Week 6 Lesson
Chapter 10 - Law Enforcement Roles and Responses
1. This chapter provides a summary description of the ways in which federal
and local law enforcement agencies are dealing with the growing problems
associated with digital crime and terrorism.
2. Federal Agencies
a. The Secret Service’s Financial Crimes Division has three primary
responsibilities concerning computer crime.
- Responsible for the enforcement of financial institution fraud
- The Division enforces crimes involving access device fraud
- The Division has primary responsibility in enforcing general frauds involving
all computers of “federal interest.”
b. Department of Justice – their primary tool against the fight against
computer crime is the Criminal Division’s Computer Crime and Intellectual
Property Section (CHIPS).
c. Federal Bureau of Investigation (FBI) – responsible for investigating and
domestic criminal act involving computers that cross state boundaries. Also,
responsible for Bureau collaborations with other federal enforcement
agencies in protecting the nation’s critical infrastructure system.
d. National Security Agency – the nation’s cryptologic agency.
e.
Federal Trade Commission – responsible for computer crimes that protect
consumers from fraud, deception, and unfair business practices that utilize
computer technologies.
Chapter 11 - The Investigation of Computer Related Crime
1. This chapter focuses on the current state of the field in computer crime
investigations. The personnel available to an investigation will dramatically
influence the type and scope of investigations that may be undertaken.
2. Investigator Roles and Responsibilities- Investigators trained in the
collection of digital evidence are the primary workers in computer-related
crimes. These investigators are trained to collect and preserve the integrity
of digital evidence; further, they direct analysis of the evidence to piece
together the elements of the evidence.
3. Single Location Crime Scenes – The basic police work involved in planning a
search and obtaining a warrant are familiar tasks to investigators. Two key
differences distinguish digital evidence from familiar physical evidence. First,
electronic evidence must be contained in a physical medium. Since digital
evidence can be copied flawlessly and frequently, there is no reason to limit
a search to a single physical container. Second, digital evidence is fragile. A
quick action by the suspect can erase the digital information.
4. Multiple Location and Network Crime Scenes – Multiple location and network
crime scenes present considerably more challenge to an investigation than a
single-location crime scene. Prominent issues include crossing jurisdictional
boundaries, complex networking environments, and coordinating multiple
single-location-style seizures.
5. Presenting Digital Evidence at Trial – The rules of evidence require that the
foundation for physical evidence be established with testimony, thus,
evidence does not speak for itself. The prosecution must establish, when,
where, and how the evidence was collection. Since digital evidence is almost
always recorded information, the investigator must ensure that such
evidence is admissible without requiring the person who created it to testify.
Taylor, R., Caeti, R., Loper, D.K., Fritsch, E.J.,& Liederbach, J.(2011). Digital
Crime and Digital Terrorism.
10 Digital Laws and Legislation
CHAPTER OBJECTIVES
After completing this chapter, you should be able to
■Explain the intent and fundamental concepts of search and seizure law as it applies to digital
crime.
• ■Identify situations where search and seizure is possible without a warrant and describe its limits.
• ■Describe the federal statutes that govern electronic surveillance in communications networks.
• ■Discuss the issues presented regarding the admission of digital evidence at trial.
• ■Identify and discuss the significant U.S. Supreme Court cases focusing on digital crime and
evidence.
•
INTRODUCTION
In this chapter, law and legislation as it applies to the collection of evidence and prosecution of
digital crime will be discussed. First, search and seizure law for digital evidence will be
analyzed, including searches with warrants and numerous searches without warrants. Second, the
major federal statutes governing the collection of digital evidence, especially electronic
surveillance law, will be covered along with federal criminal statutes, which forbid certain types
of computer crime. Third, issues related to the admission of digital evidence at trial, including
authentication and hearsay, will be reviewed. Fourth, significant U.S. Supreme Court cases in the
area of digital crime will be highlighted.
SEARCH AND SEIZURE LAW FOR DIGITAL EVIDENCE
Our current body of search law is the ongoing product of the interaction of legislation, case law,
and constitutional law. Most of the search law discussed in this section applies to searches and
seizures overall, not just those involving digital crimes and evidence. In fact, much search and
seizure law has failed to keep up with the changes brought about by increases in digital crimes
and the increasing need to collect digital evidence.
The Fourth Amendment states:
• The right of the people to be secure in their persons, houses, papers, and effects, against
unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon
probable cause, supported by oath or affirmation, and particularly describing the place to be
searched, and the persons or things to be seized.
As simple as this language may be, numerous questions may be raised by the specific details
occurring in searches and seizures of digital evidence. In general, questions focus on whether or
not an activity is a “search” and whether a search is “reasonable.” The best way to ensure that a
search is not “unreasonable” is to seek and obtain a warrant from a neutral, detached magistrate.
In Johnson v. United States,1 the U.S. Supreme Court stated:
• The point of the Fourth Amendment, which often is not grasped by zealous officers, is not that it
denies law enforcement the support of the usual inferences which reasonable men draw from
evidence. Its protection consists in requiring that those inferences be drawn by a neutral and
detached magistrate instead of being judged by the officer engaged in the often competitive
enterprise of ferreting out crime.
The key to understanding search and seizure law is to remember that the point is not to protect
criminals; the point is to enforce a person’s reasonable expectation of privacy. Criminals entering
their home with the police chasing them do not receive sanctuary. Similarly, a guilty desire to
hide something does not necessarily create a reasonable expectation of privacy. The Fourth
Amendment protects persons evidencing an expectation of privacy; however, society must be
willing to recognize that expectation as reasonable.2
A seizure of property occurs when there is some meaningful interference with an individual’s
possessory interests in that property.3 In relation to property, a seized item deprives an owner of
its use. On the other hand, a search is an attempt by law enforcement officers to obtain evidence.
By definition, a search intrudes into a person’s reasonable expectation of privacy.4 Therefore, a
search occurs, in a constitutional sense, any time there is a governmental intrusion into a
person’s reasonable expectation of privacy. An act as simple as opening a notebook and reading
the contents in a suspect’s living room changes the character of the interaction from simple
observation to a search.5 However, just because the police intrude into a person’s reasonable
expectation of privacy does not mean that the intrusion is unlawful. Several mechanisms are
available to the police in which they can lawfully search a person or property and thus lawfully
intrude into a person’s reasonable expectation of privacy. In the following sections, these
mechanisms will be discussed, including searches with warrants and searches without warrants.
Searches with Warrants
In order to obtain a search warrant, a law enforcement officer must show probable cause by
reasonably establishing the following:
• 1.A crime has been committed.
• 2.Evidence of the crime exists.
• 3.The evidence presently exists in the place to be searched.
Furthermore, the law enforcement officer must particularly describe the place to be searched and
the evidence to be seized. Specific evidence of a specific crime must be named. General
evidence facilitating a criminal act may be described by function. The investigator can search
anywhere the named item(s) can be found. The judicial officer issuing the search warrant must
be legally authorized to issue search warrants. Different jurisdictions empower different officers
with this authority. Local policies and procedures should specify who has the power to issue
search warrants. Furthermore, the judicial officer issuing the search warrant must have
jurisdiction over the area to be searched.
Jurisdiction “is the power of the court to decide a matter in controversy and presupposes the
existence of a duly constituted court with control over the subject matter and the parties.”6 When
a transaction crosses state boundaries, typical in digital crime cases, jurisdictional issues may
arise. A search warrant is only valid within the jurisdiction of the magistrate signing it. The
degree of activity projected into a geographic area determines whether the doctrine of personal
jurisdiction applies. If a criminal actor actively engages a victim, the local court may exercise
personal jurisdiction over the actor. If the criminal actor simply provides information from a
Web site, the victim’s local court may not have grounds to exercise personal jurisdiction;
however, local investigators are by no means ever prevented from engaging the assistance of
remote law enforcement or courts to further an investigation.7
The remedy for a flawed search is most frequently suppression of the evidence obtained during
the trial. This means that even the most clear-cut and self-evident material can be ruled
inadmissible at trial. Some violations of statute may incur civil liability for the investigator, the
investigator’s department, or parent jurisdiction. An improper search and seizure is eligible for
civil suit under 42 U.S.C. § 1983. The current implementation of the exclusionary rule is defined
in Mapp v. Ohio (1961). The sole purpose of the exclusionary rule is to curb police abuse of civil
rights and to deter police misconduct. There is no common law expectation of the suppression of
evidence improperly obtained. To invoke the exclusionary rule, the defendant must have
standing; that is, the defendant must be the one whose rights were violated by the search.
The good faith doctrine provides one possible defense to accusations of a flawed search. If the
investigator has a reasonable, bona fide (good faith) belief that the search conducted is based on
a valid warrant, but that warrant is in actuality unsupported by probable cause, the fruits of the
search are admissible. The reasoning behind the exclusionary rule is to deter police from
misconduct, not to remedy violations of rights.8The exclusionary rule applies not only to
evidence improperly obtained but also to evidence discovered using the improperly obtained
evidence (i.e., derivative evidence). This is known as the fruit of the poisonous tree doctrine.
Again, the rationale is to discourage the violation of citizens’ rights by not rewarding such
behavior.
There are two other defenses to the exclusionary rule that are related to one another. First, an
independent source of the same information can redeem the evidence tainted by illegal search.
Thus, if an illegal search—a forensic fishing expedition—reveals child pornography, the
investigator may seek independent indication of the suspect’s involvement in child pornography.
A posting from a pedophile Web site may indicate the presence of evidence, but remain
completely independent of the tainted source. Another potential defense is that the tainted
evidence may lead to a short-cut, but would otherwise have been obtained (known as the
inevitable discovery doctrine). For example, a coerced confession of possession of child
pornography without a lawyer present would be suppressed, but a search warrant that was issued
prior to the coerced confession could show the inevitable discovery of the materials. Since the
materials would have been discovered if the process had continued, an illegal search does not
immunize the evidence to discovery.
Searches without Warrants
Numerous exceptions exist to the general rule that searches must be conducted pursuant to a
warrant. In fact, most searches conducted by the police do not involve a warrant (known as
warrantless searches). Although numerous established exceptions to
(Taylor 240-242)
Taylor, Robert W., Eric Fritsch, John Liederbach. Digital Crime and Digital Terrorism, 3rd
Edition. Pearson Learning Solutions, 02/2014. VitalBook file.
11 Law Enforcement Roles and Responses
CHAPTER OBJECTIVES
After completing this chapter, you should be able to
■Provide an overview of the roles and responses of federal law enforcement agencies concerning
digital crimes and any interagency partnerships to deal with these offenses.
• ■Describe local law enforcement responses to computer crime.
• ■Identify the factors that have limited local law enforcement efforts against digital crime.
•
INTRODUCTION
The emergence of computer technologies and the growing threats created by digital criminals
and terrorists have worked to produce a wide array of challenges for law enforcement officials
charged with protecting individuals, private businesses, and governments from these threats. In
response, political leaders and police administrators have increasingly recognized the need to
emphasize new priorities and foster new and innovative organizational strategies designed to
counter the advent and continued growth of computer crimes.
This chapter begins with an overview of federal roles and responses as they relate to computer
crimes. The discussion focuses on the responses and organizational initiatives enacted by
prominent federal law enforcement agencies as well as the role of the Department of Homeland
Security (DHS) in these efforts. The chapter concludes with a description of the ways in which
local law enforcement agencies have joined the fight against computer crime. This chapter
emphasizes the need to strengthen the capabilities of local agencies by identifying several factors
that have thus far limited local law enforcement efforts.
FEDERAL ROLES AND RESPONSES
For the most part, federal agencies have spearheaded law enforcement efforts against computer
crime because these agencies possess the technical expertise and political clout to garner
significant financial and operational resources at the national level. These agencies have
increasingly reorganized in an effort to channel resources directly at preventing digital crimes
and apprehending computer criminals, including the creation of special sections within these
organizations, the recruitment of new personnel who possess specialized technical expertise in
this area, and the creation of new collaborative units that combine the resources of multiple
agencies. Additionally, several agencies have developed partnership programs with other law
enforcement agencies, private industry, and the public in an attempt to improve collaboration and
cooperation to thwart digital criminals.
The Department of Justice
The U.S. Department of Justice (DOJ) was established in 1870. The organization is headed by
the chief law enforcement officer of the federal government—the attorney general. The attorney
general represents the United States in legal matters generally and gives advice and opinions
regarding matters of jurisprudence to the president. In cases of extreme importance, the attorney
general may appear before the U.S. Supreme Court as the federal government’s representative
attorney. Under the attorney general is a vast array of sections and organizational subunits
designed to oversee the administration of justice on the federal level. These agencies include (1)
the U.S. Attorney’s Office, representing the federal government in court and prosecuting federal
suspects; (2) the major federal investigative agencies, including the Federal Bureau of
Investigation (FBI), the Drug Enforcement Administration (DEA), and the Bureau of Alcohol,
Tobacco, Firearms, and Explosives (ATFE); (3) the U.S. Marshals Service; and (4) the U.S.
Bureau of Prisons.1
The DOJ has stepped up efforts to respond to the legal threats posed by cyber-criminals. The
cornerstone of these efforts is the Criminal Division’s Computer Crime and Intellectual Property
Section (CCIPS). CCIPS began as the Computer Crime Unit of DOJ in 1991. This unit primarily
prosecuted violations of the Federal Code covered by Title 18, Section 1030, of the Computer
Fraud and Abuse Act. The scope of DOJ jurisdiction in such crimes was expanded with the
enactment of the National Information and Infrastructure Protection Act of 1996. In accordance
with this Act, as well as the DOJ’s recognition of the need to increase prosecutorial resources
aimed at combating computer crimes, the department elevated the unit to section status in 1996
and adopted the moniker CCIPS.2
The section employs dozens of attorneys who focus solely on legal issues raised by computer
and intellectual property crimes. CCIPS attorneys specialize in prosecuting crimes related to
encryption, e-commerce, intellectual property crimes, electronic privacy laws, computer hacker
investigations, and search and seizure cases involving computers. Members of the CCIPS section
advise federal prosecutors on computer crimes cases, and CCIPS attorneys normally take the
lead in litigating computer and intellectual property crimes on behalf of the federal government.
In addition, CCIPS staff members comment on the legality of proposed computer crime
legislation that is designed to mitigate computer crime threats. CCIPS works in close
collaboration with the U.S. Attorney’s Office in the prosecution of computer crimes. Finally,
there is a subunit within CCIPS called the Computer Hacking and Intellectual Property (CHIP)
unit. CHIP units focus on prosecuting computer hacking, fraud, and intellectual property cases.
This specialized unit has proven highly successful and has been expanded multiple times to
include 25 units across the country.3 The CCIPS also has an Intellectual Property Task Force,
which was created in 2004 as a way to improve prosecutions and guide cases against piracy and
counterfeiting.4
While CCIPS primarily operates as a prosecutorial arm of the department, the section has also
attempted to remedy the growing need for training and interagency cooperation. CCIPS attorneys
conduct hundreds of training seminars every year for other federal attorneys in an effort to
educate those prosecutors outside of the section in regard to relevant legislation and effective
prosecutorial strategies for cases involving computer crime. They also offer training to law
enforcement agencies and engage in diplomatic missions to build strong relationships between
the U.S. and foreign law enforcement officials.
The Federal Bureau of Investigation
The FBI was established in 1908 as the investigative branch of the U.S. DOJ. The FBI carries a
broad mandate that authorizes the organization to protect the United States from terror and
foreign intelligence agencies, as well as to investigate any federal crime that has not been
specifically designated to another federal agency. These broad legal areas can include civil rights
crimes, violent federal crimes, organized crime and drugs, and financial crimes. The FBI
employs over 13,075 special agents who operate out of the Washington, DC headquarters, 56
field offices, and over 400 satellite offices globally. The FBI plays an important role in the
investigation of cyber-crime. In fact, protection of the United States from cyber-based attacks
and high-technology crimes is its third priority, behind terror and foreign intelligence. This
suggests that cybercrime has become a high priority for investigation, over and above physical
real-world crimes. The bureau’s role in fighting computer crime is fourfold: (1) to capture the
criminals behind serious computer intrusions and the spread of malicious code, (2) to stop online
sexual predators who produce or share child pornography and meet and exploit children, (3) to
stop operations targeting U.S. intellectual property, and (4) to dismantle national and
transnational organized crime groups engaging in Internet fraud. The FBI is also leading the
charge to investigate and prosecute cybercrimes.5
The bureau’s Cyber Division works in tandem with the Criminal Investigative Division in the
investigation of domestic threats generated by computer-related crimes. Typically, its caseloads
focus on child pornography, followed by fraud, computer intrusions, and intellectual property
theft. There are also 93 computer crime task forces across the country that provide a partnership
between the bureau, federal, state, and local law enforcement agencies to better solve crimes.6 A
program called Cyber Action Teams has also been developed, which have a small number of
specially trained agents who are experts in malware and forensics.7 These teams travel as needed
to various spots around the world to assist in the investigation of computer intrusions and gather
intelligence on threats and cybercrimes that threaten national security.
In addition, the FBI has developed and supports the Regional Computer Forensics Laboratory
(RCFL) Program.8 This is a partnership between the bureau, state, local, and federal law
enforcement agencies within a geographical area. RCFLs provide computer forensic lab support
and training programs in support of criminal investigations and the prevention of terror incidents.
The first such RCFL was established in San Diego, California, in 1999.9 The FBI then created a
National Program Office in 2002 to oversee and facilitate the creation of other RCFLs around the
country.10
In addition, the bureau has partnered with the National White-Collar Crime Center (NW3C) to
operate the Internet Crime Complaint Center (ICCC or IC3). The IC3 provides victims of
Internet fraud a mechanism to report suspicious online activities. The IC3 also provides other
federal agencies a “central repository for complaints related to Internet fraud.” The goal of the
IC3 is to identify wider Internet fraud patterns and
(Taylor 257-259)
Taylor, Robert W., Eric Fritsch, John Liederbach. Digital Crime and Digital Terrorism, 3rd
Edition. Pearson Learning Solutions, 02/2014. VitalBook file.
Purchase answer to see full
attachment