Dropbox / the cloud...
 
Notifications
Clear all

Dropbox / the cloud, legal issue  

  RSS
pajkow
(@pajkow)
Member

Got a legal question and would like to some experts for their opinion

In this scenario in the UK I am executing a search warrant on the private premises, encountered a PC turned on, on the screen I can see that the user is connected to a “generic” cloud storage. I can see files inside the cloud, although they are not physically reside on the computer.

So the question is CAN I ACQUIRE THOSE FILES USING FORENSIC SOFTWARE FROM THE SUSPECT’S COMPUTER WHEN IT IS CONNECTED TO THE CLOUD THERE AND THEN, OR SHALL I SEEK THE DATA USING SPOC and (In reality wait weeks to get it).

(In short In the UK ,Single Point of Contact advises and assists in all aspects of investigations relating to communications data, liaising with communication service providers)

It would be great to receive exhaustive opinions from legal and practical side and maybe someone have some court rulings about admissibility of such evidence obtained in that way?

Opinions from different countries outside EU are welcomed )

Quote
Posted : 22/11/2012 3:11 pm
jaclaz
(@jaclaz)
Community Legend

No answers 😯 but a few questions (possibly helpful anyway for analyzing the problem).

  1. In what way this would be different from a "user folder" on a Corporate server (with the actual server machine being in the same building)?
  2. In what way this would be different from a "user folder" on a Corporate server (with the server being in another location, but within the same country/legislation)?
  3. In what way this would be different from a "user folder" on a Corporate server (with the server being in another location situated in another country/legislation)?
  4. How would you behave in the case (which existed long before the term "cloud" became in use) of a FTP folder/storage on the suspect's site hosted by an internet provider? (with the same duality between "local" and "foreign" Internet provider location)
  5. How would you behave in the case (as well existing long before the term "cloud" became in use and much more common than a FTP hosting) of a WebMail box? (with the same duality between "local" and "foreign" Internet provider location)
  6. How exactly would you "download" or "access" the Cloud Storage from the suspect switched on and connected PC "USING FORENSIC SOFTWARE" without compromising the integrity of the local PC?
  7. How exactly is the search warrant worded (for the part relating to data and storage)?
  8. [/listo]

    jaclaz

ReplyQuote
Posted : 22/11/2012 4:27 pm
erowe
(@erowe)
Active Member

Canada here. The short answer here is yes, and some Canadian agencies have been doing this for several years as our search legislation states that anything "available to the computer system" can be searched and seized. (Section 487 of the criminal code, section 7 of the Excise act, section 16 of the Competition act, etc…)

This typically requires that the user is already logged on to the account at the time the search is being conducted.

Here's the wording in our criminal code

487 (2.1) A person authorized under this section to search a computer system in a building or place for data may
(a) use or cause to be used any computer system at the building or place to search any data contained in or available to the computer system;
(b) reproduce or cause to be reproduced any data in the form of a print-out or other intelligible output;
© seize the print-out or other output for examination or copying; and
(d) use or cause to be used any copying equipment at the place to make copies of the data.

I should probably add that there is no criminal case law yet, and it's probably not the best practice. The general rule for everything is "When in doubt get another warrant and do it the safe way".

There is some civil case law on this however eBay Canada Ltd. v. M.N.R., 2008 FCA 348, [2010] 1 FCR 145

http//www.canlii.org/eliisa/highlight.do?text=eBay+Canada+Ltd.+V.+M.N.R.+%5B2008%5D+FCA+348&language=en&searchTitle=Search+all+CanLII+Databases&path=/en/ca/fca/doc/2008/2008fca348/2008fca348.html

Here's an excerpt that gets to the point

[4] In my view, Justice Hughes made no reversible error in concluding on the facts before him that the information sought was not “foreign-based information”; even though stored on servers outside Canada, it was also located in Canada because of its ready accessibility to and use by the appellants.

This case has been cited several times, one example is in X (Re), 2009 FC 1058, [2010] 1 FCR 460. This case reiterates the principle that "information may notionally reside in more than one place"

[65] In CSIS (Re), above, at paragraph 54, Justice Blanchard held that “[n]o other basis under international law” had been put before him to warrant displacing the principles of sovereign equality, non-intervention and territoriality. CSIS had argued that customary international practice as it relates to intelligence gathering operations in a foreign state constituted an exception to principles of territorial sovereignty. I would observe again that the application before Justice Blanchard contemplated intrusive activities in foreign jurisdictions [portion deleted by order of the Court] that are not being sought in the present application. Subsequent to the decision of Mr. Justice Blanchard, the Federal Court of Appeal has observed that information may notionally reside in more than one place see eBay Canada Ltd. v. M.N.R., 2008 FCA 348 (CanLII), 2008 FCA 348, [2010] 1 F.C.R. 145.

http//www.canlii.org/eliisa/highlight.do?language=en&searchTitle=2008+FCA+348%2C+%5B2010%5D+1+FCR+145&origin=%2Fen%2Fca%2Ffca%2Fdoc%2F2008%2F2008fca348%2F2008fca348.html&translatedOrigin=%2Ffr%2Fca%2Fcaf%2Fdoc%2F2008%2F2008caf348%2F2008caf348.html&path=/en/ca/fct/doc/2009/2009fc1058/2009fc1058.html

ReplyQuote
Posted : 22/11/2012 7:04 pm
MDCR
 MDCR
(@mdcr)
Active Member

Not a lawyer, but one could argue that any services that is being used from the computer for the person (or persons) in the warrant could up for grabs. Under that premise, if you find any login/password to a service, one that is the computer is not even currently connected to, could be covered by a warrant - regardless of country.

It boils down to the fact that the cloud service does not own the files, the user do.

You may wanna explore that direction with some lawyers in your country, preferably before you run into such a situation in real life.

ReplyQuote
Posted : 24/11/2012 8:00 pm
pajkow
(@pajkow)
Member

Yes,

The whole point of this post was to find out how we should act in such scenarios. As at the moment in the UK I would use the SPOC to acquire data from the cloud but this is becoming more and more problematic and time consuming.

Anyone from Asia, AU, USA on how this is being done there ?

ReplyQuote
Posted : 26/11/2012 2:21 pm
rapiddescent
(@rapiddescent)
New Member

as part of commission (under Scots law) I had this problem recently and was not able to collect files/data because the court paperwork included wording to the effect of "files located at the premises…

" and the files in question were located on a cloud system. So I could see the files in question but not take them.

(luckily, I found copies of the files stored locally!)

ReplyQuote
Posted : 05/01/2015 8:30 pm
jhup
 jhup
(@jhup)
Community Legend

You obtain a warrant for the main house.
In your search of the main house you find a set of keys indicating an offsite barn. (offsite as in it has a different address than the main house.)

Can you enter the offsite barn? Can you search the offsite barn?

In the USA you would have to get a new warrant.

For the US, look at ECPA.

ReplyQuote
Posted : 05/01/2015 10:06 pm
dan0841
(@dan0841)
Member

Not a lawyer, but one could argue that any services that is being used from the computer for the person (or persons) in the warrant could up for grabs. Under that premise, if you find any login/password to a service, one that is the computer is not even currently connected to, could be covered by a warrant - regardless of country.

.

Not necessarily ANY service. For example communication data from emails or social networking would require authorisation under RIPA in the UK usually. You would be bordering onto surveillance and communications with 3rd parties if you logged into a communications service such as email

ReplyQuote
Posted : 05/01/2015 10:30 pm
Share: