Regarding digital evidence

Following up on the post about piracy and liability, I think we need a serious discussion about digital evidence.

I have a big issue with digital evidence, as I know that it is entirely possible to produce data that looks true but is false.

In the case of piracy, there seems to be a market leader in online torrent tracking with the German companies Guardaley and MaverickEye. They are, at least, those that are mentioned in articles about crackdowns on piracy.

Unfortunately these companies produce so-called digital evidence that are using in copyright trolling and in some copyright cases. But it appears that almost every time someone actually forces them to disclose their procedures, the cases are dropped.

Not in the case of the time travelling witness though. In that case a witness had signed documents attesting the validity of timestamps and IP addresses, but apparently those signatures had been copied to other documents as well.

Guardaley has even made the claim that there are no possibility that their product can yield a false positive, which is basically a claim that there are no bugs in at least part of their product. And such a claim is impossible; you cannot prove that there are no bugs.

I read about another company making similar claims, using a program called Excipio. They too lost in court:

  • Human error when IPP enters information from Malibu Media into the Excipio system.
  • IP address false positives can occur in the system.
  • The user’s access point could have been incorrectly secured.
  • The user’s computer or network interface may have been compromised and is being used as a conduit for another user’s traffic.
  • VPN software could produce an inaccurate IP address of a swarm member.
  • Proprietary BitTorrent Client may or may not be properly implemented.
  • Claim of “zero bugs” is suspect when one of the stated components has had over 431 bugs, 65 currently unresolved.
  • Zero duration data transfer times on two different files.
  • The lack of any available academic paper on, or security audit of, the software system in question.

Once we get digital evidence solved, let us move on to the case of online voting.

This entry was posted in Development, Legal and tagged , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.