policing the internet: higher education law and policy rodney petersen, policy analyst wendy wigen,...
Post on 17-Dec-2015
215 Views
Preview:
TRANSCRIPT
Policing the Internet:Higher Education Law and Policy
Rodney Petersen, Policy Analyst
Wendy Wigen, Policy Analyst
EDUCAUSE
Introduction
• How is law enforcement going to operate in an electronic and interconnected world?
• What role will institutions of higher education play conducting monitoring and surveillance on behalf of the government?
• What is the legal framework that will govern law enforcement and intelligence access to information?
Current Legal Framework• Bush Administration Policy• U.S. Constitution
– 4th Amendment: protection against “unreasonable search and seizure”
• Federal Law– Foreign Intelligence Surveillance Act (FISA)– Title 18 of U.S. Code– Electronic Communications Privacy Act (ECPA)– FERPA, HIPAA, GLB Act, etc.
• State Law
USA PATRIOT Act• Uniting and Strengthening America (USA)
by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (PATRIOT)
• Sunset Provisions:– e.g., emergency disclosures of email without a court
order, interception of computer trespasser communications without a court order, lowering standard for pen registers and trap and trace devices under FISA, access to business records under FISA, etc.
• Permanent Provisions– e.g., pen registers for the Internet, National Security
Letter exceptions to privacy laws, definition of domestic terrorism, sneak and peek searches, etc.
Communications Assistance for Law Enforcement Act (CALEA)
• Requires facilities based internet service providers to standardize their equipment to facilitate wiretaps.
• By Court decision: private networks are exempt:– Are you a private network?– Do you support the connection to the
commercial ISP?
To comply or not to comply?
Don’t support the connection
Support the connection
Private Network
Exempt
Compliance required at gateway
Public Network
Exempt * Full compliance required
Mandatory Data Retention
• Why is data retention necessary or desirable? (i.e., what is the problem we are trying to solve?)
• Scope:– What data is to be retained?– Who should data retention requirements apply
to?
• How do we accomplish the desired goals?
Policy Issues
Do these laws:
1. Pose a threat to personal privacy and security?
2. Undermine public trust in the Internet?
3. Impact competitiveness and innovation?
4. Show promise of being effective?
5. Create undue burden and expense?
Practice Implications
• Take stock of logging and monitoring practices
• Establish privacy policies and practice “data minimization”
• Secure information captured and retained
• Develop and enforce internal policies and procedures for use of information
Responding to “Compulsory Legal Requests for Information”
• Designate or person or office to receive all requests and coordinate responses– Not just an IT issue!– Someone knowledgeable of basic issues– Develop working relationships with others
• Types of compulsory legal requests• Common issues• Reference Guide• Resources
CALEA Technical Requirements
• Status of Trusted Third Party Providers
• Status of equipment venders
• Standards process
“Without standards, there is no safe harbor”
CALEA Security and Personnel Requirements
A (telecommunications carrier) shall:
1. Appoint a single point of contact
2. Establish standard operating procedures
3. Report any act of compromise
4. Maintain secure and accurate records
Conclusion
• How law enforcement will operate in an electronic and interconnected world
• The role that institutions of higher education will play in conducting monitoring and surveillance on behalf of the government
• The emerging legal framework that will govern law enforcement and intelligence access to information
Discussion
For more information, contact:
Rodney Petersen, rpetersen@educause.edu
Wendy Wigen, wwigen@educause.edu
www.educause.edu/policy
top related