District Court Holds that Running Hash Values on Computer Is A Search: The case is United States v. Crist, 2008 WL 4682806 (M.D.Pa. October 22 2008) (Kane, C.J.). It's a child pornography case involving a warrantless search that raises a very interesting and important question of first impression: Is running a hash a Fourth Amendment search? (For background on what a "hash" is and why it matters, see here).

First, the facts. Crist is behind on his rent payments, and his landlord starts to evict him by hiring Sell to remove Crist's belongings and throw them away. Sell comes a cross Crist's computer, and he hands over the computer to his friend Hipple who he knows is looking for a computer. Hipple starts to look through the files, and he comes across child pornography: Hipple freaks out and calls the police. The police then conduct a warrantless forensic examination of the computer:

In the forensic examination, Agent Buckwash used the following procedure. First, Agent Buckwash created an "MD5 hash value" of Crist's hard drive. An MD5 hash value is a unique alphanumeric representation of the data, a sort of "fingerprint" or "digital DNA." When creating the hash value, Agent Buckwash used a "software write protect" in order to ensure that "nothing can be written to that hard drive." Supp. Tr. 88. Next, he ran a virus scan, during which he identified three relatively innocuous viruses. After that, he created an "image," or exact copy, of all the data on Crist's hard drive.

Agent Buckwash then opened up the image (not the actual hard drive) in a software program called EnCase, which is the principal tool in the analysis. He explained that EnCase does not access the hard drive in the traditional manner, i.e., through the computer's operating system. Rather, EnCase "reads the hard drive itself." Supp. Tr. 102. In other words, it reads every file-bit by bit, cluster by cluster-and creates a index of the files contained on the hard drive. EnCase can, therefore, bypass user-defined passwords, "break down complex file structures for examination," and recover "deleted" files as long as those files have not been written over. Supp. Tr. 102-03.

Once in EnCase, Agent Buckwash ran a "hash value and signature analysis on all of the files on the hard drive." Supp. Tr. 89. In doing so, he was able to "ingerprint" each file in the computer. Once he generated hash values of the files, he compared those hash values to the hash values of files that are known or suspected to contain child pornography. Agent Buckwash discovered five videos containing known child pornography. Attachment 5. He discovered 171 videos containing suspected child pornography.

One of the interesting questions here is whether the search that resulted was within the scope of Hipple's private search; different courts have approached this question differently. But for now the most interesting question is whether running the hash was a Fourth Amendment search. The Court concluded that it was, and that the evidence of child pornography discovered had to be suppressed:

The Government argues that no search occurred in running the EnCase program because the agents "didn't look at any files, they simply accessed the computer." 2d Supp. Tr. 16. The Court rejects this view and finds that the "running of hash values" is a search protected by the Fourth Amendment.

Computers are composed of many compartments, among them a "hard drive," which in turn is composed of many "platters," or disks. To derive the hash values of Crist's computer, the Government physically removed the hard drive from the computer, created a duplicate image of the hard drive without physically invading it, and applied the EnCase program to each compartment, disk, file, folder, and bit.2d Supp. Tr. 18-19. By subjecting the entire computer to a hash value analysis-every file, internet history, picture, and "buddy list" became available for Government review. Such examination constitutes a search.

I think this is generally a correct result: See my article Searches and Seizures in a Digital World, 119 Harv. L. Rev. 531 (2005), for the details. Still, given the lack of analysis here it's somewhat hard to know what to make of the decision. Which stage was the search — the creating the duplicate? The running of the hash? It's not really clear. I don't think it matters very much to this case, because the agent who got the positive hit on the hashes didn't then get a warrant. Instead, he immediately switched over to the EnCase "gallery view" function to see the images, which seems to be to be undoudtedly a search. Still, it's a really interesting question.

The following paragraphs list many papers that try to contribute to the P-versus-NP question. Among all these papers, there is only a single paper that has appeared in a peer-reviewed journal, that has thoroughly been verified by the experts in the area, and whose correctness is accepted by the general research community: The paper by Mihalis Yannakakis. (And this paper does not settle the P-versus-NP question, but "just" shows that a certain approach to settling this question will never work out.)

Of course, there's a million-dollar prize for resolving the question -- so expect the flawed proofs to continue.

We'll see how well it works.

I'm not a crazy environmentalist, but waste makes me cringe. I make it a habit to contact companies that mail me catalogs that I don't read, telling them to take me off of their lists. I also do little things like bring a couple of bags to the grocery store every time I go in order to avoid generating more plastic waste.

The other day, I was buying my son a sweatshirt in T.J. Maxx, and the clerk popped it into a plastic bag. I said, "Thanks, but I really don't need that bag." He promptly balled it up and threw it in the trash. It makes me sad how so many people just don't get it. If everyone would just think a little bit about this in their daily lives, I think it'd make a big difference for the world we leave to our kids and grandkids.

• Moderator: Nick Hoover, Senior Editor, InformationWeek
• Speaker - Anne Berkowitch, Co-Founder & CEO, SelectMinds
• Speaker - J.B. Holston, CEO and President, NewsGator
• Speaker - Umberto Milletti, CEO, InsideView

Businesses can take advantage of social networks by finding innovative ways to reach out to people. Looking at who you know and how you know them can benefit you. Knowing a personal connection to someone that you are trying to contact (for sales) is helpful. The blurring between home, personal, and business life is making this information more available and better able to leverage. People are able to capture more valuable long term information from social networks.

A lot of social network applications can be taken from the talent management space. Deploying alumni networks as a talent source is also a great asset. Alumni represent a well-known and relevant population. This provides a great economic benefit from a social network.

If you are running a sales organization and looking at building a pipeline of leads, consider how these leads are relevant. The ability to get more leads is apparent in finding the right person, right connection, and right contact. Underlying everything are productivity and efficiency. How much time are sales reps spending researching and pursuing each opportunity? With information on social networks, the time can be greatly decreased. Knowledge sharing is something that can be actively measured.

The ROI varies with the business issue that’s trying to be addressed by a particular network. Recruiting for example has a very concrete, measurable ROI. Knowledge share gets a little more tricky. How do you measure how much is shared and the impact on business systems? Businesses need to determine what specific goal they are trying to address.

CFOs want to see ROI, not intuitive information. If you can demonstrate engagement and participation in these networks and knowledge sharing tools, more and more executives are getting comfortable seeing how it’s used at a qualitative and process level. It’s a very case by case basis.

One major crisis that we see in our customers is the competition between sales and marketing. Each wants to do their own thing, they go together like oil and water. However, the push of the economy is now forcing them work together. This is a great opportunity for IT to step in and help them collaborate and be more productive.

Other resistance from companies are how to manage what they are trying to accomplish while still giving employees free reign of sites like Facebook. What are the incentives for using these technologies? How does it fit into your company culture and productivity scale? You must bring meaning to the structure of engaging in social networks.

Social networks like LinkedIn and Facebook would not exist if people did not contribute information to them. However, if people don’t know that it is there, it does not exist. People need to see the value and get drawn in to engage. There are two ways that companies get into social networks. Tie it into the business process. The general idea of social networks are intuitive and easy to understand, which make it an easier case to present to chief executives. Make it clear - how do you go about it and what’s the value?

Social networks are intrinsically about extending the network, the more contacts you have, the more to choose from when researching a specific contact. It also has to be integrated into your dataworkflow. Companies are going to build a variety of networks inside and outside the enterprise. The big companies (SAP, IBM) are all rushing to offer collaborative and social network functionality. However, this is not entirely useful unless it’s integrated into the entire infrastructure.