This document discusses challenges related to law enforcement access to cloud data and cooperation with cloud service providers. It notes issues around jurisdictional reach when data is stored across borders, obligations of service providers to assist law enforcement, and the impact on admissibility of evidence obtained from the cloud. Regulatory uncertainties are discussed regarding what types of services are regulated and what capabilities providers must have. International cooperation mechanisms and engaging directly with foreign providers are also covered.

1. Co-ope at g t a
Co-operating with Law
Enforcement
Professor Ian Walden
Institute of Computer and Communications Law
I i fC dC i i L
Centre for Commercial Law Studies, Queen Mary, University of London
Of Counsel, Baker & McKenzie
Introductory remarks
edu
 Law enforcement access
– Covert & coercive investigative techniques
cl@ccls.e
 Request recipients
– Cloud users
– Cloud Service providers
 Contracted parties & infrastructure providers
 Communication providers
p
icc
 Questions of vires and regulatory boundaries
– Jurisdictional reach
– Obligations to assist
– Evidential impact
1

2. Forensic challenges in the Cloud
edu
 Multiplicity
cl@ccls.e
– e.g. Data replication for performance, availability,
back-up & redundancy
 Distributed storage
– e.g. ‘sharding’ and ‘partitioning’
 Protected data
icc
– e.g. cryptography
 Identity
– Establishing links
LEA investigative powers
edu
 ‘Exercising a power’
cl@ccls.e
–P
Permissible & impermissible conduct
i ibl i i ibl d
 e.g. entrapment
 Expedited preservation, retention & delivery-up
– Differential authorisation procedures
 Judicial, executive or administrative
 Issues of legality & enforceability
icc
– Obtaining authorisation
– Executing the authorisation
2

3. edu Jurisdictional reach
 Within & beyond the territory
cl@ccls.e
– e.g. Rackspace (2004)
 Service provider & requested data
– ‘loss of location’
 Reassembly as a proxy?
 Cybercrime Convention (2001)
icc
– Art. 19: ‘Possession or control’ (art.19)
– Art. 32: open source or lawful and voluntary consent
of the person who has lawful authority to disclose
 Contractual provisions
International co-operation
co-
edu
 Mutual legal assistance
cl@ccls.e
– Harmonisation
– Or mutual recognition
 EU: EEW and the EIO
 Informal co-operation with foreign LEA
– Proactive disclosure & 24/7 networks
icc
 Direct liaison with foreign service providers
– Council of Europe Guidelines (2008)
 e.g. Google Transparency Report
 Engage directly with the material sought
3

4. edu Regulating service providers
 Regulatory boundaries
cl@ccls.e
– ‘electronic communication services’ & ‘information
society services’
 Google, Skype, Facetime.....?
 From SaaS to CaaS
 Regulatory consequences
– Directive 02/58/EC art. 5(1) & art 15(1)
02/58/EC, art art.
icc
 Existing capability or build obligation?
– Directive 06/24/EC
 Providers of ‘electronic communication services’
Cloud-
Cloud-derived evidence
edu
 Admissibility
– Statutory rules & judicial discretion
cl@ccls.e
 e.g. Fair trial considerations (ECHR, art. 6)
 Impact of lawfulness of obtaining?
 Evidence gathered under MLA
 Evidential weight
– Provenance issues with remote data retrieval
icc
 authenticity, integrity & accountability
4

5. edu Concluding remarks
 Exceeding powers in application or reach
cl@ccls.e
– Surrendering sovereignty
– Regulatory uncertainties
 From formality to informality
– Issues of accountability
– Building a ‘culture of co-operation’!
icc
 e.g. Amazon & WikiLeaks
 Evidential consequences
5