Dieses Blog durchsuchen

Dienstag, Dezember 25, 2007

Another witch hunt? (update2, Nov 2008)

German version of this article here - deutsche Version hier

ENGLISH:

The witch hunt is on:

controvers Police methods in investigation of Internet child-pornography

Now I sincerely hope that no keyword triggered online-advertisement will display any related ads right now in this blog. Because this article is about the latest hunt for child porn offenders on the Internet, this time the material had been located in Germany (LINK: http://www.sueddeutsche.de/deutschland/artikel/81/149718/ (German)). Now don’t get me wrong, a hunt for producers or consumers of child porn is perfectly fine, but as an information scientist (Dipl.-Informatiker, German degree) focused on information security, I am often concerned how easily the privacy of people if violated, if there is as good as no evidence – and how easy connection-related information (IP addresses) or online credit card information leads to false prosecution of people.

The usual comments on web sites with articles such as the link above are “cut off their … (you know what)”, however I like to point out here how easy it is to turn the lives of perfectly INNOCENT people into hell with such police action and I like to point out how easily the Internet can contribute to FALSE EVIDENCE being created and used against false suspects.

As in this recent “operation Himmel” action, IP addresses of people were obviously tracked after a Berlin Internet provider alarmed the police. So far, so good. Law enforcement does not state how the identities of suspects were retrieved, but it is very likely the IP addresses were captured as the German law enforcement said, some suspects were not prosecuted, as “they had just clicked on the wrong link”. This means, police did not care to check who actually showed enhanced activity on the child porn web site, but rather took IP addresses of somebody “surfing through”. Clicking away quickly is probably not enough, if police already has tracked the IP address of an innocent person who just searched for –legal- adult content (searching for adult content is unfortunately the largest money maker on the Internet) and got astray clicking on a strange link.

Internet: click wrong button and…

Again, I do not want to defend child porn users, as they keep up a multi-million dollar business which is abducting and abusing children. But law enforcement should make sure, they really catch the bad guys. However, the Internet with it’s 24/h offering of all kinds of content right to your desk is more like a TV in my opinion than anything else, so people should not be prosecuted for just zapping into an “illegal TV channel” (website). If they actively take part in the received program (downloading images from the child porn site or clicking through it), this is a different story and in this case they should be prosecuted by law enforcement.

With operation “Himmel”, the large number of suspects (12 000) suggests that again simply IP addresses of Internet surfers had been tracked.

250 000 suspects…. and a lot of hot air

Recently, the operation again the Internet-payment company “landslide” had revealed as much as 250 000 suspects worldwide. Law enforcement was proud of this big catch of “child porn offenders”. However, the facts which were later revealed did not seem very convincing (see http://en.wikipedia.org/wiki/Operation_ore, blog: http://hahn.blogkade.de/index.php?serendipity%5Baction%5D=search&serendipity%5BsearchTerm%5D=verfassungsbruch - German). Again, I am happy if police action does result in arrest of child porn offenders, but law enforcement should ensure they have the right suspects.

Landslide turned out to have been offering a payment system for a lot of web sites, among these was perfectly legal adult content, and also child porn content (or at least ads relating to fake child porn websites which probably only want to install spyware – it is unknown what exactly had been in the landslide system because of sloppy police work). Even the musician Pete Townshend hat been prosecuted, as he seemingly owned a landslide payment key, BUT it was later revealed he had NOT accessed the child porn sides, just other websites.

Now let’s recall this: Someone buys an access key for perfectly legal adult content and then he gets arrested for being a child porn offender although he never consumed such thing. This is what I mean when I say, law enforcement should really monitor the behaviour of online suspects and not just jump to –often wrong- conclusions from “easy evidence”.

As the blog above mentioned, a lot of people were arrested who owned credit cards with numbers which were found on the landslide servers. But it is a well-known fact that shady businesses - and landslide certainly was one - often abuse credit card information they obtained. Credit card information is sold by shady companies and people find charges for Internet services, which they never ordered, on their credit card all the time. As the blog in the link above states, many people became suspects only because landslide billings were found on their credit card. The blog even states, people were sentenced as child porn offenders, even if no further evidence was found! This means, people who just had a billing on their Internet card but never ordered it, got sentenced (see Wikipedia quote below regarding this).

All German credit cards had been searched

In Germany, practically all credit cards had been searched in another child porn investigation (http://www.spiegel.de/panorama/justiz/0,1518,457844,00.html -German).

That is 22 million credit cards. Police was searching for a certain amount being transferred to a certain payment service, which was supposed to indicate child porn access. Again, the possibility exits (and the probability is high) that people had been prosecuted because they had a fake(!) billing on their credit cards. Companies selling child porn (often located in Russian networks) are not beyond making fake billings of credit cards, I would suppose. I still remember reading on Spiegel.de about a business man, being over 70 years old, who had found police raiding his company in the middle of Christmas business wanting to take away his servers. Reason was such a billing on this credit card. As the person had already informed his credit card company about the fake billing and could prove it to the police force, the servers were not taken away and he was not prosecuted any further. Imagine what would have happened if he hadn’t noticed the fake billing.

In the latest “operation Himmel” mentioned above, law enforcement even indicated, people receiving email advertising child porn would be suspects and should report such emails to police. This is an astonishing statement, as mailboxes of many people who use their email accounts for business are full of hundreds of spam mails per week. People use automatic spam filters to get rid of the tons of emails advertising MP3-downloads from Russia and fake Viagra pills and “XXX teens”. Are people now responsible for all these spam emails they get without ever having requested them? What will be next, will I be arrested for stuff some shady east-European criminals dump into my email box without me even seeing it?

What happens if..

The problem for innocent suspects is, what happens if the home and work place of an innocent “suspect” gets raided by a police. Neighbours notice. Word will spread, “Mr. Miller” had been raided “because of child porn”. If the suspect is a father, his children will be taken away even during the investigation (see blog ink above relating to the landslide operation). Wives will leave their husband. The father will lose al visitation rights for his kids after the divorce. His company will fire the employee (law enforcement always investigates the work computer in such cases). All VHS, CD-ROM and DVD material will be taken out of the home of the “suspect” and investigation will take a year or longer. The blog above mentions 39 suicides during the landslide investigation. Chances are, a lot of these people were not real consumers of child porn, but just innocent people who had the wrong billing on their credit card or just had bought access to a legal website without knowing that access to a child porn site was “hosted” by the same billing company.

I am happy if child porn offenders get convicted. But I am not happy if connection data or online credit card data gets misused to ruin the lives of innocent people.

People’s constitutional rights get easily violated these days. Especially if accusations about such a crime are involved. In the end we may have just a big witch hunt, doing more harm than good – simply because police work is not done properly. And while innocent people are prosecuted and find themselves outcasts of society without ever having committed any crime, the real child porn offenders are still out there.


UPDATE: as a German lawyer states in his (German) BLOG , the so-called child-porn portal in the "Himmel" raid was also offering legal adult-content and persons who had downloaded only legal content, also have their homes raided. Probably without noticing an ad to a child-porn site? The client of the layer only downloaded legal content from a legal website of this portal, but still had his home raided, PC seized and even his workplace raided. His wife divorced, he lost his job. Visitation rights for his children will be decided soon...
Careless tracking of IP-addresses has destroyed a life of a person far from committing any illegal action. Law enforcement should track more properly, what suspects are actually doing on the internet. There will be no prosecution of the lawyer's client, but the damage to his life is already irreversible.

Quote from Wikipedia regarding the landslide operation:

http://en.wikipedia.org/wiki/Operation_ore

“Since 2003 Operation Ore has come under closer scrutiny, and the police forces in the UK have been criticised for their poor handling of the operation. The most common criticism is that they failed to determine whether or not the owners of credit cards in Landslide's database actually accessed any sites containing child porn, unlike in the U.S. where it was determined in advance whether or not credit card subscribers had purchased child porn. Investigative journalist Duncan Campbell exposed these flaws in a series of articles in 2005 and 2007.

This was a serious error, because many of the people making charges at child porn sites were using stolen credit card information (and the police arrested the real owners of the credit cards, not the actual viewers). Plus, thousands of credit card charges were made where there was no access to a site, or access to only a dummy site. When the police finally checked, they found 54,348 occurrences of stolen credit card information in the Landslide database. The British police failed to provide this information to the defendants, and some implied that they had checked and found no evidence of credit card fraud when no such check had been done.“


UPDATE: Heise.de had reported (can't find the link right now) that all prosecutions of the "operation Himmel" had failed. Evidence was not clear, a lot of people who were investigated were innocent, not clear if any child pornography consumer was among the owner of the collected IP addresses. A few marriages and careers ruined because of police knocking at doors of innocent people. Bullocks police work, as predicted above.

Here is a link to an article (German!) in the blog of a lawyer who worked on the case (defense) stating there had been no successful prosecutions published by the state attorney. The Heise.de article was even more clear and stated there HAD BEEN no such success stories and the seized computers were returned to their owners, many of them without search, as the grounds for prosecution were cloudy at best.

Kommentare:

Dazed hat gesagt…

A nice piece.

And the possibility of wrongful accusation is all too real, as many victims of Operation Ore (Landslide) in the UK can bear witness too.


Fortunately, there are some prosecutors who think for themselves and require more than a list of IP addresses before they are prepared to accuse someone.

http://www.spiegel.de/panorama/justiz/0,1518,525785,00.html

Bob Honest hat gesagt…

I have recently rejected a Spanish comment here, sorry. It had a link to a site which was money-related so I suspect spam. Sorry if it wasn't, but my Spanish is too crappy to really understand it.

Thanks any way and lo siento :-)

Anonym hat gesagt…

The IP address does not determine the offender. Behind the IP may be one or more computers, one or more users, spreading a Trojan pornography, stealing a neighbor's wireless, etc.

Indignado
http://indignado7777.wordpress.com

Anonym hat gesagt…

Hallo.
Ich mochte mit Ihrer Website bobhonest.blogspot.com Links tauschen

Anonym hat gesagt…

Good article Thank you so much

Anonym hat gesagt…

Hello! Just want to say thank you for this interesting article! =) Peace, Joy.