Computer Forensics and Cyber Crime PDF
Document Details
Uploaded by IndebtedOwl
null
2013
Marjie T. Britz
Tags
Summary
This document is a chapter on Computer Forensics and Cyber Crime focusing on the Fourth Amendment and legal issues related to digital evidence and searches of computer systems.
Full Transcript
Computer Forensics and Cyber Crime CHAPTER 9 The Fourth Amendment and...
Computer Forensics and Cyber Crime CHAPTER 9 The Fourth Amendment and Other Legal Issues Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Learning Objectives Develop substantive knowledge on the Fourth Amendment. Learn the difference between warranted and warrantless searches and how they relate to computer-related searches. Explore the controversies surrounding the USA PATRIOT Act. Increase knowledge on privacy as it relates to the technology today. Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Learning Objectives Examine the application of the Fourth Amendment to both public and private employees. Discuss the evolution of the expectation of privacy. Become familiar with the various privacy acts that have been developed over the past two decades. Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved The Fourth Amendment The first ten Amendments were enacted in response to the perceived tyrannical nature of the English system. Part of system of checks and balances in American system, including tripartite federal government and division of authority, states, federal government Probable cause: Fourth Amendment (4A) requiring a warrant, based upon probable cause, to search Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved The Fourth Amendment Reasonable suspicion: Officers may stop someone to investigate, but only with reasonable suspicion. During the stop, officers may conduct a limited ("patdown") search for weapons. Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Warranted Searches and Computers Particularity: Has to be specific; not permission for generalized search, but subject to differing interpretations by courts about what that means Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Warranted Searches and Computers Seizure of evidence Balance between public interest and individual's right to personal security free from arbitrary interference by law officers Potential problem regarding the intermingling ("commingling") of personal matters with potential evidence Complications can arise when searching storage devices, but if mentioned in original warrant, search is valid – U.S. v. Ross (1992) Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Warranted Searches and Computers Third-party origination 4th Amendment not applicable except when third party is acting under the direction of law enforcement Other arguments used in warranted searches Staleness: Law enforcement has not executed warrant in timely manner (i.e., in U.S. v. Hay, the defendant was convicted of child pornography seized on a warrant based on information that was months old; conviction was upheld on grounds that pornographers kept their images) Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Warrantless Searches Consent Scope must be reasonable To determine validity, look at totality of circumstances to evaluate physical control, limited access Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Warrantless Searches In exigent circumstances and emergency situations, need to consider: Degree of urgency Amount of time necessary to obtain a warrant Volatility of evidence Danger at site Suspect’s knowledge of impending police action Risk of destruction of contraband Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Warrantless Searches Incident to arrest For safety, to inventory items on arrestee Does not include PCs, laptops, PDAs Plain view Not an exception No expectation of privacy if visible, but only if visible U.S. v. Carey: If pursuant to warrant, and seen while executing, then valid search Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Warrantless Searches Border searches: Probable cause not required Other warrantless searches Not usually related to computers: Autos, field interrogations, inventory searches Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Exclusionary Rule Weeks v. United States: Creation of the exclusionary rule, federal cases – evidence improperly seized cannot be used as evidence, so, considered “fruit of the poisonous tree” Will this apply to digital evidence? Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Electronic Surveillance and the Right to Privacy Types of recognized privacy: Physical Communication Information Territorial (this is most difficult to define, when considering cyberspace) Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Private- vs. Public-Sector Searches Private – Evaluate expectation of privacy: Whether the items or areas to be searched have been set aside for the employee’s exclusive or personal use Whether the employee has been given permission to store personal information/items Whether the employee has been advised that the system may be accessed by others Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Private vs. Public-Sector Searches Whether there has been a history of searches or inspections of the area Whether there is a clearly articulated policy which identifies common areas versus private areas Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Private- vs. Public-Sector Searches Public employees (standard established in O’Connor v. Ortega) Whether employee’s expectation of privacy was consistent with operational realities Balance of 4th Amendment protection and government interest in intrusion Whether search was reasonable at inception was the subsequent scope Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Application of Ortega to Email: The Cases of Simmons and Monroe U.S. v. Simmons Employee indicted after system administrator discovered 1,000+ child porn images Systems administrators may scan networks for non-work-related activity; no 4A violation U.S. v. Monroe Child porn discovered by system administrator seeing very large number of undelivered emails Employee had no expectation of privacy on a government computer, which had prominent warning banner displayed Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Application of Ortega to Email: The Cases of Simmons and Monroe Status of Privacy & Emails System administrators of government equipment have the right to monitor their systems within the scope of their duties. Routine systems protection monitoring System management Prevention of unauthorized access Verification of security procedures, survivability, and operational security Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Application of Ortega to Email: The Cases of Simmons and Monroe Monitoring by law enforcement requires consent of one party OR authorization by court order, warrant, or special probable cause circumstances. System administrators MAY NOT work under the direction of law enforcement to uncover evidence. Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved The Electronic Communications Privacy Act and the Privacy Protection Act of 1980 The Electronic Communications Privacy Act of 1986 Extended provisions found in Title III of Omnibus Crime Control Act of 1968 Includes wireless and non-aural electronic communications Provides penalties for violators (both law enforcement and private) Somewhat ambiguous Congress trying to expand expectations of privacy with emerging technology Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved The Electronic Communications Privacy Act and the Privacy Protection Act of 1980 Three Titles under ECPA Title I Procedures for intercepting wire, oral, electronic communications Law enforcement can identify transmissions but not contents absent a warrant Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved The Electronic Communications Privacy Act and the Privacy Protection Act of 1980 Title II (Stored Communications Act) Prohibits providers from disclosing the contents of communication held in storage Also prohibits disclosure of any contextual information Exceptions Title III Regulates pen registers and trap and trace devices Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved The Electronic Communications Privacy Act and the Privacy Protection Act of 1980 Privacy Protection Act Local, state, or federal authorities cannot search, seize publishable materials without probable cause Effectively expanding 1968 wiretap act to include electronic bulletin boards, including “work product” and “documentary materials” “Plain view” doctrine can apply to material on bulletin boards No prohibition of use, but civil penalties possible Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved The Electronic Communications Privacy Act and the Privacy Protection Act of 1980 Criticized, like ECPA, for vagueness, ambiguity, and overbreadth Possible victims: Publishers Authors Editors Newspapers Anyone disseminating info Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved The Electronic Communications Privacy Act and the Privacy Protection Act of 1980 Communications Assistance for Law Enforcement Act (CALEA) Intended to preserve traditional levels of government surveillance Required manufacturers of telecommunications equipment, service providers to develop systems with capability for surveillance of telephone & cellular communications, advanced paging, satellite-based systems, and specialized mobile radio Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved The Electronic Communications Privacy Act and the Privacy Protection Act of 1980 Also required the delivery of “packet mode communications” by these providers to law enforcement without a warrant Supposed to heighten privacy protections provided by ECPA; Congress declaring that surveillance requirements have to be narrowly interpreted Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved The Electronic Communications Privacy Act and the Privacy Protection Act of 1980 Challenges to the CALEA FBI tries to expand authority, contrary to Federal Wiretap Act Justice Department successful in challenging scope of CALEA and ECPA Applying the Wiretap Act to email interceptions: U.S. v. Councilman Is the interception of emails by anyone other than the recipient a crime? But Wiretap Act’s provisions don’t apply to stored messages; is there anything left? Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved The USA PATRIOT Act USA PATRIOT Act (Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001) Many provisions would expire (sunset) after a few years; many later made permanent Ten sections amounted to modification of prior laws to include technology-specific language (i.e., Title I – Enhancing Domestic Security Against Terrorism, Title IV – Border Protection, Title VII – Information Sharing, Title VIII – Strengthening Terrorist Laws) Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved The USA PATRIOT Act Enhanced Presidential Authority: Section 106 Amended the International Emergency Economic Powers Act Expanded the discretionary power of the President President can seize and liquidate U.S. property of any foreign body who is suspected of facilitating an attack Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved The USA PATRIOT Act Electronic surveillance and criminal investigations Between U.S. v. Katz and the Ominbus Crime Control Act of 1968, most electronic conversations are protected Title II of USA PATRIOT Act reduced expectations of privacy in many ways Amended the International Emergency Economic Powers Act Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved The USA PATRIOT Act National security letters and other Fourth Amendment issues Originally applied only to pursuit of agent of foreign power Now applies to international terrorism, foreign intelligence investigation Much broader range of data now covered, including driver’s licenses, student records, medical bills, etc. Expanding requirement by banks, credit agencies to file suspicious activity reports to include domestic terrorism Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Other Questions Regarding Privacy Peer-to-peer or file sharing Unclear if reasonable expectation of privacy applies Internet service provider subscriber records Perhaps no reasonable expectation of privacy of basic subscriber info Websites No expectation of privacy for material posted on the Internet Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Other Questions Regarding Privacy Cell phones Not the same as landlines, so what expectation here is reasonable? Exigent circumstances may, according to a few courts, allow for valid warrantless searches Search incident to arrest: Should not be, but courts have been inconsistent Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Other Legal Considerations Vicinage: May focus on locality of offense, not presence of offender, when it comes to selecting venue. However, with the Internet, where would that be? Undercover techniques: If real-time monitoring of chat room activity, no warrant needed Sentencing guidelines: Where sentence enhancement focuses on items, what does that mean with regards to child pornography? Courts are not consistent or clear on this. Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Conclusions Still need more guidance from U.S. Supreme Court and Congress regarding expectation of privacy and the convergence of technology, especially on issue of physicality Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved