SlideShare a Scribd company logo
1 of 16
Download to read offline
Vaciago, Cybercrime Page: 1
CLOUD COMPUTING WORKSHOP
LEGAL ASPECTS OF THE CLOUD
Brussels, March 1, 2012
Prof. Dr. Giuseppe Vaciago
US PATRIOT ACT
• The Patriot Act is extraterritorial in
application (Section 215 and Section
505). Under this Act, U.S. authorities
are entitled to subpoena business
records from any company that has:
i. “minimum contacts” with the U.S.
ii “possession, custody or control” of
the targeted data
Page: 2Vaciago, Cybercrime
The Director of the Federal Bureau of
Investigation or a designee of the Director
(whose rank shall be no lower than Assistant
Special Agent in Charge) may make an
application for an order requiring the
production of any tangible property (including
books, records, papers, documents, and other
items) for an investigation for protecting
against international terrorism or clandestine
intelligence activities, provided that such
investigation of a United States person is not
conducted solely upon the basis of activities
protected by the first amendment of the
Constitution [...]
Patriot Act, Sec. 215. Access To Records And
Other Items Under The FISA
IS IT A DATA PROTECTION ISSUE ?
• “The Data Protection directive shall not
apply to the processing of personal
data or in any case to processing
operations concerning public security,
defence, State security and the
activities of the State in areas of
criminal law” (Art. 3 Directive 95/46/EC)
• Recent proposal for a Directive on the
protection of individuals with regard to
personal data by competent authorities
for the purpose of detecting criminal
offences shall not apply in the course of
an activity which falls outside the scope
of Union law, in particular concerning
national security (Art. 1, 2b)
Page: 3Vaciago, Cybercrime
EU POSITION – AUGUST 2011
• August, 23, 2011, Vivian Reding (E-
006901/2011 – Answer to
parliamentary question):
• “In accordance with international public
law, and in the absence of a
recognised jurisdictional link, a foreign
law or statute cannot directly impose
legal obligations on organisations or
undertakings established in a third
country regarding the activities
performed within the territory of that
third country”
Page: 4Vaciago, Cybercrime
Viviane Reding - Vice-President of the
European Commission
IT IS A JURISDICTION ISSUE
• Territorial principle: the Court in the
place where the data is located has
jurisdiction.
• Nationality principle: the nationality of
the perpetrator is the factor used to
determine criminal jurisdiction.
• “Flag” principle: crimes committed on
ships, aircraft and spacecraft are
subject to the jurisdiction of the flag
state.
• “Power of Disposal Approach”: Law
enforcement would only have to legally
obtain username and password of the
suspect’s computer.
Page: 5Vaciago, Cybercrime
Jan Spoenle (Germany) for the Economic
Crime Division of the Council of Europe
EU COMPANIES
• “CloudSigma is operated and controlled
by a Swiss AG, which is not subject to
direct or indirect U.S. control”
• “City Cloud and Several Nines offer a
partnership safe-haven from the Patriot
Act in Sweden”
• Amazon Web Services (AWS) is
subject to the US Patriot Act but the
chief technology officer, Werner Vogels,
encrypts private data for transit to the
Cloud — and for employing best
practice when it comes to classifying
data
Page: 6Vaciago, Cybercrime
NON-US NATIONAL SECURITY LAWS
• French  Act  No.  2011/267 of 14 March
 2011 on the prevention of International
terrorism
• Spain Act No. 12/2003 of 21 March 2003
on the prevention of terrorism financing
• Italy Act No. 144/2005 of 27 July 2005
on the prevention of International
terrorism
• Canadian Anti-Terrorism-Act No. C-36
18 December 2001 seems to grant
powers similar to those of the Patriot Act
Page: 7Vaciago, Cybercrime
JURISDICTION – YAHOO! CASE
• In  2009,  the  US- based   company, Yahoo,
was   imposed   a   fine   by   a   Belgian
Criminal   Court   for   failing   to   identify   the
users   of   a   number   of   webmail  
accounts
• This  judgment  was  overturned  by  the  
Court  of  Appeal   of  Ghent  in  2010
• In   January   2011,   however,   the   Belgian
Supreme   Court   reversed   the   Court  of
 Appeal’s  decision
• In October 2011, the decision was referred
back to the Court of Appeal which decided
that Yahoo! was not subject to Belgian
jurisdiction
Page: 8Vaciago, Cybercrime
EU POSITION – DECEMBER 2011
December 6, 2011 Vivian Reding -
2nd Annual European Data Protection and
Privacy Conference - Brussels:
•“I am reading in the press about a
Swedish company whose selling point is
that they shelter users from the US Patriot
Act and other attempts by third countries
to access personal data”
•“Well, I do encourage cloud computing
centres in Europe, but this cannot be the
only solution. We need free flow of data
between our continents. And it doesn't
make much sense for us to retreat from
each other”
Page: 9Vaciago, Cybercrime
CONCLUSIONS
• The real issue with Cloud computing is
a loss of data location due to:
(i) “Data at rest” does not reside on the
device. “Data in transit” cannot be
easily analyzed because of encrypting
all traffic. “Data in execution” will be
present only in the cloud instance
(ii)Virtualization and cloud communication
protocols. The investigator who wants
to capture the bit-stream data of a
given suspect image will be in the same
situation as someone who has to
complete a jigsaw puzzle, whose
pieces are scattered randomly across
the globe
Page: 10Vaciago, Cybercrime
CONCLUSIONS
• Terrorism and Cyber-terrorism
represent a very serious global threat
and operate on a transnational basis
out of necessity
• Over 11,500 terrorist attacks occurred
in 72 countries in 2010, resulting in
approximately 50,000 victims, including
almost 13,200 deaths
• The number of attacks rose by almost 5
per cent over previous year
Page: 11Vaciago, Cybercrime
NATIONAL COUNTERTERRORISM CENTER
2010 REPORT ON TERRORISM
11064 ATTACKS IN 2010
CONCLUSIONS
• The Patriot Act has been copied in
many countries, including Canada, with
rules that are not that dissimilar to the
American ones
• The Canadian Anti-Terrorism-Act
(ATA), shortly after September 11,
2001, was combined with the National
Defense Act (NDA) giving a Minister
(Defense) the power to authorize
investigation of data storage at home
and abroad
Page: 12Vaciago, Cybercrime
The Minister of Defense’s authorization is
required for the Communications Security
Establishment to intercept foreign
communications targeted against a non-
Canadian abroad that may have a Canadian
connection, or to undertake security checks of
government computer networks to protect
them from terrorist activity [...]
Anti-Terrorism-Act (Review of 2004)
Canadian Department of Justice
CONCLUSIONS
• Without referring to Cloud computing,
everyday, the transactions of millions of
users using credit cards with U.S.-
based providers are monitored. Section
326 of the US Patriot Act requires all
financial institutions (this includes
Credit Card processing companies) to
obtain, verify and record information
that identifies each person who ‘opens,
changes or charges’ an existing
account.
Page: 13Vaciago, Cybercrime
The regulations shall, at a minimum, require
financial institutions to implement, and
customers (after being given adequate notice)
to comply with, reasonable procedures for:
(a) verifying the identity of any person seeking
to open an account to the extent reasonable
and practicable;
(b) maintaining records of the information
used to verify a person’s identity, including
name, address, and other identifying
information; and
(c) consulting lists of known or suspected
terrorists or terrorist organizations provided to
the financial institution by any government
agency […]
Patriot Act, Sec. 326. Verification of
Identification
CONCLUSIONS
• Without referring to Cloud computing,
projects relating to face recognition are
increasingly making it possible, and
with ever greater reliability, to track a
person's movements, even globally. 3
factors are important:
(a)Increasing public self‐disclosures
through online social networks (2.5
billion photos uploaded by Facebook
users alone per month in 2010)
(b)Identified profiles in online social
networks
(c)Improvements in face recognition
accuracy *
* A. Acquisti, Faces Of Facebook - Or, How The Largest Real ID Database In The
World Came To Be
Page: 14Vaciago, Cybercrime
CONCLUSIONS
• Even if the goal of the Digital Due
Process is review of the ECPA, it may
represent an excellent solution to the
tension between due process and civil
liberties around the world
• 3 important guidelines: (i) Technology
and Platform Neutrality (ii) Assurance of
Law Enforcement Access and (ii)
Equality Between Transit and Storage
• However, I believe it should have a
strong EU identity, as this is of crucial
importance for ensuring greater EU-US
co-operation in this scheme, too
Page: 15Vaciago, Cybercrime
Page: 16
Cybercrime Research Institute
Giuseppe Vaciago
Niehler Str. 35
D-50733 Cologne, Germany
vaciago@cybercrime.de
www.cybercrime-institute.com
Vaciago, Cybercrime

More Related Content

What's hot

The Promotion of Access to Information Act for South African Journalists
The Promotion of Access to Information Act for South African JournalistsThe Promotion of Access to Information Act for South African Journalists
The Promotion of Access to Information Act for South African JournalistsGabriella Razzano
 
On the cybercrime act
On the cybercrime actOn the cybercrime act
On the cybercrime actCP-Union
 
A study on internet libel in the philippines (2)
A study on internet libel in the philippines (2)A study on internet libel in the philippines (2)
A study on internet libel in the philippines (2)Geritt Contillo
 
33rd TWNIC IP OPM: Legal cooperation to overcome jurisdictional and territori...
33rd TWNIC IP OPM: Legal cooperation to overcome jurisdictional and territori...33rd TWNIC IP OPM: Legal cooperation to overcome jurisdictional and territori...
33rd TWNIC IP OPM: Legal cooperation to overcome jurisdictional and territori...APNIC
 
Legal Issues of Government Use of Social Media
Legal Issues of Government Use of Social MediaLegal Issues of Government Use of Social Media
Legal Issues of Government Use of Social MediaDavid Menken
 
Surveillance Coursework (COMPLETED-2
Surveillance Coursework (COMPLETED-2Surveillance Coursework (COMPLETED-2
Surveillance Coursework (COMPLETED-2Matthew MacNabb
 
Policy and Technical Solutions for Online Cross-Border Legal Problems in Asia
Policy and Technical Solutions for Online Cross-Border Legal Problems in AsiaPolicy and Technical Solutions for Online Cross-Border Legal Problems in Asia
Policy and Technical Solutions for Online Cross-Border Legal Problems in AsiaAPNIC
 
"Digital.Report+" - expert magazine for ICT policy professionals
"Digital.Report+" - expert magazine for ICT policy professionals"Digital.Report+" - expert magazine for ICT policy professionals
"Digital.Report+" - expert magazine for ICT policy professionalsVadim Dryganov
 
Newsletter 2 Final-2
Newsletter 2 Final-2Newsletter 2 Final-2
Newsletter 2 Final-2Jung Won Kim
 
Internet user's rights and fundamental freedoms day
Internet user's rights and fundamental freedoms dayInternet user's rights and fundamental freedoms day
Internet user's rights and fundamental freedoms daymoldovaictsummit2016
 
The Data Retention Directive: recent developments
The Data Retention Directive: recent developmentsThe Data Retention Directive: recent developments
The Data Retention Directive: recent developmentsblogzilla
 
Freedom of expression on the internet
Freedom of expression on the internetFreedom of expression on the internet
Freedom of expression on the internetmoldovaictsummit2016
 
Copyright and privacy by design - what lessons have we learned?
Copyright and privacy by design - what lessons have we learned?Copyright and privacy by design - what lessons have we learned?
Copyright and privacy by design - what lessons have we learned?blogzilla
 
International Summer School on Cyber Law - Moscow - July 2014
International Summer School on Cyber Law - Moscow - July 2014International Summer School on Cyber Law - Moscow - July 2014
International Summer School on Cyber Law - Moscow - July 2014Giovanni Maria Riccio
 
Cyber crime legislation part 1
Cyber crime legislation part 1Cyber crime legislation part 1
Cyber crime legislation part 1MohsinMughal28
 

What's hot (20)

The Promotion of Access to Information Act for South African Journalists
The Promotion of Access to Information Act for South African JournalistsThe Promotion of Access to Information Act for South African Journalists
The Promotion of Access to Information Act for South African Journalists
 
On the cybercrime act
On the cybercrime actOn the cybercrime act
On the cybercrime act
 
Internet governance
Internet governanceInternet governance
Internet governance
 
A study on internet libel in the philippines (2)
A study on internet libel in the philippines (2)A study on internet libel in the philippines (2)
A study on internet libel in the philippines (2)
 
33rd TWNIC IP OPM: Legal cooperation to overcome jurisdictional and territori...
33rd TWNIC IP OPM: Legal cooperation to overcome jurisdictional and territori...33rd TWNIC IP OPM: Legal cooperation to overcome jurisdictional and territori...
33rd TWNIC IP OPM: Legal cooperation to overcome jurisdictional and territori...
 
Cybercrime convention
Cybercrime conventionCybercrime convention
Cybercrime convention
 
Legal Issues of Government Use of Social Media
Legal Issues of Government Use of Social MediaLegal Issues of Government Use of Social Media
Legal Issues of Government Use of Social Media
 
Surveillance Coursework (COMPLETED-2
Surveillance Coursework (COMPLETED-2Surveillance Coursework (COMPLETED-2
Surveillance Coursework (COMPLETED-2
 
After 9 11
After 9 11After 9 11
After 9 11
 
Policy and Technical Solutions for Online Cross-Border Legal Problems in Asia
Policy and Technical Solutions for Online Cross-Border Legal Problems in AsiaPolicy and Technical Solutions for Online Cross-Border Legal Problems in Asia
Policy and Technical Solutions for Online Cross-Border Legal Problems in Asia
 
"Digital.Report+" - expert magazine for ICT policy professionals
"Digital.Report+" - expert magazine for ICT policy professionals"Digital.Report+" - expert magazine for ICT policy professionals
"Digital.Report+" - expert magazine for ICT policy professionals
 
Newsletter 2 Final-2
Newsletter 2 Final-2Newsletter 2 Final-2
Newsletter 2 Final-2
 
Internet user's rights and fundamental freedoms day
Internet user's rights and fundamental freedoms dayInternet user's rights and fundamental freedoms day
Internet user's rights and fundamental freedoms day
 
Cybercrime
CybercrimeCybercrime
Cybercrime
 
The Data Retention Directive: recent developments
The Data Retention Directive: recent developmentsThe Data Retention Directive: recent developments
The Data Retention Directive: recent developments
 
Freedom of expression on the internet
Freedom of expression on the internetFreedom of expression on the internet
Freedom of expression on the internet
 
Copyright and privacy by design - what lessons have we learned?
Copyright and privacy by design - what lessons have we learned?Copyright and privacy by design - what lessons have we learned?
Copyright and privacy by design - what lessons have we learned?
 
Internet Law Primer
Internet Law PrimerInternet Law Primer
Internet Law Primer
 
International Summer School on Cyber Law - Moscow - July 2014
International Summer School on Cyber Law - Moscow - July 2014International Summer School on Cyber Law - Moscow - July 2014
International Summer School on Cyber Law - Moscow - July 2014
 
Cyber crime legislation part 1
Cyber crime legislation part 1Cyber crime legislation part 1
Cyber crime legislation part 1
 

Viewers also liked

Gillian Cafiero - "Codifying the Harm of Cybercrime": Injecting zemiology in ...
Gillian Cafiero - "Codifying the Harm of Cybercrime": Injecting zemiology in ...Gillian Cafiero - "Codifying the Harm of Cybercrime": Injecting zemiology in ...
Gillian Cafiero - "Codifying the Harm of Cybercrime": Injecting zemiology in ...Tech and Law Center
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself Alert Logic
 
Cloud Computing security Challenges for Defense Forces
Cloud Computing security Challenges for Defense ForcesCloud Computing security Challenges for Defense Forces
Cloud Computing security Challenges for Defense Forcescommandersaini
 
Cloud computing - Risks and Mitigation - GTS
Cloud computing - Risks and Mitigation - GTSCloud computing - Risks and Mitigation - GTS
Cloud computing - Risks and Mitigation - GTSAnchises Moraes
 
Legal Aspect and Future of Technology
Legal Aspect and Future of TechnologyLegal Aspect and Future of Technology
Legal Aspect and Future of TechnologyPrasant Patro
 
Information management report on ICT
Information management   report on ICTInformation management   report on ICT
Information management report on ICTAbigail Pugal-Somera
 
Buenos Aires Decision Table presentation
Buenos Aires Decision Table presentationBuenos Aires Decision Table presentation
Buenos Aires Decision Table presentationMichael Anstis
 
Human Herpes viruses
Human Herpes virusesHuman Herpes viruses
Human Herpes virusesAhlamt
 
Computer virus
Computer virusComputer virus
Computer virushrithikjha
 
Legal Technology: Change is Good
Legal Technology: Change is GoodLegal Technology: Change is Good
Legal Technology: Change is GoodNicole Black
 
Cyber security and ethical hacking 7
Cyber security and ethical hacking 7Cyber security and ethical hacking 7
Cyber security and ethical hacking 7Mehedi Hasan
 
The input and output device
The  input  and  output deviceThe  input  and  output device
The input and output devicearchana_brai
 
Decision Table Training Session
Decision Table Training SessionDecision Table Training Session
Decision Table Training Sessionnazeer pasha
 
DFD, Decision Table, Decision Chart, Structure Charts
DFD, Decision Table, Decision Chart, Structure ChartsDFD, Decision Table, Decision Chart, Structure Charts
DFD, Decision Table, Decision Chart, Structure ChartsSOuvagya Kumar Jena
 
Systems Analyst and Design - Data Dictionary
Systems Analyst and Design -  Data DictionarySystems Analyst and Design -  Data Dictionary
Systems Analyst and Design - Data DictionaryKimberly Coquilla
 

Viewers also liked (20)

Gillian Cafiero - "Codifying the Harm of Cybercrime": Injecting zemiology in ...
Gillian Cafiero - "Codifying the Harm of Cybercrime": Injecting zemiology in ...Gillian Cafiero - "Codifying the Harm of Cybercrime": Injecting zemiology in ...
Gillian Cafiero - "Codifying the Harm of Cybercrime": Injecting zemiology in ...
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself
 
Cloud Computing security Challenges for Defense Forces
Cloud Computing security Challenges for Defense ForcesCloud Computing security Challenges for Defense Forces
Cloud Computing security Challenges for Defense Forces
 
Cloud computing - Risks and Mitigation - GTS
Cloud computing - Risks and Mitigation - GTSCloud computing - Risks and Mitigation - GTS
Cloud computing - Risks and Mitigation - GTS
 
Legal Aspect and Future of Technology
Legal Aspect and Future of TechnologyLegal Aspect and Future of Technology
Legal Aspect and Future of Technology
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
Computer virus !!!!!
Computer virus !!!!!Computer virus !!!!!
Computer virus !!!!!
 
Information management report on ICT
Information management   report on ICTInformation management   report on ICT
Information management report on ICT
 
Buenos Aires Decision Table presentation
Buenos Aires Decision Table presentationBuenos Aires Decision Table presentation
Buenos Aires Decision Table presentation
 
Human Herpes viruses
Human Herpes virusesHuman Herpes viruses
Human Herpes viruses
 
Computer virus
Computer virusComputer virus
Computer virus
 
Legal Technology: Change is Good
Legal Technology: Change is GoodLegal Technology: Change is Good
Legal Technology: Change is Good
 
Assignment Problem
Assignment ProblemAssignment Problem
Assignment Problem
 
Cyber security and ethical hacking 7
Cyber security and ethical hacking 7Cyber security and ethical hacking 7
Cyber security and ethical hacking 7
 
Assignment model
Assignment modelAssignment model
Assignment model
 
The input and output device
The  input  and  output deviceThe  input  and  output device
The input and output device
 
Decision Table Training Session
Decision Table Training SessionDecision Table Training Session
Decision Table Training Session
 
Input and output design
Input and output designInput and output design
Input and output design
 
DFD, Decision Table, Decision Chart, Structure Charts
DFD, Decision Table, Decision Chart, Structure ChartsDFD, Decision Table, Decision Chart, Structure Charts
DFD, Decision Table, Decision Chart, Structure Charts
 
Systems Analyst and Design - Data Dictionary
Systems Analyst and Design -  Data DictionarySystems Analyst and Design -  Data Dictionary
Systems Analyst and Design - Data Dictionary
 

Similar to Legal Aspect of the Cloud by Giuseppe Vaciago

Lofty Ideals: The Nature of Clouds and Encryption
Lofty Ideals: The Nature of Clouds and EncryptionLofty Ideals: The Nature of Clouds and Encryption
Lofty Ideals: The Nature of Clouds and EncryptionSean Whalen
 
Cyber Crime in Government
Cyber Crime in GovernmentCyber Crime in Government
Cyber Crime in GovernmentJacqueline Fick
 
Digital Repression and Techno-Authoritarianism
Digital Repression and Techno-AuthoritarianismDigital Repression and Techno-Authoritarianism
Digital Repression and Techno-AuthoritarianismCharles Mok
 
International Cybercrime (Part 1)
International Cybercrime (Part 1)International Cybercrime (Part 1)
International Cybercrime (Part 1)GrittyCC
 
Cyber Crime Investigation
Cyber Crime InvestigationCyber Crime Investigation
Cyber Crime InvestigationHarshita Ved
 
CYBER SECURITY :Cyber Law – The Legal Perspectives
CYBER SECURITY :Cyber Law – The Legal PerspectivesCYBER SECURITY :Cyber Law – The Legal Perspectives
CYBER SECURITY :Cyber Law – The Legal PerspectivesDrSamsonChepuri1
 
Legal and privacy implications of IoT
Legal and privacy implications of IoTLegal and privacy implications of IoT
Legal and privacy implications of IoTAndres Guadamuz
 
Prosecuting Cybercrime and Regulating the Web
Prosecuting Cybercrime and Regulating the WebProsecuting Cybercrime and Regulating the Web
Prosecuting Cybercrime and Regulating the WebDarius Whelan
 
DRAFT 2 - The Internet has effectively rendered privacy as a thing of the past
DRAFT 2 - The Internet has effectively rendered privacy as a thing of the pastDRAFT 2 - The Internet has effectively rendered privacy as a thing of the past
DRAFT 2 - The Internet has effectively rendered privacy as a thing of the pastMichael Owen
 
Unit-3 Cyber Crime PPT.pptx
Unit-3 Cyber Crime PPT.pptxUnit-3 Cyber Crime PPT.pptx
Unit-3 Cyber Crime PPT.pptxParasSehgal12
 
Cybercrime in government
Cybercrime in governmentCybercrime in government
Cybercrime in governmentJacqueline Fick
 
International laws and standards controlling information security. Latest dev...
International laws and standards controlling information security. Latest dev...International laws and standards controlling information security. Latest dev...
International laws and standards controlling information security. Latest dev...USAID CEED II Project Moldova
 
A Study on the Cyber-Crime and Cyber Criminals: A Global Problem
A Study on the Cyber-Crime and Cyber Criminals: A Global ProblemA Study on the Cyber-Crime and Cyber Criminals: A Global Problem
A Study on the Cyber-Crime and Cyber Criminals: A Global Problemijbuiiir1
 
Social media, surveillance and censorship
Social media, surveillance  and censorshipSocial media, surveillance  and censorship
Social media, surveillance and censorshiplilianedwards
 
Cyber Crime and its Jurisdictional Issue's
Cyber Crime and its Jurisdictional Issue'sCyber Crime and its Jurisdictional Issue's
Cyber Crime and its Jurisdictional Issue'sDhurba Mainali
 
Cryptocurrency enforcement framework - Report by the U.S. Department of Justice
Cryptocurrency enforcement framework - Report by the U.S. Department of JusticeCryptocurrency enforcement framework - Report by the U.S. Department of Justice
Cryptocurrency enforcement framework - Report by the U.S. Department of JusticeLoeb Smith Attorneys
 
ECON 202 Written AssignmentDue April 28th Submitted through Blac
ECON 202 Written AssignmentDue April 28th Submitted through BlacECON 202 Written AssignmentDue April 28th Submitted through Blac
ECON 202 Written AssignmentDue April 28th Submitted through BlacEvonCanales257
 

Similar to Legal Aspect of the Cloud by Giuseppe Vaciago (20)

Lofty Ideals: The Nature of Clouds and Encryption
Lofty Ideals: The Nature of Clouds and EncryptionLofty Ideals: The Nature of Clouds and Encryption
Lofty Ideals: The Nature of Clouds and Encryption
 
Cyber Crime in Government
Cyber Crime in GovernmentCyber Crime in Government
Cyber Crime in Government
 
Digital Repression and Techno-Authoritarianism
Digital Repression and Techno-AuthoritarianismDigital Repression and Techno-Authoritarianism
Digital Repression and Techno-Authoritarianism
 
International Cybercrime (Part 1)
International Cybercrime (Part 1)International Cybercrime (Part 1)
International Cybercrime (Part 1)
 
Cyber Crime Investigation
Cyber Crime InvestigationCyber Crime Investigation
Cyber Crime Investigation
 
CYBER SECURITY :Cyber Law – The Legal Perspectives
CYBER SECURITY :Cyber Law – The Legal PerspectivesCYBER SECURITY :Cyber Law – The Legal Perspectives
CYBER SECURITY :Cyber Law – The Legal Perspectives
 
Legal and privacy implications of IoT
Legal and privacy implications of IoTLegal and privacy implications of IoT
Legal and privacy implications of IoT
 
Prosecuting Cybercrime and Regulating the Web
Prosecuting Cybercrime and Regulating the WebProsecuting Cybercrime and Regulating the Web
Prosecuting Cybercrime and Regulating the Web
 
DRAFT 2 - The Internet has effectively rendered privacy as a thing of the past
DRAFT 2 - The Internet has effectively rendered privacy as a thing of the pastDRAFT 2 - The Internet has effectively rendered privacy as a thing of the past
DRAFT 2 - The Internet has effectively rendered privacy as a thing of the past
 
Unit-3 Cyber Crime PPT.pptx
Unit-3 Cyber Crime PPT.pptxUnit-3 Cyber Crime PPT.pptx
Unit-3 Cyber Crime PPT.pptx
 
Cybercrime in government
Cybercrime in governmentCybercrime in government
Cybercrime in government
 
International laws and standards controlling information security. Latest dev...
International laws and standards controlling information security. Latest dev...International laws and standards controlling information security. Latest dev...
International laws and standards controlling information security. Latest dev...
 
A Study on the Cyber-Crime and Cyber Criminals: A Global Problem
A Study on the Cyber-Crime and Cyber Criminals: A Global ProblemA Study on the Cyber-Crime and Cyber Criminals: A Global Problem
A Study on the Cyber-Crime and Cyber Criminals: A Global Problem
 
Social media, surveillance and censorship
Social media, surveillance  and censorshipSocial media, surveillance  and censorship
Social media, surveillance and censorship
 
Berkley Law Writing Competition
Berkley Law Writing CompetitionBerkley Law Writing Competition
Berkley Law Writing Competition
 
Cyber law and cyber-crime
Cyber law and cyber-crimeCyber law and cyber-crime
Cyber law and cyber-crime
 
Cyber-Law and Cyber-Crime
Cyber-Law and Cyber-CrimeCyber-Law and Cyber-Crime
Cyber-Law and Cyber-Crime
 
Cyber Crime and its Jurisdictional Issue's
Cyber Crime and its Jurisdictional Issue'sCyber Crime and its Jurisdictional Issue's
Cyber Crime and its Jurisdictional Issue's
 
Cryptocurrency enforcement framework - Report by the U.S. Department of Justice
Cryptocurrency enforcement framework - Report by the U.S. Department of JusticeCryptocurrency enforcement framework - Report by the U.S. Department of Justice
Cryptocurrency enforcement framework - Report by the U.S. Department of Justice
 
ECON 202 Written AssignmentDue April 28th Submitted through Blac
ECON 202 Written AssignmentDue April 28th Submitted through BlacECON 202 Written AssignmentDue April 28th Submitted through Blac
ECON 202 Written AssignmentDue April 28th Submitted through Blac
 

More from Tech and Law Center

One step further in the surveillance society the case of predictive policing
One step further in the surveillance society the case of predictive policingOne step further in the surveillance society the case of predictive policing
One step further in the surveillance society the case of predictive policingTech and Law Center
 
2015.11.06. Luca Melette_Mobile threats evolution
2015.11.06. Luca Melette_Mobile threats evolution2015.11.06. Luca Melette_Mobile threats evolution
2015.11.06. Luca Melette_Mobile threats evolutionTech and Law Center
 
Andrea Molino: Applicazione delle tecnologie ICT al settore Agricolo
Andrea Molino: Applicazione delle tecnologie ICT al settore AgricoloAndrea Molino: Applicazione delle tecnologie ICT al settore Agricolo
Andrea Molino: Applicazione delle tecnologie ICT al settore AgricoloTech and Law Center
 
Emanuela Pala: Internet of Things & Smart Agriculture
Emanuela Pala: Internet of Things & Smart Agriculture Emanuela Pala: Internet of Things & Smart Agriculture
Emanuela Pala: Internet of Things & Smart Agriculture Tech and Law Center
 
Tommaso De Gregorio: Growing Hazelnuts
Tommaso De Gregorio: Growing Hazelnuts Tommaso De Gregorio: Growing Hazelnuts
Tommaso De Gregorio: Growing Hazelnuts Tech and Law Center
 
Cybersecurity & Digital Forensics / Dronitaly - 25 Ottobre 2014
Cybersecurity & Digital Forensics / Dronitaly - 25 Ottobre 2014Cybersecurity & Digital Forensics / Dronitaly - 25 Ottobre 2014
Cybersecurity & Digital Forensics / Dronitaly - 25 Ottobre 2014Tech and Law Center
 
Giuseppe Vaciago: From Crime to privacy-oriented crime prevention in the Big ...
Giuseppe Vaciago: From Crime to privacy-oriented crime prevention in the Big ...Giuseppe Vaciago: From Crime to privacy-oriented crime prevention in the Big ...
Giuseppe Vaciago: From Crime to privacy-oriented crime prevention in the Big ...Tech and Law Center
 
SECURITY OF THE DIGITAL NATIVES - Italian version
SECURITY OF THE DIGITAL NATIVES - Italian versionSECURITY OF THE DIGITAL NATIVES - Italian version
SECURITY OF THE DIGITAL NATIVES - Italian versionTech and Law Center
 
SECURITY OF THE DIGITAL NATIVES - English version
SECURITY OF THE DIGITAL NATIVES - English versionSECURITY OF THE DIGITAL NATIVES - English version
SECURITY OF THE DIGITAL NATIVES - English versionTech and Law Center
 
Android malware overview, status and dilemmas
Android malware  overview, status and dilemmasAndroid malware  overview, status and dilemmas
Android malware overview, status and dilemmasTech and Law Center
 
Cybercrime, Digital Investigation and Public Private Partnership by Francesca...
Cybercrime, Digital Investigation and Public Private Partnership by Francesca...Cybercrime, Digital Investigation and Public Private Partnership by Francesca...
Cybercrime, Digital Investigation and Public Private Partnership by Francesca...Tech and Law Center
 
Digital Native Privacy (Francesca Bosco & Giuseppe Vaciago)
Digital Native Privacy (Francesca Bosco & Giuseppe Vaciago)Digital Native Privacy (Francesca Bosco & Giuseppe Vaciago)
Digital Native Privacy (Francesca Bosco & Giuseppe Vaciago)Tech and Law Center
 
The Death Of Computer Forensics: Digital Forensics After the Singularity
The Death Of Computer Forensics: Digital Forensics After the SingularityThe Death Of Computer Forensics: Digital Forensics After the Singularity
The Death Of Computer Forensics: Digital Forensics After the SingularityTech and Law Center
 

More from Tech and Law Center (14)

One step further in the surveillance society the case of predictive policing
One step further in the surveillance society the case of predictive policingOne step further in the surveillance society the case of predictive policing
One step further in the surveillance society the case of predictive policing
 
2015.11.06. Luca Melette_Mobile threats evolution
2015.11.06. Luca Melette_Mobile threats evolution2015.11.06. Luca Melette_Mobile threats evolution
2015.11.06. Luca Melette_Mobile threats evolution
 
Andrea Molino: Applicazione delle tecnologie ICT al settore Agricolo
Andrea Molino: Applicazione delle tecnologie ICT al settore AgricoloAndrea Molino: Applicazione delle tecnologie ICT al settore Agricolo
Andrea Molino: Applicazione delle tecnologie ICT al settore Agricolo
 
Emanuela Pala: Internet of Things & Smart Agriculture
Emanuela Pala: Internet of Things & Smart Agriculture Emanuela Pala: Internet of Things & Smart Agriculture
Emanuela Pala: Internet of Things & Smart Agriculture
 
Tommaso De Gregorio: Growing Hazelnuts
Tommaso De Gregorio: Growing Hazelnuts Tommaso De Gregorio: Growing Hazelnuts
Tommaso De Gregorio: Growing Hazelnuts
 
Smart intelligence
Smart intelligenceSmart intelligence
Smart intelligence
 
Cybersecurity & Digital Forensics / Dronitaly - 25 Ottobre 2014
Cybersecurity & Digital Forensics / Dronitaly - 25 Ottobre 2014Cybersecurity & Digital Forensics / Dronitaly - 25 Ottobre 2014
Cybersecurity & Digital Forensics / Dronitaly - 25 Ottobre 2014
 
Giuseppe Vaciago: From Crime to privacy-oriented crime prevention in the Big ...
Giuseppe Vaciago: From Crime to privacy-oriented crime prevention in the Big ...Giuseppe Vaciago: From Crime to privacy-oriented crime prevention in the Big ...
Giuseppe Vaciago: From Crime to privacy-oriented crime prevention in the Big ...
 
SECURITY OF THE DIGITAL NATIVES - Italian version
SECURITY OF THE DIGITAL NATIVES - Italian versionSECURITY OF THE DIGITAL NATIVES - Italian version
SECURITY OF THE DIGITAL NATIVES - Italian version
 
SECURITY OF THE DIGITAL NATIVES - English version
SECURITY OF THE DIGITAL NATIVES - English versionSECURITY OF THE DIGITAL NATIVES - English version
SECURITY OF THE DIGITAL NATIVES - English version
 
Android malware overview, status and dilemmas
Android malware  overview, status and dilemmasAndroid malware  overview, status and dilemmas
Android malware overview, status and dilemmas
 
Cybercrime, Digital Investigation and Public Private Partnership by Francesca...
Cybercrime, Digital Investigation and Public Private Partnership by Francesca...Cybercrime, Digital Investigation and Public Private Partnership by Francesca...
Cybercrime, Digital Investigation and Public Private Partnership by Francesca...
 
Digital Native Privacy (Francesca Bosco & Giuseppe Vaciago)
Digital Native Privacy (Francesca Bosco & Giuseppe Vaciago)Digital Native Privacy (Francesca Bosco & Giuseppe Vaciago)
Digital Native Privacy (Francesca Bosco & Giuseppe Vaciago)
 
The Death Of Computer Forensics: Digital Forensics After the Singularity
The Death Of Computer Forensics: Digital Forensics After the SingularityThe Death Of Computer Forensics: Digital Forensics After the Singularity
The Death Of Computer Forensics: Digital Forensics After the Singularity
 

Legal Aspect of the Cloud by Giuseppe Vaciago

  • 1. Vaciago, Cybercrime Page: 1 CLOUD COMPUTING WORKSHOP LEGAL ASPECTS OF THE CLOUD Brussels, March 1, 2012 Prof. Dr. Giuseppe Vaciago
  • 2. US PATRIOT ACT • The Patriot Act is extraterritorial in application (Section 215 and Section 505). Under this Act, U.S. authorities are entitled to subpoena business records from any company that has: i. “minimum contacts” with the U.S. ii “possession, custody or control” of the targeted data Page: 2Vaciago, Cybercrime The Director of the Federal Bureau of Investigation or a designee of the Director (whose rank shall be no lower than Assistant Special Agent in Charge) may make an application for an order requiring the production of any tangible property (including books, records, papers, documents, and other items) for an investigation for protecting against international terrorism or clandestine intelligence activities, provided that such investigation of a United States person is not conducted solely upon the basis of activities protected by the first amendment of the Constitution [...] Patriot Act, Sec. 215. Access To Records And Other Items Under The FISA
  • 3. IS IT A DATA PROTECTION ISSUE ? • “The Data Protection directive shall not apply to the processing of personal data or in any case to processing operations concerning public security, defence, State security and the activities of the State in areas of criminal law” (Art. 3 Directive 95/46/EC) • Recent proposal for a Directive on the protection of individuals with regard to personal data by competent authorities for the purpose of detecting criminal offences shall not apply in the course of an activity which falls outside the scope of Union law, in particular concerning national security (Art. 1, 2b) Page: 3Vaciago, Cybercrime
  • 4. EU POSITION – AUGUST 2011 • August, 23, 2011, Vivian Reding (E- 006901/2011 – Answer to parliamentary question): • “In accordance with international public law, and in the absence of a recognised jurisdictional link, a foreign law or statute cannot directly impose legal obligations on organisations or undertakings established in a third country regarding the activities performed within the territory of that third country” Page: 4Vaciago, Cybercrime Viviane Reding - Vice-President of the European Commission
  • 5. IT IS A JURISDICTION ISSUE • Territorial principle: the Court in the place where the data is located has jurisdiction. • Nationality principle: the nationality of the perpetrator is the factor used to determine criminal jurisdiction. • “Flag” principle: crimes committed on ships, aircraft and spacecraft are subject to the jurisdiction of the flag state. • “Power of Disposal Approach”: Law enforcement would only have to legally obtain username and password of the suspect’s computer. Page: 5Vaciago, Cybercrime Jan Spoenle (Germany) for the Economic Crime Division of the Council of Europe
  • 6. EU COMPANIES • “CloudSigma is operated and controlled by a Swiss AG, which is not subject to direct or indirect U.S. control” • “City Cloud and Several Nines offer a partnership safe-haven from the Patriot Act in Sweden” • Amazon Web Services (AWS) is subject to the US Patriot Act but the chief technology officer, Werner Vogels, encrypts private data for transit to the Cloud — and for employing best practice when it comes to classifying data Page: 6Vaciago, Cybercrime
  • 7. NON-US NATIONAL SECURITY LAWS • French  Act  No.  2011/267 of 14 March  2011 on the prevention of International terrorism • Spain Act No. 12/2003 of 21 March 2003 on the prevention of terrorism financing • Italy Act No. 144/2005 of 27 July 2005 on the prevention of International terrorism • Canadian Anti-Terrorism-Act No. C-36 18 December 2001 seems to grant powers similar to those of the Patriot Act Page: 7Vaciago, Cybercrime
  • 8. JURISDICTION – YAHOO! CASE • In  2009,  the  US- based   company, Yahoo, was   imposed   a   fine   by   a   Belgian Criminal   Court   for   failing   to   identify   the users   of   a   number   of   webmail   accounts • This  judgment  was  overturned  by  the   Court  of  Appeal   of  Ghent  in  2010 • In   January   2011,   however,   the   Belgian Supreme   Court   reversed   the   Court  of  Appeal’s  decision • In October 2011, the decision was referred back to the Court of Appeal which decided that Yahoo! was not subject to Belgian jurisdiction Page: 8Vaciago, Cybercrime
  • 9. EU POSITION – DECEMBER 2011 December 6, 2011 Vivian Reding - 2nd Annual European Data Protection and Privacy Conference - Brussels: •“I am reading in the press about a Swedish company whose selling point is that they shelter users from the US Patriot Act and other attempts by third countries to access personal data” •“Well, I do encourage cloud computing centres in Europe, but this cannot be the only solution. We need free flow of data between our continents. And it doesn't make much sense for us to retreat from each other” Page: 9Vaciago, Cybercrime
  • 10. CONCLUSIONS • The real issue with Cloud computing is a loss of data location due to: (i) “Data at rest” does not reside on the device. “Data in transit” cannot be easily analyzed because of encrypting all traffic. “Data in execution” will be present only in the cloud instance (ii)Virtualization and cloud communication protocols. The investigator who wants to capture the bit-stream data of a given suspect image will be in the same situation as someone who has to complete a jigsaw puzzle, whose pieces are scattered randomly across the globe Page: 10Vaciago, Cybercrime
  • 11. CONCLUSIONS • Terrorism and Cyber-terrorism represent a very serious global threat and operate on a transnational basis out of necessity • Over 11,500 terrorist attacks occurred in 72 countries in 2010, resulting in approximately 50,000 victims, including almost 13,200 deaths • The number of attacks rose by almost 5 per cent over previous year Page: 11Vaciago, Cybercrime NATIONAL COUNTERTERRORISM CENTER 2010 REPORT ON TERRORISM 11064 ATTACKS IN 2010
  • 12. CONCLUSIONS • The Patriot Act has been copied in many countries, including Canada, with rules that are not that dissimilar to the American ones • The Canadian Anti-Terrorism-Act (ATA), shortly after September 11, 2001, was combined with the National Defense Act (NDA) giving a Minister (Defense) the power to authorize investigation of data storage at home and abroad Page: 12Vaciago, Cybercrime The Minister of Defense’s authorization is required for the Communications Security Establishment to intercept foreign communications targeted against a non- Canadian abroad that may have a Canadian connection, or to undertake security checks of government computer networks to protect them from terrorist activity [...] Anti-Terrorism-Act (Review of 2004) Canadian Department of Justice
  • 13. CONCLUSIONS • Without referring to Cloud computing, everyday, the transactions of millions of users using credit cards with U.S.- based providers are monitored. Section 326 of the US Patriot Act requires all financial institutions (this includes Credit Card processing companies) to obtain, verify and record information that identifies each person who ‘opens, changes or charges’ an existing account. Page: 13Vaciago, Cybercrime The regulations shall, at a minimum, require financial institutions to implement, and customers (after being given adequate notice) to comply with, reasonable procedures for: (a) verifying the identity of any person seeking to open an account to the extent reasonable and practicable; (b) maintaining records of the information used to verify a person’s identity, including name, address, and other identifying information; and (c) consulting lists of known or suspected terrorists or terrorist organizations provided to the financial institution by any government agency […] Patriot Act, Sec. 326. Verification of Identification
  • 14. CONCLUSIONS • Without referring to Cloud computing, projects relating to face recognition are increasingly making it possible, and with ever greater reliability, to track a person's movements, even globally. 3 factors are important: (a)Increasing public self‐disclosures through online social networks (2.5 billion photos uploaded by Facebook users alone per month in 2010) (b)Identified profiles in online social networks (c)Improvements in face recognition accuracy * * A. Acquisti, Faces Of Facebook - Or, How The Largest Real ID Database In The World Came To Be Page: 14Vaciago, Cybercrime
  • 15. CONCLUSIONS • Even if the goal of the Digital Due Process is review of the ECPA, it may represent an excellent solution to the tension between due process and civil liberties around the world • 3 important guidelines: (i) Technology and Platform Neutrality (ii) Assurance of Law Enforcement Access and (ii) Equality Between Transit and Storage • However, I believe it should have a strong EU identity, as this is of crucial importance for ensuring greater EU-US co-operation in this scheme, too Page: 15Vaciago, Cybercrime
  • 16. Page: 16 Cybercrime Research Institute Giuseppe Vaciago Niehler Str. 35 D-50733 Cologne, Germany vaciago@cybercrime.de www.cybercrime-institute.com Vaciago, Cybercrime