Presentation is loading. Please wait.

Presentation is loading. Please wait.

DEVELOPING A LEGAL FRAMEWORK TO COMBAT CYBERCRIME

Published byCandace Francis Modified over 5 years ago

Similar presentations

Presentation on theme: "DEVELOPING A LEGAL FRAMEWORK TO COMBAT CYBERCRIME"— Presentation transcript:

1 DEVELOPING A LEGAL FRAMEWORK TO COMBAT CYBERCRIME
Providing Law Enforcement with the Legal Tools to Prevent, Investigate, and Prosecute Cybercrime

2 Overview Balancing Privacy and Public Safety
Limits on Law Enforcement Investigative Authority Intercepting Electronic Communications Collecting Traffic Data Real Time Obtaining Content Stored on a Computer Network Obtaining Non-Content Information Stored on a Computer Network Compelling the Target to Disclose Electronic Evidence

3 Overview Balancing Privacy and Public Safety
Limits on Law Enforcement Investigative Authority Intercepting Electronic Communications Collecting Traffic Data Real Time Obtaining Content Stored on a Computer Network Obtaining Non-Content Information Stored on a Computer Network Compelling the Target to Disclose Electronic Evidence

4 Balancing Privacy & Public Safety
Privacy is a basic human right “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence...” -- Art. XII, Universal Declaration of Human Rights Promotes free thought, free expression, and free association, building blocks of democracy Supports competitive businesses and markets, cornerstone of a robust economy

5 Balancing Privacy & Public Safety
Privacy of computer networks is important: Individuals, businesses, and governments increasingly use computers to communicate Sensitive personal information and business records are stored in electronic form Privacy of computer networks is important for human rights, individual freedoms, and economic efficiency

6 Balancing Privacy & Public Safety
Threats to online privacy: Industry Gathering marketing information Government Investigating crime, espionage, or terrorism Misusing legal investigative authorities Criminals Stealing government or business secrets or financial information Obtaining private information from individuals’ computers

7 Balancing Privacy & Public Safety
Need to investigate all kinds of crimes that involve computer networks E.g.: communications of terrorists or drug dealers Need to investigate attempts to damage computer networks E.g.: “I love you” virus Need to investigate invasions of privacy E.g.: hackers working for organized crime stealing credit card numbers

8 Overview Balancing Privacy and Public Safety
Limits on Law Enforcement Investigative Authority Intercepting Electronic Communications Collecting Traffic Data Real Time Obtaining Content Stored on a Computer Network Obtaining Non-Content Information Stored on a Computer Network Compelling the Target to Disclose Electronic Evidence

9 Limited Law Enforcement Authority
Striking the Balance: Government investigative authority subject to appropriate limits and controls in the form of procedural laws will increase privacy and public safety, but . . . Uncontrolled government authority may diminish privacy and hinder economic development.

10 Limited Law Enforcement Authority
Intrusiveness of the Investigative Power Safeguards to Prevent Governmental Abuse

11 Limited Law Enforcement Authority
Ways to limit law enforcement authorities: Define specific predicate crimes/classes of crime Require law enforcement to demonstrate factual basis to independent judicial officer Limit the breadth and scope, the location, or the duration Offer only as “last resort” Prior approval or subsequent review by senior official or politically accountable body

12 Limited Law Enforcement Authority
Penalizing abuse: Administrative discipline of officer involved Inability to use evidence in prosecution (“suppression”) Civil liability for officer involved Criminal sanction of officer involved

13 Limited Law Enforcement Authority
Limiting Economic Burdens on Third Party Service Providers: Should laws require providers to have certain technical capabilities? Who is responsible for costs of collecting data for law enforcement?

14 Other Policy Considerations
Each country should approach this complex balancing question, taking into consideration: The scope of its crime and terrorism problem; Its existing legal structures; Its historical methods of protecting human rights; and, the need to assist foreign governments. Each country should decide the “means” for obtaining electronic evidence within its existing legal framework (e.g., constitutions, statutes, court decisions, rules of procedure)

15 Overview Balancing Privacy and Public Safety
Limits on Law Enforcement Investigative Authority Intercepting Electronic Communications Collecting Traffic Data Real Time Obtaining Content Stored on a Computer Network Obtaining Non-Content Information Stored on a Computer Network Compelling the Target to Disclose Electronic Evidence

16 Information Stored on a Computer Network
Information Obtained from Computer Networks in Cybercrime Investigations Content Non-Content Real-Time Communications 1 2 Information Stored on a Computer Network 3 4

17 Information Stored on a Computer Network
Information Obtained from Computer Networks in Cybercrime Investigations Content Non-Content Real-Time Communications 1 2 Information Stored on a Computer Network 3 4

18 Intercepting Electronic Communications on Computer Networks
Obtaining the content of a communication as the communication occurs Similar to intercepting what’s being said in a phone conversation E.g.: collect the content of passing between two terrorists or drug dealers E.g.: collect the commands sent by a hacker to a victim computer to steal corporate information

19 Intercepting Electronic Communications on Computer Networks
Many countries use the same (or very similar) rules as phone wiretaps Authority should include the ability to compel providers to assist law enforcement officials Sometimes does not require law enforcement expertise May depend on particular technology and infrastructure Art. 21, Council of Europe Convention on Cybercrime Because intercepting an as its sent across the Internet is very similar to intercepting a phone call as it crosses the telephone wires, many countries use the procedural laws applicable to intercepting phone calls or at least use such laws as a model. Just as a telephone company will often be able to assist law enforcement with a telephone wiretap, an ISP will often be able to provide intercepted electronic communications to law enforcement. In fact, because different ISPs have different network architectures, they may be uniquely qualified to intercept communications. Article 21 of the Council of Europe’s Convention on Cybercrime requires each state that signs the convention to adopt procedural laws that vest law enforcement with the authority to intercept the content of communications traveling through computer networks.

20 Intercepting Electronic Communications on Computer Networks
Law enforcement needs this authority because: Criminals and terrorists increasingly use electronic communications to plan and execute crimes Many crimes are committed mostly (or entirely) using computer networks Distribution of child pornography, internet fraud, hacking Communications may not be stored

21 Intercepting Electronic Communications on Computer Networks
This authority should be limited because: Interception of communications can be a grave invasion of privacy Can allow access to the most private thoughts, harming freedoms of speech and association Fear of overly intrusive interception may stifle competitive markets, economic development, and foreign investment

22 Examples of Limitations on Interception Authorities – Australia
Independent judicial review Facts in support of an application showing that intercepted communications would “be likely to assist” in an investigation Investigation of a serious crime (generally 7+ years maximum incarceration) 90 day maximum (renewable) Information intercepted unlawfully cannot be used as evidence in court Intercepted information has certain disclosure restrictions and destruction after purpose is complete Judge must balance surrounding circumstances: Whether other investigative techniques would not be just as effective The value of the information Gravity of the conduct The privacy invasion

23 Examples of Limitations on Interception Authorities – the United States
Inability to use evidence in court if violate the law Administrative investigation of misuse of the law required Civil and criminal sanctions for violations Approval by high-level official Minimize collection of non-criminal communications Limitations on disclosure of intercepted communications 30 day time limit (plus extensions) “Probable cause” to believe a crime is being committed and that the facility is being used in furtherance of that crime All other options have been tried or are unlikely to succeed Independent judicial review Report to intercepted parties (at conclusion of case)

24 Possible Exceptions to the Rule
Might not require legal process if: The communication is publicly accessible E.g.: public “chat” rooms Party/all parties to the communication consent Actual consent (CI), banner Emergency involving risk of death No reason to believe communication is private Hackers communication with target computer

25 Intercepting Electronic Communications: Other Considerations
Limits on ISP’s interception Possible exceptions for consent, interceptions necessary to run or secure a network Voluntary disclosure of intercepted communication Only if legal interception (i.e. subject to exception)

26 Overview Balancing Privacy and Public Safety
Limits on Law Enforcement Investigative Authority Intercepting Electronic Communications Collecting Traffic Data Real Time Obtaining Content Stored on a Computer Network Obtaining Non-Content Information Stored on a Computer Network Compelling the Target to Disclose Electronic Evidence

27 Collecting Traffic Data Real Time
Content Non-Content Real-Time Communications 1 2 Stored Information on a Network 3 4

28 Collecting Traffic Data Real Time
Interception of non-content information Similar to phone number called to/from E.g.: “To” and “From” on an E.g.: Source and destination IP address in a packet header Less intrusive than intercepting content, so less restrictions on law enforcement use Art. 20, Council of Europe Convention on Cybercrime

29 Collecting Traffic Data Real Time
Law enforcement needs this authority because: Criminals and terrorists increasingly use electronic communications to plan and execute serious crimes Helps locate suspects, identify members of conspiracy Useful tool to assist foreign investigations where a country is used only as a “pass-though” Provides a less intrusive and therefore less restricted alternative to content interception

30 Collecting Traffic Data Real Time
This authority should be limited because: Although less intrusive than content interception, still implicates privacy Individuals don’t expect government to keep track of who they’re calling, even if government does not listen to what they’re saying To/From information may be revealing (e.g., repeated e- mails to a psychiatrist; receiving information from a militant organization)

31 Collecting Traffic Data Real Time Sample Laws – United Kingdom
Information must be “necessary” for the investigation of crime, protection of national security, public health, other specified purposes Approval by a designated high-level government official, but no independent judicial review Collection must be “proportionate to what is sought to be achieved” 30 day time limit

32 Collecting Traffic Data Real Time Sample Laws – United States
Information collected must be “relevant” to an ongoing criminal investigation Can only be applied for by an attorney for the government (not a police officer) Limited to 60 days (plus extensions) Disciplinary, civil, and criminal penalties for misuse

33 Possible Exceptions to the Rule
Might not require legal process if: Party/all parties to the communication consent E.g.: witness cooperating with the government allows officers to determine where conspirators’ is sent from No reason to believe communication is private Hackers communication with target computer Interception is by provider of computing service in order to run the system or provide security

34 Overview Balancing Privacy and Public Safety
Limits on Law Enforcement Investigative Authority Intercepting Electronic Communications Collecting Traffic Data Real Time Obtaining Content Stored on a Computer Network Obtaining Non-Content Information Stored on a Computer Network Compelling the Target to Disclose Electronic Evidence

35 Obtaining Content Information Stored on a Computer Network
Non-Content Real-Time Communications 1 2 Information Stored on a Computer Network 3 4

36 Obtaining the Content of Stored Information on Computer Networks
Information stored on the system of a third-party provider Computer network not owned by the target of an investigation E.g.: sent to an individual that is stored by an Internet service provider E.g.: calendar kept on a remote service

37 Obtaining the Content of Stored Information on Computer Networks
Laws may be similar to those for searching or seizing computers in the possession of the target of an investigation But because the information is held by a neutral third party, physical coerciveness of regular search procedures may not be necessary Also, because the data is not in the immediate control (e.g. home) of the individual, he or she may have less of a privacy interest in it Art. 18, Council of Europe Convention on Cybercrime

38 Obtaining the Content of Stored Information on Computer Networks
Law enforcement needs this authority because: Without it, serious crimes will go unpunished and undeterred Just as law enforcement has needed coercive power to gather evidence in “real world” contexts, so it must be able to do so in online contexts For the many crimes committed over the Internet, stored information is the “crime scene”

39 Obtaining the Content of Stored Information on Computer Networks
This authority should be limited because: As our countries enter the “Information Age,” more and more of the most sensitive data is being stored on computers Businesses are increasingly using computer networks to store data Individuals are increasingly storing information and communications remotely on third-party networks

40 Obtaining Stored Content Sample Laws – United States
To compel disclosure of most kinds of “Probable cause” to believe it contains evidence of a crime (same standard as to search a package or a house) Review of evidence by an independent judge Administrative sanctions against officers who abuse the authority Civil suit against the government for misuse Disclosure restrictions

41 Obtaining Stored Content
Do some categories of data deserve extra protection? Greater expectation that data will remain private Has the user any choice about whether the information is stored on the network? Example of graduated system of requirements – United States Unopened requires a search warrant based upon “probable cause” accessed by the user and other information the user chooses to store on a remote server requires a court order with only a showing of “relevance”

42 Obtaining Stored Content
Consider allowing voluntary disclosure to law enforcement under some circumstances: Unrestricted disclosure by 3rd-party providers may infringe upon privacy and have economic impact, but disclosure may be justified To protect public health or safety To allow the provider to protect its property (e.g., by reporting unauthorized use)

43 Overview Balancing Privacy and Public Safety
Limits on Law Enforcement Investigative Authority Intercepting Electronic Communications Collecting Traffic Data Real Time Obtaining Content Stored on a Computer Network Obtaining Non-Content Information Stored on a Computer Network Compelling the Target to Disclose Electronic Evidence We are now going to discuss the legal tools law enforcement needs to effectively combat cybercrime. We begin with the ability to intercept communications as they occur.

44 Obtaining Non-Content Information Stored on a Computer Network
Real-Time Communications 1 2 Information Stored on a Computer Network 3 4

45 Obtaining Non-Content Information Stored on a Computer Network
Computers create logs showing where communications came from and where they went Generally less sensitive than content E.g.: a list of all of the addresses to which a user sent E.g.: a log showing the phone numbers by which a user accessed an Internet service provider

46 Obtaining Non-Content Information Stored on a Computer Network
Law enforcement needs this authority because: Logs showing what occurred on a network may be the best evidence of a computer crime; may identify the suspect or reveal criminal conduct This authority should be limited because: Although less sensitive than content, these records still contain private information

47 Obtaining Stored Non-Content Information
Laws Can Distinguish Between Kinds of Records: Subscriber information generally less sensitive Name, street address, user name Might include method of payment, i.e., credit card or bank account (important because ISPs may not check users’ identities) Logs showing with whom a user has communicated generally more sensitive

48 Obtaining Stored Non-Content Information Examples of Different Standards
Art. 18, Council of Europe Convention on Cybercrime: Treats “Subscriber Information” differently from other data United States: Basic subscriber records require a mere showing of “relevance” to a criminal investigation without prior review by a court (subpoena) logs require a prior finding of “specific and articulable facts” that would justify disclosure of the records

49 Preservation of Evidence
Problem: many stored records last only for weeks or days Obtaining legal process is often slow Investigators may not even know the significance of evidence until weeks or days after the commission of a crime Critical tool: request by law enforcement to preserve evidence (content or non-content) Request does not compel the disclosure of the records, but freezes them pending legal process

50 Preservation of Evidence
Must be very fast (not require prior judicial approval or even written process) Few privacy concerns because no disclosure occurs COE Convention: does not require dual criminality because of need to preserve data quickly (disclosure, however, requires dual criminality)

51 Preservation of Evidence Sample Laws – United States
A provider of … communication services, upon the request of a government entity, shall take all necessary steps to preserve records or other evidence in its possession pending the issuance of a court order or other process.” Lasts for 90 days and can be renewed

52 Overview Balancing Privacy and Public Safety
Limits on Law Enforcement Investigative Authority Intercepting Electronic Communications Collecting Traffic Data Real Time Obtaining Content Stored on a Computer Network Obtaining Non-Content Information Stored on a Computer Network Compelling the Target to Disclose Electronic Evidence

53 Compelling Disclosure of Electronic Evidence in the Possession of the Target
Generally rules that pertain to search of a home or office apply Have to assure that the law is broad enough to cover collection of intangible data and not just physical items Compare: E.g.: Computer used to store child pornography or other evidence E.g.: Computer used to break into bank to steal account information or move funds from one account to another

54 Seizing Computer Hardware
Council of Europe Convention, Article 19 Often investigators need to seize the computer itself Easy to apply traditional rules for objects Not clear why a computer should get greater or lesser protection than a filing cabinet

55 Searches and Seizures of Stored Data and Intangible Evidence
Investigators could simply copy computer files after entering an individual’s home Data stored at home can be extremely sensitive (e.g., a diary, a will) Recommendation: treat data as a “thing” to be seized, even if only a copy is made But: “imaging” a drive should be a permissible search technique Technical considerations, e.g., OS Slack space and deleted files

56 Considerations for Searches and Seizures of Intangible Evidence
Applying the traditional rules provides balance and certainty Unwise not to protect that data from over-intrusive governmental searches Also unwise not to give law enforcement the power to obtain that evidence Easier for investigators to learn Use existing exceptions as well E.g.: consent, emergency circumstances

57 Considerations for Searches and Seizures of Intangible Evidence
Why computer searches are different: Computers hold huge amounts of data 10 gigabyte drive = 5 million pages Requires expertise and tools, e.g. deleted files, familiarity with Operating System Information can be stored remotely Computers are multi-functional – intermingling of innocent and privileged information

58 Conclusion Countries must have laws that allow law enforcement to compel disclosure of evidence of crime These powers in part enhance privacy by deterring criminal invasions of privacy Overly intrusive powers can harm the privacy of citizens and chill economic development Law makers must consider many factors when deciding what is appropriate for them Models from other jurisdictions can assist countries in designing appropriate laws

59 Questions?

60 Computer Crime & Intellectual Property Section Phone: (202) 305-7747
Todd M. Hinnen Department of Justice Computer Crime & Intellectual Property Section Phone: (202)

Download ppt "DEVELOPING A LEGAL FRAMEWORK TO COMBAT CYBERCRIME"

Similar presentations

SEARCH AND SEIZURE: COMPLICATED BY TECHNOLOGY

SEARCH AND SEIZURE: COMPLICATED BY TECHNOLOGY
Paul Ohm Associate Professor, CU Law Initiative Director, Silicon Flatirons December 4, 2009.

Paul Ohm Associate Professor, CU Law Initiative Director, Silicon Flatirons December 4, 2009.
Responding to Subpoenas and Law Enforcement Demands for PHI: An Overview Janet A. Newberg Chair, Health Law Section Felhaber Larson Fenlon & Vogt, P.A.

Responding to Subpoenas and Law Enforcement Demands for PHI: An Overview Janet A. Newberg Chair, Health Law Section Felhaber Larson Fenlon & Vogt, P.A.
1 DEVELOPING A LEGAL FRAMEWORK TO COMBAT CYBERCRIME Providing Law Enforcement with the Legal Tools to Prevent, Investigate, and Prosecute Cybercrime.

1 DEVELOPING A LEGAL FRAMEWORK TO COMBAT CYBERCRIME Providing Law Enforcement with the Legal Tools to Prevent, Investigate, and Prosecute Cybercrime.
ISRCL- Young Lawyers Anthony Gett Barrister & Senior Legal Officer Commonwealth Director of Public Prosecutions (Australia)

ISRCL- Young Lawyers Anthony Gett Barrister & Senior Legal Officer Commonwealth Director of Public Prosecutions (Australia)
Confidentiality and HIPAA

Confidentiality and HIPAA
The Problem Solvers TM www.singleton.com Privacy Rights: Minors and Parents Michael J. Hewitt Marcel Daigle Singleton Urquhart LLP.

The Problem Solvers TM Privacy Rights: Minors and Parents Michael J. Hewitt Marcel Daigle Singleton Urquhart LLP.
The Patriot Act And computing. /criminal/cybercrime/PatriotAct.htm US Department of Justice.

The Patriot Act And computing. /criminal/cybercrime/PatriotAct.htm US Department of Justice.
Eneken Tikk // EST. Importance of Legal Framework  Law takes the principle of territoriality as point of departure;  Cyber security tools and targets.

Eneken Tikk // EST. Importance of Legal Framework  Law takes the principle of territoriality as point of departure;  Cyber security tools and targets.
Responding to Cybercrime in the Post-9/11 World Scott Eltringham Computer Crime and Intellectual Property Section U.S. Department of Justice (202) 353-7848.

Responding to Cybercrime in the Post-9/11 World Scott Eltringham Computer Crime and Intellectual Property Section U.S. Department of Justice (202)
Data Retention LIS 550 Winter 2010 Unsworth Tuesday, March 02, 2010.

Data Retention LIS 550 Winter 2010 Unsworth Tuesday, March 02, 2010.
1 Chapter 15 Search Warrants. 2 Search warrants fall under the 4 th Amendment Search warrants fall under the 4 th Amendment The police must have “probable.

1 Chapter 15 Search Warrants. 2 Search warrants fall under the 4 th Amendment Search warrants fall under the 4 th Amendment The police must have “probable.
INTERNET and CODE OF CONDUCT

INTERNET and CODE OF CONDUCT
Seminar on Undercover Operations By GPTOC UN ODCCP.

Seminar on Undercover Operations By GPTOC UN ODCCP.
Towards a Freedom of Information Law in Qatar Fahad bin Mohammed Al Attiya Executive Chairman, Qatar National Food Security Programme.

Towards a Freedom of Information Law in Qatar Fahad bin Mohammed Al Attiya Executive Chairman, Qatar National Food Security Programme.
Army Family Advocacy Program 1 of 16201130R APR 06 Restricted Reporting Policy for Incidents of Domestic Abuse.

Army Family Advocacy Program 1 of R APR 06 Restricted Reporting Policy for Incidents of Domestic Abuse.
Unit Five Lesson 31 How do the Fourth and Fifth Amendments Protect Against Unreasonable Law Enforcement Procedures.

Unit Five Lesson 31 How do the Fourth and Fifth Amendments Protect Against Unreasonable Law Enforcement Procedures.
The Canadian Charter of Rights and Freedoms

The Canadian Charter of Rights and Freedoms
Privacy, Confidentiality and Duty to Warn in School Guidance Services March 2006 Disclaimer - While the information in these slides are designed to reflect.

Privacy, Confidentiality and Duty to Warn in School Guidance Services March 2006 Disclaimer - While the information in these slides are designed to reflect.
Tackling IT crime in a global context: the Convention on Cybercrime 3 years after Julio Pérez Gil University of Burgos, Spain.

Tackling IT crime in a global context: the Convention on Cybercrime 3 years after Julio Pérez Gil University of Burgos, Spain.

Similar presentations

Ads by Google