PA Seizes Newspaper's Computers

twitter writes "Computer equipment from the Lancaster Intelligencer Journal was seized for alleged improper data access and disclosure. From the article: 'If the reporters used the Web site without authorization, officials say, they may have committed a crime.' Journalist are understandably upset that confidential information, that has nothing to do with the investigation, will be found and used for retribution."

Logs?

[CaptainZapp]

Couldn't they prove their case with their own, damn webserver logs?

This seems to me like impounding your car to take it apart to prove that you drove 7Mls over the speed limit.

Or in other words: Harrassement!

Re:Logs?

[G)-(ostly]

You don't need to follow basic computer security principles involved in "proving" behaviors if you have enough guns at your disposal.

Re:Logs?

[thedletterman]

So a bank notices an employee key card is missing, and it was used to open the front door and the vault door. they even find a hundred thousand dollars missing from the bank, and a review of the security cameras reveals the offender. Should they bother to get a warrant to search their house, or is that just harrassment?

Really bad analogy

[Secrity]

All analogies are bad and that was a Really bad analogy.

Re: Really bad analogy

[afaik_ianal]

All analogies are bad and that was a Really bad analogy.

Yep - Using analogies is like comparing apples and oranges.

Re: Really bad analogy

['nother poster]

But how could you do that? Everyone knows that apples are BETTER than oranges, so there is no comparison! (God, I hope I don't have to use a smiley to show that this was meant as humor. Holy crap, is this thing still on...)

Re:Logs?

[Henry V .009]

Your analogy was pretty good. Most slashdotters have this technique that lets them shut off their brains when an opposing viewpoint comes along, hence the criticism.

Just like you'd search the bank thief's house despite overwhelming evidence that it was her, you generally want to search a computer crime suspect's computers.

Re:Logs?

[thedletterman]

I don't see where the article suggests the investigators did not check the logs. I'm pretty sure that's how they figured out whose password was used to access this website.

Re:Logs?

[ArsenneLupin]

I'm pretty sure that's how they figured out whose password was used to access this website.

Wouldn't these logs also show whose IP address was used to access this website? I mean, like the newspaper's?

And if they have that, they don't need the newspaper's computer to prove anything further.

And if they don't have that IP (say, if the reporters were smart enough to use open proxies), chances are the reporters were smart enough not to leave any incriminating evidence lying around on their own computer eithe

Re:Logs?

[Elm Tree]

But if the newspaper is using NAT then they wouldn't know who at the newspaper was guilty, they'd need to examine each computer and see which has the necessary files.

Re:Logs?

[Technician]

That's why I just bought an external NAS drive with encryption. If it lost power, it locks and can't be unlocked until the encryption key is re-entered. They may be able to delete my data, but they can't access it. As an additonal security, the little drive is hung remotely off the lan. Finding it to take it could be a challange.

Check out the Simple Tech SimpleShare NAS. Drop it in the janitor closet someplace locked.

Re:Logs?

[Technician]

Exactly what do you have to hide, citizen?

1 Tax records
2 Full credit card information including card number, pin, phone numbers to call if lost or stolen.
3 Full bank details for online banking
4 Password list for various websites i log into once in a while. After all, I can't use Technician as a logon for AOL IM. So when I do use it on occasion, I need to look up my id.
5 Alarm system master password and user password. I seldom use the master password.

Can you think of any reason to leave any of that out for law enforcement or a burglar to dig through? It's nothing I would want either to have.

Re:Logs?

[b0bby]

For that I'd think a NAS would be overkill, you could just fit it all on an encrypted USB flash drive.

Re:Logs?

[ozmanjusri]

Exactly what do you have to hide, citizen?

"Give me six lines written by the most honorable of men, and I will find an excuse in them to hang him."
Cardinal Richelieu

Re:Logs?

[bigpat]

"Give me six lines written by the most honorable of men, and I will find an excuse in them to hang him."
Cardinal Richelieu

That number also works for guilt by association, since only 6 degrees seperate us all.

Re:Logs?

[Technician]

Certanly. Read the Tomsnetworking review. It's in about the 4th page of the review.

http://www.tomsnetworking.com/2005/04/15/review_st inas250/page4.html [tomsnetworking.com]

Snip Digging deeper into the menus revealed some advanced functionality that didn't appear to be advertised anywhere on SimpleTech's web site or product brochures. I found menus for creating encrypted, mirrored and striped shares, which are RAID capabilities that I have not seen in other boxes of the same class. Selecting the Help button on this screen brought up a full help listing for all features of the box, including these advanced ones. Reading through the help menus indicated that the mirror and striping capabilities are designed to be used on external drives plugged into the box.

end snip

It's one of the main reasons I bought it. Raid, Encryption and easly hidden someplace to be left behind in a raid or burglary. What more could a geek want?

Re:More info.

[Technician]

The encryption is invisable to the users. When the box is rebooted, the encrypted shares simply vanish and are not seen on the network until the password is input from the web interface. Another snip from Toms site;

I was initially a little confused about how an encrypted share would work. Would the client have to enter the encryption password, as well as the user password, when mounting the network share? I saw no provision for this, but what I had to do became clear the next time I rebooted the box. When the SimpleShare rebooted, I received an e-mail from it telling me that I had to go into the administration screen and enter the encryption password. Once I did this, the share was available for clients. So this feature is meant to protect your data if someone walks off with your drive - without the password, they won't be able to access it.

end snip

That's the way to survive a raid. Packing it up breaks it if they find it.
I know from experiance (i made a configuration error) that using the reset to reset it to factory defaults does not open the encrypted share. It stays encrypted and can only be opened and mounted by entering the encryption key.

HD locking

[Penguinoflight]

I'm not sure if your NAS device is IDE based or SCSI based (internally). ATA drives use a locking mechanism that is not actually on the disk, but on the circuit boards surrounding the disk (I have some experience with locking/unlocking drives for Xbox repair/modification). Some drives dont lock, others will lock, but do not unlock when supplied with the correct password. I haven't had a new drive go into a persistant lock state, but a referbished drive was persistantly locked the first time I locked it,

Re:More info.

[Technician]

Want to make any bets that the manufacturer has a masterkey, or key reclamation mechanism, and will share it with law enforcement if there is a subpoena involved?

If they do, they are not talking about it. When I sent mine in for a configuration error on my part (covered by warranty) I did not provide the encryption key. They let me know they got the software unlooped and could see the unencrypted shares OK. They would be willing to check the encrypted pool if I provided the key. I declined and said it's

Re:More info.

[Technician]

Want to make any bets that the manufacturer has a masterkey, or key reclamation mechanism, and will share it with law enforcement if there is a subpoena involved?

I was thinking too slow.. The software is GPL. Download the source and take a look. I'm not making any bets, but the odds against a back door are heavily in my favor.

Re:To back up my claim....

[Technician]

Look here..

http://www.linux-mips.org/wiki/Broadcom_SOCs [linux-mips.org]

Silence the whistleblowers!

[Opportunist]

That seems to be the slogan. After all, without them, some not really legal actions taken by governments could be more easily covered up.

So if you can give them the impression that even when a newspaper grants you anonymity, the feds will somehow find out who you are. Sure, you can still execute your freedom of speech.

But will you dare to when it pretty much means your career is over because it's this easy for the government to grab any kind of information they want? So take your share of the cake and shut up. It's better for you.

Re:Silence the whistleblowers!

[thedletterman]

How is this even relevant? The newspapers were discolsing secret details of crime investigations.. you know, those little details they use to confirm confessions that are sensitive to leads in the investigations? This newspaper, desperate to give more details than the others, compromised the police departments ability to investigate crimes. I'm scratching my head wondering how this should be glorified, and how whistleblowing applies?

Journalists have freedom, not immunity

[Mr. Underbridge]

"Journalist are understandably upset that confidential information, that has nothing to do with the investigation, will be found"

And presumably that unrelated confidential information wouldn't fall under the scope of the warrant. But the cops *definitely* have enough for a warrant. They have traced blatantly illegal activity back to a computer and seized it. Any private citizen would have faced the same. Freedom of the press isn't a blanket right to break the law with complete impunity and immunity.

I mean, think about what you're saying. It's like saying anyone with confidential information in their house (ie, everyone) shouldn't ever be subject to a legal, warranted search. There are mechanisms to restrict the scope of warrants.

In general, if one is worried about such confidential information, I'd strongly suggest not doing completely illegal shit with the computer containing it.

Re:Journalists have freedom, not immunity

[KagatoLNX]

While I don't disagree with the principle that seizure can be reasonable in the face of a real crime, the nature of seizure and of leaked confidential information makes this not so cut and dry.

Since businesses do a better job obtaining and preserving their protections than the public seems to do, just look to them for the precedent. They refuse to release things all the time claiming "irrepairable harm". Admittedly those are usually civil cases involving trade secrets and the like. However, the point stands. The Bill of Rights protects against unreasonable search and seizure for exactly that reason. Leaking information that can be used for retribution against citizen or, almost more importantly, against the press causes irrepairable harm. The belief of the paper is that the seizure, in this case, was far beyond what a constitution warrant would allow.

Admittedly computers and networks of them are very tightly integrated. It's hard to seize just the right parts of them. However, having witnessed the aftermath of a few police seizures of computer equipment I can assure you that it probably was overkill. People don't usually work well with things they don't understand. You can be that your average police department usually goes overboard in situations like this.

The claim could be made that the police made the most limited seizure practical, but I don't believe that's provides a defense against a clear Fourth Amendment claim (IANAL). The Fourth Amendment sends a clear message. Unfettered search and seizure is at odds with a citizen's ability to participate in a democracy because of the potential it creates for abuse. Any pretense of a crime can be used as a gateway to retribution. Especially considering that computers actually have made it easier to search and seize.

In the past, thousands of papers would have to meticulously found, catalogued, and archived. Now, digital copies can be made trivially, evidence integrity can be certified by third party signature, and search can be heavily automated. The sad fact is that the police are willfully ignoring the fact that they don't have to seize the entire computer so that they don't have to work as hard (not that they're lazy, but their resources ARE limited). Make no mistake, a single man can now seize libraries worth of data in minutes and search it just as quickly.

What nobody realizes about the Bill of Rights is that it was made to safeguard the ability of the people to revolt again if necessary. The government and courts has slowly disarmed the people, nibbled away at their speech protections, removed their autonomy, and generally preserve democracy by ensuring the government is subject to the will of the people--by force if necessary. This is always done in the spirit of "making people accountable", "keeping the peace", or "protecting people from criminals". The humbling reality is that every one of the founders of our government would have been dead if they were accountable to the government in their time. The peace would have been kept, it's true, but in a world where the people are made criminals for enjoying their freedom, what does it matter?

Re:Journalists have freedom, not immunity

[Mr. Underbridge]

Oh, enough with this revolt thing. What you have to understand, the Declaration of Independence (which is the document you're actually citing, not the constitution) was very romantic and was written while we were still British subjects. The Constitution, written later, most certainly makes no mention of a right to revolt. Revolts have never been tolerated in this country, dating back to Washingon himself quashing the Whiskey Rebellion, and more famously the civil war.

None of which matters here. A journa

Is the Freedom of the Press abridged?

[BadAnalogyGuy]

If a newspaper company commits a crime, infiltrating password-protected government computers in this case, should it be allowed to continue because of the First Amendment guarantee of Freedom of the Press?

According to the 4th Amendment, the right to be secure in our belongings is still subject to the will of a judge to issue a warrant. The warrant was issued in this case, and the judge has taken personal responsibility to act as escrow for the information that reaches the prosecutors.

I don't know what else can really be guaranteed the newspaper, except that they will have their day in court. Their protests about informant confidentiality is a red herring, designed to take our attention away from the possibility that they were involved in illegal activities.

Re:Is the Freedom of the Press abridged?

[SkankinMonkey]

I'm not going to argue with you on the main points because I agree with you on them BUT one thing has come along with digital media that really calls for other protections for defendants to be put into place. For one, since computers do store massive amounts of data, and many stories are theoretically being worked on with this computer, shouldn't the defense have some sort of representative available while said computer is being accessed to make sure that only relevant data is accessed OR to take note of data that was accessed as to make sure that their computers are being properly confiscated and this isn't just a setup for a SLAP suit?

Re:Is the Freedom of the Press abridged?

[yuna49]

From TFA:
Feudale ruled Feb. 23 that the state could seize the computers but view only Internet data relevant to the case. The judge also ordered the agent who withdraws the data to show them to him first - before passing them to prosecutors - to ensure that the journalists' other confidential files are not compromised.

Personally I think the entire process ought to be handled by a third-party on behalf of the court, and not by the state which is a party at interest. How could anyone be sure that only t

Re:Is the Freedom of the Press abridged?

[thedletterman]

I agree that the protests about all the data they don't want the government to find is a red herring. In reporting this story, it's pretty clear they're trying to shape public opinion of the big, bad, invasive government vs the good-natured press. What is really the story is that law enforcement (the REAL good guys, in case you didn't know) busted a reporter so desperate for information, that they violated the security of the municipality, and who knows what other laws they broke. The freedom of the press,

Re:Is the Freedom of the Press abridged?

[djmurdoch]

ATTENTION! BLAH BLAH BLAH ...

Click through agreements have trained people not to read anything presented in all caps.

Re:Is the Freedom of the Press abridged?

[MathFox]

How many computers does the newspaper have left after the four computers are taken... Freedom of the press isn't worth a thing when all your ink is taken away "for investigation".

I agree that journalists should be punishable for crimes they commit, but "criminal investigation" is commonly used as an excuse for government intimidation. (Not often in the USA, but read the reports from Reporters without borders [rsf.org].) Is this happening here, the secrecy around all this makes me worry!

Re:Is the Freedom of the Press abridged?

[realnowhereman]

From "man gpg"

--show-session-key
Display the session key used for one message. See --override-session-key for the counterpart of this option.

We think that Key Escrow is a Bad Thing; however the user should have the freedom to decide whether to go to prison or to reveal the content of one specific message without compromising all messages ever encrypted for one secret key. DON'T USE IT UNLESS YOU ARE REALLY FORCED TO DO SO.

Sounds like those smart GnuPG developers have already seen this coming.

Re:Is the Freedom of the Press abridged?

[BlueStrat]

Just another argument for encryption, and perhaps also for some method of storing information about seperate subjects seperately so that only some subset of the encrypted data need be decrypted, and not just everything.

Encryption wouldn't do much good when a judge will just order you to reveal the password(s) under pain of a contempt charge and jail until you concede, regardless of claims of bad memory, etc. There could also be destruction of evidence and obstruction of justice charges for wiping or destroying the hardrives.

Keeping the data private from investigators is possible, if one is willing to spend some serious time in the justice and penal systems. I'm all for standing on ones' principals, but when you're looking at a long stretch in prison, with a whole life, a career, and a family to consider, priorities can change in a hurry.

IANAL, YMMV, etc...

Strat

Re:Can't you plead the 5th?

[vertinox]

Encryption wouldn't do much good when a judge will just order you to reveal the password(s) under pain of a contempt charge and jail until you concede, regardless of claims of bad memory, etc.

Can't you plead the 5th when asked to give passwords? I've always wondered about that... Can you be forced to give information to the authorities? From my understanding you cannot be forced to testify against yourself.

Or maybe the "right to remain silent" doesn't always apply to certain situations?

Can anyone shed light on this?

Proof that there's no proof

[kafka47]

First off, if the coroner had indeed provided the system's password, wasn't he the one contravening security policy (if not the law)?

Their justification for the computer seizure doesn't explain it at all. If they were concerned about a possible breach (even one obtained through some fraud or password sharing), they'd be able to ascertain the truth more reliably and certainly via access logs from the host systems, or even the intervening logs from the newspaper's ISP. Period.

Searching through the hard drives would be a last ditch effort for a legitimate investigation, since the cache could have been modified or deleted (thus requiring a forensic examination of the suspect systems).

The investigators are either stupid or lying about their true motivations. I can smell a lawsuit of significant proportion.

/K

Re:Proof that there's no proof

[funkman]

The website had disclaimers on it (either during the login process or once you are signed in) that states unauthorized access is prohibited and that the web site is for official use only.

So a journalist (or anyone) using the site with someone's else's login credentials violates the terms of service of the site.

There is no way to plead ignorance for those who improperly accessed the site.

Re:Proof that there's no proof

[DrWho520]

But should not the coroner still be culpable of something? An official should not be spreading a password around like that, and unless proof of the paper (or someone else) hacking his password is found, there is only on explanation for how they got it.

Re:Proof that there's no proof

[Half a dent]

Just because you have been given a key to a building by an employee does not mean you are not guilty of trespass if you go ahead and use it. Same deal here.

Seizure may be going too far though - all depends on the specifics of the case.

--

(I never read facts - they spoil my arguments)

Re:Proof that there's no proof

[tjic]

First off, if the coroner had indeed provided the system's password, wasn't he the one contravening security policy (if not the law)?

By this logic, if your roommate lends me the key to your storage locker, and I use the key to break in and take your stuff, you're asserting that I've done nothing wrong.

Re:Proof that there's no proof

[1u3hr]

By this logic, if your roommate lends me the key...

Another hokey analogy. If the Coroner did pass on his password as alleged, he's given access to HIS OWN information, though his employers obviously would not like him to have. Analogy? Okay: You're 16 and your 16-year-old girlfriend lets you get to second base. Her father finds out and calls the cops on you -- you say she authorised access; the father says she had no right to.

Chain of evidence

[redelm]

Prosecutors need the HD caches, etc. to discover and prove the identity of the perpetrators. Sure, the victim machine logs will show the IP of the attacker, but how do they turn that into a person to arrest?

Re:Proof that there's no proof

[ErikZ]

Freedom of the press doesn't extend to breaking the law.

Huh. So, the easiest way to kill freedom of the press would be to make a law against it?

Laws are not absolute be-all end-all.

"anonymous"..? sure pal.

[deep44]

How does having saved information prove that the coroner wasn't there using the computers then? What do they get out of this that they didn't already know from reading the webserver logs?

We all know you're from the government lab in Harrisburg, and you're crazy if you think you'll get any free help from us. Do your own legwork for a change, and for god's sake- don't submit this one to "Ask Slashdot"!

Re:Proof that there's no proof

[Technician]

Which is why many newspapers and reporters share the same 'common' logonid and/or share or sync passwords / swap userids (and offices and phones). What if 'guest' accessed the site in question?

You mean like the slashdot community using a shared login and password to read a linked NYT article? It looks like turnabout to me.

Re:Proof that there's no proof

[ArsenneLupin]

Lets hope that newspaper used other than electronic methods.

A tiny USB keyfob can be stuck into an envelope as easily...

Best guess is that they already know the ISP address came from a public terminal,

In which case, the saved data would already have been on an USB stick to begin with (... to bring it back from that cybercafé to the paper's headquarters). And if the reporters were a leetle bit smart, they'd never copied that data from there to the local computer. Then, good luck to the forensic ana

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:There is no freedom to be a reporter

[capt.Hij]

Besides, what they did was a crime and they knew it. Who in their right mind would have accessed a private police network to publish public reports? Gee, you'd think as a reporter that maybe the coroner is setting you up there and you might want to contact the police to get him nailed and not you.

Not only that but anybody who talks to a reporter should know that there is no guarantee that the reporter will not be forced to tell law inforcement their source. When reporters write something down it shou

/. headline is wrong

[MaggieL]

Contrary to the /. headline, Philadelphia did not sieze the four hard drives.

Philadelphia is a city.

Pennsylvania is a commonwealth.

Surprisingly enough, the Pennsylvania Attorney General's Office works for the Commonwealth of Pennsylvania, not the City of Philadelphia. I know it's confusing; after all: they both start with the same letter.

Re:/. headline is wrong

[ortcutt]

Yes. It's an staggeringly idiotic headline. People do sometimes metonymically refer to governments by their location, such as "Washington did this," or "Whitehall did that." But the capital of Pennsylvania is Harrisburg, not Philadelphia.

Re:/. headline is wrong

[ArsenneLupin]

But the capital of Pennsylvania is Harrisburg, not Philadelphia.

My God they nuked Freedom of the Press!

Re:/. headline is wrong

[illtron]

Thank you! I'm glad I'm not the only one to notice.

Re:/. headline is wrong- Not Philadelphia!

[qwertphobia]

Besides, the Intelligencer Journal is a Lancaster newspaper. -NOT- Philadelphia.

While Lancaster isn't that far (90 minute drive on a good day) it's not a Philadelphia subburb.

Of Course

[GnarlyNome]

Contrary to the /. headline, Philadelphia did not sieze the four hard drives.

Philadelphia is a city.

Pennsylvania is a commonwealth.

Surprisingly enough, the Pennsylvania Attorney General's Office works for the Commonwealth of Pennsylvania, not the City of Philadelphia. I know it's confusing; after all: they both start with the same letter.

but then so does Pontiac Plymoth and Ptomaine

This is massive overkill

[99luftballon]

The paper doesn't seem to be denying accessing the site, merely if it had been given permission. The only possible reason for this would be to check who accessed the site using the login and when, something which the government's own server logs should reveal.

The Disconcerting part...

[amcdiarmid]

Is that the AG said that since the Newspaper did not show proof that confidential information exists, the Newspaper has no claim not to have the drives examined. (Say for confidential information about weak security at the police IT department.)

In similar news, I understand that Congress is going to pass a law making it a crime to disclose illegal spying by the government.

Not Exactly

[mosb1000]

"Congress is going to pass a law making it a crime to disclose illegal spying by the government."

Not exactly, they're going to make it a crime to knowingly circulate classified information (such as information about the spying program, which is not necessarily illegal). The idea is that the press should be held accountable for the security breaches they facilitate/encourage.

The claim that the program is illegal is based on the notion that congress did not have enough information about it, and did not grant

Re:Not Exactly

[amcdiarmid]

Not Exactly, the point is that if the "Postulated Illegal Program" is classified, then the bill under consideration will remove whistleblower protection for revealing it.

Not that the bill is in reference to (ahem) *any* particular episode of illegality, but that it would make it illegal to tell about anything illegal.

In such a scenario, MyDepartment of (In)Security could have a project to import drugs from X, to the US, in order to finance MyTerrorist (Freedom Fighter, etc...). Said Drug may have health ef

Re:Not Exactly

[mosb1000]

The only purpose of the law is to allow outside parties to be prosecuted when they knowingly disclose classified information, but outside parties are never whistle-blowers (since they do not have access to the secret information) and they do not always disclose classified information out of a feeling of moral duty. Whistle-blower protections will be the same as before.

First Ammendement....

[ObsessiveMathsFreak]

....what's that?

Re:First Ammendement....

[general_re]

It's the part of the Constitution that doesn't give you blanket immunity for all crimes, the claims of some journalists notwithstanding.

From what I'm reading...

[RagingFuryBlack]

It looks like the state is trying to investigate leaks from inside its offices. Last time I checked, wasn't there some sort of confidentiality/privlage attached when you're an "Unnamed Source" for a paper? Wouldn't this be violating a few people's Constitituinal rights?

Re:From what I'm reading...

[sgant]

Um...no. When talking to a reporter you're not protected in any way. It's not like talking to a lawyer or a doctor...or even a clergyman for that matter. Reporters are threatened all the time with contempt-of-court unless they give up their sources. When was the last time a lawyer was threatened with contempt unless he spilled everything his client told him about a crime? It's privileged. That's protected. Talking to some yahoo who thinks he's the next Woodward & Bernstein from the Washington Post isn't privledged.

Of course, I'm not a lawyer, so I could be totally wrong about all this. Take my advice when I say: "Don't take my advice".

encryption for FSs

[WindBourne]

I wonder how many reporters are using encryption on their Filesystems these days? If they are not, now is the time to start. A bit of a hassle, but maybe less hassle than spending 3 years in prison.

Re:encryption for FSs

[Technician]

I wonder how many reporters are using encryption on their Filesystems these days? If they are not, now is the time to start.

For me, I use a NAS with encryption built in. It's transparant to the end user. The drives won't mount until the encryption key is entered in the NAS web based interface. You can't get to the web based interface unless you log in first. Shutting it down to seize it locks it. Encryption is done in hardware. Removing the drive for analysis will reveal a reiser filesystem which is e

More info, please

[BenEnglishAtHome]

A link for Simple Share NAS would be great, though I'm going to google it as soon as I finish writing this. Also, how strong is the encryption and have there been any administrative issues, flakiness, etc.?

Thanks for the info, btw.

Re:More info, please

[Technician]

A link for Simple Share NAS would be great, though I'm going to google it as soon as I finish writing this. Also, how strong is the encryption and have there been any administrative issues, flakiness, etc.?


The only flakieness I know about is one I did and had to send it in to be recovered. Use share passwords if you are using an encrypted drive. Do not do like I did and make some shares, provide passwords, then create users with user privilages, and then create an encrypted pool. It loops the software an

Re:encryption for FSs

[InsaneGeek]

I wouldn't use the word reporters but more of the word criminals. Should be:

I wonder how many criminals are using encryption on their Filesystems these days? If they are not, now is the time to start. A bit of a hassle, but maybe less hassle than spending 3 years in prison.

As using someone elses password to get to information that you aren't allowed access to is a criminal act, and that is what will get you the three years in prison. Possible concern over source privacy, etc for reporters won't get you i

Re:encryption for FSs

[jesup]

That's fine - until they subpoena the reporter to provide the decryption key, with contempt of court as a whip. 5th amendment doesn't apply if they're investigating someone else's crime. Admittedly, this does put the reporter in the position to block it - potentially at considerable personal cost. And this assumes the encryption/security was done "right" and the password is nowhere to be found on the disk (like in the page file, "suspend" area, etc...)

Can remote 3rd party storage be siezed?

[Morgaine]

One of the lessons in this story is that any organization involved in investigative reporting needs to keep its data systems under heavy cryptographic lock and key. Quite separate from any possible legal wrongdoing on the part of one or more of their reporters, all their other stories and investigations are now severely comprimised by the seizure, as others have pointed out. Their whole business could be at risk because of the ease with which computer equipment can be taken away.

This inevitably brings to mind today's story about Amazon's new storage service. If Lancaster Intelligencer Journal had stored their encrypted records and work files on such a storage service, would Amazon (or Google etc) have got raided and their computers taken away?

Obviously not (I think), but where does the boundary between yes and no actually lie? What if LIJ stored their encrypted data at some small 3rd party outfit?

This whole area is likely to become a tangled quagmire, as well as sadly a legal goldmine.

Re:Can remote 3rd party storage be siezed?

[Red Flayer]

"One of the lessons in this story is that any organization involved in investigative reporting needs to keep its data systems under heavy cryptographic lock and key."

Pointless, since it is illegal to not provide the key when asked by law enforcement who've gotten a warrant for it.

If you are concerned about your data being seized, you're better off having it on a portable storage device that you can either toss or give to someone else for safekeeping if you think the hammer's going to drop on your investigation.

Third parties would have to give up your files if they are prsented with a warrant for them. The key would be to use an offshore storage company, and do all your online activity through an offshore proxy. I'm sure they'll have tons of fun trying to serve a warrant then.

Re:Can remote 3rd party storage be siezed?

[ArsenneLupin]

If each story or each week's work is encrypted using a different key

That would be a hassle to manage. Especially if different stories overlap (i.e. documents relevant to one of them might also relevant to some others)

Re:Can remote 3rd party storage be siezed?

[Red Flayer]

Warrants are not that specific. Warrants can be issued for entire computer systems looking for one tidbit. Law enforcement is only allowed to use the information that is covered by the warrant, but the only way they can verify that you've provided the keys to all the relevant files is to have a blanket warrant for all keys, and then check each file to see if it is relevant.

Same as standard home search warrants -- they don't issue a warrant to just search your sock drawer, because you told them that's the only place you'd keep the contraband they're looking for.

Re:Can remote 3rd party storage be siezed?

[Maximum Prophet]

In the example of Amazon or Google, your files aren't even just one harddrive somewhere, and they are mixed with the data of lots of other people. The data could even concievably be in motion.

If one of those large entities were served with a warrent, how would they prove that that data belonged to you?

So the thing to do, is to encrypt your data with multi-key encryption, so that if The Man askes, you give him the key that decrypts to last week's (published) article, while you keep the key to the real

Someone please smack the author of this article

[porkchop_d_clown]

Philadelphia does not control the Pennsylvania Attorney General and has no authority over Lancaster county - you know, where the Amish live?

Jeez.

Next up, "Rudy Guiliani orders torture of Al-Queda suspect at Gitmo"

For more information...

[mwm158]

Hack into their website.

Re:For more information...

[Technician]

For more information....Hack into their website.

If you can find it. Who knows where the server is right now.

The Land of the Free?

[digitaldc]

Whatever happened to 1st Amendment rights? Should people be afraid of what they write?

They need to contact http://www.firstamendmentcenter.org/ [firstamendmentcenter.org]

Re:The Land of the Free?

[Shihar]

I fail to see how this is a first amendment issue. Nowhere in the first amendment does it say nor even imply that newspapers are immune from following the law.

The issue is this; if they had simply gotten classified information from the coroner in question, they would be a-okay. The coroner is in trouble, but they would be fine. The problem comes in when they try and access the data themselves by logging on AS the coroner. That IS a hacking attempt which is a violation of the law.

Moral of the story? If

I dont get it.

[TenLow]

They're punishing reporters for reporting? If they were given access when they shouldnt have had it, wouldnt it be the fault of the person who gave them access, not them for accessing it?

All I know is this'll sure make a good news story. Oh; wait, nevermind.

Re:I dont get it.

[grimJester]

It's not a question of whose "fault" it was. These aren't kids in a playground. Both providing access and using that access may be crimes. And no, they aren't technically punishing anyone; they're still investigating.

Not that difficult

[Soulfader]

If I'm trying to break into an apartment, and I convince the unscrupulous complex manager to give me a key to get in, the fact that he has violated a trust and abused his authority does not mean that I am guiltless.

Well, yes... and no

[irc.limerick]

What doesn't seem to be passing most people's minds is the fact that this is a criminal investigation, not a civil one. As such, its target will be individuals, not the newspaper itself. If the newspaper is anything normal in this day and age, they lawyered up at first notice, and certainly didn't reveal the individuals within the newspaper who were responsible for the illegal access. As for server logs, they don't prove much. How, for instance, will the logs at the server level produce any compelling e

Re:Well, yes... and no

[guacamolefoo]

How, for instance, will the logs at the server level produce any compelling evidence as to who was physically using the workstations involved?

Circumstantial evidence is sufficient to obtain a criminal conviction in Pennsylvania. The Commonwealth's argument here will be that the circumstantial evidence here is that:
(1)The restricted access website Z was accessed by computer X
(2)Computer X was seized from person Y
(3)Computer X was issued to and used by person Y
(4)Details accessed through Computer X appeared i

Sensitive data - unencrypted - too bad

[DrSkwid]

It really isn't hard to keep your sensitive data safe from the first order of inspection.

One can bleat that the jack boots are calling but don't start whining because your data protection measures are unsound.

With sloppiness like that, what damage a laptop in the hands of a mole.

TrueCrypt

[HangingChad]

Pretty sad when newspapers in this country have to start worrying about encrypting their source data. Welcome to Republican Amerika, formerly known as the land of the free.

The lesson Learned here kids?

[Lumpy]

I think the biggest lesson here is that ALL your files that are important or private MUST be encrypted on your computer. Because the federalies will come looking through them sooner or later. Using a encryption system that gives you plausable deniability like True Crypt is a better choice as you can lead them astray. you can give them a fake password that lets them into the encrypted file but only gives up worthless information keeping the secure documents hidden.

Finally, with today's fervor over terrorism it's best for you to not write anything down, record nothing and deny, deny, deny.

Re:The lesson Learned here kids?

[Red Flayer]

"Finally, with today's fervor over terrorism it's best for you to not write anything down, record nothing and deny, deny, deny."

If you don't use the information you have, then the anti-terrorist fascists win.

Not writing anything down and not recording anything mean that you are effectively silent to everyone that you don't have personal physical contact with. Thanks for volunteering to have your voice taken away, you are a good little dissenting citizen.

Re:The lesson Learned here kids?

[StormReaver]

"I think the biggest lesson here is that ALL your files that are important or private MUST be encrypted on your computer."

I think the bigger lesson here is to not go poking through private networks. Only the owner of the network (or its authorized proxies) can give permission to 3rd parties to access that network. Even if the Coroner had given the newspaper his password, the Coroner is not authorized to grant network access to 3rd parties.

The freedom of the press only exists to the extent that the press i

Re:The lesson Learned here kids?

[blackest_k]

I wonder is it practical to use the spare space on a block for data?

perhaps with a 32k cluster size a dummy file might use 3k leaving 29k free for encrypted data if you had the program to access and decript the free space on a usb key say you could have potentially a very secure system especially if the key could be overwritten if the wrong password was entered.
the hd would look clean the key might even just monitor a key sequence without even offering a prompt.

or perhaps the key might be a jpg that would need to be copied to a specific location on the harddrive. probably needs to be automatically erased once access has been granted

just a thought :)

there must be ways and means

Practical? yes...

[JetScootr]

cuz disk space is so cheap, and privacy is so valuable.

Wave bye bye.

[Raven42rac]

To freedom of the press.

Am I missing something???

[00Dan]

I keep reading people write "Freedom of the press" like that trumps any illegal activity. Am I missing something here? A couple reporters gets the username/password of the local coroner (with or without his knowledge is in debate right now) and proceed to access a restricted web site. How is this not illegal?

Is a reporter allowed to run red lights? Can they break into the mayors office to rummage thru his files? How is this any different???

/and on the subject of server logs... This is slashdot, I thought you guys knew better. Even if you track the IP back to the newspaper, all that says is someone connected to that IP accesssed the system, not which system behind the firewall it was (and do they have free wireless in their lobby?)

Yes, you are missing something

[JetScootr]

It's called "probable cause" to believe that an entity (the paper) was involved in the crime. The state can not know whether the newspaper's computers were also used illegally as the state is claiming the coroner's password was. I can easily guess that some hacker that got the password might also hack some news corp's site that had weak security. Why? Cuz anyone would know that the state will (or should) use extra care when kicking in the doors of the press.

Something else you're missing is called "Innoce

Website

[mach-5]

Our sleepy little town made slashdot...wow!

Here's the paper's website. Nothing is mentioned about it there.

http://lancasteronline.com/index.php [lancasteronline.com]

Journalism or Lack Thereof

[rtblmyazz]

When did Philadelphia take over the rest of Pennsylvania and rename it?

The state of Philadelphia should sieze the hard drives of the Slashdot Editors for lousy journalism.

Two ways to look at it

[Billosaur]

On the one hand:

"This is horrifying, an editor's worst nightmare," said Lucy Dalglish, executive director of the Reporters Committee for Freedom of the Press in Washington. "For the government to actually physically have those hard drives from a newsroom is amazing. I'm just flabbergasted to hear of this."

We have the potential for confidential sources and other non-related data to be exposed to the light of day. On the other hand:

The grand jury is investigating whether the Lancaster County coroner gave reporters for the Lancaster Intelligencer Journal his password to a restricted law enforcement Web site. The site contained nonpublic details of local crimes. The newspaper allegedly used some of those details in articles.

If the reporters used the Web site without authorization, officials say, they may have committed a crime.

We have reporters, eager to scoop the competition to drive up circulation by exposing little know details of crimes, committing a crime themselves in cahoots with the coroner, who must have been getting something out of the deal.

Either way you cut it, it's a legal quagmire and a constitutional nightmare.

First of all it's Lancaster PA not Philadelphia

[cybrthng]

The Lancaster Intelligencer Journal is based in lancaster which is an hour west of Philadelphia. The Philly Jounal is just reporting the issue.

Besides that all of the news papers our here are just conservative media outlets so it's fun to watch them "eat there own".. bowing down under corporate pressure to be eatin alive by others and finally chewed up and spit out by a hungry DA working for another. gotta love it.

Whose computers are they?

[EdMcMan]

I thought this was interesting, since the Intelligencer Journal's HQ is about 2 miles from my house. Anyway, it sounds more like the reporter's computers were stolen, rather than Intelligencer Journal's.

State agents raided Kirchner's home outside Lancaster last month and took computers, he said. He said he had had no other contact with authorities since.

I can see the issue of having confidential secrets being found by the government, but at the same time being in the press does not absolve you from having evidence collected on you. The best thing the government can do is find a 3rd party to do the evidence collection (that is trusted by both sides).

Another (better) story on the same topic

[guacamolefoo]

The following link is from the Lancaster papers' website. It has greater detail on the case and more information about what Judge Feudale actually authorized, which was a relatively limited search and in camera review of the findings prior to allowing them to be turned over to the Commonwealth.

http://local.lancasteronline.com/4/21327 [lancasteronline.com]

In addition, the Lancaster papers' attorney failed to secure any witness or provide any testimony that could demonstrate that the computer forensics work could be done in the newspapers' offices as opposed to taking the drives to the AG's forensics lab. You have to at least put up a fight to win. I think that the attorney for the paper knows bupkis about technology and he was completely unprepared to fight the subpoena on that basis. It's an example of having the wrong lawyer and being outgunned by people who specialize in this sort of criminal prosecution.

I suspect also, having read the bio of the attorney (George C. Werner) on his firm's (Barley Snyder) website (http://www.barley.com/attorney/bios/bio.cfm?attor neyID=24 [barley.com]) that he knows bupkis about criminal law. Barley Snyder attorneys are usually pretty sharp folks, but they are not who I would select for this sort of case, either for the newspaper company or the journalists in the underlying criminal case.

GF.