Hello, and welcome back to the Computer Forensics Path, Course 5, digital evidence and legal issues. In this course, we're going to cover legal issues that pertain to the admissibility of our evidence, whether our evidence would be allowed into a court of law. We're also going to talk about some difference between civil law and criminal law. Criminal law talks about violations of a state, local, or federal statute. The penalties are very high for violating those. A person can lose their freedom. We're also going to talk about civil law, which usually pertains to cases involving property rights and monetary damages. We're also going to cover ethical issues. Ethics is a set of values which are going to promote the safety and welfare in our society. These are things that are taken very seriously in our profession because if you violate your ethics, you will lose all credibility in your profession, and you also make the profession as a whole look bad. The first thing we're going to talk about in Module 1 is applicable laws and ethics. Search authority. This might be one of the most important things we're going to talk about in this entire path. Search authority is what gives you the right to perform your examination on the evidence that you have provided to you, or if you go out and seize it yourself, it's the authority under which you're seizing that evidence. Our search authority can come from things like warrants, court orders, subpoenas, if we have real-time interception authority, like in a wiretap, which we'll talk more about. It can come from our state and federal laws. If you work in the private sector, it could come from your employer, company policy, or it can also come from consent, which we will also get into much later on. Search and seizure. The general outline for all laws governing search and seizure come from the Fourth Amendment to the US Constitution. Below on the slide you can see that the Fourth Amendment is written out there. This is the right of people to be secure in their persons, houses, papers, and effects against unreasonable, and that's a very important word, search and seizure. This shall not be violated without a warrant. No warrant should be issued except under probable cause and that's going to be supported by some type of written document. It's going to have to describe the place to be searched and the person or thing to be seized. We'll see that as we go through. That is very important. Again, the Fourth Amendment, like we said, at its most basic level, does require a warrant. But there are several exceptions to the Fourth Amendment. The ones we're going to talk about right now, we're going to talk about consent. Somebody can give you consent to search their property. We can also have a search incident to a lawful arrest. That is when somebody is placed under arrest by a law enforcement officer. There are certain things that can be searched as a result of that arrest. Plain view is an exception. That means if you are lawfully in a place, you have to be there lawfully, and you see something that is obviously contraband, something that's illegal to possess, or something that relates to a crime you're investigating, you can seize that and it will be admissible in a court of law. Stop and frisk, this mainly pertains to law enforcement, is an exception to the Fourth Amendment. It stems from a federal case called Terry versus Ohio, where somebody was stopped, and they were patted down, and they felt an object in their clothing, and it ended up being a firearm. But he matched the description of the person that they were looking for who had just committed a shooting. Automobile exception is also one. That's because automobiles or motor vehicles are very movable. There is a certain amount of exception there because they're mobile and you can lose the evidence. The evidence could drive away and you may not be able to get it back. There are certain parts of an automobile that you are allowed to search. Exigent circumstances. This is one that will pertain to us as a forensic examiner sometimes. That's when something is an emergency basically. It could be you're pinging a phone of somebody who is threatening to commit suicide or maybe they took a hostage and they're fleeing the scene, a missing child, you can sometimes do some type of electronic real-time interception without a warrant as part of exigent circumstances in those cases. Banners: Banners are things you'll see a lot of times when you would go to certain websites or when you sign up for social media, in there is something that says you do not have a right to privacy, that your data and your information can, will be shared. Banners can also be things that are posted. If you walk into a prison, you'll most often see that all conversations are recorded. It can also be something by your employer, there may be a banner on your page that says that your communications are not private. This can also give people the authority to monitor real-time access stored files. They can provide certain information to law enforcement. We see that with Internet service providers lot of times. If you're sharing elicit images, photos of child pornography or things you shouldn't be sharing, you have that stored on your Google Drive or your Dropbox, then you do not have a right to privacy. Those things can be reported to the police or you can consent to these things. A lot of times the agreements you sign with your Internet service provider or Facebook, Instagram, or any of these other social media's platforms, will have authorization to share your information as part of their company terms. When you sign those terms of consent, a lot of times you're consenting to giving your privacy away. We talked about the Fourth Amendment, a few slides back. If we violate the Fourth Amendment, if we see something illegally or in violation, that in evidence will not be admissible in a court of law. If we search some place without a warrant and we don't have probable cause or meet any of those exceptions mentioned earlier, then that would be seizing something illegally and it will not be admissible. Also, if we seize evidence illegally and that leads us to other evidence, even if we seize that new evidence legally, because we found it based on what we learned from the evidence we seized illegally, that new evidence will also be not admissible in a court of law, and that is called the fruits of the poisonous tree. If you act with malice or irresponsibility or any type of recklessness and you violate any of these guidelines or laws, you will be found in violation and you could have a civil case brought against you. You could be sued civilly. If you don't have search authority and you do that examination anyway, you could end up getting yourself sued. You really want to be careful when you're looking at your search authority, when you're looking at these warrants or other legal process that they do give you the authority to do the examination that you are going to do. Civil versus criminal: We talked about this a little bit. Civil cases are usually about property crimes, monetary damages. They're going to determine who's going to be liable for this loss. The standard of proof is a preponderance of the evidence, versus a criminal case, which is something that is punishable full by law. This is a crime, you can go to jail for this. The standard of proof here is higher, and that is going to be proof beyond a reasonable doubt. The best evidence rule: The original evidence is always going to be your best evidence. When the original evidence is not available, duplicates are admissible. Duplicates, including electronic recordings, but they have to accurately depict the original evidence. They can't be bias or an inaccurate representation or an unfair representation of the original evidence, then they would not be admissible. But duplicates are admissible when the original is not available, but the original is always going to be your best evidence. We do have some special situations. I mentioned wiretaps briefly, real-time intersection of transmissions. We also have stored electronic communications. These are communications that are going to be stored by maybe your Internet service provider, your phone service provider, if you're using a cellular telephone or any other type of telephone. We're going to also talk about the Privacy Protection Act. Now, the laws and rules governing physical evidence and electronic evidence are generally the same. But there are some things we do need to keep in mind. The computers can be used for both legal and illegal activities. They can also be used to protect information. There are special laws that protect electronic communications. We're going to talk about those throughout this course. The Stored Electronic Communications Act. Now, this act, generally applies to your Internet service provider. They collect information as course of their regular business, as part of doing business. This act says that they cannot just disclose this information to anybody. That you do have some right to privacy here. Law enforcement agencies can't just ask them. They have to have probable cause to get your information from your Internet service providers, or any of your social media. The provider protection. This authorizes the intersection and disclosure of information collected as part of their regular business. You can't ask an Internet service provider, or any type of Internet social media account, to collect something on a specific person, to help you with one of your cases. But if this information is collected as part of their regular business, they can turn it over to you, as long as you have the authorization to get it. You're going to need some type of warrant or subpoena for that. This talks about, that the Internet service provider, can't turn over to law enforcement some information that was obtained inadvertently. Maybe it was something that they don't collect as regular business, but they just happen to have it. They can turn it over to law enforcement with the proper legal service. If it pertains or appears to pertain to a commission of a crime. Again, going back to the example I used, as far as somebody puts pictures at their Dropbox that shows obvious child pornography, the Internet service provider would contact law enforcement and let them know about it. Or if they inadvertently take the conversation, voicemail message that they held, that maybe they usually don't hold, as part of their business, but it happened, and they realized that it does pertain to some type of criminal activity, they can notify law enforcement, and turn that particular evidence over to law enforcement. This talks about also that they are required to report child exploitation to the National Center for Missing and Exploited Children. They usually do, and then that in course will get turned over to law enforcement. This Privacy Protection Act, the PPA, this is what protects journalists from government officials, who wanted to search. This is your protected work product. If you write a book and that book is on your computer, and your computer gets seized now you can't just take that. That's that person's personal property. You may have to adjust your search parameters if they have some type of protected material on there, and that does apply to journalists, and other type of copyrighted material. You must get some type of legal process to obtain any type of work product. If you don't have that, you will have to adjust your search, accordingly. The Daubert rule. This obtains to the admissibility of scientific evidence, and this is going to pertain to us in our field. This also pertains to qualified expert witnesses. Talking about scientific evidence, you're meant to use a type of technique that has been used before, that's been tested and verified either by you or by somebody else. But whatever you're doing has to be tested and verified. Your reports and your findings should be subject to peer review. You should have peer review in place where another person will review your work to make sure that it's correct. There should be some type an known rate of error. If you're talking about DNA or fingerprints or say hash values, there is a known rate of error. The method has to be one that is acceptable in your scientific community. You can't use a method that nobody has used before, that you haven't tested and verified, that would not be appropriate. Again, investigators must be qualified before they could testify as an expert witness, and that would be done in court with the attorneys present. Ethics. As we talked about, they're a set of principles that guide our behavior, and it's very important that we have a good code of ethics. A lot of your organizations, a lot of your certifying boards have their own code of ethics, and if you hold the certification, you might want to familiarize yourself with the code of ethics and standards for that particular certification. Because if you violate it, you could lose your certification, and if that's part of your job, you must have the certification to hold your job, you want to be very careful about losing it due to an ethics violation. Again, it could lead to civil action. You could be sued for your unethical actions, and again, it just makes you look bad and it makes the entire profession look bad. I talked about this. Organizations have their own set of guidelines and they will differ, so you want to be familiar with your code of ethics for your organization and for any type of certification you hold. We have to make decisions in situations that are not so clear-cut, and we're going to talk about that more as we talk about what we do, imaging and collecting of evidence. The most important thing to remember here is you want to be able to articulate what you did and why it was necessary. Also, poor decision-making even outside of your professional life can reflect badly on you and your employer. Due care is very important. When you make a decision, make sure that you think about all the consequences of that decision and use due care before you proceed. Make sure you're working within the scope of your search authority, make sure you're not changing the original evidence, and if you are making changes, make sure you document what you're doing and why you're doing it. Other laws that apply to us are going to be the Patriot Act, and this is going to talk more about real-time interception or wiretapping that mainly pertains to terrorist acts. You do have a little more leeway with this type of crime. Terrorism, we can use the Patriot Act and you can get around some of the warrant requirements, which you want to make sure that you are working within the four corners of the law and that you know what you're doing, and you probably want to talk to a prosecutor. The Protect our Children Act of 2008. This pertains to reporting requirements for online crimes against children, and I talked about that when we talked about the National Center for Missing and Exploited Children, and how Internet service providers are required to report any type of child exploitation to them. Medical records, HIPAA is going to come into play. If you're talking about doing any work for a healthcare professional, you want to keep that in mind that health records are private and you want to familiarize yourself with the HIPAA law requirements. In the next module, we're going to talk about preservation and consent. We're going to talk about preserving the evidence, and we're going to talk about consent searches and the rules that govern them.
