Embed Size (px)
Citation preview
Constitutional Amendments & Digital Forensics
Computer ForensicsBACS 371
Topic Outline
1st, 4th, 5th, and 14th Amendments Probable Cause Search & Seizure 4th Amendment Exceptions Warrants Subpoenas
2
Constitutional Amendments The U.S. Constitution was originally ratified
with 10 Amendments, now called “The Bill of Rights”
The 4 Amendments that most closely relate to digital forensics are: 1st Amendment – Freedom of religion, speech,
& press
4th Amendment – Protection against search & seizure
5th Amendment – Self incrimination, due process
14th Amendment – Equal protection, due process
3
Constitutional Amendments
1st Amendment “Congress shall make no law
respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.”
4
Forensics and the 1st Amendment
Privileged information and obscenity/child pornography are the main forensic concern that the 1st Amendment embodies.
Search warrants are not generally issued for anything that falls under the current definition of “the press.”
Subpoenas can be obtained for specific information held by a “press” entity.
There is some dispute as to whether an ISP is a provider of information or a medium of transport.
5
Constitutional Amendments
4th Amendment “The right of the people to be secure in
their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”
6
Forensics and the 4th Amendment
Key forensic impact includes: “Reasonable” search and seizure Warrants Probable cause Places to be searched Things to be seized
~Details on this later in the presentation~
7
Constitutional Amendments
5th Amendment "No person shall be held to answer for a capital, or
otherwise infamous crime, unless on a presentment or indictment of a grand jury, except in cases arising in the land or naval forces, or in the militia, when in actual service in time of war or public danger; nor shall any person be subject for the same offense to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation."
8
Forensics and the 5th Amendment Protects the right to “due process of law” at
federal level Protects against testifying against yourself
(“self incrimination”) Forcing someone to give up a password (for
encryption or login purposes) can be considered as forcing them to testify against themselves.
You can, however, require them to provide fingerprints, retina scans, voice samples which, if used to protect a system, would make evidence available for search.
9
Constitutional Amendments
14th Amendment “Section. 1. All persons born or naturalized in
the United States and subject to the jurisdiction thereof, are citizens of the United States and of the State wherein they reside. No State shall make or enforce any law which shall abridge the privileges or immunities of citizens of the United States; nor shall any State deprive any person of life, liberty, or property, without due process of law; nor deny to any person within its jurisdiction the equal protection of the laws.”
10
Forensics and the 14th Amendment Amendment was created primarily in
response to the Civil War Reinforces the concept of “due process
of law” (this time at state level) Makes most of the original bill of rights
also apply to the states. Prior to this, it was technically only applicable at the federal level.
11
Constitutional Amendments
The 4th Amendment deserves special attention as it relates to digital forensics. “The right of the people to be secure in
their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”
12
4th Amendment to U.S. Constitution It does not specify citizens of the U.S. It says
“people”; consequently, anyone physically in the boundaries of the country has this protection.
It includes corporations (since they are treated as people legally).
It does not apply to foreign nationals within the boundary of their own country.
It only applies to searches conducted by the government, not private individuals.
Has been interpreted as protecting people, not places. Only applies in situations where person has a
“reasonable expectation of privacy.”
13
Key Components to 4th Amendment1. Reasonable search and seizure2. Probable cause3. The place to be searched4. The things to be seized
Each of these has very specific legal meaning and a good deal of historical case law to back them up.
14
Notes on Key Components
The right to be secure is not unlimited. The government has the right to perform searches and seize items if it is “reasonable”. What is “reasonable” is viewed in the totality of the circumstances.
A “search” and a “seizure” are 2 separate things. Search is an infringement of a person’s privacy (including tangible and intangible).
“Seizure” is the legal act of taking something that could constitute evidence. Can be tangible (i.e., computer) or intangible (i.e., digital artifacts). (Electronic surveillance within a search has been deemed the seizure of words).
15
Notes on Key Components cont. Any evidence collected by illegal search is normally
inadmissible (so called “fruits of the poisonous tree”). This is to discourage overly aggressive search and seizure.
Probable cause is the reasonable belief that a crime has been, is being, or is about to be committed. This belief must be reliable and reasonable enough to convince a judge, court commissioner, or magistrate that it is valid.
Probable cause information is detailed in a written affidavit. It must be sworn to in front of somebody who has the power to give oaths or affirmations. (Oaths invoke “God” as a witness while affirmations do not).
Extreme details about where to search and what to look for are contained in the affidavit. This poses some problems when trying to get digital data.
16
Key Exceptions to the 4th Amendment
The 4th Amendment is not absolute. There are several exceptions where search can take place without a warrant. No “reasonable expectation of privacy” Consent Plain view Search incident to a lawful arrest Exigent Circumstances Workplace searches Inventory searches Border searchers
17
No Expectation of Privacy Exception
Katz v. United States (1967). Case that reexamined what “reasonable expectation of privacy” means.
Case dealt with recordings made in a public phone booth.
Ruling stated that going into a phone booth and closing the door gave one the expectation of privacy.
Inverse of this ruling is that statements made in a public forum (i.e., Internet, Facebook) do not have the expectation of privacy.
18
Consent Exception
If you give permission, no warrant is necessary. At any time, consent can be revoked. Consent must be given knowingly and voluntary. The scope must be understood based upon what a “typical
reasonable person” would understand it to be. The more specific and detailed the request for consent, the
better. If necessary to remove computer from its original location,
you also need consent to seize. While not required, consent in writing is best and should
notify party how to revoke consent. When joint ownership occurs, all must agree (applies to
computer with multiple sign-ons).
19
Plain View Exception
Apparent evidence in plain view can be seized without a warrant.
The officer must be in the area legally. Computers with visible contraband
showing can be seized without a warrant (but you can’t open any files manually to look for more without a warrant).
Observations of potential evidence on the Internet are public domain and may be “searched” and “seized” without a warrant. 20
Lawful Arrest Exception
Incident to a lawful arrest, officers are permitted to conduct a full search of a person’s person and the area immediately under their control.
The limited area is called the “lunge-reach-rule” and extends to the distance a person could lunge to reach a weapon or destroy evidence.
The search must be contemporaneous to the lawful arrest.
It is “reasonable” to search a pager at arrest time. No formal rules for PDA’s or cell phones (yet). So, you still need a warrant for these devices.
21
Exigent Circumstances Exception Exigent (that is, emergency)
circumstances can allow a warrantless search if the officer believes that physical harm could come to someone or evidence will be destroyed.
Frequently applies to computer equipment because it is easy to destroy.
If the officer believes that the delay needed to get the warrant will allow the evidence to be destroyed, this rule can be used.22
Workplace Search Exception
Law Enforcement personnel may search without a warrant with consent of the business in the workplace.
3rd party searches can be re-created for law enforcement (but not go beyond original search). If the 3rd party acts under the instruction of the officer, they become an “agent” of the government and have to follow the standard search rules.
Work computers can usually be searched without a warrant if there is implied consent and no expectation of privacy.
The extent of private sector search is determined by the expectation of privacy within the work environment.
23
Official Banners Eliminate Reasonable Expectation of Privacy
Inventory Search Exception
Routine collection of personal effects for inventory purposes does not require a warrant.
If obvious contraband is found, it can be seized.
Locked containers may not be searched for evidence without a warrant.
Electronic media discovered during an inventory search cannot be accessed without a search warrant.
25
Border Search Exception
Allows searches and seizures at international borders and their functional equivalent without a warrant or probable cause.
The expectation of privacy is less at the border than in the interior of the country.
Consequently, the balance between the interests of the Government and the privacy right of the individual is weighted much more favorably to the Government at the border.26
Search Warrants
27
Fundamentals of Warrants
In cases where there is no 4th Amendment exception, a search warrant is generally needed to perform a legal search.
Search Warrant – An order issued by a judge giving government officials express permission to enter an area and search for specific evidence pertaining to a specific crime.
28
Fundamentals of Warrants
Warrants Must Describe: Probable cause
A reasonable belief that a person has committed a crime (affidavit required)
Places to be searched, things to be seizedThis must be specified in detailGives government official the limited
right to violate a person’s privacy29
Drafting Warrant and Affidavit
Affidavit A sworn statement that explains the basis
for the affiant’s belief that the search is justified by probable cause
Warrant Typically a one-page form, plus
attachments, that describes the place to be searched, and the persons or things to be seized
Warrant must be executed within 10 days
30
“Reasonable Expectation of Privacy” in Computers as Storage Devices
To determine whether an individual has a reasonable expectation of privacy in information stored in a computer, it helps to treat the computer like a closed container such as a briefcase or a file cabinet.
The Fourth Amendment generally prohibits law enforcement from accessing and viewing information stored in a computer without a warrant if it would be prohibited from opening a closed container and examining its contents in the same situation.
Issues: Are individual files each considered a “closed
container?” Relinquishing control to 3rd parties
31
Warrantless Searches
Warrantless searches do not violate the 4th Amendment if: Search does not violate “reasonable
expectation of privacy”, or Falls within an established exception to the
warrant requirement (that is, the 4th Amendment exceptions covered previously).
32
Other Warrant Issues
Multiple Warrants for Network Searches
No-Knock Warrants Sneak-and-Peek Warrants Privileged Documents
33
Multiple Warrants for Network Search
When a computer network is being searched, multiple warrants may be required.
This is intended to protect the privacy of the other parties that may have data stored on the network.
A similar situation exists when a single computer has multiple logins which are owned and controlled by different people.
34
No-Knock Warrants
Unless otherwise noted, warrants must abide with the “knock and announce” rule.
Some warrants are issued as “no-knock” when: It is reasonable that the suspect may aggressively
repel the search The suspect may escape after the officer knocks It is likely that evidence will be destroyed after the
officer knocks and announces In digital cases, when a “kill switch” is
anticipated, it is common to request this type of warrant
35
Sneak & Peak Warrants
The Patriot Act of 2001 provided a new tool called “delayed notice” warrant (aka “sneak & peak”).
This allows notification of the search to be delayed up to 90 days.
Under normal circumstances, officers cannot seize evidence; however, judges can allow exceptions.
For digital forensics, this would allow the officer to secretly make a copy of a computer file found during the secret search.
36
Privileged Documents
Some documents are not generally available via warrant (and hence are not “discoverable”).
These are called “privileged documents” and generally fall into the following categories. Attorney-client Doctor-patient Work product content Protected intellectual property
37
Subpoenas
A subpoena is not the same thing as a warrant. A subpoena does not give the right to search a
person or location. Subpoenas do not give the right to seize any
material evidence. A subpoena can do 2 things:
1. Command a person to appear (in person or with evidence)
2. Command a person or organization to surrender (or allow examination) of specified tangible evidence
38
Computer Specific Statues
Computer Fraud and Abuse Act of 1986 (18 USC § 1030) Child Pornography Protection Act (CPPA) Telecommunications Reform Act of 1996 Federal Wiretap Act Stored Communications Act Electronic Communication Privacy Act of 1986 Communications Assistance for Law Enforcement Act
(CALEA) of 1994 – Amended in 2994 to include cell phones) Title III of the Omnibus Crime Control and Safe Streets Act
of 1968 Foreign Intelligence Surveillance Act (FISA) of 1978 Comprehensive Crime Control Act of 1984 Privacy Protection Act of 1980 Digital Millennium Copyright Act (DMCA??)
39
