“The goal is to get people thinking beyond the simple stuff,’’ said Mark Menz, a computer forensics specialist who will be leading a session on Internet investigations. “Many people will check a suspect’s Internet history, for example, but it’s important to know that with a warrant you can also look at the logs of the Web servers that the suspect was visiting.’’
Last week, Massachusetts Attorney General Martha Coakley welcomed 450 prosecutors, digital forensic analysts, police and other spook-types from all over the country to Norwood, Massachusetts. The occasion for the gathering was the "National Cyber Crime Conference," where attendees discussed legal strategies and practical tactics for extracting (our personal) information out of the digital matrix.
Police and prosecutors need to be able to penetrate new digital information and communication platforms in order to do their jobs. Some of their targets have committed crimes, thereby temporarily giving up the privacy rights they are guaranteed under the Fourth Amendment. But most of us haven't — and in some cases need not be even suspected of criminal wrongdoing in order for prosecutors and law enforcement to snoop into our digital data.
In a civil liberties friendly legal climate, we wouldn't need to worry so much about conferences where prosecutors and police learn digital spying tricks and the limits of the law, because we would know that their hands were sufficiently tied — that they were restricted to only investigating people against whom they had evidence of criminal wrongdoing.
But since various federal and state level statutes grant prosecutors and police wide latitude to access our digital data without any judicial oversight, the spying tactics and strategies taught at the NCCC and like-conferences are more than likely being applied in cases where there isn't even suspicion of criminal wrongdoing.
So who attended the 2012 National Cyber Crime Conference? And what did they learn?
The event was closed to the press and the public, so we don't know exactly who attended, beyond that it was over 400 police, forensics specialists from private corporations, and prosecutors. But the schedule of events was posted on the Massachusetts state website, and is available here, revealing a little more about who attended and what was discussed.
The schedule reveals three separate tracks: one for prosecutors, one for police investigators, and one for digital forensics experts.
Among the highlights of the conference were the following presentations:
- Real Time Tracking of Suspects: the State of the Law — AAG Tim Wyse, Cyber Crime Division, MA AG's office;
- Federal Privacy Statutes and Internet Service Providers: What Information Can You Obtain? — Abigail Abraham, Assistant General Counsel, AOL;
- Volume Shadow Copy Forensics — Chris Brown, Technology Pathways;
- Online Investigations — Mark Menz of the Sacramento County Hi-Tech Crimes Task Force;
- Lion Forensics Update — Ryan Chapin of Blackbag Technologies;
- iPhone: Artifacts and Issues with iOS — Blackbag Technologies;
- Mobile Device Forensics with Cellebrite — Brian Moran of cmdLabs;
- Search and Seizure of the Mobile Devices of Juveniles — Mary Leary of Catholic University of America;
- The Next Generation of Forensic Digital Video & Image Field Acquisition — Bryan Kerrigan, Ocean Systems;
- Internet Open Source Intelligence — Cynthia Hetherington, Hetherington Group;
- Mobile Device Forensics with Paraben Tools — Amber Schroader, Paraben Corporation;
- Interview and Interrogation Techniques — Sgt. Peter Curran, Norwood, MA PD;
- GPS Interrogation — National White Collar Crime Center;
- Microsoft Law Enforcement Portal Resources — Bill Harman, Microsoft Corp.;
- Remote Mobile Device Tracking — Steve Treglia, Absolute Software;
- Xbox Forensics — Christopher Ard, Microsoft Corp.;
- Investigation of NCMEC CyberTips — Trooper Chris Ware, MA State Police;
- iPad and iOS Forensics — Katana Forensics, Inc.;
- Google for Investigators — Mike Webber, BitSec Forensics, Inc.;
- Advanced Log File Analysis — Applied Security, Inc.;
- Decryption with Access Data Products — Glynn LeBlanc, Access Data;
- Private Browser Forensics — Trooper Brian Gavioli, MA State Police and AAG Christopher Kelly, Cyber Crime Division, MA AG's office; and
- Estimation of Victim Age in Child Pornography and Child Sexual Exploitation Investigations — Det. Cindy Murphy, Madison WI PD.
While the presentations themselves are not public (yet?), the websites of these various companies and public statements from officials shed some light onto what was discussed at the epic, three day conference. These are, many of them, corporations that largely depend on security industrial complex grants from the federal government, as this Ocean Systems grants webpage makes clear. Needless to say, the firms are hardly motivated by privacy concerns.
Microsoft sent two employees to the conference to explain to forensics experts and investigators how to best get information out of its systems, and AOL's general counsel was there to tell prosecutors just what kind of data they could get from Internet Service Providers, detailing restrictions imposed by federal law.
Wikileaks further illuminates what prosecutors, forensics experts and cops might have heard last week at the presentation on Cellebrite phone forensics. Last year Wikileaks posted hundreds of corporate spy technology marketing documents on a dedicated Spyfiles site — it's a great resource. At least one of the marketing brochures on that site comes from a company that was represented last week at the NCCC.
Cellebrite took a lot of heat in Michigan last year when civil liberties groups charged that police were using its extraction tools to sniff data from people's phones at routine traffic stops, without warrants. Wikileaks has posted on its Spyfiles site a Cellebrite marketing brochure describing how police can use its tools to access deleted information and get beyond passwords on phones:
Prosecutors: what are the limits of your power?
These conferences shouldn't worry us in a democratic society. After all, as technology quickly changes the ways we communicate, law enforcement needs to have the ability to extract evidence from devices when they have reasonable suspicion to believe that we are engaged in criminal activity.
But in a climate wherein the federal Department of Justice is publicly advocating abandonment of a warrant standard in key Fourth Amendment protected arenas — wherein protections against improper government invasions of our privacy have been seriously degraded nationwide — we simply can't be assured that the technologically advanced snooping tactics discussed at these spook conferences won't be deployed in improper fishing expeditions or investigations based on protected speech or association.
And while it's understandable that prosecutors and police would want to keep quiet the means by which they access our data, so as to prevent technologically advanced adversaries from one-upping them, the government should make very clear what rules it plays by, so that we know it isn't violating our civil liberties.
So how about it, AAG Tim Wyse? Why don't you tell us what you told conference attendees during your talk, "Real Time Tracking of Suspects: the State of the Law"? What do you think is the state of the law?
The laws governing government access to our digital data are very muddled at present, with many contradicting court rulings attempting to interpret electronic communications privacy laws that were written before the internet and cell phones practically existed.
In this confusing legal context, it's heartening to see that the state AG's office has a clear idea of "the state of the law" governing real time tracking.
In the interest of democratic governance and transparency, Martha Coakley's office should release that legal analysis to the public.