BKDSKWTN.RVW 20030819 "Desktop Witness", Michael A. Caloyannides, 2002, 0-471-48657-4 %A Michael A. Caloyannides %C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8 %D 2002 %G 0-471-48657-4 %I John Wiley & Sons, Inc. %O 416-236-4433 fax: 416-236-4448 %P 366 p. %T "Desktop Witness: The Do's and Don'ts of Personal Computer Security" The title and the subtitle of this book are somewhat at odds. Is this text about the evidence that can be extracted from desktop machines? Or is it about protecting yourself and your personal computer or information? Caloyannides would seem to be making the point that the answer is both: that there is an overwhelming need to ensure that your computer isn't finking on you, and that you must make every effort to ensure that the government cannot obtain the information on your desktop. While he is clearly on the personal side of the privacy versus national security debate, even those who agree with him may find the arguments shrill and extreme. The subtitle of chapter one; indicating that the material is the author's opinion; should warn the reader that the discussion is editorial rather than closely reasoned. Caloyannides may, however, have hurt his own case by taking an anarchistic and almost paranoid position in stating the need for privacy against government encroachment. He does make a number of valid points, but misses other grounds that might have been convincing to a much wider audience, such as the point that the responsibility of protecting your own information is recognized in such legal areas as the difference between patent and trade secret. (A patent offers control over a device for a limited time as long as the technology is disclosed, whereas a trade secret offers protection for unlimited time as long as reasonable efforts are made to protect the information from disclosure.) The major point of chapter two appears to be that the use of encryption could, in and of itself, land you in trouble, and you should prepare to either hide the fact that encryption is taking place, or have a diversionary explanation ready for the authorities. (The recommended use of one-time-pad technology and variant keys is technically interesting, but is unlikely to survive beyond a first use. Ironically, it seems to support a point that the author made earlier: "clever" tricks that rely on obscurity provide very poor protection.) The types of information that might be available from your computer, or Internet connection, are discussed in chapter three. The material ranges over a number of topics and has a difficult structure: some points are raised more than once and there are a number of related issues that are not mentioned at all. Means of recovering some of the data, and of getting rid of it, are reported, but not consistently. Chapter four lists a vast array of protective measures. Most are very useful. Depending upon your situation, many will be considered overkill. Some are questionable: Caloyannides makes a blanket recommendation to install all operating system patches, but notes that doing so for some versions of Windows requires you to give away a lot of information. He does not, though, detail the times that official patches have made the situation worse rather than better, nor the complexity of some patches: by mid-2002 one expert noted that an effective installation of the Windows NT operating system required twenty nine steps, including no less then three separate installations of the latest service pack at different points. Oddly, while this section is supposed to review measures for computers not connected to networks, some of the points relate to activities on the Internet. Protection for connected machines is discussed in chapter five, with a heavy emphasis on the usage of the PGP encryption system. There is also an interesting insistence that steganography *is* an effective means of hiding communications: while Caloyannides points out a number of pitfalls in the use of the technology he does not mention detection measures, such as the ease of determining excessive entropy in the low-order bits of graphic images used to hide files. Secure telephony is discussed in chapter six. The legal issues reviewed in chapter seven are mostly related to recent legislation providing for additional search authority. The author does include material and actions from outside the United States. The editorial finish in chapter eight warns against a society where everything must be homogenized in order to be safe. In many places the book suffers from very poor copy editing. There are a great many instances of improper punctuation, sentence fragments, and words or phrases dropped into apparently unrelated text. Generally speaking one can discern the meaning, but deciphering the organization and intention of a section can be difficult. (Given the thrust of the book, is the author embedding hidden messages?) While there are issues of general security in the book, it is, first and last, about privacy, and primarily personal privacy. The material could have been structured more usefully, and written less stridently, but a great deal of helpful content is included. Those interested in privacy will find it interesting, and computer forensic specialists may also find it to be a handy reference. copyright Robert M. Slade, 2002 BKDSKWTN.RVW 20030819