A panorama of legal issues concerning IT
forensic investigations
ACFE Annual Meeting | Brussels | 5 February 2014

Johan V...
GENERAL

2
Fraud – prevention, detection
and investigation
Fraud
• Deliberately practiced deception to obtain or secure an
unlawful g...
Fraud – prevention, detection
and investigation
Fraud detection
• Organized detection
• Technical measures (e.g. camera su...
Data Protection
Limitations in relation to the processing of
personal data
• Personal data: “any information in relation t...
Data Protection
Processing of personal data is prohibited, unless
allowed by the Data Protection Law
The data processing m...
Data Protection
Specific issues in relation to fraud prevention and
detection
• Employee surveillance
• Electronic Communi...
PRACTICAL APPROACH

8
An example
Corporate espionage
• Internal vs external
• Employee
• Self-employed
• Third party

• Purpose
• Competing acti...
An example
Infringer
• Employee / Consultant

Nature of the wrong
• Civil / contractual
• Criminal

Equipment
• Laptop own...
Strategy
Options
• Internal investigation
• Forensic IT investigation on IT equipment

• External investigation
• Criminal...
LEGAL ISSUES

12
Overview
Forensic IT investigation
• Capacity of the investigator
• Access to the IT equipment
• Company owned
• Third par...
Cybercrime
Criminal acts posing a threat against the
confidentiality, the integrity and the availability of IT
systems and...
Hacking
Hacking: “the unauthorized intrusion in or
maintenance of access to an IT system” (article
550bis Criminal Code)
•...
Hacking
Sanction (also applicable in case of attempt to hack)
• Internal hacking
• Fines: 26 to 25.000 EUR (x6); and/or
• ...
Computer sabotage
Computer sabotage: “the direct or indirect insertion,
modification or erasure of information in an IT
sy...
Computer sabotage
Sanction (also applicable in case of attempted
sabotage):
• Fine: 26 to 25.000 EUR (x6); and/or
• Prison...
Privacy
What is privacy?
Various sources
• European Convention on Human Rights
• Treaty on the Functioning of the European...
Secrecy of letters
Secrecy of letters
• Article 29 of the Belgian Constitution

Drafts of outgoing letters
• Electronic do...
Secrecy of electronic
communication
Electronic communication is protected
• Interception of electronic communication
• Art...
Secrecy of electronic
communication
General interdiction to:
• Consult any electronic communication
• Identify participant...
Secrecy of electronic
communication
Monitoring of any form of electronic communication
• Use of e-mail
• Use of Internet

...
EVIDENCE LAW

24
Evidence Law
Admissible
• Type of evidence (‘matters of fact’ vs ‘legal acts’)
• Lawful
• Illegal evidence
• Illegally obt...
Evidence Law
“Antigoon” case law
• Illegally obtained evidence
• Evidence is no longer automatically discarded

Evidence i...
Evidence law: lessons learnt
Problems with electronic evidence
• Rules of evidence strongly favour “paper evidence”
• Cour...
Evidence Law: lessons learnt
Practical approach in Belgium
• Ensure that the evidence collection is organized in a
manner ...
Thank you for your attention.

QUESTIONS?

29
Upcoming SlideShare
Loading in …5
×

Panorama of legal issues concerning IT forensic investigations

902 views

Published on

A high level overview of legal issues in relation to IT forensic investigations, focusing on corporate espionage as a red line.

Published in: Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
902
On SlideShare
0
From Embeds
0
Number of Embeds
23
Actions
Shares
0
Downloads
14
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Panorama of legal issues concerning IT forensic investigations

  1. 1. A panorama of legal issues concerning IT forensic investigations ACFE Annual Meeting | Brussels | 5 February 2014 Johan Vandendriessche Partner (crosslaw) | www.crosslaw.be |
  2. 2. GENERAL 2
  3. 3. Fraud – prevention, detection and investigation Fraud • Deliberately practiced deception to obtain or secure an unlawful gain • Civil wrong (“tortuous liability” or “contractual liability”) • Criminal offence • Fraud takes many forms • ‘Unlawful gain’ can be very varied Fraud prevention • Technical and organizational measures • Security measures • Policies • Contractual arrangements
  4. 4. Fraud – prevention, detection and investigation Fraud detection • Organized detection • Technical measures (e.g. camera surveillance, data mining, …) • Organizational measures • Incidental detection Fraud investigation • • • • Informal private hearing Private detective IT forensic investigation Criminal investigation 4
  5. 5. Data Protection Limitations in relation to the processing of personal data • Personal data: “any information in relation to an identified or identifiable physical person […]” • Very large legal interpretation to the concept of personal data • Not necessarily sensitive information (although stricter rules apply to special categories of personal data) • Processing: “any operation or set of operations which is performed upon personal data […]” 5
  6. 6. Data Protection Processing of personal data is prohibited, unless allowed by the Data Protection Law The data processing must comply with specific principles • • • • • • • Proportionality Purpose limitation Limited in time (Individual and collective) Transparency Data quality Data security (Individual and collective) Enforcement measures 6
  7. 7. Data Protection Specific issues in relation to fraud prevention and detection • Employee surveillance • Electronic Communication (CBA No. 81) • Workplace Camera Surveillance (CBA No. 68) • • • • • • • • Camera Surveillance (security cameras) Whistle blowing policies Blacklists Access control / identity control (ID card related issues) Biometrical data (e.g. identification and access restrictions) Screening / background checks (e.g. “certificate of good behaviour”) Archiving Data mining Impact on evidence value in case of investigations 7
  8. 8. PRACTICAL APPROACH 8
  9. 9. An example Corporate espionage • Internal vs external • Employee • Self-employed • Third party • Purpose • Competing activity • Other • Object • Corporate know-how and IP • Client list / supplier list • Confidential Information 9
  10. 10. An example Infringer • Employee / Consultant Nature of the wrong • Civil / contractual • Criminal Equipment • Laptop owned by employer/client • Laptop owned by employee/consultant 10
  11. 11. Strategy Options • Internal investigation • Forensic IT investigation on IT equipment • External investigation • Criminal complaint (?) • Court proceedings  Sequestration (“sekwester” / “séquestre”)  Private search (“beslag inzake namaak” / “saisie en contrefaçon”)  Court order to provide evidence • Define actions (forensic or otherwise) 11
  12. 12. LEGAL ISSUES 12
  13. 13. Overview Forensic IT investigation • Capacity of the investigator • Access to the IT equipment • Company owned • Third party owned • Access to the data contained therein • privacy issues 13
  14. 14. Cybercrime Criminal acts posing a threat against the confidentiality, the integrity and the availability of IT systems and data • Hacking • Computer sabotage Investigation powers • (Network search) • (IT system and data seizure) • Cooperation duty of IT experts
  15. 15. Hacking Hacking: “the unauthorized intrusion in or maintenance of access to an IT system” (article 550bis Criminal Code) • Internal hacking • Person with access rights that exceeds such rights • With a fraudulent purpose or with the purpose to cause damage • External hacking • Person without access rights • Knowingly There is no requirement of breach of security measures Organizing hacking or using data that was obtained through hacking are also criminal offences 15
  16. 16. Hacking Sanction (also applicable in case of attempt to hack) • Internal hacking • Fines: 26 to 25.000 EUR (x6); and/or • Prison sentence: 3 months up to 1 year (doubled in case of intent to fraud) • External hacking • Fines: 26 to 25.000 EUR (x6); and/or • Prison sentence: 6 months up to 2 years Criminal sanctions are increased in case of: • Copying any data on the IT system • Use of the IT system or use thereof to hack another IT system • Damage to the IT system or its data or any third-party IT system or data 16
  17. 17. Computer sabotage Computer sabotage: “the direct or indirect insertion, modification or erasure of information in an IT system or any other change to the normal use of information in an IT system” (article 550ter Criminal Code) • Virus, worm, or any other malicious code • Unauthorized time-locks or other blocking mechanisms Developing, distributing or commercializing malicious code or tools to commit computer sabotage is a criminal offence 17
  18. 18. Computer sabotage Sanction (also applicable in case of attempted sabotage): • Fine: 26 to 25.000 EUR (x6); and/or • Prison sentence: 6 months up to 3 years (increased in case of fraudulent intent or intention to cause damage) Criminal sanctions are increased in case of: • Causing damage to data in any IT system as a result of computer sabotage • Interfering with the proper functioning of any IT system as a result of computer sabotage Sanctions are doubled in some cases of cybercrime recidivism 18
  19. 19. Privacy What is privacy? Various sources • European Convention on Human Rights • Treaty on the Functioning of the European Union (TFEU) • National (constitutional) legislation Principle of privacy at work has been confirmed by ECHR and Article 29 Working Party 19
  20. 20. Secrecy of letters Secrecy of letters • Article 29 of the Belgian Constitution Drafts of outgoing letters • Electronic documents • Not applicable Copies of incoming letters Interception of incoming letters • Address • Mentions 20
  21. 21. Secrecy of electronic communication Electronic communication is protected • Interception of electronic communication • Art. 314bis of the Criminal Code • Access to electronic communication • Art. 124-125 of the Act of 13 June 2005 Specific problem for investigation of e-mail and IM 21
  22. 22. Secrecy of electronic communication General interdiction to: • Consult any electronic communication • Identify participants to such electronic communication • To process in any manner such electronic communication UNLESS: if consent is obtained from all participants Specific exceptions exist (only business relevant exceptions are mentioned): • If allowed or imposed by law • With the sole purpose of ensuring the proper functioning of the network or the proper performance of the communication service • For offering a service that consists of preventing the receipt of unsolicited electronic communication, provided consent has been obtained for the recipient No distinction is made between private and professional communication! 22
  23. 23. Secrecy of electronic communication Monitoring of any form of electronic communication • Use of e-mail • Use of Internet CBA No. 81 allows a limited degree of monitoring • Surveillance is possible for limited purposes • The prevention of illegal acts, slander and violation of decency • The protection of the economic, trade and financial interests of the company • The protection of the security and proper functioning of the company’s IT system • The compliance with company policies in relation to online technologies • Procedural requirements • Collective information • Individual information • Sanctions? 23
  24. 24. EVIDENCE LAW 24
  25. 25. Evidence Law Admissible • Type of evidence (‘matters of fact’ vs ‘legal acts’) • Lawful • Illegal evidence • Illegally obtained evidence • Probatory value (‘credibility’) • Weight carried by the submitted evidence • Influenced by the reliability  Gathering process of digital evidence  Inherent reliability (?)
  26. 26. Evidence Law “Antigoon” case law • Illegally obtained evidence • Evidence is no longer automatically discarded Evidence is retained, except: • Nullity is legally imposed sanction • Unfair trial • Impact on reliability Small note: “Antigoon” case law is relatively new and still evolving 26
  27. 27. Evidence law: lessons learnt Problems with electronic evidence • Rules of evidence strongly favour “paper evidence” • Courts may be reluctant in the face of new technologies • Case law usually dismisses electronic evidence at the slightest indication of the possibility of fraud / tampered evidence General rules • ensure the accountability and integrity of any electronic evidence at all times • Implement procedures and policies / provide evidence that these policies are regularly verified or audited 27
  28. 28. Evidence Law: lessons learnt Practical approach in Belgium • Ensure that the evidence collection is organized in a manner guaranteeing evidence integrity • • • • Assistance of a court appointed expert (feasible?) Assistance of a bailiff Assistance of a unilaterally appointed expert Assistance of the Belgian Federal Computer Crime Unit (FCCU) • Ensure that the evidence is stored in a secure manner Court proceedings are likely to include a court expertise 28
  29. 29. Thank you for your attention. QUESTIONS? 29

×