Black Hat 2000 – Amsterdam Legal & Political Issues in International Computer Crime Investigation & Prosecution Jennifer Stisa Granick Attorney at Law 368 Hayes.
Download ReportTranscript Black Hat 2000 – Amsterdam Legal & Political Issues in International Computer Crime Investigation & Prosecution Jennifer Stisa Granick Attorney at Law 368 Hayes.
Black Hat 2000 – Amsterdam Legal & Political Issues in International Computer Crime Investigation & Prosecution Jennifer Stisa Granick Attorney at Law 368 Hayes Street San Francisco, CA 94102 USA 415-283-4805 [email protected] Internet Crime is International Crime The Internet is an international medium The Internet connects far-flung offenders with far-flung victims Perpetrator and victim can be in same country, but evidence is located in other country or countries International Investigation: Poses Procedural Difficulties Reliance on local investigators: Training issues Cooperation: between governments and with LE agencies Quick access to evidence or suspects Resources available for investigation International Investigation: Poses Procedural Difficulties Record keeping/Collection and Preservation of data Real time data interception and auditing Trans-border searches Sovereignty Privacy Notice to foreign government, to suspect Jurisdiction and extradition The Law Right Now Mutual Legal Assistance Treaties (MLATs) Letters rogatory The future: multilateral agreements and compacts International Investigation: Substantive Issues Do countries agree on what is a “cyber crime”? Access Tampering Sabotage Use Fraud Espionage Privacy violation Damage/theft Intellectual property violations Child pornography International Investigation: Benefits of Consensus No country is a “safe haven” for criminals Consensus is a basis for cooperation to solve and prosecute crime Consensus Can Be Bad No “laboratory” to learn what approach furthers network security Substantive agreement without greater agreement on human rights, due process, etc. can result in injustice Currently Proposed Legal and Political Solutions Private Sector Promote Cyber-ethics Sysops manage private networks in a secure fashion Vendors put out secure products Multilateral Agreements Council of Europe: Cyber Crime Convention: conventions.coe.int/treaty/EN/projets/projets.htm Group of Eight Council of Europe’s Draft Cybercrime Treaty Provisions Treaty Addresses: definition of offenses jurisdiction international cooperation search and seizure Encourages signatories to pass domestic laws in accordance with the convention’s principles and definitions Coordinated criminalization of: “hacking” and “hacking tools” child pornography copyright infringing materials COE Cybercrime Treaty : Procedural Provisions Search and seizure by local authorities Requires preservation and production of digital evidence Interception of data/ real time communications Requires the assistance and cooperation of sysops and ISPs COE Cybercrime Treaty : Procedural Provisions International assistance for Preserving evidence Locating suspects Trans-border searches Traditional mutual legal assistance and extradition G-8’s 24/7 proposal COE Cybercrime Treaty : Controversial provisions Article 6 – Illegal Devices: Makes it a crime to create, download, or post any computer program that is “designed or adapted [primarily]” to gain access to a computer system without permission, or to delete or alter data. Article 9 – Child Pornography: Internationalizes a U.S. law that makes it a crime to possess digital images that "appear" to be child pornography Article 16 – Preservation of Traffic Data: International Working Group on Data Protection in Telecommunications (Group of EU Privacy Commissioners) criticized requiring preservation of traffic data. COE Cybercrime Treaty : Controversial provisions Article 14 –Search and Seizure & Article 15 – Production Order: Requires subject to process data under his/her control and yield the information necessary to the authorities Requires person with knowledge to seize and secure data for investigators ? Encryption Keys ? U.S. Constitution, Amendment 5, Self-Incrimination Article 21 – Extradition: Provides for extradition for enumerated offenses Group of Eight : Recent Activity Main accomplishment : 24/7 network Main Dispute: Whether to create an international LE organization for cybercrimes. Supported by U.S., disapproved by France Principles agreed on: ensuring the protection of individuals freedoms and private life, preserving governments' ability to fight high tech crime, facilitating appropriate training for all involved, defining a clear and transparent framework for addressing cybercriminality, ensuring free and fair activities, the sound development of industry, and supporting effective industry initiated voluntary codes of conduct and standards, assessing effectiveness and consequences. International Aspects of Cybercrime: Conclusion International cooperation is the trend Consensus is being crafted, but cautionary voices are being ignored Ramifications of decisions made now are far reaching The benefits of consensus will only outweigh the detriments if we are more careful Black Hat 2000 – Amsterdam Legal & Political Issues in International Computer Crime Investigation & Prosecution Jennifer Stisa Granick Attorney at Law 368 Hayes Street San Francisco, CA 94102 USA 415-283-4805 [email protected]