Legal
Computer assisted crime .....where a computer is used as a tool to help carry a crime.
computer targeted crime...where a computer was a victim of attacker
computer is incidental....where a computer is not necessarily a attaker or attakee but happened to be involved in crime.
Types of digital forensics science(DFS):
Media
software
network
which type is referred as computer forensics : Media
software analysis investigation involves:
trojan
author of program
reverse engineering
Network logs ......network analysis
Which group has objectives that include creation of Framework for establishing jurisdiction and extradition
COE
council of european convention on cybercrime.
Golden Rule of computer forensics;
Make sure evidence is not changed by any of the investigation action.
A virus is contained.....which stage.....action/reaction.
Principles of OED:
1. collection of personal data be limited.
2. personal data should be kept complete and current.
3. subjects should be notified of reason of collection of their personal info.
4. only with the consent of subject or law info should be disclosed
5. reasonable safeguards
6. developments practices and policies reg. per data shall be openly communicated.
7. subjects must be able to see per. data and be able to correct erroneous data.
Eithics the internet ....1087 states
1. internet is a privilege and should be treated that way.
Types of evidences:
1. material
2. relevant
3. competent
Trafficking computer passwords on gov systems/interstate/ foreign commerce:
US comp fraud and Abuse ACT.
Safe harbor.......policy agreement between US and EU in nov 2000
CERT primary objective:
comp crime emergency response and notification.
Direct evidence.....based on witness's five senses (hear,smell,touch,taste,oral)
Real evi.......physical and associative (tangible objects).
Conclusive ....incontrovertible evidence
Circumstantial....intermediate facts
Secondary......copy of evidence or oral description of its content.
Hearsay ......com based evi
Four types of comp generated evi.
1. visual output from monitor.
2. printed evidence from printer
3. printed output from a plotter
4. media output CD, tape
development of new technology usually outpaces the law, law enforcement uses which traditional laws to prosecute computer criminals:
Embezzlement, fraud, and wiretapping
The Federal Sentencing Guidelines:
Hold senior corporate officers personally liable if their organizations do not comply with the law.
Prudent man rule require:
Senior officials to perform their duties with the care that ordinary, prudent people would exercise under similar circumstances
Information Warfare: Attacking the information infrastructure of a nation to gain military
and/or economic advantages.
Kennedy-Kassebaum Act
hippa
U.S. Government program that reduces or eliminates emanations from electronic equipment: TEMPEST
Evaluate suspects in the commission of a crime:
18 U.S.C. §2001 (1994) refers to:
Title 18, Section 2001 of the U.S. Code, 1994 edition
Enticement: Luring the perpetrator to an attractive area or presenting the perpetrator with a lucrative target after the crime has already been initiate.
Conducting a search without the delay of obtaining a warrant if destruction of evidence seems imminent is possible under:
Exigent Circumstances
The U.S. Government Tempest program was established to thwart which one of the following types of attacks:
Emanation Eavesdropping
Which entity of the U.S. legal system makes common laws?ŽThe judicial decisions made in the courts generate common law.
[administrative agencies....create administrative laws and the legislative branch
Legislative branch .......statutory laws.]
Platform for Privacy Preferences (P3P) developed by the World Wide Web Consortium (W3C)
The Platform for Privacy Preferences Project (P3P) enables Websites to express their privacy practices in a standard format that can be retrieved automatically and interpreted easily by user agents.
P3P user agents will allow users to be informed of site practices (in both machine- and human-readable formats) and to automate decision-making based on these practices when appropriate.
World Wide Web Consortium (W3C)
Recommended practice regarding electronic monitoring of employees email:
Apply monitoring in a consistent fashion.
Inform all that e-mail is being monitored by means of a prominent log-in banner
Explain who is authorized to read monitored email.
No guarantee of e-mail privacy should be provided or implied by the employer.
The evidence life cycle:
Discovery, recording, collection, and preservation
Relative to legal evidence, what describes the difference between an expert and a non-expert in delivering an opinion:
An expert can offer an opinion based on personal expertise and facts. a non-expert can testify only as to facts.
The Federal Sentencing Guidelines state:
The officers must exercise due care or reasonable care to carry out their responsibilities to the organization.Ž
If C represents the cost of instituting safeguards
L is the estimated loss from vulnerability
a legal liability exists if the safeguards are not implemented when:
C<L
In the legal field:
term that is used to describe a computer system so that everyone can agree on a common definition:
any assembly of electronic equipment, hardware, software and firmware configured to collect, create, communicate, disseminate, process, store and control data or information.Ž
Definition includes peripheral items such as keyboards, printers, and additional memory:
An automated information system (AIS)
The CPU is synonymous with the word processor.Ž If the CPU is integrated onto a silicon chip, it is called a microprocessor.
If the CPU is connected with memory and Input/Output (I/O) through a set of wires called a bus.
Computer crimes fall into two major categories and two additional related categories:
Major:
1. The computer is a target of the crime.[access to government and personal information]
2. Crimes using the computer. [fraud involving stock transfers]
Additional :
1. Crimes associated with the prevalence of computers. [Violation of copyright restrictions on commercial software packages, software piracy and software counterfeiting.]
2. The computer is incidental to other crimes. [the crime could be committed without the computer, but the computer permits the crime to be committed more efficiently and in higher volume]
Money laundering, keeping records and books of illegal activity and illegal gambling
[Malfeasance(wrong doing) by computer is an act involving a computer that is technically and ethically improper, but may or may not be illegal.]
valid legal issue associated with computer crime:
a. It may be difficult to prove criminal intent.
b. It may be difficult to obtain a trail of evidence of activities performed on the computer.
c. It may be difficult to show causation.
EDI makes it more difficult to tie an individual to transactions since EDI involves computer-to-computer data interchanges and this makes it more difficult to trace the originator of some transactions.
The Federal Intelligence Surveillance Act (FISA) of 1978 limited wiretapping for national security purposes as a result of the record of the Nixon Administration in using illegal wiretaps.
The Electronic Communications Privacy Act (ECPA) of 1986 prohibited eavesdropping or the interception of message contents without distinguishing between private or public systems.
The Communications Assistance for Law Enforcement Act (CALEA) of 1994 required all communications carriers to make wiretaps possible in ways approved by the FBI.
Pen register: Device that records all the numbers dialed from a specific telephone line
[Gathering information as to which numbers are dialed from a specific telephone line is less costly and time-consuming than installing a wiretap and recording the information]
A device that is used to monitor Internet Service Provider (ISP) data traffic is called: Carnivore
World Intellectual Property Organization (WIPO) sponsored a treaty under which participating countries would standardize treatment of digital copyrights. One of the items of standardization was the prohibition of altering copyright management information (CMI) that is included with the copyrighted material. CMI is: Licensing and ownership information
The WIPO digital copyright legislation that resulted in the U.S. was the 1998 Digital Millennium Copyright Act (DMCA).
DMCA prohibits trading, manufacturing, or selling in any way that is intended to bypass copyright protection mechanisms. It also addresses Internet Service Providers (ISPs) that unknowingly support the posting of copyrighted material by subscribers. If the ISP is notified that the material is copyrighted, the ISP must remove the material. Additionally, if the posting party proves that the removed material was of lawful use,Ž the ISP must restore the material and notify the copyright owner within 14 business days.
Two important rulings regarding the DMCA were made in 2001. The rulings involved DeCSS, which is a program that bypasses the Content Scrambling System (CSS) software used to prevent viewing of DVD movie disks on unlicensed platforms. In a trade secrecy case [DVD-CCA v. Banner], the California Appellate Court overturned alower court ruling that an individual who posted DeCSS on the Internet had revealed the trade secret of CSS. The appeals court has reversed an injunction on the posting of DeCSS, stating that the code is speech-protected by the First Amendment.
European Union (EU) has enacted a Conditional Access Directive (CAD);
Unauthorized access to Internet subscription sites and pay TV services.
The focus of the CAD is on access to services as opposed to access to works. As of this writing, the EU is discussing a directive focusing on copyrights, but it has not been finalized. It is anticipated that this directive will be similar to the U.S.
U.S. Patriot Act, signed into law on October 26, 2001
a. Subpoena of electronic records
b. Monitoring of Internet communications
c. Search and seizure of information on live systems (including routers and servers), backups, and archives
Under the Patriot Act, if it suspected that notification of a search warrant would cause a suspect to flee, a search can be conducted before notification of a search warrant is given.
In a related matter, the U.S. and numerous other nations have signed the Council of Europes Cybercrime Convention.Ž In the U.S., participation in the Convention has to be ratified by the Senate.
In essence, the Convention requires the signatory nations to spy on their own residents, even if the action being monitored is illegal in the country in which the monitoring is taking place.
U.S. Uniform Computer Information Transactions Act (UCITA) is a:
Model act that is intended to apply uniform legislation to software licensing
National Commissioners on Uniform State Laws (NCUSL) voted to approve the Uniform Computers Information Transactions Act (UCITA) on July 29, 1999.
This legislation, which will have to be enacted state-by-state, will greatly affect libraries access to and use of software packages. It also will keep in place the current licensing practices of software vendors. At the present time, shrink-wrap or click-wrap licenses limit rights that are normally granted under copyright law.
Under Section 109 of the U.S. 1976 Copyright Act, the first sale provision permits the owner of a particular copy without the authority of the copyright owner, to sell or otherwise dispose of the possession of that copy."
However, the software manufacturers use the term license in their transactions. As opposed to the word sale,Ž the term license denotes that the software manufacturers are permitting users to use a copy of their software. Thus, the software vendor still owns the software. Until each state enacts the legislation, it is not clear if shrink-wrap licenses that restrict users rights under copyright law are legally enforceable.
For clarification, shrink-wrap licenses physically accompany a disk while click-on and active click wrap licenses are usually transmitted electronically. Sometimes, the term shrink-wrap is interpreted to mean both physical and electronic licenses to use software.
The focus of the UCITA legislation is not on the physical media, but on the information contained on the media.
European Union Electronic Signature Directive of January, 2000, defines an advanced electronic signature.Ž This signature must meet:
a. It must be uniquely linked to the signatory.
b. It must be capable of identifying the signatory.
c. It must be linked to the data to which it relates in such a manner that any subsequent change of the data is detectable.
The Directive requires that the means be maintained under the sole control of the signatory.
This requirement is a particularly difficult one to achieve.
One approach is to use different tokens or smart cards for the different transactions involved.
The other answers are typical characteristics of digital signatures that can be implemented with public key cryptography.
The Electronic Signatures in Global and National Commerce Act (ESIGN) [On June 30, 2000, the U.S. Congress enacted]
To facilitate the use of electronic records and signatures in interstate and foreign commerce by ensuring the validity and legal effect of contracts entered into electronically.Ž
An important provision of the Act requires that:
Businesses obtain electronic consent or confirmation from consumers to receive information electronically that a law normally requires to be in writing.
The legislation is intent on preserving the consumers rights under consumer protection laws and went to extraordinary measures to meet this goal. Thus, a business must receive confirmation from the consumer in electronic format that the consumer consents to receiving information electronically that used to be in written form.
This provision ensures that the consumer has access to the Internet and is familiar with the basics of electronic communications.
Goals of the Kennedy-Kassebaum Health Insurance Portability and Accountability Act (HIPAA) of 1996:
a. Administrative simplification [the goal is to improve the efficiency and effectiveness of the
healthcare system by:
Standardizing the exchange of administrative and financial data
Protecting the security and privacy of individually identifiable
health information]
b. Enable the portability of health insurance
c. Establish strong penalties for healthcare fraud
d. HIPAA is designed to provide for greater access by the patient to personal healthcare information.
HIPAA Security Rule mandates the protection of the confidentiality, integrity, and availability of protected health information (PHI) through (main categories):
a. Administrative procedures
b. Physical safeguards
c. Technical services and mechanisms
***Appointment of a Privacy Officer (mandates)
HIPAA separates the activities of Security and Privacy.
HIPAA Privacy covers individually identifiable health care information transmitted, stored in electronic or paper or oral form.
PHI may not be disclosed except for the following reasons:
Disclosure is approved by the individual
Permitted by the legislation
For treatment
Payment
Health care operations
As required by law
[Protected Health Information (PHI) is individually identifiable is:
health information that is:
Transmitted by electronic media
Maintained in any medium described in the definition of electronic media ƒ[under HIPAA]
Transmitted or maintained in any other form or medium]
Individual privacy rights as defined in the HIPAA Privacy Rule include consent and authorization by the patient for the release of PHI. The difference between consent and authorization as used in the Privacy Rule is:
Consent grants general permission to use or disclose PHI, and authorization limits permission to the purposes and the parties specified in the authorization.
The other individual privacy rights listed in the HIPAA Privacy Rule are:
1. Notice (of the covered entities privacy practices)
2. Right to request restriction
3. Right of access
4. Right to amend
5. Right to an accounting
In August of 2002, the U.S. Department of Health and Human Services (HHS) modified the Privacy Rule to ease the requirements of consent and allow the covered entities to use notice. The changes are summarized as follows:
1. Covered entities must provide patients with notice of the patients privacy rights and the privacy practices of the covered entity.
2. Direct treatment providers must make a good faith effort to obtain patients written acknowledgement of the notice of privacy rights and practices. (The Rule does not prescribe a form of written acknowledgement; the patient may sign a separate sheet or initial a cover sheet of the notice.)
3. Mandatory consent requirements are removed that would inhibit patient access to health care while providing covered entities with the option of developing a consent process that works for that entity. If the provider cannot obtain a written acknowledgement, it must document its good faith efforts to obtain one and the reason for its inability to obtain the acknowledgement.
4. Consent requirements already in place may continue.
Because of the nature of information that is stored on the computer, the investigation and prosecution of computer criminal cases have specific characteristics, one of which is:
The information is intangible.
Some of the ways in which an investigation may affect an organization are:
1. The organization will have to provide experts to work with law enforcement.
2. Information key to the criminal investigation may be co-resident on the same computer system as information critical to the dayto- day operation of the organization.
3. Proprietary data may be subject to disclosure.
4. Management may be exposed if they have not exercised Due CareŽ to protect information resources.
5. There may be negative publicity that will be harmful to the organization.
[Evidence is difficult to gather since it is intangible and easily subject to modification or destruction.]
In order for evidence to be admissible in a court of law, it must be relevant, legally permissible, reliable, properly identified, and properly preserved. Reliability of evidence means that:
The evidence has not been tampered with or modified.
U.S. Federal Rules of Evidence, Rule 803 (6) permits an exception to the Hearsay Rule regarding business records and computer records:
a. Made during the regular conduct of business and authenticated by witnesses familiar with their use
b. Relied upon in the regular course of business
c. Made by a person with information transmitted by a person with knowledge
Law enforcement officials in the United States, up until passage of the Patriot Act had extensive restrictions on search and seizure as established in the Fourth Amendment to the U.S. Constitution.
These restrictions are still, essentially, more severe than those on private citizens, who are not agents of a government entity.
Thus, internal
investigators in an organization or private investigators are not subject to the same restrictions as government officials.
Private individuals are not normally held to the same standards regarding search and seizure since they are not conducting an unconstitutional government search
However, there are certain exceptions where the Fourth Amendment applies to private citizens if they act as agents of the government/police:
a. The government is aware of the intent to search or is aware of a search conducted by the private individual and does not object to these actions.
b. The private individual performs the search to aid the government.
c. The private individual conducts a search that would require a search warrant if conducted by a government entity.
Not an exception: The private individual conducts a warrantless search of company property for the company
Since the private individual, say an employee of the company, conducts a search for evidence on property that is owned by the company and is not acting as an agent of the government, a warrantless search is permitted.
The Fourth Amendment does not apply. For review, the Fourth Amendment guarantees:
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
The exigent circumstances doctrine provides an exception to these guarantees if destruction of evidence is imminent. Then, a warrantless search and seizure of evidence can be conducted if there is probable cause to suspect criminal activity.
One important tool of computer forensics is the disk image backup. The disk image backup is:
Conducting a bit-level copy, sector by sector
Copying sector by sector at the bit level provides the capability to examine slack space, undeleted clusters and possibly, deleted files.
In the context of legal proceedings and trial practice, discovery refers to:
The process in which the prosecution presents information it has uncovered to the defense, including potential witnesses, reports resulting from the investigation, evidence, and so on.
During the investigation of a computer crime, audit trails can be very useful. To ensure that the audit information can be used as evidence, certain procedures must be followed:
There must be a valid organizational security policy in place and in use that defines the use of the audit information.
Mechanisms should be in place to protect the integrity of the audit trail information.
Internet Activities Board (IAB) considers behaviors relative to the Internet as unethical:
Negligence in the conduct of Internet experiments
The IAB document, Ethics and the Internet (RFC 1087) listed behaviors as unethical that:
1. Seek to gain unauthorized access to the resources of the Internet
2. Destroy the integrity of computer-based information
3. Disrupt the intended use of the Internet
4. Waste resources such as people, capacity and computers through such actions
5. Compromise the privacy of users
6. Involve negligence in the conduct of Internet wide experiments
Computer/network surveillance:
a. Keyboard monitoring
b. Use of network sniffers
c. Review of audit logs
A mark used in the sale or advertising of services to identify the services of one person and distinguish them from the services of othersŽ refers to a:
Service mark
It is estimated that the Asia/Pacific region accounts for about $4 billion worth of loss of income to software publishers due to software piracy.
As with the Internet, cross-jurisdictional law enforcement issues make investigating and prosecuting such crime difficult:
a. Obtaining the cooperation of foreign law enforcement agencies and foreign governments.
b. The quality of the illegal copies of the software is improving,
making it more difficult for purchasers to differentiate between legal and illegal products.
c. The producers of the illegal copies of software are dealing in larger and larger quantities, resulting in faster deliveries of illicit software.
The Business Software Alliance (BSA) is a nongovernmental anti-software piracy organization (www.bsa.org). The mission statement of the BSA is:
The Business Software Alliance is an international organization representing leading software and e-commerce developers in 65 countries around the world.
Established in 1988, BSA has offices in the United States, Europe, and Asia . . . . Our efforts include educating computer users about software copyrights; advocating public policy that fosters innovation and expands trade opportunities; and fighting software piracy.
computer forensics model:
International Organization of Computer Evidence (IOCE),
Scientific Working Group on Digital Evidence (SWGDE),
Association of Chief Police Officers (ACPO)
category of software licensing:
a. Freeware
b. Commercial
c. Academic
d. shareware
agreements:
Master agreements
end-user licensing agreements (EULAs)
Computer assisted crime .....where a computer is used as a tool to help carry a crime.
computer targeted crime...where a computer was a victim of attacker
computer is incidental....where a computer is not necessarily a attaker or attakee but happened to be involved in crime.
Types of digital forensics science(DFS):
Media
software
network
which type is referred as computer forensics : Media
software analysis investigation involves:
trojan
author of program
reverse engineering
Network logs ......network analysis
Which group has objectives that include creation of Framework for establishing jurisdiction and extradition
COE
council of european convention on cybercrime.
Golden Rule of computer forensics;
Make sure evidence is not changed by any of the investigation action.
A virus is contained.....which stage.....action/reaction.
Principles of OED:
1. collection of personal data be limited.
2. personal data should be kept complete and current.
3. subjects should be notified of reason of collection of their personal info.
4. only with the consent of subject or law info should be disclosed
5. reasonable safeguards
6. developments practices and policies reg. per data shall be openly communicated.
7. subjects must be able to see per. data and be able to correct erroneous data.
Eithics the internet ....1087 states
1. internet is a privilege and should be treated that way.
Types of evidences:
1. material
2. relevant
3. competent
Trafficking computer passwords on gov systems/interstate/ foreign commerce:
US comp fraud and Abuse ACT.
Safe harbor.......policy agreement between US and EU in nov 2000
CERT primary objective:
comp crime emergency response and notification.
Direct evidence.....based on witness's five senses (hear,smell,touch,taste,oral)
Real evi.......physical and associative (tangible objects).
Conclusive ....incontrovertible evidence
Circumstantial....intermediate facts
Secondary......copy of evidence or oral description of its content.
Hearsay ......com based evi
Four types of comp generated evi.
1. visual output from monitor.
2. printed evidence from printer
3. printed output from a plotter
4. media output CD, tape
development of new technology usually outpaces the law, law enforcement uses which traditional laws to prosecute computer criminals:
Embezzlement, fraud, and wiretapping
The Federal Sentencing Guidelines:
Hold senior corporate officers personally liable if their organizations do not comply with the law.
Prudent man rule require:
Senior officials to perform their duties with the care that ordinary, prudent people would exercise under similar circumstances
Information Warfare: Attacking the information infrastructure of a nation to gain military
and/or economic advantages.
Kennedy-Kassebaum Act
hippa
U.S. Government program that reduces or eliminates emanations from electronic equipment: TEMPEST
Evaluate suspects in the commission of a crime:
18 U.S.C. §2001 (1994) refers to:
Title 18, Section 2001 of the U.S. Code, 1994 edition
Enticement: Luring the perpetrator to an attractive area or presenting the perpetrator with a lucrative target after the crime has already been initiate.
Conducting a search without the delay of obtaining a warrant if destruction of evidence seems imminent is possible under:
Exigent Circumstances
The U.S. Government Tempest program was established to thwart which one of the following types of attacks:
Emanation Eavesdropping
Which entity of the U.S. legal system makes common laws?ŽThe judicial decisions made in the courts generate common law.
[administrative agencies....create administrative laws and the legislative branch
Legislative branch .......statutory laws.]
Platform for Privacy Preferences (P3P) developed by the World Wide Web Consortium (W3C)
The Platform for Privacy Preferences Project (P3P) enables Websites to express their privacy practices in a standard format that can be retrieved automatically and interpreted easily by user agents.
P3P user agents will allow users to be informed of site practices (in both machine- and human-readable formats) and to automate decision-making based on these practices when appropriate.
World Wide Web Consortium (W3C)
Recommended practice regarding electronic monitoring of employees email:
Apply monitoring in a consistent fashion.
Inform all that e-mail is being monitored by means of a prominent log-in banner
Explain who is authorized to read monitored email.
No guarantee of e-mail privacy should be provided or implied by the employer.
The evidence life cycle:
Discovery, recording, collection, and preservation
Relative to legal evidence, what describes the difference between an expert and a non-expert in delivering an opinion:
An expert can offer an opinion based on personal expertise and facts. a non-expert can testify only as to facts.
The Federal Sentencing Guidelines state:
The officers must exercise due care or reasonable care to carry out their responsibilities to the organization.Ž
If C represents the cost of instituting safeguards
L is the estimated loss from vulnerability
a legal liability exists if the safeguards are not implemented when:
C<L
In the legal field:
term that is used to describe a computer system so that everyone can agree on a common definition:
any assembly of electronic equipment, hardware, software and firmware configured to collect, create, communicate, disseminate, process, store and control data or information.Ž
Definition includes peripheral items such as keyboards, printers, and additional memory:
An automated information system (AIS)
The CPU is synonymous with the word processor.Ž If the CPU is integrated onto a silicon chip, it is called a microprocessor.
If the CPU is connected with memory and Input/Output (I/O) through a set of wires called a bus.
Computer crimes fall into two major categories and two additional related categories:
Major:
1. The computer is a target of the crime.[access to government and personal information]
2. Crimes using the computer. [fraud involving stock transfers]
Additional :
1. Crimes associated with the prevalence of computers. [Violation of copyright restrictions on commercial software packages, software piracy and software counterfeiting.]
2. The computer is incidental to other crimes. [the crime could be committed without the computer, but the computer permits the crime to be committed more efficiently and in higher volume]
Money laundering, keeping records and books of illegal activity and illegal gambling
[Malfeasance(wrong doing) by computer is an act involving a computer that is technically and ethically improper, but may or may not be illegal.]
valid legal issue associated with computer crime:
a. It may be difficult to prove criminal intent.
b. It may be difficult to obtain a trail of evidence of activities performed on the computer.
c. It may be difficult to show causation.
EDI makes it more difficult to tie an individual to transactions since EDI involves computer-to-computer data interchanges and this makes it more difficult to trace the originator of some transactions.
The Federal Intelligence Surveillance Act (FISA) of 1978 limited wiretapping for national security purposes as a result of the record of the Nixon Administration in using illegal wiretaps.
The Electronic Communications Privacy Act (ECPA) of 1986 prohibited eavesdropping or the interception of message contents without distinguishing between private or public systems.
The Communications Assistance for Law Enforcement Act (CALEA) of 1994 required all communications carriers to make wiretaps possible in ways approved by the FBI.
Pen register: Device that records all the numbers dialed from a specific telephone line
[Gathering information as to which numbers are dialed from a specific telephone line is less costly and time-consuming than installing a wiretap and recording the information]
A device that is used to monitor Internet Service Provider (ISP) data traffic is called: Carnivore
World Intellectual Property Organization (WIPO) sponsored a treaty under which participating countries would standardize treatment of digital copyrights. One of the items of standardization was the prohibition of altering copyright management information (CMI) that is included with the copyrighted material. CMI is: Licensing and ownership information
The WIPO digital copyright legislation that resulted in the U.S. was the 1998 Digital Millennium Copyright Act (DMCA).
DMCA prohibits trading, manufacturing, or selling in any way that is intended to bypass copyright protection mechanisms. It also addresses Internet Service Providers (ISPs) that unknowingly support the posting of copyrighted material by subscribers. If the ISP is notified that the material is copyrighted, the ISP must remove the material. Additionally, if the posting party proves that the removed material was of lawful use,Ž the ISP must restore the material and notify the copyright owner within 14 business days.
Two important rulings regarding the DMCA were made in 2001. The rulings involved DeCSS, which is a program that bypasses the Content Scrambling System (CSS) software used to prevent viewing of DVD movie disks on unlicensed platforms. In a trade secrecy case [DVD-CCA v. Banner], the California Appellate Court overturned alower court ruling that an individual who posted DeCSS on the Internet had revealed the trade secret of CSS. The appeals court has reversed an injunction on the posting of DeCSS, stating that the code is speech-protected by the First Amendment.
European Union (EU) has enacted a Conditional Access Directive (CAD);
Unauthorized access to Internet subscription sites and pay TV services.
The focus of the CAD is on access to services as opposed to access to works. As of this writing, the EU is discussing a directive focusing on copyrights, but it has not been finalized. It is anticipated that this directive will be similar to the U.S.
U.S. Patriot Act, signed into law on October 26, 2001
a. Subpoena of electronic records
b. Monitoring of Internet communications
c. Search and seizure of information on live systems (including routers and servers), backups, and archives
Under the Patriot Act, if it suspected that notification of a search warrant would cause a suspect to flee, a search can be conducted before notification of a search warrant is given.
In a related matter, the U.S. and numerous other nations have signed the Council of Europes Cybercrime Convention.Ž In the U.S., participation in the Convention has to be ratified by the Senate.
In essence, the Convention requires the signatory nations to spy on their own residents, even if the action being monitored is illegal in the country in which the monitoring is taking place.
U.S. Uniform Computer Information Transactions Act (UCITA) is a:
Model act that is intended to apply uniform legislation to software licensing
National Commissioners on Uniform State Laws (NCUSL) voted to approve the Uniform Computers Information Transactions Act (UCITA) on July 29, 1999.
This legislation, which will have to be enacted state-by-state, will greatly affect libraries access to and use of software packages. It also will keep in place the current licensing practices of software vendors. At the present time, shrink-wrap or click-wrap licenses limit rights that are normally granted under copyright law.
Under Section 109 of the U.S. 1976 Copyright Act, the first sale provision permits the owner of a particular copy without the authority of the copyright owner, to sell or otherwise dispose of the possession of that copy."
However, the software manufacturers use the term license in their transactions. As opposed to the word sale,Ž the term license denotes that the software manufacturers are permitting users to use a copy of their software. Thus, the software vendor still owns the software. Until each state enacts the legislation, it is not clear if shrink-wrap licenses that restrict users rights under copyright law are legally enforceable.
For clarification, shrink-wrap licenses physically accompany a disk while click-on and active click wrap licenses are usually transmitted electronically. Sometimes, the term shrink-wrap is interpreted to mean both physical and electronic licenses to use software.
The focus of the UCITA legislation is not on the physical media, but on the information contained on the media.
European Union Electronic Signature Directive of January, 2000, defines an advanced electronic signature.Ž This signature must meet:
a. It must be uniquely linked to the signatory.
b. It must be capable of identifying the signatory.
c. It must be linked to the data to which it relates in such a manner that any subsequent change of the data is detectable.
The Directive requires that the means be maintained under the sole control of the signatory.
This requirement is a particularly difficult one to achieve.
One approach is to use different tokens or smart cards for the different transactions involved.
The other answers are typical characteristics of digital signatures that can be implemented with public key cryptography.
The Electronic Signatures in Global and National Commerce Act (ESIGN) [On June 30, 2000, the U.S. Congress enacted]
To facilitate the use of electronic records and signatures in interstate and foreign commerce by ensuring the validity and legal effect of contracts entered into electronically.Ž
An important provision of the Act requires that:
Businesses obtain electronic consent or confirmation from consumers to receive information electronically that a law normally requires to be in writing.
The legislation is intent on preserving the consumers rights under consumer protection laws and went to extraordinary measures to meet this goal. Thus, a business must receive confirmation from the consumer in electronic format that the consumer consents to receiving information electronically that used to be in written form.
This provision ensures that the consumer has access to the Internet and is familiar with the basics of electronic communications.
Goals of the Kennedy-Kassebaum Health Insurance Portability and Accountability Act (HIPAA) of 1996:
a. Administrative simplification [the goal is to improve the efficiency and effectiveness of the
healthcare system by:
Standardizing the exchange of administrative and financial data
Protecting the security and privacy of individually identifiable
health information]
b. Enable the portability of health insurance
c. Establish strong penalties for healthcare fraud
d. HIPAA is designed to provide for greater access by the patient to personal healthcare information.
HIPAA Security Rule mandates the protection of the confidentiality, integrity, and availability of protected health information (PHI) through (main categories):
a. Administrative procedures
b. Physical safeguards
c. Technical services and mechanisms
***Appointment of a Privacy Officer (mandates)
HIPAA separates the activities of Security and Privacy.
HIPAA Privacy covers individually identifiable health care information transmitted, stored in electronic or paper or oral form.
PHI may not be disclosed except for the following reasons:
Disclosure is approved by the individual
Permitted by the legislation
For treatment
Payment
Health care operations
As required by law
[Protected Health Information (PHI) is individually identifiable is:
health information that is:
Transmitted by electronic media
Maintained in any medium described in the definition of electronic media ƒ[under HIPAA]
Transmitted or maintained in any other form or medium]
Individual privacy rights as defined in the HIPAA Privacy Rule include consent and authorization by the patient for the release of PHI. The difference between consent and authorization as used in the Privacy Rule is:
Consent grants general permission to use or disclose PHI, and authorization limits permission to the purposes and the parties specified in the authorization.
The other individual privacy rights listed in the HIPAA Privacy Rule are:
1. Notice (of the covered entities privacy practices)
2. Right to request restriction
3. Right of access
4. Right to amend
5. Right to an accounting
In August of 2002, the U.S. Department of Health and Human Services (HHS) modified the Privacy Rule to ease the requirements of consent and allow the covered entities to use notice. The changes are summarized as follows:
1. Covered entities must provide patients with notice of the patients privacy rights and the privacy practices of the covered entity.
2. Direct treatment providers must make a good faith effort to obtain patients written acknowledgement of the notice of privacy rights and practices. (The Rule does not prescribe a form of written acknowledgement; the patient may sign a separate sheet or initial a cover sheet of the notice.)
3. Mandatory consent requirements are removed that would inhibit patient access to health care while providing covered entities with the option of developing a consent process that works for that entity. If the provider cannot obtain a written acknowledgement, it must document its good faith efforts to obtain one and the reason for its inability to obtain the acknowledgement.
4. Consent requirements already in place may continue.
Because of the nature of information that is stored on the computer, the investigation and prosecution of computer criminal cases have specific characteristics, one of which is:
The information is intangible.
Some of the ways in which an investigation may affect an organization are:
1. The organization will have to provide experts to work with law enforcement.
2. Information key to the criminal investigation may be co-resident on the same computer system as information critical to the dayto- day operation of the organization.
3. Proprietary data may be subject to disclosure.
4. Management may be exposed if they have not exercised Due CareŽ to protect information resources.
5. There may be negative publicity that will be harmful to the organization.
[Evidence is difficult to gather since it is intangible and easily subject to modification or destruction.]
In order for evidence to be admissible in a court of law, it must be relevant, legally permissible, reliable, properly identified, and properly preserved. Reliability of evidence means that:
The evidence has not been tampered with or modified.
U.S. Federal Rules of Evidence, Rule 803 (6) permits an exception to the Hearsay Rule regarding business records and computer records:
a. Made during the regular conduct of business and authenticated by witnesses familiar with their use
b. Relied upon in the regular course of business
c. Made by a person with information transmitted by a person with knowledge
Law enforcement officials in the United States, up until passage of the Patriot Act had extensive restrictions on search and seizure as established in the Fourth Amendment to the U.S. Constitution.
These restrictions are still, essentially, more severe than those on private citizens, who are not agents of a government entity.
Thus, internal
investigators in an organization or private investigators are not subject to the same restrictions as government officials.
Private individuals are not normally held to the same standards regarding search and seizure since they are not conducting an unconstitutional government search
However, there are certain exceptions where the Fourth Amendment applies to private citizens if they act as agents of the government/police:
a. The government is aware of the intent to search or is aware of a search conducted by the private individual and does not object to these actions.
b. The private individual performs the search to aid the government.
c. The private individual conducts a search that would require a search warrant if conducted by a government entity.
Not an exception: The private individual conducts a warrantless search of company property for the company
Since the private individual, say an employee of the company, conducts a search for evidence on property that is owned by the company and is not acting as an agent of the government, a warrantless search is permitted.
The Fourth Amendment does not apply. For review, the Fourth Amendment guarantees:
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
The exigent circumstances doctrine provides an exception to these guarantees if destruction of evidence is imminent. Then, a warrantless search and seizure of evidence can be conducted if there is probable cause to suspect criminal activity.
One important tool of computer forensics is the disk image backup. The disk image backup is:
Conducting a bit-level copy, sector by sector
Copying sector by sector at the bit level provides the capability to examine slack space, undeleted clusters and possibly, deleted files.
In the context of legal proceedings and trial practice, discovery refers to:
The process in which the prosecution presents information it has uncovered to the defense, including potential witnesses, reports resulting from the investigation, evidence, and so on.
During the investigation of a computer crime, audit trails can be very useful. To ensure that the audit information can be used as evidence, certain procedures must be followed:
There must be a valid organizational security policy in place and in use that defines the use of the audit information.
Mechanisms should be in place to protect the integrity of the audit trail information.
Internet Activities Board (IAB) considers behaviors relative to the Internet as unethical:
Negligence in the conduct of Internet experiments
The IAB document, Ethics and the Internet (RFC 1087) listed behaviors as unethical that:
1. Seek to gain unauthorized access to the resources of the Internet
2. Destroy the integrity of computer-based information
3. Disrupt the intended use of the Internet
4. Waste resources such as people, capacity and computers through such actions
5. Compromise the privacy of users
6. Involve negligence in the conduct of Internet wide experiments
Computer/network surveillance:
a. Keyboard monitoring
b. Use of network sniffers
c. Review of audit logs
A mark used in the sale or advertising of services to identify the services of one person and distinguish them from the services of othersŽ refers to a:
Service mark
It is estimated that the Asia/Pacific region accounts for about $4 billion worth of loss of income to software publishers due to software piracy.
As with the Internet, cross-jurisdictional law enforcement issues make investigating and prosecuting such crime difficult:
a. Obtaining the cooperation of foreign law enforcement agencies and foreign governments.
b. The quality of the illegal copies of the software is improving,
making it more difficult for purchasers to differentiate between legal and illegal products.
c. The producers of the illegal copies of software are dealing in larger and larger quantities, resulting in faster deliveries of illicit software.
The Business Software Alliance (BSA) is a nongovernmental anti-software piracy organization (www.bsa.org). The mission statement of the BSA is:
The Business Software Alliance is an international organization representing leading software and e-commerce developers in 65 countries around the world.
Established in 1988, BSA has offices in the United States, Europe, and Asia . . . . Our efforts include educating computer users about software copyrights; advocating public policy that fosters innovation and expands trade opportunities; and fighting software piracy.
computer forensics model:
International Organization of Computer Evidence (IOCE),
Scientific Working Group on Digital Evidence (SWGDE),
Association of Chief Police Officers (ACPO)
category of software licensing:
a. Freeware
b. Commercial
c. Academic
d. shareware
agreements:
Master agreements
end-user licensing agreements (EULAs)
