10.30.09
Posted in Internet crimes against children at 02:12 by Administrator
The link below leads to the survey results from information recently provided by investigators of Internet crimes. The survey explored data-retention times, investigations damaged by the failure to retain data and suggestions for improving the system and relationships with ISP’s.
Copy and paste the hyperlink below into your browser and give it a minute to load. There are 46 slides. Slides 4-9 are the executive summary that is also reproduced below.
Link to the survey results:
http://docs.google.com/present/edit?id=0AY35igHT2KB9ZGdyNHhmeDdfMjQwam5qM21rZjI&hl=en
EXECUTIVE SUMMARY
Some interesting results from the survey include the following:
- 100 investigators surveyed estimated that they submit between 239 – 1900 items of legal process per month to various ISP’s.
Impact of failure to retain data on investigations
– 61% had investigations detrimentally effected because data was not retained.
– 47% had to end an investigation because data was not retained.
How long should subscriber data be retained?
– 31% believed subscriber information should be retained for 3 years.
– 28% believed subscriber information should be retained for 5 years.
How long should content data be retained?
– 44% believed content information should be retained for 1 year.
– 19% believed content information should be retained for 3 years.
Possible Solution
89% of investigators agreed that a nationwide computer network should be established for the purpose of linking ISP’s with law enforcement agencies so that they may exchange legal process requests and responses to legal process. Authorized users would communicate through encrypted virtual private networks in order to maintain the security of the data.
Investigators suggested the following improvements by ISP’s
– Longer retention times
– Provide information more quickly
– Provide user guides
– Have a site that permits electronic submission of process
– Have a law enforcement direct line
.
Permalink
Posted in Internet crimes against children at 01:45 by Administrator
In January 2005, Yahoo discovered unlawful images on their computer servers and reported the images to the National Center for Missing and Exploited Children.
The information was directed to the Arizona ICAC Task Force leading to a search warrant and the arrest of 44 year old Donald Lee Cook, an unmarried security guard. Cook, who used the screen name Ilove_littlekittys, made admissions to the images and also named a child seen in the images as a family friend. Further investigation revealed that Cook had repeatedly molested the child and that he had recorded the unlawful acts.
After four years of legal maneuvering, in October 2009 Cook was found guilty in Maricopa County Superior Court and sentenced to 136 years in prison.
The principals in the successful investigation and prosecution included Yahoo, NCMEC, AZ ICAC Task Force, Phoenix PD, Mesa PD, and the Maricopa County Attorney’s Office.
See also: http://www.azicac.org/content.php?info_id=28&PHPSESSID=8dff902026d53ba267897089f1ffab79
Permalink
10.17.09
Posted in Internet crimes against children at 16:41 by Administrator
Dr. Frank Kardasz, October 17, 2009
Detectives who investigate Internet crimes against children often rely upon information preserved by Internet service providers (ISP’s) to solve crimes. ISP’s provide customer subscriber information that permits investigators to trace the source of unlawful activity. Without information from the ISP’s, an investigative trail can quickly grow cold, leaving the offender to prowl freely in cyberspace. Sometimes the information from the ISP is the only link to the offender. Investigators need accurate and timely historic information from ISP’s so that they can help child victims.
Questions surrounding the struggle for information preservation and reporting include: How long should an ISP retain data and how quickly should they respond to law enforcement? Typically, ISP’s retain data not to appease law enforcement, but for the logical purpose of billing subscribers and servicing customer Internet accounts.
Customer information is tightly held and private; law enforcement may only obtain the information through subpoena, search warrant, or court order.
Data preservation and reporting to law enforcement is bothersome and costly for ISP’s for several reasons. Many terabytes of computer storage space may be required to warehouse the data. The data must be secured so that it is not subject to theft. Dedicated personnel are required to respond to law enforcement subpoenas and search warrants. Legal questions about information release sometimes arise that may require the opinions of corporate lawyers.
ISP’s are not legally mandated to preserve data. Thirty days is the arbitrary voluntary preservation standard set by many ISP’s. For many law enforcement investigations the 30 day standard is unsatisfactory because it does not permit investigators to identify the offenders who can slip away quickly in cyberspace.
Often a Time-Consuming Two-Subpoena Imperfect Process
In many cases the initial investigative process requires two subpoenas, thus delaying identification to weeks or months before a suspect location can be determined. For example, in luring/enticement cases, often the only information reported to law enforcement is the offenders screen name. With only a screen name, the investigation proceeds as follows in non-emergency cases:
1. The investigator determines the provider associated with the screen name. Yahoo, MySpace, and Facebook are typical examples of providers in such cases but there are hundreds providing the services. The investigator subpoenas the provider and then, days or weeks later, receives a response. The first subpoena response provides one important clue; the Internet protocol (IP) address from which the offending screen name communicated.
2. Next, the investigator conducts research on the Internet protocol address to determine which company is responsible for providing the previously identified IP address to the offender. Verizon, Cox and Comcast are typical examples of ISP’s but there are hundreds providing such services.
3. The second subpoena is submitted, this time to the ISP associated with the Internet protocol address identified in number two above. The subpoena requests subscriber information associated with the IP address that came from the results of the first subpoena.
4. After a few days or weeks the ISP responds to the second subpoena with the name and address of the subscriber who was assigned to the IP address where the suspect screen name originated. Finally, 14-60 or more days after the original report, Cyber-detectives can begin to focus on a location and name to further the investigation.
Further problems sometimes result when typographical errors occur at any stage, prosecutors delay subpoena authorization, and/or workloads backup because of insufficient staffing. The slow turn-around time for information and the short 30-day retention periods are problematic for law enforcement. Investigations are sometimes slaves to the long wait for information from ISP’s. Detectives worry that while they wait, the offender may be busy actively molesting children.
Civil Liability Concerns
ISP’s are the unwitting facilitators of Internet crimes against children. Civil liability is now a growing concern for law enforcement in delayed Internet crimes against children investigations (see: http://kardasz.org/blog/2008/09/liability_for_deliberate_indif.html). In time, civil attorneys defending abused children will recognize the complicity of ISP’s in the lethargic investigative process and begin to add ISP’s as co-defendants in civil lawsuits.
Conclusion
For the sake of children, ISP’s should consider long data retention periods and rapid response to legal process. Federal legislation to mandate data preservation and reporting would assist investigators in protecting children in cyberspace.
Permalink
