1

The interplay of stopping computer crime while protecting privacy

Svein Yngvar Willassen

Department of Telematics,

Norwegian University of Science and Technology

2

It is already far too late to prevent the invasion of cameras and databases. The djinn cannot be crammed back into its bottle. No matter how many laws are passed, it will prove quite impossible to legislate away the new surveillance tools and databases. They are here to stay.

Accountability is the one fundamental ingredient on which liberty thrives. Without the accountability that derives from openness -- enforceable upon even the mightiest individuals and institutions -- how can freedom survive?

D. Brin, The transparent society, 1998

3

Definitions: Privacy

Privacy is the claim of individuals, groups, or institutions to determine for

themselves when, how, and to what extent information about them is

communicated to others.

A. Westin, Privacy and Freedom, 1967

4

Definitions: Computer Crime

A crime in which a computer was directly and significantly instrumental

J. Taber, One Computer Crime, Computer Law Journal, 1979

Action directed against the confidentiality, integrity and availability of computer systems, networks and computer data as well as misuse of such systems, network and data

Preamble, Council of Europe Cybercrime Convention, Budapest 2001

5

Consequence of Definitions

Computer crime is a threat against computers and the information stored therein. The rightful owners of information are thereby deprived of their ability to decide for themselves how this information is spread to others.

Computer crime is harmful to privacy.

Stopping Computer Crime is Preserving Privacy!

3

6

Protecting Privacy from Computer Crime, Options

- Protect

- Protect, detect and stop

- Protect, detect, stop and investigate

- Don’t use computers

- Protect, detect, stop, investigate and prosecute

4

7

Event Data

Stored

Retained

Presented

Seized

Investigated

Reported

Relied on

Information flow

Detection and investigation of Computer Crime must be based on information about the occurred events.

Detection, investigation and prosecution relies on information (evidence) distilled from the pool of data that has been recorded about the events that occured.

8

Event Data

Stored

Retained

Presented

Seized

Investigated

Reported

Relied on

Information flow

9

Event Data

Stored

Retained

Presented

Seized

Investigated

Reported

Relied on

Information flow

The amount of information available in each step is determined by various considerations, among them privacy:

- by regulations (statutory requirements, recommendations, standards)

- by policy

This affects the outcome of the investigation and prosecution.

Terminology from [Breaux, Anton et.al 2007]

10

Event Data

Stored

Retained

Presented

Seized

Investigated

Reported

Relied on

Event Data generation

Data about occurring events is generated on computers involved in the occurring events.

End users may use Privacy Enhancing Technologies to control the visibility of the event information to others.

11

Event Data

Stored

Retained

Presented

Seized

Investigated

Reported

Relied on

Event Data generation

Anonymization:

- Decouples the event data from an individual, so attribution becomes impossible.

- Enhances privacy but reduces the investigative

value of the data

- Examples of statutory provisions outlawing

anonymization.

12

Event Data

Stored

Retained

Presented

Seized

Investigated

Reported

Relied on

Event Data generation

Encryption:

- Hides data content from anyone not in possession of a key.

- Enhances privacy but reduces the investigative

value of the data

- Examples of government efforts to prevent

effective encryption for investigative reasons

13

Event Data

Stored

Retained

Presented

Seized

Investigated

Reported

Relied on

Storage/Retention

Storage and retention of event data is to a very little extent determined by users themselves:

- Local storage/retention determined by applications and operating systems

- Event data is retained on computers controlled by others than the end user

14

Event Data

Stored

Retained

Presented

Seized

Investigated

Reported

Relied on

Storage/Retention

Privacy provisions:

- Provisions that do not allow data processors to store data without “informed consent” from the data owner. (Directive 95/46/EC)

- Example: Logs of internet usage shall not be

stored or retained unless needed for invoicing.

(Effectively anonymization)

15

Event Data

Stored

Retained

Presented

Seized

Investigated

Reported

Relied on

Storage/Retention

Storage/retention requirements:

- Provisions that require the storage and retention of specific types of data.

- Example: Financial accounts

- Example: EU Directive on Data Retention

4

16

Event Data

Stored

Retained

Presented

Seized

Investigated

Reported

Relied on

Seizure

- Seizure of data for investigation purposes is in most jurisdictions restricted to crimes of a certain seriousness

- Must be decided by an independent party (court) after having reviewed the information that leads to the seizure request.

- Protect the privacy of third parties as well as the accused in cases where the suspicion is too weak.

5

17

Event Data

Stored

Retained

Presented

Seized

Investigated

Reported

Relied on

Investigation

Investigation aims at extracting the information of interest in the case from the seized data. (Evidence)

Provisions may disallow investigation of certain material for privacy reasons:

- Records from certain professions such as lawyers, physicians

- Trade secrets

6

18

Event Data

Stored

Retained

Presented

Seized

Investigated

Reported

Relied on

Reporting/Presentation

The investigator includes in his report what he finds relevant to the case.

The results may be presented in public hearings. Thus, details never meant for the public will be publicly disclosed. This has privacy implications for those involved in the case.

19

Event Data

Stored

Retained

Presented

Seized

Investigated

Reported

Relied on

Evidence relied on by fact finder

A fact finder (court) is obliged to comply with statutory requirements.

- Evidence admissibility

- Unlawfully acquired evidence

7

20

Event Data

Stored

Retained

Presented

Seized

Investigated

Reported

Relied on

Investigation / Privacy

The investigation process is harmful for privacy

- Details about individuals will be publicly revealed without consent

- The process is to a large extent outside of control by the individual

21

Event Data

Stored

Retained

Presented

Seized

Investigated

Reported

Relied on

Investigation / Privacy

Computer crime is even more harmful for privacy

- Investigating and prosecuting crimes prevents crime harmful to privacy.

- Legal protection should limit the privacy harm done by investigations, at least to third persons.

- Do perpetrators have an expectation of privacy?

22

The interplay of stopping computer crime while protecting privacy

Svein Yngvar Willassen

Department of Telematics,

Norwegian University of Science and Technology

23

A proposed middle ground

- Separate knowledge of behavior from knowledge of identity

- Privacy is only compromised by knowledge of both behavior and identity

- Proposed default rule: knowledge of behavior is visible but knowledge of identify is concealed, and will only be revealed under legal procedures.

- Correspond to the Internet (with data retention)

C. Demchak, K. Fenstermacher,

Balancing Security and Privacy in the 21st century, 2004