1.2.1 ISPS Code Responsibilities > ISPS Module Ship in Service Training Material.
1 ISPs and Federal Privacy Law: Everything You Need to Know About the Electronic Communications...
-
Upload
patrick-arnold -
Category
Documents
-
view
217 -
download
1
Transcript of 1 ISPs and Federal Privacy Law: Everything You Need to Know About the Electronic Communications...
1
ISPs and Federal Privacy Law:ISPs and Federal Privacy Law:Everything You Need to Know Everything You Need to Know
About the Electronic About the Electronic Communications Privacy Act Communications Privacy Act
(ECPA)(ECPA)
Mark EckenwilerMark Eckenwiler
Computer Crime and Intellectual Property SectionComputer Crime and Intellectual Property SectionU.S. Department of JusticeU.S. Department of Justice
2
The Computer Crime and The Computer Crime and Intellectual Property SectionIntellectual Property Section
Founded in 1991 as Computer Crime UnitFounded in 1991 as Computer Crime Unit Current staff of 22 attorneysCurrent staff of 22 attorneys Mission of CCIPSMission of CCIPS
– Combat computer crime and IP crimesCombat computer crime and IP crimes– Develop enforcement policyDevelop enforcement policy– Train agents and prosecutorsTrain agents and prosecutors– Contribute to public awareness of the issuesContribute to public awareness of the issues– Promote international cooperationPromote international cooperation– Propose and comment on federal legislationPropose and comment on federal legislation
3
Why You Might Care Why You Might Care About ECPAAbout ECPA
Comprehensive privacy framework for Comprehensive privacy framework for communications providerscommunications providers
Regulates conduct betweenRegulates conduct between– different usersdifferent users– provider and customerprovider and customer– government and providergovernment and provider
Civil and criminal penalties for violationsCivil and criminal penalties for violations Note: state laws may impose additional Note: state laws may impose additional
restrictions/obligationsrestrictions/obligations
4
Why ECPA Matters toWhy ECPA Matters toLaw EnforcementLaw Enforcement
As people take their lives online, crime As people take their lives online, crime follows; no different from the real worldfollows; no different from the real world
Online records are often the key to Online records are often the key to investigating and prosecuting criminal activityinvestigating and prosecuting criminal activity– ““cyber” crimes (network intrusions)cyber” crimes (network intrusions)
– traditional crimes (threats, fraud, etc.)traditional crimes (threats, fraud, etc.) ECPA says how and when government can ECPA says how and when government can
(and cannot) obtain those records(and cannot) obtain those records
5
Substantive ProvisionsSubstantive Provisionsof ECPAof ECPA
Or, Or,
Everything you know is wrongEverything you know is wrong
6
ECPA & The Courts:ECPA & The Courts:A Love AffairA Love Affair
““famous (if not infamous) for its lack of clarity”famous (if not infamous) for its lack of clarity”– Steve Jackson Games v. United States Secret Service,Steve Jackson Games v. United States Secret Service,
36 F.3d 457, 462 (5th Cir. 1994)36 F.3d 457, 462 (5th Cir. 1994) ““fraught with trip wires”fraught with trip wires”
– Forsyth v. BarrForsyth v. Barr, 19 F.3d 1527, 1543 (5th Cir. 1994), 19 F.3d 1527, 1543 (5th Cir. 1994) ““a fog of inclusions and exclusions”a fog of inclusions and exclusions”
– Briggs v. American Air FilterBriggs v. American Air Filter, 630 F.2d 414, 415 , 630 F.2d 414, 415 (5th Cir. 1980)(5th Cir. 1980)
7
The MatrixThe Matrix
Acquisition inReal Time
HistoricalInformation
Contents ofCommunications
Other Records(Subscriber andTransactionalData)
8
Real-Time Acquisition of Real-Time Acquisition of Communications (Interception)Communications (Interception)
The default rule under § 2511(1): do not The default rule under § 2511(1): do not – eavesdrop on others’ communicationseavesdrop on others’ communications
– use or disclose illegally intercepted contentsuse or disclose illegally intercepted contents Applies to oral/wire/electronic comms.Applies to oral/wire/electronic comms. Violations may lead toViolations may lead to
– criminal penalties (5-year felony) [§ 2511(4)]criminal penalties (5-year felony) [§ 2511(4)]» exception for first offense, wireless comms.exception for first offense, wireless comms.
– civil damages of $10,000 per violationcivil damages of $10,000 per violation
– suppressionsuppression
9
Relevance to Computer Relevance to Computer NetworksNetworks
Makes it illegal to install an unauthorized Makes it illegal to install an unauthorized packet snifferpacket sniffer
In several recent federal prosecutions, In several recent federal prosecutions, defendants have pled guilty to interception defendants have pled guilty to interception violations violations – e.g.e.g., Cloverdale minors, Cloverdale minors
10
Exceptions to the Exceptions to the General ProhibitionGeneral Prohibition
Publicly accessible system [§ 2511(2)(g)(i)]Publicly accessible system [§ 2511(2)(g)(i)]– open chat room/IRC channelopen chat room/IRC channel
Consent of a partyConsent of a party System provider privilegesSystem provider privileges Court-authorized interceptsCourt-authorized intercepts
11
Consent of a PartyConsent of a Party
May be implied throughMay be implied through– login bannerlogin banner– terms of serviceterms of service
Implied consent may give an ISP authority Implied consent may give an ISP authority to pass information to law enforcement and to pass information to law enforcement and other officialsother officials
12
System Operator PrivilegesSystem Operator Privileges
Provider may monitor private real-time Provider may monitor private real-time communications communications to protect its rights or propertyto protect its rights or property [§ 2511(2)(a)(i)][§ 2511(2)(a)(i)]– e.g.e.g., logging every keystroke typed by a suspected , logging every keystroke typed by a suspected
intruderintruder– phone companies more restricted than ISPsphone companies more restricted than ISPs
Under same subsection, a provider may also Under same subsection, a provider may also intercept communications if inherently intercept communications if inherently necessary to providing the servicenecessary to providing the service
13
Court-Authorized MonitoringCourt-Authorized Monitoring
Requires a kind of “super-warrant”Requires a kind of “super-warrant”
– a/k/a “Title III order” (or T-3)a/k/a “Title III order” (or T-3)– § 2518§ 2518
Good for 30 days maximumGood for 30 days maximum Necessity, minimization requirementsNecessity, minimization requirements Ten-day reportingTen-day reporting SealingSealing
14
Types of Wiretap OrdersTypes of Wiretap OrdersYou May EncounterYou May Encounter
KeystrokingKeystroking– common in network intrusion casescommon in network intrusion cases
Cloning an e-mail accountCloning an e-mail account
15
The MatrixThe Matrix
Acquisition inReal Time
HistoricalInformation
Contents ofCommunications
Title III order or consent,generally
Other Records(Subscriber andTransactionalData)
16
Real-Time Transactional RecordsReal-Time Transactional Records
The pen register/trap and trace statute (same as The pen register/trap and trace statute (same as for telephones) appliesfor telephones) applies
Law enforcement may obtain a court order to Law enforcement may obtain a court order to gather prospective non-content information gather prospective non-content information about a user, such asabout a user, such as– addresses on in/outbound e-mailaddresses on in/outbound e-mail– inbound FTP connectionsinbound FTP connections– where remote user is logging in from (dialup? where remote user is logging in from (dialup?
remote IP address?)remote IP address?)
17
The MatrixThe Matrix
Acquisition inReal Time
HistoricalInformation
Contents ofCommunications
Title III order or consent,generally
Other Records(Subscriber andTransactionalData)
Pen register/trap and traceorder or consent
19
Dichotomies ‘R’ UsDichotomies ‘R’ Us
Permissive disclosure vs. mandatoryPermissive disclosure vs. mandatory– ““may” vs. “must”may” vs. “must”
Content of communications vs. non-contentContent of communications vs. non-content– contentcontent
» unopened e-mail vs. opened e-mailunopened e-mail vs. opened e-mail
– non-contentnon-content» transactional records vs. subscriber informationtransactional records vs. subscriber information
Basic rule: content receives more protectionBasic rule: content receives more protection
20
Penalties for Stored Records & Penalties for Stored Records & Communications ViolationsCommunications Violations
Civil remedies [18 U.S.C. § 2707]Civil remedies [18 U.S.C. § 2707]– $1,000 minimum per violation$1,000 minimum per violation– attorneys’ feesattorneys’ fees
Criminal remedies [§ 2701]Criminal remedies [§ 2701]– only for accessing stored communications only for accessing stored communications
without authorization (without authorization (e.g.e.g., one user snooping , one user snooping in another’s inbox)in another’s inbox)
– inapplicable to the provider [§ 2701(c)(3)]inapplicable to the provider [§ 2701(c)(3)]
21
Subscriber Content Subscriber Content and the System Providerand the System Provider
Any provider may freely Any provider may freely readread stored stored e-mail or files of its customerse-mail or files of its customers– Bohach v. City of RenoBohach v. City of Reno, 932 F. Supp. 1232 (D. , 932 F. Supp. 1232 (D.
Nev. 1996) (pager messages)Nev. 1996) (pager messages) While ECPA imposes no prohibition, While ECPA imposes no prohibition,
contractual agreement with customer may contractual agreement with customer may limit right of accesslimit right of access
22
Public Providers and Public Providers and Permissive DisclosurePermissive Disclosure
General rule: a public provider (General rule: a public provider (e.g.e.g., an ISP) , an ISP) may not freely may not freely disclosedisclose customer content to customer content to others [18 U.S.C. § 2702]others [18 U.S.C. § 2702]
Exceptions includeExceptions include– subscriber consentsubscriber consent– necessary to protect rights or property of service necessary to protect rights or property of service
providerprovider– to law enforcement if contents inadvertently to law enforcement if contents inadvertently
obtained, pertains to the commission of a crimeobtained, pertains to the commission of a crime
23
Government Access to Stored Government Access to Stored Communications ContentCommunications Content
For unretrieved e-mail < 181 days old For unretrieved e-mail < 181 days old stored on a provider’s system, government stored on a provider’s system, government must obtain a search warrant [18 U.S.C. must obtain a search warrant [18 U.S.C. § 2703(a)]§ 2703(a)]– Warrant operates like a subpoenaWarrant operates like a subpoena
24
Government Access to Stored Government Access to Stored Communications ContentCommunications Content
For opened e-mail (or other stored files), For opened e-mail (or other stored files), government may send provider a subpoena government may send provider a subpoena and notify subscriber in advance and notify subscriber in advance [18 U.S.C. [18 U.S.C. § 2703(b)]§ 2703(b)]– government may delay notice 90 days in certain government may delay notice 90 days in certain
cases (§ 2705(a))cases (§ 2705(a))– no notice to subscriber required if not a no notice to subscriber required if not a
provider “to the public”provider “to the public”
25
The MatrixThe Matrix
Acquisition inReal Time
HistoricalInformation
Warrant (for unopenedemail) or consent
Contents ofCommunications
Title III order or consent,generally
Subpoena with notice (forfiles, opened e-mail) orconsent
Other Records(Subscriber andTransactionalData)
Pen register/trap and traceorder or consent
26
Permissive Disclosure and Non-Permissive Disclosure and Non-Content Subscriber InformationContent Subscriber Information
Rule is short and sweetRule is short and sweet Provider may disclose non-content records Provider may disclose non-content records
to anyone to anyone exceptexcept a governmental entity a governmental entity Government needs Government needs
– appropriate legal process appropriate legal process – or consent of subscriberor consent of subscriber
27
The Two Categories ofThe Two Categories ofNon-Content InformationNon-Content Information
Basic subscriber informationBasic subscriber information– §2703(c)(1)(C)§2703(c)(1)(C)
Transactional recordsTransactional records– § 2703(c)(1)(B)§ 2703(c)(1)(B)
28
Basic Subscriber InformationBasic Subscriber Information
Can be obtained through subpoenaCan be obtained through subpoena Provider must give governmentProvider must give government
– name of subscribername of subscriber– addressaddress– local and LD telephone toll billing recordslocal and LD telephone toll billing records– telephone number or other account identifiertelephone number or other account identifier– type of service providedtype of service provided– length of service rendered length of service rendered
29
Transactional RecordsTransactional Records
Not content, not basic subscriber infoNot content, not basic subscriber info Everything in betweenEverything in between
– past audit trails/logspast audit trails/logs– addresses of past e-mail correspondentsaddresses of past e-mail correspondents
Government may compel via a “section Government may compel via a “section 2703(d) court order”2703(d) court order”
30
Section 2703(d) Court OrdersSection 2703(d) Court Orders
a/k/a “articulable facts” order a/k/a “articulable facts” order – ““specific and articulable factsspecific and articulable facts showing that showing that
there are reasonable grounds to believe that [the there are reasonable grounds to believe that [the specified records] are specified records] are relevant and material to relevant and material to an ongoing criminal investigationan ongoing criminal investigation””
A lower standard than probable causeA lower standard than probable cause Like warrant (& unlike subpoena), requires Like warrant (& unlike subpoena), requires
judicial oversight & factfindingjudicial oversight & factfinding
31
The MatrixThe Matrix
Acquisition inReal Time
HistoricalInformation
Warrant (for unopenedemail) or consent
Contents ofCommunications
Title III order orconsent, generally
Subpoena with notice (forfiles, opened e-mail) orconsent; may delay notice
Subpoena (for basicsubscriber info only),consent
Other Records(Subscriber andTransactionalData)
Pen register/trap andtrace order or consent
2703(d) “specific andarticulable facts” courtorder (for all other non-content records), consent
32
Summary: Summary: Legal Process & ECPALegal Process & ECPA Warrant Warrant
– unopened e-mailunopened e-mail Court order under § 2703(d)Court order under § 2703(d)
– transactional recordstransactional records SubpoenaSubpoena
– opened e-mail, unopened e-mail >180 days old, or stored files opened e-mail, unopened e-mail >180 days old, or stored files – basic subscriber infobasic subscriber info
Higher-order process always validHigher-order process always valid– e.g., warrant can compel transactional logse.g., warrant can compel transactional logs
33
ECPA In Practice: A ScenarioECPA In Practice: A Scenario
A victim reports a threat of physical injury via A victim reports a threat of physical injury via e-mail from [email protected] from [email protected]
To determine StalkNU’s identity, gov’t would To determine StalkNU’s identity, gov’t would serve a serve a on isp.com on isp.com
For the target’s login records, gov’t serves a For the target’s login records, gov’t serves a ______________ on isp.com on isp.com
To obtain all the e-mail (opened and unopened) To obtain all the e-mail (opened and unopened) in target’s account, gov’t serves a in target’s account, gov’t serves a ________________
34
Preclusion of NoticePreclusion of Notice
In criminal investigations, general policy is In criminal investigations, general policy is to avoid tipping off targetto avoid tipping off target
Under ECPA, government may ask a court Under ECPA, government may ask a court to prohibit ISP from notifying subscriber to prohibit ISP from notifying subscriber that records have been requested from ISP that records have been requested from ISP [§ 2705(b)][§ 2705(b)]
35
§ 2703(f) Requests to Preserve§ 2703(f) Requests to Preserve
Government can ask for any existing Government can ask for any existing records (content or non-content) to be records (content or non-content) to be preservedpreserved– no court order requiredno court order required– does not apply prospectivelydoes not apply prospectively
Government must still satisfy the usual Government must still satisfy the usual standards if it wants to standards if it wants to receivereceive the the preserved datapreserved data
36
SummarySummary
For better or worse, ECPA shapes your For better or worse, ECPA shapes your destinydestiny
Benefits of understanding (and complying Benefits of understanding (and complying with) the statute includewith) the statute include– avoiding civil & criminal liabilityavoiding civil & criminal liability– smoother relations with law enforcementsmoother relations with law enforcement