The United States does not have one comprehensive data protection law. Instead, many federal data protection laws focus on specific types of data. These laws require organizations to use security controls to protect the different kinds of data that they collect. These laws contain privacy and information security concepts. They also focus on how data is used. Laws that influence information security include the following:
- Children’s Internet Protection Act
- Family Educational Rights and Privacy Act
- Federal Information Systems Management Act
- Gramm-Leach-Bliley Act
- Health Insurance Portability and Accountability Act
- Sarbanes-Oxley Act
The purpose of the Children’s Internet Protection Act is to protect children from exposure to offensive Internet content. CIPA requires public school systems and public libraries that receive E-Rate federal funding to be in compliance with CIPA. CIPA provides best practices for parents and providers of free, public Wi-Fi access to protect children from offensive content.
The Family Educational Rights and Privacy Act are focused on educational institutions such as colleges, universities, and grade schools that have access to lots of information about their students. The information is very sensitive. Privacy concerns are raised if an educational institution improperly discloses this information to third parties. Information such as demographics, address and contact, parental demographics, grade information, and disciplinary information are some of the types of information held on each student.
The Federal Information Systems Management Act (FISMA) was passed in 2002. This act requires federal civilian agencies to provide security controls over resources that support federal operations.
The Gramm-Leach-Bliley Act (GLBA) was passed in 1999. This act requires all types of financial institutions to protect customer’s private financial information.
The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 and requires health care organizations to have security and privacy controls implement to ensure patient privacy.
The Sarbanes-Oxley Act (SOX) passed in 2002, requires publically traded companies to submit accurate and reliable financial reporting. This law does not require security private information, but it does require security controls to protect the confidentiality and integrity of the reporting party.
Rules of Seizing Evidence
When collecting evidence from mobile devices, keep these rules in mind.
- If you plug the device into a computer, make sure the device does not synchronize with the computer.
- Touch the evidence as little as possible. This will prevent damage to the mobile device and potential loss of data.
- Document what you do to the device. If you remove the battery, restart the phone and so on.
- Don’t accidentally write data to the mobile device. This can be prevented by not opening any applications for example, or if you synchronize the phone with a computer. If the forensic workstation is a Windows machine, you can use the Windows Registry to prevent the workstation from writing to the mobile device. Before connecting to a Windows machine, find the Registry key HKEY_LOCAL_MACHINE\System\CurrentControlset\StorageDevicePolicies, set the value to 0×00000001, and restart the computer. This prevents that computer from writing to mobile devices that are connected to it.
The National Institute of Standards and Technology (NIST) guidelines list four different states a mobile device can be in when you extract data:
Nascent State -Devices are in the nascent state when received from the manufacturer—the device contains no user data and has its original factory
Active State -Devices that are in the active state are powered on, performing tasks, and able to be customized by the user and have their filesystems
populated with data.
Semi-Active State -The semi-active state is a state partway between active and quiescent. The state is reached by a timer, which is triggered after a period of
inactivity, allowing battery life to be preserved by dimming the display and taking other appropriate actions.
Quiescent State -The quiescent state is a dormant mode that conserves battery life while maintaining user data and performing other background functions. Context information for the device is preserved in memory to allow a quick resumption of processing when returning to the active state.