Now it's raising questions of just how much we should expect legal officials to understand about digital evidence -- and how much more they need to understand.
Those questions flow from the decision of the San Francisco District Attorney's office to list 150 passwords as Exhibit A in the case against former (rogue) admin Terry Childs.
To be fair, the passwords listed are said to be part of two-step access system, relatively valueless on their own. I'd question that; if nothing else their listing gives observers the chance to glimpse the password creation strategies of 150 or so people.
But it's equally fair to ask: what are the prosecutors thinking? Even if every one of the 150 passwords is long-since changed, their listing -- the decision to list them -- reflects an insufficient (at minimum) understanding of digital security and confidence in digital privacy that's distressing.
Look at it this way -- would the DA's office have considered the valuelessness of the passwords in question if it had been Terry Childs who posted them instead of its own evidence-producing officers?
Don't think so. Same way I don't think the DA's office thought much about this at all.
And if you don't think that a list of changed or "valueless" passwords isn't a trove of possibility for crooks, take a look at this good bMighty article on password cracking techniques.
