Saturday, November 21, 2009

The CRU Breakin

The recent break in of the e-mail server at the Climate Research Unit (CRU) of the University of East Anglia brings a couple of thoughts to mind. I'm in a hurry now, so I'll try to be brief, and will avoid using links for the most part.

First of all, stealing the contents of e-mail from a server is a criminal act, both in the United States, and in the United Kingdom, which is the jurisdiction where the computer apparently resides. I say "apparently", because it's at least theoretically possible that the data were also stored off-site in some foreign country. While it's a far-fetched possibility, it's not impossible as far as I know.

Given that the contents were obtained illegally, there has to be some doubt as to its authenticity. That's bad news for anyone trying to make a point using the supposed contents of this e-mail. Most conventional e-mail servers don't provide any means of discerning whether the contents have been changed. E-mail consists of a header portion and a main body that contains the actual message. Sometimes, as is the case with sendmail, those two parts are kept in separate files. There is no checksum, or other means, to ensure that the files have been preserved. Administrators are usually careful to ensure that hard disk problems don't make a mess of things.

In short, if I had access to this data, I could easily alter much of it to suit my fancy, and there would be no direct evidence I had done so beyond checking other copies of that information that were beyond my control.

Any point someone is trying to make using these e-mails should be viewed skeptically. The burden of proof is on them to show that the contents are genuine. If the people who wrote the e-mails confirm their contents are genuine, that can be counted as proof, and at least to a limited degree, they have. But if any new "revelations" occur in the next few days regarding the contents of that e-mail, the likelihood of fraud should be in everyone's mind.

Nate Silver has provided some perspective as a statistician on what is supposedly the most damning e-mail to emerge from this pile of data. It's worth looking at, I think, since this supposed e-mail has garnered so much attention.

No comments: