The challenges of cloud-derived evidence Professor Ian Walden Centre for Commercial Law Studies, Queen Mary, University of London [email protected] Introductory remarks Cloud computing A new ICT paradigm? Crime follows opportunity.... An environment for obtaining evidence Addressing the data problems Exercising law enforcement powers Legality & enforceability
Jurisdictional reach Evidential impact [email protected] Cloud computing X as a Service Software, Platform or Infrastructure: SaaS, PaaS & IaaS Flexible, location-independent, on-demand, shared, virtualised Cloud multi-layered ecosystem Service providers Infrastructure providers Communication providers Deployment models Public, private, community or hybrid
[email protected] Forensic challenges in the Cloud Multiplicity e.g. Data replication for performance, availability, back-up & redundancy Distributed storage e.g. sharding and partitioning The loss of location Protected data e.g. cryptography Identity Establishing links
[email protected] Identity Target IP address e.g. 184.108.40.206 generated by application being utilised IP holder whois enquiry of regional, national or local registry databases Logging history e.g. DHCP allocation log Subscriber details e.g. Credit card details
[email protected] CSP-derived data Content & communications data in transmission or at rest Edmondson & ors v R  EWCA Crim 1026 Expedited preservation (quick freeze) Cybercrime Convention, arts. 16-17 Data retention Data Retention Directive 06/24/EC 6-24 months
Rights of access serious crime or crime [email protected] Protected data Another data problem! going dark access & conversion protections Legal constraints Time limits Legal response Criminalise the use Obligation to assist Break the protection [email protected]
Criminalise use Control export, import, use Export control regulations: Wassenaar Arrangement Dual-use technologies, Category 5, Part 2: Information Security Breach of regulations is a criminal offence Use in criminal activity e.g. State of Virginia (US), Computer Crime Act at 18.2152.15: Encryption used in criminal activity an offense which is separate and distinct from the predicate criminal activity Obligations to assist [email protected]
Cybercrime Convention, art. 19(4) to empower its competent authorities to order any person who has knowledge about the functioning of the computer system or measures applied to protect the computer data Regulation of Investigatory Powers Act 2000 RIPA Pt I: Interception Section 12 Notice RIPA Pt III: Investigation of Protected Electronic Information Delivery-up of key: Failure to disclose (s. 53): 2 yr term (5 yrs for national security & child indecency cases) Cutler  EWCA Crim 2781: a very serious offence because it interferes with the administration of justice Padellec  EWCA Crim 1956
[email protected] Breaking the protection Ex ante measures Mandating technology e.g. US key escrow & Clipper Chip (1995) Influencing the standards e.g. Dual EC DRBG standard Ex post arrangements Expert resources e.g. UK: National Technical Assistance Centre Hacking
e.g. NSAs Tailored Access Operations Based more on stolen goods than maths! [email protected] Human rights concerns ECHR Article 6 right against selfincrimination S and A  EWCA Crim 2177: an existence independent of the will of the suspect US, 5th Amendment Boucher 2009 WL 424718 (D.Vt.) Requirement to produce an unencrypted drive did not constitute compelled testimonial communication. Kim 2009 WL 5185389 (US District Court for the Southern District of Texas 2009)
Exceeding scope of warranted search & inapplicable plain view doctrine resulted in suppression of child sexual abuse images discovered in encrypted folders [email protected] Law enforcement Law enforcement access Covert & coercive investigative techniques Request recipients Cloud users Suspect, victim or 3rd party Cloud providers Service providers
Infrastructure providers Communication providers Within & beyond the territory [email protected] LEA investigative powers Exercising a power Permissible & impermissible conduct e.g. entrapment Expedited preservation, retention & delivery-up Differential authorisation Judicial, executive or administrative
Issues of legality & enforceability Obtaining authorisation Executing the authorisation Recipients actions e.g. Rackspace (2004) [email protected] Jurisdictional reach Cybercrime Convention (2001) Production order (art. 18) Person in its territory or offering its services in the territory with possession or control Rackspace (2013) Search & seizure Domestic networks (art. 19)
International networks (art. 32) Open source or lawful and voluntary consent of the person who has lawful authority to disclose Other forms are neither authorised, nor precluded Contractual provisions [email protected] International co-operation Mutual legal assistance From harmonisation to mutual recognition Convention on Cybercrime TFEU, art. 82: European Evidence Warrant & European Investigation Order Informal co-operation with foreign LEAs
Proactive disclosure & 24/7 networks Direct liaison with foreign service providers Council of Europe Guidelines (2008) e.g. Google Transparency Report Engage directly with the material sought [email protected] Cloud-derived evidence fair trial and due process considerations Regulating investigative practices? Schenk v Switzerland (1991) 13 E.H.R.R. 242 United States v Gorshkov (2001)
Admissibility Statutory rules RIPA, s. 17 - Inadmissibility of UK intercept product Judicial discretion PACE, s. 78 Impact of lawfulness of obtaining, e.g. Suppression Evidence gathered under MLA [email protected] Probative value Provenance issues with remote & protected data -
Concluding remarks Clouds & the loss of location Exceeding powers in application or reach Surrendering sovereignty From formality to informality Issues of accountability & oversight Harmonisation limitations Building a culture of co-operation! e.g. Amazon & WikiLeaks Evidential implications
Read the basic lab rules and this induction package. Booked in for the face to face Laboratory Induction training with the lab manager. Read this induction package, completed the quiz and signed the declaration. Welcome to the Graduate School of...
Provide more e-book content. Enhance electronic resources. Build virtual research environments "Get more copies of current and classic bestsellers, then sell off the books to reduce inventory when they are no longer in as high demand." (De Rosa 2005, p....
Exemplos: Verbo quanto à predicação Os verbos de ligação podem expressar: Os principais verbos de ligação são ser, estar, ficar, permanecer, parecer, andar, continuar, tornar-se. O Brasil é um grande país.
Examples of Fixed-Effect Models Almond et al. Babies born w/ low birth weight(< 2500 grams) are more prone to Die early in life Have health problems later in life Educational difficulties generated from cross-sectional regressions 6% of babies in US...
Using the Theory of Unpleasant Symptoms to Ascertain Evidence Based Nursing Interventions to Decrease the Pain, Anxiety and Fear of Immunizations Bonnie Sawyer-Banda, RN, BSN Seminole County Health Department Immunizations Background Worldwide, 800 million immunizations are given to children yearly...
Title - Consider the title and make a prediction about what the poem is about. "My mistress' eyes are nothing like the sun" Shakespeare's sonnets do not have a title. Most scholars refer to the first line of the sonnet...
A synthesis of studies using PISA data - Implications for research, policy and practice. ... were published in journals with not a subject specific focus but addressing several fields and not only education/pedagogy (e.g., Economics, Sociology, Psychology). ... Perera, 2014;...
Active and passive voice describe the order of information in a sentence and what is being focused on, the subject of the action, the action itself, or the receiver of the action. In most cases, a thought can be expressed...
Ready to download the document? Go ahead and hit continue!