Post on 03-Feb-2022
Criminal Investigation serves theAmerican public by investigatingpotential criminal violations of theInternal Revenue Code and relatedfinancial crimes in a manner thatfosters confidence in the tax systemand compliance with the law.
IRS-ACLU 00108
¯ List investigative techniques used inInternet investigations.
¯ Present an overview of the Patriot Actand the Electronic CommunicationsPrivacy Act (ECPA) of 1986.
IRS-ACLU 00109
¯ Recognize classes of informationunder ECPA.
¯ Describe the judicial process forobtaining stored communications.
¯ Review the Online InvestigativePrinciples.
IRS-ACLU 00110
¯ In the last decade, computers and theI nternet have entered the mainstreamof American life. Millions ofAmericans spend several hours everyday in front of computers, where theysend and receive e-mail, surf theweb, maintain databases, andparticipate in other online activities.
IRS-ACLU 00111
CI Search Warrant
¯ "[Target] is a ’Cyber organization’revolving around a web site. It has nophysical address; its principalsoperate and conduct business overthe I nternet using laptop computers."
IRS-ACLU 00112
I nternet Investigationsand Electronic Surveillance
¯ Tools and techniques to gatherinformation about someone’s I nternetusage that has evidentiary value.
¯ Requires early CIS participation.
IRS-ACLU 00113
Investigative Methodsand Early Involvement of CIS
¯ Install wiretaps and pen/traps.¯ Trace machines to physical location.¯ Identify owners of web sites.¯ Preserve and analyze evidence.¯ Reporting of evidence.
IRS-ACLU 00114
The USA PATRIOT Act
¯ The Patriot Act clarified and updatedthe Electronic CommunicationsPrivacy A.ct (ECPA)in light of.m.oderntechnologies, and eased restrictionson law enforcement access to storedelectronic communications.
IRS-ACLU 00115
Electronic CommunicationsPrivacy Act (ECPA) of 1986
¯ Overview of ECPA.¯ Stored electronic communications.¯ Classes of information.¯ Judicial process.
IRS-ACLU 00116
Electronic CommunicationsPrivacy Act (ECPA) of 1986
¯ ECPA regulates how the Governmentcan obtain stored account informationfrom network service providers suchas Internet Service Providers (ISPs).
IRS-ACLU 00117
Electronic CommunicationsPrivacy Act (ECPA) of 1986
¯ Whenever agents or prosecutorsseek stored e-mail, account records,or subscriber information from anetwork service provider, they mustcomply with ECPA.
IRS-ACLU 00118
Electronic CommunicationsPrivacy Act (ECPA) of 1986
¯ Extends Government restrictions ontelephone wiretaps to includeelectronic transmissions fromcomputers.
¯ Prevents unauthorized Governmentaccess to private electroniccommunications.
IRS-ACLU 00119
Obtaining. St.ored ElectronicC o rn rn u n i c a t, o n s
¯ 18 USC § 2703 specifies the methods
to obtain access to stored electroniccommunications.
¯ 18 USC § 2703 prohibits serviceproviders from voluntary disclosures.
¯ Mandates use of a search warrant,court order, or subpoena.
IRS-ACLU 00120
Classes of InformationPursuant to 18 USC § 2703 ......
¯ Unopened e-mail.
¯ Records stored with a remotecomputing service in off-site archives.
¯ Basic subscriber information (such as-name, address, and telephone).
¯ Internet Protocol (IP) address.
IRS-ACLU 00121
Classes of InformationPursuant to 18 USC § 2703 ......
¯ Length of service.¯ Type of service.¯ Transactional information.
IRS-ACLU 00122
Judicial Process. for ObtainingStored Commun,cations
¯ Search Warrant for unopened e-mailstored for 180 days or less.
¯ For opened e-mail or e-mail stored formore than 180 days, a § 2703(d)court order, grand jury subpoena, oradministrative summons is needed.
IRS-ACLU 00123
iiiiiiBaSiCiiis~iibscribier,isessi0n;iiiiiiiiai,idiiiibillii,igiiiiiiinifoir~ati0i,iiiiiiiiiiiiiiiiiiiiiiii
AcceSSed communications
mail) left Nith proyider and
i communicationiincluding ,
¢ommunicati~n; inCluding ie~mail and y0ice mail (in =~l~ctrO~ic ~t~rage 8~ daY~.
Not togovernment, unless
2702(c) exception applies[ 2702(a)(3)]
Not togovernment, unless
2702(c) exception applies[ 2702(a)(3)]
No, unless2702(b) exception applies
[ 2702(a)(2)]
No, unless2702(b) exception applies
[ 2702(a)(1)]
Yes
[2702(a)(3)]
Yes
[2702(a)(3)]
Yes
[2702(a)(2)]
Yes
[2702(a)(1)]
Subpoena; 2703(d)order; or search warrant
[ 2703(c)(2)]
2703(d) order or searchwarrant
[ 2703(c)(1)]
Subpoena with notice;2703(d) order withnotice; or search
warrant[ 2703(b)]
Subpoena with notice;2703(d) order withnotice; or search
warrant[ 2703(a,b)]
No, unless2702(b) exception applies
[ 2702(a)(1)]
Yes
[2702(a)(1)]
Search warrant[ 2703(a)]
Subpoena; 2703(d)order;
or search warrant[ 2703(c)(2)]
2703(d) order orsearch warrant[ 2703(c)(1)]
Subpoena;ECPA doesn’t apply
[ 2711(2)]
Subpoena withnotice; 2703(d)
order with notice; orsearch warrant[ 2703(a,b)]
Search warrant[ 2703(a)]
IRS-ACLU 00124
"Real Time" Electronic
¯ Wiretap statute, 18 USC §§ 2510-2522, generally known as "Title II1".
¯ Pen Registers and Trap and TraceDevices, 18 USC §§ 3121-3127.
IRS-ACLU 00126
¯ 18 USC § 2510 governs the "realtime" interception of wire, oral, andelectronic communications.
¯ 18 USC § 2516(3)authorizes the"real time" interception of electroniccommunications.
IRS-ACLU 00127
The "real time"... transmission ofelectronic mail, computer-to-computertransmissions, facsimiletransmissions, and private videotransmissions (but not videosurveillance) are all covered by thewiretap statute.
IRS-ACLU 00128
Pen Registers & Trap andTrace Device Orders
¯ The USA PATRIOT Act amended 18USC §§ 3121, 3123, 3124, and 3127.
¯Authorizes use of pen register andtrap and trace device orders to tracecommunications on the I nternet andother computer networks.
IRS-ACLU 00129
Pen/Trap Device Orders
¯ Easy to obtain.¯ Internet equivalent of mail cover.¯ Requires authorization and approval
from SAC on Form 9170.¯ Requires CIS and AUSA involvement.
IRS-ACLU 00130
Pen/Trap Device OrderRequirements
¯ AUSA is a "Government attorney."
¯ Information likely to be obtained isrelevant to an ongoing investigation.
¯ Electronic communications have beenor continue to be used to further theoffense under investigation.
IRS-ACLU 00131
Preservation. of Evidencea n d P reve n t= n g D i s c I o s u re
¯ ECPA contains two provisions to aidlaw enforcement officials whenworking with ISPs.
¯Two provisions include:¯ Preservation of Evidence¯ Orders Not to Disclose
IRS-ACLU 00132
ISP Preservation Letters
¯ Pursuant to 18 USC § 2703(f),Internet Service Providers (ISPs) willpreserve information related to asubscriber or customer for 90 days,which may be extended by a secondrequest for an additional 90 days.
IRS-ACLU 00133
Orders Not to Disclose
¯ Pursuant to 18 USC § 2705(b),agents can apply for a court orderdirecting network service providersnot to disclose the existence ofcompelled process whenever theGovernment itself has no legal duty tonotify the customer of the process.
IRS-ACLU 00134
On.lin.ea rinciples for FederalCr=m=n Investigations
¯ Developed by inter-agency workinggroup.
¯ Adopted by AG on 11/22/99, and
Under Secretary for Enforcement atTreasury.
¯ Also in use at DoD, USPS, and IGoffices.
IRS-ACLU 00135
Online Principles
¯ Static sources.¯ User/network identifying information.¯ Acquiring "real time" communications.¯ Restricted sources.¯ Communicating online.¯ Undercover operations.
IRS-ACLU 00136
Online Principles
¯ Online undercover facilities.¯ Appropriating identity with consent.
¯Appropriating identity withoutconsent.
¯ Off-duty use of the I nternet.¯ International considerations.
IRS-ACLU 00137
Summary
¯ The I nternet provides a wealth ofinformation that may have relevanceto CI investigations.
¯ I nternet communications and/ortransactions may be importantevidence to investigators.
IRS-ACLU 00138
¯ There are many tools which exist tohelp criminal investigators gatherevidence related to the subiects’presence on the Internet.
¯ "Real time" intercepts is anotherinvestigative approach to consider.
IRS-ACLU 00139