Legal Aspects of IO - PowerPoint PPT Presentation

1 / 75
About This Presentation
Title:

Legal Aspects of IO

Description:

PATRIOT Act of 2001. IO Law Outline, p. 1-17 ... of the Patriot Act was enacted it was unclear whether computer owners could ... USA PATRIOT ACT of 2001 ... – PowerPoint PPT presentation

Number of Views:58
Avg rating:3.0/5.0
Slides: 76
Provided by: ronald90
Category:
Tags: aspects | legal | patriot

less

Transcript and Presenter's Notes

Title: Legal Aspects of IO


1
College of Aerospace Doctrine, Research, and
Education
Legal Aspects of IO IW 230
2
The Big Picture
  • The law lags evolution of technology
  • Find answers in existing principles
  • Our actions affect evolution of the law
  • Shape legal framework to further national
    interest
  • Governmental actors must consider spirit not just
    letter of the law

3
AFDD 2-5
INFORMATION SUPERIORITY
INFORMATION OPERATIONS
Successfully executed Information
Operations achieve information superiority
4
Information Operations
  • Joint Actions taken to affect adversary
    information and information systems while
    defending ones own information and information
    systems
  • Offensive and Defensive IO
  • The Air Force believes that in practice a more
    useful working definition is
  • those actions taken to gain, exploit, defend, or
    attack information and information systems
  • Information Warfare and Information-In-Warfare

5
Information Warfare
  • Information operations conducted during time of
    crisis or conflict to achieve or promote specific
    objectives over a specific adversary or
    adversaries. The Air Force believes that,
    because the defensive component of IW is always
    engaged, a better definition is Information
    operations conducted to defend ones own
    information and information systems, or to attack
    and affect an adversarys information and
    information systems.

  • AFDD 2-5, Aug 98

6
USSPACECOM DoDs Lead for CND and CNA
  • JTF CND
  • Chartered in 1998 as an interim organization to
    handle coordination of DoDs Computer Network
    Defense
  • JTF CNO
  • CINCSPACE received the mission for Computer
    Network Attack in Oct 00
  • Decision to expand JTF CND
  • 2 Apr 2001, JTF redesignated JTF Computer
    Network Opertions

7
The Future
  • It seems to me that, philosophically, rather
    than conducting information operations as ends in
    themselves, we want to operate in the
    information age. By that I mean integrating,
    and not stovepiping, the various areas of
    information operations into our overall military
    plans and operations.
  • --General Ed Eberhart, USCINCSPACE

8
AF Future Capabilities Game 2001 An Introduction
to Network Warfare of the Future
  • Computer Network Operations
  • Computer Network Defense
  • Computer Network Exploitation
  • Computer Network Attack

9
CNO Taxonomy
  • Computer Network Defense
  • Those measures, internal to the protected entity,
    taken to protect and defend information,
    computers and networks from intrusion,
    exploitation, disruption, denial, degradation or
    destruction.

10
CNO Taxonomy
  • Computer Network Defense
  • Actions taken to protect, monitor, analyze,
    detect, and respond to unauthorized activity
    within . . . information systems and computer
    networks. (DoDD O-8530.1)
  • Defensive measures to protect and defend
    information, computers, and networks from
    disruption, denial, degradation, or destruction.
    (JP1-02)

11
CNO Taxonomy
  • Computer Network Attack
  • Operations using computer hardware or software,
    or conducted through computers or computer
    networks, with the intended objective or likely
    effect of disrupting, denying, degrading or
    destroying, information resident in computers or
    computer networks, or the computers and networks
    themselves.

12
CNO Taxonomy
  • Active CND (Computer Network Response)
  • Those measures, that do not constitute CNA, taken
    to protect and defend information, computers, and
    networks from disruption, degradation, denial,
    destruction, or exploitation, that involve
    activity external to the protected entity. CNR,
    when authorized, may include measures to
    determine the source of hostile CNA or CNE.

13
CNO Taxonomy
  • Computer Network Exploitation
  • Intelligence collection operations that obtain
    information resident in files of threat automated
    information systems (AIS) and gain information
    about potential vulnerabilities, or access
    critical information resident within foreign AIS
    that could be used to the benefit of friendly
    operations.
  • (CJCSI 6510.01C)

14
Overview
  • Part I Computer Network Defense (CND)
  • Computer Monitoring
  • Computer Crime
  • Active Defense / Computer Network Response
  • Part II Computer Network Attack (CNE/CNA)
  • Development of International Law
  • The Use of Force in Peacetime
  • US/Foreign Domestic Laws
  • The Law of War

15
Part I Computer Monitoring (Part of CND)IO Law
Outline, p. 1-15
  • System Administrators
  • Monitoring, Encryption, Intelligence Oversight
  • Law Enforcement / FISA
  • Intelligence Community

16
NATIONAL CRITICAL INFRASTRUCTURES
TRANSPORTATION
ENERGY
DEFENSE
TELECOMMUNICATION
BANKING
Information Infrastructure
17
Information Security--Monitoring
  • One of the first lines of defense in protecting
    AF information systems
  • Monitoring performed for different reasons by
    different actors
  • systems protection / network professionals
  • operational security / TMAP assets
  • evidentiary interception / law enforcement
    investigators

18
Analytical Blueprint
  • Analysis starts with the three Ws
  • Who?
  • What?
  • Why?
  • Different ROEs based on answers
  • Law Enforcement interceptions
  • Intel-counterintel surveillance
  • Systems protection monitoring

19
Monitoring Legal Constraints
  • 4th Amendment Right to Privacy
  • Electronic Communications Privacy Act

20
Legal Principles--Constitutional Law
  • Fourth Amendment prohibition against Unreasonable
    Search Seizure
  • Protects people not places
  • Is there a reasonable expectation of privacy?
  • If so, is the search reasonable?
  • Governed by totality of circumstances
  • Degree of protection proportional to expectation
    of privacy
  • Summary of Case Law, p. 1-37

21
U.S. v. Monroe(AFCCA Feb 5, 1999)
  • Court found Monroe had no expectation of privacy
    in an e-mail account on a government server as to
    his supervisors and the system administrator
    (Banner)
  • E-mail accounts were given for official business,
    although users were authorized to send and
    receive limited textual and morale messages to
    and from friends and family
  • Monroe did not have a government computer, but
    had a personal computer in his dorm room

22
Monroe...
  • Court used the analogy of an unsecured file
    cabinet in the members superiors work area in
    which an unsecured drawer was designated for
    his/her use in performing his/her official duties
    with the understanding that his superiors had
    free access to the cabinet, including the drawer
  • Affirmed by CAAF, 13 March 2000

23
Electronic Communications Privacy Act (ECPA)
  • Statutorily conferred an expectation of privacy
    in electronic and wire communications
  • Interception of electronic communications
  • Access into stored communications
  • Generally prohibits interception of electronic
    communications, or access into stored
    communications, without court order
  • aimed at law enforcement
  • numerous exceptions
  • systems provider exception
  • consent
  • court order


24
ECPA Rights and Limitations
  • May monitor and disclose traffic data
  • May access electronic communications stored on
    his or her system
  • May disclose the contents of those communications
    to others unless he or she is providing
    electronic communications services to the public

25
Real Time Monitoring-- The provider exception
  • May monitor in real-time (and thereafter
    disclose) wire and electronic communications,
  • so long as such monitoring and disclosure is
    conducted in the normal course of his employment
  • while engaged in any activity which is a
    necessary incident to the rendition of his
    service or to the protection of the rights or
    property of the provider of that service.

26
Disclosure to Law Enforcement
  • May disclose real-time communications he or she
    has monitored (or stored communications he or she
    has accessed) with the consent of an appropriate
    party, normally an individual who is a party to
    the communication, or when
  • Evidence of crime is apparent and inadvertantly
    obtained

27
PATRIOT Act of 2001 IO Law Outline, p. 1-17
  • Section 212 of the amends subsection 2702(b)(6)
    (ECPA) to permit, but not require, a service
    provider to disclose to law enforcement either
    content or non-content customer records in
    emergencies involving an immediate risk of death
    or serious physical injury to any person.
  • This section also allows providers to disclose
    information to protect their rights and property.

28
PATRIOT Act of 2001IO Law Outline, p. 1-18
  • Although the wiretap statute allows computer
    owners to monitor the activity on their machines
    to protect their rights and property, until
    Section 217 of the Patriot Act was enacted it was
    unclear whether computer owners could obtain the
    assistance of law enforcement in conducting such
    monitoring

29
Consent Banners are our friend
  • Promotes awareness for users (ECPA exceptions not
    necessarily obvious)
  • 2nd exception under ECPA

30
Limits on Consent
  • Defined by what banner says
  • Limited to providers own network
  • Duration must be short term, then get Wiretap
    Order (DoJ)

31
OPSEC/COMSEC SurveillanceIO Law Outline, p. 1-19
  • AFI 33-219
  • authority given only to HQ AIA TMAP elements
  • consent monitoring / banners
  • certification process
  • SJA must review detailed summary of consent
    notification actions
  • determines if actions legally sufficient to
    constitute consent

32
ROEs--Search (cont)
  • Is the search/seizure reasonable?
  • consent
  • search authorization or warrant
  • AFOSI vs Security Forces

33
ROEs--Interceptions
  • AFI 71-101, Vol 1 Requires Approval for
    Interceptions
  • AFOSI/CC
  • SAF/GC
  • DOJ (nonconsensual)

34
Tips on Handling Computer Abuse Cases
  • SYSAD usually identifies govt. I.P. addresses
    where abuse taking place
  • Does Not Need to Monitor Real-Time
  • Appropriate commander/senior leader should be
    briefed, then assemble all users to notify them
    of impropriety, warn
  • If it continues, SYSAD, commander, and SF can
    mount a sting to catch perp in the act

35
Computer CrimeIO Law Outline, p. 1-23
  • Federal Computer Crime Statutes
  • 18 USC 1029, 1030
  • 18 USC 1028 (Identity Theft)
  • 18 USC 2251, 2252, 2252A (Sexual Exploitation of
    Children)
  • 18 USC 2511, 2701 (Wiretap Statute and ECPA)
  • UCMJ Articles
  • General Article (134)
  • Failure to Obey Order or Regulation (92)

36
USA PATRIOT ACT of 2001
  • Uniting and Strengthening America by Providing
    Appropriate Tools Required to Intercept and
    Obstruct Terrorism Act

37
Nationwide Search Warrants for E-mail Sec 220
  • Old Search warrant needed to compel disclosure
    of unopened e-mail less than six months old in
    Electronic Computing Service or Remote Computing
    Service (i.e. ISP)
  • Had to be issued by court within district where
    e-mail was stored
  • New nationwide search warrants for e-mail
  • Allows court with jurisdiction over the offense
    to issue single search warrant
  • Subject to sunset

38
Intercepting Voice Comms in Hacking Cases Sec
202
  • Old Could not get wiretap order to intercept
    wire communications (involving human voice) for
    violations of the Computer Fraud and Abuse Act
    (18 U.S.C. 1030)
  • Hackers have stolen teleconferencing services to
    plan and execute hacks
  • New Adds felony violations of Computer Fraud
    and Abuse Act to list of offenses that support a
    voice wiretap order
  • Sunsets December 2005

39

Obtaining Voice-mail and Stored Voice Comms Sec
209
  • Old LE could use search warrant for voice
    recording on answering machine inside criminals
    home (easier), but needed wiretap order for
    voice comms with a third party provider
  • New Stored voice (wire) comms acquired under
    18 USC 2703 (including search warrant)
  • Sunsets December 2005

40
Subpoenas for Electronic Evidence Sec 210
  • Old Subpoena limited to customers name,
    address, length of service, and means of payment
  • In many cases, users register with ISPs under
    false names
  • New Update and expand records available by
    subpoena
  • Old list, plus means and source of payment,
    credit card or bank account number, records of
    session times and durations, and any temporarily
    assigned network address
  • Not subject to sunset

41
Intelligence Oversight
  • Improved Intelligence
  • Inclusion of international terrorist activities
    within scope of foreign intelligence under the
    National Security Act of 1947.
  • Law enforcement to notify the intelligence
    community when a criminal investigation reveals
    information of intelligence value.
  • Reconfigures the Foreign Terrorist Asset Tracking
    Center.

42
FISA Elec SurveillanceSec. 218
  • Old required certification that obtaining
    foreign intelligence was the purpose of search
  • FISA Court interpreted to mean primary purpose of
    investigation was obtaining foreign intelligence
    and not criminal prosecution
  • New obtaining foreign intel is a significant
    purposeof the search
  • Allows intelligence agents to better coordinate
    with criminal investigators
  • Subject to sunset

43
What is Active Defense?
  • Approved joint term in DoD Dictionary
  • Active Defense The employment of limited
    offensive action and counterattacks to deny a
    contested area or position to the enemy.
  • Passive Defense Measures taken to reduce the
    probability of and to minimize the effects of
    damage caused by hostile action without the
    intention of taking the initiative.
  • No consensus in computer network context

44
  • Active defense
  • Current U.S. Policy.

The fact is that right now my authority for
active defense measures is very limited. I
believe in this area the wisest course of action
is to pursue the policy and procedural issues at
or ahead of the pace of technological
capabilities, because whether or not to use an
attack as an active defense measure or as a
weapon system is a decision that needs to be
operationally defined at the national policy
levels first and foremost. Maj Gen James Bryan,
JTF-CND/CC, Federal Computer Week, 4 Dec 2000
45
DoD Deploys Cyber-DefenseDefense News, November
12-18, 2001, Pg.
  • Faced with a near doubling of attacks on military
    computers in the past year, the guardian of the
    U.S. militarys information systems has asked
    Pentagon leaders for permission to strike back.
  • "We are no longer going to be passive. If they
    hit us, well be hitting them back real soon,"
    U.S. Army Maj. Gen. Dave Bryan, commander, Joint
    Task Force-Computer Network Operations (JTF-CNO),

46
Part II Computer Network Attack (CNA)IO Law
Outline, p. 1-42
  • Development of International Law
  • The Law of War
  • The Use of Force in Peacetime
  • Space Law
  • Telecommunications Law
  • US/Foreign Domestic Laws

47
Development of International Law
  • Consists of Binding Legal Obligations among
    Sovereign States
  • Sovereign States are Legally Equal and
    Independent Actors
  • They Assume Legal Obligations only by
    Affirmatively Agreeing To Do So
  • General Rule Unless Prohibited by Law a Course
    of Action is Allowed

48
Internatl Development Of Territoriality in Air
Space
  • Air Law Post WW II
  • Sovereign Control Over National Airspace
  • Space Law Post Sputnik I Explorer I
  • No Objections to Overflight of Spacecraft
  • Reconnaissance Satellites OK
  • Outer Space Treaty Enshrines Principle
  • Information Operations??

49
United Nations Charter
  • The first use of armed force by a stateshall
    constitute prima facie evidence of an act of
    aggression
  • What kinds of information attacks are likely to
    be considered by the world community to be armed
    attacks and uses of force?
  • Peacetime Rules of Engagement

50
United Nations Charter--1945
  • Article 2(4)
  • Refrain From the Threat or Use of Force Against
    the Territorial Integrity of Any State, or in Any
    Manner Inconsistent With the Purposes of the UN
  • Article 51
  • Inherent Right of Self-Defense Recognized When an
    Armed Attack Occurs
  • Space Control -- Information Operations?

51
Use of Force Authorized?
  • Authorized by UN Security Council
  • Self-defense
  • Humanitarian intervention
  • Treaty-sanctioned interventions
  • Enforcement of international judgments

52
What is Force?
  • The traditional view is that force means armed
    force, rather than other potentially coercive
    vehicles of state policy
  • Negotiating history of UN Charter
  • UNGA Resolution on Aggression
  • Nicaragua v. United States

53
Chinas Unrestricted Warfare
  • This kind of war means that all means will be in
    readiness, that information will be omnipresent,
    and the battlefield will be everywhere. It means
    that all weapons and technology can be
    superimposed at will that all the boundaries
    lying between the two worlds of war and nonwar,
    of military and nonmilitary, will be totally
    destroyed the rules of war may need to be
    rewritten.

54
Does CNA Force?
  • Focus on Consequences of CNA
  • Consider Severity/Nature
  • No Bright Lines
  • Some Tools/Targets May Constitute Force

55
International Law
  • Triggers for self-defense right?
  • Intruder defeats security and gains entry into
    computer systems
  • Significant damage to attacked system or data
  • System is critical to national security
  • Intruders conduct or context clearly manifests
    malicious intent

56
Computer Responses
  • Launching responsive CNA to disable intruders
    equipment
  • May not defeat state-sponsored ops
  • May serve as shot across the bow
  • Useful for shaping conflict
  • Reciprocal

57
Kinetic Responses
  • Response to CNA need not be CNA
  • Lack of target, access etc. may limit options
  • Traditional LOAC analysis
  • Military necessity
  • Proportionality

58
Attribution
  • Huge technical challenge
  • Intelligence data/analysis critical
  • Links to other events
  • State sponsored or not?
  • Identity and intent

59
Remedies
  • If not state-sponsored, law enforcement
    authorities are primary response
  • If nation unable or unwilling to prevent
    recurrence, use self-defense
  • Providing safe refuge can be complicity
  • Complicity can be state action

60
Legal/Policy Considerations
  • Continuing threat to national security
  • Demonstration of resolve
  • World opinion
  • Reciprocity

61
Domestic Law-No Military Exclusion
  • 18 USC 1367 Felony to intentionally or
    maliciously interfere with a communications or
    weather satellite, or to obstruct or hinder any
    satellite transmission.
  • 10 USC 1030 Misdemeanor to intentionally access
    a computer without authorization or exceed access

62
Domestic Law (cont)
  • 18 USC 2511 prohibits intercept and disclosure
    of wire, oral, electronic communications.
  • FISA exception
  • DOJ/GC opinion domestic criminal law does not
    apply to actions of US military members executing
    instructions of the NCA

63
LOAC Customary Legal Principles and IW
  • Military Necessity
  • Distinction
  • Proportionality (possible problem)
  • Humanity (unlawful weapons)
  • Chivalry (Perfidy)
  • Law of Neutrality

64
Military Necessity
  • Military Infrastructures Lawful Target
  • Purely Civilian Infrastructure Unlawful,
    Maybe...
  • Stock Exchanges
  • Banks
  • Universities

65
Distinction
  • Combatants vs. Noncombatants
  • Computer Network Attack
  • Our cyber-warriors are required to be part of
    military
  • Attack from .mil??

66
Proportionality
  • During Desert Storm one of the earliest targets
    was the electrical power system
  • Lawful target military use
  • Iraqi response Coalitions attack constituted
    attempted genocide
  • Citys sewage system backed up, threat of
    epidemic disease

67
Humanity Unlawful Weapons
  • Illegal Per Se (by Treaty)
  • Poisons
  • Glass projectiles
  • DumDum Bullets
  • Illegal by treaty because of indiscriminate
    effects
  • Biological/Bacteriological weapons
  • Chemical weapons

68
Indiscriminate Weapons?
  • Lasers (earth/space based)
  • Malicious Logic
  • Worms/Viruses
  • EMP Devices

69
Chivalry
  • The waging of war in accordance with
    well-recognized formalities and courtesies
  • Permits lawful ruses and stratagems intended to
    lawfully mislead the enemy
  • Prohibits perfidy -- treacherous acts intended to
    take unlawful advantage of the enemys good
    faith
  • What about taking over your enemys computer
    network
  • to send supplies to the wrong place?
  • to declare an end to the war?

70
PerfidyImproper use of
  • Flags of Truce
  • Protected Status
  • Distinctive Emblems
  • Uniforms of Neutrals

71
Law of Neutrals
  • - Neutrality by a State means refraining from all
    hostile participation in the armed conflict
  • - It is the duty of belligerents to respect the
    territory and rights of neutral States

Austria
Jordan
Switzerland
72
Hague V, Art. 1
  • Prohibits any unauthorized entry into the
    territory of a neutral State, its territorial
    waters, or the airspace over such areas by troops
    or instrumentalities of war
  • If one belligerent enters neutral territory, the
    other belligerent, or neutral State may attack
    them there

73
Law of Neutrals
  • Neutrality under UN Charter?
  • 1907 Hague Convention--Facilities are provided
    impartially to both sides
  • Systems that generate information v. merely relay
    communications

74
Summary
  • Interplay of different International Law Regimes
  • If it is not prohibited, it is permitted
  • What we do will have tremendous effect on how
    this area of the law develops

75
Relevant Directives (To name a few!)
  • PDD 62, Combating Terrorism
  • PDD 63, Critical Infrastructure Protection
  • JP3-13, Joint Doctrine for Information Operations
  • DoDD S 3600.1, Information Operations
  • DOD Memorandum on Web Site Administration, 7 Dec
    98
  • DOD Memorandum on Communications Security and
    Information Systems Monitoring, 27 Jul 97
  • AFDD 2-5, Information Operations
  • AFI 33-129, Transmission of Information via the
    Internet
  • AFI 33-119, Electronic Mail Management and Use
  • AFI 33-219, Telecommunications Monitoring and
    Assessment Program
  • AFI 14-104, Intelligence Oversight
  • TJAG Policy Letter 31, Legal Information Services
Write a Comment
User Comments (0)
About PowerShow.com