Slide1 l.jpg
This presentation is the property of its rightful owner.
Sponsored Links
1 / 35

Key Legal Implications of Computer Network Defense Protecting America’s Information Infrastructure Walter Gary Sharp, Sr., Esquire PowerPoint PPT Presentation


  • 81 Views
  • Uploaded on
  • Presentation posted in: General

Las Vegas, Nevada July 2001. Key Legal Implications of Computer Network Defense Protecting America’s Information Infrastructure Walter Gary Sharp, Sr., Esquire Principal Information Security Engineer (703) 624-5292 or [email protected] The MITRE Corporation.

Download Presentation

Key Legal Implications of Computer Network Defense Protecting America’s Information Infrastructure Walter Gary Sharp, Sr., Esquire

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Slide1 l.jpg

Las Vegas, Nevada

July 2001

Key Legal Implications of

Computer Network Defense

Protecting America’s Information Infrastructure

Walter Gary Sharp, Sr., Esquire

Principal Information Security Engineer

(703) 624-5292 or [email protected]

The MITRE Corporation

The opinions and conclusions expressed herein are those of the author and do not necessarily

reflect the views of any governmental agency or private enterprise.


Slide2 l.jpg

The Legal Framework for Response:

Three Perspectives

Purpose &

CND Defined

Key Legal

Issues

U.S. Domestic, International, & Foreign Law

Case Studies, Policy Considerations & Recommendations

Conclusion

Selected Legal Authorities

Summary: An Analytical Decision Support Model

Today’s Presentation


Slide3 l.jpg

Purpose of this Presentation

To explore how America can better balance its citizens’ privacy and civil liberties with an effective ability to:

  • protect America’s information infrastructure;

  • detect potential attacks by joy-hackers, economic competitors, criminals, terrorists, and hostile states; and,

  • respond effectively in a way that is compatible with American democratic principles and international law.


Slide4 l.jpg

Caveat

This presentation is intended to provide a situational awareness for those involved or interested in the legal issues relevant to the defense of computer networks. It is NOT intended to substitute for the advice of your organizational legal counsel. Legal advice should only be sought from an attorney authorized to provide legal advice to your organization.


Slide5 l.jpg

Computer Network Defense (CND) Defined

Defensive measures to protect and defend information, computers, and networks from disruption, denial, degradation, or destruction.

Joint Publication 1-02: DoD Dictionary of Military and Associated Terms

23 March 1994, as amended 14 June 2000


Slide6 l.jpg

Increasing Legal

Authority to

Respond

State

Non-state,

Non-U.S. Citizen

U.S. Citizen

Default

Environment

Crisis

Peace

Conflict

The Legal Framework for

Responding to Computer Intrusions

Perspective ONE

Nine distinctive regimes;each may implicate U.S.domestic, international, andforeign law

Actor-dependent

Attribution key issue

An effective initial response methodology must be actor-independent


Slide7 l.jpg

Perspective TWO

The Legal Framework for

Responding to Computer Intrusions

State actors -- national security community response

U.S. domestic law

International peacetime regime

Law of Conflict Management

Law of War

Non-state actors -- law enforcement response

U.S. domestic law

Foreign law

Mutual Legal Assistance Treaties

International peacetime regime

Question: What is an appropriate and lawful response when a territorial state is unable or unwilling to assist another state’s law enforcement efforts to arrest non-state actors within its territory?


The legal framework for responding to computer intrusions l.jpg

Perspective THREE

International Law

  • Peacetime Regime

  • Law of Conflict Management

  • Law of War

Telecommunications Law

and Foreign Law

Telecommunications Law

The Legal Framework for

Responding to Computer Intrusions

Foreign Law

U.S. Domestic Law

Law of

Target State

Air Law

HN Law

Law of the Sea


Slide9 l.jpg

Key Legal Issues -- U.S. Domestic Law

Attribution

Property

Privacy

Civil liberties

Criminal and civil liabilities

Posse Comitatus

Separate legal authorities for military, law enforcement, and foreign intelligence activities

Presumption that intruder is “U.S. Citizen” until proven otherwise


Slide10 l.jpg

Key Legal Issues -- International Law

Current international status: peacetime or armed conflict

Use of force: necessary and proportional, and discriminate

Hostile act / hostile intent

U.N. Security Council Chapter VII authorization

Application of Article 103 of Charter of United Nations

Self defense

Regulation of activities by peacetime regime

Criminal and civil liabilities


Slide11 l.jpg

Key Legal Issues -- Foreign Law

Sovereignty and governmental acts

Criminal and civil liabilities

Modifications to application of foreign law by operation of U.N. Charter or international agreement

U.S. Presidential authority to conduct covert operations


Slide12 l.jpg

Selected Legal Authorities

U.S. Domestic Law

Fourth Amendment

Restricts the ability of the government to search where a reasonable expectation of privacy exists

Electronic Communications Privacy Act, 18 USC §2510

Creates statutory privacy rights and defines:

Providers of Electronic Communication Service (ECS) -- any service which provides to its users the ability to send or receive wire or electronic communications

Providers of Remote Computing Service (RCS) -- public service which provides computer storage or processing by means of an ECS

“Electronic storage” -- any temporary, intermediate storage incidental to an electronic transmission


Slide13 l.jpg

Selected Legal Authorities

U.S. Domestic Law (continued)

Electronic Communications Privacy Act, 18 USC §2510(continued)

Prohibits unlawfulaccess to communications of an ECS in electronic storage

Prohibits unlawfuldisclosure by a public ECS of a communication in electronic storage

Prohibits unlawfuldisclosure by a RCS of a communication it carries or maintains

Regulates how the government can obtain information from ECS and RCS providers

Compelled disclosure (subpoena, court order, warrant)

Voluntary disclosure

Consent


Slide14 l.jpg

Selected Legal Authorities

U.S. Domestic Law (continued)

Pen Registers and Trap and Trace Statute, 18 U.S.C. §§ 3121-27

Regulates the collection of addressinginformation of wire and electronic communications (simply to and from, not even the subject line)

Prohibits installation or use of a pen register or a trap and trace device by anyone without prior court order

Prohibition does not apply to provider of electronic or wire communication service who uses such device:

during the operation, maintenance, and testing of its service;

to protect its and its users’ property rights;

to prevent fraudulent, unlawful, or abusive use of its services;

with the consent of its users


Slide15 l.jpg

Selected Legal Authorities

U.S. Domestic Law (continued)

“Title III” Wiretap Statute, 18 U.S.C. §§ 2510-22

Regulates the collection of the content of wire and electronic communications in transmission

Prohibits any intentional interception, knowing use, or the knowing disclosure of any wire, oral, or electronic communication during its transmission, and the intentional use of any device to intercept any oral communication, by any third party in the United States

Prohibition does not apply, for example, to any ECS provider who may intercept, disclose, or use a communication in the normal course of his employment while engaged in any activity which is a necessary incident to the rendition of his service or to the protection of the rights or property of that service


Slide16 l.jpg

Selected Legal Authorities

U.S. Domestic Law (continued)

The Foreign Intelligence Surveillance Act of 1978, 50 USC §1801

Grants authority and approval process for investigations, electronic surveillance, and search & seizure that target foreign intelligence activities

The Computer Fraud and Abuse Act of 1984, 18 USC §1030 (1984)

The first federal computer crime statute

Prohibits unauthorized access to computers engaged in interstate communication

The Economic Espionage Act of 1996, 18 USC §1831

Prohibits theft of trade secrets for foreign government (Economic Espionage) or for the economic benefit of any person (Theft of Trade Secrets)


Slide17 l.jpg

Selected Legal Authorities

U.S. Domestic Law (continued)

The Identity Theft and Assumption Deterrence Act of 1998, 18 USC §1028

Prohibits unauthorized transfer or use of another’s means of government identification for the furtherance of any unlawful activity that constitutes a violation of Federal law or a felony under state or local law

Fraud by Wire, Radio, or Television, 18 USC §1343

Prohibits interstate fraud via the Internet

Communication Lines, Stations, or Systems, 18 USC §1362

Prohibits injury or destruction to any means of communication operated or controlled by U.S. Government or used for military or civil defense


Slide18 l.jpg

Selected Legal Authorities

U.S. Domestic Law (continued)

U.S. Constitution -- authority of the Commander in Chief

U.S. Code, Title 10 -- authority of military

U.S. Standing Rules of Engagement -- authority of combatant commanders (CJCSI 3121.01A, Enclosure F, 15 January 2000)


Slide19 l.jpg

Selected Legal Authorities

International Law

The Peacetime Regime -- governs, but does not prohibit per se, state activities in CyberSpace (applies during armed conflict if not inconsistent with inherent nature of hostilities)

Jus ad Bellum -- the law of conflict management (U.N. Charter, Articles 2(4), 39, and 51) regulates the use of force by states vis-à-vis states (all use of force must be necessary, proportionate, and discriminate)

Jus in Bello -- the law of war governs the means and methods of warfare and the protection of civilians during armed conflict (effects based analysis)


Slide20 l.jpg

Articles 2(4) & 51 threshold

Common Article 2 threshold

The Application of International Law

© 1996 Walter Gary Sharp, Sr.

State Activities in CyberSpace

Line of belligerency

Peacetime military operations

 law enforcement

 normal peace-keeping

 humanitarian & disaster relief

 counter-terrorist & hostage rescue

 noncombatant rescue

Combatant operations

 declared war

de facto hostilities

(scope, duration, & intensity)

 partial or total occupation

Self-defense

All necessary means

in response to

outright aggression

Limited use of force

Use of Force Spectrum

jus in bello applies

jus ad bellum applies

peacetime regime applies


Slide21 l.jpg

The International Peacetime Regime

Examples of Application

Espionage is lawful

Status of Forces Agreements and host nation laws

UN Convention on the Law of the Sea: innocent passage and unauthorized broadcasting

International Telecommunications Conventions: prohibitions on harmful interference, national right to intercept and suspend

Outer Space Treaty: the moon and other celestial bodies must be used for “peaceful purposes”

INTELSAT: must be used for “other than military purposes”

INMARSAT: must be used “exclusively for peaceful purposes”


Slide22 l.jpg

Jus ad Bellum:Examples of Application (Part One)

© 2001 Walter Gary Sharp, Sr.

Customary International Law

Policy

Precedent

 Isolated verbal threat;

 Initial troop movements;

 Shaping of alliances.

 Use of fire control radar;

 Interference with early

warning or C2 systems.

 Massing of troops on

border.

A

C

T

I

V

I

T

Y

 Boycotts;

 Diplomatic measures;

 Severance of diplomatic

relations;

 Economic competition or

sanctions;

 Interruption of

communications;

 Espionage.

 Extreme intrastate violence or

human rights violations;

 Failure of state to surrender

terrorists;

 Illegal racist regime;

 Large refugee movements;

 Diversion of a river;

 Serious violations of int’l law that

may provoke armed response.

Use of force against:

 Territory;

 Warship;

 Military forces;

 Citizens abroad.

 Destruction of early warning

or C2 systems.

Spectrum of Interstate Relations

Art. 39

Art. 2(4)

Art. 51

T

H

R

E

S

H

O

L

D

Armed

attack

(use of force)

Threat

to the

peace

Threat

of

force

Hostile

act

Hostile

intent


Slide23 l.jpg

Customary International Law

Policy

Precedent

Jus ad Bellum:Examples of Application (Part Two)

© 2001 Walter Gary Sharp, Sr.

Spectrum of Interstate Relations

Art. 39

Art. 2(4)

Art. 51

T

H

R

E

S

H

O

L

D

Armed

attack

(use of force)

Threat

to the

peace

Threat

of

force

Hostile

act

Hostile

intent

Anticipatory

self defense

Self defense

R

E

S

P

O

N

S

E

UNSC may require states to comply with Art. 41 measures

Any measures or use of force authorized

by the UNSC under Chapter VII

Diplomatic measures; severance of diplomatic relations; complete or partial interruption of economic relations or interstate communications; arbitration, judicial proceedings, etc.


Slide24 l.jpg

Jus in Bello: Examples of Application

Regulations annexed to the 1907 Hague Convention No. IV

-- an effects based analysis --

Prohibit the use of means calculated to cause unnecessary suffering

Prohibit attack by whatever means of undefended towns or buildings

Prohibit unnecessary damage to buildings dedicated to religion, art, science, or charitable purposes as well as historic monuments, hospitals, and places where the sick and wounded are collected

Permit ruses of war and employment of measures necessary to obtain information about the enemy

Permit seizure of state property that can be used for military ops


Slide25 l.jpg

Selected Legal Authorities

Foreign Law

Criminal and civil law applies unless modified by operation of U.N. Charter or international agreement


Slide26 l.jpg

© 1997 Walter Gary Sharp, Sr.

Does international law prohibit the activity?

Does U.S. law authorize the activity?

Does HN law authorize the activity?

YES

NO

NO

YES

YES

YES

NO

NO

Activity is unlawful under U.S. law and cannot be authorized

Is prohibition suspended by:

 a state of war, or

 operation of Article 103;

or is the activity authorized by:

 right of self-defense, or

 Chapter VII?

Activity is lawful under U.S., HN, and international law, and may be authorized by

the NCA

Activity is unlawful

but may be authorized

by the President

Summary

An Analytical Decision Support Model for the Legality of

State Activities in CyberSpace


Slide27 l.jpg

Case Studies

“Track-back”

Internal to system or network

External to system or network

Compelled disclosure (subpoena, court order, warrant)

Voluntary disclosure

Consent

“Shoot-back”

Attribution

Targeting -- necessity, proportionality, discrimination

Electronic -- automated and manual

Kinetic


Slide28 l.jpg

Case Studies (continued)

DirecTV Satellite Entertainment

Number one digital satellite entertainment service in the U.S.

Controls access to proprietary network via “smart” cards

Pirating of services is a significant problem

Late 2000 - transmitted a logic bomb a few bytes at a time to a specific series of smart cards that injects upon command an endless loop into a write once section of the smart card

January 2001 - transmitted a message via proprietary DirecTV satellites that activated logic bomb

Did not effect non-proprietary equipment or computers that emulated the smart cards for purposes of pirating services


Slide29 l.jpg

Case Studies (continued)

Rights of law enforcement to cross national borders

In the United States, the FBI:

set up a front company called Invita

invited two suspected Russian hackers, Vasily Gorshkov and Alexey Ivanov, for a job interview and asked them to demonstrate what they could do

used a“sniffer” program to obtain their passwords and account numbers

downloaded 250 gigabytes of evidence from computers in Russia

obtained a search warrant before viewing the downloaded evidence

Defendant Gorshkov sought to suppress the downloaded evidence in Federal district court as a violation of his Fourth Amendment rights


Slide30 l.jpg

Case Studies (continued)

Rights of law enforcement to cross national borders (continued)

U.S. District Court judge held on 23 May 2001 that

Gorshkov and Ivanov had no expectation of privacy because

they knew the system administrator could and likely would monitor their activities

the undercover agents told them they wanted to watch

the Fourth Amendment did not apply to the computers because they

were the property of a non-resident alien and

located outside the United States

a search warrant was not required before the data was downloaded because the defendant’s co-conspirators could destroy or remove the evidence

the Fourth Amendment did not apply to the data downloaded until it was transmitted to the United States

Russian law does not apply to the agent’s actions

Question: What investigative rights does this case give U.S. and foreign law enforcement?


Slide31 l.jpg

Legal and Policy Considerations of

State Activities in CyberSpace

Peacetime or armed conflict

Perception of unauthorized use of force

Perception of hostile intent or hostile act

Authorized or directed by U.N. Chapter VII authority

Direct, indirect, and ripple economic impact on target state, third-country states, actor state, and their nationals

Tort liability of actor state and criminal liability of government agents under U.S. domestic, international, and foreign law

Utilization of telecommunication and satellite systems owned by multinational corporations or non-governmental organizations


Slide32 l.jpg

Recommendations

How do we shape an effective initial response to a computer network attack that is actor-independent?

Reverse the presumption -- presume an intruder is a non-U.S. citizen until such time the investigation determines otherwise

Establish by law a new agency responsible for investigating attacks against computer networks critical to our national defense and economic well being

What is an appropriate and lawful response when a territorial state is unable or unwilling to assist another state’s law enforcement efforts to arrest non-state actors within its territory?

Unable -- states have a duty to cooperate; remains a law enforcement issue

Unwilling -- states harboring criminals or terrorists may be deemed an actor; becomes a national security issue


Slide33 l.jpg

Recommendations (continued)

How does America protect its information infrastructure?

Through the right balance of technology, policy, and law

How can the private sector protect America’s information infrastructure?

Information system owners must implement best business practices for information security (tort and corporate law will encourage this)

Internet Service Providers must coordinate their defenses between themselves and with major users (regulation not needed, best business practices and tort liability will force this coordination)

Incident response capabilities must develop a comprehensive information sharing mechanism within private industry and between private industry and state, local, and federal governments


Slide34 l.jpg

Recommendations (continued)

How can the government protect America’s information infrastructure?

Must designate a government agency, perhaps DOD, to be responsible for the coordinated defense of our Nation’s information infrastructure

Must enact cross-cutting investigative authority within United States (regulation and law can help here)

Must construct cross-cutting mutual legal assistance treaties within international community (must have near universal system of treaties to be effective)

Must encourage legal and insurance sectors to develop best business practices for information security (regulation and law can help here)


Conclusion l.jpg

?

The most fundamental and important distinction between our great Nation and other countries is our system of laws. Those who have sworn to defend our Constitution must never bend or break the law in the name of national security. We must remain within the law as we protect our system of laws.

Walter Gary Sharp, Sr.

Conclusion

(703) 624-5292 or [email protected]


  • Login