Computer forensics law and privacy

Computer ForensicsComputer ForensicsLaw & PrivacyLaw & Privacy

© Joe Cleetus

Concurrent Engineering Research Center,

Lane Dept of Computer Science and Engineering, WVU

2

OverviewOverview

Computer Crime LawsPolicy and ProcedureSearch WarrantsCase LawIntellectual Property ProtectionPrivacyEthics

3

Computer CrimeComputer Crime

What is Computer Crime?– Criminal activity directly related to the use of

computers, specifically illegal trespass into the computer system or database of another, manipulation or theft of stored or on-line data, or sabotage of equipment and data.

– Criminal activity can also comprise the use of computers to commit other kinds of crime: harrassment, scams, hate crimes, fomenting terrorism, etc

4


What is a Computer Crime?– Stealing trade secrets from a competitor– Extortion– Use of a packet sniffer to watch instant messaging

conversations

5

Federal Computer Crime LawsFederal Computer Crime Laws

4th AmendmentComputer Fraud and Abuse Act of 1986Electronic Communications Privacy Act of

1986

6

Federal Computer Crime LawsFederal Computer Crime Laws

Electronic Espionage Act of 1996Communications Decency Act 1996Child Pornography Prevention ActDigital Millennium Copyright Act of 1998COPPA - Children's Online Privacy Protection

ActHIPAA - Health Insurance Portability And

Accountability Act Access Device FraudUSA Patriot Act

7

State Computer Crime LawsState Computer Crime Laws

Computer crime laws are state-specific

8

Case LawCase Law

What is case law?– “Created” by the rulings of judges on court cases

Importance of case law?– Very few laws governing current and emerging

technologies– Precedents set by case law often become

legislative law

Computer Fraud and Abuse ActComputer Fraud and Abuse Act

10

Computer Fraud and Abuse ActComputer Fraud and Abuse Act

15 USC §1644 - Fraudulent use of credit cards; penalties

18 USC §1029 - Fraud and related activity in connection with access devices

18 USC §1030 - Fraud and related activity in connection with computers

18 USC §1343 - Fraud by wire, radio, or television 18 USC §1361-2 - Prohibits malicious mischief

11

15 USC §164415 USC §1644

Use, attempt or conspiracy to use card in transaction affecting interstate or foreign commerce

Transporting, attempting or conspiring to transport card in interstate commerce

Use of interstate commerce to sell or transport card

Furnishing of money, etc., through use of card

12

Crimes and PenaltiesCrimes and Penalties

Whoever in a transaction affecting interstate or foreign commerce furnishes money, property, services, (>$1,000) shall be fined not more than $10,000 or imprisoned not more than ten years, or both

13

18 USC §102918 USC §1029

Counterfeit access devicesTelecommunications instrument modified to

obtain unauthorized use of telecommunications services.

Fraudulent transactions using credit cards Use of scanning receiver

14


Forfeiture to the United States of any personal property used or intended to be used to commit the offense

Fine under this title or imprisonment for not more than 20 years, or both.

15

18 USC §103018 USC §1030

Accesses a computer without authorization to obtain restricted data.

Without authorization accesses Federal computersConduct fraud and obtains anything of value on

such computersTraffics in passwords or similar information

16


The United States Secret Service has authority to investigate offenses

Forfeiture of any personal property used or intended to be used to commit the offense

Fine under this title or imprisonment for not more than 20 years, or both.

17

18 USC §134318 USC §1343

Fraud by means of wire, radio, or television communication in interstate or foreign commerce,

Transmission of digital or analog data in such fraud

18


Fine under this title or imprisonment not more than five years, or both.

If the violation affects a financial institution, fine of $1,000,000 or imprisonment of 30 years, or both

19

18 USC §1361-218 USC §1361-2

Prohibiting malicious mischiefComputer hacking/website defacement

20

Actual CrimesActual Crimes

Many cases have been prosecuted under the computer crime statute, 18 U.S.C. § 1030 (unauthorized access). A few recent sample press releases from actual cases are available via links below:

Kevin Mitnick Sentenced to Nearly Four Years in Prison; Computer Hacker Ordered to Pay Restitution to Victim Companies Whose Systems Were Compromised (August 9, 1999)

Source: http://www.usdoj.gov/criminal/cybercrime/compcrime.html

21

Actual CrimesActual Crimes

Former Chief Computer Network Program Designer Arraigned for Alleged $10 Million Computer "Bomb"

Juvenile Computer Hacker Cuts off FAA Tower At Regional Airport -- First Federal Charges Brought Against a Juvenile for Computer Crime

Source: http://www.usdoj.gov/criminal/cybercrime/compcrime.html

22

Sample CasesSample Cases

http://www.daviddfriedman.com/Academic/Course_Pages/21st_century_issues/21st_century_law/computer_crime_legal_01.htm

http://www.law.emory.edu/11circuit/june2000/99-12723.opn.html http://www.usdoj.gov/criminal/cybercrime/cccases.html http://www.usdoj.gov/criminal/cybercrime/garciaArrest.htm http://www.usdoj.gov/criminal/cybercrime/jiangIndict.htm http://www.usdoj.gov/criminal/cybercrime/schellersent.htm http://www.usdoj.gov/criminal/cybercrime/usamay2001_2.htm

Electronic Communications Privacy Electronic Communications Privacy ActAct

24

Where Can I Find ECPA?Where Can I Find ECPA?

United States Code Title 18 Crimes and Criminal Procedure

Chapter 119 – Wire and Electronic Communications Interception and Interception of Oral Communications

Sections 2510 - 2522

25

Overview of ECPAOverview of ECPA

President Reagan signed ECPA into law in October 1986

Designed to extend Title III Privacy Provisions to new technologies such as electronic mail, cellular phones, private communication carriers, and computer transmissions

26

““The Wiretap Act”The Wiretap Act”

This law required that enforcement agencies obtain a warrant before executing a wiretap (usually used to record voice conversations)

27

What Rights Does ECPA Provide?What Rights Does ECPA Provide?

ECPA protects the transmission and storage of digital communication such as email

Authorities are forbidden to intercept non-voice portions of communication, thanks to ECPA

This is defined as "any transfer of signs, signals, writing, images, sound, data, or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic, photoelectric or photo-optical system."

28

ECPA Rights (cont.)ECPA Rights (cont.)

Act was designed to protect against electronic communication service providers from disclosing any contents of communication to authorities without lawful consent of the party that originated the communication

Act provided for coverage of all communication providers, not just “common carriers” available to the public

29

Cellular Phone CommunicationCellular Phone Communication

Act also protects cellular phone conversations; wired privacy extended to wireless

Penalty for intercepting a non-encrypted call is only a $500 fine, rather than the normal maximum of 5 years in prison

Note: This act also explicitly states it does not protect the “radio portion of a telephone that is transmitted between the cordless telephone handset and the base unit."

30

Radio PagingRadio Paging

ECPA also protects pagers

Voice and digital display pagers were determined to be an extension of an original wired communication

However, tone-only pagers are not protected by ECPA

31

Customer RecordsCustomer Records

ECPA provides for the protection of subscriber and customer records belonging to electronic service providers

Authorities cannot access these records without a search warrant and court order, unless otherwise notifying the customer

32

ReferencesReferences

http://www.digitalcentury.com/encyclo/update/ecpa.html

http://floridalawfirm.com/privacy.html

USA Patriot ActUSA Patriot Act

34

Some PerspectiveSome Perspective

On September 11, 2001, more Americans were murdered than…

•American battle deaths in the war of 1812

•American battle deaths at Pearl Harbor

•American battle deaths in the Indian Wars

•American battle deaths in the Mexican War

•American battle deaths in Vietnam prior to 1966

•Union battle deaths at Bull Run

•Police officers killed in the line of duty since 1984

Source: Federal Law Enforcement Training Center Glynco, Georgia

35

USA Patriot Act – Oct 2001USA Patriot Act – Oct 2001

Provides Tools To Intercept and Obstruct Terrorism Some believe it was too hasty

– There were few conferences– The House vote was 357-66– The Senate vote was 98-1

36


Specifically, the Act:1. Creates several new crimes: bulk cash smuggling,

attacking transportation systems, etc.2. Expands prohibitions involving biological weapons 3. Lifts the statute of limitations on prosecuting some

terrorism crimes4. Increases penalties for some crimes5. Requires background checks for licenses to transport

hazardous materials6. Expands money laundering laws and places more

procedural requirements on banks7. Promotes information sharing and coordination of

intelligence efforts

37


8. Provides federal grants for terrorism prevention9. Broadens the grounds for denying aliens admission10. Alters some domestic security provisions for DoD

Most provisions of the Act shall cease to have effect on December 31, 2005

However, a USA Patriot Act II is being discussed in Congress

38


Penalty of 5 years for a first offense and 10 years for a subsequent offense for damaging a federal computer system

Damage includes any computer impairment that causes the loss of at least $5,000 or threatens the public health or safety.

39


To be found guilty, the person must:

1. Knowingly cause the transmission of a program, information, code, or command that results in damage to a protected computer without authorization

2. Intentionally access a federal computer without authorization and cause damage (§ 814)

40


The act requires the attorney general to create regional computer forensic laboratories:

1. Examine seized or intercepted computer evidence

2. Train and educate federal, state, and local law enforcement and prosecutors

3. Assist federal, state, and local law enforcement in enforcing computer-related criminal laws

4. Promote sharing of federal expertise The act also provides funding for these facilities (§ 816)

41

Other Crimes / PenaltiesOther Crimes / Penalties

Attacks Against Mass Transportation Systems – The crime is punishable by a fine, up to 20 years if

the violator traveled or communicated across state lines or

The crime is punishable by life in prison if the offense resulted in death

Counterfeiting– The act makes counterfeiting punishable by up to

20 years in prison

42

Other Crimes / PenaltiesOther Crimes / Penalties

Harboring or Concealing Terrorists– This crime is punishable by a fine and 10 years in prison

(§ 803)

Biological Weapons – This is punishable by a fine, and 10 years in prison

Money Laundering– This crime is punishable by 5 years in prison – For Federal employees, the crime is punishable by a fine 3

times the value received, and 15 years in prison, (§ 329)

43

Increased PenaltiesIncreased Penalties

Arson from 20 years to lifeEnergy facility damage, from 10 to 20 yearsSupporting terrorists, from 10 to 15 yearsSupporting designated foreign terrorist

organizations, from 10 to 20 yearsDestroying national defense materials, from 10

to 20 yearsSabotaging nuclear facilities from 10 to 20 yearsCarrying a weapon or explosive on an aircraft

from 15 to 20 years Damaging interstate gas or hazardous pipeline

facility, from 15 to 20 years

44

Information SharingInformation Sharing

The act:1. Foreign and national intelleigence surveillance can

exchange information (§ 504)2. Regional information sharing between federal, state, and

local law enforcement (§ 701)3. Attorney general can apply to a court for disclosure of

educational records to prosecute a terrorist act 4. Act also provides immunity for people who in good faith

disclose these documents) (§ 507, 508)

45

Privacy ImplicationsPrivacy Implications

American Civil Liberties Union: “The USA Patriot Act allows the government to use its intelligence gathering power to circumvent the standard that must be met for criminal wiretaps. …

The new law allows use of Foreign Intelligence Surveillance Act surveillance authority even if the primary purpose were a criminal investigation.

Intelligence surveillance merely needs to be only for a "significant" purpose.

Law enforcement may search primarily for evidence of crime, without establishing probable cause

This provision authorizes unconstitutional physical searches and wiretaps

46

Privacy ImplicationsPrivacy Implications

“In allowing for "nationwide service" of pen register and trap and trace orders, the law further marginalizes the role of the judiciary.

It authorizes what would be the equivalent of a blank warrant in the physical world: the court issues the order, and the law enforcement agent fills in the places to be searched.

This is not consistent with the important Fourth Amendment privacy protection of requiring that warrants specify the place to be searched.”

In short, the USA Patriot Act assumes no “expectation of privacy”

47

Case Study: CarnivoreCase Study: Carnivore

TCP/IP packet sniffer developed by the FBI that has the ability to store all traffic on a network

Intended Uses: Terrorism, Espionage, Child Pornography/Exploitation, Information Warfare/Hacking, Organized Crime/Drug Trafficking, Fraud

Reassembles your e-mail, webpages, files and searches for keywords

48


Legitimate use vs. invasion of privacy– Find out which web sites you visit

deathtoamerica.comgirlsgonewild.com

– Read your e-mailbomb making instructionslove letters

– Save a copy of files you downloadshoebomb.ziptransactions.zip

49


Pre-USA Patriot Act realities:– FBI suspects you of criminal activity– Requests court order to use Carnivore– Installs Carnivore at your ISP– Carnivore grabs all of your packets authorized in the court

order– Carnivore must not grab anyone else’s packets– Data physically collected once a day– Court order expires in 30 days

Post-USA Patriot Act fears:– The FBI can use Carnivore to go fishing for personal

information

50

Related CasesRelated Cases

John Walker Lindh – sentenced to 20 years in federal prison Conspiracy to Murder U.S. Nationals (18 U.S.C. § 2332(b)) (Count One) Conspiracy to Provide Material Support & Resources to Foreign Terrorist

Organizations (18 U.S.C. Defendant. ) § 2339B) (Counts Two & Four) Providing Material Support & Resources to Foreign Terrorist

Organizations (18 U.S.C. §§ 2339B ) & 2) (Counts Three & Five) Conspiracy to Contribute Services to al Qaeda (31 C.F.R. §§ 595.205 &

595.204 & 50 U.S.C. § 1705(b)) (Count Six) Contributing Services to al Qaeda (31 C.F.R. §§ 595.204 & 595.205, 50

U.S.C. § 1705(b) & 18 U.S.C. § 2) (Count Seven) Conspiracy to Supply Services to the Taliban (31 C.F.R. §§ 545.206(b) &

545.204 & 50 U.S.C. § 1705(b)) (Count Eight) Supplying Services to the Taliban (31 C.F.R. §§ 545.204 & 545.206(a),

50 U.S.C. § 1705(b) & 18 U.S.C. § 2) (Count Nine) Using and Carrying Firearms and Destructive Devices During Crimes ) of

Violence (18 U.S.C. §§ 924(c) & 2) (Count Ten)

51


Zacarias Moussaoui – awaiting twice-delayed trial Conspiracy to Commit Acts of Terrorism

Transcending National Boundaries(18 U.S.C. §§ 2332b(a)(2) & (c)) (Count One)

Conspiracy to Commit Aircraft Piracy(49 U.S.C. §§ 46502(a)(1)(A) and (a)(2)(B)) (Count Two)

Conspiracy to Destroy Aircraft(18 U.S.C. §§ 32(a)(7) & 34) (Count Three)

Conspiracy to Use Weapons of Mass Destruction(18 U.S.C. § 2332a(a)) (Count Four)

Conspiracy to Murder United States Employees(18 U.S.C. §§ 1114 & 1117) (Count Five)

Conspiracy to Destroy Property(18 U.S.C. §§ 844(f), (i), (n)) (Count Six)

52


Interesting topics in Moussaoui case:– U.S. District Court Judge Leonie Brinkema released a detailed

government report on the computers and e-mail search in the case

– The evidence includes 140 computer hard drives, four of which used by Moussaoui

– FBI investigators copied their hard drives using Safeback and Logicube software

– Computer forensics experts were unable to find any trace of Moussaoui's "[email protected]" account or some 27 variations of that address

– A search of computers Moussaoui may have used at a Kinko's in Eagan, Minnesota, also came to a dead end because Kinko's cleans out the hard drives on its public computers once every week

53


http://www.epic.org/privacy/terrorism/hr3162.html http://archive.aclu.org/congress/l110101a.html http://notablecases.vaed.uscourts.gov/1:01-cr-00455/

docs/68092/0.pdf http://www.cise.ufl.edu/~nfarring/carnivore http://www.cga.state.ct.us/2001/rpt/olr/htm http://www.cise.ufl.edu/~nfarring/carnivore

Computer PrivacyComputer Privacy

© Joe CleetusConcurrent Engineering Research Center,

Lane Dept of Computer Science and Engineering, WVU

55

PrivacyPrivacy

What is privacy?How is it determined?

– To determine and define what privacy is, we must look at current law, case precedence, and public opinion

56

Constitutional SearchConstitutional Search

4th Amendment of the U.S. Constitution“The right of the people to be secure in their

persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. ”

57

PrivacyPrivacy

What websites are you visiting?– Wireless internet

Where are you?– GPS cell phones, vehicles with OnStar

What and where are you purchasing?– Credit cards

Bluetooth- and RFID-enabled devices and clothing

58

Security and PrivacySecurity and Privacy

Security is a wider Concept Security of Information embraces:

– Confidentiality– Integrity– Availability

Achieving Security involves People, Procedures, and Technology

The same is true for Privacy

59

Laws and Policies govern PrivacyLaws and Policies govern Privacy

Privacy is no longer a vague concept It has been legislated A body of case law existsFederal laws, State Laws, Supra-national

lawsEven the US Constitution has a bearingLastly, companies have Policies

60

Topical RelevanceTopical Relevance

Massive on-line databases of people Extensive on-line interactions between

companies Millions of daily transactions between

companies and customers

Who owns all this, and who has a need to know?

61

Motivation for CompaniesMotivation for Companies

Maintain competitive edge

Ensure legal compliance

Enhance company image

Privacy is a requirement – not a customer delight

62

Many Privacy Rights are embedded in Many Privacy Rights are embedded in Criminal StatutesCriminal Statutes

US Mail

Telephone conversation

Library borrowing

Bank records

Student records

Etc.

Federal and States

63

Plethora of LawsPlethora of Laws

FERPA

– Student records

ECPA Electronic Communications Privacy Act

– Most basic act for access, use, disclosure, interception

and privacy of electronic communications

Section 208 of The E-Government Act

– Federal agencies should protect PII collected

64


HIPAA Health Information Portability and Accountability

Act – Medical records

Gramm-Leach Bliley Act – protects consumers’ personal financial information held by

financial institutions.

The (Federal) Privacy Act of 1974 – FTC approved “fair information practices” that are widely accepted

principles of privacy protection

65


Section 208 of The E-Government Act – Federal agencies should protect PII (personally Identifiable Information)

collected

Sarbanes-Oxley – accounting fraud

– securities-law violations

– Enhanced penalties for white collar crime

– executives directly responsible for problems

– Accurate records to be maintained for 5 years

Basel II

66


CAN-SPAM Act

– Has not yet succeeded in reducing unwanted e-mail

– New measures being agreed on by MS, Amazon,

Brightmail, etc to filter spam

Massachusetts court decided that ISPs may read

subscribers’ messages

– But all major ISPs disavowed any desire to read e-mail

67

Patriot ActPatriot Act

USA Patriot Act

– Negates almost every privacy prescription heretofore

stated, under special circumstances

– The circumstances are not tightly defined

– Hence, Governmental abuse is expected & has

happened

– Not only allows the Government to violate Privacy, but

mandates that companies collude in this

Is this the anti-law of Privacy?

68

Cookies and PrivacyCookies and Privacy

Simply surfing makes you the target of spyware

Cookies placed on your computer can

– Profile your on-line behavior

– Track websites you have visited

– Trigger targeted pop-up ads

– Record search terms and form entries

Security scanners like Spybot and Zone Labs can detect and

remove such intrusive cookies

Try a free scan on your computer and see what you get:

– http://download.zonelabs.com/bin/free/cm/index4.html

69

Surfing DangersSurfing Dangers

Simply surfing can have your browser‑driven online financial

security information stolen:– http://www.eweek.com/article2/0,1759,1618052,00.asp

The attacker uploaded a small file with JavaScript to infected

Web sites and altered the Web server configuration to append

the script to all files served by the Web server (IIS). – No anti-virus program would stop it,

– no firewall would slow it down and

– no shipping IE security patch would even notice it.

– Visit the page, get the infection. It was that simple.

70

Surfing Dangers - SolutionSurfing Dangers - Solution

Use Firefox (browser component of Mozilla, open

source)

That’s the recommendation of CERT

– http://www.mozilla.org/products/firefox/

You may not enjoy Active X (MS specific code in

some web-sites)

71

ISO/IEC 17799ISO/IEC 17799

Standard based on BS 7799

– Important, detailed, complex standard

– Covers People, Process and Technology

– A wide-ranging document on Information Security

– Has numerous recommendations in detail

– Companies can be certified against this standard

72

Understanding and Implementng ISO/IEC Understanding and Implementng ISO/IEC 1779917799

Start with Toolkit

– Full ISO17799 compliant information security policies

– Disaster recovery planning kit

– Road map for certification

– Audit kit (checklists, etc) for a modern network system

– Comprehensive glossary of information security

– Business impact analysis questionnaire

http://www.iso17799-made-easy.com/

73

Privacy Under FirePrivacy Under Fire

Patriot Act– 6 month wiretap without court order

“Patriot Act 2”– More expansive laws than Patriot Act

Privacy vs. Freedom of Information Act– School and University e-mails

Privacy vs. general public good– Your best interests vs. 10 million+ peoples’

74

Laws Protecting PrivacyLaws Protecting Privacy

4th Amendment of the U.S. ConstitutionElectronic Communications Privacy ActHIPAAIntellectual Property laws

– Copyright– Trademark

75

Search WarrantsSearch Warrants

Obtained by law enforcement by testifying to an uninvolved public agent of judicial review naming– The crime being investigated under probable

cause– The specific location(s) to be searched– The items and names of persons to be seized

76


Search warrants do not solely apply to physical domains

Also apply to wire taps, either phone or network

Patriot Act expands the powers of law enforcement, allowing for easier granting of warrants requesting wire tap access

77


Must be clear and conciseItems seized must be listed or at least

covered in the text of the warrantErrors or omissions may result in evidence

being thrown out of court

78

SubpoenasSubpoenas

Subpoena –The process by which a court orders a witness to appear (and sometimes present evidence) at a judicial proceeding and produce certain evidence for purposes of discovery

For example, using ISP connection logs to determine a particular subscriber’s identity

79

Court OrdersCourt Orders

Court Orders – Official judge’s proclamation requiring or authorizing the carrying out of certain steps by one or more parties to a case

For example, using a packet-sniffer on an ISP’s router to collect all packets coming from a particular IP address to reconstruct an AIM session.

80

Chain of CustodyChain of Custody

Begins with seizure of items during the execution of the search warrant

Accounts for every minute the items are in custody

Must be maintained from seizure through court appearance

Failure to maintain chain of custody may result in inadmissibility of evidence

81

Chain of CustodyChain of Custody

Important for businesses as a case may end up in court

Failure to adequately show computer or item did not have an opportunity to be tampered with may result in an unfavorable judgment

82

VideoVideo

“Search and Seizure”– U.S. Secret Service

83

SummarySummary

Many legal issues facing technology and computer forensics from start of investigation through court testimony

Complexities and adaptability of technology also potentially create a myriad of issues

Following well-documented procedures for obtaining and handling evidence

84


US Department of Labor / Office of Administrative Law Judges www.oalj.dol.gov/faq19.htm - Supoena Form

Cyberlaw: Problems of Policy and Jurisprudence in the Information Age – Patricia L. Bellia, Paul Schiff Berman, David G. Post, Thomson/West 2003

4th Amendmenthttp://caselaw.lp.findlaw.com/data/constitution/amendment04/

IEEE Code of Ethics

http://www.ieee.org/portal/index.jsp?pageID=corp_level1&path=about/whatis&file=code.xml&xsl=generic.xsl

COPS.org Code of Ethicshttp://www.cops.org/ethics.htm

Court Orderhttp://www.wordiq.com/definition/Court_order

Computer forensics law and privacy

Technology

Transcript of Computer forensics law and privacy