5. The “Internet of Evidence™”
Little Brother Is Watching You – And
He’s Taking Notes!
Wayne B. Norris
2534 Murrell Road, Santa Barbara, CA 93109-1859
805-962-7703 Voice 805-456-2169 FAX
Wayne@WayneBNorris.com http://wayneBNorris.com
Using the Vast and Ever-Growing Array of
Sensors and Data recorders to Assist in
Establishing Truth, Justice, and the
American Way
6. Sensors Are Devices That Detect
[and often record] Data
Modern digital cameras record time, date, and often GPS
coordinates INSIDE picture files, in what is known as the Exif
Header: http://en.wikipedia.org/wiki/Exchangeable_image_file_format
In addition, that data is written to the file system of the camera
Mobile phones report their location to the carrier several times
per minute: http://en.wikipedia.org/wiki/Mobile_phone_tracking
Computer browsers such as Chrome and IE report multiple data
back to Google and Microsoft frequently
4/21/2014The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes!
6
7. Sensors Are Devices That Detect
[and often record] Data (cont.)
Cars have Event Data Recorders [EDRs] that even record items
including SEAT POSITION: http://media.mgnetwork.com/blackbox/
Sensor data can be stored locally or in distributed fashion
“Smart” appliances such as refrigerators, microwave ovens,
door locks, and HVAC systems report data to servers.
Servers from iTunes to Amazon to Cox to Comcast to Facebook
preserve data sent and received on computers and mobile
devices.
4/21/2014The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes!
7
8. The Net Effect Is That Sensor Data
Is Exploding
No less a player than IBM is paying great attention to this
phenomenon, in a 1-hour Webcast, “Solving the Big Data
Challenge of Sensor Data”
http://www-01.ibm.com/common/ssi/cgi-bin/ssialias?infotype=SA&subtype=ST&htmlfid=IMV14323USEN
The phenomenon will only grow larger with time. Thought
leaders refer to this as the “Internet Of Things” [“IOT”]
http://en.wikipedia.org/wiki/Internet_of_Things or even…
The “Internet of Everything”: http://www.qualcomm.com/solutions/ioe
4/21/2014The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes!
8
9. The Net Effect Is That Sensor Data
Is Exploding (cont.)
The legal system has no choice but to incorporate this flood
of sensor data into its practice.
We now truly have the “Internet of Evidence™”
4/21/2014The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes!
9
10. The Internet of Evidence Is As Profound
as Fingerprinting or DNA!
The sensor data and the Internet of Evidence™ support:
Determination of time lines
Identities of actors / alibis
Intent of actors
External and environmental conditions
Who knew what, and when they knew it
4/21/2014
The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes!
10
11. The Internet of Evidence Is As Profound
as Fingerprinting or DNA! (cont.)
Just as with physical evidence, Internet of Evidence™ is subject
to:
Requirements for discovery, seizure, chain of custody, and accurate
transcription
Possible tampering, forgery, and counterfeiting, and
Intentional or inadvertent destruction.
4/21/2014
The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes!
11
12. Case Study Number 1 – The Data
Collection That Didn’t Happen
<Case name withheld pending OK by subject attorneys>
California Criminal case – molestation of underage female
victims by 17-year-old male, July 2011
A family event with parents, defendant, two younger brothers,
older married sister, two nieces [6 and 8], and a family friend [11]
Defendant was professionally employed as a paparazzi
photographer
4/21/2014The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes!
12
13. Case Study Number 1 – The Data
Collection That Didn’t Happen (cont.)
While sister [nieces’ mom] went shopping, Defendant was
asked to:
Take paparazzi photos of 3 girls using Canon EOS 60D DSLR
Download music from iTunes to sister’s laptop
“RIP” some music CDs to sister’s laptop
Sister was gone for 45 minutes
Family barbecue went on as planned
11-year-old reported molestation to girlfriend after starting 7th
Grade in September
4/21/2014The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes!
13
14. Internet of Evidence™ Involvement
Alibi consisted of testimony that the Defendant was too busy
doing digital tasks to have committed any crime
Victim interviews done by male investigator with no specialized
training in this area. Psychological evidence not discussed in this
Webinar
Zero physical evidence was preserved, at the discretion of the
investigator. Investigator testified there would be nothing of
value.
4/21/2014The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes!
14
15. Internet of Evidence™ Involvement
(cont.)
Internet of Evidence™ consisted of:
Laptop hard drive
Time / Date stamps of all relevant files
Non-File Area [NFA] data from potential deleted files
Canon memory card
File system data
Exif header data
iTunes transaction data, with time tags
Potential Internet Service Provider packet data
Potential geo-reference data from any cell phones
Other data?
4/21/2014The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes!
15
16. Resolution
Trial lasted for about 15 days
14 counts = Life Without Parole, due to age of alleged victims and
multiple victim enhancement
Family split – sister on one side, parents siding with Defendant
Nieces recanted testimony
Acquittal on 6 charges; Hung jury on 8 charges; DA deciding
whether to re-file
4/21/2014The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes!
16
19. Case Study Number 2 – The Text
Message from Who Knows Where
<Case name withheld pending OK by subject attorneys>
California Criminal contempt case – Wife received text messages
on her cell phone with husband’s cell number as callback, in
violation of no-contact order
Husband is a business owner, wife is a divorce attorney, disputed
custody of 6-year-old daughter
Husband alleged wife knew his cell phone provider password;
she or a co-conspirator could have logged into the web
account and forged husband’s identity in sending of message
Husband took voluntary polygraph test, registered NDI
4/21/2014The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes!
19
20. Analysis
Internet of Evidence™ issue: If such a forgery were perpetrated via
a Web login instead of an actual cell phone, is such a forgery
detectable from either the receiving cell phone or from the web
record?
Interestingly, no. Text message formats do not retain path data.
Cell phone provider records will tell and can be subpoenaed, but
are retained for only 10 days, and then are erased. Actions came
TOO LATE
4/21/2014The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes!
20
21. Resolution
Text message charge dropped.
What should have been done:
Impound all Internet of Evidence™ data immediately
Create perfect copies using NIJ-approved passive copy apparatus
Subpoena relevant records from cell phone provider before
destruction date
4/21/2014The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes!
21
22. Summary
The Internet of Evidence™ is potentially as significant to
jurisprudence as fingerprinting and DNA analysis were in their
day.
Internet of Evidence™ information exists literally everywhere in
many contemporary legal matters
It is not magic, and may not exist. Or it may not have probative
value.
The safest course is to:
Impound all Internet of Evidence™ data immediately
Create perfect copies using NIJ-approved passive copy apparatus
Subpoena relevant records from Internet Service Provider and/or
vendors while it is still available
4/21/2014The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes!
22
23. Summary (cont.)
Once Internet of Evidence™ data is secure, THEN determine if
data has probative value
If probative value cannot be ruled out, analyze data using
qualified experts
If no experts are on staff, LOOK ON THE INTERNET! There are
specialists all over.
The field is so large that no one individual can be an expert on
all areas.
Individual specialists may need to research highly case-specific
questions.
For large or complex cases, one expert may need to function as
a Lead Investigator.
4/21/2014The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes!
23
24. Final Words
The Internet of Evidence™ has only recently arrived, but it is
here to stay
There were, literally, ZERO cell phone photos or movies from
inside the Twin Towers. Such devices are now the most
common platforms for watching NFL games, after TV!
When a new fleet of helicopters arrived with an aviation unit
at a base in Iraq, some soldiers took pictures on the flight
line... From the photos that were uploaded to the Internet,
the enemy was able to determine the exact location of the
helicopters inside the compound and conduct a mortar
attack, destroying four of the AH-64 Apaches.
http://www.army.mil/article/75165/Geotagging_poses_security_risks/
4/21/2014
The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes!
24
25. Final Words (cont.)
During Israel’s 2006 war in southern Lebanon with Iranian-
backed… Hezbollah, Iranian SIGINT professionals tracked signals
coming from personal cell phones of Israeli soldiers to identify
assembly points of Israeli troops that may have telegraphed the
points of offensive thrusts into Lebanon.
http://defensetech.org/2012/03/15/insurgents-used-cell-phone-geotags-to-destroy-ah-64s-in-iraq/
http://petapixel.com/2012/12/03/exif-data-may-have-revealed-location-of-fugitive-billionaire-
john-mcafee/
4/21/2014The Internet of Evidence(tm) - Little Brother Is Watching You – And He’s Taking Notes!
25
