Panorama of legal issues concerning IT forensic investigations

33 %
67 %
Information about Panorama of legal issues concerning IT forensic investigations
Business & Mgmt

Published on February 6, 2014

Author: Johan_Vdd



A high level overview of legal issues in relation to IT forensic investigations, focusing on corporate espionage as a red line.

A panorama of legal issues concerning IT forensic investigations ACFE Annual Meeting | Brussels | 5 February 2014 Johan Vandendriessche Partner (crosslaw) | |


Fraud – prevention, detection and investigation Fraud • Deliberately practiced deception to obtain or secure an unlawful gain • Civil wrong (“tortuous liability” or “contractual liability”) • Criminal offence • Fraud takes many forms • ‘Unlawful gain’ can be very varied Fraud prevention • Technical and organizational measures • Security measures • Policies • Contractual arrangements

Fraud – prevention, detection and investigation Fraud detection • Organized detection • Technical measures (e.g. camera surveillance, data mining, …) • Organizational measures • Incidental detection Fraud investigation • • • • Informal private hearing Private detective IT forensic investigation Criminal investigation 4

Data Protection Limitations in relation to the processing of personal data • Personal data: “any information in relation to an identified or identifiable physical person […]” • Very large legal interpretation to the concept of personal data • Not necessarily sensitive information (although stricter rules apply to special categories of personal data) • Processing: “any operation or set of operations which is performed upon personal data […]” 5

Data Protection Processing of personal data is prohibited, unless allowed by the Data Protection Law The data processing must comply with specific principles • • • • • • • Proportionality Purpose limitation Limited in time (Individual and collective) Transparency Data quality Data security (Individual and collective) Enforcement measures 6

Data Protection Specific issues in relation to fraud prevention and detection • Employee surveillance • Electronic Communication (CBA No. 81) • Workplace Camera Surveillance (CBA No. 68) • • • • • • • • Camera Surveillance (security cameras) Whistle blowing policies Blacklists Access control / identity control (ID card related issues) Biometrical data (e.g. identification and access restrictions) Screening / background checks (e.g. “certificate of good behaviour”) Archiving Data mining Impact on evidence value in case of investigations 7


An example Corporate espionage • Internal vs external • Employee • Self-employed • Third party • Purpose • Competing activity • Other • Object • Corporate know-how and IP • Client list / supplier list • Confidential Information 9

An example Infringer • Employee / Consultant Nature of the wrong • Civil / contractual • Criminal Equipment • Laptop owned by employer/client • Laptop owned by employee/consultant 10

Strategy Options • Internal investigation • Forensic IT investigation on IT equipment • External investigation • Criminal complaint (?) • Court proceedings  Sequestration (“sekwester” / “séquestre”)  Private search (“beslag inzake namaak” / “saisie en contrefaçon”)  Court order to provide evidence • Define actions (forensic or otherwise) 11


Overview Forensic IT investigation • Capacity of the investigator • Access to the IT equipment • Company owned • Third party owned • Access to the data contained therein • privacy issues 13

Cybercrime Criminal acts posing a threat against the confidentiality, the integrity and the availability of IT systems and data • Hacking • Computer sabotage Investigation powers • (Network search) • (IT system and data seizure) • Cooperation duty of IT experts

Hacking Hacking: “the unauthorized intrusion in or maintenance of access to an IT system” (article 550bis Criminal Code) • Internal hacking • Person with access rights that exceeds such rights • With a fraudulent purpose or with the purpose to cause damage • External hacking • Person without access rights • Knowingly There is no requirement of breach of security measures Organizing hacking or using data that was obtained through hacking are also criminal offences 15

Hacking Sanction (also applicable in case of attempt to hack) • Internal hacking • Fines: 26 to 25.000 EUR (x6); and/or • Prison sentence: 3 months up to 1 year (doubled in case of intent to fraud) • External hacking • Fines: 26 to 25.000 EUR (x6); and/or • Prison sentence: 6 months up to 2 years Criminal sanctions are increased in case of: • Copying any data on the IT system • Use of the IT system or use thereof to hack another IT system • Damage to the IT system or its data or any third-party IT system or data 16

Computer sabotage Computer sabotage: “the direct or indirect insertion, modification or erasure of information in an IT system or any other change to the normal use of information in an IT system” (article 550ter Criminal Code) • Virus, worm, or any other malicious code • Unauthorized time-locks or other blocking mechanisms Developing, distributing or commercializing malicious code or tools to commit computer sabotage is a criminal offence 17

Computer sabotage Sanction (also applicable in case of attempted sabotage): • Fine: 26 to 25.000 EUR (x6); and/or • Prison sentence: 6 months up to 3 years (increased in case of fraudulent intent or intention to cause damage) Criminal sanctions are increased in case of: • Causing damage to data in any IT system as a result of computer sabotage • Interfering with the proper functioning of any IT system as a result of computer sabotage Sanctions are doubled in some cases of cybercrime recidivism 18

Privacy What is privacy? Various sources • European Convention on Human Rights • Treaty on the Functioning of the European Union (TFEU) • National (constitutional) legislation Principle of privacy at work has been confirmed by ECHR and Article 29 Working Party 19

Secrecy of letters Secrecy of letters • Article 29 of the Belgian Constitution Drafts of outgoing letters • Electronic documents • Not applicable Copies of incoming letters Interception of incoming letters • Address • Mentions 20

Secrecy of electronic communication Electronic communication is protected • Interception of electronic communication • Art. 314bis of the Criminal Code • Access to electronic communication • Art. 124-125 of the Act of 13 June 2005 Specific problem for investigation of e-mail and IM 21

Secrecy of electronic communication General interdiction to: • Consult any electronic communication • Identify participants to such electronic communication • To process in any manner such electronic communication UNLESS: if consent is obtained from all participants Specific exceptions exist (only business relevant exceptions are mentioned): • If allowed or imposed by law • With the sole purpose of ensuring the proper functioning of the network or the proper performance of the communication service • For offering a service that consists of preventing the receipt of unsolicited electronic communication, provided consent has been obtained for the recipient No distinction is made between private and professional communication! 22

Secrecy of electronic communication Monitoring of any form of electronic communication • Use of e-mail • Use of Internet CBA No. 81 allows a limited degree of monitoring • Surveillance is possible for limited purposes • The prevention of illegal acts, slander and violation of decency • The protection of the economic, trade and financial interests of the company • The protection of the security and proper functioning of the company’s IT system • The compliance with company policies in relation to online technologies • Procedural requirements • Collective information • Individual information • Sanctions? 23


Evidence Law Admissible • Type of evidence (‘matters of fact’ vs ‘legal acts’) • Lawful • Illegal evidence • Illegally obtained evidence • Probatory value (‘credibility’) • Weight carried by the submitted evidence • Influenced by the reliability  Gathering process of digital evidence  Inherent reliability (?)

Evidence Law “Antigoon” case law • Illegally obtained evidence • Evidence is no longer automatically discarded Evidence is retained, except: • Nullity is legally imposed sanction • Unfair trial • Impact on reliability Small note: “Antigoon” case law is relatively new and still evolving 26

Evidence law: lessons learnt Problems with electronic evidence • Rules of evidence strongly favour “paper evidence” • Courts may be reluctant in the face of new technologies • Case law usually dismisses electronic evidence at the slightest indication of the possibility of fraud / tampered evidence General rules • ensure the accountability and integrity of any electronic evidence at all times • Implement procedures and policies / provide evidence that these policies are regularly verified or audited 27

Evidence Law: lessons learnt Practical approach in Belgium • Ensure that the evidence collection is organized in a manner guaranteeing evidence integrity • • • • Assistance of a court appointed expert (feasible?) Assistance of a bailiff Assistance of a unilaterally appointed expert Assistance of the Belgian Federal Computer Crime Unit (FCCU) • Ensure that the evidence is stored in a secure manner Court proceedings are likely to include a court expertise 28

Thank you for your attention. QUESTIONS? 29

Add a comment

Related presentations

Canvas Prints at Affordable Prices make you smile.Visit http://www.shopcanvasprint...

30 Días en Bici en Gijón organiza un recorrido por los comercios históricos de la ...

Con el fin de conocer mejor el rol que juega internet en el proceso de compra en E...

With three established projects across the country and seven more in the pipeline,...

Retailing is not a rocket science, neither it's walk-in-the-park. In this presenta...

What is research??

What is research??

April 2, 2014

Explanatory definitions of research in depth...

Related pages

Technical Challenges of Forensic Investigations in Cloud ...

Technical Challenges of Forensic Investigations ... and on acquisition logistics and legal issues ... Concerning the technical aspects of forensic ...
Read more

Digital forensics and the legal system: A dilemma of our times

Digital forensics and the legal system: ... Digital forensics, legal issues, ... Forensic investigation processes ...
Read more

Issues in Computer Forensics - Santa Clara University

Issues in Computer Forensics Sonia Bui ... and the legal and ethical aspects of ... The three main steps in any computer forensic investigation are ...
Read more

Legal and Technical Issues Concerning Evidence in Data ...

Legal and Technical Issues Concerning Evidence in Data Breach Cases ... undertake an independent forensic investigation to corroborate the
Read more

Legal Aspects of Digital Forensics

Legal Aspects of Digital Forensics ... articulation of standards for digital forensics investigations, and ... concerning the collection ...
Read more

Ethics in Computer Forensics - Digital Forensics Magazine

... computer forensic investigations must also be conducted under an ... The legal dictionary [2 ... some common issues of computer forensics include ...
Read more

Evidence Technology Magazine - Ethics and Forensic Science

Ethics and Forensic Science ... examined analysts concerning invalid testimony and rarely ... or against a suspect in an investigation. Legal, ...
Read more

Conducting Effective Interviews - AICPA

Many forensic investigations involve fraud allegations. By way of background information, ... legal issues may also arise if there is an “expectation of
Read more

Ethical-legal problems of DNA databases in criminal ...

Ethical-legal problems of DNA databases in criminal investigation. ... and controversial issues are ... concerning the use of DNA analysis ...
Read more