Presentation is loading. Please wait.

Presentation is loading. Please wait.

It’s a Computer, M’Lud! Neil Barrett. Introduction The law and computers The law and computers The nature of computer evidence The nature of computer.

Published byEstella Doyle Modified over 9 years ago

Similar presentations

Presentation on theme: "It’s a Computer, M’Lud! Neil Barrett. Introduction The law and computers The law and computers The nature of computer evidence The nature of computer."— Presentation transcript:

1 It’s a Computer, M’Lud! Neil Barrett

2 Introduction The law and computers The law and computers The nature of computer evidence The nature of computer evidence Obtaining evidence from computers Obtaining evidence from computers Preparing statements for court Preparing statements for court The role of the expert witness The role of the expert witness Courtroom experience Courtroom experience Current defence strategies and tactics Current defence strategies and tactics The future for computer evidence The future for computer evidence

3 The Law and Computers Computer Misuse Act 1990 Computer Misuse Act 1990 Data Protection Act 1998 Data Protection Act 1998 Laws of Pornography Laws of Pornography Obscene Publications Act 1959 Obscene Publications Act 1959 Protection of Children Act 1978 Protection of Children Act 1978 Criminal Justice Act 1988 Criminal Justice Act 1988 Laws of ‘Harm’ Laws of ‘Harm’ Theft Act 1968/1978 Theft Act 1968/1978 Offences Against the Person Act 1861 Offences Against the Person Act 1861

4 Computer Misuse Act 1990 Data is not ‘Property’ Data is not ‘Property’ Oxford v Moss 1978 Oxford v Moss 1978 “Confidential information is not property” “Confidential information is not property” Accessing a computer illicitly is not ‘Fraud’ Accessing a computer illicitly is not ‘Fraud’ R v Gold 1988 R v Gold 1988 A password is not a ‘false instrument’ A password is not a ‘false instrument’ Judicial review produces a new law Judicial review produces a new law

5 Computer Misuse Act 1990 (2) Section 1 – Unauthorised Access Section 1 – Unauthorised Access An offence to access a computer knowing that the access is not authorised An offence to access a computer knowing that the access is not authorised Summary offence; 6 months and/or £5,000 Summary offence; 6 months and/or £5,000 Section 2 – Unauthorised Access with Intent Section 2 – Unauthorised Access with Intent An offence to commit Section 1 with intent to commit a further arrestable offence An offence to commit Section 1 with intent to commit a further arrestable offence Arrestable offence; 5 years and/or £unlimited Arrestable offence; 5 years and/or £unlimited Section 3 – Unauthorised Modification Section 3 – Unauthorised Modification An offence to modify any computer so as to impair the operation of any computer An offence to modify any computer so as to impair the operation of any computer Arrestable offence; 5 years and/or £unlimited Arrestable offence; 5 years and/or £unlimited

6 Computer Misuse Act 1990 (3) Outlaws hacking for: Outlaws hacking for: Curiosity Curiosity To steal credit cards, information, etc To steal credit cards, information, etc To damage something – web defacement, etc To damage something – web defacement, etc Outlaws computer viruses Outlaws computer viruses But not obviously Denial of Service attacks But not obviously Denial of Service attacks Review currently underway Review currently underway Bill failed in Lords – rightly so! Bill failed in Lords – rightly so!

7 Implications of Computer Misuse Act Data stored on computers is not protected by the laws of property Data stored on computers is not protected by the laws of property So must be protected under CMA So must be protected under CMA Means you must define ‘authorised’ access Means you must define ‘authorised’ access Acceptable Use Policy statements Acceptable Use Policy statements On internal computers and on Web sites! On internal computers and on Web sites!

8 Other Laws Data Protection Act 1998 Data Protection Act 1998 Makes an offence for the hacker to process personal data Makes an offence for the hacker to process personal data E.g. credit cards E.g. credit cards But Principle 7 says you must enact ‘adequate technical and organisational’ mechanisms to protect it But Principle 7 says you must enact ‘adequate technical and organisational’ mechanisms to protect it Protection of Children Act 1978 Protection of Children Act 1978 An offence to publish ‘indecent photographs’ of children An offence to publish ‘indecent photographs’ of children Criminal Justice Act 1988 Criminal Justice Act 1988 An offence knowingly to possess them An offence knowingly to possess them

9 Other Laws (2) Theft Acts Theft Acts An offence to demand money with threats An offence to demand money with threats E.g., Denial of Service plus extortion E.g., Denial of Service plus extortion Offences Against The Person Act Offences Against The Person Act An offence to harass, threaten, etc An offence to harass, threaten, etc Also, laws against defamation Also, laws against defamation Slander or Libel? Slander or Libel?

10 Laws and Computers A rich set of laws cover computer use and misuse A rich set of laws cover computer use and misuse Computer is the Computer is the Agent Agent Victim Victim Witness Witness Means that computers will be Means that computers will be ‘in the witness box’; or ‘in the witness box’; or ‘on the exhibits table’ ‘on the exhibits table’

11 Nature of Computer Evidence Evidence is Evidence is ‘That which can be seen’; or ‘That which can be seen’; or ‘That which shows something’ ‘That which shows something’ Computer data cannot be ‘seen’ Computer data cannot be ‘seen’ But it can be used to show something But it can be used to show something And it can be represented to a court And it can be represented to a court But the process of turning computer records into evidence must be done carefully But the process of turning computer records into evidence must be done carefully

12 Nature of Evidence Direct versus Circumstantial Direct versus Circumstantial Computer evidence is ‘Direct’ if automatically produced; otherwise ‘Circumstantial’ Computer evidence is ‘Direct’ if automatically produced; otherwise ‘Circumstantial’ Real, Original and Hearsay Real, Original and Hearsay Again, relates to the ‘automatically produced’ aspect Again, relates to the ‘automatically produced’ aspect Example, an email message Example, an email message Real evidence is the hard disk drive Real evidence is the hard disk drive Original evidence is the header detail and records Original evidence is the header detail and records Hearsay evidence is the email content Hearsay evidence is the email content

13 Nature of Evidence (2) Hearsay evidence is generally not admissible Hearsay evidence is generally not admissible Unless special provision is made Unless special provision is made Must be able to produce ‘Best Evidence’ Must be able to produce ‘Best Evidence’ In practice, means produce the disk drive as an exhibit In practice, means produce the disk drive as an exhibit But then derive further exhibits by the process of forensics from this disk But then derive further exhibits by the process of forensics from this disk

14 Computer Forensics The process of deriving evidence from computer data The process of deriving evidence from computer data Requires that the data is shown to be reliably obtained Requires that the data is shown to be reliably obtained Is not changed in any way Is not changed in any way Is complete Is complete Can be repeated Can be repeated And most importantly, that it can be understood! And most importantly, that it can be understood!

15 Sources of Computer Evidence Personal Computers Personal Computers Principally, the disk drive Principally, the disk drive Server Computers Server Computers Running processes Running processes Contents of file system Contents of file system Removable media Removable media Automatically-produced log files Automatically-produced log files E.g., firewall, IDS, proxy, etc E.g., firewall, IDS, proxy, etc

16 Evidence Process Identify Identify What sources are available? What sources are available? Seize Seize ‘Bag and Tag’ Best Evidence ‘Bag and Tag’ Best Evidence Transport Transport Safely and responsibly take the best evidence to a secure location Safely and responsibly take the best evidence to a secure location Receive Receive Accept responsibility for the evidence Accept responsibility for the evidence Store Store Ensure securely held free from risk of contamination Ensure securely held free from risk of contamination

17 Evidence Process (2) Preserve Preserve Take a reliable copy of the evidence Take a reliable copy of the evidence Reserve Reserve Put the original Best Evidence source in a secure place Put the original Best Evidence source in a secure place Analyse Analyse Investigate the evidence on the preserved copy Investigate the evidence on the preserved copy Produce Produce Identify the exhibits that establish facts Identify the exhibits that establish facts Testify Testify Create a statement and go to court Create a statement and go to court

18 Problems Evidence from running computers Evidence from running computers How do you make this ‘repeatable’? How do you make this ‘repeatable’? Volumes of data to be analysed Volumes of data to be analysed Making sure process of analysis doesn’t change data Making sure process of analysis doesn’t change data Use an ‘Imaging’ program like EnCase? Use an ‘Imaging’ program like EnCase? Proving you haven’t changed anything Proving you haven’t changed anything Best is to make change impossible Best is to make change impossible Presenting the stuff in court! Presenting the stuff in court!

19 Statements

20 Statements (2) Qualifications Qualifications Statement of understanding Statement of understanding “I am told that the defendant had a computer…” “I am told that the defendant had a computer…” Definitions of terms Definitions of terms Points to be addressed Points to be addressed “I am asked to consider…” “I am asked to consider…” Findings Findings

21 Expert Witnesses Servants of the court Servants of the court Help court to understand complex evidence ‘outside of their normal experience’ Help court to understand complex evidence ‘outside of their normal experience’ Allowed to express an opinion Allowed to express an opinion Allowed to attend entire trial Allowed to attend entire trial Paid for attendance Paid for attendance Must be able to demonstrate their expertise Must be able to demonstrate their expertise E.g., academic qualifications E.g., academic qualifications

22 Pre-Trial Experience Experts for prosecution and for defence Experts for prosecution and for defence Exchange statements Exchange statements Raise and exchange ‘Rebuttal Statements’ Raise and exchange ‘Rebuttal Statements’ Meet to agree evidence Meet to agree evidence What is agreed? What is agreed? What is agreed as disagreed? What is agreed as disagreed? What points need not be put before the court? What points need not be put before the court? Common terms and definitions Common terms and definitions

23 Courtroom Experience Prosecution bats first Prosecution bats first So definitions are presented by the expert called for the prosecution So definitions are presented by the expert called for the prosecution Examination Examination Initial points, then detail Initial points, then detail Cross-examination Cross-examination Defence tries to trip you up Defence tries to trip you up Re-examination Re-examination Prosecution picks you up and dusts you down Prosecution picks you up and dusts you down

24 Problems in Court Being led by the defence questions Being led by the defence questions “It’s right, isn’t it…?” “It’s right, isn’t it…?” Being lured into providing arcane details Being lured into providing arcane details “Perhaps the witness would care to explain public key cryptography to the Jury?” “Perhaps the witness would care to explain public key cryptography to the Jury?” Being led outside area of expertise Being led outside area of expertise “Perhaps the witness would care to explain how he can be sure that this was a picture of a child?” “Perhaps the witness would care to explain how he can be sure that this was a picture of a child?”

25 Defence Tactics Current best defence is the ‘Trojan defence’ Current best defence is the ‘Trojan defence’ Computer was hacked Computer was hacked R v Caffrey – ‘Invisible’ hacker R v Caffrey – ‘Invisible’ hacker Computer had a virus Computer had a virus Computer had a series of pop-ups Computer had a series of pop-ups Most laws require the prosecution to prove intent Most laws require the prosecution to prove intent Mens Rea? Mens Rea?

26 Trojan Defence in Child Pornography Criminal Justice Act 1988 Criminal Justice Act 1988 It is an offence to possess and indecent photograph of a child It is an offence to possess and indecent photograph of a child It is a defence for the accused to prove It is a defence for the accused to prove He had not looked at it and had no reason to believe it was indecent; or He had not looked at it and had no reason to believe it was indecent; or He did not ask for it, it was not asked for on his behalf, and he took steps to remove it as soon as possible He did not ask for it, it was not asked for on his behalf, and he took steps to remove it as soon as possible

27 Trojan Defence (2) Pop up is an involuntary download Pop up is an involuntary download But still in possession But still in possession If pop-up, will have looked at it If pop-up, will have looked at it Was it asked for on his behalf? Was it asked for on his behalf? And if it’s still in Temporary Internet Files, could we argue he did not take steps to remove it? And if it’s still in Temporary Internet Files, could we argue he did not take steps to remove it? And, crucially, is this fair? And, crucially, is this fair?

28 The Future? Encryption and secure deletion will spoil a lot of current ‘Best Evidence’ Encryption and secure deletion will spoil a lot of current ‘Best Evidence’ But we will still have lots of records But we will still have lots of records Need to ensure ruling in R v Caffrey does not spoil other cases Need to ensure ruling in R v Caffrey does not spoil other cases Need a way to educate juries Need a way to educate juries Need a way to train lawyers Need a way to train lawyers Need broader knowledge of the issues! Need broader knowledge of the issues!

29 Thank you! neil.barrett@btinternet.com neil.barrett@btinternet.com neil.barrett@btinternet.com 07712 865774 07712 865774 Prof Neil Barrett Centre for Forensic Computing RMCS Shrivenham University of Cranfield Shrivenham Swindon Prof Neil Barrett Centre for Forensic Computing RMCS Shrivenham University of Cranfield Shrivenham Swindon

Download ppt "It’s a Computer, M’Lud! Neil Barrett. Introduction The law and computers The law and computers The nature of computer evidence The nature of computer."

Similar presentations

By Andy Scott, Michael Murray and Adam Kanopa

By Andy Scott, Michael Murray and Adam Kanopa
UNIT 20 The ex-hacker.

UNIT 20 The ex-hacker.
Data Security and legal issues Starter :- 5 Minutes Make a list of all the companies and organisations that you believe holds data on you. Write down what.

Data Security and legal issues Starter :- 5 Minutes Make a list of all the companies and organisations that you believe holds data on you. Write down what.
CHAPTER 2: CRIME Area of Study 2: Criminal Law. The need for criminal law Read The need for criminal law, Definition of a crime, Elements of a crime,

CHAPTER 2: CRIME Area of Study 2: Criminal Law. The need for criminal law Read The need for criminal law, Definition of a crime, Elements of a crime,
Cyber Law & Islamic Ethics CICT3523 COMPUTER CRIMES.

Cyber Law & Islamic Ethics CICT3523 COMPUTER CRIMES.
Legislation & ICT By Savannah Inkster. By Savannah Computer Laws 1.Data Protection ActData Protection Act 2.Computer Misuse ActComputer Misuse Act 3.Copyright,

Legislation & ICT By Savannah Inkster. By Savannah Computer Laws 1.Data Protection ActData Protection Act 2.Computer Misuse ActComputer Misuse Act 3.Copyright,
+ The Criminal Trial Process. + The Charter Section 11(d) of the Charter of Rights and Freedoms states that a person charged with an offence is to be.

+ The Criminal Trial Process. + The Charter Section 11(d) of the Charter of Rights and Freedoms states that a person charged with an offence is to be.
INTERNET SAFETY.

INTERNET SAFETY.
Chapter 13: Criminal Justice Process ~ Proceedings Before Trial Objective: The student should be able to identify the required procedures before a trial.

Chapter 13: Criminal Justice Process ~ Proceedings Before Trial Objective: The student should be able to identify the required procedures before a trial.
Hacking. Learning Objectives: At the end of this lesson you should be able to:

Hacking. Learning Objectives: At the end of this lesson you should be able to:
Legislation in ICT.

Legislation in ICT.
Evidence Computer Forensics. Law Enforcement vs. Citizens  Search must have probable cause –4 th amendment search warrant  Private citizen not subject.

Evidence Computer Forensics. Law Enforcement vs. Citizens  Search must have probable cause –4 th amendment search warrant  Private citizen not subject.
Computer Viruses. Where the name came from This is a phrase coined from biology to describe a piece of software that behaves very much like a real virus.

Computer Viruses. Where the name came from This is a phrase coined from biology to describe a piece of software that behaves very much like a real virus.
Legislation in ICT. Data Protection Act (1998) What is the Data Protection Act (1998) and why was it created? What are the eight principles of the Data.

Legislation in ICT. Data Protection Act (1998) What is the Data Protection Act (1998) and why was it created? What are the eight principles of the Data.
Security+ All-In-One Edition Chapter 20 – Forensics Brian E. Brzezicki.

Security+ All-In-One Edition Chapter 20 – Forensics Brian E. Brzezicki.
COMPUTER CRIME AND TYPES OF CRIME Prepared by: NURUL FATIHAH BT ANAS.

COMPUTER CRIME AND TYPES OF CRIME Prepared by: NURUL FATIHAH BT ANAS.
Copyright © 2014 Pearson Education, Inc. 1 IS Security is a critical aspect of managing in the digital world Chapter 10 - Securing Information Systems.

Copyright © 2014 Pearson Education, Inc. 1 IS Security is a critical aspect of managing in the digital world Chapter 10 - Securing Information Systems.
Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.

Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.
Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.

Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.
Legal Aspects of Computer System Security “Security - Protecting Our Resources”

Legal Aspects of Computer System Security “Security - Protecting Our Resources”

Similar presentations

Ads by Google