View
4
Download
0
Category
Preview:
Citation preview
© 2016 Meltzer, Lippe, Goldstein & Breitstone, LLP. All rights reserved.
By: Paul Rubell, Esq. Meltzer, Lippe, Goldstein & Breitstone, LLP
New York, New York
prubell@mlg.com
www.meltzerlippe.com
The Apple vs FBI Cases
1
© 2016 Meltzer, Lippe, Goldstein & Breitstone, LLP. All rights reserved.
THE SAN BERNADINO MASSACRE
When terrorism strikes home
2
© 2016 Meltzer, Lippe, Goldstein & Breitstone, LLP. All rights reserved.
THE EVIDENCE MAY BE STORED INSIDE
3
© 2016 Meltzer, Lippe, Goldstein & Breitstone, LLP. All rights reserved.
10 Failed Attempts….
4
© 2016 Meltzer, Lippe, Goldstein & Breitstone, LLP. All rights reserved.
THE HARDEST DECISONS
5
© 2016 Meltzer, Lippe, Goldstein & Breitstone, LLP. All rights reserved.
The Public Interest Debate
Personal Privacy Homeland Security Freedom of Speech Freedom of Press Due Process of Law Search and seizure – search warrants Supremacy of federal government States’ rights Judicial Activism Congressional Legislation Executive Branch 6
© 2016 Meltzer, Lippe, Goldstein & Breitstone, LLP. All rights reserved.
The Public Interest Debate
Technological Progress Going Dark Physical Security Cyber-security Internet of Things Health Care Financial Records Educational Records Personal Sex Life
7
© 2016 Meltzer, Lippe, Goldstein & Breitstone, LLP. All rights reserved.
8
• FBI • Federal Trade Commission • Health & Human Services • SEC • FCC • Dept of Defense • Dept of Treasury • Dept of Homeland Security • Dept of Education • State laws
© 2016 Meltzer, Lippe, Goldstein & Breitstone, LLP. All rights reserved.
What is Encryption?
Is this iPhone really encrypted? How is your data protected on the phone? Is that encryption, or just a locked door?
9
© 2016 Meltzer, Lippe, Goldstein & Breitstone, LLP. All rights reserved.
Alfred Charles Hobbs – The 1851 lock pick
10
© 2016 Meltzer, Lippe, Goldstein & Breitstone, LLP. All rights reserved.
Encryption Myths
Lock on door Scrambling data Security by obscurity Hiding the information Slowing down the intruder Cryptographic key Brute force attacks
11
© 2016 Meltzer, Lippe, Goldstein & Breitstone, LLP. All rights reserved.
Data
Data at rest Information stored in the cloud
Social media posts Device data (iPhone, laptops) Data in transit WhatsApp Google Hangouts Interactive social media (SnapChat) iMessage Skype
12
© 2016 Meltzer, Lippe, Goldstein & Breitstone, LLP. All rights reserved.
Apple & FBI can’t decrypt?
So many ways hardware methods to break into iPhone, widely published: • Cloning the NAND controller • Decapping (physically shaving off the CPU)
13
© 2016 Meltzer, Lippe, Goldstein & Breitstone, LLP. All rights reserved.
The California order compelling Apple to Assist FBI in search
14
© 2016 Meltzer, Lippe, Goldstein & Breitstone, LLP. All rights reserved.
Marc Zwillinger Letter – 2/17/2016
15
© 2016 Meltzer, Lippe, Goldstein & Breitstone, LLP. All rights reserved.
OTHER APPLE CASES – THIS ISN’T THE ONLY ONE!
Date Received
Jurisdiction Device Type iOS Version Status
10/8/2015 Southern District of New York
iPhone 4S 7.0.4 Apple objected (12/9/2015)
10/30/2015 Southern District of New York
iPhone 5S 7.1 Apple objected (12/9/2015)
11/16/2015 Eastern District of New York
iPhone 6 Plus 8.1.2 Apple objected (12/9/2015) iPhone 6 8.1.2
11/18/2015 Northern District of Illinois iPhone 5S 7.1.1 Apple objected (12/9/2015)
12/4/2015 Northern District of California
iPhone 6 8.0 (or higher) Apple objected (12/9/2015) iPhone 3 4.2.1 iPhone 3 6.1.6
12/9/2015 Northern District of Illinois iPhone 5S 7.0.5 Apple requested copy of underlying Motion but has not received it yet (2/1/2016)
1/13/2016 Southern District of California
N/A (device ID not yet provided)
N/A (device ID not yet provided, but the requesting agent advised device is pre- iOS 8)
Apple was advised by the requesting agent that she is seeking a new warrant. Apple has not yet received this warrant.
2/2/2016 Northern District of Illinois iPad 2 Wifi 7.0.6 Apple objected (2/5/2016)
2/9/2016 District of Massachusetts iPhone 6 Plus 9.1 Apple objected (2/11/2016)
16
© 2016 Meltzer, Lippe, Goldstein & Breitstone, LLP. All rights reserved.
BROOKLYN COURT ORDER
17
© 2016 Meltzer, Lippe, Goldstein & Breitstone, LLP. All rights reserved.
BOSTON COURT ORDER
18
© 2016 Meltzer, Lippe, Goldstein & Breitstone, LLP. All rights reserved.
The All Writs Act (1789)
19
The Supreme Court and all courts established by Act of Congress may issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law. 28 U.S. Code § 1651
© 2016 Meltzer, Lippe, Goldstein & Breitstone, LLP. All rights reserved.
3 Factor Test under All Writs Act
20
1. So far removed test
2. Unreasonable burden test
3. Necessary assistance test
US v NY Telephone, 434 U.S. 159 (1977)
© 2016 Meltzer, Lippe, Goldstein & Breitstone, LLP. All rights reserved.
Apple’s Brief
21
© 2016 Meltzer, Lippe, Goldstein & Breitstone, LLP. All rights reserved.
Electronic Frontier Foundation Amicus Brief
22
© 2016 Meltzer, Lippe, Goldstein & Breitstone, LLP. All rights reserved.
Tech Industry – Amici Briefs
23
© 2016 Meltzer, Lippe, Goldstein & Breitstone, LLP. All rights reserved.
1st Amendment
Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the government for a redress of grievances.
24
© 2016 Meltzer, Lippe, Goldstein & Breitstone, LLP. All rights reserved.
1st Amendment UNITED STATES DISTRICT COURT NORTHERN DISTRICT OF CALIFORNIA DANIEL J. BERNSTEIN, | No. C-95-0582 MHP | Plaintiff, | OPINION | vs. | | UNITED STATES DEPARTMENT OF STATE | et al., | Defendants. | ____________________________________|
"This court can find no meaningful difference between computer language, particularly high-level languages as defined above, and German or French....Like music and mathematical equations, computer language is just that, language, and it communicates information either to a computer or to those who can read it....
25
© 2016 Meltzer, Lippe, Goldstein & Breitstone, LLP. All rights reserved.
4th Amendment
Unreasonable search and seizure
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
26
© 2016 Meltzer, Lippe, Goldstein & Breitstone, LLP. All rights reserved.
A Man’s Home is his Castle
27
© 2016 Meltzer, Lippe, Goldstein & Breitstone, LLP. All rights reserved.
5th Amendment
Due Process:
No person shall be deprived of life, liberty, or property, without due process of law.
28
© 2016 Meltzer, Lippe, Goldstein & Breitstone, LLP. All rights reserved.
Stored Communications Act
A governmental entity may require the disclosure by a provider of electronic communication service of the contents of a wire or electronic communication, that is in electronic storage in an electronic communications system • If stored < 180 days, only pursuant to a warrant;
• If stored > 180 days, no warrant required.
18 U.S.C.§2703 29
© 2016 Meltzer, Lippe, Goldstein & Breitstone, LLP. All rights reserved.
Electronic Communications Privacy Act
The Attorney General may apply to a Federal judge and such judge may grant an order authorizing or approving the interception of wire or oral communications by the Federal Bureau of Investigation, when such interception may provide or has provided evidence of a major felony. 18 U.S.C. §2516
30
© 2016 Meltzer, Lippe, Goldstein & Breitstone, LLP. All rights reserved.
Verizon and AT&T
31
© 2016 Meltzer, Lippe, Goldstein & Breitstone, LLP. All rights reserved.
Is Apple a Telecomm Carrier?
32
© 2016 Meltzer, Lippe, Goldstein & Breitstone, LLP. All rights reserved.
Unimportant Data
33
• No data is unimportant • Every piece of data is important • Hackers, thieves • Foreign governments • Disgruntled employees
© 2016 Meltzer, Lippe, Goldstein & Breitstone, LLP. All rights reserved.
Mission-Critical Data
34
• Invisible information (metadata) • Geolocation • IP address • Operating system • Apps installed • Hosting and server information • External drives • Open source code
© 2016 Meltzer, Lippe, Goldstein & Breitstone, LLP. All rights reserved.
Legal Best Practices
35
WRITTEN POLICY MANUALS
© 2016 Meltzer, Lippe, Goldstein & Breitstone, LLP. All rights reserved.
Legal Best Practices
36
• Social media policy • Internet use policy • Mobile use policy • E-mail use and retention policy • Data collection & retention policy
© 2016 Meltzer, Lippe, Goldstein & Breitstone, LLP. All rights reserved.
Corporate Electronic Policies
37
Transparent easy to understand Non-discriminatory apply uniformly Accountability behavior is regulated Monitor & edit content no surprises
© 2016 Meltzer, Lippe, Goldstein & Breitstone, LLP. All rights reserved.
Legal Best Practices
38
Cyber-liability insurance • Protection • Need customized insurance policy for your
business • One size does not fit all • Not all policies are created equal
© 2016 Meltzer, Lippe, Goldstein & Breitstone, LLP. All rights reserved.
Legal Best Practices
39
Cyber-liability insurance • Audit your insurance policies (not by
broker) • What are the policy’s exclusions? • Exclusions can make a policy useless for
your unique situation • Are defense costs inside or outside policy
limits?
© 2016 Meltzer, Lippe, Goldstein & Breitstone, LLP. All rights reserved.
Best Practices
40
• Design • Deploy
Conclusion
• Be aware of the risks • Mitigate • Develop best practices • Deploy them
© 2016 Meltzer, Lippe, Goldstein & Breitstone, LLP. All rights reserved.
42
Paul Rubell, Esq. (212) 201-1720 prubell@mlg.com Blog: paulrubellblog.wordpress.com
Contact Information
Recommended