Developing a legal framework to combat cybercrime l.jpg
This presentation is the property of its rightful owner.
Sponsored Links
1 / 60

DEVELOPING A LEGAL FRAMEWORK TO COMBAT CYBERCRIME PowerPoint PPT Presentation


  • 94 Views
  • Uploaded on
  • Presentation posted in: General

DEVELOPING A LEGAL FRAMEWORK TO COMBAT CYBERCRIME. Providing Law Enforcement with the Legal Tools to Prevent, Investigate, and Prosecute Cybercrime. Overview. Balancing Privacy and Public Safety Limits on Law Enforcement Investigative Authority Intercepting Electronic Communications

Download Presentation

DEVELOPING A LEGAL FRAMEWORK TO COMBAT CYBERCRIME

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Developing a legal framework to combat cybercrime l.jpg

DEVELOPING A LEGAL FRAMEWORK TO COMBAT CYBERCRIME

Providing Law Enforcement with the Legal Tools to Prevent, Investigate, and Prosecute Cybercrime


Overview l.jpg

Overview

  • Balancing Privacy and Public Safety

  • Limits on Law Enforcement Investigative Authority

  • Intercepting Electronic Communications

  • Collecting Traffic Data Real Time

  • Obtaining Content Stored on a Computer Network

  • Obtaining Non-Content Information Stored on a Computer Network

  • Compelling the Target to Disclose Electronic Evidence


Overview3 l.jpg

Overview

  • Balancing Privacy and Public Safety

  • Limits on Law Enforcement Investigative Authority

  • Intercepting Electronic Communications

  • Collecting Traffic Data Real Time

  • Obtaining Content Stored on a Computer Network

  • Obtaining Non-Content Information Stored on a Computer Network

  • Compelling the Target to Disclose Electronic Evidence


Balancing privacy public safety l.jpg

Balancing Privacy & Public Safety

  • Privacy is a basic human right

    “No one shall be subjected to arbitrary interference with his privacy, family, home

    or correspondence...”

    -- Art. XII, Universal Declaration of Human Rights

  • Promotes free thought, free expression, and free association, building blocks of democracy

  • Supports competitive businesses and markets, cornerstone of a robust economy


Balancing privacy public safety5 l.jpg

Balancing Privacy & Public Safety

Privacy of computer networks is important:

  • Individuals, businesses, and governments increasingly use computers to communicate

  • Sensitive personal information and business records are stored in electronic form

    Privacy of computer networks is important for human rights, individual freedoms, and economic efficiency


Balancing privacy public safety6 l.jpg

Balancing Privacy & Public Safety

Threats to online privacy:

  • Industry

    • Gathering marketing information

  • Government

    • Investigating crime, espionage, or terrorism

    • Misusing legal investigative authorities

  • Criminals

    • Stealing government or business secrets or financial information

    • Obtaining private information from individuals’ computers


Balancing privacy public safety7 l.jpg

Balancing Privacy & Public Safety

  • Need to investigate all kinds of crimes that involve computer networks

    • E.g.: communications of terrorists or drug dealers

  • Need to investigate attempts to damage computer networks

    • E.g.: “I love you” virus

  • Need to investigate invasions of privacy

    • E.g.: hackers working for organized crime stealing credit card numbers


Overview8 l.jpg

Overview

  • Balancing Privacy and Public Safety

  • Limits on Law Enforcement Investigative Authority

  • Intercepting Electronic Communications

  • Collecting Traffic Data Real Time

  • Obtaining Content Stored on a Computer Network

  • Obtaining Non-Content Information Stored on a Computer Network

  • Compelling the Target to Disclose Electronic Evidence


Limited law enforcement authority l.jpg

Limited Law Enforcement Authority

Striking the Balance:

  • Government investigative authority subject to appropriate limits and controls in the form of procedural laws will increase privacy and public safety, but . . .

  • Uncontrolled government authority may diminish privacy and hinder economic development.


Limited law enforcement authority10 l.jpg

Limited Law Enforcement Authority

Intrusiveness of the Investigative Power

Safeguards to Prevent Governmental Abuse


Limited law enforcement authority11 l.jpg

Limited Law Enforcement Authority

Ways to limit law enforcement authorities:

  • Define specific predicate crimes/classes of crime

  • Require law enforcement to demonstrate factual basis to independent judicial officer

  • Limit the breadth and scope, the location, or the duration

  • Offer only as “last resort”

  • Prior approval or subsequent review by senior official or politically accountable body


Limited law enforcement authority12 l.jpg

Limited Law Enforcement Authority

Penalizing abuse:

  • Administrative discipline of officer involved

  • Inability to use evidence in prosecution (“suppression”)

  • Civil liability for officer involved

  • Criminal sanction of officer involved


Limited law enforcement authority13 l.jpg

Limited Law Enforcement Authority

Limiting Economic Burdens on Third Party Service Providers:

  • Should laws require providers to have certain technical capabilities?

  • Who is responsible for costs of collecting data for law enforcement?


Other policy considerations l.jpg

Other Policy Considerations

  • Each country should approach this complex balancing question, taking into consideration:

    • The scope of its crime and terrorism problem;

    • Its existing legal structures;

    • Its historical methods of protecting human rights; and,

    • the need to assist foreign governments.

  • Each country should decide the “means” for obtaining electronic evidence within its existing legal framework (e.g., constitutions, statutes, court decisions, rules of procedure)


Overview15 l.jpg

Overview

  • Balancing Privacy and Public Safety

  • Limits on Law Enforcement Investigative Authority

  • Intercepting Electronic Communications

  • Collecting Traffic Data Real Time

  • Obtaining Content Stored on a Computer Network

  • Obtaining Non-Content Information Stored on a Computer Network

  • Compelling the Target to Disclose Electronic Evidence


Information obtained from computer networks in cybercrime investigations l.jpg

Information Obtained from Computer Networks in Cybercrime Investigations


Slide17 l.jpg

Information Obtained from Computer Networks in Cybercrime Investigations


Intercepting electronic communications on computer networks l.jpg

Intercepting Electronic Communications on Computer Networks

  • Obtaining the content of a communication as the communication occurs

    • Similar to intercepting what’s being said in a phone conversation

    • E.g.: collect the content of e-mail passing between two terrorists or drug dealers

    • E.g.: collect the commands sent by a hacker to a victim computer to steal corporate information


Intercepting electronic communications on computer networks19 l.jpg

Intercepting Electronic Communications on Computer Networks

  • Many countries use the same (or very similar) rules as phone wiretaps

  • Authority should include the ability to compel providers to assist law enforcement officials

    • Sometimes does not require law enforcement expertise

    • May depend on particular technology and infrastructure

  • Art. 21, Council of Europe Convention on Cybercrime


Intercepting electronic communications on computer networks20 l.jpg

Intercepting Electronic Communications on Computer Networks

Law enforcement needs this authority because:

  • Criminals and terrorists increasingly use electronic communications to plan and execute crimes

  • Many crimes are committed mostly (or entirely) using computer networks

    • Distribution of child pornography, internet fraud, hacking

  • Communications may not be stored


Intercepting electronic communications on computer networks21 l.jpg

Intercepting Electronic Communications on Computer Networks

This authority should be limited because:

  • Interception of communications can be a grave invasion of privacy

  • Can allow access to the most private thoughts, harming freedoms of speech and association

  • Fear of overly intrusive interception may stifle competitive markets, economic development, and foreign investment


Examples of limitations on interception authorities australia l.jpg

Independent judicial review

Facts in support of an application showing that intercepted communications would “be likely to assist” in an investigation

Investigation of a serious crime (generally 7+ years maximum incarceration)

90 day maximum (renewable)

Information intercepted unlawfully cannot be used as evidence in court

Intercepted information has certain disclosure restrictions and destruction after purpose is complete

Judge must balance surrounding circumstances:

Whether other investigative techniques would not be just as effective

The value of the information

Gravity of the conduct

The privacy invasion

Examples of Limitations on Interception Authorities – Australia


Examples of limitations on interception authorities the united states l.jpg

30 day time limit (plus extensions)

“Probable cause” to believe a crime is being committed and that the facility is being used in furtherance of that crime

All other options have been tried or are unlikely to succeed

Independent judicial review

Report to intercepted parties (at conclusion of case)

Inability to use evidence in court if violate the law

Administrative investigation of misuse of the law required

Civil and criminal sanctions for violations

Approval by high-level official

Minimize collection of non-criminal communications

Limitations on disclosure of intercepted communications

Examples of Limitations on Interception Authorities – the United States


Possible exceptions to the rule l.jpg

Possible Exceptions to the Rule

Might not require legal process if:

  • The communication is publicly accessible

    • E.g.: public “chat” rooms

  • Party/all parties to the communication consent

    • Actual consent (CI), banner

  • Emergency involving risk of death

  • No reason to believe communication is private

    • Hackers communication with target computer


Intercepting electronic communications other considerations l.jpg

Intercepting Electronic Communications: Other Considerations

  • Limits on ISP’s interception

    • Possible exceptions for consent, interceptions necessary to run or secure a network

  • Voluntary disclosure of intercepted communication

    • Only if legal interception (i.e. subject to exception)


Overview26 l.jpg

Overview

  • Balancing Privacy and Public Safety

  • Limits on Law Enforcement Investigative Authority

  • Intercepting Electronic Communications

  • Collecting Traffic Data Real Time

  • Obtaining Content Stored on a Computer Network

  • Obtaining Non-Content Information Stored on a Computer Network

  • Compelling the Target to Disclose Electronic Evidence


Collecting traffic data real time l.jpg

Collecting Traffic Data Real Time


Collecting traffic data real time28 l.jpg

Collecting Traffic Data Real Time

  • Interception of non-content information

    • Similar to phone number called to/from

    • E.g.: “To” and “From” on an e-mail

    • E.g.: Source and destination IP address in a packet header

  • Less intrusive than intercepting content, so less restrictions on law enforcement use

  • Art. 20, Council of Europe Convention on Cybercrime


Collecting traffic data real time29 l.jpg

Collecting Traffic Data Real Time

Law enforcement needs this authority because:

  • Criminals and terrorists increasingly use electronic communications to plan and execute serious crimes

  • Helps locate suspects, identify members of conspiracy

  • Useful tool to assist foreign investigations where a country is used only as a “pass-though”

  • Provides a less intrusive and therefore less restricted alternative to content interception


Collecting traffic data real time30 l.jpg

Collecting Traffic Data Real Time

This authority should be limited because:

  • Although less intrusive than content interception, still implicates privacy

    • Individuals don’t expect government to keep track of who they’re calling, even if government does not listen to what they’re saying

    • To/From information may be revealing (e.g., repeated e-mails to a psychiatrist; receiving information from a militant organization)


Collecting traffic data real time sample laws united kingdom l.jpg

Collecting Traffic Data Real TimeSample Laws – United Kingdom

  • Information must be “necessary” for the investigation of crime, protection of national security, public health, other specified purposes

  • Approval by a designated high-level government official, but no independent judicial review

  • Collection must be “proportionate to what is sought to be achieved”

  • 30 day time limit


Collecting traffic data real time sample laws united states l.jpg

Collecting Traffic Data Real TimeSample Laws – United States

  • Information collected must be “relevant” to an ongoing criminal investigation

  • Can only be applied for by an attorney for the government (not a police officer)

  • Limited to 60 days (plus extensions)

  • Disciplinary, civil, and criminal penalties for misuse


Possible exceptions to the rule33 l.jpg

Possible Exceptions to the Rule

Might not require legal process if:

  • Party/all parties to the communication consent

    • E.g.: witness cooperating with the government allows officers to determine where conspirators’ e-mail is sent from

  • No reason to believe communication is private

    • Hackers communication with target computer

  • Interception is by provider of computing service in order to run the system or provide security


Overview34 l.jpg

Overview

  • Balancing Privacy and Public Safety

  • Limits on Law Enforcement Investigative Authority

  • Intercepting Electronic Communications

  • Collecting Traffic Data Real Time

  • Obtaining Content Stored on a Computer Network

  • Obtaining Non-Content Information Stored on a Computer Network

  • Compelling the Target to Disclose Electronic Evidence


Obtaining content information stored on a computer network l.jpg

Obtaining Content Information Stored on a Computer Network


Obtaining the content of stored information on computer networks l.jpg

Obtaining the Content of Stored Information on Computer Networks

  • Information stored on the system of a third-party provider

    • Computer network not owned by the target of an investigation

    • E.g.: e-mail sent to an individual that is stored by an Internet service provider

    • E.g.: calendar kept on a remote service


Obtaining the content of stored information on computer networks37 l.jpg

Obtaining the Content of Stored Information on Computer Networks

  • Laws may be similar to those for searching or seizing computers in the possession of the target of an investigation

  • But because the information is held by a neutral third party, physical coerciveness of regular search procedures may not be necessary

  • Also, because the data is not in the immediate control (e.g. home) of the individual, he or she may have less of a privacy interest in it

  • Art. 18, Council of Europe Convention on Cybercrime


Obtaining the content of stored information on computer networks38 l.jpg

Obtaining the Content of Stored Information on Computer Networks

Law enforcement needs this authority because:

  • Without it, serious crimes will go unpunished and undeterred

    • Just as law enforcement has needed coercive power to gather evidence in “real world” contexts, so it must be able to do so in online contexts

    • For the many crimes committed over the Internet, stored information is the “crime scene”


Obtaining the content of stored information on computer networks39 l.jpg

Obtaining the Content of Stored Information on Computer Networks

This authority should be limited because:

  • As our countries enter the “Information Age,” more and more of the most sensitive data is being stored on computers

    • Businesses are increasingly using computer networks to store data

    • Individuals are increasingly storing information and communications remotely on third-party networks


Obtaining stored content sample laws united states l.jpg

Obtaining Stored ContentSample Laws – United States

  • To compel disclosure of most kinds of e-mail:

    • “Probable cause” to believe it contains evidence of a crime (same standard as to search a package or a house)

    • Review of evidence by an independent judge

    • Administrative sanctions against officers who abuse the authority

    • Civil suit against the government for misuse

    • Disclosure restrictions


Obtaining stored content l.jpg

Obtaining Stored Content

Do some categories of data deserve extra protection?

  • Greater expectation that data will remain private

  • Has the user any choice about whether the information is stored on the network?

    • Example of graduated system of requirements – United States

      • Unopened e-mail requires a search warrant based upon “probable cause”

      • E-mail accessed by the user and other information the user chooses to store on a remote server requires a court order with only a showing of “relevance”


Obtaining stored content42 l.jpg

Obtaining Stored Content

Consider allowing voluntary disclosure to law enforcement under some circumstances:

  • Unrestricted disclosure by 3rd-party providers may infringe upon privacy and have economic impact, but disclosure may be justified

    • To protect public health or safety

    • To allow the provider to protect its property (e.g., by reporting unauthorized use)


Overview43 l.jpg

Overview

  • Balancing Privacy and Public Safety

  • Limits on Law Enforcement Investigative Authority

  • Intercepting Electronic Communications

  • Collecting Traffic Data Real Time

  • Obtaining Content Stored on a Computer Network

  • Obtaining Non-Content Information Stored on a Computer Network

  • Compelling the Target to Disclose Electronic Evidence


Obtaining non content information stored on a computer network l.jpg

Obtaining Non-Content Information Stored on a Computer Network


Obtaining non content information stored on a computer network45 l.jpg

Obtaining Non-Content Information Stored on a Computer Network

  • Computers create logs showing where communications came from and where they went

  • Generally less sensitive than content

  • E.g.: a list of all of the e-mail addresses to which a user sent e-mail

  • E.g.: a log showing the phone numbers by which a user accessed an Internet service provider


Obtaining non content information stored on a computer network46 l.jpg

Obtaining Non-Content Information Stored on a Computer Network

Law enforcement needs this authority because:

  • Logs showing what occurred on a network may be the best evidence of a computer crime; may identify the suspect or reveal criminal conduct

    This authority should be limited because:

  • Although less sensitive than content, these records still contain private information


Obtaining stored non content information l.jpg

Obtaining Stored Non-Content Information

Laws Can Distinguish Between Kinds of Records:

  • Subscriber information generally less sensitive

    • Name, street address, user name

    • Might include method of payment, i.e., credit card or bank account (important because ISPs may not check users’ identities)

  • Logs showing with whom a user has communicated generally more sensitive


Obtaining stored non content information examples of different standards l.jpg

Obtaining Stored Non-Content InformationExamples of Different Standards

  • Art. 18, Council of Europe Convention on Cybercrime:

    • Treats “Subscriber Information” differently from other data

  • United States:

    • Basic subscriber records require a mere showing of “relevance” to a criminal investigation without prior review by a court (subpoena)

    • E-mail logs require a prior finding of “specific and articulable facts” that would justify disclosure of the records


Preservation of evidence l.jpg

Preservation of Evidence

  • Problem: many stored records last only for weeks or days

    • Obtaining legal process is often slow

    • Investigators may not even know the significance of evidence until weeks or days after the commission of a crime

  • Critical tool: request by law enforcement to preserve evidence (content or non-content)

  • Request does not compel the disclosure of the records, but freezes them pending legal process


Preservation of evidence50 l.jpg

Preservation of Evidence

  • Must be very fast (not require prior judicial approval or even written process)

  • Few privacy concerns because no disclosure occurs

  • COE Convention: does not require dual criminality because of need to preserve data quickly (disclosure, however, requires dual criminality)


Preservation of evidence sample laws united states l.jpg

Preservation of EvidenceSample Laws – United States

  • A provider of … communication services, upon the request of a government entity, shall take all necessary steps to preserve records or other evidence in its possession pending the issuance of a court order or other process.”

    • Lasts for 90 days and can be renewed


Overview52 l.jpg

Overview

  • Balancing Privacy and Public Safety

  • Limits on Law Enforcement Investigative Authority

  • Intercepting Electronic Communications

  • Collecting Traffic Data Real Time

  • Obtaining Content Stored on a Computer Network

  • Obtaining Non-Content Information Stored on a Computer Network

  • Compelling the Target to Disclose Electronic Evidence


Compelling disclosure of electronic evidence in the possession of the target l.jpg

Compelling Disclosure of Electronic Evidence in the Possession of the Target

  • Generally rules that pertain to search of a home or office apply

  • Have to assure that the law is broad enough to cover collection of intangible data and not just physical items

  • Compare:

    • E.g.: Computer used to store child pornography or other evidence

    • E.g.: Computer used to break into bank to steal account information or move funds from one account to another


Seizing computer hardware l.jpg

Seizing Computer Hardware

  • Council of Europe Convention, Article 19

  • Often investigators need to seize the computer itself

    • Easy to apply traditional rules for objects

  • Not clear why a computer should get greater or lesser protection than a filing cabinet


Searches and seizures of stored data and intangible evidence l.jpg

Searches and Seizures of Stored Data and Intangible Evidence

  • Investigators could simply copy computer files after entering an individual’s home

    • Data stored at home can be extremely sensitive (e.g., a diary, a will)

  • Recommendation: treat data as a “thing” to be seized, even if only a copy is made

  • But: “imaging” a drive should be a permissible search technique

    • Technical considerations, e.g., OS

    • Slack space and deleted files


Considerations for searches and seizures of intangible evidence l.jpg

Considerations for Searches and Seizures of Intangible Evidence

  • Applying the traditional rules provides balance and certainty

    • Unwise not to protect that data from over-intrusive governmental searches

    • Also unwise not to give law enforcement the power to obtain that evidence

    • Easier for investigators to learn

  • Use existing exceptions as well

    • E.g.: consent, emergency circumstances


Considerations for searches and seizures of intangible evidence57 l.jpg

Considerations for Searches and Seizures of Intangible Evidence

  • Why computer searches are different:

    • Computers hold huge amounts of data

    • 10 gigabyte drive = 5 million pages

    • Requires expertise and tools, e.g. deleted files, familiarity with Operating System

    • Information can be stored remotely

    • Computers are multi-functional – intermingling of innocent and privileged information


Conclusion l.jpg

Conclusion

  • Countries must have laws that allow law enforcement to compel disclosure of evidence of crime

  • These powers in part enhance privacy by deterring criminal invasions of privacy

  • Overly intrusive powers can harm the privacy of citizens and chill economic development

  • Law makers must consider many factors when deciding what is appropriate for them

  • Models from other jurisdictions can assist countries in designing appropriate laws


Questions l.jpg

Questions?


Slide60 l.jpg

Todd M. Hinnen

Department of Justice

Computer Crime & Intellectual Property Section

Phone: (202) 305-7747

E-mail: [email protected]


  • Login