Internet Surveillance & Tracking Electronic Data

Internet Surveillance &Tracking Electronic

Data

CPE 2008

IRS-ACLU 00107

Criminal Investigation serves theAmerican public by investigatingpotential criminal violations of theInternal Revenue Code and relatedfinancial crimes in a manner thatfosters confidence in the tax systemand compliance with the law.

IRS-ACLU 00108

¯ List investigative techniques used inInternet investigations.

¯ Present an overview of the Patriot Actand the Electronic CommunicationsPrivacy Act (ECPA) of 1986.

IRS-ACLU 00109

¯ Recognize classes of informationunder ECPA.

¯ Describe the judicial process forobtaining stored communications.

¯ Review the Online InvestigativePrinciples.

IRS-ACLU 00110

¯ In the last decade, computers and theI nternet have entered the mainstreamof American life. Millions ofAmericans spend several hours everyday in front of computers, where theysend and receive e-mail, surf theweb, maintain databases, andparticipate in other online activities.

IRS-ACLU 00111

CI Search Warrant

¯ "[Target] is a ’Cyber organization’revolving around a web site. It has nophysical address; its principalsoperate and conduct business overthe I nternet using laptop computers."

IRS-ACLU 00112

I nternet Investigationsand Electronic Surveillance

¯ Tools and techniques to gatherinformation about someone’s I nternetusage that has evidentiary value.

¯ Requires early CIS participation.

IRS-ACLU 00113

Investigative Methodsand Early Involvement of CIS

¯ Install wiretaps and pen/traps.¯ Trace machines to physical location.¯ Identify owners of web sites.¯ Preserve and analyze evidence.¯ Reporting of evidence.

IRS-ACLU 00114

The USA PATRIOT Act

¯ The Patriot Act clarified and updatedthe Electronic CommunicationsPrivacy A.ct (ECPA)in light of.m.oderntechnologies, and eased restrictionson law enforcement access to storedelectronic communications.

IRS-ACLU 00115

Electronic CommunicationsPrivacy Act (ECPA) of 1986

¯ Overview of ECPA.¯ Stored electronic communications.¯ Classes of information.¯ Judicial process.

IRS-ACLU 00116


¯ ECPA regulates how the Governmentcan obtain stored account informationfrom network service providers suchas Internet Service Providers (ISPs).

IRS-ACLU 00117


¯ Whenever agents or prosecutorsseek stored e-mail, account records,or subscriber information from anetwork service provider, they mustcomply with ECPA.

IRS-ACLU 00118


¯ Extends Government restrictions ontelephone wiretaps to includeelectronic transmissions fromcomputers.

¯ Prevents unauthorized Governmentaccess to private electroniccommunications.

IRS-ACLU 00119

Obtaining. St.ored ElectronicC o rn rn u n i c a t, o n s

¯ 18 USC § 2703 specifies the methods

to obtain access to stored electroniccommunications.

¯ 18 USC § 2703 prohibits serviceproviders from voluntary disclosures.

¯ Mandates use of a search warrant,court order, or subpoena.

IRS-ACLU 00120

Classes of InformationPursuant to 18 USC § 2703 ......

¯ Unopened e-mail.

¯ Records stored with a remotecomputing service in off-site archives.

¯ Basic subscriber information (such as-name, address, and telephone).

¯ Internet Protocol (IP) address.

IRS-ACLU 00121

Classes of InformationPursuant to 18 USC § 2703 ......

¯ Length of service.¯ Type of service.¯ Transactional information.

IRS-ACLU 00122

Judicial Process. for ObtainingStored Commun,cations

¯ Search Warrant for unopened e-mailstored for 180 days or less.

¯ For opened e-mail or e-mail stored formore than 180 days, a § 2703(d)court order, grand jury subpoena, oradministrative summons is needed.

IRS-ACLU 00123

iiiiiiBaSiCiiis~iibscribier,isessi0n;iiiiiiiiai,idiiiibillii,igiiiiiiinifoir~ati0i,iiiiiiiiiiiiiiiiiiiiiiii

AcceSSed communications

mail) left Nith proyider and

i communicationiincluding ,

¢ommunicati~n; inCluding ie~mail and y0ice mail (in =~l~ctrO~ic ~t~rage 8~ daY~.

Not togovernment, unless

2702(c) exception applies[ 2702(a)(3)]

Not togovernment, unless

2702(c) exception applies[ 2702(a)(3)]

No, unless2702(b) exception applies

[ 2702(a)(2)]


[ 2702(a)(1)]

Yes

[2702(a)(3)]

Yes

[2702(a)(3)]

Yes

[2702(a)(2)]

Yes

[2702(a)(1)]

Subpoena; 2703(d)order; or search warrant

[ 2703(c)(2)]

2703(d) order or searchwarrant

[ 2703(c)(1)]

Subpoena with notice;2703(d) order withnotice; or search

warrant[ 2703(b)]

Subpoena with notice;2703(d) order withnotice; or search

warrant[ 2703(a,b)]


[ 2702(a)(1)]

Yes

[2702(a)(1)]

Search warrant[ 2703(a)]

Subpoena; 2703(d)order;

or search warrant[ 2703(c)(2)]

2703(d) order orsearch warrant[ 2703(c)(1)]

Subpoena;ECPA doesn’t apply

[ 2711(2)]

Subpoena withnotice; 2703(d)

order with notice; orsearch warrant[ 2703(a,b)]

Search warrant[ 2703(a)]

IRS-ACLU 00124

Electronic Surveillance inCommunications Networks

IRS-ACLU 00125

"Real Time" Electronic

¯ Wiretap statute, 18 USC §§ 2510-2522, generally known as "Title II1".

¯ Pen Registers and Trap and TraceDevices, 18 USC §§ 3121-3127.

IRS-ACLU 00126

¯ 18 USC § 2510 governs the "realtime" interception of wire, oral, andelectronic communications.

¯ 18 USC § 2516(3)authorizes the"real time" interception of electroniccommunications.

IRS-ACLU 00127

The "real time"... transmission ofelectronic mail, computer-to-computertransmissions, facsimiletransmissions, and private videotransmissions (but not videosurveillance) are all covered by thewiretap statute.

IRS-ACLU 00128

Pen Registers & Trap andTrace Device Orders

¯ The USA PATRIOT Act amended 18USC §§ 3121, 3123, 3124, and 3127.

¯Authorizes use of pen register andtrap and trace device orders to tracecommunications on the I nternet andother computer networks.

IRS-ACLU 00129

Pen/Trap Device Orders

¯ Easy to obtain.¯ Internet equivalent of mail cover.¯ Requires authorization and approval

from SAC on Form 9170.¯ Requires CIS and AUSA involvement.

IRS-ACLU 00130

Pen/Trap Device OrderRequirements

¯ AUSA is a "Government attorney."

¯ Information likely to be obtained isrelevant to an ongoing investigation.

¯ Electronic communications have beenor continue to be used to further theoffense under investigation.

IRS-ACLU 00131

Preservation. of Evidencea n d P reve n t= n g D i s c I o s u re

¯ ECPA contains two provisions to aidlaw enforcement officials whenworking with ISPs.

¯Two provisions include:¯ Preservation of Evidence¯ Orders Not to Disclose

IRS-ACLU 00132

ISP Preservation Letters

¯ Pursuant to 18 USC § 2703(f),Internet Service Providers (ISPs) willpreserve information related to asubscriber or customer for 90 days,which may be extended by a secondrequest for an additional 90 days.

IRS-ACLU 00133

Orders Not to Disclose

¯ Pursuant to 18 USC § 2705(b),agents can apply for a court orderdirecting network service providersnot to disclose the existence ofcompelled process whenever theGovernment itself has no legal duty tonotify the customer of the process.

IRS-ACLU 00134

On.lin.ea rinciples for FederalCr=m=n Investigations

¯ Developed by inter-agency workinggroup.

¯ Adopted by AG on 11/22/99, and

Under Secretary for Enforcement atTreasury.

¯ Also in use at DoD, USPS, and IGoffices.

IRS-ACLU 00135

Online Principles

¯ Static sources.¯ User/network identifying information.¯ Acquiring "real time" communications.¯ Restricted sources.¯ Communicating online.¯ Undercover operations.

IRS-ACLU 00136

Online Principles

¯ Online undercover facilities.¯ Appropriating identity with consent.

¯Appropriating identity withoutconsent.

¯ Off-duty use of the I nternet.¯ International considerations.

IRS-ACLU 00137

Summary

¯ The I nternet provides a wealth ofinformation that may have relevanceto CI investigations.

¯ I nternet communications and/ortransactions may be importantevidence to investigators.

IRS-ACLU 00138

¯ There are many tools which exist tohelp criminal investigators gatherevidence related to the subiects’presence on the Internet.

¯ "Real time" intercepts is anotherinvestigative approach to consider.

IRS-ACLU 00139

¯ Pen registers and trap and tracedevices may be appropriateinvestigative steps.

¯ Generally, the policies that governinvestigations in the physical worldalso apply to cyberspace.

IRS-ACLU 00140

Internet Surveillance & Tracking Electronic Data

Documents

Transcript of Internet Surveillance & Tracking Electronic Data