The challenges of cloud-derived evidence Professor Ian Walden Centre for Commercial Law Studies, Queen Mary, University of London.

Slides:

Advertisements

Similar presentations

EEvidence Dr Ian Walden Institute of Computer and Communications Law, Centre for Commercial Law Studies, Queen Mary, University of London Baker & McKenzie.

Advertisements

NEW EXISTING TOOLS FOR ENHANCING INTERNATIONAL JUDICIAL COOPERATION WITHIN THE EUROPEAN UNION Towards a new generation of mutual legal assistance mechanisms.

Double jeopardy and Mutual Legal Assistance

The Gathering Cloud computing - Legal considerations David Goodbrand, Partner 28 February 2013 Aberdeen Edinburgh Glasgow.

INTRODUCTION INTO PRIVATE INTERNATIONAL LAW OF THE EUROPEAN UNION Marko Jovanovic, LL.M. MASTER IN EUROPEAN INTEGRATION Private International Law in the.

CALEA Compliance in 2006 H. Michael Warren Vice President, Fiduciary Services NeuStar, Inc February 2006.

Evidence Collection & Admissibility Computer Forensics BACS 371.

The Patriot Act And computing. /criminal/cybercrime/PatriotAct.htm US Department of Justice.

Workshop on Harmonizing Cyberlaw in the ECOWAS region ( Procedural Law in the Budapest Convention ) Ghana, Accra 17 – 21 March 2014, Kofi Annan International.

Jurisdictional issues and international co-operation in combating cybercrime Anne Flanagan Institute for Computer and Communications Law Centre for Commercial.

AN INTERNATIONAL SOLUTION TO A GLOBAL PROBLEM. A Global Problem What is cybercrime? How does it affect us ? The solution.

Legal Issues Computer Forensics COEN 252 Drama in Soviet Court. Post-Stalin (1955). Painted by Solodovnikov. Oil on Canvas, 110 x 130 cm.

Communications Briefing: Navigating the clouds Sam Parr and Ian Walden Wednesday 21 October 2009, – 2.00 pm.

Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.

Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Legal, Regulations, Compliance and Investigations.

Europol’s tailor-made data protection framework

EU: Bilateral Agreements of Member States

EU: Bilateral Agreements of Member States. Formerly concluded international agreements of Member States with third countries Article 351 TFEU The rights.

By Drudeisha Madhub Data Protection Commissioner Date:

FSA Enforcement Ian Mason Head of Department, Wholesale Group Enforcement Division June 2005.

Course: European Criminal Law SS 2009 Hubert Hinterhofer.

Use of IT Resources for Evidence Gathering & Analysis Use of IT Resources for Evidence Gathering & Analysis Raymond SO Wing-keung Assistant Director Independent.

Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.

CLOUD AND SECURITY: A LEGISLATOR'S PERSPECTIVE 6/7/2013.

Tackling IT crime in a global context: the Convention on Cybercrime 3 years after Julio Pérez Gil University of Burgos, Spain.

Regional Conference Intellectual Property Crime Bahrain April 2008.

Investigating Cybercrime DATALAWS Information Technology Law Consultants Presented by F. F Akinsuyi (MSc, LLM)MBCS.

Amicus Legal Consultants THE DEPLOYMENT OF SPECIAL INVESTIGATIVE MEANS IN PROACTIVE ANTI-CORRUPTION INVESTIGATIONS.

1 The interplay of stopping computer crime while protecting privacy Svein Yngvar Willassen Department of Telematics, Norwegian University of Science and.

The Legal Issues Facing Digital Forensic Investigations In A Cloud Environment Presented by Janice Rafraf 15/05/2015Janice Rafraf1.

Digitalization of courts in the context of mutual assistance in criminal matters Dr Arkadiusz Lach Department of Criminal Procedure University of Nicolaus.

Computer Forensics Principles and Practices

Data Protection Compliance Professor Ian Walden Institute of Computer and Communications Law, Centre for Commercial Law Studies, Queen Mary, University.

Lecture 11: Law and Ethics

RIPA and Surveillance on Social Networking Sites Micheál O’ Floinn Lecturer in Cyber-Security Law 30 th January 2014.

Mutual Legal Assistance Kennedy Talbot 33 Chancery Lane

Principles of Information System Security: Text and Cases

Executing Environmental Judgments in Criminal Proceedings.

2002 Symantec Corporation, All Rights Reserved The EU Regulations and IT security An industry perspective Ilias Chantzos, Government Relations EMEA Terena.

Perspectives for an effective European-wide fight against cybercrime Anne Flanagan Institute for Computer and Communications Law Centre for Commercial.

1 The Challenges of Globalization of Criminal Investigations Countries need to: Enact sufficient laws to criminalize computer abuses; Commit adequate personnel.

Digital evidence in criminal proceedings: legal considerations Arkadiusz Lach Department of Criminal Procedure Faculty of Law University of Nicolaus Copernicus.

European Arrest Warrant – Actual Challenges

s Protected by Fourth Amendment Right of Privacy By: Xavier Mulligan.

Information Security Legislation Moving ahead Information Security 2001 Professional Information Security Association Sin Chung Kai Legislative Councillor.

Protecting Privacy and Freedom of Communication in the Fight against Cybercrime Southeast Europe Cybersecurity Conference Sofia, Bulgaria 8-9 September.

Human Rights Act, Privacy in the context of auditing Phil Huggins Chief Technologist, IRM PLC

INVESTIGATION KAROLINA KREMENS, LL.M. (Ottawa), Ph.D. International Criminal Procedure.

OTHER COUNCIL OF EUROPE CONVENTIONS INTRODUCTION.

NATIONAL CONVENTIONAL ARMS CONTROL AMENDMENT BILL Briefing to the Portfolio Committee on Defence 12 August 2008.

Cybercrime Courses 1.Child Protection Software 2.Forensic Scan 3.Internet For Investigators 1.Intelligence Gathering On The Internet (Open Source) 1.Covert.

E-evidence and access to data in the cloud Issues and options under consideration by the Cloud Evidence Group of the Cybercrime.

And the additional protocol to the Convention on Cybercrime, concerning the criminalisation of acts of a racist and xenophobic nature committed through.

-1- WORKSHOP ON DATA PROTECTION AND DATA TRANSFERS TO THIRD COUNTRIES Technical and organizational security measures Skopje, 16 May - 17 May 2011 María.

Prof. Dr. Lorena Bachmaier, Universidad Complutense Madrid, Spain Section III- Criminal Procedure Information Society and Penal Law Lorena Bachmaier Doha,

VI. CRIMINAL PROCESS FROM ARREST TO CONCLUSION PRESENTED BY: JUDGE MARK A. SPEISER.

Surveillance around the world

VI. CRIMINAL PROCESS FROM ARREST TO CONCLUSION

Role of Service Providers in Cybercrime Investigations

Investigating Shipping Pollution Violations

Principles of Administrative Law <Instructor Name>

3rd ANTI-CYBERCRIME FORUM

U.S. Department of Justice

Overview of the Budapest Convention on Cybercrime (2001)

Cybercrime in the election process:

Prosecuting International Intellectual Property Crimes

Women’s Access to Justice: A Guide for Legal Practitioners

Cybercrime legislation and policies in Africa: Issues for discussion

European Arrest Warrant

Cloud Computing for Wireless Networks

Presentation transcript:

The challenges of cloud-derived evidence Professor Ian Walden Centre for Commercial Law Studies, Queen Mary, University of London

Introductory remarks l Cloud computing –A new ICT paradigm? –Crime follows opportunity.... l An environment for obtaining evidence –Addressing the data problems l Exercising law enforcement powers –Legality & enforceability l Jurisdictional reach –Evidential impact

Cloud computing l ‘X as a Service’ –Software, Platform or Infrastructure: SaaS, PaaS & IaaS –Flexible, location-independent, on-demand, shared, virtualised l Cloud multi-layered ecosystem –Service providers –Infrastructure providers –Communication providers l Deployment models –Public, private, community or hybrid

Forensic challenges in the Cloud l Multiplicity –e.g. Data replication for performance, availability, back-up & redundancy l Distributed storage –e.g. ‘sharding’ and ‘partitioning’ l The ‘loss of location’ l Protected data –e.g. cryptography l Identity –Establishing links

Identity l Target IP address –e.g –generated by application being utilised l IP holder –‘whois’ enquiry of regional, national or local registry databases l Logging history –e.g. DHCP allocation log l Subscriber details –e.g. Credit card details

CSP-derived data l Content & communications data –‘in transmission’ or ‘at rest’ l Edmondson & ors v R [2013] EWCA Crim 1026 l Expedited preservation (‘quick freeze’) –Cybercrime Convention, arts l Data retention –Data Retention Directive 06/24/EC l 6-24 months l Rights of access –‘serious crime’ or ‘crime’

Protected data l Another data problem! –‘going dark’ l ‘access’ & ‘conversion’ protections l Legal constraints –Time limits l Legal response –Criminalise the use –Obligation to assist –Break the protection

Criminalise use l Control export, import, use –Export control regulations: ‘Wassenaar Arrangement’ l Dual-use technologies, Category 5, Part 2: ‘Information Security’ l Breach of regulations is a criminal offence l Use in criminal activity –e.g. State of Virginia (US), Computer Crime Act at § : ‘Encryption used in criminal activity’ l “an offense which is separate and distinct from the predicate criminal activity”

Obligations to assist l Cybercrime Convention, art. 19(4) –“to empower its competent authorities to order any person who has knowledge about the functioning of the computer system or measures applied to protect the computer data” l Regulation of Investigatory Powers Act 2000 –RIPA Pt I: ‘Interception l Section 12 Notice –RIPA Pt III: ‘Investigation of Protected Electronic Information’ l Delivery-up of ‘key’: Failure to disclose (s. 53): 2 yr term (5 yrs for national security & child indecency cases) l Cutler [2011] EWCA Crim 2781: “a very serious offence because it interferes with the administration of justice” l Padellec [2012] EWCA Crim 1956

Breaking the protection l Ex ante measures –Mandating technology l e.g. US ‘key escrow’ & ‘Clipper Chip’ (1995) –Influencing the standards l e.g. Dual EC DRBG standard l Ex post arrangements –Expert resources l e.g. UK: National Technical Assistance Centre –Hacking l e.g. NSA’s ‘Tailored Access Operations’ l Based more on stolen goods than maths!

Human rights concerns –ECHR Article 6 – right against self- incrimination l S and A [2008] EWCA Crim 2177: “an existence independent of the will of the suspect” –US, 5 th Amendment l Boucher 2009 WL (D.Vt.) –Requirement to produce an unencrypted drive did not constitute compelled testimonial communication. l Kim 2009 WL (US District Court for the Southern District of Texas 2009) –Exceeding scope of warranted search & inapplicable ‘plain view doctrine’ resulted in suppression of child sexual abuse images discovered in encrypted folders

Law enforcement l Law enforcement access –Covert & coercive investigative techniques l Request recipients –Cloud users l Suspect, victim or 3 rd party –Cloud providers l Service providers l Infrastructure providers l Communication providers –Within & beyond the territory

LEA investigative powers l ‘Exercising a power’ –Permissible & impermissible conduct l e.g. entrapment l Expedited preservation, retention & delivery-up –Differential authorisation l Judicial, executive or administrative l Issues of legality & enforceability –Obtaining authorisation –Executing the authorisation –Recipient’s actions l e.g. Rackspace (2004)

Jurisdictional reach l Cybercrime Convention (2001) –Production order (art. 18) l Person ‘in its territory’ or ‘offering its services in the territory’ with ‘possession or control’ –Rackspace (2013) –Search & seizure l Domestic networks (art. 19) l International networks (art. 32) –Open source or lawful and voluntary consent of the person who has lawful authority to disclose Other forms are ‘neither authorised, nor precluded’ Contractual provisions

International co-operation l Mutual legal assistance –From harmonisation to mutual recognition l Convention on Cybercrime l TFEU, art. 82: European Evidence Warrant & European Investigation Order l Informal co-operation with foreign LEAs –Proactive disclosure & 24/7 networks l Direct liaison with foreign service providers –Council of Europe Guidelines (2008) l e.g. Google ‘Transparency Report l Engage directly with the material sought

Cloud-derived evidence l ‘fair trial’ and ‘due process’ considerations – Regulating investigative practices? Schenk v Switzerland (1991) 13 E.H.R.R. 242 United States v Gorshkov (2001) l Admissibility –Statutory rules l RIPA, s Inadmissibility of UK intercept product –Judicial discretion l PACE, s. 78 l Impact of lawfulness of obtaining, e.g. Suppression l Evidence gathered under MLA

Probative value l Provenance issues with remote & protected data  Need for experts l Authenticity –Link person/material test –Computer source test l, l Integrity –‘Operating properly’ test l e.g. Waddon (1999): ‘mere post boxes’ l Accountability –Acquisition test –Chain of custody test

Concluding remarks l Clouds & the ‘loss of location’ l Exceeding powers in application or reach –Surrendering sovereignty l From formality to informality –Issues of accountability & oversight l Harmonisation limitations –Building a ‘culture of co-operation’! l e.g. Amazon & WikiLeaks l Evidential implications