20140314 Belgian Senate Judicial action of police on social media
-
Upload
luc-beirens -
Category
News & Politics
-
view
3.284 -
download
2
description
Transcript of 20140314 Belgian Senate Judicial action of police on social media
Belgian Senate Brussels, 14 March 2014
Luc Beirens Federal Computer Crime Unit
1101011001110110110011010100010
Give input for reflexions
on judicial action on social media
Why we need new solutions
Even in an era of NSA ...
(c) 2014 Luc Beirens - Federal Computer Crime Unit
Judicial actions
Basic principles of police interventions
Pre digital era methods
Footprint & digital footprint
Digital era impact on police methods
Problems
Solutions
(c) 2014 Luc Beirens - Federal Computer Crime Unit
Detect & stop crime
Gather evidence
Identify and arrest criminal(s)
Bring him to court
Execute court decisions
(c) 2014 Luc Beirens - Federal Computer Crime Unit
(c) 2014 Luc Beirens - Federal Computer Crime Unit
To maintain law and order in cyberspace
Detect crime in cyberspace ? => patrolling => Privacy intrusion ?
Identify users (criminals, victims) in cyberspace Locate communications geographically and in time Identify correspondents => contact network Gather and analyse electronic evidence
Protect ourselves and methods Enforce court decisions also in cyberspace
Legality • Police action must be based on legal provisions
(general law / police specific law)
Loyalty
• Whenever in action :
give proof of your quality as policeman except when legally allowed not to do so
(c) 2014 Luc Beirens - Federal Computer Crime Unit
Goals of criminals Money
Power / influence
Banks /
moneytransport
Merchants / politicians
Activities Traces Police methods
-Meeting crime
partners
-Search victims
-Reconnaissance
-Perpetrate crime
-Hide criminal
proceeds
-Wipe out – traces ??
- seen with victim
- present on crime
scene
- paper traces
- material traces
-Interrogate witnesses
-Use informants
-House searches
-Forensic analysis of
traces
Location of the crime Physically present
in our jurisdiction
We were territorially
competent
(c) 2014 Luc Beirens - Federal Computer Crime Unit
Made by himself
Not intentionally created
Unique
Proof of presence
Non intentional safeguarding
Non intentional erasure
(c) 2010 Luc Beirens - Federal Computer Crime Unit
House search and closed door => proportionate force allowed to open the door => use lock smith or special forces
Telecom interceptions with help of operator
Special investigative measures • Observation / infiltration / informants
• Use of fictive identity : only For serious crime and if serious indications available
after very strict evaluation procedure
(c) 2014 Luc Beirens - Federal Computer Crime Unit
Nearly everyone • has a computer
• has a mobile phone
• has a digital camera
• is internet connected
Every company is present on the net
• is connecting more and more internal networks
Wireless connections become dominant
(c) 2014 Luc Beirens - Federal Computer Crime Unit
Text spreadsheet
Presentations
E-mails
Music
Pictures
Movies
E-Banking
Social networking
Instant messaging
Blogging
Twittering
(c) 2010 Luc Beirens - Federal Computer Crime Unit (c) 2014 Luc Beirens - Federal Computer Crime Unit
(c) 2014 Luc Beirens - Federal Computer Crime Unit
Cloud computing & virtualization • Data and applications in the cloud for enterprises and enduser
• Security depends on cloud provider (too often still user id & pw)
Social media : integrators and identity providers
• bring access to all your internet services together
Geolocated services • Based on location – user or device based signal
• Buddy list information
• Commercial links
Instant broadcasting of information
Internet of things everything connected
(c) 2014 Luc Beirens - Federal Computer Crime Unit
(c) 2014 Luc Beirens - Federal Computer Crime Unit
(c) 2014 Luc Beirens - Federal Computer Crime Unit
Very dynamical digital footprint (based on user actions) Dispersed over different systems (internet) Often very easily searchable and accessable
A lot of people give an awfull lot of private information
free on the internet in different formats (identity, education, contact, family, social life)
Information storage is moving towards internet accounts
Who are these service providers ? Do they want to help end users ? How do they take care (or not) of your data ?
(c) 2014 Luc Beirens - Federal Computer Crime Unit
They are so much like everyone else • Communication with friends / collegues • Show off their wealth (voyages / parties ...)
Search for & communication with victims Getting personal data of victim
Creation of false profiles Hacking & abuse of existing profiles Vector for infection with malware
Abuse of profiles buying possibilities
(c) 2014 Luc Beirens - Federal Computer Crime Unit
Encryption tools • Storage / Communication end to end
• Unability for police / authorities to make effective legal intercept
to get to the content of stored information
Peer 2 peer applications • No more central provider
• Hiding escaping from responsability
Strong authentication procedures
(c) 2014 Luc Beirens - Federal Computer Crime Unit
Goals of criminals Money
Power / influence
Banks /
moneytransport
Merchants / politicians
Activities Traces Police methods
-Meeting crime partners
-Search victims
-Reconnaissance
-Perpetrate crime
-Hide criminal proceeds
-Wipe out – traces ??
- not seen with victim
- not present on crime
scene
- no paper traces
- no material traces
-Only digital traces
-Interrogate witnesses ?
-Use informants
-House searches
-Forensic analysis of
traces
Location of the crime Not physically present
in our jurisdiction
are we were competent
territorially?
(c) 2014 Luc Beirens - Federal Computer Crime Unit
EU directive 54 / 2002 • obligation to delete / anonimize traces of electronic
communications after end of comm. • except if there is a national law that obliges it
EU directive 24/2006 • tries to harmonize EU national laws • general dataretention for traffic data for all users • between 6 and 24 months • Carrier / internet access / IP telephony & e-mail • Not about content • Resistance in implementation • Invalidated laws by consitutional courts in DE and RO • BE implementation since 2013 => 12 month
(c) 2014 Luc Beirens - Federal Computer Crime Unit
EU Directive • 2006 : for technology of 2005 (pre social media)
• Only for EU member states
• Not for social media
• Didn’t regulate organizational aspects (exchange formats / time frames / technical)
Very strict legal limitations to obtain • Prosecutor / Investigating judge
• Serious crime ?
• => slowing down identification process
(c) 2014 Luc Beirens - Federal Computer Crime Unit
Internet
access
Internet
Services
Internet access
E-m
ail
IP T
ele
ph
on
y
Web
pu
bli
sh
Ch
at
Insta
nt
messen
gin
g
New
sg
rou
ps
Co
mm
un
itie
s
Peer
2 P
eer
Vid
eo
-
co
nfe
ren
ce
SM
S g
ate
way
....
Signal
carrier
Fix
ed
lin
es
Tele
ph
on
y
Mo
bil
e
Te
lep
ho
ny
xD
SL
Cab
le
WIM
AX
Sa
teli
te
tele
ph
on
y
....
....
(c) 2014 Luc Beirens - Federal Computer Crime Unit
(c) 2014 Luc Beirens - Federal Computer Crime Unit
Data freeze : keep available data from moment of request
Data preservation start storing comm. data from moment of request
These instruments are needed but not sufficient • no proof – no traces of criminal activity
if “one time attack” e.g. terrorism
• does not show links with crimes that happend in the past (links with places where crimes happened)
• does not show networks if actor is arrested
Network investigations (art 88 ter BE Crim Proc C) • No hacking allowed ? (opening doors ?)
Intelligence purposes • Look and find criminals “digital identity”
• Verify content of social media profile
Often need for “own” profile to use service
Using our own ”real” identity (?) => risk for private life
Fictive identity (?) => based on which law
Gathering evidence
• Public available content / request IP-addresses
(c) 2014 Luc Beirens - Federal Computer Crime Unit
RCCU => specialized ICT forensics Are social media “specialized”
Via FCCU : identity data and historical connexion data to international ISPs Microsoft, Facebook, Google,... On voluntary base => no obligation No content / no complete answers Risks cfr Twitter
But every case officer should know National security plan => training
(c) 2014 Luc Beirens - Federal Computer Crime Unit
The old investigation methods are not
so effective anymore
Social media : international (USA) providers Sometimes difficult to contact / get cooperation
Ineffective in removing content from social
media even when there is a court decision
(no international directive => volontary)
(c) 2014 Luc Beirens - Federal Computer Crime Unit
Necessity for new laws ? • Extended data retention => legal obligation • “Infiltration” light / use of fictive identity to patrol • Legal hacking Opening the digital locker
Get access to be able to intercept before encryption
• Obligations to remove / block content for social media
International legal framework
Organizational matters
• Collaboration with internet service providers to automate exchange (national & international) => faster / improved transparency
(c) 2014 Luc Beirens - Federal Computer Crime Unit
Vragen ?
Federal Judicial Police Direction for Economical and Financial crime
Federal Computer Crime Unit Notelaarstraat 211 - 1000 Brussels – Belgium
Tel office : +32 2 743 74 74 E-mail : [email protected] Twitter : @LucBeirens Slides : www.slideshare.net/lucbeirens
(c) 2014 Luc Beirens - Federal Computer Crime Unit