I originally wrote this in April 2011 as feedback to this article in PC World.
Even this reprint appeared before Edward Snowden broke similar news.
The article linked above begins with these words:
Law enforcement organizations are making tens of thousands of requests for private electronic information from companies such as Sprint, Facebook and AOL.
Police and other agencies have “enthusiastically embraced” asking for e-mail, instant messages and mobile-phone location data.
Intercepting and reading private communica- tions has no ethical leg to stand on, especially when initiated by a police force. It suggests that personal email (or data written to a disk) should have less protection than private thought. Personal communications must be rendered off limits to interlopers. I say “rendered” rather than legislated, because technology exits to foil overzealous acts of law enforcement. In security consulting, I rarely help courts to glean information that the author believed to be private. Applying forensic skills in this way puts blood on the hands of good technicians. (Quite literally, it had better involve a murder or bomb threat). Instead, I am more likely to help individuals and organizations confound any attempt to reconstruct, trace or decode information, including content, history, ownership, origin, transfer (including asset transfer) or digital fingerprints.
I call this practice “Antiforensics”. More like-minded privacy advocates are heading in this direction. In almost every case that forensics is employed without consent of the creator or archivist (i.e. the person being investigated), the practice is unethical. I would never claim that the field lacks all legitimate purpose, but it is too often used by courts concerned with porn, drugs, your marriage, disputes between corporations, or the money in your mattress. At the drop of a hat, a forensic specialist will roll over and sing like a jay bird for any court in the land. Must we sell out? Where does basic privacy fit into the picture?
Cryptography and stenography not only belong in the hands of every human (Thank you, Philip Zimmerman), they should be inherent in every email, fax and phone conversation. They should be part of private communication and every save-to-disk. If “The Man” has a compelling reason to catch you with your pants down, he should have both a court order and a good gumshoe. One who resorts to conventional means at either end of the communication, rather than mining for data at a nexus in New Jersey (AT&T) or Virginia (NSA).
As a security specialist for almost 30 years, I have seen “forensics” destroy families, lives and laudable civil movements. The art of a 3rd party using forensics for the improvement of society is far less prevalent than forensic activities that interfere with personal or political freedoms.
The spirit of prophylactic and preemptive antiforensics is embodied at Fungible.net, a data recovery lab in New England.* Mouse over the red words “Forensics” and “Security”. The lab uses the most sophisticated forensic tools, but they won’t sell out to a court unless someone has targeted the president.
Am I in the minority, practicing “anti-forensics” with zeal and passion? My concern for privacy (before and during an investigation) exceeds my allegiance to political jurisdiction.
How about you? Give us your opinion about antiforensics. —Ellery Davies
Ellery Davies clarifies law and public policy. He is a privacy champion, antiforensics expert, columnist to tech publications and inventor or Blind Signaling and Response. Here at A Wild Duck, Ellery dabbles in economics and law.
* Fungible.net is a data recovery service. But they also host Ellery’s Wild Duck blog.