Online Criminal Investigations: The USA Patriot Act, ECPA, and Beyond - PowerPoint PPT Presentation

1 / 57
About This Presentation
Title:

Online Criminal Investigations: The USA Patriot Act, ECPA, and Beyond

Description:

... providers Regulates conduct between different users provider and customer government and provider Civil and criminal ... court orders to conduct ... international ... – PowerPoint PPT presentation

Number of Views:47
Avg rating:3.0/5.0
Slides: 58
Provided by: M1099
Category:

less

Transcript and Presenter's Notes

Title: Online Criminal Investigations: The USA Patriot Act, ECPA, and Beyond


1
Online Criminal InvestigationsThe USA Patriot
Act,ECPA, and Beyond
  • Mark Eckenwiler

Computer Crime and Intellectual Property
Section U.S. Department of Justice
2
The Computer Crime and Intellectual Property
Section
  • Founded in 1991 as Computer Crime Unit
  • Current staff of 30 attorneys
  • Mission of CCIPS
  • Combat computer crime and IP crimes
  • Develop enforcement policy
  • Train agents and prosecutors
  • Promote international cooperation
  • Propose and comment on federal legislation

3
Overview
  • The origins of ECPA (The Electronic
    Communications Privacy Act of 1986)
  • Substance of the statute
  • real-time monitoring
  • stored information
  • How USA Patriot changed (or didnt change) things

4
Why You Might Care About ECPA
  • Comprehensive privacy framework for
    communications providers
  • Regulates conduct between
  • different users
  • provider and customer
  • government and provider
  • Civil and criminal penalties for violations
  • Note state laws may impose additional
    restrictions/obligations

5
Why ECPA Matters toLaw Enforcement
  • As people take their lives online, crime follows
    no different from the real world
  • Online records are often the key to investigating
    and prosecuting criminal activity
  • cyber crimes (network intrusions)
  • traditional crimes (threats, fraud, etc.)
  • ECPA says how and when government can (and
    cannot) obtain those records

6
Scope of the 1968 Wiretap Act
  • Protected two kinds of communications
  • oral and wire
  • criminal penalties and civil remedies
  • extensive procedural rules for court orders to
    conduct eavesdropping
  • By mid-1980s, emerging technologies created areas
    of uncertainty in statute as to
  • wireless telephones
  • non-voice transmissions (e.g., e-mail)

7
Concerns Addressed in ECPA(Enacted in 1986)
  • Added protection for electronic (non-voice!)
    communications to Title III
  • In addition, created a new companion chapter to
    regulate privacy of
  • stored communications
  • non-content information about subscribers (e.g.,
    transactional information)
  • Also new pen register/trap trace statutes
  • for prospective collection of telephone calling
    records

8
Changes 1986-2000
  • A variety of tweaks technical amendments
  • cordless phones
  • CALEA

9
Sweeping New Surveillance Powers Under USA
Patriot ActA List
10
Changes 2001 (USA Patriot)
  • Structure of ECPA/Title III/Pen-Trap remains the
    same
  • No major expansion of authority
  • Many changes simply codify existing practice or
    harmonize parallel provisions of statute
  • In the following slides, a postfixed asterisk ()
    indicates USA Patriot changes to prior law

11
Substantive Provisionsof ECPA
  • Or,
  • Everything you know is wrong

12
Title III/ECPA The CourtsA Love Affair
  • famous (if not infamous) for its lack of
    clarity
  • Steve Jackson Games v. United States Secret
    Service, 36 F.3d 457, 462 (5th Cir. 1994)
  • fraught with trip wires
  • Forsyth v. Barr, 19 F.3d 1527, 1543 (5th Cir.
    1994)
  • a fog of inclusions and exclusions
  • Briggs v. American Air Filter, 630 F.2d 414, 415
    (5th Cir. 1980)

13
The Major Categories
  • Real-time interception (content)
  • Real-time traffic data (non-content)
  • Stored data (content)
  • Subscriber records (non-content)

14
The Matrix
15
Interception of Communications
  • The default rule under 2511(1) do not
  • eavesdrop
  • use or disclose intercepted contents
  • Applies to oral/wire/electronic comms.

16
Penalties
  • Criminal penalties (five-year felony)
    2511(4)
  • exception for first offense, wireless comms.
  • Civil damages of 10,000 per violation plus
    attorneys fees
  • USA Patriot added new language specifically
    imposing liability on government agents
  • Statutory suppression

17
Relevance to Computer Networks
  • Makes it illegal to install an unauthorized
    packet sniffer
  • In numerous federal prosecutions, defendants have
    pled guilty to Title III violations for such
    conduct

18
Exceptions to the General Prohibition
  • Publicly accessible system 2511(2)(g)(i)
  • open IRC channel/chat room
  • Consent of a party
  • System provider privileges
  • Computer trespasser monitoring
  • Court-authorized intercepts

19
Consent of a Party
  • Parallels the Fourth Amendment exception
  • May be implied through
  • login banner
  • terms of service
  • Such implied consent may give an ISP authority to
    pass information to law enforcement and other
    officials

20
System Operator Privileges
  • Provider may monitor private real-time
    communications to protect its rights or property
    2511(2)(a)(i)
  • e.g., logging every keystroke typed by a
    suspected intruder
  • phone companies more restricted than ISPs
  • Under same subsection, a provider may also
    intercept communications if inherently
    necessary to providing the service

21
Computer Trespasser Monitoring (USA Patriot)
  • Problem to be solved what rules allow government
    monitoring of a network intruder?
  • consent of system owner as a party?
  • rights or property monitoring?
  • consent of the intruder via login banner?
  • Because none of these is entirely satisfactory,
    new exception added
  • Note amendment sunsets on 12/31/05

22
Computer Trespasser Defined
  • New 18 U.S.C. 2510(21)
  • person who accesses without authorization
  • definition continues and thus has no reasonable
    expectation of privacy
  • Excludes users who have an existing contractual
    relationship with provider
  • Congress worried about TOS violations as grounds
    for warrantless surveillance
  • there is an opportunity to gain consent from such
    users
  • without it, possible constitutional problems

23
Limits of the New Computer Trespasser Exception
  • Interception under this exception has several
    prerequisites
  • consent of the owner
  • under color of law
  • relevant to an official investigation, and
  • cannot acquire communications other than those
    to/from the trespasser

24
Court-Authorized Monitoring
  • Requires a kind of super-warrant
  • 2518
  • Good for 30 days maximum
  • Necessity, minimization requirements
  • Only available for specified offenses
  • Ten-day reporting
  • Sealing

25
Types of Electronic Communications Intercepts
  • Cloned pagers
  • Keystroking
  • common in network intrusion cases
  • Cloning an e-mail account

26
The Matrix
27
The Matrix
28
Real-Time Collection of Non-Content Records
  • Governed by the pen register/trap and trace
    statute (originally enacted in 1986)
  • Like the Wiretap Act, begins with a general
    prohibition
  • criminal penalties for violations
  • Exceptions for
  • provider self-protection
  • consent of customer (think Caller ID)
  • court order

29
How Things (Didnt) ChangeAs a Result of USA
Patriot
  • Pre-USA Patriot, language was focused on
    telephone records
  • the term pen register means a device which
    records or decodes electronic or other impulses
    which identify the numbers dialed or otherwise
    transmitted on the telephone line to which such
    device is attached (18 U.S.C. 3127(3))
  • New statute Technology-neutral language
  • Amendments codify years of practice, orders
    routinely issued by courts

30
Pen Register/Trap and Trace
  • Old statute very telephone-oriented
  • numbers dialed
  • telephone line
  • Updated statute is technology neutral
  • confirms that the same rules apply to, e.g.,
    Internet communications
  • Retains historical (and constitutional)
    distinction between content non-content
  • Codifies longstanding practice under prior
    statute (e.g., Kopp)

31
What Can A Pen/Trap Device Collect?
  • Plainly included
  • telephone source/destination numbers
  • most e-mail header information
  • source and destination IP address and port
  • Kopp case (2000)
  • Plainly excluded
  • subject line of e-mails
  • content of a downloaded file

32
The Device Formerly KnownAs Carnivore
  • USA Patriot mandates additional judicial
    oversight
  • Where law enforcement uses its own device on a
    public providers computer network pursuant to a
    pen/trap order (3123(a)(3)), agents must file
    detailed report with the authorizing court
  • e.g., date and time of installation and removal
    information collected

33
New Penalties forGovernment Misconduct
  • New section 2712 creates explicit civil and
    administrative sanctions for violations of
  • wiretap statute
  • ECPA (stored records)
  • pen/trap statute
  • FISA (Foreign Intelligence Surveillance Act)
  • Minimum 10,000 civil damages
  • Mandatory 2-level administrative review for
    intentional violations by federal officers

34
The Matrix
35
Stored Communicationsand Subscriber Records
  • 18 U.S.C., Chapter 121

36
Objectives of Chapter 121
  • Regulate privacy of communications held by
    electronic middlemen
  • Congress sought to set the bar higher than
    subpoena in some case
  • put e-mail on a par with postal letter
  • Not applicable to materials in the possession of
    the sender/recipient

37
Dichotomies R Us
  • Permissive disclosure vs. mandatory
  • may vs. must
  • Content of communications vs. non-content
  • content
  • unopened e-mail vs. opened e-mail
  • non-content
  • transactional records vs. subscriber information
  • Basic rule content receives more protection

38
Criminal Violations
  • 18 USC 2701 prohibition
  • Illegal to access without or in excess of
    authorization
  • a facility through which electronic communication
    services are provided
  • and thereby obtain, alter, or prevent access to a
    wire or electronic communication
  • while in electronic storage
  • Misdemeanor, absent aggravating factors

39
Other Enforcement Mechanisms
  • Civil remedies
  • 1,000 per violation
  • attorneys fees
  • punitive damages

40
Subscriber Content and the System Provider
  • Any provider may freely read stored email/files
    of its customers
  • Bohach v. City of Reno, 932 F. Supp. 1232 (D.
    Nev. 1996) (pager messages)
  • A non-public provider may also freely disclose
    that information
  • for example, an employer

41
Public Providers and Permissive Disclosure
  • General rule a public provider (e.g., an ISP)
    may not freely disclose customer content to
    others 18 U.S.C. 2702
  • Exceptions
  • consent
  • necessary to protect rights or property of
    service provider
  • to law enforcement if contents inadvertently
    obtained, pertains to the commission of a crime
  • imminent threat of death/serious injury

42
Permissive Disclosure and Non-Content Subscriber
Information
  • Rule is short and sweet
  • Provider may disclose non-content records to
    anyone except a governmental entity
  • New exceptions
  • to protect providers rights/property
  • threat of death/serious bodily injury
  • Pre-existing exceptions
  • appropriate legal process
  • consent of subscriber

43
Mandatory Disclosures Legal Process Used by the
Government
  • Keep in mind the same dichotomy
  • content vs. non-content
  • All governed by 2703
  • Types of process
  • search warrant
  • subpoena (grand jury, administrative, etc.)

44
Government Access to Private Communications
(Content)
  • For unopened email/voicemail lt 180 days old
    stored on a providers system, government must
    obtain a search warrant 18 U.S.C. 2703(a)
  • warrant operates like a subpoena
  • Congressional analogy treat undelivered email
    like postal mail (see S. Ct. cases)

45
Government Access to Private Communications
(Content)
  • For opened e-mail/voicemail (or other stored
    files), government may send provider a subpoena
    and notify subscriber 18 U.S.C. 2703(b)
  • only applicable to public providers
  • May delay notice 90 days ( 2705(a)) if
  • destruction or tampering w/ evidence
  • intimidation of potential witnesses
  • otherwise seriously jeopardizing an investigation

46
The Matrix
47
The Two Categories ofNon-Content Information
  • Subscriber information
  • 2703(c)(2)
  • Transactional records
  • 2703(c)(1)

48
Basic Subscriber Information
  • Can be obtained through subpoena
  • Provider must give government
  • name address of subscriber
  • local and LD telephone toll billing records
  • telephone number or other account identifier
  • type of service provided
  • length of service rendered
  • USA Patriot clarifies that this includes
  • method/means of payment (e.g., credit card
    number)
  • temporary address info (e.g., dynamic IP
    assigment records)

49
Transactional Records
  • Not content, not basic subscriber info
  • Everything in between
  • audit trails/logs
  • addresses of past e-mail correspondents
  • Obtain through
  • warrant
  • section 2703(d) court order
  • Note prior to CALEA (10/94), a subpoena was
    sufficient

50
Section 2703(d) Orders
  • Articulable facts order
  • specific and articulable facts showing that
    there are reasonable grounds to believe that the
    specified records are relevant and material to
    an ongoing criminal investigation
  • Not as high a standard as probable cause
  • But, like warrant ( unlike subpoena), requires
    judicial oversight factfinding
  • Can get non-disclosure order with it

51
The Matrix
52
Summary Legal Process ECPA
  • Warrant
  • required for unopened e-mail
  • can be used (but not required) for other info
  • Court order under 2703(d)
  • opened e-mail, unopened e-mail gt180 days old, or
    files (with prior notice)
  • transactional records
  • Subpoena
  • opened e-mail or files (with prior notice)
  • basic subscriber info

53
2703(f) Requests to Preserve
  • Government can ask for anything (content or
    non-content) to be preserved
  • Prospective?
  • Government must still satisfy the usual standards
    if it wants to receive the preserved data

54
Summary of Notable Changes
  • Pen register/trap and trace statute updated
  • Enhanced disclosure by providers to protect life
    limb
  • Computer trespasser monitoring exception added
  • Scope of basic subscriber info clarified
  • Expanded liability for government misuse

55
Summary
  • USA PATRIOT Act is not a sweeping expansion of
    surveillance authority
  • Instead, makes narrowly tailored changes to
    harmonize or clarify statute
  • Leaves intact the existing framework of privacy
    statutes

56
For More Information
  • Computer Crime Sections home page
    www.cybercrime.gov
  • legal policy treatises on intrusions, ECPA, USA
    Patriot, computer search seizure
  • mailing list for news updates
  • requests for speakers

57
(No Transcript)
Write a Comment
User Comments (0)
About PowerShow.com