May 11, 2009 Golden Gate University EFF 2009 Bootcamp 2.0 Best Practices for OSPs: Law Enforcement Information Requests Kurt Opsahl, Senior Staff Attorney.

Slides:



Advertisements
Similar presentations
Key New Surveillance Provisions Professor Peter P. Swire Ohio State University Privacy 2001 Conference October 4, 2001.
Advertisements

Paul Ohm Associate Professor, CU Law Initiative Director, Silicon Flatirons December 4, 2009.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Confidentiality and HIPAA
COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.
HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
NAU HIPAA Awareness Training
Are you ready for HIPPO??? Welcome to HIPAA
Responding to Subpoenas Springfield Metropolitan Bar Association Doug Healy March 25, 2013.
Criminal Procedure for the Criminal Justice Professional 11 th Edition John N. Ferdico Henry F. Fradella Christopher Totten Prepared by Tony Wolusky Searches.
CALEA Compliance in 2006 H. Michael Warren Vice President, Fiduciary Services NeuStar, Inc February 2006.
NC State University - March David Drooz1 USA PATRIOT Federal anti- terrorism law Effective October 26, 2001 December 31, 2005, sunset for some of.
USA PATRIOT Act and Libraries Eric Johnson & Rodney Clare Jackman Sims Memorial Library.
The Patriot Act And computing. /criminal/cybercrime/PatriotAct.htm US Department of Justice.
Responding to Cybercrime in the Post-9/11 World Scott Eltringham Computer Crime and Intellectual Property Section U.S. Department of Justice (202)
Chapter 15 Counter-terrorism. Introduction  United and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism.
Policing the Internet: Higher Education Law and Policy Rodney Petersen, Policy Analyst Wendy Wigen, Policy Analyst EDUCAUSE.
1 GRAND VALLEY STATE UNIVERSITY FAMILY EDUCATIONAL RIGHTS & PRIVACY ACT (FERPA) TRAINING OFFICES OF THE REGISTRAR AND UNIVERSITY COUNSEL JANUARY 20, 2009.
1 ISPs and Federal Privacy Law: Everything You Need to Know About the Electronic Communications Privacy Act (ECPA) Mark Eckenwiler Computer Crime and Intellectual.
Chapter 10 Privacy and the Police State. Governmental Intrusion into Individual Privacy Affects written and oral communications Data-GPS coordinates Fourth.
GOVERNMENT ACCESS TO ELECTRONIC COMMUNICATIONS – UPDATING THE RULES EDUCAUSE Live! June 9, 2010 James X. Dempsey Center for Democracy & Technology 1.
Data Retention LIS 550 Winter 2010 Unsworth Tuesday, March 02, 2010.
1 Chapter 15 Search Warrants. 2 Search warrants fall under the 4 th Amendment Search warrants fall under the 4 th Amendment The police must have “probable.
INTERNET and CODE OF CONDUCT
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
HIPAA Health Insurance Portability & Accountability Act of 1996.
Class 7 Internet Privacy Law Your Digital Afterlife.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
“Internet” and “Operator” (COPPA Statute) InternetOperator Collectively the myriad of computer and telecommunications facilities, including equipment.
Allows FBI to request (from FISA court judges) access to certain business records, including Common carriers (airlines, bus companies, and others in the.
Office of General Counsel Princeton University FERPA Issues for Princeton Administrators
1 Marc J. Zwillinger Elizabeth Banker Zwillinger Genetski LLP April 7, 2011.
(Edited) WORKPLACE PRIVACY.
7. Legal. Topics Fourth Amendment E-Discovery Duty to Preserve Private Searches ECPA Searching With & Without a Warrant.
Federal Bureau of Investigation
Class 11 Internet Privacy Law Government Surveillance.
Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.
HIPAA PRIVACY AND SECURITY AWARENESS.
HIPAA The Privacy Rule Health Insurance Portability and Accountability Act of 1996 (HIPAA) The 104 th Congress passed the Act, Public Law ,
1 Disclosures © HIPAA Pros 2002 All rights reserved.
Internet regulation National limits of Internet Content.
Investigating Cybercrime DATALAWS Information Technology Law Consultants Presented by F. F Akinsuyi (MSc, LLM)MBCS.
Working Effectively with Law Enforcement: How to Protect the Privacy of Your University Community Without Going to Jail Michael Corn Director, Security.
Privacy and the Civil Commitment Process Allyson K. Tysinger Assistant Attorney General June 4-5, 2008.
Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.
The right item, right place, right time. DLA Privacy Act Code of Fair Information Principles.
HIPAA BASIC TRAINING Presented by Anderson Health Information Systems, Inc.
Confidentiality A Training Without the Video. Laws FERPA (1976) or the Buckley Amendment (1994) IDEA (1991) KY Safe Schools (1998)
Rhonda Anderson, RHIA, President  …is a PROCESS, not a PROJECT 2.
1 The Broader Picture Laws Governing Hacking and Other Computer Crimes Consumer Privacy Employee Workplace Monitoring Government Surveillance Cyberwar.
October 10, 2007 Fenwick & West Conference Center EFF 2007 Bootcamp 2.0 Best Practices for OSPs: Law Enforcement Information Requests Kurt Opsahl, Senior.
An Introduction to the Privacy Act Privacy Act 1993 Promotes and protects individual privacy Is concerned with the privacy of information about people.
Chapter 14 USA Patriot Act, Foreign Intelligence and Other Types of Electronic Surveillance Covered by Federal Law "Big Brother in the form of an increasingly.
HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.
Sharing Information (FERPA) FY07 REMS Initial Grantee Meeting December 5, 2007, San Diego, CA U.S. Department of Education, Office of Safe and Drug-Free.
Internet Privacy Define PRIVACY? How important is internet privacy to you? What privacy settings do you utilize for your social media sites?
COMMUNITY-WIDE HEALTH INFORMATION EXCHANGE: HIPAA PRIVACY AND SECURITY ISSUES Ninth National HIPAA Summit September 14, 2004 Prepared by: Robert Belfort,
Chapter 8 Data Privacy. Data Collection IP addresses Visited urls Anonymized? If so, supposed to prevent personal identification Europe considers IP address.
What is HIPAA? Health Insurance Portability and Accountability Act of HIPAA is a major law primarily concentrating on the prolongation of health.
HIPAA Training Workshop #3 Individual Rights Kaye L. Rankin Rankin Healthcare Consultants, Inc.
Surveillance around the world
Courts System Search Warrants.
Networking 2002 USA-Patriot Act Tracy Mitrano Cornell University
Protection of CONSUMER information
How Does Electronic Surveillance Work Legally?
An Introduction to Public Records Office of the General Counsel
Current Privacy Issues That May Affect Your Credit Union
FERPA For New Faculty Lawrence F. Glick Sr. Associate General Counsel
Presentation transcript:

May 11, 2009 Golden Gate University EFF 2009 Bootcamp 2.0 Best Practices for OSPs: Law Enforcement Information Requests Kurt Opsahl, Senior Staff Attorney Kevin Bankston, Staff Attorney

May 11, 2009 Golden Gate University EFF 2009 Bootcamp 2.0 What kind of best practices? Intermediaries that enable online speech can also become chokepoints to cut off that speech Best practices for responding to –Law enforcement information requests –Civil subpoenas in a manner that protects ISPs and users

May 11, 2009 Golden Gate University EFF 2009 Bootcamp 2.0 Overview: Responding to Legal Information Requests How is your ISP classified under the law? What information does your ISP have and what may be sought? What legal process must be provided? What procedures should your ISP employ in responding to requests?

May 11, 2009 Golden Gate University EFF 2009 Bootcamp 2.0 Best Practices Best practices: –Require proper legal process –minimize logging –develop policy for user notice –establish record retention policy –internal training

May 11, 2009 Golden Gate University EFF 2009 Bootcamp 2.0 What type is your ISP under ECPA? The Electronic Communications Privacy Act defined two types of ISPs: Electronic Communications Service to the extent you permit users to communicate with each other Remote Computing Service to the extent you permit users to store communications or other information

May 11, 2009 Golden Gate University EFF 2009 Bootcamp 2.0 What Information Do You Have? Some things are obvious like Log Files, but not what they contain May also store , User ID, Connection Info, Search Queries, URLs, Cookies, Unique Identifiers and IP Addresses Other things?

May 11, 2009 Golden Gate University EFF 2009 Bootcamp 2.0 Do You Need the Logs? If you don’t have it, you can’t be forced to produce it Can reduce compliance costs by minimizing information retained Keep minimum logs for needs, and regularly delete unneeded information

May 11, 2009 Golden Gate University EFF 2009 Bootcamp 2.0 Background: ECPA, SCA, Title III and FISA Electronic Communications Privacy Act Stored Communications Act Title III is the Wiretap Act Foreign Intelligence Surveillance Act

May 11, 2009 Golden Gate University EFF 2009 Bootcamp 2.0 Background: ECPA Electronic Communications Privacy Act amended the Wiretap Act to cover electronic communications (i.e. ) –SCA is part of ECPA

May 11, 2009 Golden Gate University EFF 2009 Bootcamp 2.0 Background: SCA The Stored Communications Act, regulates when an electronic communication service provider may disclose the contents of or other information about a customer’s s and other electronic communications to third parties. –Contents of communications may not be disclosed to civil litigants even when presented with a civil subpoena.

May 11, 2009 Golden Gate University EFF 2009 Bootcamp 2.0 Background: Title III Title III makes it unlawful to listen to or observe the contents of a private communication without the permission of at least one party to the communication and regulates real-time electronic surveillance in federal criminal investigations. –Many states require all party consent

May 11, 2009 Golden Gate University EFF 2009 Bootcamp 2.0 Background: FISA The Foreign Intelligence Surveillance Act authorizes federal agents to conduct electronic surveillance, as part of a foreign intelligence or counterintelligence investigation, without obtaining a traditional, probable-cause search warrant

May 11, 2009 Golden Gate University EFF 2009 Bootcamp 2.0 Classification of Information Basic Subscriber Information (name, address, equipment identifier such as temporary IP address, and means and source of payment) Other Information (clickstream, location) Wiretap, Pen Register or Trap and Trace Content - Real Time and Stored

May 11, 2009 Golden Gate University EFF 2009 Bootcamp 2.0 Records of Videos Watched The most highly protected piece of personal information under the law: –“information which identifies a person as having requested or obtained specific video materials or services from a video tape service provider” Not limited to “tapes”, includes a/v material Must be destroyed “as soon as practicable, but no later than one year from the date the information is no longer necessary” Contact your legal counsel before disclosure pursuant to legal process

May 11, 2009 Golden Gate University EFF 2009 Bootcamp 2.0 Location Information Majority of courts require probable cause warrants for disclosure of real-time or prospective location information –DOJ asserts a lower standard Contact your legal counsel before disclosure

May 11, 2009 Golden Gate University EFF 2009 Bootcamp 2.0 Legal Standards Basic Subscriber Information: Subpoena or better (Gov’t may not use civil subpoena) Other Information: 2703(d) order or better Dialed digits: Pen Register or better Real Time Content: Title III order Stored Content < 180 days: search warrant Stored Content > 180 days: subpoena or better Video records: Warrant or court order

May 11, 2009 Golden Gate University EFF 2009 Bootcamp 2.0 Exception: Emergency Cases Customer Information/Content Standard: ISP reasonably believes that an emergency involving immediate death or serious physical injury to any person requires disclosure of contents or justifies disclosure of records –Get the justification in writing

May 11, 2009 Golden Gate University EFF 2009 Bootcamp 2.0 National Security Letters FBI may compel the production of "subscriber information and toll billing records information, or electronic communication transactional records" through National Security Letters. –Generally NSLs must be kept secret –May contact legal counsel.

May 11, 2009 Golden Gate University EFF 2009 Bootcamp 2.0 FISA Orders Pursuant to FISA, the gov’t may provide FISA court order or other process under the FISA Amendments Act –Contact legal counsel –EFF would love to challenge the FAA

May 11, 2009 Golden Gate University EFF 2009 Bootcamp 2.0 A visit by Suits with Shades If you get a personal visit from Law Enforcement, call your company’s lawyer. –Often, just an informal request for assistance –Safest course is to get legal counsel early

May 11, 2009 Golden Gate University EFF 2009 Bootcamp 2.0 Provide Notice to Users Best practice is to provide notice where possible - let user move to quash LEAs need an order to prevent notice on subpoenas Notice may be delayed under ECPA

May 11, 2009 Golden Gate University EFF 2009 Bootcamp 2.0 Backup Preservation Any LEA can request by any means Notify LEA, but do not deliver info LEA notifies user - starts 14 day clock for user objection Absent objection, must provide data upon receipt of proper process

May 11, 2009 Golden Gate University EFF 2009 Bootcamp 2.0 Reimbursement Yes for subpoenas Yes for technical assistance (not required to redesign, just help) Yes for special requirements, backup preservation, etc Yes for all civil requests

May 11, 2009 Golden Gate University EFF 2009 Bootcamp 2.0 Provider Exception Provider exception grants service providers the right "to intercept and monitor [communications] placed over their facilities in order to combat fraud and theft of service."

May 11, 2009 Golden Gate University EFF 2009 Bootcamp 2.0 Accessible to Public Privacy laws have an exception for electronic communication made through a system "that is configured so that... [the] communication is readily accessible to the general public.” –If information sought by LEA is publicly available, you can tell them to get it themselves –In some cases authentication may be required

May 11, 2009 Golden Gate University EFF 2009 Bootcamp 2.0 Penalties and Safe Harbors May face lawsuits for improper disclosure You are protected from civil actions if you rely in “good faith” upon appropriate legal process Do not disclose information without being sure you have the right process

May 11, 2009 Golden Gate University EFF 2009 Bootcamp 2.0 Parting Thoughts Always get it in writing to preserve immunities Your ISP is not the agent of an LEA State and Local rules may be more strict If in doubt, ask the lawyers

May 11, 2009 Golden Gate University EFF 2009 Bootcamp 2.0 Help Us Help You Let us know when you receive questionable over-reaching requests

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.