Dr. Frank Kardasz, October 17, 2009 
Detectives who investigate Internet crimes against children often rely upon information preserved by Internet service providers (ISP's) to solve crimes. ISP's provide customer subscriber information that permits investigators to trace the source of unlawful activity. Without information from the ISP's, an investigative trail can quickly grow cold, leaving the offender to prowl freely in cyberspace.
Sometimes the information from the ISP is the only link to the offender. Investigators need accurate and timely historic information from ISP's so that they can help child victims.
Questions surrounding the struggle for information preservation and reporting include: How long should an ISP retain data and how quickly should they respond to law enforcement? Typically, ISP's retain data not to appease law enforcement, but for the logical purpose of billing subscribers and servicing customer Internet accounts.
Customer information is tightly held and private; law enforcement may only obtain the information through subpoena, search warrant, or court order. Data preservation and reporting to law enforcement is bothersome and costly for ISP's for several reasons. Many terabytes of computer storage space may be required to warehouse the data. The data must be secured so that it is not subject to theft. Dedicated personnel are required to respond to law enforcement subpoenas and search warrants.
Legal questions about information release sometimes arise that may require the opinions of corporate lawyers. ISP’s are not legally mandated to preserve data. Thirty days is the arbitrary voluntary preservation standard set by many ISP's. For many law enforcement investigations the 30 day standard is unsatisfactory because it does not permit investigators to identify the offenders who can slip away quickly in cyberspace.
Often a Time-Consuming Two-Subpoena Imperfect Process In many cases the initial investigative process requires two subpoenas, thus delaying identification to weeks or months before a suspect location can be determined. For example, in luring/enticement cases, often the only information reported to law enforcement is the offenders screen name.
With only a screen name, the investigation proceeds as follows in non-emergency cases:
1. The investigator determines the provider associated with the screen name. Yahoo, MySpace, and Facebook are typical examples of providers in such cases but there are hundreds providing the services. The investigator subpoenas the provider and then, days or weeks later, receives a response. The first subpoena response provides one important clue; the Internet protocol (IP) address from which the offending screen name communicated.
2. Next, the investigator conducts research on the Internet protocol address to determine which company is responsible for providing the previously identified IP address to the offender. Verizon, Cox and Comcast are typical examples of ISP's but there are hundreds providing such services.
3. The second subpoena is submitted, this time to the ISP associated with the Internet protocol address identified in number two above. The subpoena requests subscriber information associated with the IP address that came from the results of the first subpoena.
4. After a few days or weeks the ISP responds to the second subpoena with the name and address of the subscriber who was assigned to the IP address where the suspect screen name originated.
Finally, 14-60 or more days after the original report, Cyber-detectives can begin to focus on a location and name to further the investigation. Further problems sometimes result when typographical errors occur at any stage, prosecutors delay subpoena authorization, and/or workloads backup because of insufficient staffing. The slow turn-around time for information and the short 30-day retention periods are problematic for law enforcement. Investigations are sometimes slaves to the long wait for information from ISP's. Detectives worry that while they wait, the offender may be busy actively molesting children.
Civil Liability Concerns ISP's are the unwitting facilitators of Internet crimes against children. Civil liability is now a growing concern for law enforcement in delayed Internet crimes against children investigations (see: http://kardasz.org/blog/2008/09/liability_for_deliberate_indif.html).
In time, civil attorneys defending abused children will recognize the complicity of ISP's in the lethargic investigative process and begin to add ISP's as co-defendants in civil lawsuits.
Conclusion
ISP's should consider long data retention periods and rapid response to legal process. Federal legislation to mandate data preservation and reporting would assist investigators in protecting children in cyberspace.
No comments:
Post a Comment
Thank you for your thoughtful comments.