Presentation is loading. Please wait.

Presentation is loading. Please wait.

Vaciago, CybercrimePage: 1 CLOUD COMPUTING WORKSHOP LEGAL ASPECTS OF THE CLOUD Brussels, March 1, 2012 Prof. Dr. Giuseppe Vaciago.

Published byElaine Wiggins Modified over 9 years ago

Similar presentations

Presentation on theme: "Vaciago, CybercrimePage: 1 CLOUD COMPUTING WORKSHOP LEGAL ASPECTS OF THE CLOUD Brussels, March 1, 2012 Prof. Dr. Giuseppe Vaciago."— Presentation transcript:

1 Vaciago, CybercrimePage: 1 CLOUD COMPUTING WORKSHOP LEGAL ASPECTS OF THE CLOUD Brussels, March 1, 2012 Prof. Dr. Giuseppe Vaciago

2 US PATRIOT ACT The Patriot Act is extraterritorial in application (Section 215 and Section 505). Under this Act, U.S. authorities are entitled to subpoena business records from any company that has: i.“minimum contacts” with the U.S. ii “possession, custody or control” of the targeted data Page: 2 Vaciago, Cybercrime The Director of the Federal Bureau of Investigation or a designee of the Director (whose rank shall be no lower than Assistant Special Agent in Charge) may make an application for an order requiring the production of any tangible property (including books, records, papers, documents, and other items) for an investigation for protecting against international terrorism or clandestine intelligence activities, provided that such investigation of a United States person is not conducted solely upon the basis of activities protected by the first amendment of the Constitution [...] Patriot Act, Sec. 215. Access To Records And Other Items Under The FISA

3 IS IT A DATA PROTECTION ISSUE ? “The Data Protection directive shall not apply to the processing of personal data or in any case to processing operations concerning public security, defence, State security and the activities of the State in areas of criminal law” (Art. 3 Directive 95/46/EC) Recent proposal for a Directive on the protection of individuals with regard to personal data by competent authorities for the purpose of detecting criminal offences shall not apply in the course of an activity which falls outside the scope of Union law, in particular concerning national security (Art. 1, 2b) Page: 3Vaciago, Cybercrime

4 EU POSITION – AUGUST 2011 August, 23, 2011, Vivian Reding (E- 006901/2011 – Answer to parliamentary question): “In accordance with international public law, and in the absence of a recognised jurisdictional link, a foreign law or statute cannot directly impose legal obligations on organisations or undertakings established in a third country regarding the activities performed within the territory of that third country” Page: 4Vaciago, Cybercrime Viviane Reding - Vice-President of the European Commission

5 IT IS A JURISDICTION ISSUE Territorial principle: the Court in the place where the data is located has jurisdiction. Nationality principle: the nationality of the perpetrator is the factor used to determine criminal jurisdiction. “Flag” principle: crimes committed on ships, aircraft and spacecraft are subject to the jurisdiction of the flag state. “Power of Disposal Approach”: Law enforcement would only have to legally obtain username and password of the suspect’s computer. Page: 5Vaciago, Cybercrime Jan Spoenle (Germany) for the Economic Crime Division of the Council of Europe

6 EU COMPANIES “CloudSigma is operated and controlled by a Swiss AG, which is not subject to direct or indirect U.S. control” “City Cloud and Several Nines offer a partnership safe-haven from the Patriot Act in Sweden” Amazon Web Services (AWS) is subject to the US Patriot Act but the chief technology officer, Werner Vogels, encrypts private data for transit to the Cloud — and for employing best practice when it comes to classifying data Page: 6Vaciago, Cybercrime

7 NON-US NATIONAL SECURITY LAWS French Act No. 2011/267 of 14 March 2011 on the prevention of International terrorism Spain Act No. 12/2003 of 21 March 2003 on the prevention of terrorism financing Italy Act No. 144/2005 of 27 July 2005 on the prevention of International terrorism Canadian Anti-Terrorism-Act No. C-36 18 December 2001 seems to grant powers similar to those of the Patriot Act Page: 7Vaciago, Cybercrime

8 JURISDICTION – YAHOO! CASE In 2009, the US- based company, Yahoo, was imposed a fine by a Belgian Criminal Court for failing to identify the users of a number of webmail accounts This judgment was overturned by the Court of Appeal of Ghent in 2010 In January 2011, however, the Belgian Supreme Court reversed the Court of Appeal’s decision In October 2011, the decision was referred back to the Court of Appeal which decided that Yahoo! was not subject to Belgian jurisdiction Page: 8Vaciago, Cybercrime

9 EU POSITION – DECEMBER 2011 December 6, 2011 Vivian Reding - 2nd Annual European Data Protection and Privacy Conference - Brussels: “I am reading in the press about a Swedish company whose selling point is that they shelter users from the US Patriot Act and other attempts by third countries to access personal data” “Well, I do encourage cloud computing centres in Europe, but this cannot be the only solution. We need free flow of data between our continents. And it doesn't make much sense for us to retreat from each other” Page: 9Vaciago, Cybercrime

10 CONCLUSIONS The real issue with Cloud computing is a loss of data location due to: (i)“Data at rest” does not reside on the device. “Data in transit” cannot be easily analyzed because of encrypting all traffic. “Data in execution” will be present only in the cloud instance (ii)Virtualization and cloud communication protocols. The investigator who wants to capture the bit-stream data of a given suspect image will be in the same situation as someone who has to complete a jigsaw puzzle, whose pieces are scattered randomly across the globe Page: 10Vaciago, Cybercrime

11 CONCLUSIONS Terrorism and Cyber-terrorism represent a very serious global threat and operate on a transnational basis out of necessity Over 11,500 terrorist attacks occurred in 72 countries in 2010, resulting in approximately 50,000 victims, including almost 13,200 deaths The number of attacks rose by almost 5 per cent over previous year Page: 11Vaciago, Cybercrime NATIONAL COUNTERTERRORISM CENTER 2010 REPORT ON TERRORISM 11064 ATTACKS IN 2010

12 CONCLUSIONS The Patriot Act has been copied in many countries, including Canada, with rules that are not that dissimilar to the American ones The Canadian Anti-Terrorism-Act (ATA), shortly after September 11, 2001, was combined with the National Defense Act (NDA) giving a Minister (Defense) the power to authorize investigation of data storage at home and abroad Page: 12Vaciago, Cybercrime The Minister of Defense’s authorization is required for the Communications Security Establishment to intercept foreign communications targeted against a non- Canadian abroad that may have a Canadian connection, or to undertake security checks of government computer networks to protect them from terrorist activity [...] Anti-Terrorism-Act (Review of 2004) Canadian Department of Justice

13 CONCLUSIONS Without referring to Cloud computing, everyday, the transactions of millions of users using credit cards with U.S.- based providers are monitored. Section 326 of the US Patriot Act requires all financial institutions (this includes Credit Card processing companies) to obtain, verify and record information that identifies each person who ‘opens, changes or charges’ an existing account. Page: 13Vaciago, Cybercrime The regulations shall, at a minimum, require financial institutions to implement, and customers (after being given adequate notice) to comply with, reasonable procedures for: (a) verifying the identity of any person seeking to open an account to the extent reasonable and practicable; (b) maintaining records of the information used to verify a person’s identity, including name, address, and other identifying information; and (c) consulting lists of known or suspected terrorists or terrorist organizations provided to the financial institution by any government agency […] Patriot Act, Sec. 326. Verification of Identification

14 CONCLUSIONS Without referring to Cloud computing, projects relating to face recognition are increasingly making it possible, and with ever greater reliability, to track a person's movements, even globally. 3 factors are important: (a)Increasing public self ‐ disclosures through online social networks (2.5 billion photos uploaded by Facebook users alone per month in 2010) (b)Identified profiles in online social networks (c)Improvements in face recognition accuracy * * A. Acquisti, Faces Of Facebook - Or, How The Largest Real ID Database In The World Came To Be Page: 14Vaciago, Cybercrime

15 CONCLUSIONS Even if the goal of the Digital Due Process is review of the ECPA, it may represent an excellent solution to the tension between due process and civil liberties around the world 3 important guidelines: (i) Technology and Platform Neutrality (ii) Assurance of Law Enforcement Access and (ii) Equality Between Transit and Storage However, I believe it should have a strong EU identity, as this is of crucial importance for ensuring greater EU-US co-operation in this scheme, too Page: 15Vaciago, Cybercrime

16 Page: 16 Cybercrime Research Institute Giuseppe Vaciago Niehler Str. 35 D-50733 Cologne, Germany vaciago@cybercrime.de www.cybercrime-institute.com Vaciago, Cybercrime

Download ppt "Vaciago, CybercrimePage: 1 CLOUD COMPUTING WORKSHOP LEGAL ASPECTS OF THE CLOUD Brussels, March 1, 2012 Prof. Dr. Giuseppe Vaciago."

Similar presentations

Prevention of Money Laundering Training session. Overview What is Money laundering? Requirements under the Act Arcadias policy Relevance to your routine.

Prevention of Money Laundering Training session. Overview What is Money laundering? Requirements under the Act Arcadias policy Relevance to your routine.
Red Flags Rule BAS Forum August 18, 2010. What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
Detecting, Preventing and Mitigating Identity Theft Presented by the Bursar’s Office.

Detecting, Preventing and Mitigating Identity Theft Presented by the Bursar’s Office.
I.D. Theft Alaska’s New Protection of Personal Information Act Ed Sniffen Senior Assistant Attorney General Alaska Department of Law.

I.D. Theft Alaska’s New Protection of Personal Information Act Ed Sniffen Senior Assistant Attorney General Alaska Department of Law.
USA PATRIOT Act and Libraries Eric Johnson & Rodney Clare Jackman Sims Memorial Library.

USA PATRIOT Act and Libraries Eric Johnson & Rodney Clare Jackman Sims Memorial Library.
1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,

1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,
Workshop on Harmonizing Cyberlaw in the ECOWAS region ( Procedural Law in the Budapest Convention ) Ghana, Accra 17 – 21 March 2014, Kofi Annan International.

Workshop on Harmonizing Cyberlaw in the ECOWAS region ( Procedural Law in the Budapest Convention ) Ghana, Accra 17 – 21 March 2014, Kofi Annan International.
Remarks of Kristen Pinhey Competition Law Officer Competition Bureau Canada Unannounced Inspections in Canada International Competition Network, 2013 Cartel.

Remarks of Kristen Pinhey Competition Law Officer Competition Bureau Canada Unannounced Inspections in Canada International Competition Network, 2013 Cartel.
EU: Bilateral Agreements of Member States

EU: Bilateral Agreements of Member States
EU: Bilateral Agreements of Member States. Formerly concluded international agreements of Member States with third countries Article 351 TFEU The rights.

EU: Bilateral Agreements of Member States. Formerly concluded international agreements of Member States with third countries Article 351 TFEU The rights.
HOW TO REGISTER A NEW FIRM??????? STEPS AND REQUIREMENTS!!!!

HOW TO REGISTER A NEW FIRM??????? STEPS AND REQUIREMENTS!!!!
Security Issues on Campus: Government Initiatives Rodney J. Petersen University of Maryland Educause/Internet2 Security Task Force Copyright Rodney J.

Security Issues on Campus: Government Initiatives Rodney J. Petersen University of Maryland Educause/Internet2 Security Task Force Copyright Rodney J.
Republic of Moldova: general presentation Geographical position: South-Eastern Europe Territory: 33,8 thousand км 2 (situated between the Danube, Prut.

Republic of Moldova: general presentation Geographical position: South-Eastern Europe Territory: 33,8 thousand км 2 (situated between the Danube, Prut.
EU Criminal Law Introduction, Lisbon Treaty. EU criminal legislation EU cannot adopt a general EU criminal code EU cannot adopt a general EU criminal.

EU Criminal Law Introduction, Lisbon Treaty. EU criminal legislation EU cannot adopt a general EU criminal code EU cannot adopt a general EU criminal.
Tina Kraigher and Milena Podjed-Fabjančič 18 April 2010 Processing of Telephone Traffic Data of Employees ( a Case Study )

Tina Kraigher and Milena Podjed-Fabjančič 18 April 2010 Processing of Telephone Traffic Data of Employees ( a Case Study )
Allows FBI to request (from FISA court judges) access to certain business records, including Common carriers (airlines, bus companies, and others in the.

Allows FBI to request (from FISA court judges) access to certain business records, including Common carriers (airlines, bus companies, and others in the.
Circulation of authentic instruments under Regulation 650/2012 speaker – Ivaylo Ivanov – Bulgarian Notary Chamber.

Circulation of authentic instruments under Regulation 650/2012 speaker – Ivaylo Ivanov – Bulgarian Notary Chamber.
Federal Bureau of Investigation

Federal Bureau of Investigation
HIPAA PRIVACY AND SECURITY AWARENESS.

HIPAA PRIVACY AND SECURITY AWARENESS.
EHRs and the European Union – current legislation and future directions. Dr Richard Fitton.

EHRs and the European Union – current legislation and future directions. Dr Richard Fitton.

Similar presentations

Ads by Google