Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

[CB20] Defending Computer Criminals by Andrea Monti

This paper is about defending a person accused of computer crime and computer-related crime in Court. It is intended as a primer for those defence counsel who have no experience in the specific field of criminal trials involving computer, digital assets and the Internet. At the same time, it provides insights to computer experts wanting to enter into the digital forensics sector, because it offers a way to understand how a lawyer thinks, and what are his needs when designing a defence strategy.
The focus is on the practical issues, as emerged from the direct trial experience of the author and of other criminal trial lawyers, therefore the legal theory and the ICT technical aspects are not discussed in detail. Both the legal and the IT professional, though, can find in the discussion enough hints to widen their understanding of the matter and improve the effectiveness of their strategies.
The paper is structured in three part: a criminological profile’s taxonomy of the defendants, the analysis of the digital investigation carried on by the prosecution to build the case, and the trial strategies of the defence counsel.
Finally, a note on the cases discussed in this paper: where possible, references to court decisions are available, but in some cases, for confidentiality reasons, the paper analyses the relevant elements without providing further information.

  • Be the first to comment

  • Be the first to like this

[CB20] Defending Computer Criminals by Andrea Monti

  1. 1. Defending Computer Criminals Andrea Monti Adjunct Professor of Law and Order University of Chieti-Pescara
  2. 2. Agenda • What this talk is all about • A Few Caveats • The Investigation • What is a ‘Computer Criminal’? • Taxonomy of the defendants • Common mistakes in the defence design • Tuning the defence • Defence arguments • Procedural defence issues • Conclusions Defending Computer Criminals - Andrea Monti - Adjunct Professor of Law and Order - University of Chieti-Pescara (IT) © Andrea Monti 2020 - All Rights Reserved
  3. 3. What this talk is all about • This talk is about computer crime advocacy from the defendant perspective. • It deals with practical matters, therefore it assumes at least a basic knowledge of how a criminal investigation is performed and how a criminal trial works. • Tries to be ‘jurisdiction independent’. • Outlines the basic knowledge and strategies to handle a computer crime trial. Defending Computer Criminals - Andrea Monti - Adjunct Professor of Law and Order - University of Chieti-Pescara (IT) © Andrea Monti 2020 - All Rights Reserved
  4. 4. A Few Caveats • ‘Nobody really wants justice’ (Dershowitz, A. ‘The Best Defense’, 1982). • ‘The more experienced a judge is, the less his decision in a new case will be influenced by the evidence and arguments in that case—which infuriates lawyers’ (Posner, R. ‘How Judges Think’, 2008). • Corollary: procedural defense may have a different effectiveness according to the specific legal Zeitgeist of the Country. Defending Computer Criminals - Andrea Monti - Adjunct Professor of Law and Order - University of Chieti-Pescara (IT) © Andrea Monti 2020 - All Rights Reserved
  5. 5. The Investigation • Victim’s reactions, in order • Making sense about what happened, • Damage control, • Internal (often improper) forensics, • Legal assessment, • Law Enforcement Involvement • Law Enforcement course of action • Crime Scene: impromptu forensics, hard disk/ computer seizure, logs’ collection, employees’ interview, security policy analysis, prior convictions database query, • Carrier/ISP: Traffic Data Request • Internet Governance Entities: information request on Domains and IP registrations, • Suspect: calls, IM, email eavesdropping/ wiretapping, searches and seizures, digital forensics. Defending Computer Criminals - Andrea Monti - Adjunct Professor of Law and Order - University of Chieti-Pescara (IT)
  6. 6. What is a ‘Computer Criminal’? • The archetype of the ‘computer criminal’ is the mighty übermensch called ‘the hacker’. • Do ‘hackers’ exist? Are they ‘criminals’? Are there criminals who are not ‘hackers’? • Hackers as scapegoats and law enforcement’s reputation enhancers. • Why do these issues matter? Artwork by Alberto Maderna for Monti&Ambrosini Editori - All Rights Reserved Defending Computer Criminals - Andrea Monti - Adjunct Professor of Law and Order - University of Chieti-Pescara (IT)
  7. 7. A Taxonomy of the Defendants • Knowledge vs Motivation • Knowledge is Motivation independent, • The same technical skills can be exploited by a hacktivist, an intelligence operative, an ‘ordinary’ criminal or an average citizen, • What matters to the defence counsel is to position the defendant in the right part of the diagram. Elaboration of a diagram initially published in Winkler, Ira, ‘Corporate Espionage’, 1997 Prima Publishing p. 86 and presented at the lecture 
 IT捜査と防御権 – イタリアおよびヨーロッパの20年間の司法史 - 2017年6月10日(土)- 慶應義塾大学 Defending Computer Criminals - Andrea Monti - Adjunct Professor of Law and Order - University of Chieti-Pescara (IT)
  8. 8. Common Mistakes in the Defense Design • Blindtrusting hired experts, • Mounting a defense based on exoteric and non Daubert-compliant technical theories, • Failing to challenge commonly accepted assumptions (i.e. ‘cyberspace’, ‘online vs offline’, AI capabilities, etc.), • Disregarding the weight of traditional evidence, • Lecturing the court. Defending Computer Criminals - Andrea Monti - Adjunct Professor of Law and Order - University of Chieti-Pescara (IT) © Andrea Monti 2020 - All Rights Reserved
  9. 9. Designing a Defense Strategy • A computer criminal defense is made of • Technical knowledge • Strategy • Effectiveness • Technical knowledge is needed to • Win the heart of the (tech-savvy) defendant, • Spot possible procedural mistakes of the investigation, • Understand when law enforcement and prosecutor’s expert witness are trying to ‘muddy the water’ by releasing ‘poisoned technical statements’, • Design a strategy. • Strategy must change according to • the profile of the defendant, • the moment when the lawyer becomes involved, • the IT skill level of the law enforcement, prosecutor and court. Defending Computer Criminals - Andrea Monti - Adjunct Professor of Law and Order - University of Chieti-Pescara (IT) © Andrea Monti 2020 - All Rights Reserved
  10. 10. Tuning the Defense Design A standard defense design implies taking into account: • The victim statements, in particular about what it did before handing out the targeted computer (and/or information) to the police, • If the police took for granted what the victim handed them out without further investigations, • If the police operated the defendant’s seized devices with improper forensics care, • How a police-operated malware has been designed, deployed and exploited, • How did the police get technical information and logfiles from carriers and ISPs. Were these information acquired by a police technician or (insecurely) provided by the ISPs? • How the police did get information from foreign entities. Did they operate under an MLAT or just get a simple e- mail with the data? • How the police matched a computer user with a physical identity. Defending Computer Criminals - Andrea Monti - Adjunct Professor of Law and Order - University of Chieti-Pescara (IT) © Andrea Monti 2020 - All Rights Reserved
  11. 11. Defense Arguments • Lack of digital forensics best-practice compliance as a way to challenge the digital evidence admissibility and/ or weight (United States v. Allen, 106 F.3d 695, 700, 6th Cir. 1997 v. Italian Supreme Court, Vth Criminal Branch, ruling 25 March 2015, n. 1105) • Relevance of data integrity preservation (Italian Supreme Court Criminal Branch, ruling 6 September 2012 n. 44851) • Planted evidence in the defendant’s device. Although held as unpresentable because of its highly speculative nature, this argument gained new momentum from the use of law enforcement-operated malware. The use of this argument must be grounded on solid hints, otherwise it would fall back into the ‘highly speculative’ category. • Carefully assessing the burden of proof. Stipulation with the prosecutor in technical matters should, as a rule of thumb, be avoided. • Ascertain the mens rea Defending Computer Criminals - Andrea Monti - Adjunct Professor of Law and Order - University of Chieti-Pescara (IT) © Andrea Monti 2020 - All Rights Reserved
  12. 12. Procedural Defense Issues • When the procedural defense is the main strategy, it is often implicitly seen by the court as evidence of guiltiness, • This perception can be exploited by the prosecutor, especially in jury-based trials, • To contain the potential exploitation against the defendant of the procedural defense, it is important to stress the point that respecting the rules of due process is as important as the merit of the trial. Defending Computer Criminals - Andrea Monti - Adjunct Professor of Law and Order - University of Chieti-Pescara (IT) © Andrea Monti 2020 - All Rights Reserved
  13. 13. Conclusions • The protocol to follow in the design of a defense strategy for a computer crime trial is: • Understanding the client's criminological profile, • Carefully analysing the technical police activities and look for prosecution's mistakes, • Choosing whether to adopt a procedural defence, challenge the merits of the accusations or both. • Bear in mind that a procedural defense must be handled with high care because • It can be seen by the court, and exploited by the prosecutor as an implicit admission of guilt, • Must be based on solid arguments, otherwise it will be dismissed as a ‘wild speculation’, • Can be obliterated by traditional evidences. • Manage the relationship with the judge with extreme care • Do not expose his limited knowledge of the technological aspects, • Restrain from a professorial attitude, • And, above all, do not exploit his limited grasp over technical matters to confuse him.• Defending Computer Criminals - Andrea Monti - Adjunct Professor of Law and Order - University of Chieti-Pescara (IT) © Andrea Monti 2020 - All Rights Reserved
  14. 14. www.ictlex.net - Italian blog.andreamonti.eu - English monti.jp - 日本語 www.linkedin.com/in/amonti/ Sorry, no other social networks available すみません、他のSNSはやっていません。
  15. 15. Thank you! ありがとございます! :) Thank you! ありがとございます! :)

×