Privacy Issues: March 2007 Archives

This coverage from colleague, Anne. P. Mitchess, Esq., President of the Institute for Spam and Internet Public Policy (ISIPP) on the Melanie McGuire and Google search case caught my eye. It was a matter of time before search histories come back to haunt...and this leaves me further worried about the insecure state of PCs and malware's ability to upload "at-will" into infected PCs. Think "extortionware"- we covered the concept at RSA Conference 2007.

Anne writes...

Melanie McGuire is currently on trial for the murder of her husband, William McGuire. And while many people now know that your Google and other search engine searches can be discovered, apparently back in 2004, Melanie McGuire did not. For among the searches that the prosecution has found on her computers - searches which she conducted on the days leading up to the murder - were searches for "instant poisons", "undetectable poisons", and "fatal digoxin doses." And while those alone don't necessarily prove intent, another search, "how to commit murder" is pretty unambiguous.

But the crown search in the state?s case against Melanie McGuire may be that Melanie also performed searches about gun laws in New Jersey and Pennsylvania. William McGuire was indeed murdered with a gun which, the state claims, Melanie purchased in Pennsylvania.

O.K. so far it doesn't look good for Melanie McGuire. We talk about "greynets" and how different tools, even a simple web browser, carry different degrees of risk based on their use, the user's purpose and intent, and the environment in which the software is deployed and even the security of the hardware and facility too. This case involves Google search queries to help build a case.

It gets more interesting...

Also relevant is the fact that the day before the murder, the state says, Melanie?s computer shows that she searched for a Walgreens pharmacy near to her. A pharmacist at that Walgreens has testified that on the day before the murder she filled a prescription for an as yet unidentified woman with a prescription written for ?Tiffany Bain?, for a rarely ordered but known narcotic. The prescription, for chloral hydrate, was written by Doctor Bradley Miller - a doctor at the office where Melanie McGuire worked at the time. Dr. Bradley Miller, the doctor with whom Melanie was having an affair at the time that William McGuire was murdered

That is true, chloral hydrate (a Class IV hypnotic) is rarely used these days, but still not unheard of during my days in medicine a few years ago. At any rate the circumstantial evidence is starting to pile up. You can read more at The Internet Patrol... but of particular interest was a comment by a reader- Jack Stock who pens:

As a writer, I can see myself asking these same questions of Google?how to commit a murder, the most efficient poisons, etc. And that doesn?t mean that I was planning a murder?except in a fictional story. Murder, he wrote.

There a number of factors to consider here- let's us start with just four questions for starters:

- Who physically had access to the computer?

- What other data was found on the PC?

- Was the PC compromised in any way?

- Is there any other evidence beyond stored search queries?

No matter how obvious or open-shut a case it seems, faulty computer forensic assumptions are dangerous. We certainly don't want to see something like the Julie Amero case happen. You can read a summary and full transcripts here and decide for yourself.

We are in a new era, where your digital footprints, whether you made them out of innocent research, or even if someone else made them for you- can and probably will be used against you.

Our CEO, Kailash Ambwani talks on the greynets concept and how the majority of internet traffic has evolved from http to communicative application traffic. Ambwani discussed how enterprises are adopting greynets, how this increases security liabilities, and how FaceTime security products enable and secure greynets. Remember, Facetime is about enablement and controlling these innovations inside of the Enteprise. Why? Because customers are demanding to communicate this way, and often an organization's most sophisticated users- the forward thinkers and innovators willl bring them into the network because they realize their value, but sometimes forget about the security and regulatory risks involved.

Here is part one and I would note to pay particular attention to how anonymizers, like Rodi and / or Tor, can be used to bypass typical forms of defense. Naturally, and Kailash acknowledges this, products like Tor (designed by the EFF), can be used as anti-censorship tools, especially in countries where this is a problem.

However they can be a disaster, a potential legal nightmare for large enterprises and I.T. administrators to manage. Kailash goes on to note how malware is now profit his limited time he didn't get to explore the use of widgets, (often thin-Ajax clients) or the stripping of content using browser-powered tools allowing the the propagation of content like video across the Enteprise. This can also be problematic given attacks like Windows Meta Frame exploits or exposure to inappropriate content.

In part two Kailash goes on to discuss how Facetime addresses the issues. Once again the focus is on enablement and control. The Internet is changing and we all must change with it. Tags: , , , , , , , , , , , , , , , , , , , , ,

Technorati Tags: , , , , , , , , , , , , , , , , , , , , ,

About this Archive

This page is a archive of entries in the Privacy Issues category from March 2007.

Privacy Issues: January 2007 is the previous archive.

Privacy Issues: May 2007 is the next archive.

Find recent content on the main index or look in the archives to find all content.