Presentation on theme: "Policing the Internet: Higher Education Law and Policy Rodney Petersen, Policy Analyst Wendy Wigen, Policy Analyst EDUCAUSE."— Presentation transcript:
Policing the Internet: Higher Education Law and Policy Rodney Petersen, Policy Analyst Wendy Wigen, Policy Analyst EDUCAUSE
Introduction How is law enforcement going to operate in an electronic and interconnected world? What role will institutions of higher education play conducting monitoring and surveillance on behalf of the government? What is the legal framework that will govern law enforcement and intelligence access to information?
Current Legal Framework Bush Administration Policy U.S. Constitution –4 th Amendment: protection against “unreasonable search and seizure” Federal Law –Foreign Intelligence Surveillance Act (FISA) –Title 18 of U.S. Code –Electronic Communications Privacy Act (ECPA) –FERPA, HIPAA, GLB Act, etc. State Law
USA PATRIOT Act Uniting and Strengthening America (USA) by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (PATRIOT) Sunset Provisions: –e.g., emergency disclosures of email without a court order, interception of computer trespasser communications without a court order, lowering standard for pen registers and trap and trace devices under FISA, access to business records under FISA, etc. Permanent Provisions –e.g., pen registers for the Internet, National Security Letter exceptions to privacy laws, definition of domestic terrorism, sneak and peek searches, etc.
Communications Assistance for Law Enforcement Act (CALEA) Requires facilities based internet service providers to standardize their equipment to facilitate wiretaps. By Court decision: private networks are exempt: –Are you a private network? –Do you support the connection to the commercial ISP?
To comply or not to comply? Don’t support the connection Support the connection Private Network Exempt Compliance required at gateway Public Network Exempt * Full compliance required
Mandatory Data Retention Why is data retention necessary or desirable? (i.e., what is the problem we are trying to solve?) Scope: –What data is to be retained? –Who should data retention requirements apply to? How do we accomplish the desired goals?
Policy Issues Do these laws: 1.Pose a threat to personal privacy and security? 2.Undermine public trust in the Internet? 3.Impact competitiveness and innovation? 4.Show promise of being effective? 5.Create undue burden and expense?
Practice Implications Take stock of logging and monitoring practices Establish privacy policies and practice “data minimization” Secure information captured and retained Develop and enforce internal policies and procedures for use of information
Responding to “Compulsory Legal Requests for Information” Designate or person or office to receive all requests and coordinate responses –Not just an IT issue! –Someone knowledgeable of basic issues –Develop working relationships with others Types of compulsory legal requests Common issues Reference Guide Resources
CALEA Technical Requirements Status of Trusted Third Party Providers Status of equipment venders Standards process “Without standards, there is no safe harbor”
CALEA Security and Personnel Requirements A (telecommunications carrier) shall: 1. Appoint a single point of contact 2. Establish standard operating procedures 3. Report any act of compromise 4. Maintain secure and accurate records
Conclusion How law enforcement will operate in an electronic and interconnected world The role that institutions of higher education will play in conducting monitoring and surveillance on behalf of the government The emerging legal framework that will govern law enforcement and intelligence access to information
Discussion For more information, contact: Rodney Petersen, email@example.com Wendy Wigen, firstname.lastname@example.org www.educause.edu/policy