Week 6 Lesson Chapter 10 - Law Enforcement Roles and Responses 1. This chapter provides a summary description of the ways in which federal and local law enforcement agencies are dealing with the growing problems associated with digital crime and terrorism. 2. Federal Agencies a. The Secret Service’s Financial Crimes Division has three primary responsibilities concerning computer crime. - Responsible for the enforcement of financial institution fraud - The Division enforces crimes involving access device fraud - The Division has primary responsibility in enforcing general frauds involving all computers of “federal interest.” b. Department of Justice – their primary tool against the fight against computer crime is the Criminal Division’s Computer Crime and Intellectual Property Section (CHIPS). c. Federal Bureau of Investigation (FBI) – responsible for investigating and domestic criminal act involving computers that cross state boundaries. Also, responsible for Bureau collaborations with other federal enforcement agencies in protecting the nation’s critical infrastructure system. d. National Security Agency – the nation’s cryptologic agency. e. Federal Trade Commission – responsible for computer crimes that protect consumers from fraud, deception, and unfair business practices that utilize computer technologies. Chapter 11 - The Investigation of Computer Related Crime 1. This chapter focuses on the current state of the field in computer crime investigations. The personnel available to an investigation will dramatically influence the type and scope of investigations that may be undertaken. 2. Investigator Roles and Responsibilities- Investigators trained in the collection of digital evidence are the primary workers in computer-related crimes. These investigators are trained to collect and preserve the integrity of digital evidence; further, they direct analysis of the evidence to piece together the elements of the evidence. 3. Single Location Crime Scenes – The basic police work involved in planning a search and obtaining a warrant are familiar tasks to investigators. Two key differences distinguish digital evidence from familiar physical evidence. First, electronic evidence must be contained in a physical medium. Since digital evidence can be copied flawlessly and frequently, there is no reason to limit a search to a single physical container. Second, digital evidence is fragile. A quick action by the suspect can erase the digital information. 4. Multiple Location and Network Crime Scenes – Multiple location and network crime scenes present considerably more challenge to an investigation than a single-location crime scene. Prominent issues include crossing jurisdictional boundaries, complex networking environments, and coordinating multiple single-location-style seizures. 5. Presenting Digital Evidence at Trial – The rules of evidence require that the foundation for physical evidence be established with testimony, thus, evidence does not speak for itself. The prosecution must establish, when, where, and how the evidence was collection. Since digital evidence is almost always recorded information, the investigator must ensure that such evidence is admissible without requiring the person who created it to testify. Taylor, R., Caeti, R., Loper, D.K., Fritsch, E.J.,& Liederbach, J.(2011). Digital Crime and Digital Terrorism. 10 Digital Laws and Legislation CHAPTER OBJECTIVES After completing this chapter, you should be able to ■Explain the intent and fundamental concepts of search and seizure law as it applies to digital crime. • ■Identify situations where search and seizure is possible without a warrant and describe its limits. • ■Describe the federal statutes that govern electronic surveillance in communications networks. • ■Discuss the issues presented regarding the admission of digital evidence at trial. • ■Identify and discuss the significant U.S. Supreme Court cases focusing on digital crime and evidence. • INTRODUCTION In this chapter, law and legislation as it applies to the collection of evidence and prosecution of digital crime will be discussed. First, search and seizure law for digital evidence will be analyzed, including searches with warrants and numerous searches without warrants. Second, the major federal statutes governing the collection of digital evidence, especially electronic surveillance law, will be covered along with federal criminal statutes, which forbid certain types of computer crime. Third, issues related to the admission of digital evidence at trial, including authentication and hearsay, will be reviewed. Fourth, significant U.S. Supreme Court cases in the area of digital crime will be highlighted. SEARCH AND SEIZURE LAW FOR DIGITAL EVIDENCE Our current body of search law is the ongoing product of the interaction of legislation, case law, and constitutional law. Most of the search law discussed in this section applies to searches and seizures overall, not just those involving digital crimes and evidence. In fact, much search and seizure law has failed to keep up with the changes brought about by increases in digital crimes and the increasing need to collect digital evidence. The Fourth Amendment states: • The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. As simple as this language may be, numerous questions may be raised by the specific details occurring in searches and seizures of digital evidence. In general, questions focus on whether or not an activity is a “search” and whether a search is “reasonable.” The best way to ensure that a search is not “unreasonable” is to seek and obtain a warrant from a neutral, detached magistrate. In Johnson v. United States,1 the U.S. Supreme Court stated: • The point of the Fourth Amendment, which often is not grasped by zealous officers, is not that it denies law enforcement the support of the usual inferences which reasonable men draw from evidence. Its protection consists in requiring that those inferences be drawn by a neutral and detached magistrate instead of being judged by the officer engaged in the often competitive enterprise of ferreting out crime. The key to understanding search and seizure law is to remember that the point is not to protect criminals; the point is to enforce a person’s reasonable expectation of privacy. Criminals entering their home with the police chasing them do not receive sanctuary. Similarly, a guilty desire to hide something does not necessarily create a reasonable expectation of privacy. The Fourth Amendment protects persons evidencing an expectation of privacy; however, society must be willing to recognize that expectation as reasonable.2 A seizure of property occurs when there is some meaningful interference with an individual’s possessory interests in that property.3 In relation to property, a seized item deprives an owner of its use. On the other hand, a search is an attempt by law enforcement officers to obtain evidence. By definition, a search intrudes into a person’s reasonable expectation of privacy.4 Therefore, a search occurs, in a constitutional sense, any time there is a governmental intrusion into a person’s reasonable expectation of privacy. An act as simple as opening a notebook and reading the contents in a suspect’s living room changes the character of the interaction from simple observation to a search.5 However, just because the police intrude into a person’s reasonable expectation of privacy does not mean that the intrusion is unlawful. Several mechanisms are available to the police in which they can lawfully search a person or property and thus lawfully intrude into a person’s reasonable expectation of privacy. In the following sections, these mechanisms will be discussed, including searches with warrants and searches without warrants. Searches with Warrants In order to obtain a search warrant, a law enforcement officer must show probable cause by reasonably establishing the following: • 1.A crime has been committed. • 2.Evidence of the crime exists. • 3.The evidence presently exists in the place to be searched. Furthermore, the law enforcement officer must particularly describe the place to be searched and the evidence to be seized. Specific evidence of a specific crime must be named. General evidence facilitating a criminal act may be described by function. The investigator can search anywhere the named item(s) can be found. The judicial officer issuing the search warrant must be legally authorized to issue search warrants. Different jurisdictions empower different officers with this authority. Local policies and procedures should specify who has the power to issue search warrants. Furthermore, the judicial officer issuing the search warrant must have jurisdiction over the area to be searched. Jurisdiction “is the power of the court to decide a matter in controversy and presupposes the existence of a duly constituted court with control over the subject matter and the parties.”6 When a transaction crosses state boundaries, typical in digital crime cases, jurisdictional issues may arise. A search warrant is only valid within the jurisdiction of the magistrate signing it. The degree of activity projected into a geographic area determines whether the doctrine of personal jurisdiction applies. If a criminal actor actively engages a victim, the local court may exercise personal jurisdiction over the actor. If the criminal actor simply provides information from a Web site, the victim’s local court may not have grounds to exercise personal jurisdiction; however, local investigators are by no means ever prevented from engaging the assistance of remote law enforcement or courts to further an investigation.7 The remedy for a flawed search is most frequently suppression of the evidence obtained during the trial. This means that even the most clear-cut and self-evident material can be ruled inadmissible at trial. Some violations of statute may incur civil liability for the investigator, the investigator’s department, or parent jurisdiction. An improper search and seizure is eligible for civil suit under 42 U.S.C. § 1983. The current implementation of the exclusionary rule is defined in Mapp v. Ohio (1961). The sole purpose of the exclusionary rule is to curb police abuse of civil rights and to deter police misconduct. There is no common law expectation of the suppression of evidence improperly obtained. To invoke the exclusionary rule, the defendant must have standing; that is, the defendant must be the one whose rights were violated by the search. The good faith doctrine provides one possible defense to accusations of a flawed search. If the investigator has a reasonable, bona fide (good faith) belief that the search conducted is based on a valid warrant, but that warrant is in actuality unsupported by probable cause, the fruits of the search are admissible. The reasoning behind the exclusionary rule is to deter police from misconduct, not to remedy violations of rights.8The exclusionary rule applies not only to evidence improperly obtained but also to evidence discovered using the improperly obtained evidence (i.e., derivative evidence). This is known as the fruit of the poisonous tree doctrine. Again, the rationale is to discourage the violation of citizens’ rights by not rewarding such behavior. There are two other defenses to the exclusionary rule that are related to one another. First, an independent source of the same information can redeem the evidence tainted by illegal search. Thus, if an illegal search—a forensic fishing expedition—reveals child pornography, the investigator may seek independent indication of the suspect’s involvement in child pornography. A posting from a pedophile Web site may indicate the presence of evidence, but remain completely independent of the tainted source. Another potential defense is that the tainted evidence may lead to a short-cut, but would otherwise have been obtained (known as the inevitable discovery doctrine). For example, a coerced confession of possession of child pornography without a lawyer present would be suppressed, but a search warrant that was issued prior to the coerced confession could show the inevitable discovery of the materials. Since the materials would have been discovered if the process had continued, an illegal search does not immunize the evidence to discovery. Searches without Warrants Numerous exceptions exist to the general rule that searches must be conducted pursuant to a warrant. In fact, most searches conducted by the police do not involve a warrant (known as warrantless searches). Although numerous established exceptions to (Taylor 240-242) Taylor, Robert W., Eric Fritsch, John Liederbach. Digital Crime and Digital Terrorism, 3rd Edition. Pearson Learning Solutions, 02/2014. VitalBook file. 11 Law Enforcement Roles and Responses CHAPTER OBJECTIVES After completing this chapter, you should be able to ■Provide an overview of the roles and responses of federal law enforcement agencies concerning digital crimes and any interagency partnerships to deal with these offenses. • ■Describe local law enforcement responses to computer crime. • ■Identify the factors that have limited local law enforcement efforts against digital crime. • INTRODUCTION The emergence of computer technologies and the growing threats created by digital criminals and terrorists have worked to produce a wide array of challenges for law enforcement officials charged with protecting individuals, private businesses, and governments from these threats. In response, political leaders and police administrators have increasingly recognized the need to emphasize new priorities and foster new and innovative organizational strategies designed to counter the advent and continued growth of computer crimes. This chapter begins with an overview of federal roles and responses as they relate to computer crimes. The discussion focuses on the responses and organizational initiatives enacted by prominent federal law enforcement agencies as well as the role of the Department of Homeland Security (DHS) in these efforts. The chapter concludes with a description of the ways in which local law enforcement agencies have joined the fight against computer crime. This chapter emphasizes the need to strengthen the capabilities of local agencies by identifying several factors that have thus far limited local law enforcement efforts. FEDERAL ROLES AND RESPONSES For the most part, federal agencies have spearheaded law enforcement efforts against computer crime because these agencies possess the technical expertise and political clout to garner significant financial and operational resources at the national level. These agencies have increasingly reorganized in an effort to channel resources directly at preventing digital crimes and apprehending computer criminals, including the creation of special sections within these organizations, the recruitment of new personnel who possess specialized technical expertise in this area, and the creation of new collaborative units that combine the resources of multiple agencies. Additionally, several agencies have developed partnership programs with other law enforcement agencies, private industry, and the public in an attempt to improve collaboration and cooperation to thwart digital criminals. The Department of Justice The U.S. Department of Justice (DOJ) was established in 1870. The organization is headed by the chief law enforcement officer of the federal government—the attorney general. The attorney general represents the United States in legal matters generally and gives advice and opinions regarding matters of jurisprudence to the president. In cases of extreme importance, the attorney general may appear before the U.S. Supreme Court as the federal government’s representative attorney. Under the attorney general is a vast array of sections and organizational subunits designed to oversee the administration of justice on the federal level. These agencies include (1) the U.S. Attorney’s Office, representing the federal government in court and prosecuting federal suspects; (2) the major federal investigative agencies, including the Federal Bureau of Investigation (FBI), the Drug Enforcement Administration (DEA), and the Bureau of Alcohol, Tobacco, Firearms, and Explosives (ATFE); (3) the U.S. Marshals Service; and (4) the U.S. Bureau of Prisons.1 The DOJ has stepped up efforts to respond to the legal threats posed by cyber-criminals. The cornerstone of these efforts is the Criminal Division’s Computer Crime and Intellectual Property Section (CCIPS). CCIPS began as the Computer Crime Unit of DOJ in 1991. This unit primarily prosecuted violations of the Federal Code covered by Title 18, Section 1030, of the Computer Fraud and Abuse Act. The scope of DOJ jurisdiction in such crimes was expanded with the enactment of the National Information and Infrastructure Protection Act of 1996. In accordance with this Act, as well as the DOJ’s recognition of the need to increase prosecutorial resources aimed at combating computer crimes, the department elevated the unit to section status in 1996 and adopted the moniker CCIPS.2 The section employs dozens of attorneys who focus solely on legal issues raised by computer and intellectual property crimes. CCIPS attorneys specialize in prosecuting crimes related to encryption, e-commerce, intellectual property crimes, electronic privacy laws, computer hacker investigations, and search and seizure cases involving computers. Members of the CCIPS section advise federal prosecutors on computer crimes cases, and CCIPS attorneys normally take the lead in litigating computer and intellectual property crimes on behalf of the federal government. In addition, CCIPS staff members comment on the legality of proposed computer crime legislation that is designed to mitigate computer crime threats. CCIPS works in close collaboration with the U.S. Attorney’s Office in the prosecution of computer crimes. Finally, there is a subunit within CCIPS called the Computer Hacking and Intellectual Property (CHIP) unit. CHIP units focus on prosecuting computer hacking, fraud, and intellectual property cases. This specialized unit has proven highly successful and has been expanded multiple times to include 25 units across the country.3 The CCIPS also has an Intellectual Property Task Force, which was created in 2004 as a way to improve prosecutions and guide cases against piracy and counterfeiting.4 While CCIPS primarily operates as a prosecutorial arm of the department, the section has also attempted to remedy the growing need for training and interagency cooperation. CCIPS attorneys conduct hundreds of training seminars every year for other federal attorneys in an effort to educate those prosecutors outside of the section in regard to relevant legislation and effective prosecutorial strategies for cases involving computer crime. They also offer training to law enforcement agencies and engage in diplomatic missions to build strong relationships between the U.S. and foreign law enforcement officials. The Federal Bureau of Investigation The FBI was established in 1908 as the investigative branch of the U.S. DOJ. The FBI carries a broad mandate that authorizes the organization to protect the United States from terror and foreign intelligence agencies, as well as to investigate any federal crime that has not been specifically designated to another federal agency. These broad legal areas can include civil rights crimes, violent federal crimes, organized crime and drugs, and financial crimes. The FBI employs over 13,075 special agents who operate out of the Washington, DC headquarters, 56 field offices, and over 400 satellite offices globally. The FBI plays an important role in the investigation of cyber-crime. In fact, protection of the United States from cyber-based attacks and high-technology crimes is its third priority, behind terror and foreign intelligence. This suggests that cybercrime has become a high priority for investigation, over and above physical real-world crimes. The bureau’s role in fighting computer crime is fourfold: (1) to capture the criminals behind serious computer intrusions and the spread of malicious code, (2) to stop online sexual predators who produce or share child pornography and meet and exploit children, (3) to stop operations targeting U.S. intellectual property, and (4) to dismantle national and transnational organized crime groups engaging in Internet fraud. The FBI is also leading the charge to investigate and prosecute cybercrimes.5 The bureau’s Cyber Division works in tandem with the Criminal Investigative Division in the investigation of domestic threats generated by computer-related crimes. Typically, its caseloads focus on child pornography, followed by fraud, computer intrusions, and intellectual property theft. There are also 93 computer crime task forces across the country that provide a partnership between the bureau, federal, state, and local law enforcement agencies to better solve crimes.6 A program called Cyber Action Teams has also been developed, which have a small number of specially trained agents who are experts in malware and forensics.7 These teams travel as needed to various spots around the world to assist in the investigation of computer intrusions and gather intelligence on threats and cybercrimes that threaten national security. In addition, the FBI has developed and supports the Regional Computer Forensics Laboratory (RCFL) Program.8 This is a partnership between the bureau, state, local, and federal law enforcement agencies within a geographical area. RCFLs provide computer forensic lab support and training programs in support of criminal investigations and the prevention of terror incidents. The first such RCFL was established in San Diego, California, in 1999.9 The FBI then created a National Program Office in 2002 to oversee and facilitate the creation of other RCFLs around the country.10 In addition, the bureau has partnered with the National White-Collar Crime Center (NW3C) to operate the Internet Crime Complaint Center (ICCC or IC3). The IC3 provides victims of Internet fraud a mechanism to report suspicious online activities. The IC3 also provides other federal agencies a “central repository for complaints related to Internet fraud.” The goal of the IC3 is to identify wider Internet fraud patterns and (Taylor 257-259) Taylor, Robert W., Eric Fritsch, John Liederbach. Digital Crime and Digital Terrorism, 3rd Edition. Pearson Learning Solutions, 02/2014. VitalBook file.
Purchase answer to see full attachment