 I don't think it's going to hurt if we start early on this. I would like to start with a little proclamation from the courts. The court systems basically say that you are special. They have ruled that you're special, and security professionals hold this. How they came about this was a nice little criminal prosecution. And as part of this, the interesting aspect of this is when you commit a crime with certain skills, they can elevate your sentence. So this is how they decided to find out that this particular field is very special. The interesting aspect that I like about this is in the skilled cell that you can elevate the punishments for, they include lawyers and demolition experts. So I guess demolition experts blow SHIT stuff up, computer hackers really hack stuff up. As lawyers, we just kind of really screw things up. But we're very important when you need us. So remember that. Now, as part of this, one of the aspects was, and how this happened, Prokner played guilty. And at the appellate level, you get to say, well, here are all these mistakes that happened down below. And one of the things they said down below is that you shouldn't have elevated my sentence because basically a script kitty could have done this. Now when Mr. Prokner was arrested, he had the right to remain silent, but he clearly apparently did not have the ability to remain silent because he gave like a 15-page detailed confession on what he was doing. And that's what the appellate court looked at. It said, no, look at the details of what you've done here for your crime. And the one of the other aspects he said was, I haven't been formally trained. I'm self-taught. And they said, yep, no, that's fine. You can be self-taught to a skill that raises it above what's normal in society. And we're going to elevate your sentence for this. So you are very special. And if you get in trouble, the legal system is going to think so, too. Couple things that we're talking about here. I'd like to introduce you to Clark's Law. We're all, you know, I'm kind of conceited, so I want to have Clark's Law. What you do in your interaction with attorneys is very important. You've got to take what you do. And you have to explain it and dumb it down to us to a third grade level. Because we've got to take that information and explain it to a judge or a jury at a first grade level. You have to remember, these are people that basically think wireless communications is screaming at their kids across the yard. So you've got to understand that you've got to explain it very detailed to your attorneys. You learn facts are king. Every single practice of law, that's what any good mentor will tell you. Facts are king. In this situation, an example, if you've got a passive honey pot and you change a couple things on it and it becomes a highly interactive honey pot, it goes from being just a passive device to a wire tap. That's pretty important in the law. So you need to make sure that your attorneys have a passion for this area. They're asking you specific questions and they're understanding what you're telling them. One of the other areas that's really hot now is this e-discovery. It's new, but it's old. It's been out for six months. The amount of information you can now discover using e-discovery has grown dramatically. Every attorney wants that smoking gun. Every attorney wants that we're suing the smoking company and they've got the memorandum that said, I saw a movie like this once, but never mind. Every attorney wants that smoking gun and your smoking gun is now going to be found in that metadata that they can get. When you're working with attorneys that are doing discovery requests, trying to get information, you have to help them craft that so they know what they're looking for and what they can find. So that's kind of the big areas that we're talking about right now. When we put these things together, when you submit your call for papers, you put what you think you're going to talk about in here. And there's a bunch of things. The NSA litigation is always hot. If I talk about the NSA litigation, we're not going to talk about anything else. If you feel free and you really want to talk about it, I talked about it last year. Not a lot has changed. A case was dismissed because they said the plaintiffs didn't have standing, which means they couldn't show a harm. Catch me over in the Q&A. We'll be glad to talk about it on that. The courts have been very busy in the last two months. I mean, they've been spitting out cases in the computer internet world like nothing. And so you'd like to have your presentation done, but it's changed a lot. So what we're going to kind of look at is active response kind of popped up from an article that I saw recently. So we're going to talk about that a little bit. I wanted to take not only what the courts are doing, but maybe something else to get you thinking about here. And so I was wondering about the aspect of liability of stolen code and its use because ironically enough, there was an inherently dangerous weapon case that came up in Massachusetts. So it kind of got me thinking a little bit. So we're going to do that kind of from a scholarly aspect to talk about those things. Jurisdiction has been very busy, both for civil jurisdiction and criminal jurisdictions when you're dealing with stuff that's happening on the internet. Search and seizures are always very interesting to the computer field. And if we have enough time to get there, we're going to get to Viacom v. Google, which is raising that wonderful copyright stuff again. Now about that, I know that there's a lot of aspects of people saying Google's becoming everywhere and that we should be careful with what they're doing. And they're trying to put messages out left and right. I don't buy into it. I don't think it's true. I didn't buy stock. Wish I had on that. All right. If you've seen me before, I have the disclaimer. I am a Fed. So all the errors remain with me on this. The nice aspect about this being videotaped, I have watched a couple of podcasts very briefly. I don't know many people who actually like to see themselves, either hear themselves or see themselves unless they're very narcissistic. I'm hopefully much better live than in person. For those people watching, I apologize on that. I'll try to repeat the question so you can hear them. And the only bad part about this is when I do make a mistake, it is caught forever unlike Congress. When they speak to C-SPAN, they're allowed to actually submit remarks afterwards so they don't sound as stupid in history as they did just then and get it right. I don't get the chance to do that. If you have questions, ask. If you have comments, make them. If you had good one-liners at the previous talk, I was actually giving out $5 Caesar's chips. I was going to do that here until last night. So you can tell how I'm doing at the tables. So I apologize. One more disclaimer. Who knows what this means? That's the wrong disclaimer. That's the one. Who knows what this means? I am not your lawyer. There you go. I am not your lawyer. What we're going to do here is we're going to talk about cases. I'm going to try to do it from a law school, socratic type aspect. I'm not going to take the left. I'm not going to take the right. I'm going to stand in the middle. And when you stand in the middle of the road, you get run over. So I'm going to try not to do that. But it's to get you thinking. It's to interpret the cases that have come here. You get 10 lawyers in a room and give them one case. You're going to get 100 different interpretations on that case. So again, if you think something's not being interpreted correctly, you're absolutely right. If you think it is, you're absolutely right. That's the wonderful aspect of the numerous courts we have looking at this information. Again, my name is Robert Clark. For those of you who don't speak English, that's the aspect. I'm waiting for somebody to look and go, that ain't right. I did my best. And I have to, next year, these jokes are getting old because we did them last year. The stuff that came out recently that just doesn't fit into the presentation for where we're going. USC Forester was one of the first cases that finally came out and basically said, your IP address is the exact same thing as your phone number. You have no reasonable expectation of privacy in your phone number and you have no reasonable expectation of privacy in your IP address. Courts are an interesting beast. They basically say, well, everybody knows how the internet works now. So when I hop on Google and I do a search and go and get that IP address, I can basically, I know that I have to go out there and a third party is going to do it for me. It's interesting because later on we're going to talk about password protection and apparently people don't know about that. It's not pervasive. So it's interesting what people know and what they don't know. In this particular case, the government got a pen registered and they put it on the defendant's computer and they started getting all the IP addresses he was going out to. The interesting aspect on this is, again, if it's a phone number, I can Google it now or I can look it up and I can find out, say, if I'm doing a methamphetamine case, I can see that it's going to chemicals are us and they might be getting precursor chemicals so I, as an investigator, I can tie that together. With an IP address, if it's how to kill your mother-in-law.com, it can be a little more telling but the IP addresses right now, they're saying, wait, the court took great lengths to say but URLs are not the same thing. We're not going to let you dive down into the exact document of the page that you're looking at in there. Right now, they did stop right there but this was kind of the first case that Point Blank said it is exactly the same for that. This was a case I thought you guys would like. The individual here, Mary Jane, has a website and at this website, she posts different things and one of the things that she posts was an arrest. So you're wondering, how did she get an arrest? Well, eight state troopers from the state of Massachusetts went over to a guy by the name of Paul Pechonis' house to arrest him on a misdemeanor. Being a parent, I kind of like how this all happened. They knocked, they come in, they're all heavily armed and it was all videotaped by the nanny cam. And so he took this arrest and they searched his house, they got consent to search so it was a warrantless search which we're going to have a case that's going to come up a little bit later. Eight armed individuals in your living room and they asked, can we search your house? It's obviously a very voluntary consent but by all means take a look around on that. And so he took the videotape and gave it to Mary Jean. State law says you can't be, first off it's an illegal interception because they didn't have the right to be videotaping officers without consent and knowledge. So they gave her a cease and desist order to say, hey, you got to take it down. She fought the case, they looked at some precedents about First Amendment, they looked at some aspects about how you obtain this legally or knowingly, that it's illegal, not knowing, anonymous. And they basically said, hey, the public has a huge interest in this type of activity. First Amendment, we're going to let you post this so they let them keep it up there. Both they videotaped and audio, so they had both of it. Typically, everyone ever since a wonderful Monica Lewinsky case came up, everyone's heard about the fact that when you're recording somebody, some states are one party consent, which means, I'm going to record you and I'm not going to say because I consent to it. Some states are two party consents, so there's an aspect of that one. This one had both the video and the audio on that. And again, the statute that they were doing the cease and desist under was your public law enforcement aspects of doing that for being illegally intercepted. So again, the aspect was public interest in finding this out, and they kept it up there. Active response wasn't really hot this year until I noticed that this article by Bob Brown, and I noticed a couple of speakers, you know, Hogan, Litchfield, and Google, were mentioned in this. So it always gets me kind of generating about the active response aspect of life. Active response, you know, you're talking about self-defense, self-help. We've talked about this before last year at great length on this as far as the aspect of what you can and can't do. Trespass to Chattel is very big with being treated to computers and the internet. The one thing I always point out here is the, what that aspect about the law likes. The law likes prevention versus post-trespass recovery. That's very simple, you know, it likes the fact that you, if your neighbor keeps barring your lawnmower, it likes that you're locking up your lawnmower as opposed to, you know, going over to his property, grabbing it and breaking down his gate as you're taking it back to your house. So it likes more the prevention aspect of it. I screwed this up because I didn't pull the right stuff off of my talk from last year, but when you're talking about using defensive, aggressive, active response defenses, it really kind of comes down to an aspect of degrees. Now, if I'm setting up, if someone's looking at my stuff and they're on my site and they're doing things and they're delving down and they're getting more details, there's an aspect of, I remember in aggressive network self-defense, what it basically was saying is, I'm going to set this up and your typical script kid, he's not going to be able to get down, he's not going to be able to delve down and kind of keep looking for this information. But your people with malicious intent are going to be keeping at it, they're going to delve down, they're going to do the research and they're going to find this. So I'm going to basically write malicious code here so when they take it back, it melts their machine. Now, my point on this is exactly the degree that you're doing this. Again, if it takes just a script kid he can do it, can you be sued for that? You can be sued for anything these days. So from that aspect, one of the facts you're going to look at is, hey, this was really easy to get to. The other guy who's got to do a lot of work, who's really malicious to get there, you're still on solid ground there because basically you set it up proportionally to the threat that you were faced with. And that's one of the big things we look at when you're talking self-help, self-defense. Unfortunately, it's amazing, you start talking about this and the first thing lawyers start talking about is the spring-loaded shotgun that we all remember from law school. And that's where the guy's defending his property. It's a farmhouse out somewhere. He sets up the shotgun, pointed at the door. You know, so when someone opens the door, kabam. I mean, you know, and it's just a farmhouse out there. Now the case actually, the wife says, why don't you aim it down at the ankle? And the guy who comes in, you know, when he stands on his left side, he's six four, when he stands on the right, he's five six. But again, the point is, what is that mechanism you're using to defend your property and is it excessive to what you're doing? That's kind of the point I always focus on when we're talking about self-defense and active stuff response. Ironically enough, if we get there, we're going to talk about YouTube again. This is a particular case that brought up trespass to chattel and a nuisance aspect of it. And there was a question about nuisance asked a little earlier. Universal Tube and Royal Form Equipment versus YouTube. As you might imagine by the name, Universal Tube has been in business for two decades, making, supplying used tube and pipe mills. They have a website. Prior to Y.O. YouTube, they basically had a few thousand visits per month. Then YouTube came online. How many hits do you think they got a day? 70,000. What do you think happened in their site? It crashed. So they sued for a trademark delusion and this motion to dismiss the case, meaning you're coming in and you're saying they haven't got a leg to stand on, dismiss the case judge, get us out of here. The trademark's going forward, but they did dismiss the trespass to chattel and the nuisance claim. Again, the trespass to chattel is they're harming my property. And the court said, no, I'm sorry. Y.O. YouTube is not going to your site. Y.O. YouTube is not clicking on you. You've got a bunch of mistaken visitors that are coming knocking on your door. We're sorry about that, but that's not a harm from YouTube. Then they looked at a nuisance aspect of law. And nuisance law is that aspect where your neighbor's tree's growing in your yard and over the fence and you keep saying, hey, could you trim it back? You know, and the neighbor doesn't. So basically being the good neighbor you are, you go out at three in the morning, fire up that chainsaw and cut half of it down. Basically, so that's a real estate, that's a real property theory. And we're sorry that YouTube and YouTube are side by side, but we're not going to apply that here. So the nuisance part of that was actually dismissed also. So fun case for YouTube on that. Well, if you're talking, the comment is actually about, they used it basically for advertising. That's the part of the case that's still going to go forward is the trademark dilution on the recognition of, you know, the fact that you've just taken my name and now you've diluted it, it's no longer, it's a trademark, it's associated with my business. Trademarks don't have to be registered. If you can prove that, hey, it's out there, it's well known. Everyone realizes that this trademark or this name is associated with this product and they're gonna go forward on that one. So I'm waiting on that. I haven't seen any more information on that aspect of it. Oh, that'll work. Yeah, anytime, hey, you know, America's great. Any way you can make money, let's do it. Talking about some aspects of stolen code now because I wanted to tie this, again, I wanted to tell you what the courts are doing, but I wanted to give you something to think about as security professionals. So you're working on your code, someone steals it. It's gotta be, obviously, one of the, there's several hurdles. One of the first ones, it's gotta be attributed to you. Now, there's several ways to do that. You know, one of the ways by reading aggressive network self-defense, you know, they had a lot of scenarios where people were actually signing their code. I guess that's an easy way to attribute it back to you. But you gotta look at the aspect of, if you get sued, what are we talking about? And unfortunately, one of the best analogies is the stolen gun analogy. What you're gonna look at for this is, are you liable for this? Were you negligent? And negligence, you have to have a duty to the person injured. You have to fail to perform that duty. And it has to be the proximate cause to that harm. In this area, the item causing harm, guns are inherently dangerous weapons. Code can be an inherently dangerous weapon. Part of this aspect is, the loss, but for that loss, the harm can occur. So these are the standards that are going in here. There can be an intervening cause that can break that chain of causation, but without it, are you responsible for it? Now the first thing you think is, hey, criminal act, criminal liability, shouldn't that break the chain of the causation? Case just came out of Massachusetts where an officer was shot and killed. And basically the kid had gone and in a secured homemade gun cabinet, unscrewed the hinges, got the gun and went out and killed the cop. So the homeowner, which was the girlfriend, is being sued by the estate. And the case is gonna go forward because it was reasonably foreseeable that this child was under psychiatric care and had problems of history and violence that it would have been foreseen, left alone in the house, going in the cabinet, unscrew the hinges, get the gun, get the clip, go out and do a criminal act. Now, so the reason I kinda point that out is to get you thinking about the code aspect of life. All right, those things that are out there. One of the things that you're gonna look at is how much is it advertised that you're in this work and you do it? Are you in chat rooms, you know, IRCs? Do you go to conferences like Black Hat or Def Con and advertise that you're working on this? What security procedures have you put in place on your machines to make sure that you're not going to be compromised? And the inherently dangerous product we're talking about, virus, worm, root kit? Do they have different standards? As our speaker before said, I don't have the answers for this. It depends, but by all means, if you're involved in that case, please let us know, because we'd like to get involved too. By the way, if I miss your case or your investigation, I apologize again. When you're determining what's kind of been hot for the past year, you're gonna get a wide variety of people talking about things. So if you really wanna talk about your investigation, please feel free to stand up and we'll be glad to share it with everyone. This case, getting into the meats and potatoes of aspects of life, this was one of the things after you've been caught and some of those probation aspect things that they're gonna say you have to live by after you're either let off of home arrest, house arrest, or get out of jail. Typically we've seen a lot of cases on probations where the judge will say, hey, you're barred from using computer's internet for three years. We've seen judges even say, hey, I want you to go out and get some real world blood and flesh friends out there. Interesting aspects. Mr. Volcker here got a lifetime ban, kind of like Pete Rose. And I understand Pete Rose is here this week. He got a lifetime ban from using any internet or computer equipment. Now, the judge here basically said, it has to be reasonably related to the offense and internet computers, it's ubiquitous and you gotta love it when judges use really big words and they understand the whole nature. Clearly he knew that megabytes wasn't just a good day of fishing. He understood that the internet was everywhere and said there's no way this can be enforced so they basically overturned that aspect of the probation. Civil versus criminal jurisdiction. Interesting cases coming up on this. I like the Davidov case because it's a civil case and it involves ex-wives and ex-husbands and whenever you can get involved in that, it's gonna be interesting and it's gonna be fun. Which sometimes can make it criminal and civil but this happens to be a civil case. Well, actually it was a civil case and this, yeah, it was a civil case. Haggiseth is a criminal case. It's gonna be about a doctor prescribing some Prozac so you can see where we're gonna go with that. In Davidov, if I remember this correctly, the husband, ex-husband is up in New York, he's like a doctor or something and the ex-wife and relatives are down in Florida. The web server that the doctor in New York or whatever the guy, you know, a professionalist is in Florida also. They hack the website. They change it, they write in there, he's pig of the year and other flattering words such as that. So he wants to bring them up to New York and sue them for hacking his website up in New York. It's an interesting case because it starts at some point in time looking good for them to be hauled up to New York. You start arguing about, you know, again, the ubiquitous of, great word, of the internet, the telephone machines, fax machines that, you know, you're really getting these contacts, you know, all over the world now and all over the place. Well, the court takes a look at it and it says, well, basically to get into a personal jurisdiction it goes back to this case, international shoe. I mean, this goes way back. You have to have minimum contacts with that forum that you're going to be sued in and basically they said here, you know, we just don't have that here. They're in Florida, they hacked in Florida. Yes, the effect was felt by you in New York but under that argument the effect could be felt in all 50 states so you could haul these people to all 50 states and we're just not gonna do that. So they didn't haul them up to New York for the case on that. Good old McKag basically was going whale watching and had a bad trip in Hawaii. He like, I guess, rough waters, ended up breaking his, a couple of vertebrates so he sues for his bad trip. Now he's back in Pennsylvania. So he's bringing and hauling them back there. This deals with interactive and passive websites. So now you're starting to get a little bit more on minimum contacts because this is a business setup for the purposes of actually having people come and do it. Now on this one, they're not gonna haul good old folks from Trilogy Corp to Pennsylvania because they say, yes it's passive. We weren't targeting people in Pennsylvania, it was kind of generic so there's not enough contact to bring them here to Pennsylvania for them to be sued. Haggiseth, as I mentioned, you've got a Stanford freshman. He goes online with JRB Health Solutions, a Florida company. Your Stanford freshman is in California. So he basically contacts the Florida corporation. They send the request for a prescription to a subcontracting doctor in Colorado who fills the prescription through a Mississippi-based pharmacy. So he got a bunch of states here for basically this Prozac prescription. As you might imagine, it ends tragically. He apparently gets intoxicated and commits suicide with the alcohol, Prozac, and carbon monoxide poisoning. So they're gonna haul this doctor from Colorado into California court under not homicide, but a criminal statute of failure to practice medicine in California without a license. Best they can come up with on that. And so they basically, his attorney goes in to get the case dismissed. So the court starts looking at the aspects of contact for it. Different standard for criminal than jurisdiction. By a preponderance of the evidence, that's, we used to say in law school, 51% versus 49. Now you can go to 50.0001. By preponderance of the evidence, it's foreseeable that this type of harm could occur, that it could be interpreted as practicing in a different state. So they're gonna bring him into California for the violation of practicing without a license. The case basically is talking about constructive presence. I'm not physically there, but I can reasonably expect my conduct to be felt there. I throw this out as a quick hitter. This was the modification of the Patriot Act in which in Arizona, they went and got an order to get the subscriber information from Yahoo. They went into the California court and said, hey, we'll time out as Arizona, California, can't do it. Patriot Act basically made national service available so you can get a search authorization in one jurisdiction and serve it in another. So a quick hitter for that. Interactive websites. InrayRenoso, this was a bankruptcy website. This case really stands for complicated expert software with really poor choice of advertising or sales puffery, as we used to call it in our contract classes. Basically you're looking at something kind of like TurboTax. You get it, it tells you what documents to use, where to put the information in. This one, I mean, you put your information in and it chose the documents for where it should go. Plus, but they had all these expert advice where expert software basically held, hey, this was practicing law without a license. And so basically the website got in trouble for practicing law without a license. Again, poorly chosen words for their sales puffery and an expert website to give you help. We're still seeing web pages, ISPs not being liable for the postings of other information. Universal communications sued Lycos for basically for defamatory information that was posted on their financial situation. They sued, Lycos said, hey, we didn't write it, we're not responsible for the content, and court agreed and dismissed the case because you're not liable as a publisher. Again, First Amendment right to do that. Fair Housing Act, the Fair Housing Council versus roommates.com, same kind of scenario. It's a website to find roommates for coming on in. On this one, a little different. The website started becoming responsible for the content. How? Buy the questions that they had there. What are you looking for? Dog lovers, cat lovers, people who only hack between two and three in the afternoon before two and four in the morning. And so they started creating the content that you were looking there. As you might imagine, some of the categories got kind of discriminatory. And you're thinking, more discriminatory than dog lover or cat lover? Yes, they got more discriminatory. And because that violated the Fair Housing Act and they were responsible for that and the site got taken down or modified. Seizures, let's move on to the fun part. The cops have shown up and they're taking your stuff. On this one, in Ray Forgeoni, I like this one because basically this is the one where they show up and they say, we're taking everything. You've got a student. He does what most jilted students do. He starts stalking the student who jilted him. And so being the good stalker that he is, he starts sending harassing emails. She takes the information to the university system administrator, they find out the IP address it's coming from, turn it over to the cops, cops do what they do, and they show up the house with the search authorization to seize all the computer equipment. And the family says, whoa, time out. Grandma's running turbo tax upstairs has nothing to do with what my college students doing. And police do what they do very well. Too bad, so sad, sorry, tell it to the judge and they grab everything and take it out. And that's basically what the judge said. Just says, look, I don't know that Junior's just harassing on this particular computer. He could be harassing on Grandma's computer too. So we're taking it all, we're keeping it all. Have a nice day, don't let the courthouse door hit you and then you know what on the way out. I'm hoping the question is, what are some facts that could change that seizure aspect as far as attorney, client privilege information, corporate trademark secrets from that aspect? I'm gonna ask you to hold on to that to make sure I come back to it because it's gonna come back in a couple of the cases we've got coming up, cause we've got some aspects of corporate seizures on that lines and business stuff. That was asked before too in terms of, there's some questions about if you got a good attorney and they haven't, you know, they take your stuff and they haven't searched for a while, they gotta search it within a reasonable amount of time. You get your attorney to go in the court and say, judge, get him to move their butt, get him to move. Here's say, I heard a while back that certain three letter agencies were having trouble with their labs searching things and imaging things quickly enough and they actually got hammered pretty hard by some jurisdictions for not moving fast enough on that. Is it a two year backlog or a three year backlog? Yeah, I've come in as a two year or a three year backlog. See, when I heard it, it was at 18 months. But you know, things grow. So question, yes sir. Hard drive, lock in a safe. Is it in water, sinking down to the bottom of the ocean? It's getting really, really secured. Encrypted, you know, these are questions that came up again. After speaking before, questions became, all right, the aspect of, you know, passwords encrypted biometrics, you know, I see the computer and having a teenager, we just looked at some models with the old biometrics on there. So your eight armed troopers show up saying, we're gonna, we see the stuff, do you consent? Oh, by the way, I need your finger and they, you know, grab the finger and slide it right across. Very good questions. I have not seen, we have not obviously seen these issues raised as of yet on the biometrics aspect of it. The question becomes, are these incriminating acts or statements? Now, if, I know this is gonna be a shock to most people in this room, if you've ever had alcohol and it's affected your blood alcohol level and then gotten to a car for driving aspects of life and had to take a breathalyzer, question again, is that incriminating? Or, if the cops throw you down, hold you down, stick a needle in your arm and pull the blood out, is that again, Fifth Amendment? No, it's not. So it's gonna be an interesting case. You're gonna see prosecutors going along that line of cases that, you know, biometrics, you know, taking your blood, taking your breathalyzer, that's the direction we're gonna go. Where the court's gonna go with that? It's gonna be fun to watch. So I don't know the answer. So the hard drive and the safe that come to seize all the stuff. Here's the fun aspect. Again, search warrants have to be specific enough for that item being searched for. That's the fun aspect of when they're searching for, you know, the marijuana and the marijuana cigarettes. Marijuana cigarette, I'm told, can be very small. So basically, I mean, that gives you free reign to open drawers, I mean, searching everything, open containers and look for everything. So when I'm searching for, you know, hard drives, again, how articulate was the facts that I'm basing my search warrant on, you know, if I'm looking, you know, I'm gonna be hard-pressed to say that I'm looking for a specifically named hard drive from that aspect, you never know. And then you have a safe there, you know, that's the next aspect why you're standing there. Hey, you know, what's in the safe? I don't know, you know, I'm at. So yeah, at that point in time, a question could be, I mean, with the aspect of being able to open, close container and there's a whole line of history, you know, cases on that, if I've got the authorization to do that, then I could arguably get the tools to open up that safe. So on that, but these aspects are the areas that are really gonna be being developed by several different cases and circuits from the first to the ninth, there might be some more than the south of the ninth, but we all like watching the ninth the most out of California, and that's what we're gonna be looking at. Was there another question out there? All right. Typically the question is if the search on the hard drive for a particular IP address you hacked and they find another IP address that you hacked on that while they're searching for it. I would, I don't wanna say I'd be surprised, I would be surprised that the search warrant is that specific that they're listing the IP address. I didn't get to this in my other presentation, so I'm gonna talk to you about it now. Search warrants methods on that. There are several cases now that are saying the method that you're going to do the search for computers does not need to be specified in the search warrant, that doesn't have to be specifically articulated in the search warrant. There's one case and it's in my material and it escapes me right now, which really sent shivers through DOJ attorneys that said no, I want the method specified in there. It was an anomaly on that. So I'm not gonna put a whole lot of weight in that. Typically you're talking some aspects, the case is basically you're talking plain view. In here, in my material, there's another one that talks similar to that. They're investigating for stalking and they go to the guy's house and he literally has hundreds and thousands of dollars just laying all over the place and basically he's got this offshore thing doing illegal stuff offshore. He even kinda tells them about it and they're looking on the computer for stalking and the message in a specific drive because he said, yeah, I'll give you consent to search, by the way, it's in D, colon, backslash, right here, go to it. So they start looking at it and as they see all the money all over the place and they bring up the files, they see literally a file kinda called offshore accounts. All right, so what do they do? Being good cops, they click into it. Now, there's the doctrine of plain view. If I'm looking for things and it comes up and I see it, plain view means I can seize it. I don't have to stop everything I'm doing to go get, I'm investigating for child porn, there's magazines and there's a bundle of marijuana here. I don't sit there and say, hey, thank you, got the child porn, have a good day. Boy, that marijuana would really go good with this, can I take that too? All right, I don't have to do that basically on that. So basically, plain view. Now, in this particular case because the consent was specific to the D drive, they said even seeing that offshore accounts was beyond the scope of the search and they suppressed it. So coming back to your search of looking for that IP address, I'm not gonna, hey, if I'm fashioning that search, I'm not gonna say, I'm gonna keep it general, it's pretty specific. For violation of computer fraud and abuse acts, computer fraud and abuse act, access, and I'm gonna leave it at that. And so when I see the other IP addresses as I'm searching in there, I'm gonna be able to gather that information. There's been a lot of cases dealing with third party consent. Third party consent is that you're investigating. Common people living in the area, it's not the person who's actually the true owner of the item, but someone who has either actual authority or parent authority gives permission for this. This is an Air Force case and you had a bunch of airmen living in quarters. Now, the interesting aspect is this was again, facts are king, this is a good fact specific case. The defendant was going to purchase the computer from our hero. And so basically he said, yeah, I'll buy it for me. So the hero goes, here it is, it's yours. And the defendant takes it and puts it in his bedroom. Now, kids, they set up a whole land in there so they could do gaming and file sharing on that. And the hero is still kind of the system administrator. He's still performing maintenance on all the machines that are in there. So he still performs maintenance on this. Hasn't been paid money for it yet, but it's agreed that the defendant's gonna buy it from him. Goes in there performing maintenance, looks in my music, thumb drives, child pornography, turns it over to the cops, cops arrest him, bust him. Now the question is, did he have authority basically, the cops have authority to search this machine based on the permission of our hero who gave it? And the aspect of that question, answer that is, yeah, it appears that he has a parent authority over the machine, he's used the machine, he performs maintenance on it. There's nothing that our defendant has said, hey, I don't want you doing anything more. So he hasn't evidence, he hasn't password protected anything, so there's no evidence he's taking any steps to create that zone of privacy. So the search was okay, the consent was okay. Admin, you can turn, again, if you're performing, this is a service provider exception and all the other aspects to law enforcement. You're performing maintenance that is relevant to basically doing the service provider that you are, it's got a nexus to it. You can turn that information over to law enforcement when you come across it. Now, after you call them up and say, hey, I think they've got child porn on their machine and the cops say, oh, great, hey, go back, do a thorough image of the box, take a look at it, see everything and then give it to me, you've now become a cop. Okay, there's a whole line of cases out there that basically have system administrators acting as law enforcement agents and those are illegal searches. So that's been pretty clear. Yes. Question is, pharmacists admin and I do find child porn on a box and I don't turn it in and it comes back to haunt the company. Again, what's your liability for that aspect of it? Do you possess it? The question, no, the answer is no. Your liability from a criminal point of view? No, again, facts are king and they can change real fast. On those simple facts, the aspect would be, no. On that, now, can they change real fast? Oh, yeah. And this is what I had breakfast with Jennifer Granick this morning and that's the aspect of telling war stories about it being a defense attorney. And when you're telling your client, here's what you're faced with, if you plead, go to trial, oh, by the way, it doesn't mean anything to me because tonight I'm gonna go home and have a steak dinner. I'm not gonna be watching the bar shut. So again, that risk aspect, those are tough questions to answer. Question up front? Okay, cis admin, responsible for the network. You've got it on there, aren't you responsible because it's gonna interfere with your network to actually improve the network and get it off of there from that aspect? That's a valid argument, absolutely. I mean, because that's what, you know, when we sit here and have all these intellectual discussions about reading emails and having people delve into that, again, the aspect is the reason I looked at it was because it was dorking up my system so I had to go look at it, which typically, that's how like, you know, 75% of the cis admin cases which turn in child porn are for that reason because the JPEGs are so huge that dorking up the system and they go and they find it that way. It's illegal to possess child pornography. Now, you know, I've heard it even said, I mean, across the board, strict liability. So it's like, okay, so if you're one cop organization and you take it and hand it to another cop organization, haven't you just trafficked in child pornography? I've heard it argued to that stupidity of the degree aspect of it. So, again, I'm telling you what the law says. What you do, you know, again, comes back, you know, military, we have regulations that say, you know, which sites you can go to, what you can and can't go to. How many times do you think, you know, the cis admins, the A-cert guys come in and say, hey, we've got pornography on this machine. Well, commanded, did you call the criminal investigation division? Yeah, I did. What did they say? Is it child porn? I don't know, it just popped up. And then they say, go back, you go back. If it's not, they just delete it. They haven't got time to deal with it. Again, so, you know, that's the aspect of that's practicality as opposed to legality. UCMJ, ironically enough, that, you know, the aspect, they have basically a simulation statute in the UCMJ, which assimilates federal laws and sometimes state laws. I'm sorry, I can't hear. You're gonna have to stand up and shout. I can't hear it. The question comes on use policies, terms of service aspect, in terms of if you find something there, are you going to, you legally, or you're going to turn it over? The reason I smile is because DOD is having a blast with its banner right now for its purposes of what we can and can't do for monitoring the networks. And it's wonderful to make a great banner or terms of service from that aspect. That doesn't mean it's not gonna be litigated. There are a lot of cases out there in which you've got terms of service, use policies, and they're never disseminated, except when a new employee comes in and signs and they don't talk about it for six years, no one knows about it. So the question comes, all of a sudden, then they do something and you say no, that's not waiving the expectation of policy because you haven't done anything, you haven't enforced it. There are a lot of cases out there that are showing point blank. When you sign that use policy, you know what's gonna happen, you know it's monitoring. I wanna say in here, as a matter of fact, and buried in the material, is another case exactly like that, that basically, it was an aspect where you knew the use policy, you knew it was gonna be, so yes, you can turn it over and you knew that was gonna happen. Let me go in a couple more to get through here and we'll go over to the question and answers on this. I'm gonna move ahead to this case because this is a consent case. This is basically the 91-year-old doctor in his pajamas case. They were focused on his 51-year-old son for child pornography. Eight months goes by, they really haven't gotten anywhere with this, so they go and do a knock and talk. So they go to the residence, knock on the door and Dr. Andres opens the door in his pajamas and starts talking to the cops and then he comes inside. They knew there were several people who lived in this house. They could see the bedroom allegedly, they could see the bedroom behind him and the computer in there and they asked the doctor, can we take a look at this computer? And the doctor says, yeah, go ahead, come on in and look. Now, in this case, the internet bill was paid for by the doctor, they knew that. The email address they were looking at had the doctor's initials in there and so it became an apparent authority. Did he have the apparent authority to consent to the search? This goes back to my other aspect is while they were doing the search, they finally, the doctor either offered or something said, hey, I really don't use the computer and they stopped. But his son came home during the search and again, you've got all the cops standing there and they say, do you mind if we search your machine? And so the court held that this was, he says, yeah, you're already here, go ahead. And the court held that that was voluntary consent. They really kind of dismissed it as opposed to talking more to it. So on this one, basically, the image of the machine took it, the files were password protected. They used encase to image it and went right past it. Which kind of brings up, yes. And again, you're talking about this case? This case was Windows XP login protected. And when you're plugging in an encase, now my understanding is you can configure encase to find out if it's got a login and if files are password protected. Would that be correct? That's kind of what they said in here. And that was one of the key things they said they took away in there. This one and another case, and this was one, I can't remember if it was this one or another case. That goes back to what the courts believe is pervasive. They found that asking people, are these password protected? It's not, password protecting your files is not so known or pervasive that cops would reasonably ask these questions. Now, I'm a government hack, but I've been around enough cops doing computer forensics now that point blank, they know and they expect files to be password protected. So the fact that they're not asking these questions, the court's saying you don't have to ask, but I'm waiting for that case to come up when that's really gonna be litigated because it's only gotta be a matter of time before that comes up. So, interesting case on that. I wanted to talk about revoking consent on this. And this is going into the Androchec case. Again, Androchec, child pornography, they call him up, can you come on in and talk to us? He says, yes, mistake number one. So then they say, what's it about? He says, on the phone, he says, what's it about? And they go, well, it's dealing with a credit card fraud. I don't own any credit cards. Yeah, but it has to do with internet and that so could you come on in and he goes, okay, calls back. Oh, hey, I forgot, I reformatted my computer so I don't know if I can be of any help. Yeah, we know, but come on in anyways. Okay, mistake number two. So then he goes in, mistake number three. So he's in there, they tell him, hey, that was a ruse to get you in here. It's really child porn. Do you have anything on your machine? Again, that ability thing versus the right to remain silent. He waves his rights, starts talking. Yeah, I might have images on there. The cops say, can we go and get your computer and look at it? Yeah, okay, so he gives consent to search the computer. Still at the station, he says, what if I don't want, what if I want to take back my consent? They're like, well, you can have that choice, think about it, let's go to your house and you think about it. So they drive to another station to get another agent, apparently he's got the forensics equipment and at that station he gets out of the car and he goes, I'm really not comfortable with this. And they're like, well, okay, come on, just go to the house and you can think about it there. So they get to the house in point blank at the house in the driveway. Again, they say, hey, I'm not comfortable with this. What happens if I revoke my consent? And the cop goes, you revoke your consent, we're gonna stay here, we're gonna go get a warrant and we're gonna seize your machine. All right, go on in. So they go in and basically start looking at the machine and they don't have the right equipment there. So I'm gonna wrap this up real fast. Basically, they seize the machine. Now he's like, wait, wait, wait, you're taking the machine? And they're like, yeah, with or without it, we can go get that warrant. He's like, you're already here, you might as well go ahead and take it. The court held that the fact that they threatened him with the legal process of getting a warrant wasn't a threat to violate his consent. Now, I see both sides of this. Again, it's an aspect of stating a fact. Here's the legal process that we're gonna do this. We're going to stay here, go get the warrant, come back and get the machine. Yeah, that's a fact. But I'm not sure, I'm really comfortable with that because it's an aspect of, and that is a threat. There's just no two ways about it. So, interesting distinction on that opinion. So you're saying don't consent? If you're talking to a, the question is, so you're saying don't consent? Okay, defense aspect of life. And again, defense hat is never consent, never waive your rights, never agree to meet with cops and always ask for your attorney. If I was wearing my defense hat, why isn't there anything there about don't commit crimes? Because if I'm a defense attorney, then I gotta go do divorce work, which can become criminal, but it's not as much fun. On that, so that's that. There's a lot of stuff in here. I apologize that we didn't get to a lot of the things. We're gonna be next door asking questions that you got. We're hanging out all day. Jennifer Granix here too, so get her and pepper her with questions too. Thanks for coming everybody.