CSCI1800CybersecurityandInterna4onalRela4ons

COEConven4ononCybercrimeJohnE.Savage

BrownUniversity

Outline

•  Background•  ProvisionsoftheConven4on– CybercrimeOffenses–  Inves4ga4veProcedures–  Interna4onalCoopera4on

•  Reac4ontoandEvalua4onoftheConven4on•  Alterna4vestotheConven4on

Lect174/3/17 ©JESavage 2

WhatistheCybercrimeConven4on?

•  Firstinterna4onalcybercrimetreaty.•  Itharmonizesna4onallawsoncybercrimeandimprovesna4onalcapabili4estoinves4gatesuchcrime.Italsoincreasescoopera4on.

•  DraUedbyCouncilofEuropeinStrasbourgin’01•  US,asexperiencedobserver,playedmajorrole.

Lect174/3/17 ©JESavage 3

OriginsofConven4on

•  In1996EuropeanCommi\eeonCrimeProblems(CDPC)setupexpertcommi\eeoncybercrime.

•  Theyrecognized– Trans-bordernatureofsuchcrime,– Conflictwithterritorialityofna4onallaws,&needforconcertedinterna4onalefforttodealwithit

•  Commi\eeofExpertsonCrimeinCyber-spacecreatedinFebruary1997.

Lect174/3/17 ©JESavage 4

Commi\eeCharge

•  TheCommi\eeofExpertswaschargedtodraUabindinglegalinstrumentaddressing:– Cyber-spaceoffensessuchasillegalfundstransfer,services,viola4onofcopyrightsandhumandignity,protec4onofminors,offeringofillegalservices.

– Othersubstan4vecrimesinvolvingcyber-space,requiringinterna4onalcoopera4on(thus,notcybercrime)

Lect174/3/17 ©JESavage 5

Commi\eeCharge

•  TheCommi\eeofExpertswaschargedtodraUabindinglegalinstrumentaddressing:– Useandapplicabilityofcoercivepowers,suchasintercep4onofdata,surveillance,search&seizureofdata,problemscausedbyencryp4on,etc.

– Ques4onsofjurisdic4ononcyberspaceoffenses,e.g.doublejeopardy,whichlawsapply,etc.

–  Interna4onalcoopera4oninves4ga4ngcyberspaceoffenses

Lect174/3/17 ©JESavage 6

EmergenceofConven4on

•  AUerfouryearsofwork,inJune2001finaldraUoftheconven4onwasapprovedbyCDPC.

•  AdoptedbyCouncilofEuropeonNov.8,2001.•  SignedinBudapest,Nov23,2001.•  Conven4onenteredintoforceinUSonNov1,2007•  Conven4onopentoallCOEmemberstates.– Asof4/1/2017563stateshavera4fied,4otherssigned.

•  StatesmaybeinvitedtoaccedetoitaUerobtainingconsentof“contrac4ngstates.”

Lect174/3/17 ©JESavage 7

Addi4onalProtocol

•  AdoptedbyCommi\eeofMinisterson11/7/02•  Requiresstatestocriminalize– Racistorxenophobicacts,threats,etcvianetworks– DenialoftheHolocaustandothergenocides.– Theseallinvolvecriminalizingcontent!

•  UShelpeddraUthisprotocolbutdidnotsignitini4ally.Itsignedin2001,ra4fiedin2006,andenteredintoforcein2007.

Lect174/3/17 ©JESavage 8

ProvisionsoftheConven4on

•  Goals:– Protec4onofsocietyfromcybercrime– Criminaliza4onofsuchconduct– Adop4onofpowerssufficienttocombatabove– Helpotherstateswithcrimedetec4on,inves4ga4on,prosecu4on

– Provideforfastreliableinterna4onalcoopera4on•  Alterna4vevehicleforcybercrime,MutualLegalAssistanceTrea4es(MLATs),areveryslow.

Lect174/3/17 ©JESavage 9

Conven4onHasThreeParts

1.  Lis4ngofsubstan4vecybercrimeoffensesthatra4fyingstatesmustadoptintona4onallaw.

2.  Inves4ga4veproceduresthatstatesmustimplement.

3.  Mechanismstoenhanceinterna4onalcoopera4on.

Lect174/3/17 ©JESavage 10

Conven4onRequirements

•  Ra4fyingstatesmustcreatelawsallowing:– Searchandseizureofcomputersanddata– Wiretapping– Obtainreal-4meandstoredcommunica4onsdata– Thisappliesevenifcrimenotconsidereda“cybercrime”

•  Thus,CybercrimeConven4onisamisnomer.

Lect174/3/17 ©JESavage 11

Defini4onofCriminalOffenses

•  Accesstocomputersystemswithoutright.•  Technicalintercep4onofnon-publicdatatofromorwithincomputersystemswithoutright.–  Includeselectromagne4cemissionsfromcomputer– Doesitincludeaudiorecordingofkeystrokes?

•  “Damaging,dele4ng,deteriora4ng,altera4onorsuppressingofcomputerdatawithoutright.”

•  Serioushinderingof“func4oningofcomputersystembyinpupng,transmipng,dele4ng,deteriora4ngorsuppressingofcomputerdata.”

Lect174/3/17 ©JESavage 12

AccessingComputerswithoutRight

•  The1986ComputerFraudandAbuseAct(CFAA)appliestothisissue.

•  WhatdoyouthinkaboutCFAA?

Lect174/3/17 ©JESavage 13

CriminalOffenses

•  “Produc4on,sale,procurementforuse,import,distribu4on”orpossessionof“adevice,includingcomputerprogram,designedoradaptedprimarilyforthepurposeofcommipnganyofthe[above].”

•  Thesameappliestoa“password,accesscode,orsimilardata”usedtoaccessacomputersystem.

•  “Causingofalossofpropertytoanother”byac4onsofabovetypewiththeinten4onpersonalbenefitwhendonewithoutright.

Lect174/3/17 ©JESavage 14

CriminalOffenses

•  Produc4on,distribu4on,offering,procurementorpossessionofchildpornographyviacomputerdonewithoutright.

•  Willfulinfringementofcopyrightandrelatedmaterialwhendone“onacommercialscaleandbymeansofacomputersystem.”

•  Allpar4esmustensurethatlistedoffenses“arepunishablebyeffec4ve,propor4onateanddissuasivesanc4onsincludingdepriva4onofliberty.”

Lect174/3/17 ©JESavage 15

WhatCrimesAreMissing?

•  IsIPhijackingacrime(BGP)?•  HowaboutDNSfraud(viola4ngtrustinDNS)?

Lect174/3/17 ©JESavage 16

Inves4ga4veProcedures

•  Par4esmustestablishfollowinglegislatepowers:–  Powertoorderpreserva4onofcomputerdataandtrafficdata(iden4fiespathofpacketsthruISPs).

–  Powertoseizecomputersandstoragemedia–  Powertoorderproduc4onofcomputerdataandsubscriberinforma4on.

–  Powertocollectsuchtrafficdatainreal4me.–  Forseriouscrimes,powertocollectcontentinreal4me.–  Establishjurisdic4onoversubstan4veoffensesinConven4oncommi\edathomeoragainstanother.

Lect174/3/17 ©JESavage 17

Interna4onalCoopera4on

•  AllPar4es“shallco-operatewitheachother…tothewidestextentpossible”onthesema\ers.

•  Coopera4onisthrurelevantinterna4onalagreementsanddomes4claws.– Thus,coopera4onmaybelimitedordelayed

•  Offensespunishabledomes4callybyyearinjailormoreseveremustbeseenasextraditable.– However,limitstoextradi4onmaycomeintoplay.

Lect174/3/17 ©JESavage 18

Interna4onalCoopera4on

•  Toextentpermi\edunderdomes4claw,Par4esmustforwardinfoitbelievesmayhelpotherPar4estoinves4gatecybercrime.–  Par4esmayrequestsuchinfobekeptconfiden4al

•  WhenPar4esdon’thavemutuallegalassistancetreatyorarrangement,eachmustdesignateacentralauthoritytosend,answer,requestmutualassistance.–  Par4esagreetoexecuterequestsinaccordancewithprocs.ofreques4ngParty,exceptwhereincompa4ble

Lect174/3/17 ©JESavage 19

Interna4onalCoopera4on

•  Par4esmustpreservedataexpedi4ouslyandforatleast60daysatrequestofanother.– APartymayrefusearequestforvarietyofreasons.

•  Partymustrespondtoarequesttosearch,seizeordisclosedatalocatedwithinitsterritory.

Lect174/3/17 ©JESavage 20

Interna4onalCoopera4on

•  Par4esmustprovidemutualassistanceinthereal-4mecollec4onorrecordingofcontentdata…totheextentpermi\edunderlawsandtrea4es.

•  EachPartymusthaveapersononcall24/7torespondtoassistancerequestsininves4ga4ons.

•  Conven4onlacksenforcementmechanism.InsteadCPDCisinformedofinterpreta4ons/applica4ons.– Arbitra4onispossiblefordisputesconcerningthela\er.

Lect174/3/17 ©JESavage 21

Interna4onalCoopera4on

•  Ar4cle32b*:Partymayaccesswithoutauthoriza4onofanotherPartydataoncomputerinterritoryoftheotheriflawfulandvoluntaryconsentobtainedfrompersonwithauthoritytoprovideit.– Russiasignedtheconven4onbutwithdrewwhenitrealizedimplica4onsofthisprovision.

–  Iftheyweretorejoin,otherna4onswouldaswell!

Lect174/3/17 ©JESavage 22

*Ar4clesareath\p://www.europarl.europa.eu/meetdocs/2014_2019/documents/libe/dv/7_conv_budapest_/7_conv_budapest_en.pdf

Compe44onfortheConven4on

•  Interna4onalTelecommunica4onsUnion(ITU),aUNagencyconcernedwithICTissues,challengeduniversaladop4onofConven4on,circa2010.

•  ITUGeneralSecretaryHamadounTorréobjectsbecauseitisEuro-centricand“ali\ledusty.”

•  ITUithad“ITUToolkitforCybercrimeLegisla4on”draUedbyAmericanBarAssocia4oncommi\ee.

•  ITUpromoteditsowncyber-warningorg.,IMPACT.

Lect174/3/17 ©JESavage 23

Evalua4onofConven4on

•  “Mostsubstan4ve,andbroadlysubscribed,mul4lateralagreementoncybercrime”today.

•  Rela4velycomprehensiveapproachtoharmonizingna4onallawsandcoopera4on.

•  USDoJofficialratesimpact:“veryposi4ve.”Coopera4onhasincreasedradicallyrecently.

•  Provisionstofreezedata,“spontaneous”coopera4on,24/7contact,remotesearchesaremostuseful.

Lect174/3/17 ©JESavage 24

Evalua4onofConven4on

•  Shortcomings:– RussiaandChinanotsignatories.NostatesfromAfricaorSouthAmerica.

– Par4esmayrefusetoassistinmanyinstances– Noenforcementmechanisms

Lect174/3/17 ©JESavage 25

Evalua4onofConven4on

•  Shortcomings:– Doesnotaddressespionageoruseofforceunderlawsofwar

– Doesnotdealwithissuesthatarisewhenana4onisundera\ackandcan’taffordtowaitforcoopera4onfromcountriesthatmaybea\acking.

– Doesn’tapplytoDNSfraudorIPhijacking(BGP).

Lect174/3/17 ©JESavage 26

PossibleStepsforImprovement

•  Narrowgroundsforrejec4ngrequestforassistance–  Requirespecificreasonsfordenyingrequestsinwri4ng

•  Addmeaningfulenforcementmechanism–  Requireneutralarbiterwhenrequestdenied

•  Requirerepor4ngofdenialsofassistancetoCDPC•  AuthorizethosePar4esdeniedassistancewithoutlegi4mate,crediblereasontoengageinunilateral,cross-borderinves4ga4ons.– Wouldthisviolatesovereignty?

Lect174/3/17 ©JESavage 27

Alterna4vestotheConven4on

•  MostnotableisRussiancyberarmstreaty–  In‘98itequatedcyberweaponswithweaponsofmassdestruc4on

•  In2000RussiasponsoredUNGeneralAssemblyresolu4ontoexaminewaystostrengthen“securityofglobalinforma4onandtelecommunica4onssystems”and“limitthreatsemerginginthisfield.”

Lect174/3/17 ©JESavage 28

2000RussianProposal•  Statesmustrefrain–  “fromdevelopment,crea4on,anduseofmeansofinfluencingordamaginganotherState’sinforma4onresourcesandsystems,”

–  “deliberateuseofinforma4ontoinfluenceanotherState’svitalStructures,”

–  “unauthorizedinterferenceininforma4onandtelecom-munica4onssystemandinforma4onresources,aswellastheirunlawfuluse,”

–  “encouragingtheac4vi4esofinterna4onalterrorist,extremistorcriminalassocia4ons,organiza4ons,groupsorindividuallawbreakersthatposeathreattotheinforma4onresourcesandvitalstructuresofStates.”

Lect174/3/17 ©JESavage 29

2000RussianProposal

•  Howdoesoneinterpret“influence”?•  Whatis“unauthorizedinterference”?•  Whatare“interna4onalterrorist,extremistorcriminalassocia4ons,organiza4ons,groups”and“vitalstructuresofStates”?

•  AretheRussiansmoreconcernedabout“statesecurity”?

Lect174/3/17 ©JESavage 30

RecentRussianProposal

•  In2008VladislavSherstyuk,deputysecretaryoftheRussianSecurityCouncil,proposedatreatythatwouldprohibitsecretlyembeddingmaliciouscodeinacountry’scomputersforlateruseineventofhos4li4es.– Note:USDoD*nowconsideringthis!

•  Russiaalsoproposedprohibi4nga\acksonnon-combatantsystemsaswellasdecep4onincyberspace.

Lect174/3/17 ©JESavage 31*SeeChapterXVIoftheDoDLawofWarManual

USResponsetoRussianProposals

•  UShasbeentocooltotheseproposals.•  USstartedmee4ngwithRussiansinlate2009andagreedtotalkatUNDisarmament&Interna4onalSecurityCommi\ee.

•  4/10USa\endedGarmischcybersecurityconf.1•  Gen.K.AlexanderofCybercommand,said“whatRussiaputforwardis,perhaps,thestar4ngpointforinterna4onaldebate.”

1.  FourthInterna.onalForumPartnershipofStateAuthori.es,CivilSocietyandtheBusinessCommunityinEnsuringInforma.onSecurityandComba.ngTerrorism,Garmisch-Partenkirchen,Munich,Germany.

Lect174/3/17 ©JESavage 32

Alterna4ves

•  Gen.Alexander:USshoulddevelopcounter-proposaltoRussia’sproposedtreaty.

•  Russianproposalsdidnotgaintrac4onini4ally.•  SeemsunlikelythatUSwouldagreetobanoffensivecyberweaponssoon.

•  In‘15theUNGGEandG20adoptedthisnorm:– Nocountryshouldinten4onallydamagethecri4calinfrastructureofanother.

–  ItwasoriginallyaRussianproposal.

Lect174/3/17 ©JESavage 33

Review

•  Background•  Conven4onsProvisions– CybercrimeOffenses–  Inves4ga4veProcedures–  Interna4onalCoopera4on

•  Reac4ontoandEvalua4onoftheConven4on•  Alterna4vestotheConven4on

Lect174/3/17 ©JESavage 34