
Deleting your browser history could land you in prison - apo
http://kernelmag.dailydot.com/issue-sections/staff-editorials/13910/sox-browser-history-obstruction-justice/
======
jpatokal
I'm not saying I necessarily agree with the prosecution, their tactics or the
charges, but this article is sensationalist to the point that you could change
the headline to "emptying your trash could land you in prison".

> prosecutors argued that he made a conscious choice to destroy materials he
> knew could be used in a future investigation.

See, that's the point here. If he had happened to have (say) VHS tapes or even
handwritten notes of those sessions, and he had thrown them out after the
bombing, he could have been slapped with the same charges. The primary
difference here is that emptying your browser history leaves a telltale sign,
while chucking out some physical object does not.

Also, this article is conveniently omitting the fact that he also pled guilty
to three counts of essentially lying to the FBI:
[http://www.thedailybeast.com/articles/2015/03/26/the-fbi-
is-...](http://www.thedailybeast.com/articles/2015/03/26/the-fbi-is-trying-to-
destroy-my-life.html)

Remember kids, don't talk to police. Ever.
[https://www.youtube.com/watch?v=6wXkI4t7nuc](https://www.youtube.com/watch?v=6wXkI4t7nuc)

~~~
j42
The timeline listed in the source he provides clearly states that he made an
effort to "delete files [...] reformat his computer" after the events,
indicating knowledge he could be implicated as an accomplice.

That said, I think using the "mens rea" argument associated with implicit
guilt is how dangerous precedents are born.

I'm specifically concerned with this excerpt from from Sarbanes-Oxley act
which is being misappropriated by prosecutors:

>Whoever knowingly alters, destroys, mutilates, conceals, covers up,
falsifies, or makes a false entry in any record, document, or tangible object
with the intent to impede, obstruct, or influence the investigation or proper
administration of any matter within the jurisdiction of any department or
agency of the United States or any case filed under title 11, or in relation
to or contemplation of any such matter or case, shall be fined under this
title, imprisoned not more than 20 years, or both.

Deleting videos and attempting to reformat a computer after the Boston
marathon _are done knowingly_. Clearing one's cache/browser history is in many
situations an automatic action, and it's troubling to find it lumped in with
pre-meditated action.

I see justification for 3 counts of obstruction, not 4. The 4th looks like an
attempt to set the modus operandi of the courts in dealing with our web/online
history, and I don't think anything which draws attention to that is
necessarily a bad thing...

~~~
tedunangst
> Clearing one's cache/browser history is in many situations an automatic
> action

Article says "he doctored his browser history" which sounds less automatic.

~~~
gherkin0
> Article says "he doctored his browser history" which sounds less automatic.

Or the writer could have been trying to introduce verbal variety and as a
consequence ineptly misrepresented what happened. The link[1] immediately
after "doctored his browser history" only mentions "deleting files/data" and
"reformatting":

[1] [https://www.bostonglobe.com/metro/2014/05/30/timeline-
allege...](https://www.bostonglobe.com/metro/2014/05/30/timeline-alleged-
activities-khairullozhon-matanov/sF4n3bB6HDWGgeUWzeTyhN/story.html)

~~~
tedunangst
Seems like there's a lot of worry about the precedence this case sets, but not
a lot of detail about what actually happened.

~~~
j42
I'm sorry, I should have provided the source in my original post. Pages of
interest are 9 and 10:

 __SOURCE: __[http://www.justice.gov/sites/default/files/usao-
ma/legacy/20...](http://www.justice.gov/sites/default/files/usao-
ma/legacy/2014/05/30/Indictment.pdf)

It states (item 40), paraphrased, that he deleted his internet cache and
_also_ browsing history selectively, which was used to reason that he was
attempting to hide his philosophical similarities with the brothers.

I take issue with item 43:

\----

By deleting his Internet cache and other files, MATANOV obstructed the FBI’s
determination of his Internet activity during the night of April 18 and the
day of April 19, 2013, and the extent to which he shared the suspected
bombers’ philosophical justification for violence, among other topics of
interest. MATANOV’s deletions have thus obstructed the FBI’s investigation of
the bombings and the suspected bombers, and have caused the FBI to expend
considerable additional resources during its investigation of the bombings and
the suspected bombers.

\----

This man is clearly guilty, and the other evidence is damning. That said I
cannot ever see validity in the argument that clearing history of access to
publicly-accessible records online definitively indicates obstruction, or
"malicious intent." Localized browsing history should be considered more
ephemeral than user-stored files, because otherwise where is the line drawn?
Could you be charged in 2018 for not leaving your computer in a cold enough
climate for encryption keys to be recoverable from RAM? Possibly, because
without those you'd cause the FBI to "expend considerable additional resources
during its investigation."

I say this because the application of that reasoning doesn't discriminate
between individuals actually trying to defraud (e.g., this gentleman) and
those who are privacy conscious. It has chilling and unintended consequences,
and those shouldn't be ignored when the case can absolutely be made without
this assertion.

~~~
rosser
_I say this because the application of that reasoning doesn 't discriminate
between individuals actually trying to defraud (e.g., this gentleman) and
those who are privacy conscious._

But it does. If you're legitimately purging your browser history because
you're privacy conscious, you're almost certainly going to have it performed
in some sort of automated fashion. Maybe you have the browser purge those
things on shutdown. Or you have an extension that nukes things older than 24h.
Or, worst case, hopefully you have some way of demonstrating that you do this
on the regular, by hand (but that still might not cover you, truth be told).

Doing it one-off is a completely different matter, legally speaking.

See my reply elsewhere in this subthread for an analogous situation involving
company financial records. [1] Nutshell: if you don't want to be prosecuted
for obstruction of justice or destroying evidence, you have a standing,
documented, and meticulously followed document retention policy, under which
you're shredding things on the regular.

There is unambiguous, and well-settled precedent (and probably also statute,
but I'm too lazy to look it up) to this effect. There is no new legal ground
being broken here whatsoever.

[1]
[https://news.ycombinator.com/item?id=10032792](https://news.ycombinator.com/item?id=10032792)

~~~
j42
If you're intelligent and privacy conscious, yes. I also think a
statistically-relevant alternate scenario exists where a person is deleting
things selectively out of fear of (real or imaginary) ideological persecution.
I don't see this legal interpretation by federal prosecutors as discriminating
between actively impeding an investigation (obstruction) and controlling what
information we retain on the devices we own--especially when that information
can be recovered from other places, like browsing history.

They were looking to create a case for philosophical sympathies and they found
evidence of that in both his statements and direct actions. That would be
enough to charge him, and yet they've chosen to specifically juxtapose his
internet browsing history (and deletion thereof) with "[causing] the FBI to
expend considerable additional resources during its investigation." As you
said they either recovered the files directly, or else subpoenaed the ISP, and
neither could be said to take "considerable effort."

They're saying that because he viewed certain videos and pictures (publicly
available) online, he must be a sympathizer. I'm saying, yes he's a
sympathizer (and deserves prosecution) but his browsing history online should
not be a legally valid justification. Unless you want to sweep up journalists
& whistleblowers in the process... Even copyright defendants (thanks to the
TPP), if the hypothetical owner of defecatingdwarves.us were to demand
criminal charges be brought against a cyberlocker illegally streaming their
videos, and you just happened to delete the history entry from your recent
visit which the plaintiff decided to treat as "evidence."

This case isn't creating a precedent, but it's the first time I have seen
federal prosecutors use this rationale and it's concerning. I personally don't
think deleting your browsing history alone--even selectively--warrants a
potential 20yr federal sentence.

------
blatherard
This sounds like another "banal-sounding activity that everyone does is
suddenly illegal!" misunderstanding. The charge is that someone destroyed
potential evidence on their computer with the intent of preventing that
evidence from being found by an investigation that they believed was likely.
In the non-digital realm, this is like shredding business records when you
suspect you're being investigated. Shredding isn't illegal, but attempting to
obstruct an investigation is, and (IMHO) rightfully so.

Which is to say: deleting your browser history _as part of an effort to thwart
a criminal investigation_ could land you in prison.

~~~
LordKano
It's worse than that.

Deleting your browser history if they government _says that you thought it
might one day be relevant_ in an investigation can land you in prison.

For example: You're downloading run of the mill adult-on-adult pornography and
one of the links that you click redirects you to a child porn site, you
weren't looking for child porn and you didn't want any but you inadvertently
browsed to a site that hosts it, so you delete all of your cache because you
don't want that on your computer. Well, if that site was a honeypot and when
the authorities come investigating, they'll use your cleared cache as proof
that you knew you were doing something illegal and prosecute you for it
despite the fact that you didn't intentionally break the law.

~~~
blatherard
I did a little googling, and destroying the porn would actually be the right
thing to do and so shouldn't get you in trouble. According to "18 U.S. Code §
2252A - Certain activities relating to material constituting or containing
child pornography", an affirmative defense is not having much and either
deleting it promptly or reporting it:

    
    
      (d) Affirmative Defense.— It shall be an affirmative defense to a charge of
          violating subsection (a)(5) that the defendant—
        (1) possessed less than three images of child pornography;
        and
        (2) promptly and in good faith, and without retaining or allowing any person, 
           other than a law enforcement agency, to access any image or copy thereof—
            (A) took reasonable steps to destroy each such image;
            or
            (B) reported the matter to a law enforcement agency
                and afforded that agency access to each such image.
    

(source:
[https://www.law.cornell.edu/uscode/text/18/2252A](https://www.law.cornell.edu/uscode/text/18/2252A))

~~~
juliangregorian
Yeah, reporting it is definitely the right thing to do and would totally go
well for you. /s

~~~
DanBC
On a tangent: if people do accidentally find indecent images of children, or
images of child sexual abuse, there are methods to report those images
anonymously.

The Internet Watch foundation is one site. There are probably others for
different countries. [https://www.iwf.org.uk/](https://www.iwf.org.uk/)

The IWF has just announced a collaboration with Google, Facebook, Twitter:
[http://www.bbc.co.uk/news/uk-33844124](http://www.bbc.co.uk/news/uk-33844124)

------
Falkon1313
The wording seems to indicate taking a specific action to delete specific
things.

So would having a browser/extension that automatically cleans up after itself
imply guilt? Even people who don't do anything illegal, immoral, or unethical
online might legitimately not want their computer constantly polluted with all
the droppings from every site they visit - tracking cookies, cached ads, etc.

What about browsing from a VM that loads a pristine provisioned image every
time you boot it? Seems a reasonable way to avoid both that pollution and
reduce likelihood of being infected by malware or other security issues. The
responsible thing for any good patriotic law-abiding citizen to do.

Either way, it would be a standard operating procedure. So anything that they
didn't find would not be something that you had intentionally deleted.

~~~
tedunangst
Now you know why companies have these annoying policies which automatically
delete all email older than 90 days.

------
x0054
I think this article in several places equates actively deleting your browser
history with using an incognito mode in chrome, or another method of
automatically deleting, or even preventing the creation of history all
together. This is not the case, you are perfectly fine having a system that
will automatically delete your history, at least for now, it's not illegal to
do that.

This is also why many companies have a very precise document destruction
procedures. I used to run a company that was involved in the document
management industry. Many companies track very closely the lifecycle of every
document they create, and many have programs that will purge the document
literally on the day when it can be delete. If you have to keep a document for
7 years, there are systems that will purge that document at midnight on the
7th anniversary of it's creation.

This is perfectly legal as long as it's all automatic. I think under Sarbanes-
Oxley you do have an obligation to preserve evidence once the investigation is
open, so you would have to disable the automated system. But as long as your
documents are destroyed as soon as it's legally possible, you are basically
covered.

------
BendertheRobot
That's odd. I thought SOX applied to public corporations.

How a guy was charged with violating it seems odd.

Too bad SOX doesn't apply to government.

~~~
MCRed
Specifically, Hilary Clinton's email scandal would be a crime under SOX, as
would be the recent IRS data destruction.

The problem isn't that there aren't laws that criminalize these activities,
there are.

The problem is that the government will never prosecute itself, and thus the
government lets the corrupt get away with it increasing corruption over time.

One example of this is that there's been no reform of voting systems despite
their failure in 2001, and increasing evidence of voter fraud in every
presidential election since.

------
crystaln
If you find out someone who has used your computer was involved in an act of
terrorism, then delete evidence of their guilt, I'm not sure I understand why
that would not be a crime.

This guy was not prosecuted for deleting his browser history, he was
prosecuted for deleting information he knew was relevant to a criminal
terrorism investigation.

------
chmike
Deliberated evidence destruction should logically be sanctionned. I don't see
anything wrong here. In a crime investigation, privacy should not come into
play. That would make it easy to get away with it. Put yourself on the side of
the victims if you don't understand.

------
miander
Sickening stuff. It's even worse when you realize you're afraid of ending up
on a watch list for speaking out about this kind of abuse.

~~~
brandon272
Which is why am ashamed to say I don't say anything controversial online
anymore. Hell, even posting this makes me nervous. Though I guess that's one
of the goals of government surveillance – obedience.

~~~
justwannasing
They turned me into a newt!

~~~
twothamendment
...I got better.

------
aykutcan
Whats next ? Accessing internet will make you potential terrorist ?

------
CaiGengYang
This is really weird! So lets say if a person once made some stupid remarks on
a blog or somewhere else, and wants to erase his or her internet presence so
that future employers can't see it, it is a crime too ?

------
msutherl
As pertains to the 'delete files [...] reformat his computer", would he have
been absolved if he had instead "lost" his computer?

------
sillyryan
..and I thought my daily dose of crazy was over!

------
donatj
Every day it seems I read something that makes me believe I'm living in an
absurdist Dostoevsky novel.

~~~
krick
You mean Kafka, maybe?

~~~
donatj
Eh, I was thinking more along the lines of The Double with the world around me
making less and less sense, whilst living under a crushing bureaucracy.

------
wonkaWonka
The real problem here is that the legal system, under which many sophisticated
laws are prosecuted, is under the stewardship of a lot of common, everyday
people of middling intellect.

So, yeah, browsing history possesses all the legal integrity of pocket litter
and fast food receipts, and who's to say which information on a typical
consumer-class hard drive constitutes a forgery contaminated by trojans and
rootkits, versus what is actual legitimate forensic evidence, but that doesn't
stop zealous prosecutors and judges from placing this sort of evidence in
front of bored, apathetic juries, serving jury duty, because their name came
up on the list after getting a traffic ticket.

~~~
hga
Unlike so much other relatively new law, this satisfies _mens rea_ , "the
guilty mind"
([https://en.wikipedia.org/wiki/Mens_rea](https://en.wikipedia.org/wiki/Mens_rea))
so I can't say I have problems with it. Heck, it echoes a favorite Proverb,
the start of 28:

 _The wicked flee when no man pursueth: but the righteous are bold as a lion._

If I were to realize a (now very much ex-)friend had just maimed and murdered
a bunch of people, my first thought would not be to dispose of evidence.

~~~
ipsin
I delete my browser history often enough, but each instance is not evidence
that I believe I've committed any crime.

Do browsers actually log when you delete history? Is there any record or log
beyond traces on the filesystem?

~~~
abalashov
I don't think so, but an empty history, or a history consisting solely of
access over the past few days, might be taken as evidence that it was wiped.

~~~
krick
So what? I might delete it just for my own convenience. (BTW, it's irrelevant
if somebody does so, but if you are curious: I actually do. The reason is it
is much simpler to search for something in the cache/history when it's small.)
There's no reason whatsoever to think that I'm hiding something. I mean, if I
was an investigator, I surely would pay attention to that, but I cannot (or
shouldn't be able to) treat absence of evidence as evidence of "hiding
something". No evidence is no evidence and nothing more.

