Software as Evidence
Increasingly, chains of evidence include software steps. It’s not just the RIAA suing people—and getting it wrong—based on automatic systems to detect and identify file sharers. It’s forensic programs used to collect and analyze data from computers and smart phones. It’s audit logs saved and stored by ISPs and websites. It’s location data from cell phones. It’s e-mails and IMs and comments posted to social networking sites. It’s tallies from digital voting machines. It’s images and meta-data from surveillance cameras. The list goes on and on. We in the security field know the risks associated with trusting digital data, but this evidence is routinely assumed by courts to be accurate.
Sergey Bratus is starting to look at this problem. His paper, written with Ashlyn Lembree and Anna Shubina, is “Software on the Witness Stand: What Should it Take for Us to Trust it?”
We discuss the growing trend of electronic evidence, created automatically by autonomously running software, being used in both civil and criminal court cases. We discuss trustworthiness requirements that we believe should be applied to such software and platforms it runs on. We show that courts tend to regard computer-generated materials as inherently trustworthy evidence, ignoring many software and platform trustworthiness problems well known to computer security researchers. We outline the technical challenges in making evidence-generating software trustworthy and the role Trusted Computing can play in addressing them.
From a presentation he gave on the subject:
Constitutionally, criminal defendants have the right to confront accusers. If software is the accusing agent, what should the defendant be entitled to under the Confrontation Clause?
[…]
Witnesses are sworn in and cross-examined to expose biases & conflicts—what about software as a witness?
BF Skinner • April 19, 2011 7:29 AM
“courts tend to regard computer-generated materials as inherently trustworthy evidence”
People do have a tendency to trust output. It’s like the computer is wearing a white lab coat. (and while a white lab coat won’t help you score with the women in a bar it will get people to trust you.)
“software as a witness?”
Not sure I agree with the model. Evidence can be questioned.
Forensic document examination questions the sample document with enough rigor for the courts.
If the point is that a program is detecting and making record of events then how is it any different from an automated CCTV?
Of course the integrity of the monitoring software should be challanged (just like the validity of evidence from a dog smelling contraband). But it’s a “witness”
not unless it get’s a whole lot smarter.
Personally I’d like to see Granick opin on the topic.