back to article Archive.org's Wayback Machine is legit legal evidence, US appeals court judges rule

The Wayback Machine's archive of webpages is legitimate evidence that may be used in litigation, a US appeals court has decided. The second circuit ruling [PDF] supports a similar one from the third circuit – and, taken together, the decisions could pave the way for the Internet Archive's library of webpages to be considered …

Page:

  1. Flakk

    Don't get me wrong... I'm a huge fan of the Wayback Machine. I am, however, having a difficult time understanding how the way it processes and stores data is consistent with rules for evidence gathering and chain of custody. How does archive.org attest to the integrity of the data in its databases? Surely the mere testimony of an office manager does not meet the criteria for "beyond a reasonable doubt"?

    1. Anonymous Coward
      Anonymous Coward

      The guilt of the suspect has to be determined "beyond a reasonable doubt" but that's not the case for the evidence. If this was the ONLY evidence tying him to the crime then he might be able to make the argument "but... but... it could have been tampered with".

      That's the case with pretty much all evidences. Photos, video and audio can be tampered with. Witnesses may lie or may not remember accurately. Even DNA tests aren't foolproof and have a certain percentage of accuracy (or chance of mismatch) associated with them.

      You take all the evidence into account, and some of it is seen is pretty strong (like DNA evidence or eyewitness testimony from 10 people who all agree) and other maybe less strong (a grainy CCTV image or the testimony of a witness with a history of drug abuse who admits he was high at the time) and you take it all together in determining whether a suspect is guilty beyond a reasonable doubt.

      1. A Non e-mouse Silver badge

        Even DNA tests aren't foolproof and have a certain percentage of accuracy (or chance of mismatch)

        The problem is that many people either ignore the error figures, or fail to understand them. Unfortunately, the problem is even worse for fingerprints.

        1. Alan Brown Silver badge

          DNA and ffingerprints

          They're both great tools for proving someone is NOT the perpetrator (ie an elimination tool)

          Unfortunately when it comes to proving someone IS the perpetrator, it's a lot harder, as they've both historically relied on too few nexus points for fully accurate matching - but have then been oversold by prosecutors.as being "totally accurate"

          1. Anonymous Coward
            Anonymous Coward

            Re: DNA and ffingerprints

            @Alan Brown,

            They're both great tools for proving someone is NOT the perpetrator (ie an elimination tool)

            Unfortunately when it comes to proving someone IS the perpetrator, it's a lot harder, as they've both historically relied on too few nexus points for fully accurate matching - but have then been oversold by prosecutors.as being "totally accurate"

            Absolutely. Worse still, here in the UK you are not even allowed in court to point out that DNA has this problem. Judges refuse to allow a jury to be told that a DNA match is a probabilistic thing. This has led to miscarriages of justice, case reviews, etc due to the use of too few nexus points. I know of one case where the DNA match was overturned, simply because the convicted man had the money for a more detailed analysis techniques be done. Turned out it was a close match, but not an exact match.

            It also means that you can have 30 witnesses saying that you were 100 miles away from the scene of the crime, but their testimony is trumped by a DNA match. One potentially mistaken scientist's view is more significant than that of all your mates. The same goes for fingerprints, and poor quality assessment of dabs has played a role in miscarriages of justice in Scotland, taking a disgracefully long time to work out.

            The use of DNA to exclude people as suspects is also doubtful. Chimerism is a recognised condition, thought to be very rare. Essentially a person can have different DNA profiles across their body, as a result of 2 sperm fertilising an egg at the same instant.

            However it has played a role in court cases in the USA (a mother was found not to be the parent of her child, something that was eventually sorted out when it was discovered that she was chimeric. It was a major problem, and it took a long time to show that she hadn't been commuting social security fraud).

            Anyway, a crime scene DNA profile of blood might not match a mouth swab DNA profile. The problem is that the medical world has no idea as to the true rate of chimerism, because to measure the rate you would have to do a DNA profile of every part of every body who dies. The current estimate of how common it is is based on how often it is detected in the living. Trouble is no one is looking for it in the living in a systematic way, so we actually have zero idea. We might all be chimeric for what we know.

            Essentially it is extremely difficult to challenge scientific evidence in court. Fingerprints, DNA, other forensic evidence, medical assessments. Judges have ruled that it is all "independent and reliable".

            The medical opinion reliance is very odd; it's the first opinion they take, not the concensus opinion. Thus if a junior doctor on a late shift after a 100 hour week writes down "this was child abuse", a defence is not allowed to challenge that no matter how senior a consultant they roll out, nor how many of them. That weird approach to complex medical matters has led to all sorts of problems.

            Basically, courts and science / technology are a dangerous mix. Judges want facts from individuals, but science is rarely giving them, and scientific / medical opinion is all about peer reviewed consensus not individual views. This is why 2 rogue paediatricians were so instrumental in the jailing of innocent bereaved mothers.

            Anyway, the Way Back Machine had better not ever get hacked, or conceal that if it happens. If it does then it use by prosecutors in old cases would have to be questioned, and old cases reviewed.

            1. DropBear
              WTF?

              Re: DNA and ffingerprints

              I find this seriously disturbing. Not that I would actually expect the Wayback Machine to be dishonest or tampered with, but the point is I have no idea if it actually is or not and I'd expect anything regarded as evidence of anything else held to a higher standard.

              Think of it the other way around: assume the WM never existed, but the state announces the creation of a new all-encompassing archival system to be used as evidence in courts - would you not immediately want to know what the safeguard mechanism in place are against abuse, who audits them and how often and with what degree of transparency...? Because I sure as fuck would. But hey - if it's the WM none of that's needed, you can just trust us, we're the good guys after all isn't it...

            2. katrinab Silver badge

              Re: DNA and ffingerprints

              "Chimerism is a recognised condition, thought to be very rare."

              Correction: Chimerism is a recognised condition, thought to be very common.

              For example, 90% of women who have been pregnant or had unprotected sex (which could mean, they were pregnant and miscarried without realising it) have Y chromosomes.

              98% of men have some cells that don't have Y chromosomes, generally, they are an exact match for their mother's cells. It is also possible that they got cells from older brothers / sisters including ones that didn't make it to birth via that route.

              1. Brewster's Angle Grinder Silver badge

                Re: DNA and ffingerprints

                Yes, microchimerism is a thing. (A mother will have cells from all her children in her blood.) But I don't think a few cells here or there will sway DNA analysis; it's several orders of magnitude less important than being a fusion of two siblings.

            3. strum

              Re: DNA and ffingerprints

              >Judges refuse to allow a jury to be told that a DNA match is a probabilistic thing.

              Poppycock. I've been a juror on a case, using DNA. The judge not only allowed discussion of DNA's probablistic nature, he called an expert witness to explain it to us.

              1. Doctor Syntax Silver badge

                Re: DNA and ffingerprints

                "Poppycock."

                Exactly. I spent a good many years as a forensic scientist. Although it wasn't a frequent occurrence we did see a few occasions where the defence called an expert. We had doubts as to the actual level of expertise, especially given the fact that they would claim expertise over much wider areas of the laboratory's work than individual staff members would, and given that we would sometimes have to show them how to operate a particular make of microscope. There were also a few, possibly apocryphal, tales of these independent experts arguing a case from a standpoint of ignorance; an industrial QA operator not aware of how to measure, say the RI of glass to a couple of orders of magnitude better than all that QA required.

          2. Anonymous Coward
            Anonymous Coward

            Re: DNA and ffingerprints

            'They're both great tools for proving someone is NOT the perpetrator (ie an elimination tool)'

            I was trying to think of a way of saying I have concerns about how those types of evidence can be oversold. How you've worded it is perfect. Thanks.

    2. Wellyboot Silver badge

      Wayback integrity

      I think the fact that it's just a 3rd party system copying everything it can would be a plus point, it can be viewed as a disinterested witness.

      Time for a 'official wayback' for the ICO?

      1. pseudonymous

        Re: Wayback integrity

        Already has one.

        http://webarchive.nationalarchives.gov.uk/*/http://www.ico.org.uk/

        (sheesh, 3 hours moderation for a first comment and counting...)

        1. Ken Moorhouse Silver badge

          Re: (sheesh, 3 hours moderation for a first comment and counting...)

          Welcome aboard. It was worth the wait.

    3. a_yank_lurker

      @Flakk - The totality of evidence has to point to the a consistent conclusion. Wayback Machine is only one source, other records are also a source. If the prosecution is only relying on Wayback they have a weak case. If Wayback tidies up all the loose ends then it makes the evidence more compelling. It appears the latter was done. Also, the prosecution provided witnesses to validate Wayback's methods that were cross-examined by the defense. So if there were serious holes, it should have come out with a competent defense.

      1. Flakk

        @DougS and a_yank_lurker - Good points, all. I still shudder to think that this resource could actually be used to generate evidence in a criminal case, but less so I suppose if its used solely to corroborate other evidence. Thanks for the info.

    4. Adam 1

      finally a proper use case for Blockchain

      Having a distributed ledger that proves that the hash of the archived page has not been modified since collection could certainly add such trust. Of course it can only prove that WBM faithfully kept a copy of the same thing that was delivered to them originally. It cannot prove whether or not:

      * WBM was served a custom version of the page different to what another visitor would see

      * Whether any doctoring occurred between what was served and when that block was added to the chain

    5. Doctor Syntax Silver badge

      Surely the mere testimony of an office manager does not meet the criteria for "beyond a reasonable doubt"?

      The testimony of an office manager familiar with the operation of the system would be taken as expert evidence. The other side would need to produce counter-evidence from another expert to cast doubt on it.

  2. Aqua Marina

    In other news, mega corporations around the world follow the Wayback Machines procedure as covered in the FAQ for purging all historical snapshots of their websites.

    Me? Cynical?

    1. Anonymous Coward
      Anonymous Coward

      > In other news...

      You forgot to add: all criminals using a web site to perpetrate a scam, fraud etc will now include a check for the Way Back Machine's spider and deliver a subtly different set of pages with the intention of establishing an alibi.

      The testimony from the office manager simply confirms that the Wayback Machine accurately archives what it receives - there is no guarantee that what it received is what the defendant, the prosecution or anyone else received.

      1. Anonymous Coward
        Anonymous Coward

        It's beyond the pale that 'innocent' websites would deliver an antagonistic website though.

      2. Ken Moorhouse Silver badge

        will now include a check for the Way Back Machine's spider

        Good point.

        Contemporaneous raw logs from the site might help deflect that argument, as well as the possibility that someone tinkered with DNS to point the website somewhere else for a period.

  3. Wellyboot Silver badge

    So he;

    1: fixed the security hole on affected devices - public service, good for him

    2: sent clicks to his own ad to steal pennies from ad slingers - meh

    3: set about collecting credentials & creating a botnet - slapped wrist time, if he'd stayed with just the clicks he'd have probably been ok doing this for years.

    As for >>> Italian police were acting under the instruction of US police when they raided his house and so should have followed American standards for search<<< that'd be laughed out of court in any country, would he have used that argument if a country that allows confessions under torture had made the request?

    1. Charlie Clark Silver badge

      1: fixed the security hole on affected devices - public service, good for him

      You might think so but it's definitely tampering under the law.

  4. Anonymous Coward
    Anonymous Coward

    Sorry this is a big nope from me, There is no oversight, it's a non-profit run on donations from partners. No background checks on staff and no monitoring of changes that I am aware of for the staff (why would there be?)

    Anyone could go on internet archives website and either bribe or threaten someone to make changes. The list all the staff by name and picture and role, I mean come on, that's a social engineer hackers wet dream.

    Therefore this is not safe data to use in a court of law. That's my opinion.

    1. eldakka

      Anyone could go on internet archives website and either bribe or threaten someone to make changes.

      And how is that different to any other form of evidence?

      Eye witnesses can be tampered with.

      Expert witnesses can be tampered with.

      SOCO's can be interfered with to add/delete/substitute crime-scene evidence.

      Evidence in storage can be tampered with.

      Judges can be tampered with.

      Jurors can be tampered with.

      That's why, generally speaking, a suite of evidence is needed (although there might be a single piece that is more persuasive than any others) to convict someone.

      This and that and that and that and that all point to me having eaten the cake.

      1. Anonymous Coward
        Anonymous Coward

        I agree but at least with normal evidence there are at least some safe guards, what do you have with this? It's not like you can cross check against something else.

        1. Charlie Clark Silver badge
          Stop

          I agree but at least with normal evidence there are at least some safe guards, what do you have with this? It's not like you can cross check against something else.

          You seem to be ignoring the legal arguments entirely: evidence is not proof. Evidence can and, unfortunately, frequently is tampered with which is why corroboration of different kinds is required. What the decision does is set a precedent that the archives of the Wayback When Machine can be admitted as evidence. This is no different to when fingerprints, and later, DNA or other forensic items were considered admissible: both of which can, and infamously, have been manipulated.

          In any particular trial, however, a court can decide whether any particular piece of evidence can be considered admissible, which provides ample scope for defence counsels to challenge.

        2. eldakka

          I agree but at least with normal evidence there are at least some safe guards, what do you have with this? It's not like you can cross check against something else.

          Well, first of all, if the defense are suspicious, they could subpoena the Way Back Machine for their logs regarding that particular archive website, e.g. file modification dates, backups, logins to the system, and so on to see if after the initial 'scrape' of the site was changed later in the saved version of the site they have.

          The defense can also introduce their own rebuttal evidence, e.g. the accused still has their own copy of the site from the same time, and it is different from the Way Back Machines.

          And like every other piece of evidence, there needs to be someone to 'vouch' for it. This can be in the form of eyewitnesses or expert witnesses.

          e.g. CCTV footage of a crime can't be admitted unless the admitting party can prove its provenance, i.e. "My name is Joe Blogs, and this is the video tape I took from my shops security system minutes after the incident. The timestamps displayed are accurate, it is a security system with only one camera attached to it, and it was functioning normally at the time of the incident, and between removing it from the recording machine and handing it to the police, no-one else but me has touched it and it has not been tampered with."

          Substitute the Way Back Machine for CCTV system, and Joe Blogs the shop owner with various system admins/management at the Way Back Machine.

          That is how all evidence works. Someone presents evidence, attests to it, and then it is up to the other side - or the judge - to present reasons why it can't be accepted. That is the whole point of rebuttal testimony, cross-examination, character examinations and so on. When a defense attorney asks Joe Blogs from my example above seemingly irrelevant questions like whether he is having an affair, or is a closet homosexual, or has a police record, or about his taxes, he is trying to cast doubt in the minds of the judge and/or jury about how reliable this person is, and maybe you shouldn't believe anything he says about the submitted CCTV evidence because he is a known liar, etc.

          Exactly the same process will apply to the Way Back Machine, the opposing counsel has the opportunity to examine the providence of the evidence, and can bring in their own expert witnesses to cast doubt on the evidence, to show, reasonably, that it could have been tampered with.

  5. Herby

    Be careful...

    The internet has a VERY good memory. Sometimes it can be a little bit too good. If you do put up a web site, be assured that someone will make a copy of it somewhere, and if you do bad things, it will come back to bite you in the a**.

    Kinda like these comments we write for ElReg.

    1. veti Silver badge

      Re: Be careful...

      The Internet has a *terrible* memory. I've tried finding things I posted on Usenet 20 years ago, and had no luck despite knowing exactly what I was looking for, and having a whole department of Google to draw on. Try finding a website from that era - chances are that even the Wayback machine only has a small selection of pages, if that.

      It's a total myth that once you post it online it's there forever. Sure, *someone* probably has access to that material - but not ordinary drones like us.

      1. Allan George Dyer
        Boffin

        Re: Be careful...

        @Herby & @veti - I totally agree with both of you. The Internet has both a VERY good and a *terrible* memory. It's probably some sort of quantum state, which is collapsed by the observer to the detriment of the person that would be most heavily affected. Thus, when a prosecutor goes looking, the result is incriminating records are found and the defendant is jailed, but when a defendant looks for exonerating records, they're not there and the defendant is still jailed. You're lucky it's only your Greybeard status based on your Usenet posts that is at stake.

      2. Ken Moorhouse Silver badge

        Re: It's a total myth that once you post it online it's there forever.

        Google will change its algorithms in ways that will certainly change the results of a search.

        The only repeatable way to return to a previously visited site is to store your own cached copy. I seem to remember academic sites offering this kind of service online for citation purposes, but I didn't keep a cached copy of said reference to share :-(

      3. stiine Silver badge

        Re: Be careful...

        True. I keep searching for complete copies of "And Still The Moon" (not the poetry, but the vodka-in-the-fish-tank stories), and also for the unabridged copy of "Mike's Madness" ( "Do you think it will work" - Edward Teller)

      4. anothercynic Silver badge

        Re: Be careful...

        Usenet has short memories these days... trying to find a decent Usenet server that holds *all* categories for starters is a lot of fun.

        And WBM follows robots.txt directives. If you have a robots.txt in your root that explicitly stops *all* crawlers, then you're SOL when looking for an archive of your site. :-)

  6. Anonymous Coward
    Anonymous Coward

    snapshot versus screenshot of snapshot

    So setting aside the matter of if the Wayback Machine is legit evidence, how do you establish that a screenshot of said archive is legit? Even if the site itself is legally sound, a screenshot seems highly dubious...

    1. Mark 85

      Re: snapshot versus screenshot of snapshot

      Simple, lawyers and judge need to compare the two. You won't get the scripts running in the background if I recall correctly and not always the ads, etc.

    2. eldakka

      Re: snapshot versus screenshot of snapshot

      how do you establish that a screenshot of said archive is legit? Even if the site itself is legally sound, a screenshot seems highly dubious...

      Because when evidence is presented, then it is usually taken at face value unless there is some reason to doubt it.

      If the lawyer presenting the screenshot says: "I took this screenshot last week, and it shows..." then unless there is some articulable reason for not believing the lawyer, then it is taken to be the case.

      That's how the whole chain of custody works. SOCO says "I found blood sample A at scene of crime, and sealed it into evidence bag 234a3dsa, and placed it into storage container 1234 that was sealed on completion of gathering evidence at the crime scene."

      Then Constable Fred says "I unsealed storage container 1234, took sealed evidence bag 234a3dsa from it, and delivered it to Bob at the lab."

      Bob then says "I received sealed evidence bag 234a3dsa from Constable Fred and gave it to lab technician Jones."

      Lab technician Jones says "I received sealed evidence bag 234a3dsa from Bob, unsealed it, and performed DNA tests per standard procedure XYZ, and these are the results of that test".

      Every step of that chain depends on believing the person who made those declarations. To cast doubt on that evidence, then it is up to the person trying to cast doubt on articulating that doubt and presenting evidence themselves to back up their claims.

      1. TonyJ

        Re: snapshot versus screenshot of snapshot

        "...Because when evidence is presented, then it is usually taken at face value unless there is some reason to doubt it..."

        But the thing you haven't pointed out is that all the people in that chain of evidence have had some kind of background checks and hold some kind of clearance to ensure that they aren't overtly compromised or untrustworthy.

        A few guys on the internet running an archive...probably not.

        1. Anonymous Coward
          Anonymous Coward

          Re: snapshot versus screenshot of snapshot

          Background checks only prove you've never previously been caught....

        2. stiine Silver badge
          FAIL

          Re: snapshot versus screenshot of snapshot

          re: TonyJ.

          Do you mean like that nice lady in the Massachusetts drug lab? 23000+ cases have been thrown out because the lady who passed the background check and had the clearance....was herself a drug-using criminal.

          1. TonyJ

            Re: snapshot versus screenshot of snapshot

            I didn't say the clearance process is perfect. Believe me, I know - I've been through it many times all the way to DV, but it does give the parties that employ persons who have been through the process the confidence that the majority of the people they are employing are suitably trustworthy.

            With enough links in any chain, there is always the possibility if not probability that one or more will be weak.

            But the background checks, along with the necessary processes should at least be enough to give some confidence that things are handled properly.

            And again...I am not suggesting the system is perfect or works without failure.

      2. strum

        Re: snapshot versus screenshot of snapshot

        >Because when evidence is presented, then it is usually taken at face value unless there is some reason to doubt it.

        What most people don't realise is that physical/technical evidence isn't just shovelled into the courtroom. All evidence is 'adduced' from human witnesses. It's their word that is being put into evidence - their word that this piece of stuff is what he says it is.

  7. Claptrap314 Silver badge

    Chain of evidence

    I really, REALLY don't like how this goes. The Wayback machine is practically run by volunteers. They have approximately 0 dollars for things like integrity assurance. If at ANY point, they have been hacked, then their entire archive is at best suspect.

  8. Winkypop Silver badge
    Happy

    But

    Mr Peabody was always correct!

  9. Will Godfrey Silver badge
    Unhappy

    Difficult

    Some interesting points raised by the commentards. I think we are in for some rapid changes both in the Wayback machine itself and the way people use it.

    Unfortunately I suspect the crims will lead the way, closely followed by TLAs

    Rather a shame.

    1. Nick Kew

      Re: Venn Diagram

      Not everyone wants to vandalise the past.

      What matters here is the intersection of those who do want to do that with those who know about this case and can inform themselves how to wipe history. How many criminals or iconoclasts are also Reg readers?

      Even TLAs are unlikely to be competent to think of most cases they might want to wipe on their own behalf. And an untargeted mass-attack would destroy precisely what the TLAs value.

      So while I can see there might be an effect, I suspect it'll be tiny. The bigger risk will remain that of regular defacement as per any site.

  10. Jedit Silver badge
    Coat

    " if you want to see what The Register looked like in 1998"

    More organised, and with no intrusive adverts? Me like!

    (Yeah, yeah, mine's the one with 1984 in the pocket. The year, not the book.)

  11. StuntMisanthrope

    Do not pass go, get out of gaol.com

    Hired to retrieve a disaster or need a quick fix. Say Hello and thank you to the code block. There's also an interesting proof without a smoking gun. #automagic

  12. andy67

    What gets me is he only got one year. I usually think the US gives harsh sentences but he got off seriously lightly in this case. Distributing malware, intrusion, fraud, destroying evidence? He obviously made some serious money out of his crimes to pay for some heavy legal assistance.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon