Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
CSCI1800CybersecurityandInterna4onalRela4ons
COEConven4ononCybercrimeJohnE.Savage
BrownUniversity
Outline
• Background• ProvisionsoftheConven4on– CybercrimeOffenses– Inves4ga4veProcedures– Interna4onalCoopera4on
• Reac4ontoandEvalua4onoftheConven4on• Alterna4vestotheConven4on
Lect174/3/17 ©JESavage 2
WhatistheCybercrimeConven4on?
• Firstinterna4onalcybercrimetreaty.• Itharmonizesna4onallawsoncybercrimeandimprovesna4onalcapabili4estoinves4gatesuchcrime.Italsoincreasescoopera4on.
• DraUedbyCouncilofEuropeinStrasbourgin’01• US,asexperiencedobserver,playedmajorrole.
Lect174/3/17 ©JESavage 3
OriginsofConven4on
• In1996EuropeanCommi\eeonCrimeProblems(CDPC)setupexpertcommi\eeoncybercrime.
• Theyrecognized– Trans-bordernatureofsuchcrime,– Conflictwithterritorialityofna4onallaws,&needforconcertedinterna4onalefforttodealwithit
• Commi\eeofExpertsonCrimeinCyber-spacecreatedinFebruary1997.
Lect174/3/17 ©JESavage 4
Commi\eeCharge
• TheCommi\eeofExpertswaschargedtodraUabindinglegalinstrumentaddressing:– Cyber-spaceoffensessuchasillegalfundstransfer,services,viola4onofcopyrightsandhumandignity,protec4onofminors,offeringofillegalservices.
– Othersubstan4vecrimesinvolvingcyber-space,requiringinterna4onalcoopera4on(thus,notcybercrime)
Lect174/3/17 ©JESavage 5
Commi\eeCharge
• TheCommi\eeofExpertswaschargedtodraUabindinglegalinstrumentaddressing:– Useandapplicabilityofcoercivepowers,suchasintercep4onofdata,surveillance,search&seizureofdata,problemscausedbyencryp4on,etc.
– Ques4onsofjurisdic4ononcyberspaceoffenses,e.g.doublejeopardy,whichlawsapply,etc.
– Interna4onalcoopera4oninves4ga4ngcyberspaceoffenses
Lect174/3/17 ©JESavage 6
EmergenceofConven4on
• AUerfouryearsofwork,inJune2001finaldraUoftheconven4onwasapprovedbyCDPC.
• AdoptedbyCouncilofEuropeonNov.8,2001.• SignedinBudapest,Nov23,2001.• Conven4onenteredintoforceinUSonNov1,2007• Conven4onopentoallCOEmemberstates.– Asof4/1/2017563stateshavera4fied,4otherssigned.
• StatesmaybeinvitedtoaccedetoitaUerobtainingconsentof“contrac4ngstates.”
Lect174/3/17 ©JESavage 7
Addi4onalProtocol
• AdoptedbyCommi\eeofMinisterson11/7/02• Requiresstatestocriminalize– Racistorxenophobicacts,threats,etcvianetworks– DenialoftheHolocaustandothergenocides.– Theseallinvolvecriminalizingcontent!
• UShelpeddraUthisprotocolbutdidnotsignitini4ally.Itsignedin2001,ra4fiedin2006,andenteredintoforcein2007.
Lect174/3/17 ©JESavage 8
ProvisionsoftheConven4on
• Goals:– Protec4onofsocietyfromcybercrime– Criminaliza4onofsuchconduct– Adop4onofpowerssufficienttocombatabove– Helpotherstateswithcrimedetec4on,inves4ga4on,prosecu4on
– Provideforfastreliableinterna4onalcoopera4on• Alterna4vevehicleforcybercrime,MutualLegalAssistanceTrea4es(MLATs),areveryslow.
Lect174/3/17 ©JESavage 9
Conven4onHasThreeParts
1. Lis4ngofsubstan4vecybercrimeoffensesthatra4fyingstatesmustadoptintona4onallaw.
2. Inves4ga4veproceduresthatstatesmustimplement.
3. Mechanismstoenhanceinterna4onalcoopera4on.
Lect174/3/17 ©JESavage 10
Conven4onRequirements
• Ra4fyingstatesmustcreatelawsallowing:– Searchandseizureofcomputersanddata– Wiretapping– Obtainreal-4meandstoredcommunica4onsdata– Thisappliesevenifcrimenotconsidereda“cybercrime”
• Thus,CybercrimeConven4onisamisnomer.
Lect174/3/17 ©JESavage 11
Defini4onofCriminalOffenses
• Accesstocomputersystemswithoutright.• Technicalintercep4onofnon-publicdatatofromorwithincomputersystemswithoutright.– Includeselectromagne4cemissionsfromcomputer– Doesitincludeaudiorecordingofkeystrokes?
• “Damaging,dele4ng,deteriora4ng,altera4onorsuppressingofcomputerdatawithoutright.”
• Serioushinderingof“func4oningofcomputersystembyinpupng,transmipng,dele4ng,deteriora4ngorsuppressingofcomputerdata.”
Lect174/3/17 ©JESavage 12
AccessingComputerswithoutRight
• The1986ComputerFraudandAbuseAct(CFAA)appliestothisissue.
• WhatdoyouthinkaboutCFAA?
Lect174/3/17 ©JESavage 13
CriminalOffenses
• “Produc4on,sale,procurementforuse,import,distribu4on”orpossessionof“adevice,includingcomputerprogram,designedoradaptedprimarilyforthepurposeofcommipnganyofthe[above].”
• Thesameappliestoa“password,accesscode,orsimilardata”usedtoaccessacomputersystem.
• “Causingofalossofpropertytoanother”byac4onsofabovetypewiththeinten4onpersonalbenefitwhendonewithoutright.
Lect174/3/17 ©JESavage 14
CriminalOffenses
• Produc4on,distribu4on,offering,procurementorpossessionofchildpornographyviacomputerdonewithoutright.
• Willfulinfringementofcopyrightandrelatedmaterialwhendone“onacommercialscaleandbymeansofacomputersystem.”
• Allpar4esmustensurethatlistedoffenses“arepunishablebyeffec4ve,propor4onateanddissuasivesanc4onsincludingdepriva4onofliberty.”
Lect174/3/17 ©JESavage 15
WhatCrimesAreMissing?
• IsIPhijackingacrime(BGP)?• HowaboutDNSfraud(viola4ngtrustinDNS)?
Lect174/3/17 ©JESavage 16
Inves4ga4veProcedures
• Par4esmustestablishfollowinglegislatepowers:– Powertoorderpreserva4onofcomputerdataandtrafficdata(iden4fiespathofpacketsthruISPs).
– Powertoseizecomputersandstoragemedia– Powertoorderproduc4onofcomputerdataandsubscriberinforma4on.
– Powertocollectsuchtrafficdatainreal4me.– Forseriouscrimes,powertocollectcontentinreal4me.– Establishjurisdic4onoversubstan4veoffensesinConven4oncommi\edathomeoragainstanother.
Lect174/3/17 ©JESavage 17
Interna4onalCoopera4on
• AllPar4es“shallco-operatewitheachother…tothewidestextentpossible”onthesema\ers.
• Coopera4onisthrurelevantinterna4onalagreementsanddomes4claws.– Thus,coopera4onmaybelimitedordelayed
• Offensespunishabledomes4callybyyearinjailormoreseveremustbeseenasextraditable.– However,limitstoextradi4onmaycomeintoplay.
Lect174/3/17 ©JESavage 18
Interna4onalCoopera4on
• Toextentpermi\edunderdomes4claw,Par4esmustforwardinfoitbelievesmayhelpotherPar4estoinves4gatecybercrime.– Par4esmayrequestsuchinfobekeptconfiden4al
• WhenPar4esdon’thavemutuallegalassistancetreatyorarrangement,eachmustdesignateacentralauthoritytosend,answer,requestmutualassistance.– Par4esagreetoexecuterequestsinaccordancewithprocs.ofreques4ngParty,exceptwhereincompa4ble
Lect174/3/17 ©JESavage 19
Interna4onalCoopera4on
• Par4esmustpreservedataexpedi4ouslyandforatleast60daysatrequestofanother.– APartymayrefusearequestforvarietyofreasons.
• Partymustrespondtoarequesttosearch,seizeordisclosedatalocatedwithinitsterritory.
Lect174/3/17 ©JESavage 20
Interna4onalCoopera4on
• Par4esmustprovidemutualassistanceinthereal-4mecollec4onorrecordingofcontentdata…totheextentpermi\edunderlawsandtrea4es.
• EachPartymusthaveapersononcall24/7torespondtoassistancerequestsininves4ga4ons.
• Conven4onlacksenforcementmechanism.InsteadCPDCisinformedofinterpreta4ons/applica4ons.– Arbitra4onispossiblefordisputesconcerningthela\er.
Lect174/3/17 ©JESavage 21
Interna4onalCoopera4on
• Ar4cle32b*:Partymayaccesswithoutauthoriza4onofanotherPartydataoncomputerinterritoryoftheotheriflawfulandvoluntaryconsentobtainedfrompersonwithauthoritytoprovideit.– Russiasignedtheconven4onbutwithdrewwhenitrealizedimplica4onsofthisprovision.
– Iftheyweretorejoin,otherna4onswouldaswell!
Lect174/3/17 ©JESavage 22
*Ar4clesareath\p://www.europarl.europa.eu/meetdocs/2014_2019/documents/libe/dv/7_conv_budapest_/7_conv_budapest_en.pdf
Compe44onfortheConven4on
• Interna4onalTelecommunica4onsUnion(ITU),aUNagencyconcernedwithICTissues,challengeduniversaladop4onofConven4on,circa2010.
• ITUGeneralSecretaryHamadounTorréobjectsbecauseitisEuro-centricand“ali\ledusty.”
• ITUithad“ITUToolkitforCybercrimeLegisla4on”draUedbyAmericanBarAssocia4oncommi\ee.
• ITUpromoteditsowncyber-warningorg.,IMPACT.
Lect174/3/17 ©JESavage 23
Evalua4onofConven4on
• “Mostsubstan4ve,andbroadlysubscribed,mul4lateralagreementoncybercrime”today.
• Rela4velycomprehensiveapproachtoharmonizingna4onallawsandcoopera4on.
• USDoJofficialratesimpact:“veryposi4ve.”Coopera4onhasincreasedradicallyrecently.
• Provisionstofreezedata,“spontaneous”coopera4on,24/7contact,remotesearchesaremostuseful.
Lect174/3/17 ©JESavage 24
Evalua4onofConven4on
• Shortcomings:– RussiaandChinanotsignatories.NostatesfromAfricaorSouthAmerica.
– Par4esmayrefusetoassistinmanyinstances– Noenforcementmechanisms
Lect174/3/17 ©JESavage 25
Evalua4onofConven4on
• Shortcomings:– Doesnotaddressespionageoruseofforceunderlawsofwar
– Doesnotdealwithissuesthatarisewhenana4onisundera\ackandcan’taffordtowaitforcoopera4onfromcountriesthatmaybea\acking.
– Doesn’tapplytoDNSfraudorIPhijacking(BGP).
Lect174/3/17 ©JESavage 26
PossibleStepsforImprovement
• Narrowgroundsforrejec4ngrequestforassistance– Requirespecificreasonsfordenyingrequestsinwri4ng
• Addmeaningfulenforcementmechanism– Requireneutralarbiterwhenrequestdenied
• Requirerepor4ngofdenialsofassistancetoCDPC• AuthorizethosePar4esdeniedassistancewithoutlegi4mate,crediblereasontoengageinunilateral,cross-borderinves4ga4ons.– Wouldthisviolatesovereignty?
Lect174/3/17 ©JESavage 27
Alterna4vestotheConven4on
• MostnotableisRussiancyberarmstreaty– In‘98itequatedcyberweaponswithweaponsofmassdestruc4on
• In2000RussiasponsoredUNGeneralAssemblyresolu4ontoexaminewaystostrengthen“securityofglobalinforma4onandtelecommunica4onssystems”and“limitthreatsemerginginthisfield.”
Lect174/3/17 ©JESavage 28
2000RussianProposal• Statesmustrefrain– “fromdevelopment,crea4on,anduseofmeansofinfluencingordamaginganotherState’sinforma4onresourcesandsystems,”
– “deliberateuseofinforma4ontoinfluenceanotherState’svitalStructures,”
– “unauthorizedinterferenceininforma4onandtelecom-munica4onssystemandinforma4onresources,aswellastheirunlawfuluse,”
– “encouragingtheac4vi4esofinterna4onalterrorist,extremistorcriminalassocia4ons,organiza4ons,groupsorindividuallawbreakersthatposeathreattotheinforma4onresourcesandvitalstructuresofStates.”
Lect174/3/17 ©JESavage 29
2000RussianProposal
• Howdoesoneinterpret“influence”?• Whatis“unauthorizedinterference”?• Whatare“interna4onalterrorist,extremistorcriminalassocia4ons,organiza4ons,groups”and“vitalstructuresofStates”?
• AretheRussiansmoreconcernedabout“statesecurity”?
Lect174/3/17 ©JESavage 30
RecentRussianProposal
• In2008VladislavSherstyuk,deputysecretaryoftheRussianSecurityCouncil,proposedatreatythatwouldprohibitsecretlyembeddingmaliciouscodeinacountry’scomputersforlateruseineventofhos4li4es.– Note:USDoD*nowconsideringthis!
• Russiaalsoproposedprohibi4nga\acksonnon-combatantsystemsaswellasdecep4onincyberspace.
Lect174/3/17 ©JESavage 31*SeeChapterXVIoftheDoDLawofWarManual
USResponsetoRussianProposals
• UShasbeentocooltotheseproposals.• USstartedmee4ngwithRussiansinlate2009andagreedtotalkatUNDisarmament&Interna4onalSecurityCommi\ee.
• 4/10USa\endedGarmischcybersecurityconf.1• Gen.K.AlexanderofCybercommand,said“whatRussiaputforwardis,perhaps,thestar4ngpointforinterna4onaldebate.”
1. FourthInterna.onalForumPartnershipofStateAuthori.es,CivilSocietyandtheBusinessCommunityinEnsuringInforma.onSecurityandComba.ngTerrorism,Garmisch-Partenkirchen,Munich,Germany.
Lect174/3/17 ©JESavage 32
Alterna4ves
• Gen.Alexander:USshoulddevelopcounter-proposaltoRussia’sproposedtreaty.
• Russianproposalsdidnotgaintrac4onini4ally.• SeemsunlikelythatUSwouldagreetobanoffensivecyberweaponssoon.
• In‘15theUNGGEandG20adoptedthisnorm:– Nocountryshouldinten4onallydamagethecri4calinfrastructureofanother.
– ItwasoriginallyaRussianproposal.
Lect174/3/17 ©JESavage 33
Review
• Background• Conven4onsProvisions– CybercrimeOffenses– Inves4ga4veProcedures– Interna4onalCoopera4on
• Reac4ontoandEvalua4onoftheConven4on• Alterna4vestotheConven4on
Lect174/3/17 ©JESavage 34