Canada’s High Court Quashes Child Porn Warrant

The CBC reports that the Supreme Court of Canada has handed down a decision quashing a search warrant and overturning the conviction of a Saskatchewan man charged with possessing child pornography.  A justice of the peace had insufficient evidence to issue a search warrant in 2003 against Urbain P. Morelli.  Morelli ‘s charter rights were violated when police searched his computer for child porn after a technician who had visited his home expressed concerns to police.  Notable about this decision is the distinction between “accessing” and “possessing” digital images, particularly the recognition that a user does not possess data that has been cached. 

From the decision:  “When accessing Web pages, most Internet browsers will store on the computer’s own hard drive a temporary copy of all or most of the files that comprise the Web page.  This is typically known as a “caching function” and the location of the temporary, automatic copies is known as the “cache.”  While the configuration of the caching function varies and can be modified by the user, cached files typically include images and are generally discarded automatically after a certain number of days, or after the cache grows to a certain size.  On my view of possession, the automatic caching of a file to the hard drive does not, without more, constitute possession.  While the cached file might be in a “place” over which the computer user has control, in order to establish possession, it is necessary to satisfy mens rea or fault requirements as well.  Thus, it must be shown that the file was knowingly stored and retained through the cache.'”

This case tears me up, I am seriously conflicted.  On the one hand, I really do not like pedophiles, don’t know anyone that does.  On the other hand, what evidence is there to support the accusations leveled at this person?  The accused appears to have an interest in porn, but the evidence presented that he is a consumer of child porn is all hearsay.  The technician seeing links to what he percieves to be childporn sites (did he visit the sites, is he familiar with these sites, or is the naming of a link sufficient to support the claim?) and the presence of pictures of children in the internet cache are totally non-evidentiary in my educated layman’s opinion.  I cannot count the number of times that one site or another, including Google searches, have presented misleading and erroneous results to my own surfing requests.  Who has NOT seen a disgusting pop-up, or at least an unexpected one, while wandering the internet?  There are people whose livelihoods depend on presenting you with various marketing materials, some good, some bad, some illegal, and they do not care how they get those materials in front of you as you surf.

What if he is innocent?  The fact that this guy was pulled in, embarassed, humiliated, castigated and convicted on what seems to be very lossely investigated and circumstantial evidence is terribly frightening.  This man will be persecuted and stygmatized for the rest of his life, all based on the questionable observations and opinion of some visiting technician.  Imagine the impact this will have on him, his career, his family, his used-to-be friends.


Another Round of Facebook Malware

In case you weren’t aware, facebook seems quite popular.  Due to its 400 million users worldwide, its openness to application developers, and its tendency to connect users based on perceived trust, it has become a very attractive target for criminals.  Once again a piece of malware has taken direct aim at Facebook users, who range from computer experts to computer newbies, seeking to steal their passwords, online personas, personal information, and potentially, their identities.

The email passes itself off as a genuine email from facebook, reporting that they have reset your password and that your new password is enclosed in an attached file.  Facebook will never send you a file containing your password.  Inside the attachment is an .exe program file that infects your computer and can reportedly steal all of your personal passwords.  Not only your facebook password, all passwords.  It is not clear yet if it is a keystroke logger stealing passwords as you type, or if it collects passwords stored on your computer.

McAffee has a virus alert noting that this is “the sixth most prevalent piece of malware targeting consumers in the last 24 hours.”   Don’t open or even click on the attachment if you get one of these emails.  McAffee’s alert states that the malware “becomes active when the user clicks on it”.  Delete the email immediately.

NYPD Visit Elderly Couple – Again

Here is a real world example of why you DON’T use real data in testing.  Embarrassed cops on Thursday cited a “computer glitch” as the reason police targeted the home of an elderly, law-abiding couple more than 50 times in futile hunts for bad guys.  Apparently, the address of Walter and Rose Martin’s Brooklyn home was used to test a department-wide computer system in 2002.  What followed was years of cops appearing at the Martins’ door looking for murderers, robbers and rapists – as often as three times a week.


Fraud Predictions Looking Bleak

According to Nick Mothershaw, director of fraud and identity solutions at Experian, “Attempted fraud is on the increase and the nature of the threat is changing.  Organised criminal fraudsters are moving into the mass-market, looking beyond those with obvious wealth towards lower-value but more vulnerable targets.  At the same time, financial stress brought about by the recession is driving increasing numbers of people to commit fraud to maintain their lifestyles.”

As a result of these changes in economic and threat disposition, financial institutions could be faced with rising fraud attacks during 2010.  The report suggests that UK mortgage and insurance providers could be hit to the tune of £1.2 billion and £2.5 billion worth of fraud respectively in 2010.  What happens over on that side of the pond does not tend to stay there.  Expect similar numbers in North American markets as the fraud schemes are refined and prove themselves lucrative.


More Breach Stats

More security breach statistics are being published, from more sources than ever before.  None of the news coming from any of these sources appears to be good news.  The Bank Info Security website says that there have been 171 reported data breaches so far in 2010, and 20 of these involve financial services companies.  This means that in less than one quarter of the year, we already have seen nearly one-third of the 62 banking-related breaches reported in 2009.


  • Business/Retail -44%
  • Medical/healthcare – 23%
  • Government/military – 15 %
  • Financial Services – 11.7%
  • Education – 7%

Bank Info Security