digital evidence1

digital evidence1 - Computers Computers and the Fourth...

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Computers Computers and the Fourth Amendment What is the Fourth Amendment ? What is the Fourth Amendment ? The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation and particularly describing the place to be searched, and the persons or things to be seized. What is the Fourth Amendment ? What is the Fourth Amendment ? The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation and particularly describing the place to be searched, and the persons or things to be seized. What is the Fourth Amendment ? What is the Fourth Amendment ? The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation and particularly describing the place to be searched, and the persons or things to be seized. What is the Fourth Amendment ? What is the Fourth Amendment ? The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation and particularly describing the place to be searched, and the persons or things to be seized. What about a warrantless search ? What about a warrantless search ? A warrantless search does not violate the Fourth Amendment if: 1. government conduct does not violate a person’s reasonable expectation of privacy 2. exception to warrant applies What is a reasonable expectation What is a reasonable expectation of privacy? REP – (1) whether individual’s conduct reflects an actual subjective expectation of privacy, and (2) whether the individual’s subjective expectation of privacy is one that society is prepared to accept as reasonable Reasonable Expectation of Privacy Reasonable Expectation of Privacy U.S. v. Katz – no bright line test, whether individual’s expectation of privacy was reasonable Supreme Court – REP in home, phone booth, opaque containers… Supreme Court – No REP in garbage, public activities, stranger’s home How about the mail… REP in email REP in email Copies of a previously sent e­mails may be stored (even after addressee has read it) on the sender’s system (computer & ISP) on the recipient’s mail server on the recipient’s own machine Sender’ Computer AOL.Com Hotmail.com Mail Server Recipient’s Computer When does looking inside When does looking inside a computer violate a “reasonable expectation of privacy?” What Does this Mean? What Does this Mean? It can violate the 4th Amendment if a government actor: Unless Looks through a target’s hard drive Looks through a target’s phone Accesses information stored in “Container” (1) you have warrant (2) you have an exception to the warrant requirement, or (3) there is no REP Exceptions to Warrant Exceptions to Warrant 1. 2. 3. 4. 5. 6. 7. Consent Exigent Circumstances Plain View Search incident to lawful arrest Inventory Search Border Search Private Party Search Consent Consent Target can himself consent to a search, raising “scope of consent” issues Does consent include searching through electronic storage devices? Test is, what would a reasonable person listening in to the exchange think? Very fact­specific and unpredictable Written consent forms should expressly include computers and other electronic storage devices Third­Party Consent Third­Party Consent Any private person who shares common authority or control over the computer can consent to the search (U.S. v. Matlock, 415 US 164 (1974)). Target’s spouse? Usually Target’s co­workers? Maybe Computer repairman? No Government officials? No Password protection or encryption may defeat common authority claim. Third­Party Consent Third­Party Consent Georgia v. Randolph permit a warrantless entry renders the warrantless search unreasonable and invalid as to such co­occupant. (2006) – target denied consent to search home while police – a physically present co­occupant’s stated refusal to United States v. Hudspeth searched his office. Target arrested, police obtained consent from wife without informing her that husband said no. Private Searches Private Searches Private third party may search files and show or tell govt. what she finds. Do you need a warrant to see it? No, it’s a private search. Police may view what private person saw, but no more! Use this information as P.C. to get a warrant Very common in computer cases Plain View Plain View Plain view lets you seize what you lawfully see if the incriminating nature of what you see is immediately apparent Does not authorize an independent violation of a REP Does not authorize you to access files just because you’re pretty sure from the filename and type that the contents are incriminating. But, you can seize a computer temporarily while you get a warrant. Exigent Circumstances Exigent Circumstances Exigent Circumstances permits warrantless search If necessary to prevent destruction of evidence, can seize computer without a warrant. Pager, Cell Phones, GPS devices However, can’t search the seized computer without a warrant if exigency is gone! A limited exception. Search Incident to Arrest Search Incident to Arrest Search Incident to Arrest Permits “reasonable” search of the person and electronic storage devices on his person at the time of arrest (e.g., pagers). How about cell phones?? Inventory Search Exception Inventory Search Exception Warrantless Inventory Search permissible Searched cellular phones for evidence Court suppresses evidence; search served no legitimate non­investigatory purpose Border Search Exception Border Search Exception Warrantless search permitted at border… Routine searches at the border unregulated United States v. Roberts (S.D. Tex. 2000) Agents set up fake inspection station at airport to catch suspect before flight to Paris; find thousands of child pornography images Court rules that this falls within exception Privacy Protection Act Privacy Protection Act (PPA) Privacy Protection Act Privacy Protection Act 42 USC 2000aa Should be “Publishers Protection Act”! Discourages warrants. Requires: Protects: Work product (e.g., book), Documentary (e.g., notes to a book) Using a subpoena to obtain work product or documentary mat. in the possessionof a person reasonably believed to have a reasonable purpose to disseminate it to the public PPA: Bottom Line PPA: Bottom Line The government cannot knowingly seize materials that are about to be published (e.g., drafts of publications), that are mere evidence, and that do not relate to the crime under investigation. Anyone with a modem can be a publisher The problem of commingling There is some duty to investigate. Remedy is civil damages (Steve Jackson Games). The problem is inadvertent seizures of publishing materials unrelated to the crime under investigation . Real Time Surveillance Real Pen Register and Trap and Trace and The Wiretap Statute (aka “Title III”) WHAT ARE YOU LOOKING FOR? Today Past Stored/Recorded Existing “Last time” Future Generated Forthcoming “Next time” FOURTH AMENDMENT OURTH Special Considerations (Non-Content) Non-content information shared with service Non-content providers – Smith v. Maryland, 442 U.S. 735 (1979) Smith Rejecting a pen register as a “search” in Rejecting telephone context telephone Information disclosed to third party – United States Information v. Miller, 425 U.S. 435 (1976) v. Pen Registers and Trap and Trace Devices Trap 18 U.S.C. Section 3121 – General Prohibition 18 U.S.C. Section 3122 – Application 18 U.S.C. Section 3123 – Issuance 18 U.S.C. Section 3124 – Assistance 18 U.S.C. Section 3125 – Emergency 18 U.S.C. Section 3126 – Reports 18 U.S.C. Section 3127 – Definitions Pen Registers and Trap and Trace Devices Trap Title 18, United States Code, Section 3121 - starts with general prohibition starts - “Except as provided in this section, no person may install or use a pen register or trap and trace device without first obtaining a court order under section 3123 of this title or under the Foreign Intelligence Surveillance Act. Pen Registers and Trap and Trace Devices Trap 18 U.S.C. Section 3121(b) Exceptions – prohibition does not apply to: 1. 2. 3. Administration / protection of property rights; Protection from fraud; Consent. The Pen/Trap Statute The 18 USC § 3121 et seq. 18 et Pen Register : Pen a device or process which records or decodes dialing, routing, device addressing, or signaling information transmitted by an addressing, instrument or facility from which a wire or electronic communication is transmitted . . . communication …provided, however, that such information shall not include provided, the contents of any communication the 18 U.S.C. § 3127(3), (4) 18 TARGETING FUTURE COMMUNICATIONS COMMUNICATIONS Telephone Provider Numbers Dialed Duration of Calls Duration (If VOIP, IP address) address) ISP Source or destination I.P. address Times Ports Size of Transfers PEN/TRAPS PEN/TRAPS What Can You Get? Yes Yes Yes No No Pen Registers and Trap and Trace Devices Trap 18 U.S.C. Section 3122(a) Application for an Order 1. 2. 2. 3. 4. Attorney for Government, Attorney In writing; Under Oath Court of Competent Jurisdiction Pen Registers and Trap and Trace Devices Trap 18 U.S.C. Section 3122(b)(2) “…that the information likely to be obtained that is relevant to an ongoing criminal investigation …” investigation NASA computer hacked in CDCA connection from UCLA UCLA reports: coming from EDTX connection from UT UT reports: coming from Columbia, SC - connection from Verizon Verizon reports: DSL customer at 1620 Pendleton St. Providers not named in order may demand a certification (18 U.S.C. § 3123(a)) Wiretap Statute Wiretap Title 18 U.S.C. 2510-2522 1 2 3 4 5 6 7 8 Definitions Definitions General Prohibition General Prohibition of Use Prohibition Authorization Authorization Disclosure Disclosure Procedure for Interception Procedure Reports Reports Recovery of Civil Damages Recovery Section 2510- Definitions Section Wire Communication – aural over wire Oral Communication – body wire, room bug Electronic Communication – computer Intercept – acquisition of wire, oral or electronic contents contents Section 2511 General Prohibition The Wiretap Act Prohibits… (a) interception of wire, oral or electronic (a) communication… communication… (b) use of devices to intercept (b) (c) disclosure of contents (c) unless an exception applies… Wiretap Act Wiretap Applies to real-time “interception” of wire, oral, or electronic Applies real-time communications communications Listening to people’s phone calls Listening Obtaining packets flowing over a network Obtaining Getting future e-mails as they are delivered Getting “Intercept”: acquiring contents of communication through Intercept”: use of a device (18 U.S.C. § 2510(4)) use 2510(4)) “Electronic communications” include most Internet Electronic communications (18 U.S.C. § 2510(12)) communications Section 2511 Section Wiretap Exceptions (a) (b) (c) (d) (e) (f) (g) Court Order Consent Consent Provider Provider Computer Trespasser Computer Extension Telephone Extension Inadvertently Obtained Inadvertently Accessible to Public Accessible Wiretap Exceptions Wiretap Most common exceptions applicable to electronic and wire interceptions are: Court Order Consent (of a party to the communication) Provider Self Defense (acquisition to protect its rights/property) rights/property) Computer Trespasser Exception – Court Order Exception What do we need for a Court Order Probable cause (crime and facility) Probable EXTENSIVE approval requirements (OEO) EXTENSIVE Predicate / Enumerated Felony Normal options already tried or unlikely to succeed 30 days only (with extensions) Disclosure restrictions Minimization (often after the fact for computers) Motion to Seal Exception – Court Order Exception Approval Process for Wiretap Law Enforcement United States Attorney’s Office Law AUSA Chief USA United States Attorney Office Department of Justice United Office of Enforcement Operations Criminal Section Attorney General Federal District Court for 30 days Federal with 10 day reports with Congressional Reporting annual reports to Congress Congressional Exception – Consent Exception Consent of party; § 2511(2)(d) Interception allowed if a “party to the communication has given prior consent to such interception” consent Consent from several possible sources: banner terms of service employment agreement/policies Consent of system operator might not constitute Consent consent from a party to the communication (hacker cases where server is a pass-through) cases Consent and Banners Consent Suggests no reasonable Suggests expectation of privacy expectation Authority to monitor Authority in real time and to access stored files stored Provider authority to disclose Provider information to law enforcement and other officials and Consent by authorized and unauthorized users to Consent and these terms these Use caution when relying on a banner Issue: did hacker see banner??? Exception – Provider Protection Exception Provider permitted to engage in monitoring to Provider protect “the rights or property of the provider” 18 U.S.C. § 2511(2)(a)(i) 18 Provider can give results of past monitoring to law Provider past enforcement; thereafter be careful that monitoring done by provider for protective purposes done Issue: How far is OK? Motive? What are rights and property? What Exception – Computer Trespasser Exception Computer Trespasser Exception; 18 U.S.C. 2511(2)(i) Allows law enforcement to intercept communications to Allows or from “computer trespassers” 18 U.S.C. 2510(21) or A “computer trespasser” is not a person known by the “computer not provider to have an existing contractual relationship with the provider for use of the system the You must authorize the search, but law enforcement can You do the monitoring. do Stored Communications and Stored Transactional Records ----Electronic Communications Privacy Act Not simple Not “…noted for its lack of clarity…” Fraser v. Nationwide Mut. Ins. Co., 135 F.Supp.2d 623, 633 (E.D. Pa. 2001) Fraser “a complex, often convoluted, area of the law” United States v. Smith, 155 F.3d 1051, 1055 (9th Cir. 1998) United “confusing and overlapping definitions” Doe v. Ashcroft, 334 F.Supp.2d 471, 488 n.72 (S.D.N.Y. 2004) Doe “painstaking, methodical analysis” Steve Jackson Games, Inc. v. U.S. Secret Service, 36 F.3d 457, 461 (5th Cir. 1994) Steve When § 2703 applies When 1 Providers hold records 2 …and government wants to compel the and compel provider to provide those records. provider No application when the same data is No obtained from elsewhere. obtained “Provider” “provider of electronic communication service” Think: Phone company, not pizza delivery Examples: ISPs, web e-mail Provider of ECS Provider Electronic Communications Service Sender’s ISP Recipient’s ISP Sender Recipient “Provider” “provider of remote computing service” Examples: Web hosts, online photo album Provider of RCS Provider Remote Communications Services Remote Storage Server Subscriber Three Types of Evidence Three 1. Basic Subscriber Information 1. - obtained with a subpoena obtained 2. Transactional Records 2. - obtained with a court order obtained 3. Content 3. - obtained with a search warrant Three Types of Process Three 1. Subpoena 1. gets basic subscriber information 2. Court Order [2703(d) order] Court gets all of the above + transaction logs 3. Search warrant 3. gets all of the above + content (unopened emails) * more process gets more evidence! * notice is always an issue! OK …. maybe five types of Evidence maybe Content Content (emails) (emails) / retrieved retrieved \ or unretrieved / \ stale or fresh more than 180 days more or 180 days or less less Provider Preservation of Data Provider What is Preservation? Providers will retain for only limited periods Duty extends only to records in provider’s Duty possession at time of request, not future information information No requirement that they retain at all ...
View Full Document

This note was uploaded on 12/05/2009 for the course CS 175 taught by Professor C.martin during the Spring '09 term at GWU.

Ask a homework question - tutors are online