Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The raid was being live tweeted by an ABC editor, the tweet that stood out the most to me was this:[0]

AFP: I’m still staggered by the power of this warrant. It allows the AFP to “add, copy, delete or alter” material in the ABC’s computers. All Australians, please think about that: as of this moment, the AFP has the power to delete material in the ABC’s computers. Australia 2019.

[0]https://twitter.com/TheLyonsDen/status/1136124130204442624



Yes this stood out to me too. I don't really understand why a warrant would enable alteration. Copying I can wrap my head around, but alteration without oversight seems awful. Hopefully the warrant has more fine print than the journalist implied.


Perhaps they had a ruling in the past that during accessing a computer, things got changed, like the logs. And so now they have to have that in the warrant so that they don't lose their case.

It sounds stupid, but I could see it happening.


But this isn't a way to do a forensic analysis. You just clone the hard drive. Anything else should not be able to stand up in court.

Afaik it is practice in rule-of-law countries to hand a clone to each party in the case.


Forensic analysts must use read-only adapters to clone hard drives.


This wasn’t a forensic extraction of data from a recovered hard drive, it was a drag net across email server, file servers, content management systems, wikis, phone records, written notes … basically every form of communication that left any trace.

The ABC staff literally copied all the stuff that might be interesting (found using keyword searches) into a folder, which the ABC legal and AFP investigators went through one by one to determine what was of interest to AFP. The items of interest was then copied to a “sealed” package which the AFP pinky swears nobody will look at for two weeks while the ABC seeks an injunction.


Or the right to install spyware.


>Perhaps they had a ruling in the past that during accessing a computer, things got changed, like the logs

they don't have imaging tools and/or write blockers?


Probably legal completeness. Think about it, log in to a windows computer there is probably an event log that gets updated. While checking browser history the history may be altered. Installing surveillance applications would modify the machine. Etc.


Installing surveillance applications

Isn't this a huge problem? That the police can forcibly install surveillance applications in a news organizations computers.


Seems the language needs to be specific then, or it allows for free manipulation of evidence.

Something like, allowed to copy and if that has an unintended consequence of modifying the machine, that is fine so long as evidence is not destroyed.


This. Also covers deleted files being overwritten when new files are created.


also "alter" - think "planting evidence"


Another reason for offsite, offline backups.

(offsite = not here, offline = not powered on)


At one large television station I worked for, the policy was to destroy everything after two weeks. The only thing kept was the video that aired. Reporters could keep their own notes, but only on their own devices.

The news director's thinking was "they can't subpoena what we don't have."

This was in a city where the local police would subpoena at the drop of a hat, and used it as a harassment tool. The goal was to keep the subpoena storms from getting in the way of people actually reporting news.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: