Presentation is loading. Please wait.

Presentation is loading. Please wait.

Working Effectively with Law Enforcement: How to Protect the Privacy of Your University Community Without Going to Jail Michael Corn Director, Security.

Published byJustin Fletcher Modified over 9 years ago

Similar presentations

Presentation on theme: "Working Effectively with Law Enforcement: How to Protect the Privacy of Your University Community Without Going to Jail Michael Corn Director, Security."— Presentation transcript:

1 Working Effectively with Law Enforcement: How to Protect the Privacy of Your University Community Without Going to Jail Michael Corn Director, Security Services and Information Privacy University of Illinois at Urbana-Champaign Office of the CIO

2 2 Presentation Topics  Working effectively with LEAs protects privacy  You are not alone: it takes a team to respond to a subpoena  What knowing your environment means  Advise on handling an investigation  References

3 3 Themes and Assumptions  Working with law enforcement is no longer exceptional but typical  We have a legal obligation to comply with valid documents  Proper handling of law enforcement requests enhances the privacy accorded members of your campus community

4 4 It Takes a Team  Develop a firm and clear understanding of responsibilities and roles  There are three critical positions that can handle 100% of most incidents and 95% of the rest Security Officer, Legal Counsel, Campus Police

5 5 Campus Police  Validate credentials  Have deep contacts in Law Enforcement  Bring a level of comfort to agents of LEAs  Partners in a variety of incidents: –Harassment –Laptop theft –Identity theft / SSN disclosures Consider whether they are internal or external to Institution

6 6 Campus Counsel  Validate all legal documents  Interpret type of request: subpoena, preservation request, search warrant, NSL, etc…  Interpret request elements: data, dates/times, identities, etc… Should be highly familiar with relevant campus policies, such as your Appropriate/Acceptable Use and Infosec

7 7 Security Officer  Advises on technical capabilities / hurdles  Advises on impact and visibility  Advises on what is available  Collection of evidence / information

8 8 Words of Advice to Security Officers  Keep judicial, legislative, investigative and interpretive roles separate  Regulation != Common Sense  Having a law degree does not make you the University’s Counsel

9 9 Know your Environment  Focus on those elements of your environment that are likely to be relevant to a request for information: –Log files –Email (and email traffic logs) –s/Flow data –Authn/z logs –Technical contacts in units –Which units provide their own IT services? –How long are backup stored and how much work is it to do a restore? “If you can’t count something you don’t control it” Mike’s dictum

10 10 Know your Environment (cont.)  Discuss the possibility of confidential investigations with your service managers and their supervisors (i.e., middle managers)  Emphasize that you’re helping to insulate them from crises  Buy your network engineers lunch. Regularly

11 11 Handling an Investigation - confidentiality  Confidentiality –Understand your obligations with regard to confidentiality. “In accordance with 18 U.S.C. section 2709(c) (1), I certify that a disclosure of the fact that the FBI has sought or obtained access to the information sought by this letter may endanger the national security of the United States...and (2) prohibits you, or any officer, employee, or agent of yours, from disclosing this letter, other than to those to whom disclosure is necessary to comply with the letter or to an attorney to obtain legal advice...” ACLU: http://www.aclu.org/natsec/warpowers/21261prs20051107.htmlhttp://www.aclu.org/natsec/warpowers/21261prs20051107.html FBI: http://www.fbi.gov/pressrel/pressrel07/nsl030907.htmhttp://www.fbi.gov/pressrel/pressrel07/nsl030907.htm National Security Letter (NSL) quote found via Google search.

12 12 Confidentiality (cont.)  Discuss with the agent(s) in charge of an investigation whom you wish to inform of the investigation and why. This includes, –your supervisor –campus/University Officers (Provost, Chancellor, etc..) –unit heads –technical staff  Develop internal procedures that control the materials and information of legally restricted documentation. Buy a safe for storing legal documents and evidence.

13 13 Handling the Investigation – impact  Minimizing the impact of the investigation –Work with the agent(s) in charge of an investigation to review what they are looking for and what will not be useful to them. –Work with law enforcement agents to better understand your environment and narrow the scope of information requests.

14 14 Narrowing the Scope of a Request I Original “Provide all records, logs, transaction records, connection records, email headers and IP numbers for the account and computers associated with Bullwinkle J. Moose and the account bullwinkle@whatsamattau.edu from Jan 1st 2007 to present.”bullwinkle@whatsamattau.edu

15 15 Narrowing the Scope of a Request II  Bullwinkle@whatsamattau.edu redirects to bullwinkle@physics.whatsamattau.edu Bullwinkle@whatsamattau.edu bullwinkle@physics.whatsamattau.edu  Physics.whatsamattau.edu not centrally provided (do they log sendmail at physics?)  Bullwinkle@whatsamattau.edu also exists as bullwinkle@centralIT.whatsamattau.edu Bullwinkle@whatsamattau.edu bullwinkle@centralIT.whatsamattau.edu  Email accounts accessible from any IP on campus  Bullwinkle reads most of his mail from a multi-user machine  Flow logs from that machine show traffic from multiple users  Bullwinkle has logged into any number of campus services in the last 8 months

16 16 Narrowing the Scope of a Request III  Discuss with agent: –Email redirection –And Legal if bullwinkle@physics… is covered by document –Flow logs don’t help with email –Central IT account is unused –Campus authentication records –Capturing multi-user machine will endanger confidentiality of investigation –Multi-month restore will endanger confidentiality of investigation –Need to work with departmental IT staff  May require working with unit head or IT staff supervisors

17 17 None of this will matter if the LE agent doesn’t trust and have confidence in you.

18 18 Narrowing the Scope of a Request IV New Preservation Request “Please retain all existing email and backups of the email account associated with the email address bullwinkle@physics.whatsamattau.edu from the period Jan 1st 2007 to present.” bullwinkle@physics.whatsamattau.edu New Data Request “Please provide all email headers from existing email from the account associated with the email address bullwinkle@physics.whatsamattau.edu from the period Jan 1st 2007 to present.” bullwinkle@physics.whatsamattau.edu

19 19 Summary  Create a policy to address the handling of all legal documents.  Form a team consisting of the security officer, legal counsel, and campus police.  Put campus legal counsel on your telephone speed-dial.  Meet with provost and/or chancellor to discuss law enforcement requests and investigations.  Review and document the salient features of your environment, including your institutional policies on data release and retention.  Understand your obligations with regard to confidentiality.  Discuss with the agent(s) in charge of an investigation whom you wish to inform of the investigation and why.  Work with the agent(s) in charge of an investigation to review what they are looking for and what will not be useful to them.  Work with law enforcement agents to better understand your environment and narrow the scope of information requests  Develop internal procedures that control the materials and information of legally restricted information. Buy a safe for storing legal materials.

20 20 References & Contact  Guidelines for Working with Law Enforcement Agencies. Michael Corn. Educause Quarterly, Vol. 30 No. 3. http://www.educause.edu/apps/eq/eqm07/eqm0 738.asp http://www.educause.edu/apps/eq/eqm07/eqm0 738.asp  Educause Policy and Law Constituent Group http://www.educause.edu/groups/icpl/ http://www.educause.edu/groups/icpl/  Contact: Michael Corn, mcorn@uiuc.edumcorn@uiuc.edu

Download ppt "Working Effectively with Law Enforcement: How to Protect the Privacy of Your University Community Without Going to Jail Michael Corn Director, Security."

Similar presentations

Protect Our Students Protect Ourselves

Protect Our Students Protect Ourselves
Public Records Office Indiana Access to Public Records Act and Responding to Subpoenas Employee Training.

Public Records Office Indiana Access to Public Records Act and Responding to Subpoenas Employee Training.
Red Flags Rule BAS Forum August 18, 2010. What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.

Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.
ALTERNATIVE SEARCH PROCEDURE/PROCESS/PROTOCOL (ASP) Office on Volunteerism and Community Service.

ALTERNATIVE SEARCH PROCEDURE/PROCESS/PROTOCOL (ASP) Office on Volunteerism and Community Service.
FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.

FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.
1 Office of the General Counsel FERPA  Family Educational Rights and Privacy Act (20 U.S.C § 1232g)

1 Office of the General Counsel FERPA  Family Educational Rights and Privacy Act (20 U.S.C § 1232g)
CALEA Compliance in 2006 H. Michael Warren Vice President, Fiduciary Services NeuStar, Inc February 2006.

CALEA Compliance in 2006 H. Michael Warren Vice President, Fiduciary Services NeuStar, Inc February 2006.
SIU School of Medicine Identity Protection Act and Associated SIU Policy.

SIU School of Medicine Identity Protection Act and Associated SIU Policy.
Web Applications: Get a Grip on Privacy Michael Corn CAMP 2008.

Web Applications: Get a Grip on Privacy Michael Corn CAMP 2008.
1 GRAND VALLEY STATE UNIVERSITY FAMILY EDUCATIONAL RIGHTS & PRIVACY ACT (FERPA) TRAINING OFFICES OF THE REGISTRAR AND UNIVERSITY COUNSEL JANUARY 20, 2009.

1 GRAND VALLEY STATE UNIVERSITY FAMILY EDUCATIONAL RIGHTS & PRIVACY ACT (FERPA) TRAINING OFFICES OF THE REGISTRAR AND UNIVERSITY COUNSEL JANUARY 20, 2009.
Data Management Awareness January 23, 2008 1 University of Michigan Administrative Information Services Data Management Awareness Unit Liaisons January.

Data Management Awareness January 23, University of Michigan Administrative Information Services Data Management Awareness Unit Liaisons January.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
The Family Educational Rights and Privacy Act (FERPA) The Importance of Protecting Student Records This session will help you better understand the law.

The Family Educational Rights and Privacy Act (FERPA) The Importance of Protecting Student Records This session will help you better understand the law.
FERPA 101 Student Records: Institutional Responsibility and Student Rights What Every University Employee Should Know Prepared by the Office of the Registrar.

FERPA 101 Student Records: Institutional Responsibility and Student Rights What Every University Employee Should Know Prepared by the Office of the Registrar.
Property of Common Sense Privacy - all rights reserved 01875340890 THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.
Network security policy: best practices

Network security policy: best practices
Health Insurance Portability and Accountability Act (HIPAA)

Health Insurance Portability and Accountability Act (HIPAA)
Chapter 7 Database Auditing Models

Chapter 7 Database Auditing Models
Peer Information Security Policies: A Sampling Summer 2015.

Peer Information Security Policies: A Sampling Summer 2015.

Similar presentations

Ads by Google