11

CoCo--operating with Law operating with Law CoCo ope at g t aope at g t aEnforcementEnforcement

Professor Ian WaldenProfessor Ian WaldenI i f C d C i i LI i f C d C i i LInstitute of Computer and Communications LawInstitute of Computer and Communications Law

Centre for Commercial Law Studies, Queen Mary, University of Centre for Commercial Law Studies, Queen Mary, University of LondonLondonOf Counsel, Baker & McKenzieOf Counsel, Baker & McKenzie

edu

edu

edu

Introductory remarksIntroductory remarks

Law enforcement accessCovert & coercive investigative techniques

cl@

ccls

.ecl

@cc

ls.e

cl@

ccls

.e

– Covert & coercive investigative techniques

Request recipients– Cloud users

– Cloud Service providers Contracted parties & infrastructure providers

Communication providers

icc

icc

icc p

Questions of vires and regulatory boundaries– Jurisdictional reach

– Obligations to assist

– Evidential impact

22

edu

edu

edu

Forensic challenges in the CloudForensic challenges in the Cloud

Multiplicity

cl@

ccls

.ecl

@cc

ls.e

cl@

ccls

.e – e.g. Data replication for performance, availability, back-up & redundancy

Distributed storage– e.g. ‘sharding’ and ‘partitioning’

Protected data

icc

icc

icc – e.g. cryptography

Identity– Establishing links

edu

edu

edu

LEA investigative powersLEA investigative powers

‘Exercising a power’P i ibl & i i ibl d

cl@

ccls

.ecl

@cc

ls.e

cl@

ccls

.e – Permissible & impermissible conduct e.g. entrapment

Expedited preservation, retention & delivery-up– Differential authorisation procedures

Judicial, executive or administrative

Issues of legality & enforceability

icc

icc

icc Issues of legality & enforceability

– Obtaining authorisation

– Executing the authorisation

33

edu

edu

edu

Jurisdictional reachJurisdictional reach

Within & beyond the territory

cl@

ccls

.ecl

@cc

ls.e

cl@

ccls

.e – e.g. Rackspace (2004)

Service provider & requested data– ‘loss of location’

Reassembly as a proxy?

Cybercrime Convention (2001)

icc

icc

icc – Art. 19: ‘Possession or control’ (art.19)

– Art. 32: open source or lawful and voluntary consent of the person who has lawful authority to disclose Contractual provisions

edu

edu

edu

International coInternational co--operationoperation

Mutual legal assistance

cl@

ccls

.ecl

@cc

ls.e

cl@

ccls

.e – Harmonisation

– Or mutual recognition EU: EEW and the EIO

Informal co-operation with foreign LEA– Proactive disclosure & 24/7 networks

icc

icc

icc Direct liaison with foreign service providers– Council of Europe Guidelines (2008)

e.g. Google Transparency Report

Engage directly with the material sought

44

edu

edu

edu

Regulating service providersRegulating service providers

Regulatory boundaries

cl@

ccls

.ecl

@cc

ls.e

cl@

ccls

.e – ‘electronic communication services’ & ‘information society services’ Google, Skype, Facetime.....?

From SaaS to CaaS

Regulatory consequences– Directive 02/58/EC art 5(1) & art 15(1)

icc

icc

icc Directive 02/58/EC, art. 5(1) & art. 15(1)

Existing capability or build obligation?

– Directive 06/24/EC Providers of ‘electronic communication services’

edu

edu

edu

CloudCloud--derived evidencederived evidence

AdmissibilityStatutory rules & judicial discretion

cl@

ccls

.ecl

@cc

ls.e

cl@

ccls

.e

– Statutory rules & judicial discretion e.g. Fair trial considerations (ECHR, art. 6)

Impact of lawfulness of obtaining?

Evidence gathered under MLA

Evidential weight– Provenance issues with remote data retrieval

icc

icc

icc authenticity, integrity & accountability

55

edu

edu

edu

Concluding remarksConcluding remarks

Exceeding powers in application or reach

cl@

ccls

.ecl

@cc

ls.e

cl@

ccls

.e – Surrendering sovereignty

– Regulatory uncertainties

From formality to informality – Issues of accountability

– Building a ‘culture of co-operation’!

icc

icc

icc e.g. Amazon & WikiLeaks

Evidential consequences