Investigative powers and Power of intervention for DLT applications - - PowerPoint PPT Presentation
Investigative powers and Power of intervention for DLT applications #DLTm Presented by Trevor Sammut Public DLT/blockchain applications (i) Run over multiple machines (called nodes); (ii) connected in an ad hoc manner; (iii) typically
Presented by Trevor Sammut
Public DLT/blockchain applications
(i) Run over multiple machines (called nodes); (ii) connected in an ad hoc manner; (iii) typically anonymous; (iv) redundant data i.e. blocking a number of machines does not affect it; (v) the network is dynamic (nodes may appear
Public DLT/blockchain applications
(i) Run over multiple machines (called nodes); (ii) connected in an ad hoc manner; (iii) typically anonymous; (iv) redundant data i.e. blocking a number of machines does not affect it; (v) the network is dynamic (nodes may appear
Public DLT/blockchain applications
(i) Run over multiple machines (called nodes); (ii) connected in an ad hoc manner; (iii) typically anonymous; (iv) redundant data i.e. blocking a number of machines does not affect it; (v) the network is dynamic (nodes may appear
Public DLT/blockchain applications
(i) Some of the nodes may be running under Maltese jurisdiction, but not necessarily; (ii) remember that stopping these nodes does not stop the execution of the application.
Maltese jurisdiction
Users of the application
(i) May interact by sending transactions to any node; (ii) users are typically also anonymous; (iii) although who the user is may not be known, all transactions to and from a user-address is visible and cannot be modified.
Maltese jurisdiction Users of the application
(i) Users may be operating from Malta or outside; (ii) through a node located in Malta or beyond.
Users of the application
(i) For simplicity of use, many DLT applications are accessed via mobile apps or websites; but (ii) this does not stop users from accessing it directly through the DLT; (iii) for these users, the decentralized network can be seen as a monolithic database but which is immune to individual attacks.
Users of the application
The server may have access to certain information about access to the DLT application which is normally not available on the DLT nodes themselves e.g. IP address of user. Enforcement here shares options and challenges as when enforcing activity on normal websites. The architecture of any system NEEDS TO BE UNDERSTOOD CAREFULLY first.
MDIA Certified DLT Applications
ITAs require (i) a Forensic Node in Malta; and (ii) a Technical Administrator based in Malta who is responsible for maintaining and giving access to the forensic node to the relevant authorities.
Maltese jurisdiction
Forensic node Technical Administrator
Forensic Node
The Forensic Node keeps an audit trail of all that is happening on the application be it (i) on the DLT (e.g. transactions); (ii) web site (e.g. IPs of users); (iii) website back-end (e.g. any KYC/AML checks done by the service provider to white list users); and (iv) mobile app (e.g. relevant user interaction).
Maltese jurisdiction
Technical Administrator Forensic node
Power-of-Intervention
The Forensic Node must also contain the logic to be able (where and when possible) to use the information stored in the node audit trail to intervene when things go wrong (e.g. when a court decides that a certain transaction should be reversed). This can be invoked by the technical administrator. The data must be handed over in a traceable form to investigative authorities (ex: Police). Full details are in the Forensic Node Guidelines by MDIA.
Maltese jurisdiction
Technical Administrator Forensic node
Investigation and Intervention (I)
Keep in mind that intervening on the DLT itself is impossible. Intervening at the website/server-level is also useless since the application can still be accessed by users.
Maltese jurisdiction
Technical Administrator Forensic node
Investigation and Intervention (II)
If the Forensic Node is seized and blocked, the functionality of the DLT application is not impaired, and will proceed nonetheless.
Maltese jurisdiction
Technical Administrator Forensic node
Investigation and Intervention (III)
Even worse, if the Forensic Node is seized and its functionality stopped for investigative reasons, power-of-intervention may be impaired e.g. if an application is performing illegal transactions, and the FN is stopped, information about transactions taking place after would NOT be kept for PoIicing purposes.
Maltese jurisdiction
Technical Administrator Forensic node
Investigation and Intervention (IV)
If the Forensic Node contains multiple copies of the database, certified by the MDIA to be identical, it would suffice to seize one of the servers storing all the data, but allow the Forensic Node to proceed unhindered thus not compromising power-of-intervention.
Maltese jurisdiction
Technical Administrator Forensic node
On Scams, User Exploitation, Phishing and the innovative technologies that cybercriminals can employ with criminal intent. website: https://www.mdia.gov.mt DLT Guidelines Link: https://mdia.gov.mt/ita-guidelines/ AI Guidelines (Consultation Drafts to be finalised soon): https://mdia.gov.mt/consultation
Email: Trevor.Sammut@MDIA.gov.mt
Timothy J. ZAMMIT Inspector of Police Cyber Crime Unit
that it is a technical fault. Computer server is formatted and a new
technical fault.
deleted.
IP address in two of these instances.
revenge.
No policies in place = a recipe for disaster!
SUPPORT ENDED IN APRIL 2014 SUPPORT ENDED IN JANUARY 2020
Timothy J. ZAMMIT Inspector of Police Cyber Crime Unit Malta Police Force (+356) 2294 2231 - 2 timothy.zammit@gov.mt computer.crime@gov.mt