Strong Authentication is Good, Unless …

… it results in your being arrested!

In her September 28, 2019 article, “Army communication head at Mar-a-Lago sentenced for lying,” Jane Musgrave describes how an army officer in charge of communications at Mar-a-Lago had lied about posting a photograph of a young girl on a Russian website … see It turns out that the photographs “did not constitute child pornography.” However, the army officer lied to law enforcement about owning the email account that was associated with the posting. The agents then asked him “to try to use the email address to access the website,” the site then asked hm to fill in missing numbers from his cell phone, thereby affirming that the email account was his.

This is an example of a professed victim acting in the role of attacker or perpetrator. I have an article due out in early 2020 in the ISACA Journal with the title “When Victims and Defenders Behave Like Cybercriminals.” Modern technologies allow for all manner of impersonation and anonymization, but in some cases, there are ways to identify a device’s location at a particular point in time, although proving that the owner of the device was the actual user at the time requires more evidence.

There is a fascinating article by Lauren Smiley in the October 2019 issue of Wired magazine about how a Fitbit worn by the murder victim was able to time stamp the time of death due to the time that heartbeats ceased. The title of the article is “The Telltale Heart: He was an unlikely suspect. 90 years old. Wouldn’t hurt a fly. But there was a witness and the victim was wearing it.” Of course, that doesn’t confirm who did it. But, other corroborating evidence from a local camera—actually a neighbor’s Ring security camera—provided additional information that pointed to the suspect. Here is another case where identification was a result of today’s pervasive technologies, although, when you read the article, it could just be circumstantial and the real perpetrator could possibly be other than the suspect.

This raises the question as to whether technologies, such as GPS, fitness/health devices, and smart phones, can be fully trusted and if they can be relied upon for providing incriminating evidence. Certainly, we are increasingly seeing CCTV videos and face recognition playing a part in proving presence and culpability in the physical world. The question as to whether the same rules apply in the virtual world remains open, as discussed in Smiley’s article.

Post a Comment

Your email is never published nor shared. Required fields are marked *