SERIES3: Even More Challenges Facing Cyberlaw

Connect--But, be very careful

The final installment on cyberlaw, issues, challenges, and headaches….

MORE & MORE CHALLENGES

 The other tests facing the value of virtual evidence are numerous.  “Several surveys have indicated that challenges associated with information security are far from resolved,” (Rhee, Ryu, &Cheong-Tag, 2012, p. 221).  Before it can be effectively integrated with current forensic techniques recognized by the courts, these challenges must also be addressed by LE, the technical community, state and federal legislatures, etc., to effectively tackle these issues.  These additional issues are both legal and technical in nature.  They include the difficulties of assigning specific attribution of an individual or entity who has violated the law in cyberspace and the ever-growing capabilities of the mobile computing power found in the modern-day cell/smart phone. 

 In the journal article, Cyber warfare: Issues and challenges,the authors focus on the international cyber warfare difficulties that impact a nation’s ability to protect its borders; however, there is significant commonality with LE where these issues may be addressed in parallel.  They state from their findings that “[t]he most significant conclusion to be made is the majority of challenges presented by cyber warfare cannot be solved from the perspective of just one discipline,”(Robinson, Jones, & Janicke, 2015, p. 91).  They too recognize that there is a need to address cyber warfare challenges in a multi-modal manner.  The authors express the issues facing cyberwarfare, as well as cyber law enforcement, must understand the interaction of both the legal and technical aspects. The physical and virtual nature of evidence must be addressed in concert and not separately.


ATTRIBUTION CHALLENGES

 In February 2007, the sovereign state of Estonia emerged into primacy of the first-ever statewide attack of a cyber-infrastructure.  After over 50 years of Soviet rule, the Estonian legislature passed a seemingly innocuous law called the “Forbidden Structures Law” which required the removal of all objects and statues of the former Soviet Union.  The president of Estonia vetoed that law in expectation of serious repercussions from Russia and its historical sensibilities of its suffering during World War II.  In April 2007, during ethnic rioting, the Estonian authorities moved the statue to a safe location; this was more than enough to cause a reaction.  “This is when the conflict moved into cyberspace.  Estonia…is one of the most wired nations in the world,” (Clarke & Knake, 2010, p. 13). This action catapulted Estonia into the news, and lead to a country-wide Distributed Denial of Service attack for which it was assumed orchestrated by Russia.

 While Russia never claimed responsibility for this far-reaching attack of all facets of Estonia’s public and private cyber infrastructure, the world community may have rightly assumed that Russia was the attacker. Unfortunately, that attack was never proven to be launched by Russia and poses the same difficult issue of attribution. As Colonel Mejia, United States Air Force, stated in 2014 the vital nature of attribution:“The cyber community must recognize the critical importance of attribution.  It is the basis for effective diplomacy, law enforcement, and [ultimately] a prerequisite for offensive military counter strikes,”  (Mejia,2014, p. 129). How is attribution and non-repudiation of a country or attacker proven?  What recourse does LE have to prove in an evidentiary manner who the perpetrator is or is not?       

During a July 15, 2010 subcommittee hearing on cyber attribution, the co-author of Cyber War,Robert Knacke, expressed his conclusion that “[b]ecause of the difficulty and uncertainty in performing attribution, computer network defenses should not depend on attribution,” (Leithauser, 2010, p.1).  He had a more defensive and submissive posture that suggested that the only means to counter cyber attacks is through a “larger” defense in depth.  This position would only limit LE’s ability to act in a more proactive manner.  To remain in a constant state of defense,even executing a well-designed defense-in-depth posture, is not definitive enough to prevent or dissuade future attacks.

A countering witness before the same subcommittee, Edward Giogio, the president of a national cyberescurity consultancy, provided a more powerful course of action.  His belief was that combining the resources of  LE and the Intelligence Community (IC) could make the attribution “irrefutable.” While no specifics were shared as part of his testimony there are unfortunate limitations and complexity in leveraging the IC.  The sharing of such means and methods in open court would ultimately divulge US capabilities and subsequently cause these techniques to quickly lose their effectiveness. 

The difficulty is that attribution could be traced through the Internet Protocol (IP) or MAC address of the respective machine, but since multiple individuals can access the same machine without the benefits of some form of attributional-confirming technology, it will provide continual challenges.  Until such technological-legal standards such as Public Key Infrastructure (PKI) are mandatory for access to cyberspace, LE will have to continue to rely on wiretap laws to capture criminals in the act.  If such standards were established globally, as a requirement to access any and all Internet resources, the challenge for LE would be greatly reduced.

A currently feasible solution for non-repudiation means is available.  It would require an introduction of  PKI internationally to shift the anonymity of the Internet to a more attributable and transparent work space for all.  PKI relies on a public-private key combinations, that if mandated, then anyone accessing the Internet would be identifiable.  This is a currently available technology for the Internet and Internet Service Providers (ISP), and would be nearly non-disputable in a court room setting. 


CELL PHONE CHALLENGES

  

No discussion of the ever-growing changes impacting LE would be complete without a discussion of the growth and ubiquity of the cellphone.  In the technical paper, Challenges in Mobile Phone Forensics,the authors addressed this growth.  Cellphones and tablets are “…becoming more and more crucial as evidentiary devices in civil and criminal investigations,” (Lutes& & Mislan, 2008, p. 4). The primary challenge confronting digital forensics is the disparity of phone types and the forensic tools available to conduct forensic analysis; no one software tool is able to address all the needs of LE. 

An ancillary issue facing this challenge is that “[i]n certain cases, the tools used to process cellular phones may report conflicting 
or erroneous information,” (Murphy,2009, p. 1).  This poses obvious problems for investigatory purposes and evidentiary presentations to the court. This lack of a coherent and common analysis tool suites impact the ability of LE to definitively assure consistency in its forensic data processing. 

An additional technological component required for LE is the availability of password cracking technologies.   The Fifth Amendment protects the individual’s right to self-incrimination and the divulging of passwords.  The challenge in cryptography is the growing size and complexity of key lengths.  As the complexity of these keys grows, there is a greater need for faster processing speed (better computer chips) and better techniques to break larger key strings.

This is an opportunity for software developers to develop a universal toolset to answer these technological challenges. The elements needed would include multiple connector and power cords that would address differing ports and electrical standards on respective computers and network interface devices, more capable micro-computers that investigators can process files at a very high rate, and the software that will ensure consistency   While this technological solution would seem basic, the LE community is still very much in need of such technical assistance.


CONCLUSION

The usefulness of continuing to apply the laws cited are still very relevant to the discussion of computer forensics investigation.  While the virtual form of evidence can appear complex in nature, there are numerous parallels with the physical investigation world.  “Data” is still written in a physical manner to a disk or magnetic medium by some form of scribe or stylus in the vicinity of the storage medium.  The current laws can still be applied and only requires a technical understanding of how to translate virtual evidence for the legal professional and more importantly for the lay juror; “[j]urors have come to expect the presentation of forensic science in every case, and they expect it to be conclusive,” (Sellers, 2015,p. 26).

Ultimately, virtual evidence is a potent tool to complement and supplement physical evidentiary work performed by LE.  Its presence can only benefit and reinforce LE’s ability to deter, dissuade and defeat crime.  Virtual evidence should not be considered unique.  It should be only considered different and complementary to fight both the classic as well as the modern-day cybercriminal.


FULL SERIES REFERENCES:

Balkin, J., Grimmelmann, J., Katz, E. K., Kozlovski, N., & Wagman, S. e. (2007). Cybercrime: Digital Cops in a Networked Environment. New York City: New York University Press.

Clarke, R. A., & Knake, R. K. (2010). Cyber War. New York: Harper-Collins Publishers.

Cornell University. (2012, January 4). 42 U.S. Code §2000aa – Searches and seizures by government officers and employees in connection with investigation or prosecution of criminal offenses.Retrieved from Legal Information Institute (LII):https://www.law.cornell.edu/uscode/pdf/uscode42/lii_usc_TI_42_CH_21A_SC_I_PA_A_SE_2000aa.pdf

Grobler, C., & Louwrens, B. (2006). Digital Forensics: A Multi-Dimensional Discipline. Proceedings of the ISSA 2006 from Insight to Foresight Conference. Pretoria: University of Pretoria.

Joint Chiefs of Staff. (2013, October 22). Joint Publication 2-0: Joint Intelligence. Retrieved from Defense Technical Information Center: http://www.dtic.mil/doctrine/new_pubs/jp2_0.pdf

Leithauser, T. (2010). Experts Urge Caution in Developing New Cyber Attack Attribution. Cybersecurity Policy Report. Retrieved from http://search.proquest.com.nduezproxy.idm.oclc.org/docview/746442315?accountid=12686

Lutes, K. D., & & Mislan, R. P. (2008). Challenges in Mobile Phone Forensics. 5th International Conference on Cybernetics and Information Technologies, Systems and Applications. West Lafayette: Purdue University.

Mejia, E. F. (2014, Spring). Act and Actor Attribution in Cyberspace: A Proposed Analytic Framework. Strategic Studies Quarterly,pp. 114-132.

Murphy, D. C. (2009). Developing Process for Mobile Device Forensics. SANS Institute. Retrieved from SANS.

Nolan, R., O’Sullivan, C., Branson, J., & Waits, C. (2005). First Responders Guide to Computer Forensics. Pittsburgh: Carnegie Mellon; Software Engineering Institute.

Rhee, H.-S., Ryu, Y. U., & Cheong-Tag, K. (2012). Unrealistic Optimism on Information Security Management. Computers and Security, 221-232.

Robinson, M., Jones, K., & Janicke, H. (2015). Cyber warfare: Issues and Challenges. Computers and Security, 70-94.

Sellers, F. S. (2015, March 1). Different Strokes: What Criminal Investigators are Looking for in our Text and Tweets. The Washington Post Magazine, pp. 19-26.

Steve Jackson Games, Inc., et. al., Plaintiff-Appellants, v.United States Secret Service, et. al., Defendants, United States Secret Service and United States of America, Defendants-Appellees, 93-8661 (US Court of Appeals for the 5th District October 31, 1994).

TechComm (a synthesized drawing from source and paper author). (2010, July 26). Public Key Infrastructure . Retrieved from TechComm :http://tech-writing-space.blogspot.com/2010/07/public-key-infrastructure.html

United States of America v. Howard Wesley Cotterman, 09-10139; DC No. 4:07-cr-01207-RCC-CRP-1 (US Court of Appeals for the Ninth Circuit March 8, 2013).