COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN

Objectives To review computer crime laws and regulations ; investigative measures and techniques used to determine if a crime has been committed and methods to gather evidence; and the ethical constraints that provide a code of conduct for the security professional. To review the methods for determining if a computer crime has been committed ; the laws that would be applicable for the crime; laws prohibiting specific types of computer crime; methods to gather and preserve evidence of a computer crime, investigative methods and techniques ; and ways in which RFC 1087 and the (ISC) 2 Code of Ethics can be applied to resolve ethical dilemmas.

To review computer crime laws and regulations ; investigative measures and techniques used to determine if a crime has been committed and methods to gather evidence; and the ethical constraints that provide a code of conduct for the security professional.

To review the methods for determining if a computer crime has been committed ; the laws that would be applicable for the crime; laws prohibiting specific types of computer crime; methods to gather and preserve evidence of a computer crime, investigative methods and techniques ; and ways in which RFC 1087 and the (ISC) 2 Code of Ethics can be applied to resolve ethical dilemmas.

References Used Handbook of Information Security Management 1999 - Krause & Tipton Computer Security Handbook, Third Edition - Hutt, Bosworth & Hoyt Security in Computing - Pfleeger (ISC) 2 CBK Review Materials Computer Crime - Icove, Seger & VonStorch Computer, Ethics, and Society - Ermann, Williams & Shauf An Introduction to Computer Security: The NIST Handbook

Handbook of Information Security Management 1999 - Krause & Tipton

Computer Security Handbook, Third Edition - Hutt, Bosworth & Hoyt

Security in Computing - Pfleeger

(ISC) 2 CBK Review Materials

Computer Crime - Icove, Seger & VonStorch

Computer, Ethics, and Society - Ermann, Williams & Shauf

An Introduction to Computer Security: The NIST Handbook

Topics to Be Covered Computer Laws Computer Crime Computer Crime Investigations Computer Ethics

Computer Laws

Computer Crime

Computer Crime Investigations

Computer Ethics

COMPUTER CRIME LAWS

Proprietary Rights & Obligations Legal Forms of Protection Trade Secrets: Information that Provides a Competitive Advantage. Protect Ideas. Copyrights: Right of an Author to Prevent Use or Copying Works of the Author. Protect Expression of Ideas. Patents: Protect Results of Science, Technology & Engineering Business Needs Protect Developed Software Contractual Agreements Define Trade Secrets for Employees

Legal Forms of Protection

Trade Secrets: Information that Provides a Competitive Advantage. Protect Ideas.

Copyrights: Right of an Author to Prevent Use or Copying Works of the Author. Protect Expression of Ideas.

Patents: Protect Results of Science, Technology & Engineering

Business Needs

Protect Developed Software

Contractual Agreements

Define Trade Secrets for Employees

Proprietary Rights & Obligations (continued) Security Techniques to Protect Trade Secrets Numbering Copies Logging Document Issuance Checking Files & Workstations Secure Storage Controlled Distribution Limitations on Copying Contractual Commitments to Protect Proprietary Rights Licensing Agreements with Vendors Liability for Compliance

Security Techniques to Protect Trade Secrets

Numbering Copies

Logging Document Issuance

Checking Files & Workstations

Secure Storage

Controlled Distribution

Limitations on Copying

Contractual Commitments to Protect Proprietary Rights

Licensing Agreements with Vendors

Liability for Compliance

Proprietary Rights & Obligations (continued) Enforcement Efforts Software Protection Association (SPA) Federation Against Software Theft (FAST) Business Software Alliance (BSA) Personal Computers Establish User Accountability Policy Development and Circulation Purging of Proprietary Software

Enforcement Efforts

Software Protection Association (SPA)

Federation Against Software Theft (FAST)

Business Software Alliance (BSA)

Personal Computers

Establish User Accountability

Policy Development and Circulation

Purging of Proprietary Software

Protection for Computer Objects Hardware - Patents Firmware Patents for Physical Devices Trade Secret Protection for Code Object Code Software - Copyrights Source Code Software - Trade Secrets Documentation - Copyrights

Hardware - Patents

Firmware

Patents for Physical Devices

Trade Secret Protection for Code

Object Code Software - Copyrights

Source Code Software - Trade Secrets

Documentation - Copyrights

Management Problems Corporate Recordkeeping Accuracy of Computer Records: Potential Use in Court IRS Rules: Inadequate Controls May Impact Audit Findings Labor and Management Relations Collective Bargaining: Disciplinary Actions, Workplace Rules Work Stoppage Limitations on Background Investigations Limitations on Drug and Polygraph Testing Disgruntled Employees Non-Disclosure Requirements Immigration Laws Establishment and Enforcement of Security Rules

Corporate Recordkeeping

Accuracy of Computer Records: Potential Use in Court

IRS Rules: Inadequate Controls May Impact Audit Findings

Labor and Management Relations

Collective Bargaining: Disciplinary Actions, Workplace Rules

Work Stoppage

Limitations on Background Investigations

Limitations on Drug and Polygraph Testing

Disgruntled Employees

Non-Disclosure Requirements

Immigration Laws

Establishment and Enforcement of Security Rules

Management Problems (continued) Data Communications: Disclosure thru - Eavesdropping and Interception Loss of Confidential Information Outsourcing Contract Review Review of Contractor’s Capabilities Impact of Downsizing Contractor Use of Proprietary Software

Data Communications: Disclosure thru -

Eavesdropping and Interception

Loss of Confidential Information

Outsourcing

Contract Review

Review of Contractor’s Capabilities

Impact of Downsizing

Contractor Use of Proprietary Software

Management Problems (continued) Personal Injury Employee Safety Carpal Tunnel Syndrome Radiation Injury Insurance Against Legal Liability Requirements for Security Precautions Right to Inspect Premises Cooperation with Insurance Company

Personal Injury

Employee Safety

Carpal Tunnel Syndrome

Radiation Injury

Insurance Against Legal Liability

Requirements for Security Precautions

Right to Inspect Premises

Cooperation with Insurance Company

Legal Liability Due Care: Minimum and Customary Practice of Responsible Protection of Assets Due Diligence: The Prudent Management and Execution of Due Care Programming Errors: Reasonable Precautions for - Loss of a Program Unauthorized Revisions Availability of Backup Versions Product Liability Liability for Database Inaccuracies: Due to Security Breaches European Union: No Limits on Personal Liability for Personal Injury

Due Care: Minimum and Customary Practice of Responsible Protection of Assets

Due Diligence: The Prudent Management and Execution of Due Care

Programming Errors: Reasonable Precautions for -

Loss of a Program

Unauthorized Revisions

Availability of Backup Versions

Product Liability

Liability for Database Inaccuracies: Due to Security Breaches

European Union: No Limits on Personal Liability for Personal Injury

Legal Liability (continued) Defamation Libel Due to Inaccuracy of Data Unauthorized Release of Confidential Information Alteration of Visual Images Foreign Corrupt Practices Act Mandate for Security Controls or Cost/Benefit Analysis Potential SEC Litigation

Defamation

Libel Due to Inaccuracy of Data

Unauthorized Release of Confidential Information

Alteration of Visual Images

Foreign Corrupt Practices Act

Mandate for Security Controls or Cost/Benefit Analysis

Potential SEC Litigation

Legal Liability (continued) Failure to Observe Standards FIPS Pubs and CSL Bulletins Failure to Comply Used in Litigation Personal Liability Action or Inaction was Proximate Cause Financial Responsibility to Plaintiff Joint and Several Liability

Failure to Observe Standards

FIPS Pubs and CSL Bulletins

Failure to Comply Used in Litigation

Personal Liability

Action or Inaction was Proximate Cause

Financial Responsibility to Plaintiff

Joint and Several Liability

Legal Liability (continued) Federal Sentencing Guidelines Chapter 8 Added 1991 Applicable to Organizations Violations of Federal Law Specifies Levels of Fines Mitigation of Fines Through Implementation of Precautions

Federal Sentencing Guidelines

Chapter 8 Added 1991

Applicable to Organizations

Violations of Federal Law

Specifies Levels of Fines

Mitigation of Fines Through Implementation of Precautions

Privacy & Other Personal Rights The Federal Privacy Act Government Files Open to Public Unless Specified Act Applies to Executive Branch Only “ Record” = Information about an Individual Must be Need to Maintain Records Disclosure Prohibited without Consent Requirements on Government Agencies Record Disclosures Public Notice of Existence of Records Ensure Security & Confidentiality of Records

The Federal Privacy Act

Government Files Open to Public Unless Specified

Act Applies to Executive Branch Only

“ Record” = Information about an Individual

Must be Need to Maintain Records

Disclosure Prohibited without Consent

Requirements on Government Agencies

Record Disclosures

Public Notice of Existence of Records

Ensure Security & Confidentiality of Records

Privacy and Other Personal Rights (continued) State Acts and Regulations Fair Information Practices Acts: Define Information that Can be Collected Uniform Information Practices Code - National Conference of Commissioners on Uniform State Laws: Recommended Model Statutes Regulating Information Maintained by Private Organizations: e.g..., Health Care, Insurance

State Acts and Regulations

Fair Information Practices Acts: Define Information that Can be Collected

Uniform Information Practices Code - National Conference of Commissioners on Uniform State Laws: Recommended Model

Statutes Regulating Information Maintained by Private Organizations: e.g..., Health Care, Insurance

Privacy and Other Personal Rights (continued) Other Employee Rights Electronic Mail: Expectations of Privacy Drug Testing: Limited to Sensitive Positions Only Freedom From Hostile Work Environment International Privacy European Statutes Cover Both Government and Private Corporate Records Application Primarily to Computerized Data Banks Strict Rules on Disclosure Prohibitions of Transfer of Information Across National Boundaries

Other Employee Rights

Electronic Mail: Expectations of Privacy

Drug Testing: Limited to Sensitive Positions Only

Freedom From Hostile Work Environment

International Privacy

European Statutes Cover Both Government and Private Corporate Records

Application Primarily to Computerized Data Banks

Strict Rules on Disclosure

Prohibitions of Transfer of Information Across National Boundaries

Privacy and Other Personal Rights (continued) Management Responsibilities Regular Review with Legal Department Consider all Jurisdictions Prepare Policies for Compliance Enforce Policies Document Enforcement

Management Responsibilities

Regular Review with Legal Department

Consider all Jurisdictions

Prepare Policies for Compliance

Enforce Policies

Document Enforcement

Computer-Related Laws Criminal Law Victim is Society Purpose of Prosecution is Punishment Deterrent Effect of Punishment Burden of Proof is Reasonable Doubt Felonies - Jail > One Year Misdemeanors - Jail < One Year Federal and State Levels Elements of Proof Vary Between and Among Specific vs. General Applicability

Criminal Law

Victim is Society

Purpose of Prosecution is Punishment

Deterrent Effect of Punishment

Burden of Proof is Reasonable Doubt

Felonies - Jail > One Year

Misdemeanors - Jail < One Year

Federal and State Levels

Elements of Proof Vary Between and Among

Specific vs. General Applicability

Computer Crime Laws Federal Computer Fraud and Abuse Act (Title 18, U.S. Code, 1030) *Accessing Federal Interest Computer (FIC) to acquire national defense information Accessing an FIC to obtain financial information Accessing an FIC to deny the use of the computer *Accessing an FIC to affect a fraud *Damaging or denying use of an FIC thru transmission of code, program, information or command Furthering a fraud by trafficking in passwords Economic Espionage Act of 1996: Obtaining trade secrets to benefit a foreign entity Electronic Funds Transfer Act: Covers use, transport, sell, receive or furnish counterfeit, altered, lost, stolen, or fraudulently obtained debit instruments in interstate or foreign commerce.

Federal

Computer Fraud and Abuse Act (Title 18, U.S. Code, 1030)

*Accessing Federal Interest Computer (FIC) to acquire national defense information

Accessing an FIC to obtain financial information

Accessing an FIC to deny the use of the computer

*Accessing an FIC to affect a fraud

*Damaging or denying use of an FIC thru transmission of code, program, information or command

Furthering a fraud by trafficking in passwords

Economic Espionage Act of 1996: Obtaining trade secrets to benefit a foreign entity

Electronic Funds Transfer Act: Covers use, transport, sell, receive or furnish counterfeit, altered, lost, stolen, or fraudulently obtained debit instruments in interstate or foreign commerce.

Federal Computer Crime Laws (continued) Child Pornography Prevention Act of 1996 (CPPA): Prohibits use of computer technology to produce child pornography. Computer Security Act of 1987: Requires Federal Executive agencies to Establish Computer Security Programs. Electronic Communications Privacy Act (ECPA): Prohibits unauthorized interception or retrieval of electronic communications Fair Credit Reporting Act: Governs types of data that companies may be collected on private citizens & how it may be used. Foreign Corrupt Practices Act: Covers improper foreign operations, but applies to all companies registered with the SEC, and requires companies to institute security programs. Freedom of Information Act: Permits public access to information collected by the Federal Executive Branch.

Child Pornography Prevention Act of 1996 (CPPA): Prohibits use of computer technology to produce child pornography.

Computer Security Act of 1987: Requires Federal Executive agencies to Establish Computer Security Programs.

Electronic Communications Privacy Act (ECPA): Prohibits unauthorized interception or retrieval of electronic communications

Fair Credit Reporting Act: Governs types of data that companies may be collected on private citizens & how it may be used.

Foreign Corrupt Practices Act: Covers improper foreign operations, but applies to all companies registered with the SEC, and requires companies to institute security programs.

Freedom of Information Act: Permits public access to information collected by the Federal Executive Branch.

Computer Laws (continued) Civil Law (Tort Law) Damage/Loss to an Individual or Business Type of Punishment Different: No Incarceration Primary Purpose is Financial Restitution Compensatory Damages: Actual Damages, Attorney Fees, Lost Profits, Investigation Costs Punitive Damages: Set by Jury to Punish Offender Statutory Damages: Established by Law Easier to Obtain Conviction: Preponderance of Evidence Impoundment Orders/Writs of Possession: Equivalent to Search Warrant

Civil Law (Tort Law)

Damage/Loss to an Individual or Business

Type of Punishment Different: No Incarceration

Primary Purpose is Financial Restitution

Compensatory Damages: Actual Damages, Attorney Fees, Lost Profits, Investigation Costs

Punitive Damages: Set by Jury to Punish Offender

Statutory Damages: Established by Law

Easier to Obtain Conviction: Preponderance of Evidence

Impoundment Orders/Writs of Possession: Equivalent to Search Warrant

Computer Laws (continued) International Laws Lack of Universal Cooperation Differences in Interpretations of Laws Outdated Laws Against Fraud Problems with Evidence Admissibility Extradition Low Priority

International Laws

Lack of Universal Cooperation

Differences in Interpretations of Laws

Outdated Laws Against Fraud

Problems with Evidence Admissibility

Extradition

Low Priority

Computer Crime Computer Crime as a Separate Category Rules of Property: Lack of Tangible Assets Rules of Evidence: Lack of Original Documents Threats to Integrity and Confidentiality: Goes beyond normal definition of a loss Value of Data: Difficult to Measure. Cases of Restitution only for Media Terminology: Statues have not kept pace. Is Computer Hardware “Machinery”? Does Software quality as “Supplies”.

Computer Crime as a Separate Category

Rules of Property: Lack of Tangible Assets

Rules of Evidence: Lack of Original Documents

Threats to Integrity and Confidentiality: Goes beyond normal definition of a loss

Value of Data: Difficult to Measure. Cases of Restitution only for Media

Terminology: Statues have not kept pace. Is Computer Hardware “Machinery”? Does Software quality as “Supplies”.

Computer Crime (continued) Computer Crime is Hard to Define Lack of Understanding Laws are Inadequate: Slow to Keep Pace with Rapidly Changing Technology Multiple Roles for Computers Object of a Crime: Target of an Attack Subject of a Crime: Used to attack (impersonating a network node) Medium of a Crime: Used as a Means to Commit a Crime (Trojan Horse)

Computer Crime is Hard to Define

Lack of Understanding

Laws are Inadequate: Slow to Keep Pace with Rapidly Changing Technology

Multiple Roles for Computers

Object of a Crime: Target of an Attack

Subject of a Crime: Used to attack (impersonating a network node)

Medium of a Crime: Used as a Means to Commit a Crime (Trojan Horse)

Computer Crime (continued) Difficulties in Prosecution Understanding: Judges, Lawyers, Police, Jurors Evidence: Lack of Tangible Evidence Forms of Assets: e.g., Magnetic Particles, Computer Time Juveniles: Many Perpetrators are Juveniles Adults Don’t Take Juvenile Crime Seriously

Difficulties in Prosecution

Understanding: Judges, Lawyers, Police, Jurors

Evidence: Lack of Tangible Evidence

Forms of Assets: e.g., Magnetic Particles, Computer Time

Juveniles:

Many Perpetrators are Juveniles

Adults Don’t Take Juvenile Crime Seriously

Legal Aspects of Cryptography Prohibitions on Use Approach (e.g., France) Prohibitions on Export (e.g., USA, GB, CAN, GER) US Controls Export of Cryptography Implemented in Software Practically Impossible to Enforce

Prohibitions on Use Approach (e.g., France)

Prohibitions on Export (e.g., USA, GB, CAN, GER)

US Controls Export of Cryptography Implemented in Software

Practically Impossible to Enforce

Nature and Extent of Computer-Related Crime Typology Input Tampering: Entry of Fraudulent or False Data Throughput Tampering: Altering Computer Instructions Output Tampering: Theft of Information Most Common Crimes Input and Output Type Fraudulent Disbursements Fabrication of Data

Typology

Input Tampering: Entry of Fraudulent or False Data

Throughput Tampering: Altering Computer Instructions

Output Tampering: Theft of Information

Most Common Crimes

Input and Output Type

Fraudulent Disbursements

Fabrication of Data

The Computer Criminal Typical Profile Male, White, Young No Prior Record Works in Data Processing or Accounting Myths Special Talents are Necessary Fraud has Increased Because of Computers

Typical Profile

Male, White, Young

No Prior Record

Works in Data Processing or Accounting

Myths

Special Talents are Necessary

Fraud has Increased Because of Computers

The Computer Criminal (continued) Personal Motivations Economic Egocentric Ideological Psychotic

Personal Motivations

Economic

Egocentric

Ideological

Psychotic

The Computer Criminal (continued) Environmental Motivations Work Environment Reward System Level of Interpersonal Trust Ethical Environment Stress Level Internal Controls Environment

Environmental Motivations

Work Environment

Reward System

Level of Interpersonal Trust

Ethical Environment

Stress Level

Internal Controls Environment

The Control Environment Factors that Encourage Crime Motivation Personal Inducements Factors that Discourage Crime Prevention Measures Internal Controls Systems Access Control Systems Detection Measures Auditing Supervision

Factors that Encourage Crime

Motivation

Personal Inducements

Factors that Discourage Crime

Prevention Measures

Internal Controls Systems

Access Control Systems

Detection Measures

Auditing

Supervision

COMPUTER CRIME INVESTIGATION

Investigation Steps Detection and Containment Accidental Discovery Audit Trail Review Real-Time Intrusion Monitoring Limit Further Loss Reduction in Liability Report to Management Immediate Notification Limit Knowledge of Investigation Use Out-of-Band Communications

Detection and Containment

Accidental Discovery

Audit Trail Review

Real-Time Intrusion Monitoring

Limit Further Loss

Reduction in Liability

Report to Management

Immediate Notification

Limit Knowledge of Investigation

Use Out-of-Band Communications

Investigation Steps (continued) Preliminary Investigation Determine if a Crime has Occurred Review Complaint Inspect Damage Interview Witnesses Examine Logs Identify Investigation Requirements

Preliminary Investigation

Determine if a Crime has Occurred

Review Complaint

Inspect Damage

Interview Witnesses

Examine Logs

Identify Investigation Requirements

Investigation Steps (continued) Disclosure Determination Determine if Disclosure is Required by Law Determine if Disclosure is Desired Caution in Dealing with the Media Courses of Action Do Nothing Surveillance Eliminate Security Holes Is Police Report Required? Is Prosecution a Goal?

Disclosure Determination

Determine if Disclosure is Required by Law

Determine if Disclosure is Desired

Caution in Dealing with the Media

Courses of Action

Do Nothing

Surveillance

Eliminate Security Holes

Is Police Report Required?

Is Prosecution a Goal?

Investigation Steps (continued) Conducting the Investigation Investigative Responsibility Internal Investigation External Private Consultant Investigation Local/State/Federal Investigation Factors Cost Legal Issues (Privacy, Evidence, Search & Seizure) Information Dissemination Investigative Control

Conducting the Investigation

Investigative Responsibility

Internal Investigation

External Private Consultant Investigation

Local/State/Federal Investigation

Factors

Cost

Legal Issues (Privacy, Evidence, Search & Seizure)

Information Dissemination

Investigative Control

Investigative Process Identify Potential Suspects Insiders Outsiders Collaboration Identify Potential Witnesses Who to Interview Who to Conduct Interview

Identify Potential Suspects

Insiders

Outsiders

Collaboration

Identify Potential Witnesses

Who to Interview

Who to Conduct Interview

Investigative Process (continued) Identify Type of System to be Seized Network, Hardware & Software Configuration System Experts Security System in Place Location of System Elements of Proof Probable Cause/Warrant Location of Analysis

Identify Type of System to be Seized

Network, Hardware & Software Configuration

System Experts

Security System in Place

Location of System

Elements of Proof

Probable Cause/Warrant

Location of Analysis

Investigative Process (continued) Identify Search and Seizure Team Members Lead Investigator Information Security Representative Legal Representative Technical Representatives Obtain and Serve Search Warrants Determine if System Is at Risk Access of Suspect Potential Destruction of Evidence

Identify Search and Seizure Team Members

Lead Investigator

Information Security Representative

Legal Representative

Technical Representatives

Obtain and Serve Search Warrants

Determine if System Is at Risk

Access of Suspect

Potential Destruction of Evidence

Investigation Steps (continued) Execute the Plan Secure and Control Scene Protect Evidence Don’t Touch Keyboard Videotape Process Capture Monitor Display Unplug System Remove Cover Disks and Drives Search Premises (for Magnetic Media and Documentation) Seize Other Devices (that may contain information)

Execute the Plan

Secure and Control Scene

Protect Evidence

Don’t Touch Keyboard

Videotape Process

Capture Monitor Display

Unplug System

Remove Cover

Disks and Drives

Search Premises (for Magnetic Media and Documentation)

Seize Other Devices (that may contain information)

Investigation Steps (continued) Conduct Surveillance Physical: Determine Subject’s Habits, Associates, Life Style Computer: Audit Logs or Electronic Monitoring Other Information Sources Personnel Files Telephone and Fax Logs Security Logs Time Cards Investigative Reporting Document Known Facts Statement of Final Conclusions

Conduct Surveillance

Physical: Determine Subject’s Habits, Associates, Life Style

Computer: Audit Logs or Electronic Monitoring

Other Information Sources

Personnel Files

Telephone and Fax Logs

Security Logs

Time Cards

Investigative Reporting

Document Known Facts

Statement of Final Conclusions

Computer Forensics Conduct a Disk Image Backup of Suspect System: Bit level Copy of the Disk, Sector by Sector Authenticate the File System: Create Message Digest for all Directories, Files & Disk Sectors Analyze Restored Data: Conduct Forensic Analysis in a Controlled Environment Search Tools: Quick View Plus, Expert Witness, Super Sleuth Searching for Obscure Data: Hidden Files/Directories, Erased or Deleted Files, Encrypted Data, Overwritten Files Steganography: Hiding a Piece of Information within Another Review Communications Programs: Links to Others

Conduct a Disk Image Backup of Suspect System: Bit level Copy of the Disk, Sector by Sector

Authenticate the File System: Create Message Digest for all Directories, Files & Disk Sectors

Analyze Restored Data: Conduct Forensic Analysis in a Controlled Environment

Search Tools: Quick View Plus, Expert Witness, Super Sleuth

Searching for Obscure Data: Hidden Files/Directories, Erased or Deleted Files, Encrypted Data, Overwritten Files

Steganography: Hiding a Piece of Information within Another

Review Communications Programs: Links to Others

Computer Forensics (continued) Reassemble and Boot Suspect System with Clean Operating System Target System May Be Infected Obtain System Time as Reference Run Complete System Analysis Report Boot Suspect System with Original Operating System Identify Rogue Programs Identify Background Programs Identify What System Interrupts have Been Set

Reassemble and Boot Suspect System with Clean Operating System

Target System May Be Infected

Obtain System Time as Reference

Run Complete System Analysis Report

Boot Suspect System with Original Operating System

Identify Rogue Programs

Identify Background Programs

Identify What System Interrupts have Been Set

Computer Forensics (continued) Search Backup Media: Don’t Forget Off-Site Storage Search Access Controlled Systems and Encrypted Files Password Cracking Publisher Back Door Documentary Clues Ask the Suspect Case Law on Obtaining Passwords from Suspects

Search Backup Media: Don’t Forget Off-Site Storage

Search Access Controlled Systems and Encrypted Files

Password Cracking

Publisher Back Door

Documentary Clues

Ask the Suspect

Case Law on Obtaining Passwords from Suspects

Rules of Evidence Types of Evidence Direct: Oral Testimony by Witness Real: Tangible Objects/Physical Evidence Documentary: Printed Business Records, Manuals, Printouts Demonstrative: Used to Aid the Jury (Models, Illustrations, Charts Best Evidence Rule: To Limit Potential for Alteration Exclusionary Rule: Evidence Must be Gathered Legally or it Can’t Be Used Hearsay Rule: Key for Computer Generated Evidence Second Hand Evidence Admissibility Based on Veracity and Competence of Source Exceptions: Rule 803 of Federal Rules of Evidence (Business Documents created at the time by person with knowledge, part of regular business, routinely kept, supported by testimony)

Types of Evidence

Direct: Oral Testimony by Witness

Real: Tangible Objects/Physical Evidence

Documentary: Printed Business Records, Manuals, Printouts

Demonstrative: Used to Aid the Jury (Models, Illustrations, Charts

Best Evidence Rule: To Limit Potential for Alteration

Exclusionary Rule: Evidence Must be Gathered Legally or it Can’t Be Used

Hearsay Rule: Key for Computer Generated Evidence

Second Hand Evidence

Admissibility Based on Veracity and Competence of Source

Exceptions: Rule 803 of Federal Rules of Evidence (Business Documents created at the time by person with knowledge, part of regular business, routinely kept, supported by testimony)

Rules of Evidence (continued) Chain of Evidence: Accountability & Protection Who Obtained Evidence Where and When it was Obtained Who Secured it Who Controlled it Account for Everyone Who Had Access to or Handled the Evidence Assurance Against Tampering

Chain of Evidence: Accountability & Protection

Who Obtained Evidence

Where and When it was Obtained

Who Secured it

Who Controlled it

Account for Everyone Who Had Access to or Handled the Evidence

Assurance Against Tampering

Rules of Evidence (continued) Admissibility of Evidence: Computer-generated Evidence is Always Suspect Relevancy: Must Prove a Fact that is Material to the Case Reliability: Prove Reliability of Evidence and the Process for Producing It Evidence Life Cycle Collection and Identification Storage, Preservation, and Transportation Presentation in Court Return to Victim (Owner)

Admissibility of Evidence: Computer-generated Evidence is Always Suspect

Relevancy: Must Prove a Fact that is Material to the Case

Reliability: Prove Reliability of Evidence and the Process for Producing It

Evidence Life Cycle

Collection and Identification

Storage, Preservation, and Transportation

Presentation in Court

Return to Victim (Owner)

Legal Proceedings Discovery Defense Granted Access to All Investigative Materials Protective Order Limits Who Has Access Grand Jury and Preliminary Hearings Witnesses Called Assign Law Enforcement Liaison Trial: Unknown Results Recovery of Damages: Thru Civil Courts

Discovery

Defense Granted Access to All Investigative Materials

Protective Order Limits Who Has Access

Grand Jury and Preliminary Hearings

Witnesses Called

Assign Law Enforcement Liaison

Trial: Unknown Results

Recovery of Damages: Thru Civil Courts

Legal Proceedings (continued) Post Mortem Review: Analyze Attack and Close Security Holes Incident Response Plan Information Dissemination Policy Incident Reporting Policy Electronic Monitoring Statement Audit Trail Policy Warning Banner (Prohibit Unauthorized Access and Give Notice of Monitoring) Need for Additional Personnel Security Controls

Post Mortem Review: Analyze Attack and Close Security Holes

Incident Response Plan

Information Dissemination Policy

Incident Reporting Policy

Electronic Monitoring Statement

Audit Trail Policy

Warning Banner (Prohibit Unauthorized Access and Give Notice of Monitoring)

Need for Additional Personnel Security Controls

COMPUTER ETHICS

Ethics Origins and Outlook Differences Between Law and Ethics: Must vs. Should Origins Common Good National Interest Individual Rights Enlightened Self-Interest Law Tradition/Culture Religion Fundamental Changes to Society No Sandbox Training

Differences Between Law and Ethics: Must vs. Should

Origins

Common Good

National Interest

Individual Rights

Enlightened Self-Interest

Law

Tradition/Culture

Religion

Fundamental Changes to Society

No Sandbox Training

Common Fallacies of the Computer Generation The Computer Game Fallacy: Computer Designed to Prevent Abuse The Law-Abiding Citizen Fallacy: Constitutional Rights The Shatterproof Fallacy: Limited Effects The Candy-from-a-Baby Fallacy: It’s Easy So It Must be OK The Hacker’s Fallacy: Means of Learning The Free Information Fallacy: Information Wants to Be Free

The Computer Game Fallacy: Computer Designed to Prevent Abuse

The Law-Abiding Citizen Fallacy: Constitutional Rights

The Shatterproof Fallacy: Limited Effects

The Candy-from-a-Baby Fallacy: It’s Easy So It Must be OK

The Hacker’s Fallacy: Means of Learning

The Free Information Fallacy: Information Wants to Be Free

Resources National Computer Ethics and Responsibilities Campaign (NCERC) Computer Ethics Resource Guide National Computer Security Association (NCSA) Computer Ethics Institute 1991 – Ten Commandments of Computer Ethics End User’s Basic Tenants of Responsible Computing Four Primary Values Considerations for Conduct The Code of Fair Information Practices Unacceptable Internet Activities (RFC 1087)

National Computer Ethics and Responsibilities Campaign (NCERC)

Computer Ethics Resource Guide

National Computer Security Association (NCSA)

Computer Ethics Institute

1991 – Ten Commandments of Computer Ethics

End User’s Basic Tenants of Responsible Computing

Four Primary Values

Considerations for Conduct

The Code of Fair Information Practices

Unacceptable Internet Activities (RFC 1087)

(ISC) 2 Code of Ethics Conduct to meet highest standards of moral, ethical, and legal behavior Maintain personal reputation and that of the profession Report unlawful activities and cooperate in investigation Promote prudent information security measures Provide competent service and avoid conflicts of interest Execute responsibilities in keeping with highest professional standards Use information properly Maintain confidentiality of information

Conduct to meet highest standards of moral, ethical, and legal behavior

Maintain personal reputation and that of the profession

Report unlawful activities and cooperate in investigation

Promote prudent information security measures

Provide competent service and avoid conflicts of interest

Execute responsibilities in keeping with highest professional standards

Use information properly

Maintain confidentiality of information

Ethical Responsibilities Collectors of Data to Data Subjects for: Integrity Confidentiality Custodians of Data to Owners of Data for: Availability Integrity Users of Data to Data Subjects and Owners for: Confidentiality Integrity

Collectors of Data to Data Subjects for:

Integrity

Confidentiality

Custodians of Data to Owners of Data for:

Availability

Integrity

Users of Data to Data Subjects and Owners for:

Confidentiality

Integrity

Competitive Intelligence Published Material & Public Documents Disclosures by Competitor Employees (without Subterfuge) Market Surveys & Consultant’s Reports Financial Reports & Broker’s Research Surveys Trade Fairs, Exhibits, & Competitor Literature Analysis of Competitor Products Reports of Own Personnel Legitimate Employment Interviews with Competitor Employees

Published Material & Public Documents

Disclosures by Competitor Employees (without Subterfuge)

Market Surveys & Consultant’s Reports

Financial Reports & Broker’s Research Surveys

Trade Fairs, Exhibits, & Competitor Literature

Analysis of Competitor Products

Reports of Own Personnel

Legitimate Employment Interviews with Competitor Employees

Industrial Espionage Camouflaged Questioning of Competitor’s Employees Direct Observation under Secret Conditions False Job Interviews False Negotiations Use of Professional Investigators Hiring Competitor’s Employees Trespassing Bribing Suppliers and Employees Planting Agent on Competitor Payroll Eavesdropping Theft of Information Blackmail and Extortion

Camouflaged Questioning of Competitor’s Employees

Direct Observation under Secret Conditions

False Job Interviews

False Negotiations

Use of Professional Investigators

Hiring Competitor’s Employees

Trespassing

Bribing Suppliers and Employees

Planting Agent on Competitor Payroll

Eavesdropping

Theft of Information

Blackmail and Extortion

Plan of Action Develop organizational guide to computer ethics Develop a computer ethics policy to supplement the computer security policy Include computer ethics information in the employee handbook Expand business ethics policy to include computer ethics Foster user awareness of computer ethics Establish an E-mail privacy policy and promote user awareness of it

Develop organizational guide to computer ethics

Develop a computer ethics policy to supplement the computer security policy

Include computer ethics information in the employee handbook

Expand business ethics policy to include computer ethics

Foster user awareness of computer ethics

Establish an E-mail privacy policy and promote user awareness of it

QUESTIONS?