Cyber Security - the Laws that Govern Incident Response. Joel Michael Schwarz Department of Justice Computer Crime and Intellectual Property Section Criminal Division (202) 353-4253 / [email protected] http://www.cybercrime.gov. Today’s goals:.
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
Joel Michael Schwarz
Department of Justice
Computer Crime and Intellectual Property Section
(202) 353-4253 / [email protected]
Part I. Obtaining Content of Communications - Wiretap
You have no reasonable expectation of privacy on this network.
3i. Overview: Exception (2)What stored communications records can non-public providers be compelled to disclose to the government (and how can this be compelled)?
NOTE: The process indicated in each of the above cases is the simplest form of process that may be used (ex. where a subpoena is required, a court order, a process with more procedural protections, will also satisfy ECPA)
If unretrievedfor less than 180 days (it’s fresh): search warrant (18 U.S.C. § 2703(a))
Application for warrant made in district with jurisdiction, even if data stored in another district
A provider’s good faith on legal process and statutory authorization in preserving and/or disclosing information confers complete immunity to any civil or criminal action against the provider.
4a. Punishment Issues Exception (2)Some countries have increased penalties when harm leads to serious injury or death
4b. Punishment Issues Exception (2)How can someone cause serious injury or death with a computer code or command?
4c. Punishment Issues Exception (2)
A quote from an MSNBC news article on a Romanian hacker case handled by an FBI Special Agent:
“It was nearly 70 degrees below zero outside, but the e-mail on a computer at the South Pole Research Center sent a different kind of chill through the scientists inside. `I’ve hacked into the server. Pay me off or I’ll sell the station’s data to another country and tell the world how vulnerable you are,’ the message warned. Proving it was no hoax, the message included scientific data showing the extortionist had roamed freely around the server, which controlled the 50 researchers’ life-support systems”