[101018] in North American Network Operators' Group
Re: Giga fiber Tap
daemon@ATHENA.MIT.EDU (Sean Donelan)
Sat Dec 1 14:18:14 2007
Date: Sat, 1 Dec 2007 14:17:11 -0500 (EST)
From: Sean Donelan <sean@donelan.com>
To: David Newman <dnewman@networktest.com>
cc: nanog@merit.edu
In-Reply-To: <4750BC13.1030606@networktest.com>
Errors-To: owner-nanog@merit.edu
On Fri, 30 Nov 2007, David Newman wrote:
> I'd heard about a kiddie porn case getting tossed because the defense
> successfully argued law enforcement's tap may have dropped frames. I
> didn't believe it until I measured this myself with a packet blaster.
I would like to see a citation for this case. Evidence from network taps
would be very rare in a child explotation case, and extremely unusual for
it to be the sole evidence in such a case. Despite the "CSI effect,"
the existance of perfect data is more suspicious than glitchy data in a
criminal case. Sounds a bit like the story of a case being dismissed
because a computer banner said "Welcome" (no such case has ever been
found).
If you had said it was a narcotics case, I would be less skeptical.
> Endicott-Popovsky, B.E., Chee, B. and Frincke, D. Role of Calibration as
> Part of Establishing Foundation for Expert Testimony, in Proceedings 3rd
> Annual IFIP WG 11.9 Conference January 29-31, 2007, Orlando, FL.
Thanks for the citation. Using an aggregation tap for a criminal
investigation is not a good idea, but I guess it wouldn't surprise me if
someone did. Investigators should understand the limitations of their
equipment and as suggested check its calibration with known data.