Prescription for Criminal Justice Forensics

The government has all but declared a national state of emergency regarding computer-related crimes and has effectively declared war on the perpetrators of such crimes. But what does the government’s new- found zeal in this area portend for the right to privacy?

To what extent is the government using traditional law enforcement tools in ways that push the boundaries of the long-accepted contours of the Fourth Amendment?

To what extent is the government deploying new technologies and techniques to investigate computer-related crimes (and even non-computer crimes) in ways that place Fourth Amendment protections under threat?

This panel will explore the ways in which the government’s efforts to bring the fight to cyber and other criminals may bring the government into homes, offices, and other private spaces in ways never before envisioned. It will further explore whether Fourth Amendment law as we know it is up to fending off this looming threat.

Discussion of overarching legal issues. United States v. Jones. If central tenets of the "mosaic theory" of privacy (e.g, focusing more on the aggregation and use of personal data vs. collection methods) are adopted by courts, how will that practically impact government investigations and criminal litigation (and discovery)?

Privacy construct: There are 3 actors that can negatively impact privacy: governments, hackers or corporations. Who is most likely to be overzealous?

Hypothetical: Vulnerable Bank receives a call from a customer complaining that $1000 was improperly debited from his account. Vulnerable investigates and determines that a counterfeit cash card was used to deduct the funds.

Vulnerable decides to report the incident to the U.S. Attorney’s Office.

It turns out the same counterfeit debit card was used at an internet café an hour after the withdrawal to pay for wi-fi service, and the user logged into the wi-fi service with a Gmail address.

The in the Gmail account is stored by Google.

In reviewing opened s from the Gmail account, the government comes across s discussing rapid buying and selling activity in the stock of two companies -- Pumper Company and Dumper Company. According to a multi- agency law enforcement database [internal note: this is a hypothetical after all.... ;) ], KS, a broker dealer, has informed the SEC and the FBI that KS’s clients reported account intrusions. Additional broker dealers reported similar activity. In the compromised customer accounts, the existing shares of Pumper Company and Dumper Company were liquidated and the funds were used to purchase shares in the same stocks that were the subject of the stock manipulation. The FBI was also contacted by Spamhaus, a spam monitoring organization. Spamhaus revealed that the same stock was promoted by a concerted spam campaign perpetrated through a botnet.

To confirm the stock purchases from the compromised accounts, the perpetrators made calls to the broker dealers from cellular telephones. The broker dealers have phone and IP logs for the compromised accounts.

The SEC identified accounts that appears to profit from the stock manipulation and the FBI has IP addresses and addresses associated with those accounts. The FBI now wants to locate the person that hacked into the brokerage account. A “who is” lookup reveals that the IP address may have come from a proxy server.

International Issues: The investigation has led overseas. The account user is not a U.S. citizen and lives in Ukraine.

Other Issues National Security Matters: What about National Security Letters (NSLs)? Currency issues related to cybercrime? Privacy: Amount of Data The Future of Privacy