Download Law and Technology in Cybercrime and Homeland

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
Document related concepts

Computer security wikipedia , lookup

Transcript 
“Electronic Surveillance,
Security, and Privacy”
Professor Peter P. Swire
Ohio State University
InSITes -- Carnegie Mellon
February 7, 2002
Overview of the Talk
Overview of electronic surveillance, before
and after September 11
 Security vs. privacy
 Security and privacy

Wiretaps and Surveillance
History of wiretaps
 2000 Administration proposal
 2001 USA Patriot Act

Wiretap History

1920s Olmstead
–

1960s Katz
–

Wiretaps permitted by police without warrant
where tap applied outside your home
Reasonable expectation of privacy, even in a
phone booth
1968 Title III
–
Strict rules for content, more than probable
cause, as a last resort, reporting requirements
History (cont.)

1984 ECPA
–
–
Some protections for e-mail
Some protections for to/from information; pen
registers (who you call); trap and trace (who
calls you)
2000 Administration Proposal
How to update wiretap and surveillance for
the Internet age
 15-agency White House working group
 Legislation proposed June, 2000

–
–
S. 3083
Hearings and mark-up in House Judiciary,
further toward privacy than our proposal
2000 Administration Proposal
Update telephone era language
 Upgrade email and web protections to same
as telephone calls
 Identify new obstacles to law enforcement
from the new technology
 Sense of responsibility -- assure privacy,
give law enforcement tools it needs

2001 USA Patriot Act
Introduced less than a week after September
11
 Key provisions often have a point, but
maybe went too far
 4 year “sunset” for many surveillance
provisions and what to do next

Emergency orders
Before, “imminent threat” of serious harm
to get wiretap before a court order
 Now, for any ongoing computer attack, or
else ability to trace back may be lost
 For anything affecting “a national security
interest”
 Are these too broad?

Roving taps
Old days, order for each phone
 What if suspect buys a dozen disposable
cell phones? Uses someone else’s
computer?
 But, how far can the order rove? Anyone in
the public library?
 Problem -- less of a suppression remedy for
email and web use

Nationwide trap and trace
Old days, serve order on ATT and it was
effective nationwide
 Today, e-mail may travel through a halfdozen providers, have needed that many
court orders
 New law -- one order effective nationwide
 Query -- order from a judge in Idaho, served
late at night, how do you challenge that?

Computer trespasser exception

Previous law:
–
–
–

ISP can monitor its own system
ISP can give evidence of yesterday’s attack
ISP cannot invite law enforcement in to catch
the burglars
Problem for:
–
–
DOD and many hack attacks
Small system owners who need help
Computer trespasser proposal

Law enforcement can “surf behind” if:
–
–
–
–
–
Targets person who accesses a computer
“without authorization”
System owner consents
Lawful investigation
Law enforcement reasonably believes that the
information will be relevant
Interception does not acquire communications
other than those transmitted to or from the
trespasser
Computer trespasser

Issues of concern:
–
–
–
–
–
Never a hearing in Congress on it
No time limit on each use
No reporting requirement
FBI can ask the ISP to invite it in, and then
camp at ISP permanently
Limited suppression remedy if go outside
permitted scope
II. Security & Privacy After 9/11
Less tolerance for hackers and other
unauthorized use
 Cyber-security and the need to protect
critical infrastructures such as payments
system, electricity grid, & telephone system
 Greater tolerance for surveillance, which
many people believe is justified by greater
risks

Security vs. Privacy
Security sometimes means greater
surveillance, information gathering, &
information sharing
 USA Patriot increases surveillance powers
 Computer trespasser exception
 Moral suasion to report possible terrorists

Security and Privacy
Good data handling practices become more
important -- good security protects
information against unauthorized use
 Audit trails, accounting become more
obviously desirable -- helps fight sloppy
privacy practices
 Part of system upgrade for security will be
system upgrade for other requirements, such
as privacy

In Conclusion
USA Patriot has 4 year sunset of many of
the surveillance provisions
 Imagine an architecture that meets
legitimate security needs and also respects
privacy
 Need accountability to ensure the new
powers are used wisely
 Our homework -- how to do that wisely

Contact Information
Professor Peter P. Swire
 phone: (301) 213-9587
 email: [email protected]
 web: www.osu.edu/units/law/swire.htm

Related documents
Equitable Access
Equitable Access
Merenje koncentracije i trzisne moci privrednih
Merenje koncentracije i trzisne moci privrednih
Computer Science 9616a, Fall 2011 Project Description Your project
Computer Science 9616a, Fall 2011 Project Description Your project
Misc. Privacy Topics (concluding)
Misc. Privacy Topics (concluding)
Computer Science 9616b, Fall 2016 Project Description Your project
Computer Science 9616b, Fall 2016 Project Description Your project
Lecture for Chapter 2.3 (Fall 09)
Lecture for Chapter 2.3 (Fall 09)
Privacy Statement - Handprints and Footsteps
Privacy Statement - Handprints and Footsteps
HIPPA Compliance Form
HIPPA Compliance Form
9-Marketing and Internet
9-Marketing and Internet
Donor Privacy Policy
Donor Privacy Policy
Public Schools, Privacy and Power
Public Schools, Privacy and Power
INT_CCPR_ICO_COL_22710_E
INT_CCPR_ICO_COL_22710_E