A Critical (Legal) View of Forensic Computing Dr. Bernd Carsten Stahl1 1
Centre for Computing and Social Responsibility De Montfort University, Leicester, LE1 9BH, UK
[email protected]
Abstract Forensic Computing is a relatively new academic discipline that in its current form seems very much geared towards the production of professionals who are likely to be active in law enforcement. It is generally predicated on the idea that computers can be misused for criminal purposes and such activities need to be prosecuted. For such prosecution technical expertise in computer forensics is required. This paper will develop an alternative narrative. Based on some thoughts developed in critical research, it sets out to develop a framework of critical issues that could be expected in forensic computing. The emphasis will be on the concepts of ideology, capitalism and reification. The paper will bring forward some thoughts that suggest that forensic computing practitioners should develop sensitivity to such ideas. Neglecting to do so can jeopardise the moral legitimacy of the field and thus threaten its success as a social institution.
1. Introduction Crime is ubiquitous, so are computers, and, consequentially, so is computer crime. Computers and other information and communication technologies (ICTs) can be used as tools of conventional crime and they may lend themselves to qualitatively new crime as well. We increasingly feel threatened, on an individual and social level, by criminal activities. These are committed by individual criminals, organised crime, and terrorists. In order to address these threats we need individuals who are capable of tracing electronic activities, securing technology and supporting prosecution of computer criminals. Such individuals are experts in the field of the forensic computing (FC). Forensic computing is thus an important tool in the legal and legitimate fight against the dark forces who jeopardise our collective aims and individual good lives. Or is it? The opening paragraph paints a maybe somewhat simplified picture of the public perception of FC. It probably represents the view of a considerable number of the
students who sign on to Forensic Computing degrees. This simplified view blends out all the usual legal disputes as well as social questions related to the emerging field of discipline of forensic computing. It arguably does not do justice to the complexity of an academic discipline and a field of practice. Worse, it helps blend out specific interests that shape the field of FC and renders natural and objective what is probably better described as the outcome of political and social struggles. In this paper I will use the critical tradition to shed a different light on Forensic Computing. Critical research, very briefly, aims to change social reality and facilitate emancipation. The main aim of this work is to identify how perceptions of FC are shaped and what agents have influence on the language used in FC. Of particular interest is the question of the influence of ideology and hegemony on FC. This is linked to the observation of linguistic devices that shape the perception and reality of the field. In order to explore these issues, I will concentrate on the use of the law within FC. Questions will include the description of the role of the law within FC, current legal controversies and their impact on debates in FC.
2. Conceptual Foundations: Forensic Computing and Critical Research This section will lay the conceptual foundations of the subsequent discussions.
2.1 Forensic Computing Since the subject of this paper is the still developing field of forensic computing, the logical starting point is a description of what FC is and which problems are currently debated in the literature. Given that the field is young, most concepts are still very much in flux. In this paper I will continue to use the term "forensic computing" (or FC) even though the literature knows other terms such as computer forensics or digital forensics. There may be legitimate differences between these but they are not sufficiently pronounced and wide-spread to warrant a conceptual distinction. A first approximation to the topic could be the one suggested by Wall & Paroff [24, p. 1] who define FC as the "“who, what, when, and how” of electronic evidence". Its purpose is to reconstruct events, focusing on the computer-based conduct of individuals or groups. Mitrakas & Zaitch [12, p. 269] capture this by defining FC as "the analysis of data processing equipment such as a computer, a network, and others to determine whether that equipment has been used for illegal or unauthorized purposes." Mumford concentrates on the purpose of FC as a means of law enforcement. In her view, FC is the "analysis of computer data with a view to its presentation in a court of law as admissible evidence" [13, p. 160]. In order to render the concept approachable, some authors use the analogy and historical precedent [25] of established forensic science such as odontology, structural engineering, pathology, serology etc. to show that FC is an equivalent application of computing sciences to legal questions, in particular to detect, collect, and analyse evidence with a view to its admissibility in legal proceedings. FC then "refers to the tools and techniques to recover, preserve, and examine data stored or
transmitted in binary form" [7, p. 8]. As the name suggests, FC is focused on the use of computers and the evidence their use can result in. However, it is difficult to distinguish between computers and other sorts of information and communication technology (ICT) due to the increasing convergence of different technologies. FC is thus often held to include questions of evidence in digital form in general, thus including such devices as personal digital assistants (PDAs) or mobile phones [14]. This inclusion of different technologies leads to problems as some technologies or aspects of them are well established (e.g. the collection of evidence from hard drives) whereas others pose new problems (e.g. the collection of evidence from life networks). Some authors consequentially suggest distinguishing between computer and network forensics [10] and other such splits are imaginable. For the purposes of this paper such issues are secondary and I will thus continue to use the term "forensic computing".
2.2
Critical Research
The second fundamental concept to be discussed here is 'critical research'. This is somewhat problematic because the word 'critical' can mean any number of different things and critical research can thus stand for a broad variety of research approaches. However, there is arguably an identifiable research tradition, at least in Europe, which has distinctive features and which is typically called 'critical'. Very briefly, this type of critical research (or critical theory) stands for the attempt to emancipate humans, to overcome oppression and alienation. Its roots can be traced back to Antiquity [5] but its main origins are in the era of industrialisation. The foundational texts of critical research are Marx's critique of capitalism. Developments of Marxist work, in particular the "Frankfurt School" of social research are the most prominent representatives of critical thought. This ranges from the original members such as Adorno, Horkheimer, Marcuse et al. to current members including Apel, Habermas, and Honneth. Currently there are other theoretical discourses that are counted among the reference theories of critical scholarship. These include poststructuralism, postcolonialism, and postmodernism, to name a few. The breadth of critical research, which in many cases has moved away from Marxist thoughts, is such that it is difficult to clearly define. I will nevertheless try to do so by drawing on two streams of discourse that affect forensic computing. With regards to FC, there are at least two traditions of critical scholarship that can usefully be applied: Critical Research in Information Systems (CRIS) and Critical Legal Studies (CLS). There is no space here to go into any detail with regards to either of these theoretical constructs. For a more in-depth discussion see [22]. I will just highlight some of the main issues typical of these two approaches. Fundamentally, CRIS and CLS are quite similar in outlook and background. Both position themselves in the critical tradition. They are similar in their rejection of prevailing orthodoxy, whether it is positivist IS research in the case of CRIS or black letter law in the case of CLS. They consciously aim to break with tradition and deconstruct current practices in academia and beyond. Crucially, they
renounce all claims to objectivity and value-neutrality that the respective orthodoxy in their fields assert. Instead of being neutral, partisans of CRIS and CLS underline that they take a particular position and that this position is characterised by its rejection of current social practices. At their core, both promote the idea of emancipation despite the shared knowledge that it may be epistemologically impossible to find out what emancipation is exactly and whether it has been achieved. Much of the critical enterprise is driven by the intuitive belief that current liberal society is not perfect, and, moreover, that its claims and realities are contradictory. Criticalists of both streams of research thus are combined in their desire to investigate and address issues and problems that have relevance for social change and the furthering of emancipation. Both heavily emphasise the importance of power in social relationships, be it promoted and encapsulated by technology or by legal processes. A central concern is that of inequality, its existence and justification. Due to their shared theoretical background in critical theory, CRIS and CLS are also similar in philosophical outlook. Both are based on a view of the world that emphasises the importance of language and share a general social constructivist ontology. They emphasise the importance of history in understanding concrete social situations and consequently share a scepticism of narrow empiricist social research. Both are arguably ethically motivated, even though the discussion of the ethical positions implied in the critical stance is generally rather brief.
3.
A Critical Analysis of Forensic Computing
Forensic Computing is framed to some degree by the law and it is typically meant to support enforcement of the law. However, FC is much more than a mere law enforcement tool. It is a social practice that has its own dynamics, that interacts with many parts of society, and that plays a role in how society views and uses technology. In this section, I will present several possible avenues for a critical analysis of FC, following some of the classic topics of critical theory.
3.1
Ideology
A useful starting point of the critical analysis is the concept of ideology. Ideology stands for a one-sided perception of the world which is usually taken to be the only and natural way of perceiving things. To some degree, the entire instrumental view of FC, which pervades much of the literature, has an ideological angle. FC is meant to create security or at least apprehend criminals. This leads to a hardening of what society perceives to be normal and abnormal and thus to a perpetuation of current, often arguably unjust practices [18]. At the same time, FC ideology furthers the invisibility of important issues, which apparently play no role in this area. Questions of justice, crime and social status are often linked with race, class and gender, to name just a few. These issues are rarely, if ever, discussed in FC literature, which tends to use an objective and positivist approach to reality. An
obvious example of this rendering invisible of important issue is that of gender [1]. FC is often seen as part of computing, a classical "male" subject. Student numbers are highly uneven, with men outnumbering women. Some of the most visible crimes, such as child pornography are also offences committed predominantly by men. And yet, the academic literature on FC does not even consider gender an important issue. Another form of ideology prevalent in FC is hidden in the populist and conservative background assumptions that accompany it. Many of the central FC issues are capable of raising high emotional involvement, most notably child porn, but also other such as hacking, viruses or security [15]. Clearly, all such issues are complex in their own right. However, the context of the FC field as well as some of its practitioners have a tendency of simplifying them unduly. There are numerous examples of metaphorical use of language that hides such populist views before. These include the inappropriate description of self-replicating programs as "viruses" or the similarly inappropriate description of unauthorised copying as "piracy". This populism is linked with a general lack of evidence to support certain views. An example of this might be the wide-spread use of CCTV cameras throughout the UK, for which there is little evidence to suggest that it achieves its aims (which are themselves often not clearly defined) [4]. This is tied in with a general conservativism of the law. Legal regulations are usually meant to stabilise social structures and are thus by definition conservative. This does not rule out progressive legislation, but the overall thrust of the law is arguably conservative. And this is not necessarily a bad thing. One should just acknowledge that this is an aspect of the law in general, and arguably even more pronounced in a Common Law system, where judges are reluctant to develop the law in relatively contentious areas such as privacy [19]. Such conservativism may serve as an explanation why there seems to be a general trend towards increasing sanctions and why suggestions to abolish prison sentences as punishment [3] appear radical. The conservative basis of legal development has also been observed with regards to the development of regulations of technology, which then could have an influence on other areas such as intellectual property [8]. Dominant ideology draws from but also perpetuates traditional morality. While critical theory arguably has a strong ethical background, it has always been highly critical of established morality [6]. Again, traditional morality is not necessarily a bad thing but by turning it into an ideological background assumption it is removed from scrutiny and can become problematic. The prime example here is probably child porn and the way FC is seen as a tool to prosecute paedophiles, or to put it in the words of one current DMU FC student, to "lock away all the weirdos". FC can be used as a tool to link individuals with real or imagined offences, which have the potential to destroy those individuals. There is sufficient anecdotal of this happening. Moreover, there are severe inconsistencies in the law concerning child pornography. While the legal age of consent is 16, indecent images of children are defined up to the age of 18. As a consequence one could legally have sex with a minor of 17 but would commit an offence if one were to take a picture of this,
which is counterintuitive. There is, furthermore the culturally relative aspect of this arbitrary age limit. Marriage with 14 year old girls used to be deemed acceptable in most of Europe not too long ago and there are still large areas of the world where this is the case. This, too, is not a fundamental problem and one could make the argument that such protective legislation is a sign of progressive awareness on the side of the legislature. The problem arises for FC where such contested terrain has become the "most important testing ground for new techniques in computerassisted investigations"[20 p. 176]. FC professionals who go through a predominantly technical training and who are usually unaware of the finer points of debate can thus contribute to the hardening of ideological social constructs.
3.2
Capitalism
Another great topic of critical thought that can be applied to a range of questions in FC is that of capitalism. This topic is closely related to Marxist critique of capitalist society but one does not have to be a Marxist to observe and critique some aspects of the way in which the socio-economic constitution of modern western societies acquires an undue influence over others. A central concept in this context is that of class. One can make a very similar argument with regards to class as the one regarding gender that I outlined above. Class is arguably an important component of crime in general and of computer crime in particular. Class interests shape our perception of right and wrong and are deeply embedded in existing ideologies. At the same time, considerations of class are generally non-existent in public discourse as well as research on FC. Mansell et al [11] describe class and gender as two of the main mechanisms of oppression in modern society. One aspect of this is that capitalist societies tend to be patriarchical which leads to a mutual support of oppressing mechanisms. FC does not cause such wellestablished problems, by rendering them invisible and serving the interests of the privileged, it can become a powerful tool to perpetuate them. The capitalist constitution of society has further potential consequences for FC. One issue is that of commodification. This is a term that has long been used to denote the process of turning something that was not to be traded into a commodity which can be subject of commercial exchange. Marx famously described human labour using the term. For him, labour is something intrinsic to human beings and only under a capitalist can a labourer be forced to view himself as a commodity, something to be bought and sold. There is certainly evidence of this happening on an increasing scale throughout the educational system, including higher education. The issue is not confined to FC but it is quite pronounced here given the professional nature of FC and the fact that FC roles are quite clearly specified (at least when compared with other subjects, such as classical humanities subjects). Consequently FC education very much revolves around transmission of skills for the purpose of enabling FC professionals to fulfil certain roles [25]. Such narrow thinking in terms of employability and immediate usefulness has implication for the type of subjects that are taught and for the way in which they are taught. Critical considerations, such as the ones voiced here, have little place in this.
Commodification goes beyond issues of jobs and employability. In general, one can use the term to describe anything that has been turned into a commodity. With regards to ICT, things like ideas, entertainment, etc. come to mind. Before the advent of ICT it would not have been useful to consider the intellectual creations of artists or programmers as commodities. They could be bought and sold, but the commodity would have been the book, the punch cards, or the LP which contained creative invention. This has changed due to ICT and many of the problems concerning intellectual property outlined above can be explained with reference to this process of commodification. The increase of punishment and the rendering of some offences as criminal offences in copyright show clearly that the commodification of IP has opened the door for influence on legal processes which have strengthened the traditional property right holders [17]. Copyright law has consequently changed its nature substantially and despite massive opposition to this has managed to entrench established positions [16, 23]. A similar process of commodification can be observed in the area of privacy. There is much debate about privacy, what it is, why we value it, and how it can be weighted with regards to other rights, interests, or values. Privacy seems to be the most widely debated issue of the information society. While there is a multiplicity of positions, and despite the fact that privacy has been recognised as a human right in Article 8 of the European Convention of Human Rights, which has become national law in the Human Rights Act 1998, one can also observe an increasing commodification of privacy. There are some who suggest that the commodication of privacy is a good thing because it will allow for a better protection of privacy in the current legal regime [8]. This is a somewhat shaky argument and it could allow for the conclusion that all human rights should be made commodities so that established commercial law could be used to protect them. Beyond this, however, there are signs that privacy is becoming commodified. Elsewhere [21] I have argued in more depth how this commodification can be explained and have offered empirical support of this fact. Again, FC is not the root cause of these developments but issues of privacy figure highly on the agenda of FC professionals. The commodification of individual rights is particularly problematic in FC because it could open the door for economic cost benefit analyses which may infringe on fundamental and human rights.
3.3
Reification
A concept related to commodification and also of central importance for FC is that of reification. Reification stands for the process of a social construct being classified as a "thing" (Lating, res) and thus a piece of nature. Reification is thus closely related to ideology and one of the main means of the reproduction of ideology. The already mentioned critical topic of gender is typically treated in terms of reification where the "nature" of women become a piece of external nature, thus a thing, which is removed from scrutiny. Reification is also usually a precondition of commodification. In order to become a commodity, an entity must first become a tradeable thing. Questions of reification have to do with the nature of things, of reality, of being, and are thus directly linked to ontology or metaphysics as the philosophical discipline that deals with being. I have said
nothing so far concerning the ontology of critical research, partly because there is little agreement. However, most contemporary critical research follows some sort of social constructivism that recognises nevertheless that there are hard social facts (established constructs) that individuals as well as society accept and find difficult to change. The problem with FC in this respect is that most of it comes from disciplines in which some form or other of positivism is the norm, which typically implies a more or less simplistic ontological realism as corresponding ontology. This means that most FC professionals are socialised in a system that believes that reality exists independent of the observer and that can be observed from an independent point of view. Truth is then established by propositions that correspond to external reality. Such ontological realism and the resulting correspondence theory of truth have always been contested in philosophy. They nevertheless constitute what Husserl termed the "natural attitude", which is what most of us are brought up in and what the public generally accepts. In FC this then means that there is a specific fact with regards to digital evidence out there and that, by following the right procedures, one can discover this truth and describe it objectively and unambiguously. Caloyannides [2] points to one of the problems this can cause when judges and juries see digital data as inherently unalterable, when the opposite is the case. This becomes especially problematic if the FC professionals who present this data as evidence in a court of law is of a positivist persuasion and uses this background to describe facts that should be open to further scrutiny. Another problem related to reification is that of the prevailing view of technology. In a non-critical usually positivist view of the world, technology is an unproblematic tool that can be used for the desired purposes without further influence on the purposes. Furthermore, technology can be created for particular reasons and it can be used to modify human behaviour in predictable ways. Such a view of technology is often called "technological determinism" and it has been widely criticised in the philosophy of technology. Technological determinism hides the social side of technology, which has been amply demonstrated by the research programmes of Science and Technology Studies, the Social Shaping of Technology, Actor-Network Theory and others. The danger for FC that arises from technological determinism is that a blind reliance on technological tools may lead to an inability to notice social structures, individual properties, exceptional circumstances or other factors that should be considered. Again, the problems is by no means confined to FC, but given the immense influence FC can have on individuals who are subjected to its scrutiny, it stands to reason that such considerations should be at the forefront of the profession, when, in fact, they are all but ignored.
4.
Conclusion
Much of this analysis presented in this paper is, as the name suggests, critical of FC. This should not be misunderstood as implying that I have fundamental misgivings about the subject. Every society requires rules and these rules need to
be enforced. In our current society we generally agree that the rule of law is better than most alternatives. We therefore require mechanisms that allow the rule of law to be instituted in acceptable ways and an important aspect of this is the provision of acceptable evidence. This is where FC finds its justification. While some critical scholars might find the entire social system in which FC is active unjustified, I think that most current criticalists are less radical and more interested in pointing out the weaknesses of the system with the aim of overcoming them, rather than overcoming the entire system. The current study should be read in this light. The arguments I have developed above are meant to provide a framework that will allow for a more comprehensive understanding and critique of FC than the discipline-based ones are likely to give. Many of the issues raised here have an empirical component and would require further empirical research to be supported. Whether, for example, the capitalist framework and the reification of human labour really leads to FC professionals to view others, including defendants as mere means for their own ends, is at least partly an empirical question. It is beyond the scope of this paper to investigate such issues further. The purpose was instead to show that critical arguments can be made and that they are coherent and point to possible problems that FC should address in order to retain its ethical legitimacy. Maybe a step back from the immediate daily worries can help. Most social systems are created and maintained for some purpose. This purpose typically goes beyond narrow confinements and follows some larger objective. In the end, the aim of institutions in modern democratic societies tends to be to facilitate a free and equitable existence of their citizens. Social institutions should be measured according to whether they contribute to this aim or not. Critical reasoning aims to question the underlying consensus and the things we take for granted and to ask whether, on the basis of such a wider understanding, social constructs and institutions are desirable. If, by raising questions from a different perspective, critical research can contribute to the aim of creating a better and more just society, then it will arguably have fulfilled its self-professed goal of furthering individual and collective emancipation. Given the novel and rapidly changing nature of FC, such a critical evaluation of the field is necessary to ensure that it can fulfil its aim of contributing to a better and more just society.
References 1. 2.
3.
Adam, Alison (2005): Gender, Ethics and Information Technology. Basingstoke: Palgrave McMillan Caloyannides, Michael A. (2006): Digital "Evidence" is Often Evidence of Nothing. In: Kanellis, Panagiotis; Kiountouzis, Evangelos; Kolokotronis, Nicholas & Martakos, Drakoulis (eds.) (2006): Digital Crime and Forensic Science in Cyberspace. Hershey PA: Idea Group: 334 - 339 Doyle, James F. (1997): A Radical Critique of Criminal Punishment. In: Griffin, Stephen M. & Moffat, Robert C. L. (eds): Radical Critiques of the Law. Kansas: University Press of Kansas: 253 - 272
4. 5. 6.
7. 8. 9. 10.
11. 12.
13. 14.
15. 16. 17. 18.
19. 20. 21.
22.
Goold, Benjamin J. (2004): CCTV and Policing: Public Area Surveillance and Police Practices in Britain. Oxford: Oxford University Press Harvey, Lee (1990): Critical Social Research. London: Unwin Hyman Horkheimer, Max (1992/1936): Autorität und Famile. In: Horkheimer, Max (1992): Traditionelle und kritische Theorie. Frankfurt a.M.: Fischer: 123 – 204 Kenneally, Erin (2002): Computer Forensics: Beyond the Buzzword. In: ;login: (27:4): 8 - 11 Lessig, Lawrence (2001): The Future of Ideas - the Fate of the Commons in a Connected World. New York: Vintage Lessig, Lawrence (1999): Code and Other Laws of Cyberspace. New York: Basic Books Malinowski, Christopher (2006): Training the Cyber Investigator. In: Kanellis, Panagiotis; Kiountouzis, Evangelos; Kolokotronis, Nicholas & Martakos, Drakoulis (eds.) (2006): Digital Crime and Forensic Science in Cyberspace. Hershey PA: Idea Group: 311 - 333 Mansell, Wade; Meteyard, Belinda & Thomson, Alan (1999): A Critical Introduction to Law. 2nd edition London: Cavendish Publishing Mitrakas, Andreas & Zaitch, Damian (2006): Law, Cyber Crime and Digital Forensics: Trailing Digital Suspects. In: Kanellis, Panagiotis; Kiountouzis, Evangelos; Kolokotronis, Nicholas & Martakos, Drakoulis (eds.) (2006): Digital Crime and Forensic Science in Cyberspace. Hershey PA: Idea Group: 267 - 290 Mumford, Enid (1999): Dangerous Decisions - Problem Solving in Tomorrow's World. New York: Kluwer Academic / Plenum Publishing Myers, Matthew & Rogers, Marc (2004): Computer Forensics: The Need for Standardization and Certification. In: International Journal of Digital Evidence (3:2): 1 - 11 Nissenbaum, Helen (2005): Where Computer Security Meets National Security. In: Ethics and Information Technology (7:2): 61 - 73 Phillips, Jeremy & Firth, Alison (2001): Introduction to Intellectual Property Law. Fourth Edition London: Butterworths LexisNexis Poster, Mark (2001): What's the Matter with the Internet. Minnesota: University of Minnesota Press Poullet, Yves (2004): The Fight against Crime and/or the Protection of Privacy: A Thorny Debate! In: International Review of Law, Computers & Technology (18:2): 251 - 273 Singh, Rabinder & Strachan, James (2002): The Right to Privacy in English Law. In: European Human Rights Law Review 2: 129 - 161 Sommer, Peter (2002): Evidence in Internet Paedophilia Cases. In: Computer and Telecommunications Law Review 8: 176 - 184 Stahl, Bernd Carsten (2007a): Privacy and Security as Ideology. In: IEEE Technology and Society, special issue on "Usable Security and Privacy", edited by L. Jean Camp: 35 – 45 Stahl, BC (2007b). Prolegomena to a Critical Investigation of Forensic Computing. Unpublished LLM dissertation at De Montfort University, Leicester, UK
23. Stahl, Bernd Carsten (2007c): Positivism or Non-Positivism – Tertium Non Datur: A Critique of Philosophical Syncretism in IS Research In: Kishore, Rajiv; Ramesh, Ram and Sharman, Raj (eds.): Ontologies: A Handbook of Principles, Concepts and Applications in Information Systems. Springer, New York: 115 - 142 24. Van Caenegem, William (2003): Intellectual Property Law and the Idea of Progress. In: Intellectual Property Quarterly 3: 237 - 256 25. Wall, Christopher & Paroff, Jason (2005): Cracking the Computer Forensics Mystery. In: The Computer & Internet Lawyer (22:4): 1 – 6 26. Yasinsac, Alec; Erbacher, RobertF.; Marks, Donald G.; Pollitt, Mark M. & Sommer, Peter M. (2003): Computer Forensics Education. In: IEEE Security & Privacy (1:4): 15 - 23
