USA Patriot Act and Information Security Presented By Dan Heckler

1
USA Patriot Actand Information Security
Presented By Dan Heckler Mark Sheldon
2
What is the Patriot Act

• USA PATRIOT ACT
• Uniting and Strengthening America by Providing
  Appropriate Tools Required to Intercept and
  Obstruct Terrorism Act 0f 2001.
• Written and passed by Congress within 45 days
  after 9/11, with little discussion and virtually
  no resistance
• Gives broad surveillance powers to law
  enforcement agencies under the umbrella of
  terrorism, including extensive computer
  surveillance

3
Laws Modified by the Patriot Actpertaining to
Information Security

• Computer Fraud and Abuse Act of 1986
• (Title 18 U.S.C. 1030)
• Foreign Intelligence Surveillance Act of 1978
• Numerous sections of US Code, especially Title
  18, and other laws as far back as the
  Communications Act of 1934

4
Computer Fraud and Abuse Act 1986aka 18 U.S.C.
1030

• Fraud and related activity in connection with
  computers
• Use of any computer to get information injurious
  to the US of advantageous to a foreign nation
• Use of any computer to illegally access financial
  institutions
• Unauthorized access to any government computer
• Unauthorized access to any computer that affects
  government interests
• Password trafficking if it affects interstate or
  international commerce

5
Expiring Provisions

• 201. Authority To Intercept Wire, Oral, And
  Electronic Communications Relating To Terrorism.
• 202. Authority To Intercept Wire, Oral, And
  Electronic Communications Relating To Computer
  Fraud And Abuse Offenses. (like mail fraud)
• 203 (b), (d). Authority To Share Criminal
  Investigative Information. (Allows local law to
  share info with Feds)
• 206. Roving Surveillance Authority Under The
  Foreign Intelligence Surveillance Act Of 1978.
• 207. Duration Of FISA Surveillance Of Non-United
  States Persons Who Are Agents Of A Foreign Power.
  (increase to 120 days per request)

6
Expiring Provisions (continued)

• 209. Seizure Of Voice-Mail Messages Pursuant To
  Warrants. (wire or electronic)
• 212. Emergency Disclosure Of Electronic
  Communications To Protect Life And Limb. (allows
  provider to divulge customer records or
  communications to law enforcement)
• 214. Pen Register And Trap And Trace Authority
  Under FISA. (rubber stamp . . . Wiretap requires
  probable cause . . . see also 216)
• 215. Access To Records And Other Items Under
  FISA. (Library records and gag order)
• 217. Interception Of Computer Trespasser
  Communications. (not an invasion of privacy to
  monitor trespasser communications)

7
Expiring Provisions (continued)

• 218. Foreign Intelligence Information. (Lowers
  standard of evidence for FISA warrants.)
• 220. Nationwide Service Of Search Warrants For
  Electronic Evidence. (removes geographical
  limitations on fed warrant)
• 223. Civil Liability For Certain Unauthorized
  Disclosures.
• (citizen harmed by such disclosure may sue US)
• 224. Sunset. (self-canceling)
• 225. Immunity For Compliance With FISA Wiretap.
• (allows service provider, landlord, custodian,
  etc, to comply with court order or emergency
  request)

8
Non-Expiring Provisions

• 213 Authority For Delaying Notice of the
  Execution of a Warrrant. (Sneak and Peak)
• 216 Modification of Authorities Relating to Use
  of Pen Register and Trap and Trace Devices
  (Carnivore)
• 505 Miscellaneous National Security Authorities
  (NSL with gag order)

9
Update

• All 16 provisions set to expire 3/10 renewed in
  Senate. 14 permanent, 2 for 4 years. House vote
  Tuesday.
• 213 Sneak and Peak new default delay in
  giving notice is 7 days, up to 90
• 214 Pen/Trap rules made more consistent with
  criminal cases
• 215 Library provision rewritten to require
  judge to issue federal subpoena for information.
• 505 National Security Letters ruled
  unconstitutional 9/29/04 by federal district
  judge in New York on basis of 1st and 4th
  amendment. New law allows challenge to the order
  itself and to the gag order.

10
(No Transcript)
11
Think About This

• Web surfing activities of ordinary Americans are
  being observed using roving techniques employed
  by the U.S. government.
• Patriot is not exclusively used for terrorism.
  Any crime of violence can put ordinary
  Americans on a government watch list, thus making
  it possible to wiretap such persons activities.
• Under Foreign and Domestic Intelligence Agencies
  Act (FISA) foreign intelligence has been
  broadened under the patriot act for increased
  surveillance increasing pervasive surveillance of
  Americans.
• Department of Justice has authority to use Sneak
  Peek warrants for any federal crime
  including misdemeanors. Sneak Peek allows
  officers to enter someones home without the
  occupants permission and without him knowing of
  the search being conducted.

12
Differences in Law

• Under computer Fraud and Abuse Act. Warrants may
  be issued by a court of law enforcing the
  wiretapping of computer transactions having
  probable cause of acts of hostility to the United
  States of America. Cases of Computer fraud
  involving companies residing in the United States
  may also be investigated.
• Under the original Patriot Act. Virtual
  Wiretaps or packet sniffing were allowed
  without any warrant (NSL) issued by any court of
  law through any law enforcement official using
  terrorism as an umbrella, thus allowing such
  agents spying privileges of any computer user.

13
Patriot Acts (NSL)

• On directive of the Patriot Acts article 215, and
  Section 505 (National Security Letters) , F.B.I.
  Agents can obtain private online records through
  ISPs and other service providers regarding
  anybody whom they may think is involved with
  terrorism. This practice is in direct non
  compliance with the 1st and 4th unreasonable
  searches and seizures. Most importantly without
  court authorization.
• Also Article 215 allows agents to turn over all
  tangible things, so long that they state that
  its for an authorized investigation.
• Government has already openly addressed the wish
  to have access to Google client records, and has
  been already granted the opportunity to snoop
  around yahoo personal client files.
• With these laws implemented the F.B.I. may spy on
  a person because they dont like the books she
  ordered from Amazon, or for writing a letter to
  an editor regarding an issue she wasnt
  comfortable (e.g. Abortion.)
• Or even investigate ME for doing a project on
  the patriot act and commenting about it.

14
Case involving Computer Fraud

• Brett Edward OKeefe President of Forensic Tec
  Solutions, a computer security firm based in San
  Diego was indicted on charges of having gained
  unauthorized access of U.S. military computers.
  Attempting to sell files contained in these
  computers in order to generate public attention
  towards his company. Investigation against
  O'Keefe was conducted locally and nationally with
  aide by the San Diego Regional Criminal Forensics
  Laboratory, FBI, and U.S. Army.
• The following Laws have been violated Conspiracy
  to Gain Unauthorized Access into Government,
  Agency or Protected Computers and Obtain
  Information for Financial Gain in violation of 18
  U.S.C. 371.
• Obtaining Information Without Authorization From
  a Protected Computer Through an Interstate
  Communication for Financial Gain in violation of
  18 U.S.C. 1030 (a)(2)(B), (a)(2)(C) and
  (c)(2)(B)(i).Obtaining Information Without
  Authorization From a Computer of a Department or
  Agency of the United States for Financial Gain in
  violation of 18 U.S.C. 1030 (a)(2)(B) and
  (c)(2)(B)(i).

15
Jacksons Games Case

• On march 1st, without any warrant the offices of
  Jackson Games was abruptly stormed by Secret
  Service and Austin police agents claiming to have
  been on a nationwide hunt for hackers (domestic
  computer terrorists). Agents acting on the belief
  that the company was holding GURPS, a manual for
  cyber crime, also raided the home of a Jackson
  games employee Lloyd Blankenship. The agents took
  possession of company computers and equipment,
  and the alleged crime manual which ironically
  turned out to be a mere role playing game book
  with the likes of Dungeons Dragons (all this
  being non conforming to the 4th amendment.)
• Courts Ruled this act by the Secret Service as
  absolutely illegal and unjustified. Also paving
  the way for the forming of the EFF.

16
Methods of Monitoring Americans Activities

• Carnivore DCS 1000 On July 11, 2000 word spread
  of a government funded monitoring system capable
  of monitoring all traffic going to and from
  multiple ISPs. Authorities claim that the
  packets being filtered to them will only be of
  authorized content, this being they only have to
  state its for an official investigation.
  EarthLink has already claimed to have given
  information to Federal agents about their user.
  And under (NSL) they were required not to notify
  their clients of the happening. Under Act 216
  this practice is still in use, and it is not an
  expiring provision.

17
The EFF ACLU

• Electronic Frontier Foundation Group whose
  primary focus is to correctly implement civil
  laws in contrast with the Patriot Act.
• American Civil Liberties Union Group dedicated
  to preserve all protection which include First
  Amendment, equal protection under the Law, right
  to due process, and your right to privacy.

18
Works Cited

• www.cybercrime.gov/alibris.htm
• www.eff.org
• http//beta.austlii.edu.au/au/other/crime/123.html
  
• http//www.sjgames.com/SS/
• www.wikipedia.com