Presentation is loading. Please wait.

Presentation is loading. Please wait.

The challenges of cloud-derived evidence Professor Ian Walden Centre for Commercial Law Studies, Queen Mary, University of London.

Published byHolly Hoover Modified over 8 years ago

Similar presentations

Presentation on theme: "The challenges of cloud-derived evidence Professor Ian Walden Centre for Commercial Law Studies, Queen Mary, University of London."— Presentation transcript:

1 The challenges of cloud-derived evidence Professor Ian Walden Centre for Commercial Law Studies, Queen Mary, University of London

2 Introductory remarks l Cloud computing –A new ICT paradigm? –Crime follows opportunity.... l An environment for obtaining evidence –Addressing the data problems l Exercising law enforcement powers –Legality & enforceability l Jurisdictional reach –Evidential impact

3 Cloud computing l ‘X as a Service’ –Software, Platform or Infrastructure: SaaS, PaaS & IaaS –Flexible, location-independent, on-demand, shared, virtualised l Cloud multi-layered ecosystem –Service providers –Infrastructure providers –Communication providers l Deployment models –Public, private, community or hybrid

4 Forensic challenges in the Cloud l Multiplicity –e.g. Data replication for performance, availability, back-up & redundancy l Distributed storage –e.g. ‘sharding’ and ‘partitioning’ l The ‘loss of location’ l Protected data –e.g. cryptography l Identity –Establishing links

5 Identity l Target IP address –e.g. 38.111.64.2 –generated by application being utilised l IP holder –‘whois’ enquiry of regional, national or local registry databases l Logging history –e.g. DHCP allocation log l Subscriber details –e.g. Credit card details

6 CSP-derived data l Content & communications data –‘in transmission’ or ‘at rest’ l Edmondson & ors v R [2013] EWCA Crim 1026 l Expedited preservation (‘quick freeze’) –Cybercrime Convention, arts. 16-17 l Data retention –Data Retention Directive 06/24/EC l 6-24 months l Rights of access –‘serious crime’ or ‘crime’

7 Protected data l Another data problem! –‘going dark’ l ‘access’ & ‘conversion’ protections l Legal constraints –Time limits l Legal response –Criminalise the use –Obligation to assist –Break the protection

8 Criminalise use l Control export, import, use –Export control regulations: ‘Wassenaar Arrangement’ l Dual-use technologies, Category 5, Part 2: ‘Information Security’ l Breach of regulations is a criminal offence l Use in criminal activity –e.g. State of Virginia (US), Computer Crime Act at § 18.2- 152.15: ‘Encryption used in criminal activity’ l “an offense which is separate and distinct from the predicate criminal activity”

9 Obligations to assist l Cybercrime Convention, art. 19(4) –“to empower its competent authorities to order any person who has knowledge about the functioning of the computer system or measures applied to protect the computer data” l Regulation of Investigatory Powers Act 2000 –RIPA Pt I: ‘Interception l Section 12 Notice –RIPA Pt III: ‘Investigation of Protected Electronic Information’ l Delivery-up of ‘key’: Failure to disclose (s. 53): 2 yr term (5 yrs for national security & child indecency cases) l Cutler [2011] EWCA Crim 2781: “a very serious offence because it interferes with the administration of justice” l Padellec [2012] EWCA Crim 1956

10 Breaking the protection l Ex ante measures –Mandating technology l e.g. US ‘key escrow’ & ‘Clipper Chip’ (1995) –Influencing the standards l e.g. Dual EC DRBG standard l Ex post arrangements –Expert resources l e.g. UK: National Technical Assistance Centre –Hacking l e.g. NSA’s ‘Tailored Access Operations’ l Based more on stolen goods than maths!

11 Human rights concerns –ECHR Article 6 – right against self- incrimination l S and A [2008] EWCA Crim 2177: “an existence independent of the will of the suspect” –US, 5 th Amendment l Boucher 2009 WL 424718 (D.Vt.) –Requirement to produce an unencrypted drive did not constitute compelled testimonial communication. l Kim 2009 WL 5185389 (US District Court for the Southern District of Texas 2009) –Exceeding scope of warranted search & inapplicable ‘plain view doctrine’ resulted in suppression of child sexual abuse images discovered in encrypted folders

12 Law enforcement l Law enforcement access –Covert & coercive investigative techniques l Request recipients –Cloud users l Suspect, victim or 3 rd party –Cloud providers l Service providers l Infrastructure providers l Communication providers –Within & beyond the territory

13 LEA investigative powers l ‘Exercising a power’ –Permissible & impermissible conduct l e.g. entrapment l Expedited preservation, retention & delivery-up –Differential authorisation l Judicial, executive or administrative l Issues of legality & enforceability –Obtaining authorisation –Executing the authorisation –Recipient’s actions l e.g. Rackspace (2004)

14 Jurisdictional reach l Cybercrime Convention (2001) –Production order (art. 18) l Person ‘in its territory’ or ‘offering its services in the territory’ with ‘possession or control’ –Rackspace (2013) –Search & seizure l Domestic networks (art. 19) l International networks (art. 32) –Open source or lawful and voluntary consent of the person who has lawful authority to disclose Other forms are ‘neither authorised, nor precluded’ Contractual provisions

15 International co-operation l Mutual legal assistance –From harmonisation to mutual recognition l Convention on Cybercrime l TFEU, art. 82: European Evidence Warrant & European Investigation Order l Informal co-operation with foreign LEAs –Proactive disclosure & 24/7 networks l Direct liaison with foreign service providers –Council of Europe Guidelines (2008) l e.g. Google ‘Transparency Report l Engage directly with the material sought

16 Cloud-derived evidence l ‘fair trial’ and ‘due process’ considerations – Regulating investigative practices? Schenk v Switzerland (1991) 13 E.H.R.R. 242 United States v Gorshkov (2001) l Admissibility –Statutory rules l RIPA, s. 17 - Inadmissibility of UK intercept product –Judicial discretion l PACE, s. 78 l Impact of lawfulness of obtaining, e.g. Suppression l Evidence gathered under MLA

17 Probative value l Provenance issues with remote & protected data  Need for experts l Authenticity –Link person/material test –Computer source test l, l Integrity –‘Operating properly’ test l e.g. Waddon (1999): ‘mere post boxes’ l Accountability –Acquisition test –Chain of custody test

18 Concluding remarks l Clouds & the ‘loss of location’ l Exceeding powers in application or reach –Surrendering sovereignty l From formality to informality –Issues of accountability & oversight l Harmonisation limitations –Building a ‘culture of co-operation’! l e.g. Amazon & WikiLeaks l Evidential implications

Download ppt "The challenges of cloud-derived evidence Professor Ian Walden Centre for Commercial Law Studies, Queen Mary, University of London."

Similar presentations

EEvidence Dr Ian Walden Institute of Computer and Communications Law, Centre for Commercial Law Studies, Queen Mary, University of London Baker & McKenzie.

EEvidence Dr Ian Walden Institute of Computer and Communications Law, Centre for Commercial Law Studies, Queen Mary, University of London Baker & McKenzie.
NEW EXISTING TOOLS FOR ENHANCING INTERNATIONAL JUDICIAL COOPERATION WITHIN THE EUROPEAN UNION Towards a new generation of mutual legal assistance mechanisms.

NEW EXISTING TOOLS FOR ENHANCING INTERNATIONAL JUDICIAL COOPERATION WITHIN THE EUROPEAN UNION Towards a new generation of mutual legal assistance mechanisms.
Double jeopardy and Mutual Legal Assistance

Double jeopardy and Mutual Legal Assistance
The Gathering Cloud computing - Legal considerations David Goodbrand, Partner 28 February 2013 Aberdeen Edinburgh Glasgow.

The Gathering Cloud computing - Legal considerations David Goodbrand, Partner 28 February 2013 Aberdeen Edinburgh Glasgow.
INTRODUCTION INTO PRIVATE INTERNATIONAL LAW OF THE EUROPEAN UNION Marko Jovanovic, LL.M. MASTER IN EUROPEAN INTEGRATION Private International Law in the.

INTRODUCTION INTO PRIVATE INTERNATIONAL LAW OF THE EUROPEAN UNION Marko Jovanovic, LL.M. MASTER IN EUROPEAN INTEGRATION Private International Law in the.
CALEA Compliance in 2006 H. Michael Warren Vice President, Fiduciary Services NeuStar, Inc February 2006.

CALEA Compliance in 2006 H. Michael Warren Vice President, Fiduciary Services NeuStar, Inc February 2006.
Evidence Collection & Admissibility Computer Forensics BACS 371.

Evidence Collection & Admissibility Computer Forensics BACS 371.
The Patriot Act And computing. /criminal/cybercrime/PatriotAct.htm US Department of Justice.

The Patriot Act And computing. /criminal/cybercrime/PatriotAct.htm US Department of Justice.
Workshop on Harmonizing Cyberlaw in the ECOWAS region ( Procedural Law in the Budapest Convention ) Ghana, Accra 17 – 21 March 2014, Kofi Annan International.

Workshop on Harmonizing Cyberlaw in the ECOWAS region ( Procedural Law in the Budapest Convention ) Ghana, Accra 17 – 21 March 2014, Kofi Annan International.
Jurisdictional issues and international co-operation in combating cybercrime Anne Flanagan Institute for Computer and Communications Law Centre for Commercial.

Jurisdictional issues and international co-operation in combating cybercrime Anne Flanagan Institute for Computer and Communications Law Centre for Commercial.
AN INTERNATIONAL SOLUTION TO A GLOBAL PROBLEM. A Global Problem What is cybercrime? How does it affect us ? The solution.

AN INTERNATIONAL SOLUTION TO A GLOBAL PROBLEM. A Global Problem What is cybercrime? How does it affect us ? The solution.
Legal Issues Computer Forensics COEN 252 Drama in Soviet Court. Post-Stalin (1955). Painted by Solodovnikov. Oil on Canvas, 110 x 130 cm.

Legal Issues Computer Forensics COEN 252 Drama in Soviet Court. Post-Stalin (1955). Painted by Solodovnikov. Oil on Canvas, 110 x 130 cm.
Communications Briefing: Navigating the clouds Sam Parr and Ian Walden Wednesday 21 October 2009, 12.00 – 2.00 pm.

Communications Briefing: Navigating the clouds Sam Parr and Ian Walden Wednesday 21 October 2009, – 2.00 pm.
Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.

Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.
Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Legal, Regulations, Compliance and Investigations.

Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Legal, Regulations, Compliance and Investigations.
Europol’s tailor-made data protection framework

Europol’s tailor-made data protection framework
EU: Bilateral Agreements of Member States

EU: Bilateral Agreements of Member States
EU: Bilateral Agreements of Member States. Formerly concluded international agreements of Member States with third countries Article 351 TFEU The rights.

EU: Bilateral Agreements of Member States. Formerly concluded international agreements of Member States with third countries Article 351 TFEU The rights.
By Drudeisha Madhub Data Protection Commissioner Date: 12.08.14.

By Drudeisha Madhub Data Protection Commissioner Date:
FSA Enforcement Ian Mason Head of Department, Wholesale Group Enforcement Division June 2005.

FSA Enforcement Ian Mason Head of Department, Wholesale Group Enforcement Division June 2005.

Similar presentations

Ads by Google