THE FOURTH AMENDMENT RECORDS AND PRIVACY CCI 410

THE FOURTH AMENDMENT, RECORDS, AND PRIVACY (CCI 410) PERTEMUAN 13 IR. NIZIRWAN ANWAR, MT PROGRAM STUDI TEKNIK INFORMATIKA FAKULTAS ILMU KOMPUTER

The Fourth Amendment The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized @epic. org

The Fourth Amendment • Fourth Amendment + Computers • From: http: //www. usdoj. gov/criminal/cybercrime/s&smanual 2009. pdf • Reasonable Expectation of Privacy in Computers as Storage Devices : To determine whether an individual has a reasonable expectation of privacy in information stored in a computer, it helps to treat the computer like a closed container such as a briefcase or file cabinet. The Fourth Amendment generally prohibits law enforcement from accessing and viewing information stored in a computer without a warrant if it would be prohibited from opening a closed container and examining its contents in the same situation.

The Fourth Amendment • Computer 3 rd party may render 4 th amendment rights void • Example: • Getting computer fixed, technician discovers something illegal, turns you over to the police

v Bottom line: if you’re law enforcement, all this matters v Otherwise, Fourth Amendment doesn’t even apply v Doesn’t mean that you can hack into whatever you wish w/o worry. . v An individual or corporation’s right to search is governed by other laws

Privacy-Protecting Laws • Federal Wiretap Act • Covers interception of voice and electronic communications “on-the-wire” • Generally illegal to intercept electronic communication, except in certain circumstances, among those on the following slide • Provider exception • Can perform limited monitoring to protect rights and property of system under attack • Consent exception • Permission to monitor • Provider exception • Switchboard operator may overhear during call transfers • Line technician may overhear during repairs to phone lines • Court order

Digital Millennium Copyright Act • Summary here: • http: //www. copyright. gov/legislation/dmca. pdf • Expands copyright law • Makes reverse engineering illegal in many circumstances • Illegal in many circumstances to defeat access controls or anticopying techniques • Example: Buy a DVD, making a copy of the DVD involves defeating the copy protection scheme, thus illegal • “Encryption research” exceptions • So vague that if you do some “encryption research” and release the results, you should be very careful • “research” vs. distribution of copy protection circumvention techniques • Research paper documenting circumvention with lots of technical explanation vs. a program that performs circumvention

Authenticity and Reliability • Once you’ve shown proper acquisition of a digital evidence, next step is proving its authentication and reliability • Authentication means satisfying the court that • The contents of the record have remained unchanged • The information in the record does in fact originate from its purported source (human or machine) • Extraneous information is accurate • Ex) apparent date of the record • Sommer P. , “Downloads, Logs and Captures: Evidence from Cyberspace Journal of Financial Crime”, October 1997, Journal of Financial Crime http: //64. 233. 167. 104/search? q=cache: T 0 eog 1 l. MG 7 UJ: isig. lse. ac. uk/pdf/P eter. Sommer. Full. CV. pdf+Downloads, +Logs+and+Captures: +Evidence+fro m+Cyberspace+Journal+of+Financial+Crime&hl=en

Authenticity • Authentication is a two-step process • Problem – Digital evidence is mutable • Another problem – Increasing variety and complexity of computer systems • US and UK courts have accepted the testimony of individuals who are familiar with the operation of computer systems

Reliability • Once digital evidence is admitted, its reliability is assessed to determine its probative value • It will either reduce or increase the amount of weight assigned to the evidence • Previously, defending lawyers had argued that digital evidence is untrustworthy simply because there was a theoretical possibility of alteration and fabrication • However, as judges become more familiar with digital evidence, they are requiring evidence to support claims of untrustworthiness

Principles for Handling Digital Evidence 1. No action taken by police or agents should change data held on computer or media that may subsequently be relied on in court 2. Investigators must be competent and able to explain consequences of their actions 3. Audit trail should be created and preserved 4. Officer in charge of case is responsible for law and principles being adhered to http: //www. nhtcu. org/images/ACPO%20 Guide%20 v 3. 0. pdf

Why do we care about privacy • Why do you care, or not, about privacy? • Why does society protect it, or not?

What does it protect? • Literally … ? • Figuratively … ?

Scope of 4 th A Protection • The 4 th Amendment : • The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but on probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the person or things to be seized.

Scope of 4 th A Protection • Smith vs. Maryland, 1979 • individuals have no legitimate expectation of privacy in the phone numbers they dial, and therefore the installation of a technical device (a pen register) that captured such numbers on the phone company's property did not constitute a search. • United States v. Miller • records of an individual's financial transactions held by his bank were outside the protection of the Fourth Amendment

KEMAMPUAN AKHIR YANG DIHARAPKAN Mahasiswa secara aktif, kreatif dan dapat berinovasi dalam mengerti dan memahami tentang The Fourth Amendment, Records, and Privacy