1.
Introduction: the challenges of «Cloud computing» in the legal field ^
2.
Theoretical framework: «Philosophy of Information» and «Onlife Manifesto» ^
Starting with the first, we may say that the «Philosophy of Information» shapes a metaphysical perspective from the cybernetic11 vision, identifying three ontological statuses of «information»: (1) «Information as reality», for example the electrical signal, which is transmitted regardless of the message contained, (2) «Information about reality», that is information about natural phenomena, (3) «Information for reality», which conveys instructions or algorithms to one or many recipients. The evolution of the contemporary concept of «information» is represented in the following table12.
Information theory13 | Cybernetics | Philosophy of Information14 |
Technical information | Technological information | Information as reality |
Semantic information | Natural information | Information about reality |
Influential information | Cultural information | Information for reality |
Table 1: Three ontological statuses of «information»
3.
Legal Theory: legal proceedings as LOA and MAAS ^
4.
Forensic Sciences: a theoretical framework for digital and cloud forensics ^
5.
The example of LegalEYE™ ^
6.
Final Remarks: from current issues to future opportunities ^
7.
References ^
Association of Chief Officers Policy, Good Practice Guide for Digital Evidence, Version 5, ACPO, 2012.
Attanasio, Antonino/Costabile, Gerardo (eds.), IISFA Memberbook 2012. Digital Forensics. Knowledge sharing among members of the IISFA Chapter, Experta, Forlì 2013.
Attanasio, Antonino/Costabile, Gerardo (eds.), IISFA Memberbook 2013. Digital Forensics. Knowledge sharing among members of the IISFA Chapter, Experta, Forlì 2014.
Barabási, Albert-László, Network science, Philosophical Transactions of the Royal Society A: Mathematical, Physical and Engineering Sciences 2013, Vol. 371, Issue 1987.
Baran, Paul, On Distributed Communications Networks. RAND Corporation papers, RAND 1962.
Bateson, Gregory, Mind and nature: a necessary unity, Dutton, New York 1979.
Birk, Dominik/Panico, Michael (eds.), Mapping the Forensic Standard ISO / IEC 27037 to Cloud Computing CSA (Cloud Security Alliance), 2013.
Borgmann, Albert, Holding on to reality. The nature of information at the turn of the millennium, University of Chicago Press, Chicago 1999.
Council of Europe, Electronic evidence guide – A basic guide for police officers, prosecutors and judges Version 1.0, 2013.
Floridi, Luciano, The Ethics of Information, Oxford University Press, London 2013.
Floridi, Luciano (ed.), The Onlife Manifesto. Being Human in a Hyperconnected Era, Open Access Springer, Berlin-Heidelberg 2015.
Floridi, Luciano, The Philosophy of Information, Oxford University Press, Oxford 2013.
Floridi, Luciano/Illari, Phyllis, The Philosophy of Information Quality, Synthese Library, 358, Springer, Berlin-Heidelberg 2014.
Gettier, Edmund, Is Justified True Belief Knowledge?, Analysis 1963, Vol. 23, Issue 6, pp. 121–123.
Harjinder Singh, Lallie/ Lee, Pimlott, Challenges in applying the principles in ACPO cloud forensic investigations, the Journal of Digital Forensics, Security and Law 2012, Vol. 7, Issue 1, pp. 15–28.
IACIS, Internet Forensics and Investigation Training Program, 2015.
Illari, Phyllis/Allo, PatrickBaumgaertner, Bert/D’Alfonso, Simon/Fresco, Nir/Gobbo, Federico/Grubaugh, Carson/Iliadis, Andrew/Kerr, Eric/Giuseppe, Primiero/Russo, Federica/Schulz, Christoph/Taddeo, Mariarosaria/Turilli, Matteo/Vakarelov, Orlin/Zenil, Hector, The Philosophy of Information – a Simple Introduction. Society for the Philosophy of Information, 2012.
Kohn, M. D./Eloff, M. M./Eloff, J. H. P., Integrated digital forensic process model, Computers & Security 2013, Vol. 38, pp. 103–115.
Luhmann, Niklas, Soziale Systeme. Grundriss einer allgemeinen Theorie, Suhrkamp, Frankfurt am Main 1984.
Maturana, Humberto R./Stafford Beer, Anthony/Varela, Francisco J., Autopoiesis and cognition: the realization of the living, Boston Studies in the Philosophy of Science, 42, D. Reidel Pub. Co., Dordrecht 1972.
Mell, Peter/ Grance, Timothy, The NIST Definition of Cloud Computing, NIST Special Publication 800-145, U.S. Department of Commerce, Gaithersburg 2011.
NIST Cloud Computing Forensic Science Working Group, NIST Cloud Computing Forensic Science Challenges, 2014.
Oliveira, José Antonio Maurilio Milagre/Caiado, Marcelo Beltrão, Cloud Forensics. Best practice and challenges for process efficiency of investigations and digital forensics, Proceedings of the Eight Conference in Computer Science ICOFCS, Brasilia, 2013.
Palmer, Gary, A Road Map for Digital Forensic Research. Report From the First Digital Forensic Research Workshop (DFRWS), New York 2001.
Pichan, Ameer/Lazarescu, Mihai/Soh, Sie Teng, Cloud forensics: Technical challenges, solutions and comparative analysis, Digital Investigation 2015, Vol. 13, pp. 38–57.
Povar, Digambar/Geethakumari, G., A Heuristic Model for Performing Digital Forensics in Cloud Computing Environment. In: Mauri JaimeLloret, Thampi SabuM, Rawat DandaB, Jin Di (eds.), Security in Computing and Communications, Communications in Computer and Information Science, Springer, Berlin-Heidelberg 2014, pp. 341–352.
Ruan, Keyun/Carthy, Joe/Kechadi, Tahar/Baggili, Ibrahim, Cloud forensics definitions and critical criteria for cloud forensic capability: An overview of survey results, Digital Investigation 2013, Vol. 10, Issue 1, pp. 34–43.
Ruan, Keyun/Carthy, Joe/Kechadi, Tahar/Crosbie, Mark, Cloud forensics, Advances in digital forensics VII Springer, Berlin-Heidelberg 2011, pp. 35–46.
Schafer, Burkhard, Information Quality and Evidence Law: A New Role for Social Media, Digital Publishing and Copyright Law? In: Floridi Luciano, Illari Phyllis (eds.), The Philosophy of Information Quality, Synthese Library, 358, Springer, Berlin-Heidelberg 2014, pp. 217–238.
Sharma, Sugan, Evolution of as-a-Service Era in Cloud. https://arxiv.org/abs/1507.00939v1, 2015.
Simon, Judith, Distributed Epistemic Responsibility in a Hyperconnected Era. In: Floridi Luciano (ed.), The Onlife Manifesto, Springer, Berlin-Heidelberg 2015, pp. 145–159.
Simou, Stavros/Kalloniatis, Christos/Kavakli, Evangelia/Gritzalis, Stefanos, Cloud Forensics: Identifying the Major Issues and Challenges. In: Jarke Matthias, Mylopoulos John, Quix Christoph, Rolland Colette, Manolopoulos Yannis, Mouratidis Haralambos, Horkoff Jennifer (eds.), Advanced Information Systems Engineering, Lecture Notes in Computer Science, Springer, Berlin-Heidelberg 2014, pp. 271–284.
van Beek, H. M. A./van Eijk, E. J./van Baar, R. B./Ugen, M./Bodde, J. N. C./Siemelink, A. J., Digital forensics as a service: Game on, Digital Investigation 2015, Vol. 15, pp. 20–38.
Weaver, Warren, The Matemathics of Communication, Scientific American 1949, Vol. 181, Issue 1, pp. 11–15.
- 1 Baran, On Distributed Communications Networks; Barabási, Network science, Philosophical Transactions of the Royal Society A.
- 2 Cloud computing has been defined as «a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction». Mell/Grance, The NIST Definition of Cloud Computing, p. 6.
- 3 Sharma, Evolution of as-a-Service Era in Cloud.
- 4 In IaaS «the capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., web-based email), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings». Mell/Grance, The NIST Definition of Cloud Computing, p. 7.
- 5 In PaaS «the capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment». Ibid.
- 6 In SaaS «the capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g., host firewalls)» . Ibid.
- 7 In other words, to understand if and how, for example, a specific file stored on a cloud can be considered legally as «evidence», it has to be legally granted the relationship among the circumstances as such (the historical fact as it happened), their knowledge (the legitimacy of the belief built upon it) and their representation in trial (its meaning in that given context).
- 8 As for the first aspect, networked data produce results expressed in terms of statistical probability which cannot be qualified neither as empirical finding, nor as full presumption or legal argument. Regarding the second profile, «digital evidence» is neither an empirical medium (a physical «thing»), nor a witness» statement (an intangible «word»), thus it is complicated, according to traditional legal science, to validate the veracity of a source, the accuracy of an analysis or the integrity of a results.
- 9 Floridi, The Philosophy of Information.
- 10 Floridi (ed.), The Onlife Manifesto. Being Human in a Hyperconnected Era.
- 11 See Bateson, Mind and nature: a necessary unity; Maturana/Stafford Beer/Varela, Autopoiesis and cognition: the realization of the living, Boston Studies in the Philosophy of Science.
- 12 It is important to observe that only one of the three concepts detected, the «information about reality», can be «true» or «false». In other words, it can be qualified by an «alethic» value. Therefore, we can state that the concept of «evidence» can be included only in this genre.
- 13 Weaver, The Matemathics of Communication, Scientific American, pp. 11–15 (p. 11).
- 14 Borgmann, Holding on to reality. The nature of information at the turn of the millennium.
- 15 From such perspective, the outcome of an analysis – its «meaning» – requires: (1) the preliminary definition of a LoA; (2) a rigorous epistemic strategy in qualifying the findings as observable «objects», see Illari et al., The Philosophy of Information – a Simple Introduction; Floridi, The Ethics of Information, p. 29.
- 16 Law in itself becomes a kind of social technology – maybe the most efficient one – since legal rules are designed with the specific purpose of controlling interactions among people. More precisely, laws contribute in determining the ecosystem of technological processes where MASs are operating.
- 17 This perspective is very similar to that envisioned by Luhmann, see Luhmann, Soziale Systeme. Grundriss einer allgemeinen Theorie.
- 18 Some scholars argue that each agent in a MAS is charged with an «epistemic responsibility», assuming the duty – qualified almost as an ethical obligation – to gather, organize and share valuable information to enable others making rational decisions and obtain effective results from their interactions. Simon, Distributed Epistemic Responsibility in a Hyperconnected Era, pp. 145–159.
- 19 We can qualify a juridical proceeding as a kind of system exchanging information with its environment: on the one hand it receives certain inputs (evidences and procedural rules) just, on the other hand, it generates certain outputs (decisions and other minor outcomes). In this sense, in terms of «information about reality» we can build an abstract and general definition of evidence regardless of its empirical nature (a written document or a witness hearing) and its physical support appearance (a physical media or an electronic device).
- 20 Floridi/Illari, The Philosophy of Information Quality.
- 21 As an example, we can mention the illustrative factors considered by U.S. jurisprudence in order to assess an expert witness’ opinion, expressed in form of a check-list according to decision Daubert / Merrell Dow Pharmaceuticals (1993): «(1) whether the expert’s technique or theory can be or has been tested – that is, whether the expert’s theory can be challenged in some objective sense, or whether it is instead simply a subjective, conclusory approach that cannot reasonably be assessed for reliability; (2) whether the technique or theory has been subject to peer review and publication; (3) the known or potential rate of error of the technique or theory when applied; (4) the existence and maintenance of standards and controls; and (5) whether the technique or theory has been generally accepted in the scientific community» (see Federal Rules of Evidence, art. VII, Rule 702).
- 22 Digital forensics have been defined as «the use of scientifically derived and proven methods toward the preservation, collection, validation, identification, analysis, interpretation, documentation, and presentation of digital evidence derived from digital sources for the purpose of facilitation or furthering the reconstruction of events found to be criminal, or helping to anticipate unauthorized actions shown to be disruptive to planned operations». Palmer, A Road Map for Digital Forensic Research, p. 23. Scholars classified in different taxonomies the activities performed in digital forensics and developed various models. Kohn/Eloff/Eloff, Integrated digital forensic process model, pp. 103–115.
- 23 Schafer, Information Quality and Evidence Law: A New Role for Social Media, pp. 217–238.
- 24 van Beek/van Eijk/van Baar/Ugen/Bodde/Siemelink, Digital forensics as a service: Game on, pp. 20–38.
- 25 CoE «Budapest» Convention on Cybercrime of 23 November 2001 (STE n. 185), art. 19 par. 3: «Each Party shall adopt such legislative and other measures […]. These measures shall include the power to: a) seize or similarly secure a computer system or part of it or a computer-data storage medium; b) make and retain a copy of those computer data; c) maintain the integrity of the relevant stored computer data […]».
- 26 Cloud forensics have been defined as «the application of computer forensics principles and procedures in a cloud computing environment». Povar/Geethakumari, A Heuristic Model for Performing Digital Forensics in Cloud Computing Environment, p. 341–352 (p. 344).
- 27 Pichan/Lazarescu/Soh, Cloud forensics: Technical challenges, solutions and comparative analysis, pp. 38–57; Ruan/Carthy/Kechadi/Crosbie, Cloud forensics, pp. 35–46; Ruan/Carthy/Kechadi/Baggili, Cloud forensics definitions and critical criteria for cloud forensic capability: An overview of survey results, pp. 34–43. Said challenges are «unique» to the cloud environment, or «exacerbated» by it. Some scholars propose a different taxonomy in forensics» process – i) Identification, ii) Preservation, Collection, iii) Examination, iv) Presentation – and classify challenges according to the phases afflicted by them. Simou/Kalloniatis/Kavakli/Gritzalis, Cloud Forensics: Identifying the Major Issues and Challenges, pp. 271–284 (p. 275).
- 28 NIST Cloud Computing Forensic Science Working Group, NIST Cloud Computing Forensic Science Challenges.
- 29 From a practical perspective, we could say that, while in digital forensics usually evidence emerges only after the acquisition of the physical support or the access to the domain, in cloud forensics data are immediately detectible and readily visible, but remain difficult to fix in a definitive and univocal representation. Let us assume that we need to secure evidence from a Facebook chat. If we could analyse the physical device used, the forensic procedure would be quite easy: using a «write blocker», calculating the «hash» and generating a digital «time stamp», we would obtain a «forensic image» of the hard drive; only after that we would look for Facebook artefacts, a complex challenge indeed. If, on the contrary, we would acquire evidence directly from Facebook, the data could be easily identified, but it would be required a different process to collect them, assuming that the provider would not enable access to servers. Obviously, a printed web page or a saved screenshot are not suitable for constituting evidence, notwithstanding what many lawyers still believe.
- 30 Some experts use tools like Linux-live based operating system – such as DEFT (http://www.deftlinux.net/it/) or Caine (http://www.caine-live.net/) – in order to monitor network traffic (via «dump»), record the browsing activity (via video), generate various system logs and finally secure the result (with a digital «time stamp»). This laborious procedure, prone to human error due to several tasks to be performed, still does not provide any technical guarantee of the authenticity of the evidence collected.
- 31 Information technology – Security techniques – Guidelines for identification, collection, acquisition and preservation of digital evidence.
- 32 All this jobs are performed while another part of the LegalEYE™ cloud environment monitors the infrastructure itself, guaranteeing safeguard, compliance and reproducibility. The security of the LegalEYE™ environment takes advantage of Citrix Netscaler, Layer 7 firewalls, Zabbix, and other powerful and well-known services.
- 33 CoE «Budapest» Convention, cit.; Birk/Panico (eds.), Mapping the Forensic Standard ISO / IEC 27037 to Cloud Computing CSA (Cloud Security Alliance); NIST Cloud Computing Forensic Science Working Group, NIST Cloud Computing Forensic Science Challenges; Council of Europe, Electronic evidence guide; IACIS, Internet Forensics and Investigation Training Program; Association of Chief Officers Policy, Good Practice Guide for Digital Evidence; Harjinder Singh/Lee, Challenges in applying the principles in ACPO cloud forensic investigations, pp. 15–28; Oliveira/Caiado, Cloud Forensics. Best practice and challenges for process efficiency of investigations and digital forensics; Attanasio/Costabile (eds.), IISFA Memberbook 2012; Attanasio/Costabile (eds.), IISFA Memberbook 2013.