Thread for off topic posts

Hacked evidence not always admissible

For the London Free Press – April 25, 2011

Read this on Canoe

There is a common-law rule that illegally obtained evidence is admissible in court no matter how it was obtained. But there are exceptions.

Given the digitally interconnected world we live in, it is not surprising there are cases where evidence has been obtained by way of an unauthorized computer access, or hacking.

Hacking is an indictable offence under the Canadian Criminal Code with a maximum 10 years imprisonment. The code defines hacking as any unauthorized use of a computer to:

obtain a computer service (which includes retrieval of data), intercept any function of a computer system, destroy, alter or render data meaningless, and obstruct, interrupt or interfere with the lawful use of data.

Based on the common-law rule, one would think information illegally obtained via unauthorized computer access should be admissible in civil proceedings. However, when it comes to hacked information, application of the common-law rule is not always so clear-cut.

In Autosurvey Inc. v. Prevost, a company concerned that part of its system had been compromised by a former employee hacked into the former employee’s own private server and copied everything on it to preserve potential evidence.

The information copied contained, among other things, privileged solicitor-client communications, litigation strategy notes and confidential client information (credit card numbers and passwords) from the employee’s other legitimate business interests.

The company’s lawsuit against the employee was ultimately stayed by the court. The court called the company’s “brute force entry” into the former employee’s server egregious. In justifying his stiff decision, the judge said the company’s “failure to fully disclose these serious procedural violations to the defendants and the court on any sort of timely basis, and the unquestionable prejudice that will result to the defendants as a consequence, demand public denunciation and the levy of a severe sanction by the court.”

In Osiris Inc. v. 1444707 Ontario Ltd., an employee of the defendants hacked into his employer’s server and took more than 2,000 documents in an effort to protect himself after refusing to participate in unethical conduct with his employer. The employee in turn provided one of the plaintiffs with 31 of the documents relevant to the litigation and damaging to the defendants.

Unlike in Autosurvey, the documents in question were not privileged and would have been producible under ordinary circumstances.

Ultimately, the 31 documents were allowed to be relied on pending a ruling on their authenticity.

These cases highlight that, despite the common-law rule regarding illegally obtained evidence, information obtained by unauthorized computer access will not always be admissible.

At the very least, the acquired information must be evidence and cannot be something that would not be allowed traditionally such as confidential communications unrelated to the matter at issue. Parties cannot conduct fishing expeditions into opponent’s electronic servers, and the courts will punish individuals for such egregious invasions of privacy. And legal counsel cannot have anything to do with the hacking, or advise their clients to do so.

Motion to Suppress Hearing. A motion to suppress hearing is a court appearance where both sides can argue about whether evidence against a defendant should be thrown out because the defendant's constitutional rights were violated.

Amendment IV

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

There's no actual proof that there's any evidence on the defendants phone. The fbi just want to Crack it open and look without knowing that they may or may not find anything.

Here's why the FBI forcing Apple to break into an iPhone is a big dealNatalie DiBlasio and Elizabeth Weise, USA TODAY3 days agoFacebookTwitterGoogle Plusmore

When U.S. Magistrate Sheri Pym ruled that Apple must help the FBI break into an iPhone belonging to one of the killers in the San Bernardino, Calif., shootings, the tech world shuddered.

Why? The battle of encryption "backdoors" has been longstanding in Silicon Valley, where a company's success could be made or broken based on its ability to protect customer data.

Kimihiro Hoshino, AFP

Apple's iPhone 4S

The issue came into the spotlight after Edward Snowden disclosed the extent to which technology and phone companies were letting the U.S. federal government spy on data being transmitted through their network.

Should Apple fight a court order to break into the San Bernardino shooter's iPhone?https://t.co/ZYyhqO10uH

— USA TODAY Tech (@usatodaytech) February 17, 2016

USA TODAY

Latest: Apple vs. U.S. over terrorist's iPhone

Since Edward Snowden's whistleblowing revelations, Facebook, Apple and Twitter have unilaterally said they are not going to create such backdoors anymore.

So here's the "backdoor" the FBI wants: Right now, iPhone users have the option to set a security feature that only allows a certain number of tries to guess the correct passcode to unlock the phone before all the data on the iPhone is deleted. It's a security measure Apple put in place to keep important data out of the wrong hands.

Federal prosecutors looking for more information behind the San Bernardino shootings don’t know the phone's passcode. If they guess incorrectly too many times, the data they hope to find will be deleted.

That's why the FBI wants Apple to disable the security feature. Once the security is crippled, agents would be able to guess as many combinations as possible.

Kurt Opsahl, general counsel for the Electronic Frontier Foundation, a San Francisco-based digital rights non-profit, explained that this "backdoor" means Apple will have to to write brand new code that will compromise key features of the phone's security. Apple has five business days to respond to the request.

What does Apple have to say about this?Apple CEO Tim Cook said late Tuesday that the company would oppose the ruling. In a message to customers published on Apple's website, he said: "We can find no precedent for an American company being forced to expose its customers to a greater risk of attack. For years, cryptologists and national security experts have been warning against weakening encryption. Doing so would hurt only the well-meaning and law-abiding citizens who rely on companies like Apple to protect their data."

Back in December, Cook defended the company's use of encryption on its mobile devices, saying users should not have to trade privacy for national security, in a broad interview with 60 Minutes. In the interview, Cook stood by the company's stance of refusing to offer encrypted texts and messages from users.

What does this mean for the next time the government wants access? The order doesn't create a precedent in the sense that other courts will be compelled to follow it, but it will give the government more ammunition.

What do digital rights experts have to say? There are two things that make this order very dangerous, Opsahl said. The first is the question it raises about who can make this type of demand. If the U.S. government can force Apple to do this, why can't the Chinese or Russian governments?

The second is that while the government is requesting a program to allow it to break into this one, specific iPhone, once the program is created it will essentially be a master key. It would be possible for the government to take this key, modify it and use it on other phones. That risks a lot, that the government will have this power and it will not be misused, he said.

And the lawmakers? Well, they are torn. Key House Democrat, Rep. Adam Schiff, D-Calif., says Congress shouldn't force tech companies to have encryption backdoors. Congress is struggling with how to handle the complex issue.

On the other side of things, Senate Intelligence Committee Chairman Richard Burr, R-N.C., and Vice Chair Dianne Feinstein, D-Calif., say they want to require tech companies to provide a backdoor into encrypted communication when law enforcement officials obtain a court order to investigate a specific person.

What now? This could push the tech companies to give users access to unbreakable encryption. To some extent, it's already happening. Companies like Apple and Google — responding to consumer demands for privacy — have developed smart phones and other devices with encryption that is so strong that even the companies can't break it.


Read the last line.

When governments fear the people, there is liberty. When the people fear the government, there is tyranny. The strongest reason for the people to retain the right to keep and bear arms is, as a last resort, to protect themselves against tyranny in government."