Several of our lectures this year will discuss international issues with high tech crime investigations. Among the presentations: a joint talk on Tuesday, Sept. 13 about international social media investigation, from members Cynthia Navarro and Andres Velazquez; and on Wednesday, a Latin American perspective on digital forensics from Andres Velazquez.
A Latin American perspective on digital forensics
Velazquez, a Mexican digital forensics expert who built the country’s first private digital forensics labs through his company MaTTica, says one of the key differences between the United States and Latin American countries is the legal system structures. “US judges rely mainly on precedent, but in Latin America, judges rely solely on codes,” he explains. “So, if the defendant’s conduct does not meet the law’s requirements, it won’t be a felony.”
For example, a denial of service attack does not qualify as a felony. Nor does identity theft, or theft of other data, because the codes are based on physical robbery — the theft of tangible items. “A robbery charge depends on the absence of goods,” Velazquez explains, “but when the data is still there, according to the law, how can it have been stolen?”
In addition, civil or tort laws’ requirements are difficult to meet because none of the laws cover e-discovery, so examinations as US investigators understand them are not possible. And although a law in Mexico was passed last year that covers privacy of personal information, legislators have yet to approve guidelines, so investigators still face difficulty in this area.
Meanwhile, because many Internet service providers are headquartered in the US, Latin American investigators face difficulties with getting data because of international agreements. “Currently, we have to get a court order through our Exterior Relationships Secretary [comparable to the US Secretary of State],” Velazquez explains. “That has to go through the embassy, then through the US federal government, to the state, and then finally to the company. By the time the process is complete, it can be up to two years, and then the data we needed are gone.”
Agreements similar to the Budapest Open Access Agreement would help, but even at that, few Latin American attorneys and judges understand computers. Velazquez recalls a search he coordinated in which investigators seized only keyboards and monitors — but not the actual computers. Part of his mission is to educate and assist law enforcement and other investigators in the region.
Yet decisions continue to be made by the very judges who don’t understand computers, and to whom investigators have no access. The answer: for investigators to find a way to be in what Velazquez terms “unofficial contact” to start meeting needs, such as collecting forensic images with which forensic examiners can practice, or working with vendors to obtain metadata if not content.
Investigation mechanics from across the world
Until the laws sort themselves out, investigators are left with doing the best they can with what they have. Fortunately, although investigations are never “easy,” certain tools — among them social media — make the task easier than it was even a few years ago.
Cynthia Navarro, a California-based private investigator who will be co-presenting with Velazquez on social tools, says: “I have always said that with the internet we have no boundaries…. I have a project to watch how the narco in Mexico is affecting a specific town (and the surrounding towns.) It’s been easy, their mayor uses Twitter to warn the townspeople of street closures due to shootings, murders and rival gang takeovers. They they tweet when things are back to normal. This is the most up to date tracking anyone could ask for!”
Because social networking is for the most part publicly available, investigators deal with few legal issues. Navarro says she has encountered few cultural conflicts, and as for language barriers, “Thank God for Google Translate!” she says. “While it is not a perfect translation, you can get the gist of what is being said. I have used it for Spanish, German, Chinese, and Vietnamese with great success.”
Perhaps surprisingly, Facebook is the #1 resource for online investigators not just in the US, but overall, thanks to its widespread adoption in Europe as well as in Asia. Orkut is #2, says Navarro (due largely to its overwhelming popularity in Brazil), followed by Qzone and then Twitter. V Kontakte and LiveJournal are the most popular in Russia; a network called Hi5 attracts the most users from Thailand, Romania, Peru and Portugal, while Lide draws Czech users. Other countries have their own preferred social networking sites.
“For other countries, censorship and blocking can be a problem,” says Navarro. “I’ve heard that Zing is #1 for Vietnam because some Vietnamese ISPs have blocked it.” Other countries that block content: China, Uganda, Egypt, Iran, Saudi Arabia, and the United Arab Emirates.
Navarro adds that between investigation and teaching, the quality she appreciates most is learning. “Teaching to me is learning, we have to keep up in order to teach effectively,” she explains. “I am [also] lucky enough that there are always different things I investigate so I don’t get stuck on the same thing day in and day out.”
Interested in hearing what Andres and Cynthia will have to say, along with our other presentations on international perspectives? Join us in Indian Wells and register here: https://www.htciaconference.org/registration.html
Image: caruba via Flickr
Posted by htcia 
High Tech Happenings 