Upload
cloud-legal-project
View
994
Download
0
Embed Size (px)
DESCRIPTION
Slides for talk by Prof Ian Walden, Cloud Legal Project http://bit.ly/cloudlegal on law enforcement aspects of cloud computing at CRID workshop Brussels 24 Feb 2011 http://www.crid.be/cloudcomputing/default.htm
Citation preview
11
CoCo--operating with Law operating with Law CoCo ope at g t aope at g t aEnforcementEnforcement
Professor Ian WaldenProfessor Ian WaldenI i f C d C i i LI i f C d C i i LInstitute of Computer and Communications LawInstitute of Computer and Communications Law
Centre for Commercial Law Studies, Queen Mary, University of Centre for Commercial Law Studies, Queen Mary, University of LondonLondonOf Counsel, Baker & McKenzieOf Counsel, Baker & McKenzie
edu
edu
edu
Introductory remarksIntroductory remarks
Law enforcement accessCovert & coercive investigative techniques
cl@
ccls
.ecl
@cc
ls.e
cl@
ccls
.e
– Covert & coercive investigative techniques
Request recipients– Cloud users
– Cloud Service providers Contracted parties & infrastructure providers
Communication providers
icc
icc
icc p
Questions of vires and regulatory boundaries– Jurisdictional reach
– Obligations to assist
– Evidential impact
22
edu
edu
edu
Forensic challenges in the CloudForensic challenges in the Cloud
Multiplicity
cl@
ccls
.ecl
@cc
ls.e
cl@
ccls
.e – e.g. Data replication for performance, availability, back-up & redundancy
Distributed storage– e.g. ‘sharding’ and ‘partitioning’
Protected data
icc
icc
icc – e.g. cryptography
Identity– Establishing links
edu
edu
edu
LEA investigative powersLEA investigative powers
‘Exercising a power’P i ibl & i i ibl d
cl@
ccls
.ecl
@cc
ls.e
cl@
ccls
.e – Permissible & impermissible conduct e.g. entrapment
Expedited preservation, retention & delivery-up– Differential authorisation procedures
Judicial, executive or administrative
Issues of legality & enforceability
icc
icc
icc Issues of legality & enforceability
– Obtaining authorisation
– Executing the authorisation
33
edu
edu
edu
Jurisdictional reachJurisdictional reach
Within & beyond the territory
cl@
ccls
.ecl
@cc
ls.e
cl@
ccls
.e – e.g. Rackspace (2004)
Service provider & requested data– ‘loss of location’
Reassembly as a proxy?
Cybercrime Convention (2001)
icc
icc
icc – Art. 19: ‘Possession or control’ (art.19)
– Art. 32: open source or lawful and voluntary consent of the person who has lawful authority to disclose Contractual provisions
edu
edu
edu
International coInternational co--operationoperation
Mutual legal assistance
cl@
ccls
.ecl
@cc
ls.e
cl@
ccls
.e – Harmonisation
– Or mutual recognition EU: EEW and the EIO
Informal co-operation with foreign LEA– Proactive disclosure & 24/7 networks
icc
icc
icc Direct liaison with foreign service providers– Council of Europe Guidelines (2008)
e.g. Google Transparency Report
Engage directly with the material sought
44
edu
edu
edu
Regulating service providersRegulating service providers
Regulatory boundaries
cl@
ccls
.ecl
@cc
ls.e
cl@
ccls
.e – ‘electronic communication services’ & ‘information society services’ Google, Skype, Facetime.....?
From SaaS to CaaS
Regulatory consequences– Directive 02/58/EC art 5(1) & art 15(1)
icc
icc
icc Directive 02/58/EC, art. 5(1) & art. 15(1)
Existing capability or build obligation?
– Directive 06/24/EC Providers of ‘electronic communication services’
edu
edu
edu
CloudCloud--derived evidencederived evidence
AdmissibilityStatutory rules & judicial discretion
cl@
ccls
.ecl
@cc
ls.e
cl@
ccls
.e
– Statutory rules & judicial discretion e.g. Fair trial considerations (ECHR, art. 6)
Impact of lawfulness of obtaining?
Evidence gathered under MLA
Evidential weight– Provenance issues with remote data retrieval
icc
icc
icc authenticity, integrity & accountability
55
edu
edu
edu
Concluding remarksConcluding remarks
Exceeding powers in application or reach
cl@
ccls
.ecl
@cc
ls.e
cl@
ccls
.e – Surrendering sovereignty
– Regulatory uncertainties
From formality to informality – Issues of accountability
– Building a ‘culture of co-operation’!
icc
icc
icc e.g. Amazon & WikiLeaks
Evidential consequences