ΚΕΝΤΡΟ ΜΕΛΕΤΩΝ ΑΣΦΑΛΕΙΑΣ CENTER FOR SECURITY STUDIES

Similar documents
Workshop on Cyber Security & Cyber Crime Policies. Policies for African Diplomats

China and International Governance of Cybercrime

10007/16 MP/mj 1 DG D 2B

Systemic Analyser in Network Threats

UN General Assembly Resolution 68/243 GEORGIA. General appreciation of the issues of information security

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

The commission communication "towards a general policy on the fight against cyber crime"

CYBERCRIME LEGISLATION DEVELOPMENT IN NIGERIA AN UPDATE. Octopus Conference, Strasbourg 06 June, 2012

15412/16 RR/dk 1 DGD 1C

Comprehensive Study on Cybercrime

ITU Model Cybercrime Law: Project Overview

Issue I. Airport Communication Project

PROJECT RESULTS Summary

Promoting Global Cybersecurity

Strategic and operational threat analysis at Europol's EC3

Cyber Security Strategy

ILLICIT GOODS AND GLOBAL HEALTH. Future-oriented policing projects

Council of the European Union Brussels, 16 March 2015 (OR. en)

ISACA National Cyber Security Conference 8 December 2017, National Bank of Romania

2. Taking into account the developments in the next five years, which are the actions to be launched at the EU level?

Cybercrime what is the hidden nature of digital criminal activities nowadays?

ENISA EU Threat Landscape

Europol Unclassified Basic Protection Level. Council Working Party on Information Exchange and Data Protection (DAPIX) Friends of Presidency

MEETINGS OF MINISTERS OF JUSTICE OR OEA/Ser.K/XXXIV

Draft Resolution for Committee Consideration and Recommendation

IMPORTANT GLOBAL CYBERLAW TRENDS 2017

10025/16 MP/mj 1 DG D 2B

A Criminal Intrudes into a Bank in Geneva Korean agents. Canadian agents make the arrest. Argentinian investigators. discover. attack came from Seoul

Present Situation of Cyber Terrorism in China and Its Legal Countermeasures

Development of a renewed European Union Internal Security Strategy. Justice and Home affairs Council meeting Brussels, 4 December 2014

Cyber Security in Europe

Privacy Policy GENERAL

Thailand Initiatives and Challenges in Cyber Terrorism

Legal, Ethical, and Professional Issues in Information Security

INDEPENDENT COMMUNICATIONS AUTHORITY OF SOUTH AFRICA(ICASA) CYBERSECURITY PRESENTATION AT SAIGF. 28 th November 2018

CYBERCRIME AS A NEW FORM OF CONTEMPORARY CRIME

Detect Fraud & Financial Crime

Call for Expressions of Interest

Automatic Number Plate Recognition (ANPR) ANPR Strategy Infrastructure Development

NEW INNOVATIONS NEED FOR NEW LAW ENFORCEMENT CAPABILITIES

L attuale scenario in cyber security all indomani dell adozione di nuovi quadri normativi europei

The UNODC Global Programme on Cybercrime Alexandru Caciuloiu CYBERCRIME COORDINATOR SOUTHEAST ASIA AND THE PACIFIC

EU policy on Network and Information Security & Critical Information Infrastructures Protection

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)

Cybersecurity & Digital Privacy in the Energy sector

Subject: Kier Group plc Data Protection Policy

Guiding principles on the Global Alliance against child sexual abuse online

CYBER SOLUTIONS & THREAT INTELLIGENCE

WEBSITE PRIVACY POLICY

Secure Societies Work Programme Call

A comprehensive approach on personal data protection in the European Union

Cognizant Careers Portal Privacy Policy ( Policy )

OUTCOME DOCUMENT OF THE INTERNATIONAL CONFERENCE ON CYBERLAW, CYBERCRIME & CYBERSECURITY

UNODC tackling cybercrime in support of a safe and secure AP-IS

BRIEFING COMBATING CYBERCRIME: TOOLS AND CAPACITY BUILDING FOR EMERGING ECONOMIES. Geneva 18 April David Satola

Way to new challenges

Criminal Justice System s Intervention to Cybersecurity Threats: Panacea or Pandora's Box?

ENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010

RESOLUTION 45 (Rev. Hyderabad, 2010)

COUNTERING COUNTERING SPAM IN A DIGITAL WORLD

Cognizant Careers Portal Terms of Use and Privacy Policy ( Policy )

Motorola Mobility Binding Corporate Rules (BCRs)

Society, the economy and the state depend on information and communications technology (ICT).

Role of 24/7 points of contact regarding MLA requests for computer data/e-evidence, Cooperation with competent authorities

AIRMIC ENTERPRISE RISK MANAGEMENT FORUM

Joint ICTP-IAEA School of Nuclear Energy Management November 2012

INFORMATION TO BE GIVEN 2

Cybersecurity Strategy of the Republic of Cyprus

LEGAL SOLUTION CYBERCRIME LEGAL SOLUTION LEGAL SOLUTION NATIONAL, REGIONAL, INTERNATIONAL

ITU/HIPPSA Technical Assistance on Cybercrime Law for the Republic of Rwanda, Kigali 11 th -12 th July 2013

Incident Response Services

NIGERIAN CYBERCRIME LAW: WHAT NEXT? BY CHINWE NDUBEZE AT THE CYBER SECURE NIGERIA 2016 CONFERENCE ON 7 TH APRIL 2014

Privacy Policy for Trend Micro Products and Services for the European Union, the European Economic Area (EEA) and the United Kingdom

European Directives and reglements for Information security

ETNO Reflection Document on the EC Proposal for a Directive on Network and Information Security (NIS Directive)

Designing Robustness and Resilience in Digital Investigation Laboratories

DRAFT PROGRAMME. Exchange of views with experts on the fight against Cybercrime

Cyber Security Development. Ghana in Perspective

COMPUTER FORENSICS (CFRS)

Inter-American Port Security Cooperation Plan

Disruptive Technologies Legal and Regulatory Aspects. 16 May 2017 Investment Summit - Swiss Gobal Enterprise

PROTECTING NATIONAL CRITICAL INFRASTRUCTURE AGAINST CYBER ATTACKS BEST PRACTICES RELATED TO TECHNOLOGY AND STANDARDS FROM EUROPE BANGKOK

Professional Training Course - Cybercrime Investigation Body of Knowledge -

Does the cloud require a new privacy framework? The European perspective. Thomas Fetzer

UWTSD Group Data Protection Policy

Fighting Cybercrime in Belgium. Brussels, 29 February 2012

G7 Bar Associations and Councils

COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September Table of Contents. 1. Scope, Purpose and Application to Employees 2

CYBER FRAUD & DATA BREACHES 16 CPE s May 16-17, 2018

Do you handle EU residents personal data? The GDPR update is coming May 25, Are you ready?

Virtual Currencies and The Commonwealth. 1 June 2016

Cybersecurity Considerations for GDPR

Security Challenges with ITS : A law enforcement view

UCD Centre for Cybersecurity & Cybercrime Investigation

Red ALERT Apparent Breach of an Unidentified Pharmacy Related Database

Commonwealth Cyber Declaration


LIMITE EN COUNCIL OF THE EUROPEAN UNION. Brussels, 26 September 2008 (30.09) (OR. fr) 13567/08 LIMITE ENFOPOL 170 CRIMORG 150

GLOBAL DATA PROTECTION POLICY

Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston

Transcription:

ΚΕΝΤΡΟ ΜΕΛΕΤΩΝ ΑΣΦΑΛΕΙΑΣ CENTER FOR SECURITY STUDIES

Under which conditions is an investigation authorised/permitted? Which are the legal boundaries and the applicable operational rules? Is the Data Protection Regulatory framework respected? Does the MS legislation permit the use of the same platform/toolkit to fight against serious and organised crime? Is it possible to regulate the Dark Web? 2

Complex legal framework National European International Technology advances rapidly Organised crime Terrorist groups Law Enforcement Daily Activities 3

General Data Protection Regulation (GDPR) 679/2016 Directive 680/2016 on the protection of natural persons with regard to the processing of personal data by competent authorities NIS Directive United Nations Global Counter-Terrorism Strategy European Convention for the Protection of Human Rights and Fundamental Freedoms Directive 2013/40/EU on attacks against information systems Directive (EU) 2016/1148 concerning measures for a high common level of security of network and information systems across the Union 4

Investigation under warrant/or judicial order (incl. Undercover) GREECE SPAIN GERMANY UK Always based on Article 253A of Greek Criminal Procedure Code and on Article 187-187A of Greek Penal Code. Always based on Organic Law 2/1986 (Police Law) and Law 11/2002 (Intelligence service). Always based on Strafprozessordnung StPO German Criminal Procedure Law (FEDERAL LAW) G-10 LAW. Always based on Section 26 RIPA, Terrorism Act 2000 the undercover policing is applicable. Data protection as an absolute restriction Not when reasons of national security are met or serious crimes are committed, based on Law 2225/1994 & Law 2472/1997. Spanish Organic Law 15/1999 on personal data and Royal Decree 1720/2007. Not applicable to the processing of files related to the investigation of terrorism and serious forms of organized crime, or the investigation of other serious criminal offences. Based on Articles 1,2,10,13 of German Constitution Article 13 BDSG (Federal Data Protection Act): Infringements of this right is possible within narrow boundaries. Preventive state interventions especially in the framework of online searches are only permissible constitutionally, if factual indications exist of a concrete danger to a predominantly important legal interest. Data Protection Act 1998 (DPA). The critical issues in the fight against terrorism are the conditions under DPA in which police officers would be privileged to breach data protection laws which fall under the implementation of EU Directive on Combating Terrorism. Search robots This is not provided by law. This is not provided by law Nevertheless, based on Article 588 of Spanish Criminal Procedure Law. OSINT gathering is permitted without judicial authorization. For other types of information, legal consideration is necessary. This is not provided by law. Based on Section 48-RIPA and the Investigatory Powers Act 20001, public authorities can use online research and investigation tools but they must ensure that any interference with a person s right to respect for their private and family life is necessary for a specific and legitimate objective. Agent provocateur Illegal practice, based on Article 46 of Greek Penal Code. Illegal practice based on Article 282 Spanish Criminal Procedure Law. If a person has committed a crime, even because he was encouraged by a LEA, the responding Federal State will conduct a criminal proceeding. However, the act of encouraging an individual to commit a crime violates the basic principle of fair proceedings and will lead to a procedural impediment based on Article 26 StGB (German Penal Code). Based on Section 26-RIPA, English law offers someone accused of a crime a defence if they can show an officer acted as an agent provocateur, meaning they initiated or instigated the crime. Acceptance of data gathered in court Only data gathered in compliance with Law 3917/2011 & Law 3115/2003. The Criminal Procedure Law (Articles 588 & 589) introduces provisions concerning the retention of data and other information contained in computers or other electronic devices in order to preserve the integrity and the eligibility of these materials in court proceedings. Based on Article 100A of The German Criminal Procedure Code & Article 110A, evidence has to be seized and secured according to law requirements. In some case, accidentally or illegally obtained information may be accepted. Lawful interception regulates the monitoring of telecommunication activities and content. According to the 4 basic Principles of Good Practice Guide for Digital Evidence, a national best practice guide produced by ACPO -2007. 5

Dark Web High level of anonymity Multiple darknets employment of different technology (e.g. TOR, I2P, ) Dark markets (e.g. malware, hacking toolkits, 0day vulnerabilities, hacking as a service etc.) High volume A lot of time is needed for covert operation Cryptocurrencies Increased anonymity Difficult to trace the money route 6

LEAs facing multidisciplinary challenges: Evolving criminal landscape Identification of illegal activities Identify the physical location of the machine(s) hosting the website/service Multiple jurisdictions Detect and apprehend the actors Time constrains LEAs Cybercrime investigations take place within a complex framework of Legal and Ethical rules and simultaneously follow up the technological advancement of Cyber perpetrators 7

TENSOR aims at developing a platform that provides LEAs with tools necessary to enhance their capacity for dealing with huge amounts of online content in the early detection of online terrorist organised activities, radicalisation and recruitment. It is expected that TENSOR tools will have a positive impact on LEAs ability to: Accurately identify terrorist online communities; Detect and prevent terrorist activities organised online; Identify novel terrorism trends; Detect mis-information, propaganda and recruitment materials; Gather and preserve data for forensic analysis; Ensure compliance with National and EU regulations regarding data protection and LEA investigation 8

TENSOR Crawler: Crawl the (Surface/Dark) Web by starting from a URL of interest Instead of traversing all links, select to follow only the ones relevant to your interests TENSOR Profiling Tool Accurate profiling Dialogue analysis & management Seven categories with 73.02% success 29.145 posts by 170 different authors 78.44% success Hyperlink selection is based on machine learning approaches Increased efficiency and effectiveness 9

Economical impact of cyber crime activities Cyber security measures Mitigation actions Dark Web economy associated with cyber attacks (e.g. 0day Vulnerabilities and Hacking as a Service) Develop automated tools for information gathering (e.g. SNA) Develop an automated platform for behavioural, social and economic analysis of the cybersecurity risks and the cybercrime market. Provide a set of recommendations about the reduction of cybercrime to all relevant stakeholders including policy makers, regulators, law enforcement agencies, relevant market operators and insurance companies 10

identification Extraction Acquisition Analysis 11

European countries enacted legislation in accordance with the international and European regulatory framework However, the extent of internet along with the existence of grey areas, such as dark or/and deep web render web s regulation an almost mission legally impossible We need to act proactively respecting legal and ethical principles in order to prevent e-illegal acts We need to prioritize areas and sectors and promote cooperation of different disciplines 12

ΚΕΝΤΡΟ ΜΕΛΕΤΩΝ ΑΣΦΑΛΕΙΑΣ CENTER FOR SECURITY STUDIES Thank you for your attention! Tel.: e-mail: Research Associate +30 210 7481630 (ext.399) project-saint.eu www.kemea.gr tensor-project.eu

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback