0
Online Criminal Investigations: The USA Patriot Act, ECPA, and Beyond Mark Eckenwiler Computer Crime and Intellectual Prop...
The Computer Crime and Intellectual Property Section <ul><li>Founded in 1991 as Computer Crime Unit </li></ul><ul><li>Curr...
Overview <ul><li>The origins of ECPA (The Electronic Communications Privacy Act of 1986)‏ </li></ul><ul><li>Substance of t...
Why You Might Care  About ECPA <ul><li>Comprehensive privacy framework for communications providers </li></ul><ul><li>Regu...
Why ECPA Matters to Law Enforcement <ul><li>As people take their lives online, crime follows; no different from the real w...
Scope of the 1968 Wiretap Act <ul><li>Protected two kinds of communications </li></ul><ul><ul><li>“ oral” and “wire”  </li...
Concerns Addressed in ECPA (Enacted in 1986)‏ <ul><li>Added protection for “electronic” (non-voice!) communications to Tit...
Changes 1986-2000 <ul><li>A variety of tweaks & technical amendments </li></ul><ul><ul><li>cordless phones </li></ul></ul>...
Sweeping New Surveillance Powers Under USA Patriot Act: A List
Changes 2001 (USA Patriot)‏ <ul><li>Structure of ECPA/Title III/Pen-Trap remains the same </li></ul><ul><li>No major expan...
Substantive Provisions of ECPA Or,  Everything you know is wrong
Title III/ECPA & The Courts: A Love Affair <ul><li>“ famous (if not infamous) for its lack of clarity” </li></ul><ul><ul><...
The Major Categories <ul><li>Real-time interception (content)‏ </li></ul><ul><li>Real-time traffic data (non-content)‏ </l...
The Matrix
Interception of Communications <ul><li>The default rule under § 2511(1): do not  </li></ul><ul><ul><li>eavesdrop </li></ul...
Penalties <ul><li>Criminal penalties (five-year felony)  [§ 2511(4)] </li></ul><ul><ul><ul><li>exception for first offense...
Relevance to Computer Networks <ul><li>Makes it illegal to install an unauthorized packet sniffer </li></ul><ul><li>In num...
Exceptions to the  General Prohibition <ul><li>Publicly accessible system [§ 2511(2)(g)(i)] </li></ul><ul><ul><li>open IRC...
Consent of a Party <ul><li>Parallels the Fourth Amendment exception </li></ul><ul><li>May be implied through </li></ul><ul...
System Operator Privileges <ul><li>Provider may monitor private real-time communications to protect its rights or property...
“ Computer Trespasser” Monitoring (USA Patriot)* <ul><li>Problem to be solved: what rules allow government monitoring of a...
“ Computer Trespasser” Defined <ul><li>New 18 U.S.C. 2510(21): </li></ul><ul><ul><li>person who accesses “without authoriz...
Limits of the New “Computer Trespasser” Exception <ul><li>Interception under this exception has several prerequisites  </l...
Court-Authorized Monitoring <ul><li>Requires a kind of “super-warrant” </li></ul><ul><ul><li>§ 2518 </li></ul></ul><ul><li...
Types of Electronic Communications Intercepts <ul><li>Cloned pagers </li></ul><ul><li>“ Keystroking”  </li></ul><ul><ul><l...
The Matrix
The Matrix
Real-Time Collection of  Non-Content Records <ul><li>Governed by the pen register/trap and trace statute (originally enact...
How Things (Didn’t) Change As a Result of USA Patriot <ul><li>Pre-USA Patriot, language was focused on telephone records <...
Pen Register/Trap and Trace <ul><li>Old statute very telephone-oriented </li></ul><ul><ul><li>“ numbers dialed” </li></ul>...
What Can A Pen/Trap Device Collect? <ul><li>Plainly included </li></ul><ul><ul><li>telephone source/destination numbers </...
The Device Formerly Known As “Carnivore” <ul><li>USA Patriot mandates additional judicial oversight  </li></ul><ul><li>Whe...
New Penalties for Government Misconduct <ul><li>New section 2712 creates explicit civil and administrative sanctions for v...
The Matrix
Stored Communications and Subscriber Records 18 U.S.C., Chapter 121
Objectives of Chapter 121 <ul><li>Regulate privacy of communications held by electronic middlemen </li></ul><ul><ul><li>Co...
Dichotomies ‘R’ Us <ul><li>Permissive disclosure vs. mandatory </li></ul><ul><ul><li>“ may” vs. “must” </li></ul></ul><ul>...
Criminal Violations <ul><li>18 USC § 2701 prohibition </li></ul><ul><ul><li>Illegal to access without or in excess of auth...
Other Enforcement Mechanisms <ul><li>Civil remedies </li></ul><ul><ul><li>$1,000 per violation </li></ul></ul><ul><ul><li>...
Subscriber Content  and the System Provider <ul><li>Any provider may freely  read  stored email/files of its customers </l...
Public Providers and  Permissive Disclosure <ul><li>General rule: a public provider ( e.g. , an ISP) may not freely  discl...
Permissive Disclosure and Non-Content Subscriber Information <ul><li>Rule is short and sweet </li></ul><ul><li>Provider ma...
Mandatory Disclosures: Legal Process Used by the Government <ul><li>Keep in mind the same dichotomy </li></ul><ul><ul><li>...
Government Access to Private Communications (Content)‏ <ul><li>For  unopened  email/voicemail < 180 days old stored on a p...
Government Access to Private Communications (Content)‏ <ul><li>For opened e-mail/voicemail (or other stored files), govern...
The Matrix
The Two Categories of Non-Content Information <ul><li>Subscriber information </li></ul><ul><ul><li>§2703(c)(2)‏ </li></ul>...
Basic Subscriber Information <ul><li>Can be obtained through subpoena </li></ul><ul><li>Provider must give government </li...
Transactional Records <ul><li>Not content, not basic subscriber info </li></ul><ul><li>Everything in between </li></ul><ul...
Section 2703(d) Orders <ul><li>“ Articulable facts” order  </li></ul><ul><ul><li>“ specific and articulable facts showing ...
The Matrix
Summary:  Legal Process & ECPA <ul><li>Warrant  </li></ul><ul><ul><li>required for unopened e-mail </li></ul></ul><ul><ul>...
§ 2703(f) Requests to Preserve <ul><li>Government can ask for anything (content or non-content) to be preserved </li></ul>...
Summary of Notable Changes <ul><li>Pen register/trap and trace statute updated </li></ul><ul><li>Enhanced disclosure by pr...
Summary <ul><li>USA PATRIOT Act is not a sweeping expansion of surveillance authority </li></ul><ul><li>Instead, makes nar...
For More Information <ul><li>Computer Crime Section’s home page: www.cybercrime.gov </li></ul><ul><ul><li>legal & policy t...
 
Upcoming SlideShare
Loading in...5
×

Online Criminal Investigations The Usa Patriot Act

1,072

Published on

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,072
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
25
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Online Criminal Investigations The Usa Patriot Act"

  1. 1. Online Criminal Investigations: The USA Patriot Act, ECPA, and Beyond Mark Eckenwiler Computer Crime and Intellectual Property Section U.S. Department of Justice
  2. 2. The Computer Crime and Intellectual Property Section <ul><li>Founded in 1991 as Computer Crime Unit </li></ul><ul><li>Current staff of 30 attorneys </li></ul><ul><li>Mission of CCIPS </li></ul><ul><ul><li>Combat computer crime and IP crimes </li></ul></ul><ul><ul><li>Develop enforcement policy </li></ul></ul><ul><ul><li>Train agents and prosecutors </li></ul></ul><ul><ul><li>Promote international cooperation </li></ul></ul><ul><ul><li>Propose and comment on federal legislation </li></ul></ul>
  3. 3. Overview <ul><li>The origins of ECPA (The Electronic Communications Privacy Act of 1986)‏ </li></ul><ul><li>Substance of the statute </li></ul><ul><ul><li>real-time monitoring </li></ul></ul><ul><ul><li>stored information </li></ul></ul><ul><li>How USA Patriot changed (or didn’t change) things </li></ul>
  4. 4. Why You Might Care About ECPA <ul><li>Comprehensive privacy framework for communications providers </li></ul><ul><li>Regulates conduct between </li></ul><ul><ul><li>different users </li></ul></ul><ul><ul><li>provider and customer </li></ul></ul><ul><ul><li>government and provider </li></ul></ul><ul><li>Civil and criminal penalties for violations </li></ul><ul><li>Note: state laws may impose additional restrictions/obligations </li></ul>
  5. 5. Why ECPA Matters to Law Enforcement <ul><li>As people take their lives online, crime follows; no different from the real world </li></ul><ul><li>Online records are often the key to investigating and prosecuting criminal activity </li></ul><ul><ul><li>“ cyber” crimes (network intrusions)‏ </li></ul></ul><ul><ul><li>traditional crimes (threats, fraud, etc.)‏ </li></ul></ul><ul><li>ECPA says how and when government can (and cannot) obtain those records </li></ul>
  6. 6. Scope of the 1968 Wiretap Act <ul><li>Protected two kinds of communications </li></ul><ul><ul><li>“ oral” and “wire” </li></ul></ul><ul><ul><li>criminal penalties and civil remedies </li></ul></ul><ul><ul><li>extensive procedural rules for court orders to conduct eavesdropping </li></ul></ul><ul><li>By mid-1980s, emerging technologies created areas of uncertainty in statute as to </li></ul><ul><ul><li>wireless telephones </li></ul></ul><ul><ul><li>non-voice transmissions ( e.g. , e-mail)‏ </li></ul></ul>
  7. 7. Concerns Addressed in ECPA (Enacted in 1986)‏ <ul><li>Added protection for “electronic” (non-voice!) communications to Title III </li></ul><ul><li>In addition, created a new companion chapter to regulate privacy of </li></ul><ul><ul><li>stored communications </li></ul></ul><ul><ul><li>non-content information about subscribers ( e.g., transactional information)‏ </li></ul></ul><ul><li>Also: new pen register/trap & trace statutes </li></ul><ul><ul><li>for prospective collection of telephone calling records </li></ul></ul>
  8. 8. Changes 1986-2000 <ul><li>A variety of tweaks & technical amendments </li></ul><ul><ul><li>cordless phones </li></ul></ul><ul><ul><li>CALEA </li></ul></ul>
  9. 9. Sweeping New Surveillance Powers Under USA Patriot Act: A List
  10. 10. Changes 2001 (USA Patriot)‏ <ul><li>Structure of ECPA/Title III/Pen-Trap remains the same </li></ul><ul><li>No major expansion of authority </li></ul><ul><li>Many changes simply codify existing practice or harmonize parallel provisions of statute </li></ul><ul><li>In the following slides, a postfixed asterisk (*) indicates USA Patriot changes to prior law </li></ul>
  11. 11. Substantive Provisions of ECPA Or, Everything you know is wrong
  12. 12. Title III/ECPA & The Courts: A Love Affair <ul><li>“ famous (if not infamous) for its lack of clarity” </li></ul><ul><ul><li>Steve Jackson Games v. United States Secret Service, 36 F.3d 457, 462 (5th Cir. 1994)‏ </li></ul></ul><ul><li>“ fraught with trip wires” </li></ul><ul><ul><li>Forsyth v. Barr , 19 F.3d 1527, 1543 (5th Cir. 1994)‏ </li></ul></ul><ul><li>“ a fog of inclusions and exclusions” </li></ul><ul><ul><li>Briggs v. American Air Filter , 630 F.2d 414, 415 (5th Cir. 1980)‏ </li></ul></ul>
  13. 13. The Major Categories <ul><li>Real-time interception (content)‏ </li></ul><ul><li>Real-time traffic data (non-content)‏ </li></ul><ul><li>Stored data (content)‏ </li></ul><ul><li>Subscriber records (non-content)‏ </li></ul>
  14. 14. The Matrix
  15. 15. Interception of Communications <ul><li>The default rule under § 2511(1): do not </li></ul><ul><ul><li>eavesdrop </li></ul></ul><ul><ul><li>use or disclose intercepted contents </li></ul></ul><ul><li>Applies to oral/wire/electronic comms. </li></ul>
  16. 16. Penalties <ul><li>Criminal penalties (five-year felony) [§ 2511(4)] </li></ul><ul><ul><ul><li>exception for first offense, wireless comms. </li></ul></ul></ul><ul><li>Civil damages of $10,000 per violation* plus attorney’s fees </li></ul><ul><ul><li>USA Patriot added new language specifically imposing liability on government agents </li></ul></ul><ul><li>Statutory suppression </li></ul>
  17. 17. Relevance to Computer Networks <ul><li>Makes it illegal to install an unauthorized packet sniffer </li></ul><ul><li>In numerous federal prosecutions, defendants have pled guilty to Title III violations for such conduct </li></ul>
  18. 18. Exceptions to the General Prohibition <ul><li>Publicly accessible system [§ 2511(2)(g)(i)] </li></ul><ul><ul><li>open IRC channel/chat room </li></ul></ul><ul><li>Consent of a party </li></ul><ul><li>System provider privileges </li></ul><ul><li>“ Computer trespasser” monitoring* </li></ul><ul><li>Court-authorized intercepts </li></ul>
  19. 19. Consent of a Party <ul><li>Parallels the Fourth Amendment exception </li></ul><ul><li>May be implied through </li></ul><ul><ul><li>login banner </li></ul></ul><ul><ul><li>terms of service </li></ul></ul><ul><li>Such implied consent may give an ISP authority to pass information to law enforcement and other officials </li></ul>
  20. 20. System Operator Privileges <ul><li>Provider may monitor private real-time communications to protect its rights or property [§ 2511(2)(a)(i)] </li></ul><ul><ul><li>e.g. , logging every keystroke typed by a suspected intruder </li></ul></ul><ul><ul><li>phone companies more restricted than ISPs </li></ul></ul><ul><li>Under same subsection, a provider may also “intercept” communications if inherently necessary to providing the service </li></ul>
  21. 21. “ Computer Trespasser” Monitoring (USA Patriot)* <ul><li>Problem to be solved: what rules allow government monitoring of a network intruder? </li></ul><ul><ul><li>consent of system owner as a party? </li></ul></ul><ul><ul><li>“ rights or property” monitoring? </li></ul></ul><ul><ul><li>consent of the intruder via login banner? </li></ul></ul><ul><li>Because none of these is entirely satisfactory, new exception added </li></ul><ul><li>Note: amendment sunsets on 12/31/05 </li></ul>
  22. 22. “ Computer Trespasser” Defined <ul><li>New 18 U.S.C. 2510(21): </li></ul><ul><ul><li>person who accesses “without authorization” </li></ul></ul><ul><ul><li>definition continues: “and thus has no reasonable expectation of privacy…” </li></ul></ul><ul><li>Excludes users who have “an existing contractual relationship” with provider </li></ul><ul><ul><li>Congress worried about TOS violations as grounds for warrantless surveillance </li></ul></ul><ul><ul><li>there is an opportunity to gain consent from such users </li></ul></ul><ul><ul><li>without it, possible constitutional problems </li></ul></ul>
  23. 23. Limits of the New “Computer Trespasser” Exception <ul><li>Interception under this exception has several prerequisites </li></ul><ul><ul><li>consent of the owner </li></ul></ul><ul><ul><li>under color of law </li></ul></ul><ul><ul><li>relevant to an official investigation, and </li></ul></ul><ul><ul><li>cannot acquire communications other than those to/from the trespasser </li></ul></ul>
  24. 24. Court-Authorized Monitoring <ul><li>Requires a kind of “super-warrant” </li></ul><ul><ul><li>§ 2518 </li></ul></ul><ul><li>Good for 30 days maximum </li></ul><ul><li>Necessity, minimization requirements </li></ul><ul><li>Only available for specified offenses </li></ul><ul><li>Ten-day reporting </li></ul><ul><li>Sealing </li></ul>
  25. 25. Types of Electronic Communications Intercepts <ul><li>Cloned pagers </li></ul><ul><li>“ Keystroking” </li></ul><ul><ul><li>common in network intrusion cases </li></ul></ul><ul><li>“ Cloning” an e-mail account </li></ul>
  26. 26. The Matrix
  27. 27. The Matrix
  28. 28. Real-Time Collection of Non-Content Records <ul><li>Governed by the pen register/trap and trace statute (originally enacted in 1986)‏ </li></ul><ul><li>Like the Wiretap Act, begins with a general prohibition </li></ul><ul><ul><li>criminal penalties for violations </li></ul></ul><ul><li>Exceptions for </li></ul><ul><ul><li>provider self-protection </li></ul></ul><ul><ul><li>consent of customer (think “Caller ID”)‏ </li></ul></ul><ul><ul><li>court order </li></ul></ul>
  29. 29. How Things (Didn’t) Change As a Result of USA Patriot <ul><li>Pre-USA Patriot, language was focused on telephone records </li></ul><ul><ul><li>the term “pen register” means a device which records or decodes electronic or other impulses which identify the numbers dialed or otherwise transmitted on the telephone line to which such device is attached (18 U.S.C. 3127(3))‏ </li></ul></ul><ul><li>New statute: Technology-neutral language </li></ul><ul><li>Amendments codify years of practice, orders routinely issued by courts </li></ul>
  30. 30. Pen Register/Trap and Trace <ul><li>Old statute very telephone-oriented </li></ul><ul><ul><li>“ numbers dialed” </li></ul></ul><ul><ul><li>“ telephone line” </li></ul></ul><ul><li>Updated statute is technology neutral </li></ul><ul><ul><li>confirms that the same rules apply to, e.g., Internet communications </li></ul></ul><ul><li>Retains historical (and constitutional) distinction between content & non-content </li></ul><ul><li>Codifies longstanding practice under prior statute (e.g., Kopp)‏ </li></ul>
  31. 31. What Can A Pen/Trap Device Collect? <ul><li>Plainly included </li></ul><ul><ul><li>telephone source/destination numbers </li></ul></ul><ul><ul><li>most e-mail header information </li></ul></ul><ul><ul><li>source and destination IP address and port </li></ul></ul><ul><ul><ul><li>Kopp case (2000)‏ </li></ul></ul></ul><ul><li>Plainly excluded: </li></ul><ul><ul><li>subject line of e-mails </li></ul></ul><ul><ul><li>content of a downloaded file </li></ul></ul>
  32. 32. The Device Formerly Known As “Carnivore” <ul><li>USA Patriot mandates additional judicial oversight </li></ul><ul><li>Where law enforcement uses its own device on a public provider’s computer network pursuant to a pen/trap order (3123(a)(3)), agents must file detailed report with the authorizing court </li></ul><ul><ul><li>e.g., date and time of installation and removal; information collected </li></ul></ul>
  33. 33. New Penalties for Government Misconduct <ul><li>New section 2712 creates explicit civil and administrative sanctions for violations of </li></ul><ul><ul><li>wiretap statute </li></ul></ul><ul><ul><li>ECPA (stored records)‏ </li></ul></ul><ul><ul><li>pen/trap statute </li></ul></ul><ul><ul><li>FISA (Foreign Intelligence Surveillance Act)‏ </li></ul></ul><ul><li>Minimum $10,000 civil damages </li></ul><ul><li>Mandatory 2-level administrative review for intentional violations by federal officers </li></ul>
  34. 34. The Matrix
  35. 35. Stored Communications and Subscriber Records 18 U.S.C., Chapter 121
  36. 36. Objectives of Chapter 121 <ul><li>Regulate privacy of communications held by electronic middlemen </li></ul><ul><ul><li>Congress sought to set the bar higher than subpoena in some case </li></ul></ul><ul><ul><li>put e-mail on a par with postal letter </li></ul></ul><ul><li>Not applicable to materials in the possession of the sender/recipient </li></ul>
  37. 37. Dichotomies ‘R’ Us <ul><li>Permissive disclosure vs. mandatory </li></ul><ul><ul><li>“ may” vs. “must” </li></ul></ul><ul><li>Content of communications vs. non-content </li></ul><ul><ul><li>content </li></ul></ul><ul><ul><ul><li>unopened e-mail vs. opened e-mail </li></ul></ul></ul><ul><ul><li>non-content </li></ul></ul><ul><ul><ul><li>transactional records vs. subscriber information </li></ul></ul></ul><ul><li>Basic rule: content receives more protection </li></ul>
  38. 38. Criminal Violations <ul><li>18 USC § 2701 prohibition </li></ul><ul><ul><li>Illegal to access without or in excess of authorization </li></ul></ul><ul><ul><li>a facility through which electronic communication services are provided </li></ul></ul><ul><ul><li>and thereby obtain, alter, or prevent access to a wire or electronic communication; </li></ul></ul><ul><ul><li>while in electronic storage </li></ul></ul><ul><li>Misdemeanor, absent aggravating factors </li></ul>
  39. 39. Other Enforcement Mechanisms <ul><li>Civil remedies </li></ul><ul><ul><li>$1,000 per violation </li></ul></ul><ul><ul><li>attorney’s fees </li></ul></ul><ul><ul><li>punitive damages </li></ul></ul>
  40. 40. Subscriber Content and the System Provider <ul><li>Any provider may freely read stored email/files of its customers </li></ul><ul><ul><li>Bohach v. City of Reno , 932 F. Supp. 1232 (D. Nev. 1996) (pager messages)‏ </li></ul></ul><ul><li>A non-public provider may also freely disclose that information </li></ul><ul><ul><li>for example, an employer </li></ul></ul>
  41. 41. Public Providers and Permissive Disclosure <ul><li>General rule: a public provider ( e.g. , an ISP) may not freely disclose customer content to others [18 U.S.C. § 2702] </li></ul><ul><li>Exceptions: </li></ul><ul><ul><li>consent </li></ul></ul><ul><ul><li>necessary to protect rights or property of service provider </li></ul></ul><ul><ul><li>to law enforcement if contents inadvertently obtained, pertains to the commission of a crime </li></ul></ul><ul><ul><li>imminent threat of death/serious injury* </li></ul></ul>
  42. 42. Permissive Disclosure and Non-Content Subscriber Information <ul><li>Rule is short and sweet </li></ul><ul><li>Provider may disclose non-content records to anyone except a governmental entity </li></ul><ul><li>New exceptions* </li></ul><ul><ul><li>to protect provider’s rights/property </li></ul></ul><ul><ul><li>threat of death/serious bodily injury </li></ul></ul><ul><li>Pre-existing exceptions </li></ul><ul><ul><li>appropriate legal process </li></ul></ul><ul><ul><li>consent of subscriber </li></ul></ul>
  43. 43. Mandatory Disclosures: Legal Process Used by the Government <ul><li>Keep in mind the same dichotomy </li></ul><ul><ul><li>content vs. non-content </li></ul></ul><ul><li>All governed by § 2703 </li></ul><ul><li>Types of process </li></ul><ul><ul><li>search warrant </li></ul></ul><ul><ul><li>subpoena (grand jury, administrative, etc.)‏ </li></ul></ul>
  44. 44. Government Access to Private Communications (Content)‏ <ul><li>For unopened email/voicemail < 180 days old stored on a provider’s system, government must obtain a search warrant [18 U.S.C. §2703(a)] </li></ul><ul><ul><li>warrant operates like a subpoena </li></ul></ul><ul><li>Congressional analogy: treat undelivered email like postal mail (see S. Ct. cases)‏ </li></ul>
  45. 45. Government Access to Private Communications (Content)‏ <ul><li>For opened e-mail/voicemail (or other stored files), government may send provider a subpoena and notify subscriber [18 U.S.C. § 2703(b)] </li></ul><ul><ul><li>only applicable to public providers </li></ul></ul><ul><li>May delay notice 90 days (§ 2705(a)) if </li></ul><ul><ul><li>destruction or tampering w/ evidence </li></ul></ul><ul><ul><li>intimidation of potential witnesses </li></ul></ul><ul><ul><li>otherwise seriously jeopardizing an investigation </li></ul></ul>
  46. 46. The Matrix
  47. 47. The Two Categories of Non-Content Information <ul><li>Subscriber information </li></ul><ul><ul><li>§2703(c)(2)‏ </li></ul></ul><ul><li>Transactional records </li></ul><ul><ul><li>§ 2703(c)(1)‏ </li></ul></ul>
  48. 48. Basic Subscriber Information <ul><li>Can be obtained through subpoena </li></ul><ul><li>Provider must give government </li></ul><ul><ul><li>name & address of subscriber </li></ul></ul><ul><ul><li>local and LD telephone toll billing records </li></ul></ul><ul><ul><li>telephone number or other account identifier </li></ul></ul><ul><ul><li>type of service provided </li></ul></ul><ul><ul><li>length of service rendered </li></ul></ul><ul><li>USA Patriot clarifies that this includes </li></ul><ul><ul><li>method/means of payment (e.g., credit card number)‏ </li></ul></ul><ul><ul><li>“ temporary address” info (e.g., dynamic IP assigment records)‏ </li></ul></ul>
  49. 49. Transactional Records <ul><li>Not content, not basic subscriber info </li></ul><ul><li>Everything in between </li></ul><ul><ul><li>audit trails/logs </li></ul></ul><ul><ul><li>addresses of past e-mail correspondents </li></ul></ul><ul><li>Obtain through </li></ul><ul><ul><li>warrant </li></ul></ul><ul><ul><li>section 2703(d) court order </li></ul></ul><ul><li>Note: prior to CALEA (10/94), a subpoena was sufficient </li></ul>
  50. 50. Section 2703(d) Orders <ul><li>“ Articulable facts” order </li></ul><ul><ul><li>“ specific and articulable facts showing that there are reasonable grounds to believe that [the specified records] are relevant and material to an ongoing criminal investigation” </li></ul></ul><ul><li>Not as high a standard as probable cause </li></ul><ul><li>But, like warrant (& unlike subpoena), requires judicial oversight & factfinding </li></ul><ul><li>Can get non-disclosure order with it </li></ul>
  51. 51. The Matrix
  52. 52. Summary: Legal Process & ECPA <ul><li>Warrant </li></ul><ul><ul><li>required for unopened e-mail </li></ul></ul><ul><ul><li>can be used (but not required) for other info </li></ul></ul><ul><li>Court order under § 2703(d)‏ </li></ul><ul><ul><li>opened e-mail, unopened e-mail >180 days old, or files (with prior notice)‏ </li></ul></ul><ul><ul><li>transactional records </li></ul></ul><ul><li>Subpoena </li></ul><ul><ul><li>opened e-mail or files (with prior notice)‏ </li></ul></ul><ul><ul><li>basic subscriber info </li></ul></ul>
  53. 53. § 2703(f) Requests to Preserve <ul><li>Government can ask for anything (content or non-content) to be preserved </li></ul><ul><li>Prospective? </li></ul><ul><li>Government must still satisfy the usual standards if it wants to receive the preserved data </li></ul>
  54. 54. Summary of Notable Changes <ul><li>Pen register/trap and trace statute updated </li></ul><ul><li>Enhanced disclosure by providers to protect life & limb </li></ul><ul><li>“ Computer trespasser” monitoring exception added </li></ul><ul><li>Scope of “basic subscriber info” clarified </li></ul><ul><li>Expanded liability for government misuse </li></ul>
  55. 55. Summary <ul><li>USA PATRIOT Act is not a sweeping expansion of surveillance authority </li></ul><ul><li>Instead, makes narrowly tailored changes to harmonize or clarify statute </li></ul><ul><li>Leaves intact the existing framework of privacy statutes </li></ul>
  56. 56. For More Information <ul><li>Computer Crime Section’s home page: www.cybercrime.gov </li></ul><ul><ul><li>legal & policy treatises on intrusions, ECPA, USA Patriot, computer search & seizure </li></ul></ul><ul><ul><li>mailing list for news updates </li></ul></ul><ul><ul><li>requests for speakers </li></ul></ul>
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×