IPFS for Forensic Evidence

During the Kyle Rittenhouse trial, video evidence was provided to the prosecution and defence teams (scroll to 05:00) :

The drone footage provided to each side of the trial should have been identical, for a fair trial. Instead, one team, the defence, received a much lower resolution version of the footage than the prosecution, over twice as small the file-size. The evidence was provided to each side using (!) DropBox, which amazingly is counted as suitable for forensics.

Had IPFS been used for providing video evidence, the IPFS CID for each file should have been identical and this could easily have been verified.

IPFS has a place in the legal system.

1 Like

Possibly, but I feel like sometimes the use of a CID as an identifier is sometimes over emphasized and leads to confusion about how IPFS works. It’s an identifier and based on a cryptographic hash but it’s not a unique identifier for the information. Before someone jumps on that statement let me clarify it uniquely identifies the content as it exists in a hashed graph but is not unique to the information that it represents. ie. the file, image, etc. You can have multiple CIDs for the same file. I don’t know much about legal forensics and digital content but I do know that there are special cameras used that do provide some guarantees. I’m sure there has to be some standards of practice that someone else would be more knowledgable than I am but I’m guessing that a more straight forward application of cryptographic techniques, possible on top of IPFS, would be more appropriate.

1 Like

I was thinking exactly the same thing and almost posted about this on the IPFS forums myself. IPFS definitely has a place in the legal system, and so does digital signatures. Even if the legal system doesn’t use IPFS CIDs they definitely need systems that are hash-coding files forensically with at least SHA-256.

Online File/Folder structures (frankly like in my Quanta app) are perfect for not just legal uses but also for documentation of the legislative process too. There should be a digital fingerprint on every line of legislation so it can be traced back to it’s authors. Right now K-Street Lobbyist firms write all our legislation and the elected lawmakers don’t even bother to read it. (sorry for injecting politics, but I think sometimes it’s appropriate)

1 Like

Hi, wclayf! I hope more people take a look at your Quanta application. A folder system like that would be useful for ensuring everybody was “on the same page” or “in the same folder” at trial: judge, jury, prosecution, defence, clerks and observers.

It is good to be aware that two different files could have the same CID, and there are probably tools around to generate a file to a specific CID, in a way similar to generating vanity .onion addresses. Though it is unlikely that those files would have content at all similar to the original, it would be worth trying to demonstrate what a duplicate CID for a “Hello World!” .txt file might look like, if somebody has the time and resources.

Thanks (about quanta). It doesn’t matter that the same file can have multiple “fingerprints” (CIDs). If everyone in a trial (defense and prosecution) or legal agreement agrees on a specific CID, then they’re ‘cryptographically guaranteed’ that it’s the same file they’re pointing to. It’s just about agreeing everyone is seeing the same data. Plus in courts you would agree on the parameters so that everyone hashes and chunks the same way anyhow.

You shouldn’t be able to do that and if you can that would be a very big deal. I don’t know if there’s anything that would make a multi hash more susceptible to collisions than the underlying hash algorighm. I think you might have meant that a file can have more than one CID which is trivially done by using a different hash algorithm.

1 Like

“Hear ye, hear ye. This court is in order and will be using the following hashing parameters…Raise your right hand and repeat after me, “you will use the hash, the whole hash and nothing but the hash.””. ha

2 Likes

Realistically the legal system should use just SHA-256 (or stronger), and definitely not a CID, because you can make “a very strong case” (pun intended) that CIDs are a proprietary format specific to IPFS, and therefore not an actual standard.

CIDs are a proprietary format specific to IPFS, and therefore not an actual standard.

In what sense are IPFS CIDs a proprietary format? Isn’t it a Free standard?

By proprietary, I just meant CIDs are specific to IPFS, and basically cannot be generated without installing IPFS first (too many options with chunkers, etc). That makes CIDs completely unusable as a simple verification in the way SHA-256 can be used as a simple verification…unless someone wants to download and install IPFS just to verify a file.

1 Like