20140314 Belgian Senate Judicial action of police on social media

Belgian Senate
Brussels, 14 March 2014
Luc Beirens
Federal Computer Crime Unit
1101011001110110110011010100010

Give input for reflexions
on judicial action on social media
Why we need new solutions
Even in an era of NSA ...
(c) 2014 Luc Beirens - Federal Computer Crime Unit

 Judicial actions
 Basic principles of police interventions
 Pre digital era methods
 Footprint & digital footprint
 Digital era impact on police methods
 Problems
 Solutions

Detect & stop crime
Gather evidence
Identify and arrest criminal(s)
Bring him to court
Execute court decisions

To maintain law and order in cyberspace
 Detect crime in cyberspace ?
=> patrolling => Privacy intrusion ?
 Identify users (criminals, victims) in cyberspace
 Locate communications geographically and in time
 Identify correspondents => contact network
 Gather and analyse electronic evidence
 Protect ourselves and methods
 Enforce court decisions also in cyberspace

Legality
• Police action must be based on legal provisions
(general law / police specific law)
Loyalty
• Whenever in action :
give proof of your quality as policeman
except when legally allowed not to do so

Goals of criminals Money
Power / influence
Banks /
moneytransport
Merchants / politicians
Activities Traces Police methods
-Meeting crime
partners
-Search victims
-Reconnaissance
-Perpetrate crime
-Hide criminal
proceeds
-Wipe out – traces ??
- seen with victim
- present on crime
scene
- paper traces
- material traces
-Interrogate witnesses
-Use informants
-House searches
-Forensic analysis of
traces
Location of the crime Physically present
in our jurisdiction
We were territorially
competent

 Made by himself
 Not intentionally created
 Unique
 Proof of presence
 Non intentional safeguarding
 Non intentional erasure

 House search and closed door
=> proportionate force allowed
to open the door
=> use lock smith or special forces
 Telecom interceptions with help of operator
 Special investigative measures
• Observation / infiltration / informants
• Use of fictive identity : only
 For serious crime and if serious indications available
 after very strict evaluation procedure

Nearly everyone
• has a computer
• has a mobile phone
• has a digital camera
• is internet connected
Every company is present on the net
• is connecting more and more internal networks
Wireless connections become dominant

 Text spreadsheet
 Presentations
 E-mails
 Music
 Pictures
 Movies
 E-Banking
 Social networking
 Instant messaging
 Blogging
 Twittering
(c) 2010 Luc Beirens - Federal Computer Crime Unit(c) 2014 Luc Beirens - Federal Computer Crime Unit

 Cloud computing & virtualization
• Data and applications in the cloud for enterprises and enduser
• Security depends on cloud provider (too often still user id & pw)
 Social media : integrators and identity providers
• bring access to all your internet services together
 Geolocated services
• Based on location – user or device based signal
• Buddy list information
• Commercial links
 Instant broadcasting of information
 Internet of things everything connected

 Very dynamical digital footprint (based on user actions)
 Dispersed over different systems (internet)
 Often very easily searchable and accessable
 A lot of people give an awfull lot of private information
free on the internet in different formats
(identity, education, contact, family, social life)
 Information storage is moving towards internet accounts
 Who are these service providers ?
Do they want to help end users ?
How do they take care (or not) of your data ?

 They are so much like everyone else
• Communication with friends / collegues
• Show off their wealth (voyages / parties ...)
 Search for & communication with victims
 Getting personal data of victim
 Creation of false profiles
 Hacking & abuse of existing profiles
 Vector for infection with malware
 Abuse of profiles buying possibilities

 Encryption tools
• Storage / Communication end to end
• Unability for police / authorities
 to make effective legal intercept
 to get to the content of stored information
 Peer 2 peer applications
• No more central provider
• Hiding escaping from responsability
 Strong authentication procedures

Goals of criminals Money
Power / influence
Banks /
moneytransport
Merchants / politicians
Activities Traces Police methods
-Meeting crime partners
-Search victims
-Reconnaissance
-Perpetrate crime
-Hide criminal proceeds
-Wipe out – traces ??
- not seen with victim
- not present on crime
scene
- no paper traces
- no material traces
-Only digital traces
-Interrogate witnesses ?
-Use informants
-House searches
-Forensic analysis of
traces
Location of the crime Not physically present
in our jurisdiction
are we were competent
territorially?

 EU directive 54 / 2002
• obligation to delete / anonimize traces of electronic
communications after end of comm.
• except if there is a national law that obliges it
 EU directive 24/2006
• tries to harmonize EU national laws
• general dataretention for traffic data for all users
• between 6 and 24 months
• Carrier / internet access / IP telephony & e-mail
• Not about content
• Resistance in implementation
• Invalidated laws by consitutional courts in DE and RO
• BE implementation since 2013 => 12 month

 EU Directive
• 2006 : for technology of 2005 (pre social media)
• Only for EU member states
• Not for social media
• Didn’t regulate organizational aspects
(exchange formats / time frames / technical)
 Very strict legal limitations to obtain
• Prosecutor / Investigating judge
• Serious crime ?
• => slowing down identification process

Internet
access
Internet
Services
Internet access
E-mail
IPTelephony
Web
publish
Chat
Instant
messenging
Newsgroups
Communities
Peer2Peer
Video-
conference
SMSgateway
....
Signal
carrier
Fixedlines
Telephony
Mobile
Telephony
xDSL
Cable
WIMAX
Satelite
telephony
....
....

 Data freeze :
keep available data from moment of request
 Data preservation
start storing comm. data from moment of request
 These instruments are needed but not sufficient
• no proof – no traces of criminal activity
if “one time attack” e.g. terrorism
• does not show links with crimes that happend in the past
(links with places where crimes happened)
• does not show networks if actor is arrested
 Network investigations (art 88 ter BE Crim Proc C)
• No hacking allowed ? (opening doors ?)

Intelligence purposes
• Look and find criminals “digital identity”
• Verify content of social media profile
 Often need for “own” profile to use service
 Using our own ”real” identity (?) => risk for private life
 Fictive identity (?) => based on which law
Gathering evidence
• Public available content / request IP-addresses

 RCCU => specialized ICT forensics
Are social media “specialized”
 Via FCCU : identity data and historical
connexion data to international ISPs
Microsoft, Facebook, Google,...
On voluntary base => no obligation
No content / no complete answers
Risks cfr Twitter
 But every case officer should know
National security plan => training

The old investigation methods are not
so effective anymore
Social media : international (USA) providers
Sometimes difficult to contact / get cooperation
Ineffective in removing content from social
media even when there is a court decision
(no international directive => volontary)

 Necessity for new laws ?
• Extended data retention => legal obligation
• “Infiltration” light / use of fictive identity to patrol
• Legal hacking
 Opening the digital locker
 Get access to be able to intercept before encryption
• Obligations to remove / block content for social media
 International legal framework
 Organizational matters
• Collaboration with internet service providers
to automate exchange (national & international)
=> faster / improved transparency

Federal Judicial Police
Direction for Economical and Financial crime
Federal Computer Crime Unit
Notelaarstraat 211 - 1000 Brussels – Belgium
Tel office : +32 2 743 74 74
E-mail : luc.beirens@fccu.be
Twitter : @LucBeirens
Slides : www.slideshare.net/lucbeirens

20140314 Belgian Senate Judicial action of police on social media

Recomendados

Recomendados

Más contenido relacionado

La actualidad más candente

La actualidad más candente (20)

Similar a 20140314 Belgian Senate Judicial action of police on social media

Similar a 20140314 Belgian Senate Judicial action of police on social media (20)

Último

Último (10)

20140314 Belgian Senate Judicial action of police on social media