Will the Real Criminal Please Stand Up?

By Carole Fennelly, ITworld |  Opinion

Computer crimes present a monumental challenge to legal systems
worldwide. Charged with administering justice, the courts generally do
not understand the complicated technical evidence required to
conclusively prove guilt in a computer crime. Meanwhile, law
enforcement agencies advocate stiffer penalties and prosecutors employ
hacker stereotyping rather than hard evidence to sway juries.

Recently, the UK approved legislation equating computer crimes with
terrorism
(http://www.cnn.com/2001/TECH/internet/02/20/hackers.terrorists.idg/inde
x.html). Hence forth, electronic vandals are on the same level as
people who consciously murder children in the name of a "cause". A
pretty harsh characterization, but one that makes it all the more
critical that we ensure justice is properly served. Sadly, the legal
system remains incapable of understanding technical evidence. My recent
involvement in a trial of an accused computer criminal made this point
quite clear.

Try explaining computer science to your grandmother sometime? She will
seem easy compared to a court. Reading through the trial's transcripts,
I noticed some confusion concerning the legality of portscanning. The
transcripts showed someone stating that it, "...can be done
legitimately and not legitimately." If you remember nothing else, then
remember this: A portscan is not an attack! A portscan equates to
walking down the street and checking for open doors and windows. Sure,
it can indicate that someone is "casing the joint", but a portscan in
and of itself is harmless. The prosecution made much ado about the
defendant possessing portscanning tools and using them in the past
(gasp!). Now remember, portscanning is not a crime; however, it was
used to establish the defendant's state-of-mind, intent, and ability to
attack computers. Factors such as this take center stage when the
prosecution relies largely on circumstantial evidence.

Evidence is defined as direct proof of a fact or circumstantial -- an
inference made by the jury based on experience and logic. Jurors are
asked to used their common sense in evaluating a case. A recent Florida
case saw a teacher file Federal wiretapping charges against a student
for taping a lecture without the teacher's express consent
(http://www.cnn.com/2001/LAW/02/28/recording.charge.01.ap/index.html).
Fortunately, the prosecutor's common sense and experience kept this
ridiculous case from trial. Well, most juries *have* no experience in
computer forensics, so how can they fairly evaluate circumstantial
evidence?

The average person's computer science knowledge likens to an 18th
century farmer's physics knowledge. For most people, science is
indistinguishable from magic (a prime reason the Inquisition persecuted
so many scientists).

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

Ask a Question
randomness