internet vulnerabilities & criminal activity investigation & prosecution 12.2 december 5,...
TRANSCRIPT
![Page 1: Internet Vulnerabilities & Criminal Activity Investigation & Prosecution 12.2 December 5, 2011 Investigation & Prosecution 12.2 December 5, 2011](https://reader030.vdocument.in/reader030/viewer/2022032804/56649e425503460f94b3436e/html5/thumbnails/1.jpg)
Internet Vulnerabilities & Criminal Activity
Internet Vulnerabilities & Criminal Activity
Investigation & Prosecution12.2
December 5, 2011
Investigation & Prosecution12.2
December 5, 2011
![Page 2: Internet Vulnerabilities & Criminal Activity Investigation & Prosecution 12.2 December 5, 2011 Investigation & Prosecution 12.2 December 5, 2011](https://reader030.vdocument.in/reader030/viewer/2022032804/56649e425503460f94b3436e/html5/thumbnails/2.jpg)
ProfilingProfiling
“Differentiate behavior patterns in order to narrow the range of suspects in a
given crime.”
“Differentiate behavior patterns in order to narrow the range of suspects in a
given crime.”
![Page 3: Internet Vulnerabilities & Criminal Activity Investigation & Prosecution 12.2 December 5, 2011 Investigation & Prosecution 12.2 December 5, 2011](https://reader030.vdocument.in/reader030/viewer/2022032804/56649e425503460f94b3436e/html5/thumbnails/3.jpg)
Three Basic Components of a Crime
Three Basic Components of a Crime
• Motive - What made the offender
act
• Opportunity - Why did the offender
chose a particular victim
• Means - What are the details of
how the crime was committed
• Motive - What made the offender
act
• Opportunity - Why did the offender
chose a particular victim
• Means - What are the details of
how the crime was committed
![Page 4: Internet Vulnerabilities & Criminal Activity Investigation & Prosecution 12.2 December 5, 2011 Investigation & Prosecution 12.2 December 5, 2011](https://reader030.vdocument.in/reader030/viewer/2022032804/56649e425503460f94b3436e/html5/thumbnails/4.jpg)
Profiling AimProfiling Aim
• Identify personal & behavioral characteristics of unknown perpetrator
• Examine actions taken before, during, and after crime
• Isolate identifiable behaviors of actions of how a physical or psychological need is fulfilled
• Identify personal & behavioral characteristics of unknown perpetrator
• Examine actions taken before, during, and after crime
• Isolate identifiable behaviors of actions of how a physical or psychological need is fulfilled
![Page 5: Internet Vulnerabilities & Criminal Activity Investigation & Prosecution 12.2 December 5, 2011 Investigation & Prosecution 12.2 December 5, 2011](https://reader030.vdocument.in/reader030/viewer/2022032804/56649e425503460f94b3436e/html5/thumbnails/5.jpg)
Two Types of ProfilingTwo Types of Profiling
• Inductive – Current perpetrator share
characteristics with those who have previously committed same type of crime
• Deductive– Explicit conclusions drawn from
actual evidence
• Inductive – Current perpetrator share
characteristics with those who have previously committed same type of crime
• Deductive– Explicit conclusions drawn from
actual evidence
![Page 6: Internet Vulnerabilities & Criminal Activity Investigation & Prosecution 12.2 December 5, 2011 Investigation & Prosecution 12.2 December 5, 2011](https://reader030.vdocument.in/reader030/viewer/2022032804/56649e425503460f94b3436e/html5/thumbnails/6.jpg)
Five Stages of Cyber Criminal Profiling
Five Stages of Cyber Criminal Profiling
• Evidence gathering– Collection of forensic evidence
• Behavioral analysis– Derive a meaningful set of characteristic
behaviors from facts of the crime
• Victimology– Victim profile tell a lot about type of
perpetrator– Well-known signatures associated with
different types of crimes
• Evidence gathering– Collection of forensic evidence
• Behavioral analysis– Derive a meaningful set of characteristic
behaviors from facts of the crime
• Victimology– Victim profile tell a lot about type of
perpetrator– Well-known signatures associated with
different types of crimes
![Page 7: Internet Vulnerabilities & Criminal Activity Investigation & Prosecution 12.2 December 5, 2011 Investigation & Prosecution 12.2 December 5, 2011](https://reader030.vdocument.in/reader030/viewer/2022032804/56649e425503460f94b3436e/html5/thumbnails/7.jpg)
Five Stages of Cyber Criminal Profiling cont.Five Stages of Cyber
Criminal Profiling cont.• Crime pattern analysis
– “what and how”– Working hypothesis about the
execution of the crime
• Profile development– Deductive reasoning from facts of
crime– Generalized inductive typologies
• Crime pattern analysis– “what and how”– Working hypothesis about the
execution of the crime
• Profile development– Deductive reasoning from facts of
crime– Generalized inductive typologies
![Page 8: Internet Vulnerabilities & Criminal Activity Investigation & Prosecution 12.2 December 5, 2011 Investigation & Prosecution 12.2 December 5, 2011](https://reader030.vdocument.in/reader030/viewer/2022032804/56649e425503460f94b3436e/html5/thumbnails/8.jpg)
Twelve Cyber Criminal Profiles
Twelve Cyber Criminal Profiles
• Kiddies• Technologically inept• Intent to trespass• Motivation - ego• Maybe any age, but are outsiders• New to crime
• Cyberpunk hackers• Counterculture member• Ego-driven, motivated by exposure• Crimes: trespass, invasion• Theft & sabotage against legitimate targets• Responsible for viruses & DOS attacks• Young, technologically proficient, outsider
• Kiddies• Technologically inept• Intent to trespass• Motivation - ego• Maybe any age, but are outsiders• New to crime
• Cyberpunk hackers• Counterculture member• Ego-driven, motivated by exposure• Crimes: trespass, invasion• Theft & sabotage against legitimate targets• Responsible for viruses & DOS attacks• Young, technologically proficient, outsider
![Page 9: Internet Vulnerabilities & Criminal Activity Investigation & Prosecution 12.2 December 5, 2011 Investigation & Prosecution 12.2 December 5, 2011](https://reader030.vdocument.in/reader030/viewer/2022032804/56649e425503460f94b3436e/html5/thumbnails/9.jpg)
Twelve Cyber Criminal Profiles cont.
Twelve Cyber Criminal Profiles cont.
• Old-time hackers• Most technologically proficient• Improve art by trespassing• Web site defacement• Middle aged or older, long history
• Code warriors• Driven by monetary gain• Theft or sabotage• Crime built around code exploits• Technologically superior, long hacking history• 30 - 50 age range, degree in technology,
unemployed• Socially inept, show signs of social deviance
• Old-time hackers• Most technologically proficient• Improve art by trespassing• Web site defacement• Middle aged or older, long history
• Code warriors• Driven by monetary gain• Theft or sabotage• Crime built around code exploits• Technologically superior, long hacking history• 30 - 50 age range, degree in technology,
unemployed• Socially inept, show signs of social deviance
![Page 10: Internet Vulnerabilities & Criminal Activity Investigation & Prosecution 12.2 December 5, 2011 Investigation & Prosecution 12.2 December 5, 2011](https://reader030.vdocument.in/reader030/viewer/2022032804/56649e425503460f94b3436e/html5/thumbnails/10.jpg)
Twelve Cyber Criminal Profiles cont.
Twelve Cyber Criminal Profiles cont.
• Cyberthieves• Motivated by monetary gain• Surreptitious network attacks, sniffing, spoofing• Use simple tools rather than targeted code• Social engineers, running classic con games• Younger than code warriors• Organizational insiders, maybe outsiders
• Cyberhucksters• Spammers, malware purveyors• Motivation monetary gain• Social engineers, older business types• Known to local law enforcement
• Cyberthieves• Motivated by monetary gain• Surreptitious network attacks, sniffing, spoofing• Use simple tools rather than targeted code• Social engineers, running classic con games• Younger than code warriors• Organizational insiders, maybe outsiders
• Cyberhucksters• Spammers, malware purveyors• Motivation monetary gain• Social engineers, older business types• Known to local law enforcement
![Page 11: Internet Vulnerabilities & Criminal Activity Investigation & Prosecution 12.2 December 5, 2011 Investigation & Prosecution 12.2 December 5, 2011](https://reader030.vdocument.in/reader030/viewer/2022032804/56649e425503460f94b3436e/html5/thumbnails/11.jpg)
Twelve Cyber Criminal Profiles cont.
Twelve Cyber Criminal Profiles cont.
• Unhappy Insiders• Most dangerous profile• Motivated by revenge, monetary gain• Uses extortion, exposure of secrets, theft, sabotage• Logic bombs, malicious acts• Any age or employment level• Unhappy with organization
• Ex-Insiders• Motivation extortion, revenge, sabotage,
disinformation• Make use of insider information to harm company
from the outside• Any age or employment level
• Unhappy Insiders• Most dangerous profile• Motivated by revenge, monetary gain• Uses extortion, exposure of secrets, theft, sabotage• Logic bombs, malicious acts• Any age or employment level• Unhappy with organization
• Ex-Insiders• Motivation extortion, revenge, sabotage,
disinformation• Make use of insider information to harm company
from the outside• Any age or employment level
![Page 12: Internet Vulnerabilities & Criminal Activity Investigation & Prosecution 12.2 December 5, 2011 Investigation & Prosecution 12.2 December 5, 2011](https://reader030.vdocument.in/reader030/viewer/2022032804/56649e425503460f94b3436e/html5/thumbnails/12.jpg)
Twelve Cyber Criminal Profiles cont.
Twelve Cyber Criminal Profiles cont.
• Cyberstalker• Motivation - ego & deviance• Invasion of privacy to learn something to satisfy
personal need • Use key loggers & sniffers• Invasion driven by psychological needs• Identification of need like a fingerprint
• Con Man• Motivation - monetary gain• Theft, illicit commercialization• Con games, phishing, Nigerian 419’s• Attacks untargeted & anonymous
• Cyberstalker• Motivation - ego & deviance• Invasion of privacy to learn something to satisfy
personal need • Use key loggers & sniffers• Invasion driven by psychological needs• Identification of need like a fingerprint
• Con Man• Motivation - monetary gain• Theft, illicit commercialization• Con games, phishing, Nigerian 419’s• Attacks untargeted & anonymous
![Page 13: Internet Vulnerabilities & Criminal Activity Investigation & Prosecution 12.2 December 5, 2011 Investigation & Prosecution 12.2 December 5, 2011](https://reader030.vdocument.in/reader030/viewer/2022032804/56649e425503460f94b3436e/html5/thumbnails/13.jpg)
Twelve Cyber Criminal Profiles cont.
Twelve Cyber Criminal Profiles cont.
• Mafia soldier• Organized crime member• Purposeful, highly organized• Motivation - monetary gain• Theft, extortion, blackmail• Always work in highly organized group
• Warfighter• Not a criminal when on your side• Motivated by Infowar• Help friends, harm enemy• Technologically superior, dangerous• Any age, highly organized, best & brightest
• Mafia soldier• Organized crime member• Purposeful, highly organized• Motivation - monetary gain• Theft, extortion, blackmail• Always work in highly organized group
• Warfighter• Not a criminal when on your side• Motivated by Infowar• Help friends, harm enemy• Technologically superior, dangerous• Any age, highly organized, best & brightest
![Page 14: Internet Vulnerabilities & Criminal Activity Investigation & Prosecution 12.2 December 5, 2011 Investigation & Prosecution 12.2 December 5, 2011](https://reader030.vdocument.in/reader030/viewer/2022032804/56649e425503460f94b3436e/html5/thumbnails/14.jpg)
Search & SeizureSearch & Seizure
Legal procedure whereby police or other authorities and their agents, who suspect that a crime has been committed, do a search of a person's property and confiscate any relevant
evidence to the crime.
Legal procedure whereby police or other authorities and their agents, who suspect that a crime has been committed, do a search of a person's property and confiscate any relevant
evidence to the crime.
![Page 15: Internet Vulnerabilities & Criminal Activity Investigation & Prosecution 12.2 December 5, 2011 Investigation & Prosecution 12.2 December 5, 2011](https://reader030.vdocument.in/reader030/viewer/2022032804/56649e425503460f94b3436e/html5/thumbnails/15.jpg)
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue,
but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or
things to be seized
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue,
but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or
things to be seized
The Fourth Amendment
![Page 16: Internet Vulnerabilities & Criminal Activity Investigation & Prosecution 12.2 December 5, 2011 Investigation & Prosecution 12.2 December 5, 2011](https://reader030.vdocument.in/reader030/viewer/2022032804/56649e425503460f94b3436e/html5/thumbnails/16.jpg)
Parts of the Fourth Amendment
Parts of the Fourth Amendment
• Three protections/limitations– Substantial justification to search– Search cannot extend beyond justification– No blanket warrants
• First clause - “reasonableness clause”– Unreasonable searches and seizures are forbidden
• Second clause - “warrant clause”– Limits on search & arrest warrants
• Probable cause• Define location of search• Define who or what is to be seized
• Three protections/limitations– Substantial justification to search– Search cannot extend beyond justification– No blanket warrants
• First clause - “reasonableness clause”– Unreasonable searches and seizures are forbidden
• Second clause - “warrant clause”– Limits on search & arrest warrants
• Probable cause• Define location of search• Define who or what is to be seized
![Page 17: Internet Vulnerabilities & Criminal Activity Investigation & Prosecution 12.2 December 5, 2011 Investigation & Prosecution 12.2 December 5, 2011](https://reader030.vdocument.in/reader030/viewer/2022032804/56649e425503460f94b3436e/html5/thumbnails/17.jpg)
Reasonable Expectation of Privacy
Reasonable Expectation of Privacy
• No violation to the Fourth Amendment if:
– Government’s conduct does not violate a person’s
“reasonable expectation of privacy”
– Established exception to the warrant requirement
• No violation to the Fourth Amendment if:
– Government’s conduct does not violate a person’s
“reasonable expectation of privacy”
– Established exception to the warrant requirement
![Page 18: Internet Vulnerabilities & Criminal Activity Investigation & Prosecution 12.2 December 5, 2011 Investigation & Prosecution 12.2 December 5, 2011](https://reader030.vdocument.in/reader030/viewer/2022032804/56649e425503460f94b3436e/html5/thumbnails/18.jpg)
Warrant ExceptionsWarrant Exceptions
Search that violates reasonable privacy may be conducted if they fall within established exceptions
1. Consent2. Exigent circumstances3. Plain view4. Incident to a lawful arrest5. Inventory searches6. Border searches7. Workplace searches
Search that violates reasonable privacy may be conducted if they fall within established exceptions
1. Consent2. Exigent circumstances3. Plain view4. Incident to a lawful arrest5. Inventory searches6. Border searches7. Workplace searches
![Page 19: Internet Vulnerabilities & Criminal Activity Investigation & Prosecution 12.2 December 5, 2011 Investigation & Prosecution 12.2 December 5, 2011](https://reader030.vdocument.in/reader030/viewer/2022032804/56649e425503460f94b3436e/html5/thumbnails/19.jpg)
No Reasonable Expectation of Privacy
No Reasonable Expectation of Privacy
• Items that appear on the screen/obtained through shoulder surfing
• Contents has been made openly available– P2P – E-mail
• Stolen computer• Control of computer relinquished to a 3rd
party• Electronic storage - statutory coverage
• Items that appear on the screen/obtained through shoulder surfing
• Contents has been made openly available– P2P – E-mail
• Stolen computer• Control of computer relinquished to a 3rd
party• Electronic storage - statutory coverage
![Page 20: Internet Vulnerabilities & Criminal Activity Investigation & Prosecution 12.2 December 5, 2011 Investigation & Prosecution 12.2 December 5, 2011](https://reader030.vdocument.in/reader030/viewer/2022032804/56649e425503460f94b3436e/html5/thumbnails/20.jpg)
Probable CauseProbable Cause
• Must reasonably establish:
1.A crime has been committed
2.Evidence of the crime exists
3.Evidence presently exists in place to be searched
• Location to be searched must be described
• Evidence of specific crime must be named
• Must reasonably establish:
1.A crime has been committed
2.Evidence of the crime exists
3.Evidence presently exists in place to be searched
• Location to be searched must be described
• Evidence of specific crime must be named
![Page 21: Internet Vulnerabilities & Criminal Activity Investigation & Prosecution 12.2 December 5, 2011 Investigation & Prosecution 12.2 December 5, 2011](https://reader030.vdocument.in/reader030/viewer/2022032804/56649e425503460f94b3436e/html5/thumbnails/21.jpg)
Evidence Issues & Internet Crime
Evidence Issues & Internet Crime
• Right to search a computer
• Proving venue
• Criminal intent
• Right to search a computer
• Proving venue
• Criminal intent
![Page 22: Internet Vulnerabilities & Criminal Activity Investigation & Prosecution 12.2 December 5, 2011 Investigation & Prosecution 12.2 December 5, 2011](https://reader030.vdocument.in/reader030/viewer/2022032804/56649e425503460f94b3436e/html5/thumbnails/22.jpg)
Rules of EvidenceRules of Evidence
• Purpose– To secure a defendant’s constitutional
right to a fair trial• Evolved from decisional law• Decisions codified • Federal Rules of Evidence
– Most influential codification– Criminal & civil
• Purpose– To secure a defendant’s constitutional
right to a fair trial• Evolved from decisional law• Decisions codified • Federal Rules of Evidence
– Most influential codification– Criminal & civil
![Page 23: Internet Vulnerabilities & Criminal Activity Investigation & Prosecution 12.2 December 5, 2011 Investigation & Prosecution 12.2 December 5, 2011](https://reader030.vdocument.in/reader030/viewer/2022032804/56649e425503460f94b3436e/html5/thumbnails/23.jpg)
Search Warrant ProblemsSearch Warrant Problems
• Computers - file cabinet / repository– Innocent, personal materials– Evidence of crime– Must protect privacy while seeking
evidence– Must describe that which is sought– Scope should not be overly broad
• Computers - file cabinet / repository– Innocent, personal materials– Evidence of crime– Must protect privacy while seeking
evidence– Must describe that which is sought– Scope should not be overly broad
![Page 24: Internet Vulnerabilities & Criminal Activity Investigation & Prosecution 12.2 December 5, 2011 Investigation & Prosecution 12.2 December 5, 2011](https://reader030.vdocument.in/reader030/viewer/2022032804/56649e425503460f94b3436e/html5/thumbnails/24.jpg)
Exceeding ScopeExceeding Scope
• Can only search for evidence of crime described in warrant
• If evidence of another crime is discovered, another warrant is needed– Child pornography found during a
search for credit card fraud crime
• Can only search for evidence of crime described in warrant
• If evidence of another crime is discovered, another warrant is needed– Child pornography found during a
search for credit card fraud crime
![Page 25: Internet Vulnerabilities & Criminal Activity Investigation & Prosecution 12.2 December 5, 2011 Investigation & Prosecution 12.2 December 5, 2011](https://reader030.vdocument.in/reader030/viewer/2022032804/56649e425503460f94b3436e/html5/thumbnails/25.jpg)
Plain ViewPlain View
• Lawful position to view object
• Objects incriminating character is
immediately apparent
• Lawful right to access the object
• Lawful position to view object
• Objects incriminating character is
immediately apparent
• Lawful right to access the object
![Page 26: Internet Vulnerabilities & Criminal Activity Investigation & Prosecution 12.2 December 5, 2011 Investigation & Prosecution 12.2 December 5, 2011](https://reader030.vdocument.in/reader030/viewer/2022032804/56649e425503460f94b3436e/html5/thumbnails/26.jpg)
Third Person ConsentThird Person Consent
• Agree to a search without a warrant
• Two criteria for third party consent to be effective– Third party must have authority to
consent– Third party’s consent must be
voluntary
• Agree to a search without a warrant
• Two criteria for third party consent to be effective– Third party must have authority to
consent– Third party’s consent must be
voluntary
![Page 27: Internet Vulnerabilities & Criminal Activity Investigation & Prosecution 12.2 December 5, 2011 Investigation & Prosecution 12.2 December 5, 2011](https://reader030.vdocument.in/reader030/viewer/2022032804/56649e425503460f94b3436e/html5/thumbnails/27.jpg)
Evidence Establishing Venue
Evidence Establishing Venue
• Crime must be committed in venue of the court
• How to determine where a network crime was committed
• Venue may be where agent connected to Internet & viewed defendant’s behavior
• Multidistrict offenses “may be ... prosecuted in any district in which such offense was begun, continued, or completed.”
• http://www.cybercrime.gov/ccmanual/ccmanual.pdf
• Crime must be committed in venue of the court
• How to determine where a network crime was committed
• Venue may be where agent connected to Internet & viewed defendant’s behavior
• Multidistrict offenses “may be ... prosecuted in any district in which such offense was begun, continued, or completed.”
• http://www.cybercrime.gov/ccmanual/ccmanual.pdf
![Page 28: Internet Vulnerabilities & Criminal Activity Investigation & Prosecution 12.2 December 5, 2011 Investigation & Prosecution 12.2 December 5, 2011](https://reader030.vdocument.in/reader030/viewer/2022032804/56649e425503460f94b3436e/html5/thumbnails/28.jpg)
Proving Criminal IntentProving Criminal Intent
• Must prove defendant had criminal intent - mens rea
• Four categories of mens rea– Intentionally– Knowingly– Recklessness / willful blindness– Criminal negligence
• Must prove defendant had criminal intent - mens rea
• Four categories of mens rea– Intentionally– Knowingly– Recklessness / willful blindness– Criminal negligence
![Page 29: Internet Vulnerabilities & Criminal Activity Investigation & Prosecution 12.2 December 5, 2011 Investigation & Prosecution 12.2 December 5, 2011](https://reader030.vdocument.in/reader030/viewer/2022032804/56649e425503460f94b3436e/html5/thumbnails/29.jpg)
Federal StatutesFederal Statutes
Assist law enforcement in obtaining & seizing evidence of a
digital crime
Assist law enforcement in obtaining & seizing evidence of a
digital crime
![Page 30: Internet Vulnerabilities & Criminal Activity Investigation & Prosecution 12.2 December 5, 2011 Investigation & Prosecution 12.2 December 5, 2011](https://reader030.vdocument.in/reader030/viewer/2022032804/56649e425503460f94b3436e/html5/thumbnails/30.jpg)
Federal StatutesFederal Statutes
• Do not necessarily deal just with digital crime– Pen/Trap Statute 18 U.S.C. §3121-27– Wiretap Statute (Title III) 18 U.S.C. §2510-
22– Electronic Communications Privacy Act
(ECPA) 18 U.S.C. §2701-11– USA Patriot Act
• Do not necessarily deal just with digital crime– Pen/Trap Statute 18 U.S.C. §3121-27– Wiretap Statute (Title III) 18 U.S.C. §2510-
22– Electronic Communications Privacy Act
(ECPA) 18 U.S.C. §2701-11– USA Patriot Act
![Page 31: Internet Vulnerabilities & Criminal Activity Investigation & Prosecution 12.2 December 5, 2011 Investigation & Prosecution 12.2 December 5, 2011](https://reader030.vdocument.in/reader030/viewer/2022032804/56649e425503460f94b3436e/html5/thumbnails/31.jpg)
Pen/Trap Statute 18 U.S.C. §3121-27
Pen/Trap Statute 18 U.S.C. §3121-27
• Regulates collection of address information from wire communications
• Pen Register– Records outgoing phone numbers
• Trap & Trace– Records incoming phone numbers
• Includes computer network communications (IP numbers)
• Regulates collection of address information from wire communications
• Pen Register– Records outgoing phone numbers
• Trap & Trace– Records incoming phone numbers
• Includes computer network communications (IP numbers)
![Page 32: Internet Vulnerabilities & Criminal Activity Investigation & Prosecution 12.2 December 5, 2011 Investigation & Prosecution 12.2 December 5, 2011](https://reader030.vdocument.in/reader030/viewer/2022032804/56649e425503460f94b3436e/html5/thumbnails/32.jpg)
Pen/Trap Statute 18 U.S.C. §3121-27
Pen/Trap Statute 18 U.S.C. §3121-27
• To obtain a court order– Identify self– Identify agency conducting the investigation– Certify belief information to be obtained is relevant
to investigation
• Authorization for 60 days• May request extension for additional 60 day
period
• To obtain a court order– Identify self– Identify agency conducting the investigation– Certify belief information to be obtained is relevant
to investigation
• Authorization for 60 days• May request extension for additional 60 day
period
![Page 33: Internet Vulnerabilities & Criminal Activity Investigation & Prosecution 12.2 December 5, 2011 Investigation & Prosecution 12.2 December 5, 2011](https://reader030.vdocument.in/reader030/viewer/2022032804/56649e425503460f94b3436e/html5/thumbnails/33.jpg)
Wiretap Statute (Title III) 18 U.S.C. §2510-22
Wiretap Statute (Title III) 18 U.S.C. §2510-22
• Regulates collection of communication
content
• Real-time electronic communications
• Third party cannot intercept private
communications unless statutory
exception applies
• Regulates collection of communication
content
• Real-time electronic communications
• Third party cannot intercept private
communications unless statutory
exception applies
![Page 34: Internet Vulnerabilities & Criminal Activity Investigation & Prosecution 12.2 December 5, 2011 Investigation & Prosecution 12.2 December 5, 2011](https://reader030.vdocument.in/reader030/viewer/2022032804/56649e425503460f94b3436e/html5/thumbnails/34.jpg)
Wiretap Statute (Title III) 18 U.S.C. §2510-22
Wiretap Statute (Title III) 18 U.S.C. §2510-22
• Interception pursuant to a Title II
court order
– May intercept communication with a court
order
– Interception for up to 30 days
– More stringent requirement than for search
warrant
• Interception pursuant to a Title II
court order
– May intercept communication with a court
order
– Interception for up to 30 days
– More stringent requirement than for search
warrant
![Page 35: Internet Vulnerabilities & Criminal Activity Investigation & Prosecution 12.2 December 5, 2011 Investigation & Prosecution 12.2 December 5, 2011](https://reader030.vdocument.in/reader030/viewer/2022032804/56649e425503460f94b3436e/html5/thumbnails/35.jpg)
Wiretap Statute (Title III) 18 U.S.C. §2510-22
Wiretap Statute (Title III) 18 U.S.C. §2510-22
• The consent exception
– Law enforcement obtains prior consent
from one party
– Some states require both parties’ consent
• The consent exception
– Law enforcement obtains prior consent
from one party
– Some states require both parties’ consent
![Page 36: Internet Vulnerabilities & Criminal Activity Investigation & Prosecution 12.2 December 5, 2011 Investigation & Prosecution 12.2 December 5, 2011](https://reader030.vdocument.in/reader030/viewer/2022032804/56649e425503460f94b3436e/html5/thumbnails/36.jpg)
Wiretap Statute (Title III) 18 U.S.C. §2510-22
Wiretap Statute (Title III) 18 U.S.C. §2510-22
• The provider exception
– Employees/agents of communication
provider may intercept communication to
protect providers’ rights/property
– Network administrator can monitor
hacker’s activity
– Privilege to provider alone
• The provider exception
– Employees/agents of communication
provider may intercept communication to
protect providers’ rights/property
– Network administrator can monitor
hacker’s activity
– Privilege to provider alone
![Page 37: Internet Vulnerabilities & Criminal Activity Investigation & Prosecution 12.2 December 5, 2011 Investigation & Prosecution 12.2 December 5, 2011](https://reader030.vdocument.in/reader030/viewer/2022032804/56649e425503460f94b3436e/html5/thumbnails/37.jpg)
Wiretap Statute (Title III) 18 U.S.C. §2510-22
Wiretap Statute (Title III) 18 U.S.C. §2510-22
• Computer trespasser exception– Victim of attack may authorize law
enforcement to intercept communications of trespasser
– Interceptor must be investigated trespass– Must believe the intercepted
communication will aid investigation– Applies only to trespasser’s
communications
• Computer trespasser exception– Victim of attack may authorize law
enforcement to intercept communications of trespasser
– Interceptor must be investigated trespass– Must believe the intercepted
communication will aid investigation– Applies only to trespasser’s
communications
![Page 38: Internet Vulnerabilities & Criminal Activity Investigation & Prosecution 12.2 December 5, 2011 Investigation & Prosecution 12.2 December 5, 2011](https://reader030.vdocument.in/reader030/viewer/2022032804/56649e425503460f94b3436e/html5/thumbnails/38.jpg)
Wiretap Statute (Title III) 18 U.S.C. §2510-22
Wiretap Statute (Title III) 18 U.S.C. §2510-22
• The extension telephone exception
– Monitoring of call from an extension phone
– Originally, monitoring employee-customer
call
– Includes calls to and from police stations
• The extension telephone exception
– Monitoring of call from an extension phone
– Originally, monitoring employee-customer
call
– Includes calls to and from police stations
![Page 39: Internet Vulnerabilities & Criminal Activity Investigation & Prosecution 12.2 December 5, 2011 Investigation & Prosecution 12.2 December 5, 2011](https://reader030.vdocument.in/reader030/viewer/2022032804/56649e425503460f94b3436e/html5/thumbnails/39.jpg)
Wiretap Statute (Title III) 18 U.S.C. §2510-22
Wiretap Statute (Title III) 18 U.S.C. §2510-22
• The inadvertently obtained criminal
evidence exception
– Provider unintentionally overhears
something related to a crime
– Information can be released to law
enforcement
• The inadvertently obtained criminal
evidence exception
– Provider unintentionally overhears
something related to a crime
– Information can be released to law
enforcement
![Page 40: Internet Vulnerabilities & Criminal Activity Investigation & Prosecution 12.2 December 5, 2011 Investigation & Prosecution 12.2 December 5, 2011](https://reader030.vdocument.in/reader030/viewer/2022032804/56649e425503460f94b3436e/html5/thumbnails/40.jpg)
Wiretap Statute (Title III) 18 U.S.C. §2510-22
Wiretap Statute (Title III) 18 U.S.C. §2510-22
• The accessible to the public
exception
– Interception of unscrambled/encrypted
information broadcast over public
frequency
– Public computer forums/chat rooms
– Not a violation of wiretap statute
• The accessible to the public
exception
– Interception of unscrambled/encrypted
information broadcast over public
frequency
– Public computer forums/chat rooms
– Not a violation of wiretap statute
![Page 41: Internet Vulnerabilities & Criminal Activity Investigation & Prosecution 12.2 December 5, 2011 Investigation & Prosecution 12.2 December 5, 2011](https://reader030.vdocument.in/reader030/viewer/2022032804/56649e425503460f94b3436e/html5/thumbnails/41.jpg)
Electronic Communications Privacy
Act
Electronic Communications Privacy
Act• Regulates how government can
obtained stored electronic communications from a service provider
• Creates statutory privacy rights for customers for stored communications
• Affirms higher level of protection for communications in transit
• Regulates how government can obtained stored electronic communications from a service provider
• Creates statutory privacy rights for customers for stored communications
• Affirms higher level of protection for communications in transit
![Page 42: Internet Vulnerabilities & Criminal Activity Investigation & Prosecution 12.2 December 5, 2011 Investigation & Prosecution 12.2 December 5, 2011](https://reader030.vdocument.in/reader030/viewer/2022032804/56649e425503460f94b3436e/html5/thumbnails/42.jpg)
Electronic Communications Privacy
Act
Electronic Communications Privacy
Act• Protects wire, oral, and electronic
communications while in transit• Sets down requirements for search warrants• Protects communication held in electronic
storage• Prohibits the use of pen register and/or trap
and trace in the process of transmitting wire or electronic communications without a search warrant
• Protects wire, oral, and electronic communications while in transit
• Sets down requirements for search warrants• Protects communication held in electronic
storage• Prohibits the use of pen register and/or trap
and trace in the process of transmitting wire or electronic communications without a search warrant
![Page 43: Internet Vulnerabilities & Criminal Activity Investigation & Prosecution 12.2 December 5, 2011 Investigation & Prosecution 12.2 December 5, 2011](https://reader030.vdocument.in/reader030/viewer/2022032804/56649e425503460f94b3436e/html5/thumbnails/43.jpg)
Electronic Communications Privacy
Act
Electronic Communications Privacy
Act• Three categories of information - each
requires greater showing of cause
• Basic subscriber information– Name– Address– Local & long distance phone billing records– Telephone/other ID numbers– Length & type of service
• Three categories of information - each requires greater showing of cause
• Basic subscriber information– Name– Address– Local & long distance phone billing records– Telephone/other ID numbers– Length & type of service
![Page 44: Internet Vulnerabilities & Criminal Activity Investigation & Prosecution 12.2 December 5, 2011 Investigation & Prosecution 12.2 December 5, 2011](https://reader030.vdocument.in/reader030/viewer/2022032804/56649e425503460f94b3436e/html5/thumbnails/44.jpg)
Electronic Communications Privacy
Act
Electronic Communications Privacy
Act• Records or logs pertaining to subscriber
– Contents of relative log files– All basic subscriber info– Cell site data for call made– Destination of outgoing e-mails– Any other non-content records
• Contents of communications
• Records or logs pertaining to subscriber– Contents of relative log files– All basic subscriber info– Cell site data for call made– Destination of outgoing e-mails– Any other non-content records
• Contents of communications
![Page 45: Internet Vulnerabilities & Criminal Activity Investigation & Prosecution 12.2 December 5, 2011 Investigation & Prosecution 12.2 December 5, 2011](https://reader030.vdocument.in/reader030/viewer/2022032804/56649e425503460f94b3436e/html5/thumbnails/45.jpg)
Electronic Communications Privacy
Act
Electronic Communications Privacy
Act• Five instruments may be required to obtain
information• Subpoena
• Basic subscriber information
• Subpoena with notice• Opened e-mail stored over 180 days
• Court order• Log files• All other relevant records of communications, but not the
contents
• Five instruments may be required to obtain information
• Subpoena• Basic subscriber information
• Subpoena with notice• Opened e-mail stored over 180 days
• Court order• Log files• All other relevant records of communications, but not the
contents
![Page 46: Internet Vulnerabilities & Criminal Activity Investigation & Prosecution 12.2 December 5, 2011 Investigation & Prosecution 12.2 December 5, 2011](https://reader030.vdocument.in/reader030/viewer/2022032804/56649e425503460f94b3436e/html5/thumbnails/46.jpg)
Electronic Communications Privacy
Act
Electronic Communications Privacy
Act• Court Order with notice
• All unopened e-mail or voicemail stored for 180 days or
less
• Search Warrant
• All information in an account
• No required notice to customer
• Nonpublic providers not bound by ECPA
• Court Order with notice
• All unopened e-mail or voicemail stored for 180 days or
less
• Search Warrant
• All information in an account
• No required notice to customer
• Nonpublic providers not bound by ECPA
![Page 47: Internet Vulnerabilities & Criminal Activity Investigation & Prosecution 12.2 December 5, 2011 Investigation & Prosecution 12.2 December 5, 2011](https://reader030.vdocument.in/reader030/viewer/2022032804/56649e425503460f94b3436e/html5/thumbnails/47.jpg)
US Patriot ActUS Patriot Act
• Seize of voicemail messages over 180 days old with order
• Seize voicemail messages less than 180 days old with search warrant
• Expands basic subscriber information• Emergency disclosure of providers to protect
life & limb or regarding terrorism• Delay of required notice of search warrant if
notice may have adverse results• Makes warrants & pen/trace orders national
• Seize of voicemail messages over 180 days old with order
• Seize voicemail messages less than 180 days old with search warrant
• Expands basic subscriber information• Emergency disclosure of providers to protect
life & limb or regarding terrorism• Delay of required notice of search warrant if
notice may have adverse results• Makes warrants & pen/trace orders national