Susan Crawford blog :: Orin Kerr

This Month

Month Archive

May 2004
April 2004
March 2004
February 2004
January 2004

Year Archive

2007
2006
2005
2004
2003

Search Google

Previous:	Beryl Howell and Alan Davidson
Next:	Sonia Katyal

Orin Kerr

by Susan on Sat 27 Mar 2004 03:17 PM EST | Permanent Link

Orin Kerr is up. His suggestion is that computer-related crimes will end up with a different set of procedural rules -- "network" criminal procedures. Even if crimes remain the same, they're committed in different ways. New facts will trigger needs for new laws.

Start with physical world crime -- bank robbery. Fred will walk in, go to teller, hands note, teller gives money, goes to car, runs away.

Cop will show up -- what does he do? He looks for eyewitness testimony. He also observes what the bank is like and whether there are trace materials of the crime. He will collect physical evidence tying the crime to Fred. Eg, the threatening note.

Fred gets out of prison, says he'll be an online bank robber. He'll hack into the bank. Logs onto ISP and passes through intermediaries to hide his tracks. Sets up account, fills with money, sends money offshore.

Now you're the police officer called to investigate this crime. You'll notice a really different crime scene. No physical evidence, no eyewitnesses. Just zeros and ones. Have to trace evidence back to attacker, but can't do it in traditional ways.

So you start from bank victim, track back through intermediaries. Hope that system admin has these records. Trace back to Fred's ISP, and hope that ISP will help you. But you don't have proof beyond a reasonable doubt -- you only have electronic evidence from third parties. You have to get a search warrant and go to the target's home -- then forensically analyze Fred's computer. Fred might keep notes ("I'm looking forward to hacking into the bank tonight.") You seize the drive and image it, then run a string searcdh for that account number. Takes weeks.

Different set of processes. What does this mean for law? Means that we need new rules to regulate these processes. 4th Amendment and 5th Amendment are tailored to the physical world. Eg, search rules are about "the entry of the place." Also, collecting physical evidence is about 4th Amendment seizure rules. So how do those rules map on to facts of investigations of online crimes?

They don't map well. You either get extraordinarily expansive rules or rules that are too narrow (where there are no real threats). We need a relatively balanced set of rules.

Eg, if you want to get records from a third party, you have to get a subpoena. No privacy protection there. Traditional 4A doesn't apply to third-party stored information. This just isn't a problem in the offline world. So we have new facts where the information is collected and stored in a different way. Old rule doesn't help.

Last stage -- forensics. Bunch of interesting problems. If you map what has to happen to 4A rules, you have big issues. For a warrant, you have to describe things and only take that. But in online crime, might be lots of other evidence involved. Can't get a pinpointed warrant -- have to seize more than you have probable cause to seize. What about making a bitstream copy? Is that a seizure of a person's computer? Traditionally, no -- not a seizure, just making a copy. So govt could run off a copy and search that! But intuitively that seems like a problem.

So what will happen in response to this problem? We've begun to see a new field of network criminal procedure evolving. Eg, ECPA, and 18 USC 2703, regulates process of going to third-party provider and asking for information. So it's more than a mere a subpoena. Statute recreates warrant requirement from the physical world.

Similarly, for forensics, courts are creating new rules to cover these last-stage searches. So, eg., in a home, the police can't look for physical information that hasn't been described. But electronically there's no restriction. So courts have changed rule that governs whether intent matters when you're searching a computer. Outside scope of warrant/inside distinction doesn't matter. Subjective intent, though, does matter. We'll ask agent "what were you thinking when you accessed this file." Courts are responding to changed set of facts by looking at intent.

We'll see more and more computer-specific set of rules. A new body of law to study.

Great presentation. Good work, Orin!

Posted to:

Main Page