Court’s Steroid Ruling Pumps Up Computer Privacy

A divided 11-judge federal appeals court panel has dramatically narrowed the government’s search-and-seizure powers in the digital age, ruling Wednesday that federal prosecutors went too far when seizing 104 professional baseball players’ drug results when they had a warrant for just 10.

The 9th U.S. Circuit Court of Appeals’ 9-2 decision offered Miranda-style guidelines to prosecutors and judges on how to protect Fourth Amendment privacy rights while conducting computer searches.

Ideally, when searching a computer’s hard drive, the government should cull the specific data described in the search warrant, rather than copy the entire drive, the San Francisco-based appeals court ruled. When that’s not possible, the feds must use an independent third party under the court’s supervision, whose job it would be to comb through the files for the specific information, and provide it, and nothing else, to the government.

Judges, the appellate court added, should be wary of prosecutors and perhaps “deny the warrant altogether” if the government does not consent to such a plan in data-search cases.

The government said it was weighing its options, including whether to appeal to the Supreme Court.

The ruling came in a case that dates to 2004, when federal prosecutors probing a Northern California steroid ring obtained warrants to seize the results of urine samples of 10 pro baseball players at a Long Beach, California drug-testing facility. The players had been tested as part of a voluntary drug-deterrence program implemented by Major League Baseball.

Federal agents serving the search warrant on the Comprehensive Drug Testing lab wound up making a copy of a directory containing a Microsoft Excel spreadsheet with results of every player that was tested in the program. Then, back in the office, they scrolled freely through the spreadsheet, ultimately noting the names of all 104 players who tested positive.

The government argued that the information was lawfully found in “plain site,” just like marijuana being discovered on a dining room table during a court-authorized weapons search of a home. But the court noted that the agents actively scrolled to the right side of the spreadsheet to peek at all the players test results, when they could easily have selected, copied and pasted only the rows listing the players named in the search warrant.

Chief Judge Alex Kozinski, writing for the 9-2 majority, (.pdf) said the government “must maintain the privacy of materials that are intermingled with seizable materials, and … avoid turning a limited search for particular information into a general search of office file systems and computer databases.”

George Washington University law professor and former federal cybercrime prosecutor Orin Kerr called the decision “truly astonishing.”

“The majority opinion … announces a laundry list of brand-new rules, introduced with no citations to any authority, that henceforth the government must follow when executing warrants for digital information,” Kerr wrote in a post to the Volokh Conspiracy blog. “I can’t recall having read anything quite like it, although it does bring to mind Miranda v. Arizona.”

Four players whose names were seized, and who were not linked to the BALCO investigation, have been leaked to The New York Times. They are Alex Rodriguez, David Ortiz, Manny Ramirez and Sammie Sosa.

That privacy breach was not lost on Kozinski, who said those players suffered “harm as a result of the government’s seizure.”

In dissent, Judges Consuelo Callahan and Sandra Ikuta wrote that the majority was sidestepping its own precedent in which the circuit court had denied the suppression of child pornography evidence found on a computer during a search for the production of false identification cards pursuant to a valid warrant.

“There is no rule … that evidence turned up while officers are rightfully searching a location under properly issued warrant must be excluded simply because the evidence found may support charges for a related crime,” the dissenting judges wrote.

By David Kravets

New Rootkit Found

The tale of discovering a library preloading rootkit that made itself nearly invisible and recorded incoming and outgoing connections out of the box.

Read the full story at : http://www.void.gr/kargig/blog/2009/08/21/theres-a-rootkit-in-the-closet/

Spotlight finds deleted e-mails on iPhone

Spotlight finds deleted e-mails on iPhone, but don't panic (Updated)

Spotlight on the iPhone can find your deleted e-mails—oh no! The problem has been blown way out of proportion, though, and Apple has reportedly "fixed" the issue for iPhone OS 3.1.

The Mac blog-o-verse has been abuzz recently with the revelation that a Spotlight search can turn up deleted e-mails on an iPhone. While described as a bug or potential security issue, the truth is less scary than that. Additionally, it seems that Apple has already added a fix to the iPhone OS 3.1 update that is currently in beta.

Cult of Mac reader Matt Janssen revealed the bug yesterday morning after he discovered that an e-mail he remembered deleting showed up in a Spotlight search. "Obviously this is could be a major security issue if you think you deleted something from your iPod but it's not really deleted," Janssen told Cult of Mac. "You can still search through messages that are deleted. And this isn't messages that are just recent. I found some messages that are over three or four months old."

But, as TUAW points out, the problem is that when you hit "delete" on an e-mail, most (if not all) e-mail clients put the message in a special Trash folder. This is just like using the Trash on your desktop—it's a temporary staging area where you can retrieve messages if you deleted them accidentally. And, just like Spotlight on the Mac, Spotlight on the iPhone OS can find e-mails that are in the Trash. (By default it normally will ignore messages trashed in Mail, but you can search the Trash easily in Mail itself.)

Depending on the settings on your server, these messages may be "emptied" from the Trash in seven days, 30 days, or maybe even never. On the iPhone itself, the setting to control when messages are automatically emptied from the Trash is buried several levels deep in the Settings app (Mail, Contacts, Calendars > account > Account Info > Advanced > Remove Deleted Message...). I like TUAW's suggestion that Apple add an "Empty Trash" button in the iPhone version of Mail, but it turns out that is easy to do in iPhone OS 3.0. As Ars reader lloeki points out, just go to an account's Trash folder, press "Edit," then press "Delete All."

There is good news for those who would just assume messages in the Trash wouldn't turn up in a search, though. A tipster for Gizmodo said Apple is aware of the issue, and it appears that the current iPhone OS 3.1 beta doesn't show trashed e-mails in search results. So, it seems the crisis will be averted soon.

Still, even though the messages won't show up in a Spotlight search, that will only thwart casual peepers looking through your mail for potential dirt or other sensitive information. Those e-mails will still be in the Trash folder in your iPhone or iPod touch's flash memory, and will get backed up whenever you sync your device to iTunes. A more skilled hacker could find them if they wanted, so it's still best to manually empty e-mails that you don't want anyone else reading out of the Trash. To be extra safe, you could then zero out the free space on your device.

UPDATE: It appears that even after deleting messages form the Trash, they can still show up in Spotlight searches if the account in question is a POP account. According to TUAW's Mike Jones, whether or not the message can be accessed once it shows up in the Spotlight search is hit or miss as well. Since we use our iPhones with IMAP accounts, which are unaffected by the bug, we didn't notice the problem. Still, a fix from Apple is definitely on its way when iPhone OS 3.1 becomes available.

Data Hiding in Facebook through flash games