Select Page

Cybercrime
University of Mississippi School of Law
Clancy, Thomas K.

 
Cybercrime :: Clancy :: Fall 2013
 
CLASS #1 – INTRODUCTION
 
1.      “Cybercrime”
a.       “Computer crime”
b.      “Network crime”
c.       “Computer-related crime”
d.      “Computer-facilitated crime”
e.       “High tech crime”
f.        “Internet crime” or “Online crime”
g.       “Information age crime”
h.      Any crime in which a computer or other digital device plays a role, and thus involved digital evidence.
2.      Data Generated in 2010
a.       1200 trillion gigabytes (1.2 zettabytes)
b.      89 stacks of books each reaching from Earth to Sun
c.       22 million times all books ever written
d.      Need more than 750 million iPods to hold it
e.       90 trillion emails sent in 2009
3.      Projections
a.       In 2020
                                                   i.      35 zettabytes will be produced
                                                 ii.      All words ever spoken, written 7 times
4.      Some New Crimes but Many New Techniques
a.       Computer as a Target
                                                   i.      Unauthorized access, damage, theft
                                                 ii.      Spam, viruses, worms
                                               iii.      Denial of service attacks
b.      Computer as a Tool
                                                   i.      Fraud
                                                 ii.      Threats, harassment
                                               iii.      Child pornography
c.       Computer as a Container
                                                   i.      From drug dealer records to how to commit murder
5.      Just a Murder!
a.       Studied currents
b.      Researched bodies of water (including San Fran Bay)
c.       How to make cement anchors
d.      Tide charts
6.      State v. Carroll, 778 N.W.2d 1 (Wis. 2010)
a.       Charge – possession of firearm by felon
b.      Pic on cellphone of him holding automatic weapon
c.       Expert
                                                   i.      Metadata – date/time image created
                                                 ii.      Date/time automatically updated by cell towers
7.      Challenges
a.       Criminals using technology
b.      Increasing ubiquity of digital devices
c.       “Convergence”
d.      Growth of data storage capacities
e.       Reductions in sizes of devices and media
f.        Crime “migration” to Internet
 
INTRO TO PART 1 – COMPUTER SEARCHES AND SEIZURES
 
1.      Overview of Locations of Digital Evidence
a.       Is 4A applicable? Satisfied?
2.      There’s conceptual difficulties of applying traditional doctrines to digital evidence.
3.      Published Search and Seizure Appellate Court Decisions
a.       298 Total
b.      203 Child Porn (68%)
4.      “Outside the Box” Topics
a.       Internet investigations
b.      Statutory Protections
                                                   i.      Stored Communications Act
                                                 ii.      Wiretap Act
                                               iii.      Pen Register / Trap and Trace
5.      Lots of Developing Issues
a.       Applying established rules to digital evidence containers
b.      Example – searches incident to arrest
6.      FISA
a.       Picture of The Guardian – “US Orders Phone Firm to Hand Over Data on Millions of Calls”
7.      Voluntary Disclosure
a.       Assume the risk?
 
INTRO TO PART #2 – COMPUTER CRIMES
 
1.      Lots of new crimes / ways to commit old ones
2.      Child Porn: “Possession”?
a.       Images viewed online are automatically saved to temporary Internet files/cache
b.      Images can be reviewed and manipulated even when only in cache files
c.       Images deleted after viewing are still recoverable
d.      When does a user “exercise dominion and control” over the images?
3.      New Crimes, Ways of Committing Crimes
a.       How to police the Internet?
                                                   i.      New crimes needed?
b.      How criminals are using the Internet?
4.      Virtual Worlds
a.       Avatars – Graphical representation of you.
                                                   i.      Note – it’s probably not a realistic depiction.
5.      Crimes
a.       Child porn and related crimes
b.      Property crimes
                                                   i.      CFAA
                                                 ii.      Intellectual property theft
c.       Spyware, adware, phishing, spam, ID theft
d.      Threats, harassment, bullying, hate speech
6.      Virtual Porn
a.       Rooms in virtual porn
 
PART ONE – SEARCH AND SEIZURE OF DIGITAL EVIDENCE
 
CLASS #2 – OBTAINING DIGITAL EVIDENCE – AN INTRODUCTION
 
Typical Investigative Steps and Legal Framework
 
1.      US v. Perrine, 518 F.3d 1196 (10th Cir. 2008)
a.       Vanlandingham Tells Police
                                                   i.      In Yahoo chat room using screen name “dana_hotlips05,” he chatted w/ “stevedragonslayer”
                                                 ii.      “Stevedragonslayer” invited him to watch web cam video of nude 6 to 9 year old girls
                                               iii.      V informs “stevedragonslayer” he likes “young hard stuff”
                                               iv.      “Stevedragonslayer” plays videos of young girls in explicit sexual acts
                                                 v.      V gives police a copy of the chat room conversation
2.      Police use ECPA to get Yahoo Subscriber info for screen name “stevedragonslayer”
a.       Records – “stevedragonslayer” logged onto Yahoo website from address 68.103.177.146
3.      Electronic Communications Privacy Act (ECPA)
a.       Regulates disclosure of electronic communications and subscriber information
b.      IP (Internet Protocol) address is unique to specific computer at any one time
4.      Yahoo records show “stevedragonslayer” logged onto Yahoo website from IP address 68.103.177.146.
a.       What do you do next?
                                                   i.      Go to IP locator service
5.      Publicly Available Tools: No Legal Regulation
a.       Search engines, public websites, chat rooms, etc.
b.      Info available using advanced Internet tools
                                                   i.      NS lookup, Whois, Finger, Traceroute, Ping
                                                 ii.      Domain names, IP addresses, networks, contact persons
6.      Perrine – IP address assigned to C

   Wiretap Act (for content)
2.      Pen/Trap (for non-content)
                                               iii.      AOL Server – Temporary Storage à
1.      Stored Communications Act
                                               iv.      NOT stored – being sent
1.      Wiretap Act (for content)
2.      Pen/Trap (for non-content)
                                                 v.      Gmail Server – Temporary Storage à
1.      Stored Communications Act
                                               vi.      NOT stored – being sent
1.      Wiretap Act (for content)
2.      Pen/Trap (for non-content)
                                             vii.      Recipient (google)
1.      Search Warrant
14.  Significant Statutory Considerations
a.       Type of Surveillance
                                                   i.      Real time vs. Stored info
b.      Type of info is gov’t seeking
                                                   i.      Content vs. non-content
15.  Real Time vs. Stored Surveillance
a.       Two Types of Network Surveillance
                                                   i.      Real Time – monitoring of communications in transit
                                                 ii.      Stored records – retrospective surveillance
b.      Statutory regulation depends on type of surveillance
16.  Type of Info Gov’t is Seeking
a.       Content – the communication itself
b.      Non-content – addressing information
17.  Compelled Production – Types of Processes under SCA
a.       Top to Bottom – applies to public and nonpublic providers à more process = more info (they’re in this order)
b.      Subpoenas
c.       Subpoenas with notice
d.      “d” orders (Sec. 2703(d))
e.       “d” orders with notice
f.        Search warrants
18.  Compelled Production – Subpoenas
a.       Subpoenas – get basic subscriber info
                                                   i.      No prior notice to subscriber needed
                                                 ii.      Name and address
                                               iii.      Session records (time, duration)
                                               iv.      Telephone number
                                                 v.      Length of service, including starting date
                                               vi.      Types of services used
                                             vii.      Dynamic IP addresses
                                           viii.      Connection and session logs
                                               ix.      Means of payment (credit card, bank account numbers)