20140314 Belgian Senate Judicial action of police on social media

Belgian Senate Brussels, 14 March 2014

Luc Beirens Federal Computer Crime Unit

1101011001110110110011010100010

Give input for reflexions

on judicial action on social media

Why we need new solutions

Even in an era of NSA ...

(c) 2014 Luc Beirens - Federal Computer Crime Unit

Judicial actions

Basic principles of police interventions

Pre digital era methods

Footprint & digital footprint

Digital era impact on police methods

Problems

Solutions


Detect & stop crime

Gather evidence

Identify and arrest criminal(s)

Bring him to court

Execute court decisions



To maintain law and order in cyberspace

Detect crime in cyberspace ? => patrolling => Privacy intrusion ?

Identify users (criminals, victims) in cyberspace Locate communications geographically and in time Identify correspondents => contact network Gather and analyse electronic evidence

Protect ourselves and methods Enforce court decisions also in cyberspace

Legality • Police action must be based on legal provisions

(general law / police specific law)

Loyalty

• Whenever in action :

give proof of your quality as policeman except when legally allowed not to do so


Goals of criminals Money

Power / influence

Banks /

moneytransport

Merchants / politicians

Activities Traces Police methods

-Meeting crime

partners

-Search victims

-Reconnaissance

-Perpetrate crime

-Hide criminal

proceeds

-Wipe out – traces ??

- seen with victim

- present on crime

scene

- paper traces

- material traces

-Interrogate witnesses

-Use informants

-House searches

-Forensic analysis of

traces

Location of the crime Physically present

in our jurisdiction

We were territorially

competent


Made by himself

Not intentionally created

Unique

Proof of presence

Non intentional safeguarding

Non intentional erasure


House search and closed door => proportionate force allowed to open the door => use lock smith or special forces

Telecom interceptions with help of operator

Special investigative measures • Observation / infiltration / informants

• Use of fictive identity : only For serious crime and if serious indications available

after very strict evaluation procedure


Nearly everyone • has a computer

• has a mobile phone

• has a digital camera

• is internet connected

Every company is present on the net

• is connecting more and more internal networks

Wireless connections become dominant


Text spreadsheet

Presentations

E-mails

Music

Pictures

Movies

E-Banking

Social networking

Instant messaging

Blogging

Twittering

(c) 2010 Luc Beirens - Federal Computer Crime Unit (c) 2014 Luc Beirens - Federal Computer Crime Unit

Cloud computing & virtualization • Data and applications in the cloud for enterprises and enduser

• Security depends on cloud provider (too often still user id & pw)

Social media : integrators and identity providers

• bring access to all your internet services together

Geolocated services • Based on location – user or device based signal

• Buddy list information

• Commercial links

Instant broadcasting of information

Internet of things everything connected


Very dynamical digital footprint (based on user actions) Dispersed over different systems (internet) Often very easily searchable and accessable

A lot of people give an awfull lot of private information

free on the internet in different formats (identity, education, contact, family, social life)

Information storage is moving towards internet accounts

Who are these service providers ? Do they want to help end users ? How do they take care (or not) of your data ?


They are so much like everyone else • Communication with friends / collegues • Show off their wealth (voyages / parties ...)

Search for & communication with victims Getting personal data of victim

Creation of false profiles Hacking & abuse of existing profiles Vector for infection with malware

Abuse of profiles buying possibilities


Encryption tools • Storage / Communication end to end

• Unability for police / authorities to make effective legal intercept

to get to the content of stored information

Peer 2 peer applications • No more central provider

• Hiding escaping from responsability

Strong authentication procedures


Goals of criminals Money

Power / influence

Banks /

moneytransport

Merchants / politicians

Activities Traces Police methods

-Meeting crime partners

-Search victims

-Reconnaissance

-Perpetrate crime

-Hide criminal proceeds

-Wipe out – traces ??

- not seen with victim

- not present on crime

scene

- no paper traces

- no material traces

-Only digital traces

-Interrogate witnesses ?

-Use informants

-House searches

-Forensic analysis of

traces

Location of the crime Not physically present

in our jurisdiction

are we were competent

territorially?


EU directive 54 / 2002 • obligation to delete / anonimize traces of electronic

communications after end of comm. • except if there is a national law that obliges it

EU directive 24/2006 • tries to harmonize EU national laws • general dataretention for traffic data for all users • between 6 and 24 months • Carrier / internet access / IP telephony & e-mail • Not about content • Resistance in implementation • Invalidated laws by consitutional courts in DE and RO • BE implementation since 2013 => 12 month


EU Directive • 2006 : for technology of 2005 (pre social media)

• Only for EU member states

• Not for social media

• Didn’t regulate organizational aspects (exchange formats / time frames / technical)

Very strict legal limitations to obtain • Prosecutor / Investigating judge

• Serious crime ?

• => slowing down identification process


Internet

access

Internet

Services

Internet access

E-m

ail

IP T

ele

ph

on

y

Web

pu

bli

sh

Ch

at

Insta

nt

messen

gin

g

New

sg

rou

ps

Co

mm

un

itie

s

Peer

2 P

eer

Vid

eo

-

co

nfe

ren

ce

SM

S g

ate

way

....

Signal

carrier

Fix

ed

lin

es

Tele

ph

on

y

Mo

bil

e

Te

lep

ho

ny

xD

SL

Cab

le

WIM

AX

Sa

teli

te

tele

ph

on

y

....

....



Data freeze : keep available data from moment of request

Data preservation start storing comm. data from moment of request

These instruments are needed but not sufficient • no proof – no traces of criminal activity

if “one time attack” e.g. terrorism

• does not show links with crimes that happend in the past (links with places where crimes happened)

• does not show networks if actor is arrested

Network investigations (art 88 ter BE Crim Proc C) • No hacking allowed ? (opening doors ?)

Intelligence purposes • Look and find criminals “digital identity”

• Verify content of social media profile

Often need for “own” profile to use service

Using our own ”real” identity (?) => risk for private life

Fictive identity (?) => based on which law

Gathering evidence

• Public available content / request IP-addresses


RCCU => specialized ICT forensics Are social media “specialized”

Via FCCU : identity data and historical connexion data to international ISPs Microsoft, Facebook, Google,... On voluntary base => no obligation No content / no complete answers Risks cfr Twitter

But every case officer should know National security plan => training


The old investigation methods are not

so effective anymore

Social media : international (USA) providers Sometimes difficult to contact / get cooperation

Ineffective in removing content from social

media even when there is a court decision

(no international directive => volontary)


Necessity for new laws ? • Extended data retention => legal obligation • “Infiltration” light / use of fictive identity to patrol • Legal hacking Opening the digital locker

Get access to be able to intercept before encryption

• Obligations to remove / block content for social media

International legal framework

Organizational matters

• Collaboration with internet service providers to automate exchange (national & international) => faster / improved transparency


Vragen ?

Federal Judicial Police Direction for Economical and Financial crime

Federal Computer Crime Unit Notelaarstraat 211 - 1000 Brussels – Belgium

Tel office : +32 2 743 74 74 E-mail : [email protected] Twitter : @LucBeirens Slides : www.slideshare.net/lucbeirens


20140314 Belgian Senate Judicial action of police on social media

News & Politics

Transcript of 20140314 Belgian Senate Judicial action of police on social media