alternative to telling the judge this would be for the police to decide, unilaterally, that this-or-that remark by a witness is not relevant to a warrant application. That would lead down a slippery slope (where police might decide to omit exonerating evidence from their warrant applications as "irrelevant") which sounds much more dangerous than letting a judge hear about potentially irrelevant facts. Better have the judge judge the relevance than depend on the police doing it.
Surprising sense from the bench; especially in forgot-what-Liberty-means Boston.
So are they going to give him his stuff back? How about repair the damage to his reputation? Fix the bad grades he got for having his homework sitting in a jail cell (so to speak) instead of being turned in? Wipe all their copies of all his data? Put the data back on his machine(s) they deleted? Take off the keylogger they installed?
@bob: "Surprising sense from the bench; especially in forgot-what-Liberty-means Boston."
I've found that most people who do harm tend to be people who make good choices in most situations. It what gets them to a level of trust and power. Then, when faced with something that appears grey to them, or worse something that conflicts with their agenda or personal beliefs, they misuse their power and do something destructive. And their intentions may well be good.
One more good reason to have an offsite backup of your data.
@Henning Makholm: "There was no indication that running Linux was presented as an argument for issuing the warrant."
Here's the indication, read the warrant application: "...uses two different operating systems to hide his illegal activities. One is the regular B. C. operating system and the other is a black screen with white font which he uses prompt commands on."
No, that is not an indication that running Linux was presented *as an argument for issuing the warrant*. It is merely presented as something the witness told the detective, and there is no suggestion at all that this is supposed to indicate criminal intent.
As I said, I would be much more worried if the police could write warrant applications where the arbitrarily remove part of a witness statement based on the police's own determination that the judge does not need to see it.
Clarification: Obviously the *roommate* thought that using Linux was suspicious and thought that the purpose of it was to "hiding illegal activities". But I see no sign in the documents that the *police* shared this view. They were simply describing (presumably loyally and without editorializing) what assertions he made, and it would be seriously bad if they were to redact them based on their own understanding of what is incriminating or what is not. If the judge were to hear only selected highlights from the roommate's statement, how on earth would he supposed to determine whether they gave rise to probable cause or not?
@Hanning Makholm Are you suggesting that warrant application contained the verbatim dialogue?
The warrant didn't share the 'zomg linux' view, but just looking at the warrant it was pretty damn obvious they jumped the gun based on evidence from a source who had some serious conflicted interests on the matter.
Not to mention if the kid was cheating the system, many college grading systems have quite the checks and balances to figure it out without having to seize his equipment.
The only concrete evidence they had was that he sent a letter to a mailing list that was a form of harassment against the roomate. But that wouldn't be a criminal offense so it still doesn't hold water.
This situation was a fail and hopefully the men behind the badges will think twice before pulling a stunt like that again without proper evidence first.
Publius Cato: No, I am not suggesting that. I am suggesting that the warrant application did attempt to summarize all information that the informant provided about Calixte.
Consider the following two warrant applications:
1: "Mrs Smith of such-and-such address entered the police station and told me that on such-and-such day she had observed her neighbor Mr Jones fire what appeared to be an automatic handgun at targets in his back yard, visible from Mrs Smith's bedroom window. I therefore seek a warrant to search Mr Jones' residence for the gun."
2: "Mrs Smith of such-and-such address entered the police station and told me that on such-and-such day she had observed her neighbor Mr Jones fire what appeared to be an automatic handgun at targets in his back yard, visible from Mrs Smith's bedroom window. She also told me that Mr Jones is employed by the Sri Lankan government as an industrial spy, that he has an apparatus by which he beams obscene imagery into Mrs. Smith's television set, and that he once kidnapped Mrs. Smith in her sleep and surgically implanted an electronic neurotransmitter into her abdomen. I therefore seek a warrant to search Mr Jones' residence for the gun."
Assuming that version 2 accurately describes Smith's statement, would you really prefer that the police removed the parts of her statement that were not supportive of a search warrant, and instead filed version 1 with the magistrate?
C: I agree with all that.
I believe you're mistaken, having read the full warrant application now. The sentence in question, "using two operating systems to hide his illegal activities" is the detective's assertion, based on information from the roommate. He clearly isn't quoting the roommate, but either the roommate made the assertion and the detective agreed with it, or the detective made it up based on what the witness said to Eng, but either way, it's clearly something that the detective is responsible for stating.
That said, I don't think it's evidence of a "Linux users must be criminals" attitude, I think it shows the detective is covering his bases for the seizure. It's similar to a statement "Calixte is using two computers to hide his illegal activities..." That doesn't mean "people with two computers are suspected criminals", it means "I mean to seize all computers". Look at the laundry list of what's being seized: applications, operating systems, DVDs; in short, anything. In short the detective is making sure that when he seizes the computer, nothing on it, including an OS on an encrypted partition, for example, would be excluded from evidence (although I doubt he would have put it that way).
I love this comment in the update on the EFF page: "Some commentators have disputed the conclusion that the student's use of an operating system other than the "regular B.C. operating system" was unfairly cited in the investigating officer's affidavit, arguing for example that the "use of Linux ... [is] simply evidence that connects Calixte to the emails at issue." With all due respect, I think that's missing the point."
You gotta love the pointed insult -- "With all due respect". One can fairly safely assume that the author means that no respect is due.
partdavid: My reading of section 4(b) of the affidavit is that the entire section simply summarizes the statements made by the informant.
I base this reading on the first sentences in the section: "On 01/28/09 I met with [Bennefield] to discuss these allegations further. At this time he advised me of the following. ..."
Also, this is repeated in the immediate context of the infamous "black screen" comment:
"[Bennefield] reported that Mr. Calixte used two different operating systems to hide his illegal activities. One is the regular B.C. operating system and the other is a black screen with a white font which he uses prompt commands on."
The "hide his illegal activites" part is *explicitly* presented as something the informant said; it cannot in any reasonable way be read as the detective's assertion. And it requires quite a tortuous reading to assume that the following sentence would be the detective's interpolation rather then what it appears to be on its face: a close retelling of the informant's statement.
@kangaroo: "You gotta love the pointed insult -- "With all due respect". One can fairly safely assume that the author means that no respect is due."
I believe that is an unfair assumption.
I use that phrase when someone I respect has said something I disagree with, or someone (usually someone I am not familiar with), has made a respectable case for something that I happen to disagree with.
My belief is, it is usually a polite disagreement that intends no insult to the person or their intelligence. To assume the reader means the opposite may fuel an unnecessary argument rather than thoughtful dialogue.
A good example of this is on page 109-110 of "Schneier on Security," Bruce makes a case for drivers licenses for illegal immigrants. His case is well presented and he makes a compelling argument, but I have not been sold on it, but that in no way dimishes my respect for him or my acknowledgment his case is compelling. So "with all due respect, I disagree" seems entirely respectful and accurate.
If someone disagrees with someone but respects the case they made, and, as you put it "with all due respect" means "no respect is due", what would you have them say? How is acknowledging their merits insulting?
I'm still appalled at the fact that it took nothing more than the rampant speculation of an incredibly subjective witness (the victim himself in this case), testimony that amounted to little more than character defamation (no actual evidence was submitted in support of any of the claims presented), to obtain a search warrant ordered to collect and investigate the contents of all electronic devices in Calixte's possession.
I don't know how many of you actually read the entire (original) bit of legal documents, including the application for the warrant, but it seems to me that if this is in fact the standard operating procedure for obtaining a search warrant, something is terribly wrong with our judicial system.
What this says to me is this:
If I have a personal entanglement with Alice, and submit a sworn statement to law enforcement officials in which I do nothing more than speculate that Alice has committed computer-related criminal acts, using arbitrary circumstances, personal opinions, hearsay, and character defamation as my only forms of evidence, I will effectively give law enforcement officials all they need to obtain a warrant to rifle through all of Alice's electronic belongings. In the end, should I name enough commonplace criminal acts, I'm bound to be right on at least one of them, and even if I'm not, the search may garner a mountain of evidence on any number of crimes, but at the very least Alice's privacy and data will have been violated, and documented.
Also, cause I'm sensing the argument is on its way, this is not on par with an old woman peering out her window and seeing that 'scary guy' down the street exchanging small bags for cash with a large amount of seemingly random or unfamiliar people. The victim's only evidence in this case amounted to nothing more than 'Calixte is a jerk, and he uses computers. I know it was him.'
If that's all it takes, then like I said, I'm more than a bit concerned.
Shane: Yes, if "granting warrants on a basis so flimsy that they later get overturned by the state supreme court" is standard operating procedure, then something is terribly wrong.
But I think we need more than a single data point before we assume such an extraordinary premise.
@ Henning and Shane... more or less in agreement with both, and just like to add:
It was thrown out - that indicates a systemic success in the face of single event of failure... If it happens repeatedly, that's a sign of systemic failure, otherwise, this is exactly why there are checks built into the system (judiciary vs. executive in this case).
"Assuming that version 2 accurately describes Smith's statement, would you really prefer that the police removed the parts of her statement that were not supportive of a search warrant, and instead filed version 1 with the magistrate?"
You present a false dichotomy. I would prefer that the police would file her report and determine that there was no need to search her Mr. Jones's premises, and if they seek a warrant, I would prefer that the judge refuse to issue the warrant.
If the warrant were issued, I would feel entirely justified in stating that the warrant was issued because, among other things, Mr. Jones implanted a neurological transmitter in Mrs. Smith's abdomen.
joel8360: The question at hand is which rules should govern the police's drafting of warrant application. Either the rules will allow the police to file version 1, or the rules will require that if any warrant is applied for at all, it would be with version 2, disclosing the full set of facts to the magistrate. Those are the only options for what the rules can say about this matter: either the police is allowed to file version 1 or they aren't.
I assert that any reasonable set of rules governing the police's activity would require the police to use the full-disclosure version when asking for a warrant, if it chooses to ask for a warrant. It will then be up to the court to decide which facts in the application are relevant for its decision.
In that situation, to claim that a random fact in the application -- which the court has the power to rely on or ignore as it sees fit -- is a cause of the court's decision, amounts to a serious insult to the court's competence and ability to think for itself.
(Not wanting to hijack this blog more than necessary, I have now also taken this to my own one at http://blog.henning.makholm.net/2009/06/...
(Assume as a boundary condition that the police is out to get Jones, and want to use Smith's statement as a pretext for acquiring a warrant. Should the rules be such that the policeman will get in trouble for using version 1, even if there is no hard evidence for why he chose not to report all of what Smith said?)
Shane: the alleged victim's statements weren't actually the only evidence. There was also evidence from the network administrators.
It should also be pointed out that the Boston Globe's summary is inaccurate on one very important point - it left out the allegation that the suspect had created a fraudulent profile on a gay dating site in the victim's name.
This is a considerably more serious offence than merely "spreading a rumour" and in my opinion if such activity isn't illegal it should be.
I presume the judge was not convinced by the evidence on this point, or did not consider the allegation to be relevant to the charges made.
"As said by a world renowned security guru Bruce Schneier, anyone who runs Linux instead of Windows is obviously a scary bad hacker" would nicely fit into an article.
Interesting that it is stopped for this reason.
When I read the warrent I did not find the evidence that lacking. There was no proof, but it clearly indicated that the suspect was responsable for creating the fake profile on a gay site.
The problem for me was the crime, which might not be important enough to justify taking is computers.
All Linux users may not be criminals, but a sufficient number of Linux users go to absurd lengths to defend themselves such as to appear paranoid.
Sometimes stupidity is just random.
Shane, the police require nothing more than statements to get a search warrant. Judges regularly rubber stamp warrants regardless of the data, and police have been known to falsify search warrants. People regularly use this low standard of "police investigatory work" to cause trouble in someone's life, and usually don't get charged with making false statements. Try reading theagitator.com for a constant flow of data proving that there is a serious systemic problem involving police, prosecutors, and judges.
'the Boston Globe's summary ... left out the allegation that the suspect had created a fraudulent profile on a gay dating site in the victim's name....This is a considerably more serious offence than merely "spreading a rumour" and in my opinion if such activity isn't illegal it should be.'
What "activity" here do you want to criminalize? Creating an inaccurate profile? I lie to every single website that asks for unnecessary information about me; that's only prudent. Using a gay dating site? Surely not. Telling a website that my name is, for example, Harry Johnston? Several people in the USA have that name, it's not your property or anybody else's.
Now, if the activity had involved a stolen credit card number, or some specific attribute of identity like an SSN, existing laws would have been violated. But we don't need new laws.
@Henning Makholm So you admit that the officer edited the dialog to exclude unimportant parts from the warrant. It therefore follows the officer included the reference to other operating systems because he considered this evidence as support for the warrant.
I don't see why the police shouldn't be able to get search warrants based on individual statements. After all, if I see good evidence that there's a meth lab in my neighborhood, how much more evidence should there be to allow the police to go in and look?
The deciding factor should be whether, assuming the statements were made in good faith, there is good evidence that a crime is being committed. Justice Botsford ruled that there was good evidence of something that wasn't a crime, and insufficient evidence of something that was, and therefore ruled the search warrant to be improper. The system didn't entirely work, but at least it corrected itself.
This has nothing to do with the question of whether and when there is abuse of search warrants. If the police and judges are determined to harass somebody, increasing the amount of evidence actually required isn't going to stop them.
I want to hear whether Calixte is successful in suing and/or prosecuting the roommate and/or Boston College. I hope he is.
If anyone with a grudge can file a vague complaint with the police (or a complaint which doesn't say the accused did anything illegal) and cause this kind of loss to the accused, *with impunity*, then innocence has ceased to matter and it might as well be 22 Prairial all over again. (Explanation here: http://en.wikipedia.org/wiki/... )
The police can't do their jobs if we unduly limit what they're allowed to do. But that makes it all the more important that the law come down like a ton of bricks when somebody uses the system to hurt the innocent, even if that somebody is just an ordinary person filing a police complaint.
I was inside BT's Westminster local exchange - literally across the road from New Scotland Yard and the Home Office, and down the street from Parliament - today, and no-one was at all surprised by me running OpenSUSE on my laptop.
They probably weren't surprised because OpenSUSE's normal operating mode isn't "black screen with white font which he uses prompt commands on." -- One gui looks much like an other at a casual glance.
Try it again, but go Alt+Ctrl+F1 before logging in.
Impersonating someone else for malicious purposes should be a crime. It's fraud, in the dictionary sense, although I'm told that it's only fraud in the legal sense if money changes hands.
Harassment is (as I understand matters) a crime in most jurisdictions, but apparently there's some kind of bizarre loophole in the relevant legislation that means you can get away with it as long as you use a computer to do it.
Lying in order to gain access to a website is wrong, but in general it should probably be considered a civil rather than a criminal matter. Note that in general simply using an alias is not lying.
@John David Galt:
I fail to see what Boston College is supposed to have done wrong. Did you mean the police?
As for the roommate: that's absurd, unless you have some evidence to suggest that he was lying. Assuming for the sake of argument that he was telling the truth, he was perfectly entitled to file a complaint ... it isn't his fault that the law is deficient, and you can't reasonably expect complainants to know every loophole that might allow the accused to escape justice.
In fact, I'd rather hope the roommate would be able to sue the accused. Isn't the usual phrase "emotional distress" or some such? Of course, the intricacies of the legislation governing US lawsuits are beyond me, so I have no idea whether or not this would be possible. I would imagine that unless the accused is independently wealthy you'd never cover your legal costs anyway.
Ach, those Masschusetts activist judges again.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.