1 / 75

Legal Aspects of IO IW 230

College of Aerospace Doctrine, Research, and Education. Legal Aspects of IO IW 230. “The Big Picture”. The law lags evolution of technology Find answers in existing principles Our actions affect evolution of the law Shape legal framework to further national interest

Lucy
Download Presentation

Legal Aspects of IO IW 230

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. College of Aerospace Doctrine, Research, and Education Legal Aspects of IO IW 230

  2. “The Big Picture” • The law lags evolution of technology • Find answers in existing principles • Our actions affect evolution of the law • Shape legal framework to further national interest • Governmental actors must consider spirit not just letter of the law

  3. INFORMATION-in-WARFARE INFORMATION WARFARE attack gain exploit defend COUNTERINFORMATION DEFENSIVE COUNTERINFORMATION OFFENSIVE COUNTERINFORMATION Precision Nav & Position Weather ISR Information Assurance Counter- Intelligence PSYOP Physical Attack PAO Other Info Collection/ Dissemination Activities Military Deception Electronic Warfare OPSEC Counter- Propaganda PAO CNA Counter- Deception Electronic Protect CND PAO AFDD 2-5 INFORMATION SUPERIORITY INFORMATION OPERATIONS Successfully executed Information Operations achieve information superiority

  4. Information Operations Joint: Actions taken to affect adversary information and information systems while defending one’s own information and information systems Offensive and Defensive IO The Air Force believes that in practice a more useful working definition is: those actions taken to gain, exploit, defend, or attack information and information systems Information Warfare and Information-In-Warfare

  5. Information Warfare “Information operations conducted during time of crisis or conflict to achieve or promote specific objectives over a specific adversary or adversaries. … The Air Force believes that, because the defensive component of IW is always engaged, a better definition is: Information operations conducted to defend one’s own information and information systems, or to attack and affect an adversary’s information and information systems.” AFDD 2-5, Aug 98

  6. USSPACECOM: DoD’s Lead for CND and CNA • JTF CND • Chartered in 1998 as an interim organization to handle coordination of DoD’s Computer Network Defense • JTF CNO • CINCSPACE received the mission for Computer Network Attack in Oct 00 • Decision to expand JTF CND • 2 Apr 2001, JTF redesignated JTF Computer Network Opertions

  7. The Future “It seems to me that, philosophically, rather than conducting information operations as ends in themselves, we want to ‘operate in the information age….’ By that I mean integrating, and not ‘stovepiping,’ the various areas of information operations into our overall military plans and operations….” --General Ed Eberhart, USCINCSPACE

  8. AF Future Capabilities Game 2001: An Introduction to Network Warfare of the Future • Computer Network Operations • Computer Network Defense • Computer Network Exploitation • Computer Network Attack

  9. CNO Taxonomy • Computer Network Defense: • Those measures, internal to the protected entity, taken to protect and defend information, computers and networks from intrusion, exploitation, disruption, denial, degradation or destruction.

  10. CNO Taxonomy • Computer Network Defense: • Actions taken to protect, monitor, analyze, detect, and respond to unauthorized activity within . . . information systems and computer networks. (DoDD O-8530.1) • Defensive measures to protect and defend information, computers, and networks from disruption, denial, degradation, or destruction. (JP1-02)

  11. CNO Taxonomy • Computer Network Attack: • Operations using computer hardware or software, or conducted through computers or computer networks, with the intended objective or likely effect of disrupting, denying, degrading or destroying, information resident in computers or computer networks, or the computers and networks themselves.

  12. CNO Taxonomy • Active CND (Computer Network Response): • Those measures, that do not constitute CNA, taken to protect and defend information, computers, and networks from disruption, degradation, denial, destruction, or exploitation, that involve activity external to the protected entity. CNR, when authorized, may include measures to determine the source of hostile CNA or CNE.

  13. CNO Taxonomy • Computer Network Exploitation: • Intelligence collection operations that obtain information resident in files of threat automated information systems (AIS) and gain information about potential vulnerabilities, or access critical information resident within foreign AIS that could be used to the benefit of friendly operations. (CJCSI 6510.01C)

  14. Overview • Part I: Computer Network Defense (CND) • Computer Monitoring • Computer Crime • Active Defense / Computer Network Response • Part II: Computer Network Attack (CNE/CNA) • Development of International Law • The Use of Force in Peacetime • US/Foreign Domestic Laws • The Law of War

  15. Part I: Computer Monitoring (Part of CND)IO Law Outline, p. 1-15 • System Administrators • Monitoring, Encryption, Intelligence Oversight • Law Enforcement / FISA • Intelligence Community

  16. NATIONAL CRITICAL INFRASTRUCTURES TRANSPORTATION ENERGY DEFENSE TELECOMMUNICATION BANKING Information Infrastructure

  17. One of the first lines of defense in protecting AF information systems Monitoring performed for different reasons; by different actors systems protection / network professionals operational security / TMAP assets evidentiary interception / law enforcement investigators Information Security--Monitoring

  18. Analytical Blueprint Analysis starts with the three “Ws” Who? What? Why? Different ROEs based on answers Law Enforcement interceptions Intel-counterintel surveillance Systems protection monitoring

  19. Monitoring: Legal Constraints • 4th Amendment Right to Privacy • Electronic Communications Privacy Act

  20. Fourth Amendment prohibition against Unreasonable Search & Seizure Protects people; not places Is there a reasonable expectation of privacy? If so, is the search reasonable? Governed by totality of circumstances Degree of protection proportional to expectation of privacy Summary of Case Law, p. 1-37 Legal Principles--Constitutional Law

  21. U.S. v. Monroe(AFCCA Feb 5, 1999) • Court found Monroe had no expectation of privacy in an e-mail account on a government server as to his supervisors and the system administrator (Banner) • E-mail accounts were given for official business, although users were authorized to send and receive limited textual and morale messages to and from friends and family • Monroe did not have a government computer, but had a personal computer in his dorm room

  22. Monroe... • Court used the analogy of an unsecured file cabinet in the member’s superiors’ work area in which an unsecured drawer was designated for his/her use in performing his/her official duties with the understanding that his superiors had free access to the cabinet, including the drawer • Affirmed by CAAF, 13 March 2000

  23. Electronic Communications Privacy Act (ECPA) Statutorily conferred an expectation of privacy in electronic and wire communications Interception of electronic communications Access into stored communications Generally prohibits interception of electronic communications, or access into stored communications, without court order aimed at law enforcement numerous “exceptions” systems provider exception consent court order

  24. ECPA: Rights and Limitations • May monitor and disclose traffic data • May access electronic communications stored on his or her system • May disclose the contents of those communications to others unless he or she is providing electronic communications services to the public

  25. Real Time Monitoring-- The provider exception • May monitor in real-time (and thereafter disclose) wire and electronic communications, • so long as such monitoring and disclosure is conducted “in the normal course of his employment • while engaged in any activity which is a necessary incident to the rendition of his service or to the protection of the rights or property of the provider of that service.”

  26. Disclosure to Law Enforcement • May disclose real-time communications he or she has monitored (or stored communications he or she has accessed) with the consent of an appropriate party, normally an individual who is a party to the communication, or when • Evidence of crime is apparent and inadvertantly obtained

  27. PATRIOT Act of 2001IO Law Outline, p. 1-17 • Section 212 of the amends subsection 2702(b)(6) (ECPA) to permit, but not require, a service provider to disclose to law enforcement either content or non-content customer records in emergencies involving an immediate risk of death or serious physical injury to any person. • This section also allows providers to disclose information to protect their rights and property.

  28. PATRIOT Act of 2001IO Law Outline, p. 1-18 • Although the wiretap statute allows computer owners to monitor the activity on their machines to protect their rights and property, until Section 217 of the Patriot Act was enacted it was unclear whether computer owners could obtain the assistance of law enforcement in conducting such monitoring

  29. Consent: Banners are our friend • Promotes awareness for users (ECPA exceptions not necessarily obvious) • 2nd exception under ECPA

  30. Limits on Consent • Defined by what banner says • Limited to provider’s own network • Duration must be short term, then get Wiretap Order (DoJ)

  31. AFI 33-219 authority given only to HQ AIA TMAP elements consent monitoring / banners certification process SJA must review detailed summary of consent notification actions determines if actions legally sufficient to constitute consent OPSEC/COMSEC SurveillanceIO Law Outline, p. 1-19

  32. Is the search/seizure reasonable? consent search authorization or warrant AFOSI vs Security Forces ROEs--Search (con’t)

  33. ROEs--Interceptions AFI 71-101, Vol 1 Requires Approval for Interceptions AFOSI/CC SAF/GC DOJ (nonconsensual)

  34. Tips on Handling Computer Abuse Cases • SYSAD usually identifies govt. I.P. addresses where abuse taking place • Does Not Need to Monitor Real-Time • Appropriate commander/senior leader should be briefed, then assemble all users to notify them of impropriety, warn • If it continues, SYSAD, commander, and SF can mount a “sting” to catch perp in the act

  35. Computer CrimeIO Law Outline, p. 1-23 • Federal Computer Crime Statutes • 18 USC 1029, 1030 • 18 USC 1028 (Identity Theft) • 18 USC 2251, 2252, 2252A (Sexual Exploitation of Children) • 18 USC 2511, 2701… (Wiretap Statute and ECPA) • UCMJ Articles • General Article (134) • Failure to Obey Order or Regulation (92)

  36. USA PATRIOT ACT of 2001 Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act

  37. Old: Search warrant needed to compel disclosure of unopened e-mail less than six months old in Electronic Computing Service or Remote Computing Service (i.e. ISP) Had to be issued by court within district where e-mail was stored New: nationwide search warrants for e-mail Allows court with jurisdiction over the offense to issue single search warrant Subject to sunset Nationwide Search Warrants for E-mail: Sec 220

  38. Old: Could not get wiretap order to intercept wire communications (involving human voice) for violations of the Computer Fraud and Abuse Act (18 U.S.C. § 1030) Hackers have stolen teleconferencing services to plan and execute hacks New: Adds felony violations of Computer Fraud and Abuse Act to list of offenses that support a voice wiretap order Sunsets December 2005 Intercepting Voice Comms in Hacking Cases: Sec 202

  39. Old: LE could use search warrant for voice recording on answering machine inside criminal’s home (easier), but needed wiretap order for voice comms with a third party provider New: Stored voice (“wire”) comms acquired under 18 USC § 2703 (including search warrant) Sunsets December 2005 Obtaining Voice-mail and Stored Voice Comms: Sec 209

  40. Old: Subpoena limited to customer’s name, address, length of service, and means of payment In many cases, users register with ISPs under false names New: Update and expand records available by subpoena Old list, plus means and source of payment, credit card or bank account number, records of session times and durations, and any temporarily assigned network address Not subject to sunset Subpoenas for Electronic Evidence: Sec 210

  41. Intelligence Oversight • Improved Intelligence • Inclusion of international terrorist activities within scope of foreign intelligence under the National Security Act of 1947. • Law enforcement to notify the intelligence community when a criminal investigation reveals information of intelligence value. • Reconfigures the Foreign Terrorist Asset Tracking Center.

  42. Old: required certification that obtaining foreign intelligence was ‘the’ purpose of search FISA Court interpreted to mean primary purpose of investigation was obtaining foreign intelligence and not criminal prosecution New: obtaining foreign intel is “a significant purpose”of the search Allows intelligence agents to better coordinate with criminal investigators Subject to sunset FISA Elec SurveillanceSec. 218

  43. What is “Active Defense”? • Approved joint term in DoD Dictionary • Active Defense: The employment of limited offensive action and counterattacks to deny a contested area or position to the enemy. • Passive Defense: Measures taken to reduce the probability of and to minimize the effects of damage caused by hostile action without the intention of taking the initiative. • No consensus in computer network context

  44. Current U.S. Policy…. • “Active defense” “The fact is that right now my authority [for active defense measures] is very limited. I believe in this area the wisest course of action is to pursue the policy and procedural issues at or ahead of the pace of technological capabilities, because whether or not to use an attack as an active defense measure or as a weapon system is a decision that needs to be operationally defined at the national policy levels first and foremost.” Maj Gen James Bryan, JTF-CND/CC, Federal Computer Week, 4 Dec 2000

  45. DoD Deploys Cyber-DefenseDefense News, November 12-18, 2001, Pg. • Faced with a near doubling of attacks on military computers in the past year, the guardian of the U.S. military’s information systems has asked Pentagon leaders for permission to strike back. • "We are no longer going to be passive. If they hit us, we’ll be hitting them back real soon," U.S. Army Maj. Gen. Dave Bryan, commander, Joint Task Force-Computer Network Operations (JTF-CNO),

  46. Part II: Computer Network Attack (CNA)IO Law Outline, p. 1-42 • Development of International Law • The Law of War • The Use of Force in Peacetime • Space Law • Telecommunications Law • US/Foreign Domestic Laws

  47. Development of International Law • Consists of Binding Legal Obligations among Sovereign States • Sovereign States are Legally Equal and Independent Actors • They Assume Legal Obligations only by Affirmatively Agreeing To Do So • General Rule: Unless Prohibited by Law a Course of Action is Allowed

  48. Internat’l Development Of Territoriality in Air & Space • Air Law: Post WW II • Sovereign Control Over National Airspace • Space Law: Post Sputnik I & Explorer I • No Objections to Overflight of Spacecraft • Reconnaissance Satellites OK • Outer Space Treaty Enshrines Principle • Information Operations??

  49. United Nations Charter • The first use of armed force by a state…shall constitute prima facie evidence of an act of aggression • What kinds of information attacks are likely to be considered by the world community to be armed attacks and uses of force? • Peacetime Rules of Engagement

  50. United Nations Charter--1945 • Article 2(4) • Refrain From the Threat or Use of Force Against the Territorial Integrity of Any State, or in Any Manner Inconsistent With the Purposes of the UN • Article 51 • Inherent Right of Self-Defense Recognized When an “Armed Attack” Occurs • Space Control -- Information Operations?

More Related