CSC486 legal

advertisement
CSC 486/586
Legal Considerations in
Obtaining Electronic Evidence in
Online Investigations
1
Statutory Restrictions on
Obtaining Electronic Evidence
Through electronic surveillance;
From ISPs & other service providers;
That includes material intended for publication
2
The Statutes
• ECPA: Electronic Communications Privacy
Act of 1986 -- dictates how LE obtains
information from electronic
communications providers
– Title III (Wiretaps)
– Stored Electronic Communications
• Privacy Protection Act –
– Restricts methods LE can use to obtain info
intended for publication
3
Wiretap Act, 18 USC 2511
• Prohibits “interception” of “oral,” “wire,” or
“electronic communications” with a
“mechanical device”
• “Interception” means real-time acquisition
• Govt can get “T-III order” for oral or wire
communications only for a very specific list of
felonies
- Statutory suppression for violations
4
Obtaining a Title III Wiretap
Order for Electronic Evidence
• ECPA applies wiretap act to electronic
communications intercepted in real-time
(“keystroke monitoring”)
• Federal prosecutor can get court order for
electronic wiretapping on any felony; no
statutory suppression remedy
• Order must be issued where “interception”
occurs
5
Exceptions to warrant
requirement
• If wiretapping (and don’t have court order),
committing a federal felony (5 years
imprisonment) unless fall within one of
4 exceptions
–
–
–
–
6
Provider protection exception
Consent exception
Inadvertently obtained information
Computer trespass exception
Provider Protection Exception
• Interception authorized to protect provider (18
U.S.C. 2511(2)(a)(i))
• Authorizes interception or disclosure “while
engaged in any activity which is a necessary
incident to the rendition of service or the
protection of the rights or property of the provider
of the service.”
• Provider can give results of past monitoring to law
enforcement
7
Wiretaps-Consent exception
• Consent of party
– Banner
– Terms of service agreement
• Consent of system operator -- No!
• Dangerous to rely on implied consent
forever
– When need a T-III decided on a case-by-case
basis
8
Inadvertently Obtained
• ECS provider may also disclose a
communication to law enforcement if
communication was inadvertently obtained
and appears to pertain to the commission of
a crime.
– 18 U.S.C. 2511(3)(b)
9
The Computer Trespasser
Exception
• Solution: new exception to Title III at 18
U.S.C. 2511(2)(i) (Subject to 4-year sunset
provision)
– “Computer trespasser” defined (18 U.S.C. 2510(21))
• Person who accesses “without authorization”
• Definition continues: “and thus has no reasonable expectation
of privacy…”
– Excludes users who have “an existing contractual
relationship”
• Congress worried about violations of terms of service
• There is an opportunity to gain consent from such users
• Without it, possible constitutional problems
10
Limits of the New Exception
• Interception under this exception requires:
–
–
–
–
Consent of the owner
Under color of law
Relevant to an investigation
Cannot acquire communications other than
to/from the trespasser
• May combine this authority with other
exceptions, such as consent
11
Stored Communications and
Transactional Records
12
Stored Electronic
Communications Act
• Dictates how and when LE may obtain
information from Internet Service
Providers, Telcos, other computing service
providers
– Enacted in 1986 as part of “ECPA”
– Codified at 18 USC 2701 et seq
– Modified (slightly) by Patriot Act
13
Government Access to Customer
Communications and Records
• These provisions apply only to info held on
provider’s system, not to standalone PC
• Content of communications vs. non-content
– content
• unopened e-mail vs. opened e-mail
– non-content
• transactional records vs. subscriber information
• Basic rule: content receives more protection
14
Stored Electronic
Communications Act - Overview
• Covers 3 categories of information
• Held by ECS or RCS -– Content
– Basic subscriber information
– Transactional Records (everything else)
• Substantive provisions
– a. When services may disclose
– b. When services must disclose
• Remedies
15
Remedies
• Civil damages exclusively (2707, 08)
• No suppression remedy for nonconstitutional violation
– but decision in McVeigh (gay Navy officer with
AOL account) granted suppression remedy,
voided administrative action (discharge)
17
Stored Electronic
Communications: Key Terms
A
ECS
B
A
18
RCS
• “Electronic
Communication
Service Provider”
• “Remote
Communications
Service Provider”
Provisions of the Stored
Electronic Communications Act
• 18 USC 2701: Prohibits:
– Accessing without or in excess of authorization;
– A facility through which electronic
communication services are provided;
– And thereby obtain, alter, or prevent access to a
wire or electronic communication;
– While in electronic storage
• Misdemeanor
19
When ECS or RCS
May Disclose (2702)
• If public, prohibited from voluntarily disclosing the
content of stored electronic communications
• Exceptions:
– consent
– necessary to protect property of service provider
– to law enforcement if contents inadvertently
obtained, pertains to the commission of a crime
• If not public, not so constrained, as to any of the three
classes of information
20
Requiring Disclosure of
Information from ECS or RCS
2703: Three categories:
• Content
• Basic subscriber information
• Transactional Records (everything else)
21
Stored Wire and Electronic
Communications Act - Content
• E-mail and voice mail in electronic storage
– Which is: “Any temporary, intermediate storage
of a wire or electronic communication”
incidental to transmission, or intended to be a
backup
• Once opened, no longer protected
• Protects customers and subscribers: the real
party of interest
22
Obtaining Content of E-mails
For ECS, if unopened and in storage for less
than 180 days, search warrant (2703(a))
– Warrant operates like a subpoena
– Patriot Act gave nation-wide effect to warrants
• Must be issued by court having jurisdiction over the
offense
• No notice to customer necessary
23
Obtaining Electronic Content
Not In “Electronic Storage”
• What’s not in “electronic storage”?
– opened e-mail
– files (text, database, programs, etc.)
• As to this category, statute protects only materials
stored with a provider “to the public”
– excludes, e.g., private corporate networks
– if provider isn’t public, investigator can use a normal
subpoena to compel disclosure
24
Obtaining Content (cont.)
• For ECS if more than 180 days or for RCS
– Warrant
– Subpoena with notice
• May delay notice 90 days (2705) if show -– destruction or tampering w/ evidence
– intimidation of potential witnesses
– otherwise seriously jeopardizing an investigation
• May extend delay an additional 90-days
25
Obtaining the Contents
of Voice Mail
• Pre-Patriot Act: If unopened, obtainable
only with a Title III order
– § 2703 inapplicable by its own terms
• Patriot Act included contents of voice mail
into 2703(b)
26
Basic Subscriber Information
• Can be obtained through subpoena
• Gives you only: name, address, telephone toll
billing records, telephone number, type of service
provided, and length of service rendered
• Patriot Act added connection records, session
times, and temp assigned IP addresses
• Do not subpoena “all customer records”
27
Transactional Records
• Not content, not basic subscriber information
• Everything in between
–
–
–
–
–
28
financial information (e.g., credit card)
audit trails/logs
web sites visited
identities of e-mail correspondents
cell site data from cellular/PCS carriers
Transactional Records
• Obtain through
– Warrant
– Consent of customer
– Articulable facts order (can get non-disclosure
order): “specific and articulable facts showing
that there are reasonable grounds to believe
that [the specified records] are relevant and
material to an ongoing criminal investigation.”
(2703(d) order)
29
Summary:
Legal Process & ECPA
• Warrant
– required for unopened e-mail
• Court order under § 2703(d)
– opened e-mail or files (with prior notice)
– transactional records
• Subpoena
– opened e-mail or files (with prior notice)
– basic subscriber info
30
Overview of 2703 processes
for public ESPs
31
Subject matter
Legal process
Unopened (“fresh”)
email <= 180 days
Other email;
RCS material
Non-basic info. (“txn
records”)
Basic subscriber info
Search warrant
subpoena/2703(d) +
notice (or S.W.)
2703(d) (or S.W.)
subpoena (or
2703(d) or S.W.)
Process
• Can talk to ECS/RCS in advance about
what you want, what they may have
• May request provider for 90 days, to “take
all necessary steps to preserve records and
other evidence in its possession pending the
issuance of a court order or other process.”
2703(f)
– Only for information already in their
possession, not future information
32
Cable Problems
• 47 USC § 551. Protection of subscriber privacy
• Restricts dissemination by cable provider of
“personally identifiable information” collected by
cable operator
– “Personally identifiable information”?
– Restriction applies to PII collected as part of
providing “other services”
• “Other services” include “wire or radio
communications” provided using facilities
of cable operator
33
Cable Problems -- Cont’d
47 USC § 551(h) Disclosure of information to governmental
entity pursuant to court order
• A governmental entity may obtain personally identifiable
information concerning a cable subscriber pursuant to a court
order only if, in the court proceeding relevant to such court
order-(1) such entity offers clear and convincing evidence that the
subject of the information is reasonably suspected of engaging
in criminal activity and that the information sought would be
material evidence in the case; and
(2) the subject of the information is afforded the opportunity to
appear and contest such entity's claim.
34
Patriot Act Cable Fix
• Added 47 USC 551(c)(2)(D)
– ECPA governs access to cable Internet service
– Provisions of Sec. 551 still govern access to
traditional cable services
35
The Privacy Protection Act
36
Privacy Protection Act
• 42 USC 2000AA
• Response to Zucher v. Stanford Daily
37
Privacy Protection Act
• Protects material intended for dissemination to the
public:
– Work product (e.g., book in progress)
• Prepared for communication and intended for dissemination to
the public (included impressions, conclusions, opinions,
theories)
– Documentary materials (materials used to produce
“work product”)
• Defined as media which holds info used “in connection with”
work product materials
• Includes e.g. photo/film/tape/disk.
38
Privacy Protection Act
• Must use a subpoena to obtain work
product, documentary materials in the
possession of a person reasonably believed
to have a purpose to disseminate it.
39
Exceptions Allowing Use of
Search Warrant/Seizure
• Contraband or fruits or instrumentalities of
a crime
• Exigent circumstances
• Probable cause that person possessing such
material has committed or is committing a
criminal offense
– Except if mere possession offense
• Except classified material or child pornography
40
The PPA in an Electronic
Environment
• Anyone with a modem can be a publisher
• Problems of commingling, connections
• If need to seize protected materials, obtain DAAG
approval--through CCIPS
• Subject to civil penalties, not suppression
• Guest v. Leis -- can seize PPA materials
“incidental to lawful search”
• Be reasonable: The 300,000 lessons of Steve
Jackson Games
41
WHERE TO GET MORE
INFORMATION
• CCIPS phone number: 202-514-1026
• Computer Crime Section’s page on the
World Wide Web:
http://www.usdoj.gov/criminal/cybercrime
or
http://www.cybercrime.gov
42
Questions???
Use the discussion board, as usual…
43
44
Download