Legal Limitations

Law enforcement agencies face many challenges in responding to information attacks in cyber space, particularly attacks that cross national and regional borders and exploit technologies of concealment. It can be difficult to locate a hacker who has looped through multiple systems, used anonymous services, or entered through a wireless connection from a mobile unit. Another challenge is collection and preservation of evidence. Evidence may be encrypted or dispersed across several countries. Tracking an intruder who has used a computer located in the United States will require searches and seizures or wiretaps. These searches may encompass multiple jurisdictions and many laws are not uniform across jurisdictions. Also, many countries have weak laws or no laws at all, against some computer hacking activity. Even if laws exist, extradition may be prohibited, depending on agreements between countries.

Figure 2 highlights the jurisdictional problems with tracking a hacker who has used several computer systems to illegally gain access to AF Systems in Tampa, FL. Each location requires a separate court order from a court with jurisdiction for the geographic location of the computer system that is used. Although, law enforcement agencies have the technology to trace back to the origin of the hacker, each time they access another computer system in the United States, they must have legal authorization to do so. This can cause many delays and difficulties in obtaining the evidence and identifying and eventually locating the perpetrator of a computer attack.

It is this area of identifying the perpetrator of a computer attack that causes the most difficulty for the Department of Defense. The first line of defense is to prevent the attack or intrusion from occurring. However, a strong defense from attack will never be able to completely eliminate all attacks. When an attack occurs, there will be many times when it will be vital for DOD to determine the identity of the intruder and their intentions, whether they be an intentional actor with intent to affect national security or not. It will be impossible for DOD to respond to these actors or for the United States government to take other actions such as economic sanctions or military action without definitely knowing the identity of the perpetrator. As long as the perpetrator uses computer systems located within the United States, DOD will be restricted by law from tracing these actors without assistance from law enforcement agencies using proper court channels.

Although the DOD and its intelligence community have the same tools to trace back information warfare attacks as Law Enforcement; they must abide by US laws within the jurisdiction of the US. When an initial intrusion is identified, they are allowed to track back one connection to determine the immediate origination of the attack.11 However, if the system is located within the US, the DOD is prohibited by US privacy laws to intrude into that system to determine the next link in the chain of attack. The following figure shows the geographic limitations, which restrict DOD in locating and identifying perpetrators of cyber attacks.
Figure.

The next figure shows that if the attack comes directly from overseas, DOD may trace and track the attack. However, if at any time the trace returns back to a US computer system, DOD must abide by US privacy laws

This distinction of US laws dictating the type of response for a computer attack against national and defense information structures is key to how the United States may defend and deter against cyber attacks. Geographic jurisdiction when locating and identifying the perpetrator is an important limitation when discussing the concept of defensive information warfare. Now the concept of computer attacks against the US has blurred the distinction between individual and state acts against the United States. In addition, a country may be at war with us in the sense of conducting information warfare

attacks against our infrastructure and we may not know its identity. This is why it is paramount that DOD build its own robust military criminal investigative organizations as well as continue to work closely with the FBI to identify the perpetrator of cyber attacks. Without this ability to identify and locate the perpetrator, it will be impossible for the US to retaliate against cyber attackers.