Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 DEVELOPING A LEGAL FRAMEWORK TO COMBAT CYBERCRIME Providing Law Enforcement with the Legal Tools to Prevent, Investigate, and Prosecute Cybercrime.

Similar presentations


Presentation on theme: "1 DEVELOPING A LEGAL FRAMEWORK TO COMBAT CYBERCRIME Providing Law Enforcement with the Legal Tools to Prevent, Investigate, and Prosecute Cybercrime."— Presentation transcript:

1 1 DEVELOPING A LEGAL FRAMEWORK TO COMBAT CYBERCRIME Providing Law Enforcement with the Legal Tools to Prevent, Investigate, and Prosecute Cybercrime

2 2 Overview I.Balancing Privacy and Public Safety II.Limits on Law Enforcement Investigative Authority III.Intercepting Electronic Communications IV.Collecting Traffic Data Real Time V.Obtaining Content Stored on a Computer Network VI.Obtaining Non-Content Information Stored on a Computer Network VII.Compelling the Target to Disclose Electronic Evidence

3 3 Overview I.Balancing Privacy and Public Safety II.Limits on Law Enforcement Investigative Authority III.Intercepting Electronic Communications IV.Collecting Traffic Data Real Time V.Obtaining Content Stored on a Computer Network VI.Obtaining Non-Content Information Stored on a Computer Network VII.Compelling the Target to Disclose Electronic Evidence

4 4 Balancing Privacy & Public Safety Privacy is a basic human right “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence...” -- Art. XII, Universal Declaration of Human Rights Promotes free thought, free expression, and free association, building blocks of democracy Supports competitive businesses and markets, cornerstone of a robust economy

5 5 Balancing Privacy & Public Safety Privacy of computer networks is important: Individuals, businesses, and governments increasingly use computers to communicate Sensitive personal information and business records are stored in electronic form Privacy of computer networks is important for human rights, individual freedoms, and economic efficiency

6 6 Balancing Privacy & Public Safety Threats to online privacy: Industry Industry Gathering marketing information Gathering marketing information Government Government Investigating crime, espionage, or terrorism Investigating crime, espionage, or terrorism Misusing legal investigative authorities Misusing legal investigative authorities Criminals Criminals Stealing government or business secrets or financial information Stealing government or business secrets or financial information Obtaining private information from individuals’ computers Obtaining private information from individuals’ computers

7 7 Balancing Privacy & Public Safety Need to investigate all kinds of crimes that involve computer networks Need to investigate all kinds of crimes that involve computer networks E.g.: communications of terrorists or drug dealers Need to investigate attempts to damage computer networks Need to investigate attempts to damage computer networks E.g.: “I love you” virus Need to investigate invasions of privacy Need to investigate invasions of privacy E.g.: hackers working for organized crime stealing credit card numbers

8 8 Overview I.Balancing Privacy and Public Safety II.Limits on Law Enforcement Investigative Authority III.Intercepting Electronic Communications IV.Collecting Traffic Data Real Time V.Obtaining Content Stored on a Computer Network VI.Obtaining Non-Content Information Stored on a Computer Network VII.Compelling the Target to Disclose Electronic Evidence

9 9 Limited Law Enforcement Authority Striking the Balance: Government investigative authority subject to appropriate limits and controls in the form of procedural laws will increase privacy and public safety, but... Government investigative authority subject to appropriate limits and controls in the form of procedural laws will increase privacy and public safety, but... Uncontrolled government authority may diminish privacy and hinder economic development. Uncontrolled government authority may diminish privacy and hinder economic development.

10 10 Intrusiveness of the Investigative Power Safeguards to Prevent Governmental Abuse Limited Law Enforcement Authority

11 11 Limited Law Enforcement Authority Ways to limit law enforcement authorities: Define specific predicate crimes/classes of crime Require law enforcement to demonstrate factual basis to independent judicial officer Require law enforcement to demonstrate factual basis to independent judicial officer Limit the breadth and scope, the location, or the duration Limit the breadth and scope, the location, or the duration Offer only as “last resort” Offer only as “last resort” Prior approval or subsequent review by senior official or politically accountable body Prior approval or subsequent review by senior official or politically accountable body

12 12 Limited Law Enforcement Authority Penalizing abuse: Administrative discipline of officer involved Inability to use evidence in prosecution (“suppression”) Inability to use evidence in prosecution (“suppression”) Civil liability for officer involved Civil liability for officer involved Criminal sanction of officer involved Criminal sanction of officer involved

13 13 Limited Law Enforcement Authority Limiting Economic Burdens on Third Party Service Providers: Should laws require providers to have certain technical capabilities? Should laws require providers to have certain technical capabilities? Who is responsible for costs of collecting data for law enforcement? Who is responsible for costs of collecting data for law enforcement?

14 14 Other Policy Considerations Each country should approach this complex balancing question, taking into consideration: Each country should approach this complex balancing question, taking into consideration: The scope of its crime and terrorism problem; Its existing legal structures; Its historical methods of protecting human rights; and, the need to assist foreign governments. Each country should decide the “means” for obtaining electronic evidence within its existing legal framework (e.g., constitutions, statutes, court decisions, rules of procedure) Each country should decide the “means” for obtaining electronic evidence within its existing legal framework (e.g., constitutions, statutes, court decisions, rules of procedure)

15 15 Overview I.Balancing Privacy and Public Safety II.Limits on Law Enforcement Investigative Authority III.Intercepting Electronic Communications IV.Collecting Traffic Data Real Time V.Obtaining Content Stored on a Computer Network VI.Obtaining Non-Content Information Stored on a Computer Network VII.Compelling the Target to Disclose Electronic Evidence

16 16 Information Obtained from Computer Networks in Cybercrime Investigations ContentNon-Content Real-TimeCommunications12 Information Stored on a Computer Network 34

17 17 ContentNon-Content Real-TimeCommunications12 Information Stored on a Computer Network 34 Information Obtained from Computer Networks in Cybercrime Investigations

18 18 Intercepting Electronic Communications on Computer Networks Obtaining the content of a communication as the communication occurs Similar to intercepting what’s being said in a phone conversation E.g.: collect the content of passing between two terrorists or drug dealers E.g.: collect the commands sent by a hacker to a victim computer to steal corporate information

19 19 Intercepting Electronic Communications on Computer Networks Many countries use the same (or very similar) rules as phone wiretaps Authority should include the ability to compel providers to assist law enforcement officials Sometimes does not require law enforcement expertise May depend on particular technology and infrastructure Art. 21, Council of Europe Convention on Cybercrime

20 20 Intercepting Electronic Communications on Computer Networks Law enforcement needs this authority because: Criminals and terrorists increasingly use electronic communications to plan and execute crimes Many crimes are committed mostly (or entirely) using computer networks Distribution of child pornography, internet fraud, hacking Communications may not be stored

21 21 Intercepting Electronic Communications on Computer Networks This authority should be limited because: Interception of communications can be a grave invasion of privacy Can allow access to the most private thoughts, harming freedoms of speech and association Fear of overly intrusive interception may stifle competitive markets, economic development, and foreign investment

22 22 Examples of Limitations on Interception Authorities – Australia Independent judicial review Facts in support of an application showing that intercepted communications would “be likely to assist” in an investigation Investigation of a serious crime (generally 7+ years maximum incarceration) 90 day maximum (renewable) Information intercepted unlawfully cannot be used as evidence in court Intercepted information has certain disclosure restrictions and destruction after purpose is complete Judge must balance surrounding circumstances: Whether other investigative techniques would not be just as effective The value of the information Gravity of the conduct The privacy invasion

23 23 Examples of Limitations on Interception Authorities – the United States 30 day time limit (plus extensions) “Probable cause” to believe a crime is being committed and that the facility is being used in furtherance of that crime All other options have been tried or are unlikely to succeed Independent judicial review Report to intercepted parties (at conclusion of case) Inability to use evidence in court if violate the law Administrative investigation of misuse of the law required Civil and criminal sanctions for violations Approval by high-level official Minimize collection of non- criminal communications Limitations on disclosure of intercepted communications

24 24 Possible Exceptions to the Rule Might not require legal process if: The communication is publicly accessible E.g.: public “chat” rooms Party/all parties to the communication consent Actual consent (CI), banner Emergency involving risk of death No reason to believe communication is private Hackers communication with target computer

25 25 Intercepting Electronic Communications: Other Considerations Limits on ISP’s interception Possible exceptions for consent, interceptions necessary to run or secure a network Voluntary disclosure of intercepted communication Only if legal interception (i.e. subject to exception)

26 26 Overview I.Balancing Privacy and Public Safety II.Limits on Law Enforcement Investigative Authority III.Intercepting Electronic Communications IV.Collecting Traffic Data Real Time V.Obtaining Content Stored on a Computer Network VI.Obtaining Non-Content Information Stored on a Computer Network VII.Compelling the Target to Disclose Electronic Evidence

27 27 Collecting Traffic Data Real Time ContentNon-Content Real-TimeCommunications12 Stored Information on a Network 34

28 28 Collecting Traffic Data Real Time Interception of non-content information Similar to phone number called to/from Similar to phone number called to/from E.g.: “To” and “From” on an E.g.: “To” and “From” on an E.g.: Source and destination IP address in a packet header E.g.: Source and destination IP address in a packet header Less intrusive than intercepting content, so less restrictions on law enforcement use Art. 20, Council of Europe Convention on Cybercrime

29 29 Collecting Traffic Data Real Time Law enforcement needs this authority because: Criminals and terrorists increasingly use electronic communications to plan and execute serious crimes Criminals and terrorists increasingly use electronic communications to plan and execute serious crimes Helps locate suspects, identify members of conspiracy Helps locate suspects, identify members of conspiracy Useful tool to assist foreign investigations where a country is used only as a “pass-though” Useful tool to assist foreign investigations where a country is used only as a “pass-though” Provides a less intrusive and therefore less restricted alternative to content interception Provides a less intrusive and therefore less restricted alternative to content interception

30 30 Collecting Traffic Data Real Time This authority should be limited because: Although less intrusive than content interception, still implicates privacy Although less intrusive than content interception, still implicates privacy Individuals don’t expect government to keep track of who they’re calling, even if government does not listen to what they’re saying To/From information may be revealing (e.g., repeated e- mails to a psychiatrist; receiving information from a militant organization)

31 31 Collecting Traffic Data Real Time Sample Laws – United Kingdom Information must be “necessary” for the investigation of crime, protection of national security, public health, other specified purposes Information must be “necessary” for the investigation of crime, protection of national security, public health, other specified purposes Approval by a designated high-level government official, but no independent judicial review Approval by a designated high-level government official, but no independent judicial review Collection must be “proportionate to what is sought to be achieved” Collection must be “proportionate to what is sought to be achieved” 30 day time limit 30 day time limit

32 32 Collecting Traffic Data Real Time Sample Laws – United States Information collected must be “relevant” to an ongoing criminal investigation Information collected must be “relevant” to an ongoing criminal investigation Can only be applied for by an attorney for the government (not a police officer) Can only be applied for by an attorney for the government (not a police officer) Limited to 60 days (plus extensions) Limited to 60 days (plus extensions) Disciplinary, civil, and criminal penalties for misuse Disciplinary, civil, and criminal penalties for misuse

33 33 Possible Exceptions to the Rule Might not require legal process if: Party/all parties to the communication consent E.g.: witness cooperating with the government allows officers to determine where conspirators’ e- mail is sent from No reason to believe communication is private Hackers communication with target computer Interception is by provider of computing service in order to run the system or provide security

34 34 Overview I.Balancing Privacy and Public Safety II.Limits on Law Enforcement Investigative Authority III.Intercepting Electronic Communications IV.Collecting Traffic Data Real Time V.Obtaining Content Stored on a Computer Network VI.Obtaining Non-Content Information Stored on a Computer Network VII.Compelling the Target to Disclose Electronic Evidence

35 35 Obtaining Content Information Stored on a Computer Network ContentNon-Content Real-TimeCommunications12 Information Stored on a Computer Network 34

36 36 Obtaining the Content of Stored Information on Computer Networks Information stored on the system of a third-party provider Computer network not owned by the target of an investigation E.g.: sent to an individual that is stored by an Internet service provider E.g.: calendar kept on a remote service

37 37 Obtaining the Content of Stored Information on Computer Networks Laws may be similar to those for searching or seizing computers in the possession of the target of an investigation But because the information is held by a neutral third party, physical coerciveness of regular search procedures may not be necessary Also, because the data is not in the immediate control (e.g. home) of the individual, he or she may have less of a privacy interest in it Art. 18, Council of Europe Convention on Cybercrime

38 38 Obtaining the Content of Stored Information on Computer Networks Law enforcement needs this authority because: Without it, serious crimes will go unpunished and undeterred Just as law enforcement has needed coercive power to gather evidence in “real world” contexts, so it must be able to do so in online contexts For the many crimes committed over the Internet, stored information is the “crime scene”

39 39 Obtaining the Content of Stored Information on Computer Networks This authority should be limited because: As our countries enter the “Information Age,” more and more of the most sensitive data is being stored on computers Businesses are increasingly using computer networks to store data Individuals are increasingly storing information and communications remotely on third-party networks

40 40 Obtaining Stored Content Sample Laws – United States To compel disclosure of most kinds of “Probable cause” to believe it contains evidence of a crime (same standard as to search a package or a house) Review of evidence by an independent judge Administrative sanctions against officers who abuse the authority Civil suit against the government for misuse Disclosure restrictions

41 41 Obtaining Stored Content Do some categories of data deserve extra protection? Greater expectation that data will remain private Has the user any choice about whether the information is stored on the network? Has the user any choice about whether the information is stored on the network? Example of graduated system of requirements – United States Unopened requires a search warrant based upon “probable cause” accessed by the user and other information the user chooses to store on a remote server requires a court order with only a showing of “relevance”

42 42 Obtaining Stored Content Consider allowing voluntary disclosure to law enforcement under some circumstances: Unrestricted disclosure by 3 rd -party providers may infringe upon privacy and have economic impact, but disclosure may be justified To protect public health or safety To allow the provider to protect its property (e.g., by reporting unauthorized use)

43 43 Overview I.Balancing Privacy and Public Safety II.Limits on Law Enforcement Investigative Authority III.Intercepting Electronic Communications IV.Collecting Traffic Data Real Time V.Obtaining Content Stored on a Computer Network VI.Obtaining Non-Content Information Stored on a Computer Network VII.Compelling the Target to Disclose Electronic Evidence

44 44 Obtaining Non-Content Information Stored on a Computer Network ContentNon-Content Real-TimeCommunications12 Information Stored on a Computer Network 34

45 45 Obtaining Non-Content Information Stored on a Computer Network Computers create logs showing where communications came from and where they went Generally less sensitive than content E.g.: a list of all of the addresses to which a user sent E.g.: a log showing the phone numbers by which a user accessed an Internet service provider

46 46 Obtaining Non-Content Information Stored on a Computer Network Law enforcement needs this authority because: Logs showing what occurred on a network may be the best evidence of a computer crime; may identify the suspect or reveal criminal conduct Logs showing what occurred on a network may be the best evidence of a computer crime; may identify the suspect or reveal criminal conduct This authority should be limited because: Although less sensitive than content, these records still contain private information Although less sensitive than content, these records still contain private information

47 47 Obtaining Stored Non-Content Information Laws Can Distinguish Between Kinds of Records: Subscriber information generally less sensitive Name, street address, user name Might include method of payment, i.e., credit card or bank account (important because ISPs may not check users’ identities) Logs showing with whom a user has communicated generally more sensitive

48 48 Obtaining Stored Non-Content Information Examples of Different Standards Art. 18, Council of Europe Convention on Cybercrime: Treats “Subscriber Information” differently from other data United States: United States: Basic subscriber records require a mere showing of “relevance” to a criminal investigation without prior review by a court (subpoena) Basic subscriber records require a mere showing of “relevance” to a criminal investigation without prior review by a court (subpoena) logs require a prior finding of “specific and articulable facts” that would justify disclosure of the records logs require a prior finding of “specific and articulable facts” that would justify disclosure of the records

49 49 Preservation of Evidence Problem: many stored records last only for weeks or days Obtaining legal process is often slow Investigators may not even know the significance of evidence until weeks or days after the commission of a crime Critical tool: request by law enforcement to preserve evidence (content or non-content) Request does not compel the disclosure of the records, but freezes them pending legal process

50 50 Preservation of Evidence Must be very fast (not require prior judicial approval or even written process) Few privacy concerns because no disclosure occurs COE Convention: does not require dual criminality because of need to preserve data quickly (disclosure, however, requires dual criminality)

51 51 Preservation of Evidence Sample Laws – United States A provider of … communication services, upon the request of a government entity, shall take all necessary steps to preserve records or other evidence in its possession pending the issuance of a court order or other process.” Lasts for 90 days and can be renewed Lasts for 90 days and can be renewed

52 52 Overview I.Balancing Privacy and Public Safety II.Limits on Law Enforcement Investigative Authority III.Intercepting Electronic Communications IV.Collecting Traffic Data Real Time V.Obtaining Content Stored on a Computer Network VI.Obtaining Non-Content Information Stored on a Computer Network VII.Compelling the Target to Disclose Electronic Evidence

53 53 Compelling Disclosure of Electronic Evidence in the Possession of the Target Generally rules that pertain to search of a home or office apply Have to assure that the law is broad enough to cover collection of intangible data and not just physical items Compare: E.g.: Computer used to store child pornography or other evidence E.g.: Computer used to break into bank to steal account information or move funds from one account to another

54 54 Seizing Computer Hardware Council of Europe Convention, Article 19 Often investigators need to seize the computer itself Easy to apply traditional rules for objects Not clear why a computer should get greater or lesser protection than a filing cabinet

55 55 Searches and Seizures of Stored Data and Intangible Evidence Investigators could simply copy computer files after entering an individual’s home Data stored at home can be extremely sensitive (e.g., a diary, a will) Recommendation: treat data as a “thing” to be seized, even if only a copy is made But: “imaging” a drive should be a permissible search technique Technical considerations, e.g., OS Slack space and deleted files

56 56 Considerations for Searches and Seizures of Intangible Evidence Applying the traditional rules provides balance and certainty Unwise not to protect that data from over-intrusive governmental searches Also unwise not to give law enforcement the power to obtain that evidence Easier for investigators to learn Use existing exceptions as well E.g.: consent, emergency circumstances

57 57 Considerations for Searches and Seizures of Intangible Evidence Why computer searches are different: Computers hold huge amounts of data 10 gigabyte drive = 5 million pages Requires expertise and tools, e.g. deleted files, familiarity with Operating System Information can be stored remotely Computers are multi-functional – intermingling of innocent and privileged information

58 58 Conclusion Countries must have laws that allow law enforcement to compel disclosure of evidence of crime These powers in part enhance privacy by deterring criminal invasions of privacy Overly intrusive powers can harm the privacy of citizens and chill economic development Law makers must consider many factors when deciding what is appropriate for them Models from other jurisdictions can assist countries in designing appropriate laws

59 59 Questions?

60 60 Todd M. Hinnen Department of Justice Computer Crime & Intellectual Property Section Phone: (202)


Download ppt "1 DEVELOPING A LEGAL FRAMEWORK TO COMBAT CYBERCRIME Providing Law Enforcement with the Legal Tools to Prevent, Investigate, and Prosecute Cybercrime."

Similar presentations


Ads by Google