Legal Issues Presentation

advertisement
Legal Issues
Drama in Soviet Court.
Post-Stalin (1955). Painted
by Solodovnikov. Oil on
Canvas, 110 x 130 cm.
Computer Forensics
COEN 252
Issues of Evidence
An information is admissible in court if it is
• Relevant
• Its probative value outweighs its prejudicial
effect.
Issues of Evidence
• Foundation
– Context for Information
• Hearsay
– Not admissible with exceptions
• Chain of Custody
– Establishes trustworthiness of evidence by
preventing tampering
Stipulation: Agreement between parties or concession
by one party in a judicial proceeding.
Exceptions to Hearsay
• Admissions:
– out-of-court statements contrary to penal or pecuniary
interest, including those found on a computer.
• Business Records
– Made in the normal course of business.
– Relied on by the business.
– Made at or near the occurrence of the act the record
purports to record.
– Offered through a competent witness, either the
custodian of the record or another who can testify to
those issues.
Computer-Generated Records
• Computer generated records often fall
under the business record exemption.
• Courts might also start to make a
distinction between computer-generated
records and computer-stored records.
Computer-Generated Records
• Not a question of hear-say (is there better
evidence available)
• But a question of Authenticity.
Is the generating program reliable?
Breach of Chain of Custody
• Not every breach makes the item inadmissible.
• Not necessary to have the best security against
tampering.
• Government agents are assumed to be
trustworthy.
• But
Chain of Custody
• Working on the original. A forensic
examination that is done directly on the
original disk drive will make it difficult to
argue that the evidence could not have
been tampered with. Much better to make
a “true copy” and examine the true copy.
• Proof that it is a true copy.
Best Evidence Rule
• Copies are worse than originals, therefore
they are not admissible unless the original
has been destroyed.
• Does not apply to various computer
outputs.
Acquisition of Evidence
• Distinction between government agents
and private citizens.
• Illegal actions by private citizens can yield
admissible evidence and lead to their
punishment.
• If a sworn law officer violates an
amendment, the gained evidence is
usually suppressed, but the officer is
protected by sovereign immunity.
Electronic Communications Privacy
Act ("ECPA"), Title III
• Extends protection against wiretapping to
communications between computers
• Know the exceptions
• Know the consequences of violating the
title
Electronic Communications Privacy
Act ("ECPA"), Title III
• A person acting under the color of law
can intercept electronic communication
where such a person is party to the
communication or one of the parties of
the communication have given prior
consent to such interception.
Electronic Communications Privacy
Act ("ECPA"), Title III
"A person not acting under color of law" is
also allowed to intercept an "electronic
communication" where "such person is a
party to the communication, or one of the
parties to the communication has given
prior consent to such interception."
The consent can be implicit, e.g. by using a
computer protected with login banners.
ECPA Title III Concerns
Title III also permits providers of a
communication service, including an
electronic communication service, the right
to intercept communications as a
"necessary incident to the rendition of his
service" or to protect "the rights or
property of the provider of that service."
ECPA Title III Concerns
Two exceptions to the last rule:
• If there is no actual damage, then the right
to monitor does not exist.
• The government is not allow to do the
monitoring, but they can profit from
monitoring.
Fourth Amendment
The right of people to be secure in their
persons, houses, papers, and effects,
against unreasonable searches and
seizures, shall not be violated, and no
warrants shall issue, but upon probable
cause, supported by oath or affirmation,
and particularly describing the place to be
searched, and the persons or things to be
seized.
Fourth Amendment
• Computer Storage = Closed Container
such as a briefcase
• With Warrant:
– Limits to warrant because of privilege or
additional protection.
• Without Warrant
– Expectation of Privacy
Fourth Amendment
• No expectation of privacy
– Public display
– Material in some else’s hands
– Consent by co-owner or authorized person
• Exigent circumstances
• Plain view exception
• Lawful arrest
Very difficult and interesting case law.
Privacy Protection Act
• Protects publishers against government
searches of material that is acquired for
publication
• Reaction to the Daily Stanfordian case
• Internet publishing allows much private
computer material to fall under the PPA
protection
Electronic Communications Privacy
Act
• Protects third party data against law
enforcement seizes
• E.g. internet provider.
Legally Privileged Documents
• Need to prevent ongoing investigation
from using legally privileged documents.
• Medical records.
• Attorney-client communications.
• Priest-penitent communications.
Download