Since anyone can put anything they want on their servers, it seems like a lot of evidence could be thrown out in court cases if access to that information is not strictly monitored and audited to make sure the owners aren’t removing or adding data.
Does anyone know of industry-standard practices to ensure that data on servers is not being manipulated in a way to protect or harm users?
This question is a whole lot of chaos.
It depends a lot on which country you are thinking of.
You say courts would look into log files. No, they don’t. Experts do stuff like that.
Why do you ask for industry standards when it’s about legal stuff. There are legal procedures. Or maybe not.
Whether anyone cares about user data, that’s one of the things that’s very very different in all countries.
And lines of business too.
The finance world has different regs than say manufacturing or a reseller.
The industry standards would be what major tech companies do in order to comply and make sure that when their data is involved in a legal battle, they can prove that it hasn’t been tampered with.
Any country is fair game since I’m interested about any general knowledge, but I’m mostly curious about Western nations such as the United States.
It depends on the industry.
Finance has stricter regs about retention than most others.
Your finance data in any company may need to comply with regs, but may also need to comply with your legal team.
It really varies, even by company, or by business unit/vertical. Or class of data.
Compliance is an entire business itself. I’ve had to do compliance training every year, and not as someone who holds the keys to major data, but interacts within a company, and may handle different types of data.
If you mean like a file for evidence got stored and you want to ensure it wasn’t tapered with you can generates a checksum hash then record that hash elsewhere for verification later. Drives will also store access times, even if no data was changes, but just touched or viewed
Any country is fair game since I’m interested about any general knowledge
So you think you get ~200 responses now, one from each country LOL
Probably not, since most people don’t know this kind of information about most countries.
Each side has the opportunity to use their own experts to ask those questions and analyze the forensic integrity of the evidence at issue. Even if your side doesn’t have an expert, your attorney still has the chance to question the other side’s expert.
So if there’s a piece of evidence based on an email sent from Alice to Bob, the way the evidence gets introduced is that it gets authenticated, by someone who would be in a position to speak to whether a particular document is authentic. The other side can seek to exclude the evidence if the basis for authentication isn’t strong enough. Or, it comes in, and the other side might want to challenge that the document actually represents what the other side wants to prove: maybe casting doubt on whether other people had access to Alice’s account, etc.
Or if you want to use a surveillance camera video, you’d generally have someone who maintains the system testify as to how the system records, where it stores the data, and how it adds timestamps to different videos. Then that technical person can usually testify that the timestamp is accurate, etc., and might have to answer questions about what happens when the system loses power or a connection, etc.
So it’s not that the courts in the US actually test the validity of evidence. It’s that the parties involved in the case can challenge the validity if the circumstances call for it.
All of that is only true in the British legal system, and most of their colonies ofc.
If you have a computer at home and the cops think you might have evidence on it of some crime, they ask the judge for a warrant and then they take the machine and they put it in their evidence locker. Then nobody can manipulate it. I mean that assumes the cops are clean, which they aren’t, but it’s not every day that they tamper with evidence inside of evidence lockers.
Or maybe you’re asking about data stored in the cloud, like if you have some possibly incriminating spreadsheet in your Google account. Then the pigs would ask Google to make a copy of the data stored in your account, and Google would probably do that, then sharing the data with the pigs. So if you decided to edit the data later, it would be too late, the copy would already be out there.
Civil litigation in the US has different rules. At some point when you find out that someone is going to be suing you or is in fact suing you, you have a legal duty not to fuck with the evidence that’s likely to be relevant. If it is later discovered that you were fucking with the evidence, then the judge or jury might be able to assume that whatever you touched would have made you look bad. Of course the details matter. But anyway, suppose you want to edit some log file so you SSH into your server and then edit it, but that in turn creates a history of your login and commands that you executed, so then maybe you decide to delete your own history, but then the absence of your history is itself evidence of fuckery… All of that being said, we can be sure that some people are somewhat slick and somewhat lucky and get away with altering data from time to time. We just don’t know how often on account of them not getting caught.
I’m asking about data stored on servers.
Lemmy, for example, has its instances owned by people and those people can do whatever they want with the data that is stored on their servers. If there is ever a legal issue involving a user’s posts on Lemmy, how can courts or law enforcement determine that the owner hasn’t manipulated the data to protect or harm the user?
Sure, they can look at other servers’ since Lemmy is federated. But in the case of a non-federated service (which most are) or instance, this kind of verification wouldn’t be possible.
What are you planning OP??
Expanding on some of the other answers…
A court in the US or UK is going to look and act a lot different than courts in, like, Thailand or India or whatever.
But taking the US as an example, both sides will get a copy of relevant data, and whichever side wants to allege tampering will hire an expert to try to make that case to the judge or jury. The court itself doesn’t verify any evidence. Both sides present their version, and the jury decides what happens - with the prosecution in a criminal trial having a higher burden of proof, at least in theory.
The court itself doesn’t verify any evidence. Both
Being from a country with an inquisutory justice system where a judge oversee the investigation it seems crazy to me that the court doesn’t verify the evidences
HAHAHAHAHA
It’s complex. Chain of custody is important.
Also the pluralized noun is for Band or Football; the mass noun is still just “practice” like you’d say for a doctor’s practice.
The data gets cloned to an image first, that image is then whats gets used as evidence.
Thanks.
That seems like it would prevent tampering after a certain point, but it doesn’t verify that the data hasn’t been maliciously altered before the image is created.
Speaking for the United States, any document or other exhibit is only admitted into evidence when a witness gets on the stand and testifies under oath as to what the document is. So if someone wants a court to believe that, say, a computer log is authentic, they have to produce a witness to testify about the authenticity. This is where anti tampering measures can be discussed, if relevant.
That witness is then subject to cross examination, which can reveal any holes or gaps. Cross examination can also be used to impeach the credibility of the witness themself.
Once an exhibit is admitted into evidence, the trier of fact, either a judge or jury, will assign a credibility level to it based on the sum total of evidence presented and their own common sense.
A proper forensic analysis would take into account things like modification times and other factors that could be used to determine if there was alterations.
Its the same with physical documents, a company can get a legal order to not shred documents and keep everything pertaining to a given subject, if they internally ignore it and shred documents anyway, they might get away with it, but its a pretty big risk for a company to take.
I don’t know about it being a big risk, it really depends.
Look at Enron - they shredded (I believe literally) tons of documents.
There’s a penalty for destroying such things, but you’d really have to prove what it was for the worst penalties. Better in Enron’ s perspective to prevent the bigger issue, and shred the evidence that would certainly convict their C-suite.
Yeah for large corporations like Enron and their C-suites the rules are a bit different, but if its not some rich corpo exec then there are usually consequences. They might get away with the original crime but charged instead with obstructing or worse, they might still be convicted on the first thing plus an obstruction charge.
Well, the courts only have copies of evidence submitted. And both sides of every court case should have copies as well.
