Presentation is loading. Please wait.

Presentation is loading. Please wait.

Legal Issues with Monitoring and Collection Evidence

Published byArchibald Daniels Modified over 6 years ago

Similar presentations

Presentation on theme: "Legal Issues with Monitoring and Collection Evidence"— Presentation transcript:

1 Legal Issues with Monitoring and Collection Evidence

2 Laws that Affect Cyber Security -2
So let's get into the Constitution. What's interesting about the Constitution is that these amendments were written 200-some years ago, so they never dreamt that there would be an internet or anything remotely resembling what they're being applied to today, yet the internet and its technologies are being overlaid into what the intent of these amendments were.

3 Laws that Affect Monitoring and Collection -1
The 4th Amendment, and I'm going to just mention both of these briefly, any one of these legal topics could be the subject of an entire course in and of themselves, I'm just going to try to give you some of the key points that kind of make the issues more relevant for you. The 4th Amendment deals with, anybody? Student: Actually against illegal search and seizures. Yeah, unreasonable search and seizures, and there's a famous case called the Katz case, and it's the Katz Standard today, there's two elements that the courts will consider when dealing with the reasonableness of an actual search warrant, one is being was there a subjective expectation of privacy, meaning did the person take extraordinary means to protect their privacy, and the second element is will the general public recognize that as acceptable, those are the standards that get applied to it. Now what's interesting about the 4th Amendment is that initially it was written to deal with someone's home, the curtilage of someone's home, but over the years and over the interpretations and the court cases it's extended beyond the home, so although computer disks in your possession, your office computer, the files you store locally, there is some 4th Amendment protection on those elements, not always, but there is protection that extend beyond someone's home. So there is an element to just going in and looking at something, you don't have the right as a network administrator to just do what you want to do, there is issues about the 4th Amendment. Now it's a very complicated thing, and the general rule is to first understand whether or not it applies to you and your organization, so the question is are you considered a government underneath the interpretation of the 4th Amendment because it only applies to government action. The second is the 5th Amendment. What's interesting about the 5th Amendment is that the courts have extended the 5th Amendment protections to encryption, so you cannot be compelled to provide your private key to decrypt a message underneath the 5th Amendment, which provides against self-incrimination, so you do not have to testify against yourself in open court, or the court has also decided that you cannot be compelled to produce your private key, from memory, if it's written down some place and someone finds it, game over, but if you don't write down that pass phrase to your PGP key nobody can force you to tell them what it is, so that presents a lot of unique issues and networks and that's why you see policies against encryption and different things like that because you cannot be forced to disclose what that key is.

4 Laws that Affect Monitoring and Collection -2
So we're going to jump into Statutory Law right now. And there's really two tracks within Statutory Law, one is going to be Real-Time Communication, and the second one is Stored Communication, and what I want to do now is I want to switch over and I want to do a quick walk-through of encapsulation, everybody familiar with the Seven Layer OSI Model? Well it's going to be important to understand that right now as it relates to federal law because the current laws first of all don't mention the word "internet," "packet network," or anything technical anywhere in the statutes, they're very confusing to read and they really don't cite specific instances. For our understanding today what I'm going to show you doesn't really exist in any legal documents anywhere, this is what we did at DOJ when I was an agent there, and that's what the current policy is, understanding the OSI Model as it relates to these laws, where the breakdown between content and non- content is within the statute, because when you're talking about real-time communication the statutes are broken into two categories, the Wiretap Act deals specifically with the content, so in other words if you're on a telephone talking to somebody the content would be the words being transmitted across the line, the signaling information, the caller data, the to and from information, that's the Pen/Trap and Trace Statute that deals with the non-content. So there's really two breakdowns in content and non-content, and then Stored Electronic Communications breaks it down into a different understanding, so before we get into the second part let's get the overhead here and turn our doc camera on and look at it. Here's a little OSI stack right here. Now what the Wiretap Act in theory, now this is my opinion, and this is what we did in practice because there is no bright line within the law, that we have the Wiretap, the Pen/Trap and Trace. The intent of the Wiretap is to protect the privacy of the communication, the oral transmission on the telephone lines, your voice being carried across the line, well in the internet world that's going to be Layers 7, 6 and 5, although 6 and 5 aren't really used, but the Layer 7, that application layer is where the data lives, that's that protected content, so this is the content. And then down here is the non-content. So when you're talking about the Pen/Trap and Trace Statutes, when we give scenarios about looking at pack and header information, you're talking about the Pen/Trap and Trace, so whether you're allowed or not allowed to collect the type of information is going to be granted to you by the Pen/Trap and Trace Statute, whether you're allowed or not allowed to cover this information up here is by the Wiretap. Now let me ask you a technical question, where do you think tools like URL scanners would fit in underneath this OSI Model? Student: And the content. Content, that's right. Now what about a tool like Argus for Netflow, just looking at the Netflow? Student: Non. Non-content. So typically we just run URL scanners on our networks and don't really consider any kind of legal authority to do that, but actually the Wiretap Act does grant you permission underneath the Provider Exception to do that. Not many people realize that there are laws that restrict those types of activities, but there's also exceptions to them for normal business procedures, and we're going to talk a little more about that when we go forward, but it's important to keep this in your mind when we're talking about these different statutes. Any questions about this? Student: Without getting into too much detail, the Pen/Trap and Trace, what does that stand for, what does that mean? Penetration? No, the Pen/Trap and Trace Statute, when you read it, the Pen register and Trap and Trace components are two separate issues, and there's two or three more slides ahead of me, but essentially without getting too far ahead of ourselves, Pen Register information is outgoing information, again this is where the internet doesn't really map to the statute, because on telephones you can have a Pen Register on someone's phone and record the tones going out, so when they're trying to make a phone call only the destination information is there, the return person's number doesn't show up on the Pen Register, on the Trap and Trace you're trapping everything coming into the network, but in the internet we know that both of those informations live together in that Layer 3, 4 and 2 trapper, it's where there's not really a clear mapping between the two. Now this breakdown right here, nowhere does it say anything like this in the statute, but this is technically as an internet professional, or as a network professional, looking at that OSI Model, this is the data up here, and this all gets encapsulated as it goes down, so this will help you understand the statute, so when you're back in your jobs and doing this in the real world, when you start interfacing with council about policy decisions it's important to understand how the laws are applied, or more importantly how the laws interpret current technology, and this is the current interpretation right here. Without any more questions we'll switch back over to our-- there we go. So that kind of explains this portion of how the statutes are broken down, now the Stored Electronic Communication Act deals with stored information and the content of the stored information would be the actual , the actual voic , and the non-content would be any subscriber information, where it was received from, how long it's been there, all of the other information surrounding the actual content. So we'll talk about each one of these in some depth. Any questions so far, you guys are okay, you're getting it? As my friend Chris would say, where is the love in the room?

5

6 Laws that Affect Monitoring and Collection -3
All right, now this is just a breakout of the OSI Model that kind of talks what type of information lives in each one of these headers, and it breaks out content and non-content. Again, you can see the non-content portion, that's going to be the Pen/Trap and Trace, all that information is governed by the Pen/Trap and Trace, and the actual content up here in the data is governed by the Wiretap Act, it's just another visual aid to help you understand it. What's interesting is that when I was an agent we were allowed to collect the first 64 bytes of data on Pen/Trap and Trace Statutes, when we had a Pen/Trap and Trace order we were allowed to collect the first 64 bytes of data, that was DOJ's policy. When you look at how big the header fields are you're jumping in a little bit to the data field, so there is ambiguity, it depends on the type of protocol and the type of network you're on, but as I speak today the current understanding is the first 64 bytes, where that number came up, from and who created it, I don't know, but that's the current policy. Student: My question is how did you all get around that, if you jumped to the content how did you all get around that particular? Well for example, we would use various tools to collect mostly commercial stuff and we would just put in in that field 64 bytes, that's all we would collect, and so we wouldn't collect anything past the first 64 bytes that came over the wire, and anything that happened in that first 64 bytes we were allowed to view as part of Pen/Trap and Trace data. If you went beyond that 64 bytes you were in the realm of the Wiretap Act and unless you had a court order or you were underneath one of the exceptions you could be prosecuted for felony convictions for violating it. Yes? Student: Sir I have a question on the counterpart to that. If you had the Wiretap and not the Pen/Trap and Trace would you have to start at the 65th byte? No, if you're allowed to get content anything before it is fair game, though it's kind of a more restrictive, so if you have the Wiretap Act anything below it you can get, so if you're allowed to get the content you can get everything as well, but not vice versa. Is that clear?

Download ppt "Legal Issues with Monitoring and Collection Evidence"

Similar presentations

SEARCH AND SEIZURE: COMPLICATED BY TECHNOLOGY

SEARCH AND SEIZURE: COMPLICATED BY TECHNOLOGY
Paul Ohm Associate Professor, CU Law Initiative Director, Silicon Flatirons December 4, 2009.

Paul Ohm Associate Professor, CU Law Initiative Director, Silicon Flatirons December 4, 2009.
Word List A.

Word List A.
Criminal Procedure for the Criminal Justice Professional 11 th Edition John N. Ferdico Henry F. Fradella Christopher Totten Prepared by Tony Wolusky Searches.

Criminal Procedure for the Criminal Justice Professional 11 th Edition John N. Ferdico Henry F. Fradella Christopher Totten Prepared by Tony Wolusky Searches.
The Bill of Rights.

The Bill of Rights.
Fifth Amendment No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except.

Fifth Amendment No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except.
The Patriot Act And computing. /criminal/cybercrime/PatriotAct.htm US Department of Justice.

The Patriot Act And computing. /criminal/cybercrime/PatriotAct.htm US Department of Justice.
1 Fourth and Fifth Amendments Police State – country where military or law enforcement are in power and abuse power Warrant – document that gives law enforcement.

1 Fourth and Fifth Amendments Police State – country where military or law enforcement are in power and abuse power Warrant – document that gives law enforcement.
Web Security A how to guide on Keeping your Website Safe. By: Robert Black.

Web Security A how to guide on Keeping your Website Safe. By: Robert Black.
Copyright Myths. If it doesn't have a copyright notice, it's not copyrighted. This was true in the past, but today almost all major nations follow the.

Copyright Myths. "If it doesn't have a copyright notice, it's not copyrighted." This was true in the past, but today almost all major nations follow the.
Privacy Framework for Monitoring Social Media Professor Peter Swire Ohio State University & Future of Privacy Forum National Academy of Sciences Public.

Privacy Framework for Monitoring Social Media Professor Peter Swire Ohio State University & Future of Privacy Forum National Academy of Sciences Public.
IT’S GREAT TO HAVE YOU HERE!!! WELCOME TO MY CLASSROOM!!!

IT’S GREAT TO HAVE YOU HERE!!! WELCOME TO MY CLASSROOM!!!
Jeopardy Computer Internet Policy & Legal Potpourri Q $100 Q $200 Q $300 Q $400 Q $500 Q $100 Q $200 Q $300 Q $400 Q $500 Final Jeopardy.

Jeopardy Computer Internet Policy & Legal Potpourri Q $100 Q $200 Q $300 Q $400 Q $500 Q $100 Q $200 Q $300 Q $400 Q $500 Final Jeopardy.
The Basics The Constitution is the highest law in the United States. All other laws come from the Constitution. It says how the government works. It creates.

The Basics The Constitution is the highest law in the United States. All other laws come from the Constitution. It says how the government works. It creates.
Ethics in Computers. Top 12 Ways to Protect Your Online Privacy 1) Do not reveal personal information inadvertently 2) Turn on cookie notices in your.

Ethics in Computers. Top 12 Ways to Protect Your Online Privacy 1) Do not reveal personal information inadvertently 2) Turn on cookie notices in your.
Why the Data Protection Act was brought in  The 1998 Data Protection Act was passed by Parliament to control the way information is handled and to give.

Why the Data Protection Act was brought in  The 1998 Data Protection Act was passed by Parliament to control the way information is handled and to give.
1 The Broader Picture Laws Governing Hacking and Other Computer Crimes Consumer Privacy Employee Workplace Monitoring Government Surveillance Cyberwar.

1 The Broader Picture Laws Governing Hacking and Other Computer Crimes Consumer Privacy Employee Workplace Monitoring Government Surveillance Cyberwar.
IM NETWORK MEETING 20 TH JULY, 2010 CONSULTATION WITH 3 RD PARTIES.

IM NETWORK MEETING 20 TH JULY, 2010 CONSULTATION WITH 3 RD PARTIES.
E-Safety. A great place… Image by: Shutterstock/nasirkhan As we have discussed over the last few lessons, the Internet is a great tool for sharing information,

E-Safety. A great place… Image by: Shutterstock/nasirkhan As we have discussed over the last few lessons, the Internet is a great tool for sharing information,
“ 10 Big Myths about Copyright Explained” By: Brad Templeton Presented By: Nichole Au December 6, 2007.

“ 10 Big Myths about Copyright Explained” By: Brad Templeton Presented By: Nichole Au December 6, 2007.

Similar presentations

Ads by Google