Cyber Forensics and Legal Considerations: Is the Law Keeping up with Advancing Technology?
Introduction

Because of the digital age and the possibilities it has introduced, digital forensics is now a necessity within the realm of law enforcement. However, there are numerous considerations to be made within this realm: constitutional law, property law, contract law, tort law, cybercrime, criminal procedure, evidence law, and cyber war. This paper will examine how the law is only barely keeping up with advancing technology in the realm of cyber forensics and legal considerations. Specifically, it will examine the role of cyber forensics today, the role of cyber space in today’s digital world and where legislation and legal system fails to keep up with the needs of people and businesses. The paper will focus on what amendments have been made to the Constitution, what bills have been passed in relation to cyber security and cyber forensics, and what new trends in cyber crime are occurring. The paper will also focus on the reality of cyber war and what it means in the field of cyber forensics and how today’s laws fail to keep pace with the ever mounting pressures and incidences of cyber war.

The Role of Cyber Forensics

Cyber forensics is defined as the “branch of computer science that focuses on developing evidence pertained in the digital world for use in civil or criminal court proceedings” (Maragnos, Risomiliotis & Mitrou, 2012, p. 775). In the digital era, it is a highly needed field. Digital crime is one of the most common forms of crime committed today: people have the identities stolen, their accounts hacked, the digital assets frozen, their computer hardware held ransom, and so on—all because of the ability of digital criminals to use cyber tactics to infiltrate systems (Gogolin, 2010). As a result, cyber forensics is a much needed field to help law enforcement officers understand the digital footprints left behind by cyber criminals. Cyber forensics is one of the most in demand fields within the IT industry as more and more of modern society merges with the digital world—and more and more security breaches show a need for digital tools that can be used to understand the scene of the crime. As Norwich University (2019) explains “recovering deleted files, deleted passwords and checking for breaches of security for cyber-crime” are just some of the methods those enlisted in the field of cyber forensics employ. The evidence collected in cyber forensics, however, plays a big role in criminal justice: “once the evidence is collected it must be contained and translated for lawyers, judges, and juries to examine” (Norwich University, 2019). The question that many have today focuses on the extent to which legislation has kept up with the advances made in digital technology.

Cyber Space, Cyber Forensics and the Constitution

According to Andres (2015), “the fundamental constitutional dilemma associated with cyber conflict is that it occurs almost entirely within privately owned computers and networks” (p. 156). To protect the private space and intellectual property (IP), the U.S. government enacted legislation such as the Stop Online Piracy Act and the Protect IP Act, which has obliged content providers to police themselves and monitor content flow. Companies have been obliged to monitor activity going into homes. This type of surveillance was met with protest by individual users, and Congress then passed the Cyber Intelligence Sharing and Protection Act. Senator McCain introduced the SECURE IT Act in 2012 which “rather than increasing government regulation, attempted to remove legal barriers that prevented government and industry from sharing information” (Andres, 2015, p. 159). However, civil rights advocates and business advocates both opposed the bill and it died before being enacted. Since then Congress has had a difficult time legislating in such a way as to respond to those who want privacy on the Web and those who want regulation. The field of cyber forensics is thus stuck in a kind of limbo while Congress figures out what to do next.

The legal issues that crop up in relation to cyber forensics are diverse: within constitutional law, there are issues regarding privacy, search and seizure and the 1st Amendment; within the field of cybercrime, the Computer Fraud and Abuse Act is relevant; in criminal procedure, the 4th, 5th and 6th Amendments apply along with the Electronic Communications Privacy Act; in terms of property law, trade secrets and copyright encroachment are issues that need to be addressed; in contract law, identity management and agency law are issues that require consideration; tort law has a range of issues—from privacy invasion to negligence to downstream liability, defamation and Supervisory Control and Data Acquisition; evidence law issues include accurate representation, hearsay, ephemeral systems and the use of best evidence (Nance & Ryan, 2011). Nance and Ryan (2011) note in particularly that “while the U.S. Constitution provides the foundation for our legal system, the evolution of the Information Age has presented new challenges for interpretation of the constitution” (p. 3). When it comes to just the 1st Amendment, cyber forensics has run into a veritable mine field of issues that current legislation simply does not know how to tackle. The framers of the Constitution never envisioned a virtual world that would be every bit and rough and tumble as the old Wild West was—just in cyber space. Thus, “content-neutral and content-specific regulations, cyberstalking, cyberbullying, and countering hate speech” are all issues that cyber forensics has to touch on now while “pornography and child pornography, spam, and government censorship have provided the courts with a steady stream of cases involving digital and multimedia evidence, and are likely to continue to do so” (Nance & Ryan, 2011, p. 3). And this is just one small example of how legislation is attempting to come to terms of cyber forensics in the digital age.

Cyber crime is another tricky area, primarily because it is almost impossible to define the crime scene (Nance & Ryan, 2011). It is not like in a real world case where a crime scene...…apace—and perhaps that is intentional in one way—for when there is no sheriff in town, the town is free to conduct itself as it pleases. For the military industrial complex, having a clean slate in terms of what is permissible can cover for a multitude of infringements on privacy, infringements on any number of Amendment rights and protections, and many Americans are used to the idea of the government taking a great deal of license when it comes to cyber space. But a cyber forensics investigator has to play by the rules of the office and if those are not defined it becomes difficult to know where the moral or ethical line is to follow.

Ethical considerations have to be made especially in times when the law fails to keep apace with the changing times of the technological world. Even from a simple utilitarian ethical framework, the problem of not knowing wherein lies the greater good makes it problematic for the field of cyber forensics to operate in an ethical manner. When cyber war is a real threat that sits on the table, more may be expected of a cyber forensics investigator than he might feel comfortable doing—such as hacking into foreign systems to obtain data for the sake of national security, spreading malicious software in another nation’s infrastructure for the sake of national security, or setting up a surveillance system that is quite likely outside the realm of jurisdiction (but since jurisdiction is unclearly defined, who is to say?)—the investigator in the field of cyber forensics is suddenly faced with answering very real, very serious, and very problematic questions regarding legality, ethics, morality, and what is just. The longer the law delays in addressing these issues, the longer the realm of cyber space continues to degenerate into a wilderness of moral and ethical chaos.

Conclusion

The digital age is rapidly changing the way the world works today, which is problematic for the laws which were enacted to govern the world of yesterday. Today’s laws must be updated to address the needs of concerns of people in cyberspace. Businesses, people’s data, privacy, and information are all at risk. Legislation needs to catch up to where the digital age has taken cyber forensics today. The field of cyber forensics is dedicated to developing evidence that can be used in a court of law or in cases of dispute resolution. However, because there are many unanswered questions and unaddressed issues about what is allowed, permissible, and not advised, the field of cyber forensics exists largely under a cloud. What one person or entity may believe is advisable or acceptable can be viewed as wholly unadvisable and unacceptable by others. What role, therefore, can a cyber forensics investigator reasonably be expected to play in such an environment? The digital world has altered so many things about the modern world already—and there is still much more likely to be changed. Legislation therefore has to reflect the legal questions that have arisen.