BBC 'vague' reporting again!

[Andrew Cormack]

If a Trojan of this kind counts as an interception (and something that
can read incoming and outgoing mail between me and my correspondents
certainly sounds like it) then presumably it couldn't be used as
evidence anyway under RIPA s.17?

Andrew

--
Andrew Cormack, Chief Regulatory Adviser
JANET(UK), Lumen House, Library Avenue, Harwell Science and Innovation
Campus, Didcot, OX11 0SG, UK
Phone: +44 (0) 1235 822302
Fax: +44 (0) 1235 822399

JANET, the UK's education and research network=20


> -----Original Message-----
> From: ukcrypto-admin@chiark.greenend.org.uk [mailto:ukcrypto-
> admin@chiark.greenend.org.uk] On Behalf Of Peter Sommer
> Sent: 01 December 2008 11:46
> To: ukcrypto@chiark.greenend.org.uk
> Subject: Re: BBC 'vague' reporting again!
>=20
> Check out the following URL to see what is available:
>=20
> http://www.guidancesoftware.com/products/fim_index.aspx
>=20
> Encase is a very widely used product to preserve and examine
> computer
> media.    Normal investigation depends on seizing hard disks etc,
> preserving them correctly and then using the Encase software to
> recover
> and analyse the contents.   A few years ago Encase introduced a new
> product for deployment across corporate networks and which allowed
> all
> the facilities of the "local" product but remotely.  To make this
> work
> each computer that was to be subjected to remote inspection needed
> to
> have a "servelet" program installed.  Fuctionally there is no
> difference
> between a covert remote control trojan and a servelet.  In a
> corporate
> environment,  legalities are taken care of because the employee
> consents
> or consent is implied or the enquiry falls within the terms of the
> Telecommunications (Lawful Business Practice) (Interception of
> Communications) Regulations 2000 or something similar.
>=20
> In a law enforcement situation in most countries police etc would
> require a warrant or other authorisation to seek to place a
> servelet on
> a suspect's machine.   But the same technology as is used in the
> corporate world works.
>=20
> Encase apparently only sell is Field Intelligence Model to law
> enforcement.
>=20
> There is of course a big problem with this class of evidence.  The
> police have had access to the suspsect's computer and in a
> relatively
> uncontrolled and non-audited manner.   Some defendants are highly
> likely
> to suggest that any evidence in this way has been so contaminated
> as to
> be unusable.
>=20
>=20
>=20
> Paul Vigay wrote:
> > Just spotted this item on the BBC news -
> > http://news.bbc.co.uk/1/hi/technology/7758127.stm where they
> claim "Remote
> > searches of suspect computers will form part of an EU plan to
> tackle
> > hi-tech crime."
> >
> > They don't state how these 'remote searches' will work, but
> either they're
> > assuming Windows has some backdoor in it, people are too stupid
> to
> > configure an effective firewall, the BBC don't understand the
> technology
> > involved or I've misread something in the story. :-)
> >
> >
>=20


JANET(UK) is a trading name of The JNT Association, a company limited
by guarantee which is registered in England under No. 2881024=20
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Science and Innovation Campus, Didcot, Oxfordshire. OX11 0SG