±Forensic Focus Partners

±Your Account


Nickname
Password


Forgotten password/username?


Membership:
New Today: 4
New Yesterday: 6
Overall: 27389
Visitors: 67

±Follow Forensic Focus

Join our LinkedIn group

Subscribe to news

Subscribe to forums

Subscribe to blog

Subscribe to tweets

Dropbox / the cloud, legal issue

Discussion of legislation relating to computer forensics.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

Dropbox / the cloud, legal issue

Post Posted: Thu Nov 22, 2012 5:11 am

Got a legal question and would like to some experts for their opinion:

In this scenario in the UK I am executing a search warrant on the private premises, encountered a PC turned on, on the screen I can see that the user is connected to a “generic” cloud storage. I can see files inside the cloud, although they are not physically reside on the computer.


So the question is : CAN I ACQUIRE THOSE FILES USING FORENSIC SOFTWARE FROM THE SUSPECT’S COMPUTER WHEN IT IS CONNECTED TO THE CLOUD THERE AND THEN, OR SHALL I SEEK THE DATA USING SPOC and (In reality wait weeks to get it).


(In short: In the UK ,Single Point of Contact advises and assists in all aspects of investigations relating to communications data, liaising with communication service providers)

It would be great to receive exhaustive opinions from legal and practical side and maybe someone have some court rulings about admissibility of such evidence obtained in that way?

Opinions from different countries outside EU are welcomed Smile  

pajkow
Member
 
 
  

Re: Dropbox / the cloud, legal issue

Post Posted: Thu Nov 22, 2012 6:27 am

No answers Shocked but a few questions (possibly helpful anyway for analyzing the problem).

  1. In what way this would be different from a "user folder" on a Corporate server (with the actual server machine being in the same building)?
  2. In what way this would be different from a "user folder" on a Corporate server (with the server being in another location, but within the same country/legislation)?
  3. In what way this would be different from a "user folder" on a Corporate server (with the server being in another location situated in another country/legislation)?
  4. How would you behave in the case (which existed long before the term "cloud" became in use) of a FTP folder/storage on the suspect's site hosted by an internet provider? (with the same duality between "local" and "foreign" Internet provider location)
  5. How would you behave in the case (as well existing long before the term "cloud" became in use and much more common than a FTP hosting) of a WebMail box? (with the same duality between "local" and "foreign" Internet provider location)
  6. How exactly would you "download" or "access" the Cloud Storage from the suspect switched on and connected PC "USING FORENSIC SOFTWARE" without compromising the integrity of the local PC?
  7. How exactly is the search warrant worded (for the part relating to data and storage)?

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 

jaclaz
Senior Member
 
 
  

Re: Dropbox / the cloud, legal issue

Post Posted: Thu Nov 22, 2012 9:04 am

Canada here. The short answer here is yes, and some Canadian agencies have been doing this for several years as our search legislation states that anything "available to the computer system" can be searched and seized. (Section 487 of the criminal code, section 7 of the Excise act, section 16 of the Competition act, etc...)

This typically requires that the user is already logged on to the account at the time the search is being conducted.

Here's the wording in our criminal code:

487 (2.1) A person authorized under this section to search a computer system in a building or place for data may
(a) use or cause to be used any computer system at the building or place to search any data contained in or available to the computer system;
(b) reproduce or cause to be reproduced any data in the form of a print-out or other intelligible output;
(c) seize the print-out or other output for examination or copying; and
(d) use or cause to be used any copying equipment at the place to make copies of the data.

I should probably add that there is no criminal case law yet, and it's probably not the best practice. The general rule for everything is "When in doubt get another warrant and do it the safe way".

There is some civil case law on this however: eBay Canada Ltd. v. M.N.R., 2008 FCA 348, [2010] 1 FCR 145

www.canlii.org/eliisa/...ca348.html

Here's an excerpt that gets to the point:

[4] In my view, Justice Hughes made no reversible error in concluding on the facts before him that the information sought was not “foreign-based information”; even though stored on servers outside Canada, it was also located in Canada because of its ready accessibility to and use by the appellants.

This case has been cited several times, one example is in X (Re), 2009 FC 1058, [2010] 1 FCR 460. This case reiterates the principle that "information may notionally reside in more than one place":

[65] In CSIS (Re), above, at paragraph 54, Justice Blanchard held that “[n]o other basis under international law” had been put before him to warrant displacing the principles of sovereign equality, non-intervention and territoriality. CSIS had argued that customary international practice as it relates to intelligence gathering operations in a foreign state constituted an exception to principles of territorial sovereignty. I would observe again that the application before Justice Blanchard contemplated intrusive activities in foreign jurisdictions [portion deleted by order of the Court] that are not being sought in the present application. Subsequent to the decision of Mr. Justice Blanchard, the Federal Court of Appeal has observed that information may notionally reside in more than one place: see eBay Canada Ltd. v. M.N.R., 2008 FCA 348 (CanLII), 2008 FCA 348, [2010] 1 F.C.R. 145.

www.canlii.org/eliisa/...c1058.html  

erowe
Senior Member
 
 
  

Re: Dropbox / the cloud, legal issue

Post Posted: Sat Nov 24, 2012 10:00 am

Not a lawyer, but one could argue that any services that is being used from the computer for the person (or persons) in the warrant could up for grabs. Under that premise, if you find any login/password to a service, one that is the computer is not even currently connected to, could be covered by a warrant - regardless of country.

It boils down to the fact that the cloud service does not own the files, the user do.

You may wanna explore that direction with some lawyers in your country, preferably before you run into such a situation in real life.  

MDCR
Senior Member
 
 
  

Re: Dropbox / the cloud, legal issue

Post Posted: Mon Nov 26, 2012 4:21 am

Yes,

The whole point of this post was to find out how we should act in such scenarios. As at the moment in the UK I would use the SPOC to acquire data from the cloud but this is becoming more and more problematic and time consuming.

Anyone from Asia, AU, USA on how this is being done there ?  

pajkow
Member
 
 
Reply to topicReply to topic

Share this forum topic to encourage more replies



Page 1 of 1