Right of access to ...
 
Notifications
Clear all

Right of access to computer hardware/software

18 Posts
8 Users
0 Likes
854 Views
(@dngroen)
Posts: 55
Trusted Member
Topic starter
 

I am not sure if this is the right category for this question or whether I have the right phrasing for the question.

I have been pondering the ethical stand point of 1. software ownership, 2. hardware ownership and 3. Who has the right to grant access to hardware/software.

When you buy software you are buying the right to use the it but you do not own the code. So who has the right to grant access to it? (should say the police want to access it).

Can the same be said for hardware when you consider that so much computer hardware has firmware. When you buy a new hard drive, modem graphics card etc, do you own the the components but not the firmware or do you own neither, just a licence to use it?

What does the implications of that mean for law enforcement?

 
Posted : 01/02/2009 12:44 am
(@seanmcl)
Posts: 700
Honorable Member
 

Well, I can't speak for the laws in the UK and I can only speak from my experience in the US, not actual case law, but…

In the US, the issue is somewhat complicated. If I obtain a disk image and it has on it, say, a bunch of MS Word documents, then (in theory), I could do a VM of the suspect drive, for forensic purposes, and view the documents using the suspects version of MS Word.

But, if I exported the images and then used the suspect's install of MS Word to view or print the files on my machine, I would almost certainly be violating the license agreement with Microsoft.

Of course, if you use something like Oracle(Stellant)'s OutsideIn, you're probably ok.

The distinction, I think, is whether you are viewing the evidence as the suspect would have seen it, using his/her licensed software, and have a sound legal, and forensic, reason to do so, versus whether you are viewing the same as a practitioner of forensics and using unlicensed software or software licensed to another individual.

I'd be wary about being challenged about the latter use. If the case is important enough to pursue, it is probably worth the cost to make sure that you have the appropriate licenses to view/produce the evidence.

For firmware, it is a bit of a different story. The drive is sold as a functioning unit (including firmware), and as long as the firmware is being used in accordance with the terms of the purchase, I don't see much problem, especially if the evidence has been obtained in a legal manner. Your use of the firmware would fit within the intended use of the manufacturer and you aren't really licensing the firmware as much as you are purchasing the device.

In general, the firmware license applies to the hardware, not to the user. That is to say, that the firmware is licensed not so much to an individual user but to a purpose. As long as the transfer of the physical unit is legal, so should be the firmware.

Consider the fact that proprietary firmware exists in all sorts of devices, such as mobile phones and even automobiles. Do you see Jaguar objecting to the sale of a used car because that would involve a transfer of its firmware to a third party?

 
Posted : 01/02/2009 1:39 am
(@dngroen)
Posts: 55
Trusted Member
Topic starter
 

I think a part of what I am pondering is whether the user has the right to grant access to the hardware/software that they are using. Or whether a law enforcment agency does not require that permission as the user does not technically own it.

At the moment I am not thinking about warrents or whether there is probable cause.

It is interesting that there is a distinction between viewing a document as if you were the suspect (using the suspects machine/software) and viewing a document as a practitioner (using your own machine/software).

What if a MS Word document were to be viewed with an open source application?

 
Posted : 01/02/2009 2:07 am
(@bithead)
Posts: 1206
Noble Member
 

Viewing the file that is created with the software is different than viewing the code for the software. In most instances, if you read the software license agreement, the end user is licensed to use the software and is typically enjoined from reverse engineering the software; however the resultant product from the software is not a part of the license. The resultant product is copyrighted to the creator not the creator of the software used. I have seen some license agreements for online services that claim that the provider is transferred the copyright for any material uploaded to their service.

 
Posted : 01/02/2009 7:26 am
(@seanmcl)
Posts: 700
Honorable Member
 

I think a part of what I am pondering is whether the user has the right to grant access to the hardware/software that they are using. Or whether a law enforcment agency does not require that permission as the user does not technically own it.

I'm still not seeing the issue. LE would likely be interested in the work product, not the software itself. The work product is the property of the producer and (in most cases) would require the user's permission to access.

It is interesting that there is a distinction between viewing a document as if you were the suspect (using the suspects machine/software) and viewing a document as a practitioner (using your own machine/software).

Sorry if I meant to create that impression. Let's say, for example, I agree to allow LE to examine my Encase evidence files. I can let them sit at my desk and view the files using my license/dongle. But I can't transfer or copy the license to Encase without approval from GSI. Those are the terms of my license. I can probably transfer my MS Office license without permission from Microsoft, but I can't allow LE to install a second copy of Office using my license key while I retain possession of the license.

What if a MS Word document were to be viewed with an open source application?

Again, we are talking (now) about work product, which belongs to the person who created it, not to MS/GSI, etc.

 
Posted : 01/02/2009 7:06 pm
(@dngroen)
Posts: 55
Trusted Member
Topic starter
 

The user generated data is stored on a desktop pc, licenced software resides on the pc. To access the user data, would a third party (law enforcment) be violating the licence?

Does the licence holder have the right to say no, or does the copyright holder?

My main train of thought though is remote access to an individual PC. Which is why I considered who has 'ownership' of the hardware. As this would be the transport medium. and secondly the 'ownership' of the software. Does the person using the software and hardware have the right to refuse access to it.

It is much more a hypothetical situation that I see arising, considering the increasing powers law enforcement have to invade peoples privacy with obtaining permission/warrent.

How much worse could it get if copyright and ownership laws were modified to give stronger rights of owner to software producers and hardware manufacturers.

 
Posted : 02/02/2009 12:23 am
(@jonathan)
Posts: 878
Prominent Member
 

Not sure I entirely follow what you're saying, but just because the item in question is digitised doesn't make it a special case. A scene of a crime/suspected crime is the same whether it's a computer, an office or a plane. The owner of the scene of the crime, or items within the scene of crime, can't refuse law enforcement investigation.

 
Posted : 02/02/2009 3:29 am
(@bithead)
Posts: 1206
Noble Member
 

And to reiterate, not very many cases involve examining the software on the computer, it is the product of the software that it typically in question and that product is not covered by the EULA for the software used to create the product. Additionally it is unlikely that the Patent office would grant any consideration to the software creator for product created by the software, and it is unlikely that anyone would use software where the copyright to the creative product reverted to the creator of the software (although who knows what is stuck in an EULA today).

 
Posted : 02/02/2009 5:10 am
(@dficsi)
Posts: 283
Reputable Member
 

As far as ownership goes, the "Sale of Goods and Services Act" is a good place to start. I would recommend a book named "An Introduction to Computer Law" by Bainbridge. He should be able to clear ownership up for you.

I am, of course, going to agree with Jonathan, and I think your use of the words "invade peoples privacy" is certainly going over the top and an inflamatory remark. Warrants are not just given out willy nilly, some evidence is needed before a warrant can be issued. Sometimes things are confused and innocent parties become involved, but for the most part, the police get it right.

 
Posted : 02/02/2009 2:03 pm
(@dngroen)
Posts: 55
Trusted Member
Topic starter
 

Indeed not. The situation I am describing is entirely hypothetical. I was referring to the invasion of privacy that could occur. No offence is intended.

There are however as many know debates taking place to extend the powers that British police have to gain warrentless access to peoples computers. This is in addition to what is already covered by RIPA 2000 where very limited powers are already set out.

 
Posted : 02/02/2009 2:36 pm
Page 1 / 2
Share: