eff: eff bootcamp ko bestpraclea
Post on 31-May-2018
233 Views
Preview:
TRANSCRIPT
8/14/2019 EFF: EFF bootcamp KO BestPracLEA
http://slidepdf.com/reader/full/eff-eff-bootcamp-ko-bestpraclea 1/28
8/14/2019 EFF: EFF bootcamp KO BestPracLEA
http://slidepdf.com/reader/full/eff-eff-bootcamp-ko-bestpraclea 2/28
October 10, 2007
Fenwick & West Conference Center
EFF 2007Bootcamp 2.0
What kind of best practices?
• Intermediaries that enable
online speech can also become
chokepoints to cut off that
speech
• Best practices for responding
to
– Law enforcement information
requests
– Civil subpoenas
8/14/2019 EFF: EFF bootcamp KO BestPracLEA
http://slidepdf.com/reader/full/eff-eff-bootcamp-ko-bestpraclea 3/28
October 10, 2007
Fenwick & West Conference Center
EFF 2007Bootcamp 2.0
Overview: Responding to Legal
Information Requests
• How is your ISP classified
under the law?
• What information does your
ISP have and what may be
sought?
• What legal process must be
provided?
• What procedures should your
ISP employ in responding to
8/14/2019 EFF: EFF bootcamp KO BestPracLEA
http://slidepdf.com/reader/full/eff-eff-bootcamp-ko-bestpraclea 4/28
October 10, 2007
Fenwick & West Conference Center
EFF 2007Bootcamp 2.0
Best Practices
Best practices:
– Require proper legal process
– minimize logging
– develop policy for user notice
– establish record retention
policy
– internal training
8/14/2019 EFF: EFF bootcamp KO BestPracLEA
http://slidepdf.com/reader/full/eff-eff-bootcamp-ko-bestpraclea 5/28
October 10, 2007
Fenwick & West Conference Center
EFF 2007Bootcamp 2.0
What type is your ISP under
ECPA?
• The Electronic Communications
Privacy Act defined two types of
ISPs:• Electronic Communications Service
to the extent you permit users to
communicate with each other
• Remote Computing Service to the
extent you permit users to store
communications or other
information
8/14/2019 EFF: EFF bootcamp KO BestPracLEA
http://slidepdf.com/reader/full/eff-eff-bootcamp-ko-bestpraclea 6/28
October 10, 2007
Fenwick & West Conference Center
EFF 2007Bootcamp 2.0
What Information Do You Have?
• Some things are obvious like
Log Files, but not what they
contain
• May also store Email, User
ID, Connection Info, Search
Queries, URLs, Cookies,
Unique Identifiers and IP
Addresses
• Other things?
8/14/2019 EFF: EFF bootcamp KO BestPracLEA
http://slidepdf.com/reader/full/eff-eff-bootcamp-ko-bestpraclea 7/28
October 10, 2007
Fenwick & West Conference Center
EFF 2007Bootcamp 2.0
Do You Need the Logs?
• If you don’t have it, you
can’t be forced to produce it
• Can reduce compliance costs
by minimizing information
retained
• Keep minimum logs for needs,
and regularly delete unneeded
information
8/14/2019 EFF: EFF bootcamp KO BestPracLEA
http://slidepdf.com/reader/full/eff-eff-bootcamp-ko-bestpraclea 8/28
October 10, 2007
Fenwick & West Conference Center
EFF 2007Bootcamp 2.0
Background: ECPA, SCA,
Title III and FISA
• Electronic Communications
Privacy Act
• Stored Communications Act
• Title III is the Wiretap Act
• Foreign IntelligenceSurveillance Act
8/14/2019 EFF: EFF bootcamp KO BestPracLEA
http://slidepdf.com/reader/full/eff-eff-bootcamp-ko-bestpraclea 9/28
October 10, 2007
Fenwick & West Conference Center
EFF 2007Bootcamp 2.0
Background: ECPA
• Electronic Communications
Privacy Act amended the
Wiretap Act to cover
electronic communications
(i.e. email)
– SCA is part of ECPA
8/14/2019 EFF: EFF bootcamp KO BestPracLEA
http://slidepdf.com/reader/full/eff-eff-bootcamp-ko-bestpraclea 10/28
October 10, 2007
Fenwick & West Conference Center
EFF 2007Bootcamp 2.0
Background: SCA• The Stored Communications Act,
regulates when an electronic
communication service providermay disclose the contents of or
other information about a
customer’s emails and other
electronic communications tothird parties.
– Contents of communications may not be
disclosed to civil litigants even
when presented with a civil subpoena.
8/14/2019 EFF: EFF bootcamp KO BestPracLEA
http://slidepdf.com/reader/full/eff-eff-bootcamp-ko-bestpraclea 11/28
October 10, 2007
Fenwick & West Conference Center
EFF 2007Bootcamp 2.0
Background: Title III• Title III makes it unlawful
to listen to or observe the
contents of a privatecommunication without the
permission of at least one
party to the communicationand regulates real-time
electronic surveillance in
federal criminal
investigations.
8/14/2019 EFF: EFF bootcamp KO BestPracLEA
http://slidepdf.com/reader/full/eff-eff-bootcamp-ko-bestpraclea 12/28
October 10, 2007
Fenwick & West Conference Center
EFF 2007Bootcamp 2.0
Background: FISA• The Foreign Intelligence
Surveillance Act authorizes
federal agents to conductelectronic surveillance, as
part of a foreign
intelligence orcounterintelligence
investigation, without
obtaining a traditional,
probable-cause search warrant
8/14/2019 EFF: EFF bootcamp KO BestPracLEA
http://slidepdf.com/reader/full/eff-eff-bootcamp-ko-bestpraclea 13/28
8/14/2019 EFF: EFF bootcamp KO BestPracLEA
http://slidepdf.com/reader/full/eff-eff-bootcamp-ko-bestpraclea 14/28
October 10, 2007
Fenwick & West Conference Center
EFF 2007Bootcamp 2.0
Records of Videos
Watched• The most highly protected piece
of personal information under the
law:
– “information which identifies a
person as having requested or
obtained specific video materials or
services from a video tape service
provider”
• Not limited to “tapes”, includes a/v
material
• Must be destroyed “as soon as practicable,
but no later than one year from the date
the information is no longer necessary”
• Contact your legal counsel before
8/14/2019 EFF: EFF bootcamp KO BestPracLEA
http://slidepdf.com/reader/full/eff-eff-bootcamp-ko-bestpraclea 15/28
8/14/2019 EFF: EFF bootcamp KO BestPracLEA
http://slidepdf.com/reader/full/eff-eff-bootcamp-ko-bestpraclea 16/28
October 10, 2007
Fenwick & West Conference Center
EFF 2007Bootcamp 2.0
Legal Standards• Basic Subscriber Information:
Subpoena or better (Gov’t may not
use civil subpoena)
• Other Information: 2703(d) orderor better
• Dialed digits: Pen Register or
better
• Real Time Content: Title III
order
• Stored Content < 180 days: search
warrant
• Stored Content > 180 da s:
8/14/2019 EFF: EFF bootcamp KO BestPracLEA
http://slidepdf.com/reader/full/eff-eff-bootcamp-ko-bestpraclea 17/28
8/14/2019 EFF: EFF bootcamp KO BestPracLEA
http://slidepdf.com/reader/full/eff-eff-bootcamp-ko-bestpraclea 18/28
October 10, 2007
Fenwick & West Conference Center
EFF 2007Bootcamp 2.0
National Security
Letters• FBI may compel the production
of "subscriber information
and toll billing records
information, or electronic
communication transactional
records" through NationalSecurity Letters.
– Generally NSLs must be kept
secret–
8/14/2019 EFF: EFF bootcamp KO BestPracLEA
http://slidepdf.com/reader/full/eff-eff-bootcamp-ko-bestpraclea 19/28
8/14/2019 EFF: EFF bootcamp KO BestPracLEA
http://slidepdf.com/reader/full/eff-eff-bootcamp-ko-bestpraclea 20/28
October 10, 2007
Fenwick & West Conference Center
EFF 2007Bootcamp 2.0
A visit by Suits with
Shades• If you get a personal visit
from Law Enforcement, call
your company’s lawyer.
– Often, just an informal request
for assistance
– Safest course is to get legalcounsel early
8/14/2019 EFF: EFF bootcamp KO BestPracLEA
http://slidepdf.com/reader/full/eff-eff-bootcamp-ko-bestpraclea 21/28
October 10, 2007
Fenwick & West Conference Center
EFF 2007Bootcamp 2.0
Provide Notice to Users
• Best practice is to provide
notice where possible - let
user move to quash
• LEAs need an order to prevent
notice on subpoenas
• Notice may be delayed under
ECPA
8/14/2019 EFF: EFF bootcamp KO BestPracLEA
http://slidepdf.com/reader/full/eff-eff-bootcamp-ko-bestpraclea 22/28
8/14/2019 EFF: EFF bootcamp KO BestPracLEA
http://slidepdf.com/reader/full/eff-eff-bootcamp-ko-bestpraclea 23/28
October 10, 2007
Fenwick & West Conference Center
EFF 2007Bootcamp 2.0
Reimbursement
• Yes for subpoenas
• Yes for technical assistance
(not required to redesign,
just help)
• Yes for special requirements,
backup preservation, etc
• Yes for all civil requests
8/14/2019 EFF: EFF bootcamp KO BestPracLEA
http://slidepdf.com/reader/full/eff-eff-bootcamp-ko-bestpraclea 24/28
October 10, 2007
Fenwick & West Conference Center
EFF 2007Bootcamp 2.0
Provider Exception
• Provider exception grants
service providers the right
"to intercept and monitor
[communications] placed over
their facilities in order to
combat fraud and theft ofservice."
8/14/2019 EFF: EFF bootcamp KO BestPracLEA
http://slidepdf.com/reader/full/eff-eff-bootcamp-ko-bestpraclea 25/28
October 10, 2007
Fenwick & West Conference Center
EFF 2007Bootcamp 2.0
Accessible to Public• Privacy laws have an exception
for electronic communication made
through a system "that isconfigured so that . . . [the]
communication is readily
accessible to the general
public.”– If information sought by LEA is
publicly available, you can tell them
to get it themselves
– In some cases authentication may be
8/14/2019 EFF: EFF bootcamp KO BestPracLEA
http://slidepdf.com/reader/full/eff-eff-bootcamp-ko-bestpraclea 26/28
October 10, 2007
Fenwick & West Conference Center
EFF 2007Bootcamp 2.0
Penalties and Safe
Harbors• May face lawsuits for
improper disclosure
• You are protected from civil
actions if you rely in “good
faith” upon appropriate legal
process
• Do not disclose information
without being sure you have
the right process
8/14/2019 EFF: EFF bootcamp KO BestPracLEA
http://slidepdf.com/reader/full/eff-eff-bootcamp-ko-bestpraclea 27/28
8/14/2019 EFF: EFF bootcamp KO BestPracLEA
http://slidepdf.com/reader/full/eff-eff-bootcamp-ko-bestpraclea 28/28
October 10, 2007
Fenwick & West Conference Center
EFF 2007Bootcamp 2.0
Help Us Help You• Let us know when you receive
questionable over-reaching
requests
415.436.9333
kurt@eff.org, bankston@eff.org
http://www.eff.org
http://ilt.eff.org
top related