CYBERCRIMES CERTIFICATIONS COURSE

Similar documents
HB By Representative Hall. RFD: Judiciary. First Read: 23-APR-13. Page 0

SUBSCRIBER PRIVACY NOTICE

CYBERCRIME LAWS OF THE UNITED STATES

Electronic Communications Privacy Protection Act. SECTION 1. {Title} This Act may be cited as the Electronic Communications Privacy Protection Act.

Digital Evidence Collection and Use. CS 585 Fall 2009

SENATE... No The Commonwealth of Massachusetts. In the Year Two Thousand Fourteen

HOUSE BILL REPORT ESHB 1440

BILL ANALYSIS. Senate Research Center H.B By: Frullo et al. (Carona) Criminal Justice 5/12/2013 Engrossed

JAN (a) The obstruction, impairment, or hindrance of the. (b) The obstruction, impairment, or hindrance of any

IN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF MARYLAND

Department, Board, Or Commission Author Bill Number

NC General Statutes - Chapter 15A Article 17 1

Committee on Civil Liberties, Justice and Home Affairs - The Secretariat - Background Note on

UNITED STATES COURT OF APPEALS FOR THE NINTH CIRCUIT

IN THE SUPREME COURT OF THE STATE OF DELAWARE

UNITED STATES DISTRICT COURT MIDDLE DISTRICT OF FLORIDA TAMPA DIVISION. v. CASE NO. 8:15-CR-244-T-23AEP PLEA AGREEMENT

Crimes (Computer Hacking)

Title 5: ADMINISTRATIVE PROCEDURES AND SERVICES

CHAPTER 124B COMPUTER MISUSE

INDIANA FALSE CLAIMS AND WHISTLEBLOWER PROTECTION ACT. IC Chapter 5.5. False Claims and Whistleblower Protection

CRIMINAL LAW AND VICTIMS RIGHTS

Secretary of the Senate. Chief Clerk of the Assembly. Private Secretary of the Governor

ARRIS WHOLE HOME SOLUTION PRIVACY POLICY AND CALIFORNIA PRIVACY RIGHTS STATEMENT

Decades of Successful Sex Crimes Defense Contact the Innocence Legal Team Now

Information for Crime Victims and Witnesses

LAWS OF BRUNEI CHAPTER 194 COMPUTER MISUSE ACT

COMPUTER MISUSE AND CYBERSECURITY ACT (CHAPTER 50A)

CAUSE NO. THE STATE OF TEXAS IN THE 49th DISTRICT COURT ZAPATA COUNTY, TEXAS

IAC 7/2/08 Parole Board[205] Ch 11, p.1. CHAPTER 11 PAROLE REVOCATION [Prior to 2/22/89, Parole, Board of[615] Ch 7]

H 7542 S T A T E O F R H O D E I S L A N D

HP0868, LD 1187, item 1, 123rd Maine State Legislature An Act To Recoup Health Care Funds through the Maine False Claims Act

WEST VIRGINIA STATE POLICE LEGAL SERVICES

COMPUTER MISUSE AND CYBERCRIME ACT

San Antonio Police Department FORGERY DETAIL 315 S. Santa Rosa SAN ANTONIO, TX (210) OFFICE (210) FAX

Purpose of the Victim/Witness Unit

51ST LEGISLATURE - STATE OF NEW MEXICO - FIRST SESSION, 2013

Legislative Language

Montana Elder and Persons With Developmental Disabilities Abuse Prevention Act

BILL ANALYSIS. C.S.S.B By: Wentworth Civil Practices Committee Report (Substituted) BACKGROUND AND PURPOSE

UNDERSTANDING THE CRIMINAL JUSTICE SYSTEM Anne Benson

General District Courts

BILL ANALYSIS. Senate Research Center C.S.S.B By: Wentworth Jurisprudence 4/5/2007 Committee Report (Substituted)

Chapter 153. Violations and Fines 2013 EDITION. Related Laws Page 571 (2013 Edition)

Prepared by: Hon. Duncan W. Keir, Judge U.S. Bankruptcy Court for the District of Maryland. and. Richard L. Wasserman, Esq.

Domestic Violence and Protective Orders

Presented by: Bronson Tucker General Counsel TJCTC


INTRODUCTION DO YOU NEED A LAWYER?

California s Alternative Sentencing Law for Veterans and Members of the U.S. Military

Please note that this Act can also be viewed online on the Illinois General Assembly website at

GOVERNMENT PROSECUTIONS AND QUI TAM ACTIONS

SUPREME COURT OF PENNSYLVANIA DOMESTIC RELATIONS PROCEDURAL RULES COMMITTEE RECOMMENDATION 140

Morgan County Prosecuting Attorney Debra MH McLaughlin

4. Laying of orders and regulations before Houses of Oireachtas.

Queensland DRUG REHABILITATION (COURT DIVERSION) ACT 2000

Senate Bill No. 38 Committee on Transportation and Homeland Security

Federal Criminal Court

NC General Statutes - Chapter 15A Article 48 1

Community Legal Information Association of PEI, Inc. Sexual Assault

Glossary of Terms Acquittal Affidavit Allegation Appeal Arraignment Arrest Warrant Assistant District Attorney General Attachment Bail Bailiff Bench

CALIFORNIA FALSE CLAIMS ACT GOVERNMENT CODE SECTION

MODEL CRIMINAL DEFENSE MENTORING PROGRAM Utah State Bar New Lawyer Training Program

V Seven areas are covered by this Notice:

Chapter 13 Procedure (Last Updated: May 13, 2013) Chapter 13.A Speedy Trial Chapter 13.B Recorded Interrogations

BASIC CRIMINAL LAW. Joe Bodiford. Overview of a criminal case Presented by: Board Certified Criminal Trial Lawyer

SEALING OF RECORDS. Conviction / Acquittal / Dismissal CLARK COUNTY DISTRICT ATTORNEY S OFFICE. DAVID ROGER District Attorney

As used in this chapter, the following words shall, unless the context clearly requires otherwise, have the following

S. ll IN THE SENATE OF THE UNITED STATES A BILL

Chapter 813. Driving Under the Influence of Intoxicants 2013 EDITION. Title 59 Page 307 (2013 Edition)

United States Court of Appeals

Anti-Bribery and Books & Records Provisions of. The Foreign Corrupt Practices Act. Current through Pub. L (November 10, 1998)

Criminal Justice Sector and Rule of Law Working Group

Family Educational Rights Privacy (FERPA) Act

EXPUNCTIONS IN TEXAS

Troy Cablevision, Inc. Subscriber Privacy Policy

A. Asset Forfeiture Laws in Colorado

Chapter 3. Justice Process at the County Level. Brooks County Courthouse

SUBJECT: INFORMATION TECHNOLOGY RESOURCES I. PURPOSE

Comcast Cable. Law Enforcement Handbook

CRIME VICTIM ASSISTANCE STANDARDS

HIPAA Notice of Privacy Practices

IN THE COURT OF APPEALS OF TENNESSEE AT KNOXVILLE

What is DOMESTIC VIOLENCE?

DOMESTIC VIOLENCE Guidelines on Police Response Procedures in Domestic Violence Cases

Vermont Legislative Council

Part 2 Peace Officer Training and Certification Act

GETTING THROUGH THE CRIMINAL JUSTICE SYSTEM

APPEARANCE, PLEA AND WAIVER

Right to Financial Privacy Act

Chapter 15 Criminal Law and Procedures

IN THE UNITED STATES DISTRICT COURT FOR THE WESTERN DISTRICT OF MISSOURI ST. JOSEPH DIVISION. v. Case No : ,03,05/08-CR-W-SOW

Transcription:

CYBERCRIMES CERTIFICATIONS COURSE TCLEOSE Course #3210 Sponsored by The Harris County Constables Office, Pct 4, 6831 Cypresswood Drive, Spring Texas 77379

WARNING This presentation is being given a rating of B expect excessively boring material to be discussed for the next 6 hours...unless the speaker gets on a roll in which it might be for the next 8-10 hours. 2

This presenter, however, has been rated 3

4

EULA Any and all statements made by the presenter are the opinion of the presenter and do not represent in any way the opinion of the Harris County Pct 4 Constable s Office, the Houston Metro ICAC, the State of Texas, The United States, the United Nations, the Planet Earth or any sane individual Any portion of this class that you like or find helpful is the sole idea and property of Eric Devlin. Any portion of this class that you dislike or find offensive is the sole idea and property of Gary Spurger & Stephen Driver. 5

Unit 9 Liabilities Associated with Evidence 6

The evidence that a Cybercrime investigator will obtain during the course of their investigation is sensitive in nature. Some evidence is contraband outright (Child Pornography) and carries significant penalties simply for possessing it Other evidence can have far reaching consequences for innocents, including personal or financial stress The evidence is not simply a Hard Drive, a Computer, or a CD, rather it is the data contained within that physical object The Investigator should never commingle evidence with other day to day digital material 7

Use of an Investigation Machine vs. Use of Everyday Machine An Investigation Machine is a specific device designated for use during undercover or sensitive investigations ú Removed from your Department Network ú Secured from use by individuals other than the investigator EveryDay Machine is a device used during common every day work like writing reports, department emails, and other activities ú Attached to your Department Network ú No extra security other than standard for your department 8

Benefits of an Investigative Machine approach Your machine that you conduct investigative actions on is subject to subpoena from the defense attorney ú If subpoenaed, only the investigative machine is removed, and the daily machine is still available for use. Your investigative machine is going to need the ability to download and install programs and look at dangerous material, subjecting itself to an increased chance of infection Prevents unauthorized individuals from obtaining contraband or learning confidential processes. 9

Sensitivity of Data also pertains to the type of evidence an investigator seeks. Know the Bounds of Your authority to search ú ex. Search Warrant on Fraud Case and during forensic examination, child pornography is found 3 possible paths (Which one is best) Path 1- forge ahead and look for everything Path 2- forge ahead and continue your exam still looking for only the fraud information Path 3- Pause, obtain a new search warrant based upon updated information and continue exam looking for both fraud and child pornography. 10

Finding Contraband on a Preview or Consent Contraband is seizable without a warrant If on a consent to search, and you find child pornography, even if the consenting party withdraws their consent, the device is still taken. A search warrant needs to be obtained to continue the forensic exam. 11

9.2 Federal Rules of Evidence The Federal Rules of Evidence have begun to modernize in regards to computer records and cyber evidence. They have begun to move toward the concept that computer evidence has an inherent reliability and is not subject to hearsay rules. 12

Federal Rule of Evidence 803(6) Records of Regularly Conducted Activity A memorandum, report, record, or data compilation, in any form, of acts, events, conditions, opinions, or diagnoses, made at or near the time by, or from information transmitted by, a person with knowledge, if kept in the course of a regularly conducted business activity, and if it was the regular practice of that business activity to make the memorandum, report, record, or data compilation, all as shown by the testimony of the custodian or other qualified witness, unless the source of information or the method or circumstances of preparation indicate lack of trustworthiness. The term "business" as used in this paragraph includes business, institution, association, profession, occupation, and calling of every kind, whether or not conducted for profit. 13

Federal Rule of Evidence 803(6) Authenticity and the Alteration of Computer Records Computer records can be altered easily, and opposing parties often allege that computer records lack authenticity because they have been tampered with or changed after they were created. The courts have responded with considerable skepticism to such unsupported claims that computer records have been altered. Absent specific evidence that tampering occurred, the mere possibility of tampering does not affect the authenticity of a computer record. 14

Federal Rule of Evidence 803(6) Establishing the Reliability of Computer Programs The authenticity of computer-generated records sometimes implicates the reliability of the computer programs that create the records. For example, a computer-generated record might not be authentic if the program that creates the record contains serious programming errors. If the program's output is inaccurate, the record may not be "what its proponent claims" according to Fed. R. Evid. 901. Prosecutors may note the conceptual overlap between establishing the authenticity of a computer-generated record and establishing the trustworthiness of a computer record for the business record exception to the hearsay rule. In fact, federal courts that evaluate the authenticity of computer-generated records often assume that the records contain hearsay. 15

This analysis is technically incorrect in many cases: computer records generated entirely by computers cannot contain hearsay and cannot qualify for the business records exception because they do not contain human "statements." As a practical matter, however, prosecutors who lay a foundation to establish a computer-generated record as a business record will also lay the foundation to establish the record's authenticity. Evidence that a computer program is sufficiently trustworthy so that its results qualify as business records according to Fed. R. Evid. 803(6) also establishes the authenticity of the record. Compare United States v. Saputski, 496 F.2d 140, 142 (9th Cir. 1974). 16

Federal Rule of Evidence 803(6) Identifying the Author of Computer-Stored Records Although handwritten records may be penned in a distinctive handwriting style, computer-stored records consist of a long string of zeros and ones that do not necessarily identify their author. This is a particular problem with Internet communications, which offer their authors an unusual degree of anonymity. 17

For example, Internet technologies permit users to send effectively anonymous e-mails, and Internet Relay Chat channels permit users to communicate without disclosing their real names. When prosecutors seek the admission of such computer-stored records against a defendant, the defendant may challenge the authenticity of the record by challenging the identity of its author. 18

How to Identify Ownership? Circumstantial evidence generally provides the key to establishing the authorship and authenticity of a computer record. For example, in United States v. Simpson, 152 F.3d 1241 (10th Cir. 1998), prosecutors sought to show that the defendant had conversed with an undercover FBI agent in an Internet chat room devoted to child pornography. The government offered a printout of an Internet chat conversation between the agent and an individual identified as "Stavron," and sought to show that "Stavron" was the defendant. 19

The district court admitted the printout in evidence at trial. On appeal following his conviction, Simpson argued that "because the government could not identify that the statements attributed to [him] were in his handwriting, his writing style, or his voice," the printout had not been authenticated and should have been excluded. Id. at 1249. The defendant in this case also argued on appeal that the evidence should not be admissible because the path to the suspect files was different because the files had been moved. Those files could then contain different content data. The appeal was subsequently denied on both counts. 20

9.3 The Patriot Act The Patriot Act was passed in 2001 in response to the terrorist attacks on 9/11. The purpose of the act was to ease the restrictions on law enforcement efforts to gather data in relation to intelligence gathering and domestic security. Important changes include: 21

For pen registers and trap and trace orders, the standard for issuing those orders is that it must simply be relevant to the criminal investigation, and the judge has no discretion in issuing the order, if relevance is shown, the judge MUST issue the trap and trace order. Grand Jury Subpoenas may not be issued for credit card numbers and banking information used to purchase goods and services over cyberspace. 22

c) Originally if you wished to receive stored electronic mail it required a federal wire tap order, which is more burdensome than other requests. The Patriot Act defined stored electronic communications as obtainable through a search warrant. d) Allowed for ISP s to provide immediate disclosure of identifying information including I.P. addresses and private customer information if it is shown that a reasonable person might believe that there is an immediate risk of death of serious bodily injury. (provides civil protection) 23

e) Expanded the trap and trace requirements to include cable companies that offer more than just television services. Originally in an effort to protect government from finding out what TV shows you were watched the Cable Companies were immune from trap and trace orders. Federal Cyber search warrants such as ISP s and Emails do not have to be executed in the jurisdiction they are signed. Ex. A California federal court can issue a search warrant for an ISP or email in New Jersey. 24

9.4 The Electronic Communications Privacy Act Sets out the provisions for access, use, disclosure, interception and privacy protections of electronic communications. The law was enacted in 1986 and covers various forms of wire and electronic communications Title 18 of the United States Code encompasses the ECPA 25

According to the U.S. Code, electronic communications "means any transfer of signs, signals, writing, images, sounds, data, or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic, photo electronic or photo optical system that affects interstate or foreign commerce." ECPA prohibits unlawful access and certain disclosures of communication contents. Additionally, the law prevents government entities from requiring disclosure of electronic communications from a provider without proper procedure. 26

This Act basically spells out for ISPs the information which they may release and under what form of legal authorization. For specific information a Subpoena, Court Order or Search Warrant will be required to obtain the data the investigator seeks. Normally for a Cybercrime it will be either a Subpoena or a Search Warrant which is required. 27

Legal Update #1 US v. Abel Lopez The defendant is arrested during a transaction for dealing meth to an undercover officer The defendant has a cell phone on him, no evidence of use of the phone during the operation Officers search the phone, and record the numbers called, text messages, and phone list. The court reached the conclusion that the phone is not a computer but rather just like a diary or address book. This is bad law and is completely contrary to all of the other emerging trends. DO NOT FOLLOW THIS CASE. 28

Texas Version of Legal Update 1 State of Texas vs. Anthony Granville! a High School student was arrested for class C misdemeanor and booked into county jail (student was 17). His cellphone was placed in the jail property room, a School Resource Officer (officer was employed by municipal police officer) checked the phone out and conducted search on the device. The Texas Court of Criminal Appeals ruled that a cellphone is not like a pair of pants or bag of groceries where the owner loses all rights to privacy upon being booked in. 29

Texas Version of Legal Update 1 Part 2 The court found that people have a legitimate expectation of privacy in the contents of their cellphone. The court went further and talked about the a search incident to arrest. [O]nce law enforcement officers have reduced luggage or other personal property not immediately associated with the person of the arrestee to their exclusive control, and there is no longer any danger that the arrestee might gain access to the property to seize a weapon or destroy evidence, a search of that property is no longer incident to the arrest. 30

Texas Version of Legal Update 1 Part 3 In such circumstances, the police may legitimately seize the property and hold it while they seek a search warrant.but they may not embark upon a general, evidence-gathering search,especially of a cell phone which contains much more personal information... than could ever fit in a wallet, address book, briefcase, or any of the other traditional containers that the government has invoked! The court found that someone arrested still retains an expectation of privacy, just a reduced one and that the purpose of search incident to arrest is to be limited to promoting officer safety and preventing evidence from being destroyed 31

9.5 Privacy Protection Act of 1980 Title 42, Chapter 21A, Subchapter I, Part A, Section 2000aa Searches and seizures by government officers and employees in connection with investigation or prosecution of criminal offenses 32

Work Product Materials Notwithstanding any other law, it shall be unlawful for a government officer or employee, in connection with the investigation or prosecution of a criminal offense, to search for or seize any work product materials possessed by a person reasonably believed to have a purpose to disseminate to the public a newspaper, book, broadcast, or other similar form of public communication, in or affecting interstate or foreign commerce 33

but this provision shall not impair or affect the ability of any government officer or employee, pursuant to otherwise applicable law, to search for or seize such materials, if there is probable cause to believe that the person possessing such materials has committed or is committing the criminal offense to which the materials relate a government officer or employee may not search for or seize such materials under the provisions of this paragraph if the offense to which the materials relate consists of the receipt, possession, communication, or withholding of such materials or the information contained therein there is reason to believe that the immediate seizure of such materials is necessary to prevent the death of, or serious bodily injury to, a human being. 34

such a search or seizure may be conducted under the provisions of this paragraph if the offense consists of the receipt, possession, or communication of information relating to the national defense, classified information, or restricted data under the provisions of section 793, 794, 797, or 798 of title 18, or section 2274, 2275, or 2277 of this title, or section 783 of title 50, if the offense involves the production, possession, receipt, mailing, sale, distribution, shipment, or transportation of child pornography, the sexual exploitation of children, or the sale or purchase of children under section 2251, 2251A, 2252, or 2252A of title 18); 35

Other Documents Notwithstanding any other law, it shall be unlawful for a government officer or employee, in connection with the investigation or prosecution of a criminal offense, to search for or seize documentary materials, other than work product materials, possessed by a person in connection with a purpose to disseminate to the public a newspaper, book, broadcast, or other similar form of public communication, in or affecting interstate or foreign commerce; 36

but this provision shall not impair or affect the ability of any government officer or employee, pursuant to otherwise applicable law, to search for or seize such materials, if there is probable cause to believe that the person possessing such materials has committed or is committing the criminal offense to which the materials relate ú Provided, however, That a government officer or employee may not search for or seize such materials under the provisions of this paragraph if the offense to which the materials relate consists of the receipt, possession, communication, or withholding of such materials or the information contained therein 37

this provision does apply to investigations for national defense, classified information, or restricted data or offense involves the production, possession, receipt, mailing, sale, distribution, shipment, or transportation of child pornography, the sexual exploitation of children, or the sale or purchase of children 38

there is reason to believe that the immediate seizure of such materials is necessary to prevent the death of, or serious bodily injury to, a human being; (3) there is reason to believe that the giving of notice pursuant to a subpoena duces tecum would result in the destruction, alteration, or concealment of such materials; or (4) such materials have not been produced in response to a court order directing compliance with a subpoena deuces tecum, and (A) all appellate remedies have been exhausted; or (B) there is reason to believe that the delay in an investigation or trial occasioned by further proceedings relating to the subpoena would threaten the interests of justice. 39

Objections to court ordered subpoenas; affidavits In the event a search warrant is sought pursuant to paragraph (4) (B) of subsection (b) of this section, the person possessing the materials shall be afforded adequate opportunity to submit an affidavit setting forth the basis for any contention that the materials sought are not subject to seizure. ú (http://www.law.cornell.edu/uscode/42/2000aa.html ) 40

What does this all Mean? When in doubt, ask the person a plain and simple question to the effect do you have protected material on your computer. If they answer in the affirmative, it is up to the investigator to provide them with a copy of their work without delay. This does not mean six months from the date of seizure. The person has a right to their literary work if it is to be published in some form in a public venue. The courts have held under this act that a law enforcement official may be personally civilly liable for damages and inconvenience to the person whom the items were taken. This also extends to the employing entity of the official. 41

9.6 Reasonable Expectation of Privacy Unless a person is using a computer which does not belong to him/her and they have not been given notice the machine is subject to search, Individuals have a reasonable expectation to privacy just as if you were to use a pay phone in a train station. 42

This expectation may also transcend into the work place if the person has not been given the notice they may not perform personal functions on a work computer. This is especially true in a work environment where the employee is the only person using the computer and no ground work has been laid before as to the expectation of privacy. 43

In an environment where two persons use the same computer and have a unified login: either party may consent to a voluntary search of the computer as it is plain neither has an expectation of personal privacy someone else has normal access to the computer. If both parties have separate logins then the expectation of privacy is attached and one may not consent for another Think of it as a room in which the parents do not go for their teen child who now has a lock on the door. We work the reasonableness much the same ways for digital evidence as physical evidence. 44

LEGAL UPDATE #2 US v. Jones, No 10-1259, United States Supreme Court. Installation of GPS device on suspect s car could be a search based upon circumstances surrounding the installation and monitoring Circumstances to be considered ú How the installation will be done ú What method for the installation ú What method for the monitoring ú Length of time to monitor THIS CASE DOES NOT MATTER TO US...STATE LAW REQUIRES A COURT ORDER 45

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information