Computer Crime Research Center

etc/map.jpg

Types of computer crime

Date: November 25, 2005
Source: Computer Crime Research Center
By: Scott Charney, Kent Alexander

... District of New York.

But suppose an informant indicates that she was working on her computer in lower Manhattan and saw that her company was keeping a second set of books in an effort to defraud shareholders and the Internal Revenue Service. Based upon this information, agents might get a warrant from the Southern District, enter the office, and copy this critical evidence. Although this would appear to be a straightforward case, what if the informant's computer was part of a local area network (LAN) whose server—the computer on which these records were stored—was actually located in New Jersey? Would a warrant issued in New York support such a seizure? Or suppose the offending company was a multinational corporation and the server was located in a foreign country? What would be the international ramifications of executing a search on a foreign computer system without consulting that country's authorities?

The other major impact caused by the shift to intangibles is that many of the existing theft, damage, and extortion laws protect physical property. Thus, new crimes may need to be defined. [29]

B. The Commingling of Data

Another significant issue is created by commingling, which is the ability of an individual to use one computer to (1) conduct both legal and criminal activities and/or (2) store both contraband and legally possessed material. Commingling is a serious problem defying simple solution. The fact is, one computer can be used simultaneously as a storage device, a communications device (to send, store, or retrieve electronic mail), and a publishing device. Moreover, that same computer can be used simultaneously for both lawful and criminal ventures. For example, individuals who distribute child pornography or copyrighted software over computer bulletin board services (BBSs) may also be publishing a legitimate newsletter on stamp collecting or offering an electronic mail service. By seizing the BBS, we stop the illegal distribution of contraband. At the same time, we may interfere with the publication of the newsletter and the delivery of electronic mail, some of which may affect BBS users with no connection to the illegal activity.

This is by no means a theoretical problem. In Steve Jackson Games, Inc. v. United States Secret Service,[30] the government searched and seized a BBS in an effort to recover stolen information. The owner of the BBS and some of his users then sued the government, claiming a violation of (1) 42 U.S.C. 2000aa, prohibiting the government from searching for or seizing any work product materials possessed by a person reasonably believed to have a purpose to disseminate to the public a newspaper, book, broadcast, or other similar form of public communication, and (2) 18 U.S.C. 2703, restricting government access to electronic communications in electronic storage. Although the district court found that the government had acted in good faith upon a valid warrant, the government was still held civilly liable and ordered to pay damages. Since a BBS investigation may involve the seizure of innocuous material that is hopelessly commingled with contraband, this difficult issue can be expected to arise frequently in the future.

C. Open vs. Secure Systems

When the Internet started as the ARPANET [31] more than twenty-five years ago, it was used primarily by large government organizations, academic institutions, and corporations—trusted users, who presented no crime problem. Of course, as the Internet became available to all, the crime problem increased. This called for increased security, such as access controls with audit trails, and keystroke monitoring that tracks the user's every keystroke and the computer's response. Significantly, these security tools generally involve surveillance; they indicate who signed on, at what time, for how long, and even the nature of their activities while logged on. These tools, if unwisely used, would allow one to monitor the keystrokes of a secretary and then announce with fanfare that the secretary was fired because of hitting the backspace key an average of twenty-two times per minute, thus proving to be a bad typist. This, of course, raises an important issue: how do we protect systems without creating an Orwellian, surveillance-style society?

D. Anonymity or Accountability

One important feature of the Internet is the availability of anonymous communications. [32] There are certainly reasons to allow anonymity in communications networks. For example, whistleblowers—individuals who wish to report misconduct by others, including government agencies or corporations—may wish to remain anonymous, fearing retribution. Those concerned about their privacy may wish to obtain information on a product, but not end up on hundreds of mailing lists for catalogs and phone solicitations. A group of rape victims may wish to convene an electronic meeting to discuss their experiences, but not reveal their identities.

There is another group of individuals who want anonymity: criminals. A primary goal of every criminal scheme is to avoid getting caught, and anonymous remote communications may help criminals avoid detection and arrest. Thus, from both a societal and a law enforcement perspective, accountability is necessary; that is, individuals who harm others must be accountable for their conduct.

This is not, however, solely a criminal law issue; it has broad civil ramifications. For example, suppose an individual sends out an electronic mail message to thousands of people claiming the boss is depressed and a sexual pervert. The individual's employer reads this message, takes offense, and consults an attorney. The goal in doing so is to sue for damages, thereby discouraging the individual from sending such defamatory messages in the future. The attorney recognizes that the case has merit but after further investigation determines that the message came through an anonymous remailer. Thus, the message writer cannot be sued, and it might be impossible to stop future transmissions or seek damages.

Obviously, this is not the type of network to which we aspire: one where individuals are repeatedly defamed, and recipients are bombarded with anonymous messages containing such material. Of course, if enough of such messages are sent to unwanted recipients, we also run the risk that user mailboxes will become cluttered with useless messages, and legitimate messages may not be delivered. It is not enough to say that anonymous messages can simply be filtered out, not if we believe as a society that anonymous messages may be important and should be received.

When discussing this issue with civil liberties groups, they frequently note that communications systems have often offered anonymity. For example, an individual can go to a pay phone and make an anonymous call, or send a letter with no signature or return address. Although this is true, the analogy is flawed. The telephone and mail systems allow predominantly one-to-one communications. Although it is possible to call thousands of people anonymously, doing so takes a lot of time, not to mention a lot of pocket change. By contrast, the one-to-many nature of the Internet alters the scope of communications.

There is, of course, a middle ground between anonymity and accountability: confidentiality. Although a user's identity is generally not known in a confidential system, his or her identity is known to a third party. Thus, in appropriate circumstances (such as through the use of a court order), the identity of a sender can be determined. The problem with this approach is that a promise of confidentiality is sometimes not enough. For example, a crime victim may hesitate to cooperate with the police, fearing retaliation from a defendant, and may ask for assurances that his identity will remain confidential. In response, the government may indicate that permanent confidentiality cannot be assured, because a public trial may be necessary. This risk of disclosure may present a serious problem for the witness, and serve to discourage the type of participation that anonymity encourages.

In the long run, we will need to find a way to balance competing interests—allowing for anonymity in appropriate places but not allowing criminals to benefit from the anonymous capabilities of the Internet. For example, police tip lines that allow for anonymous communications represent such an approach. It might be possible to allow individuals to congregate in certain places where anonymity is assured, with each individual participant on notice as to the benefits—and risks—associated with anonymous communications.

V. THE LAW ENFORCEMENT RESPONSE

A. Training, Training, and More Training

Despite some celebrated convictions, [33] there is lingering concern as to whether federal law enforcement can keep up with the rapid technological changes witnessed in the last decade. However, the Department of Justice is prepared for the challenge and, along with the Federal Bureau of Investigation (FBI), the Secret Service, and other investigative agencies, is committed to assigning highly trained prosecutors and agents to cases involving high-tech crime.

As an important first step, both the FBI and the Justice Department created dedicated computer crime units in 1991. [34] The FBI's Unit, known as the National Computer Crime Squad, is located in Tyson's Corner, Virginia, and is part of the Washington Metropolitan Field Office of the FBI. [35] It has one supervisory special agent and ten special agents dedicated to computer crime matters. The Justice Department's prosecutorial expertise is based in its Computer Crime Section, located in Washington, D.C. This Section contains...


Add comment  Email to a Friend

Discussion is closed - view comments archieve
2010-03-05 06:45:11 - am doing a research on computer crime and... prince onyeani nwosu
2010-02-14 19:04:02 - I am looking for a lil information on... LU Thompson
2010-02-14 19:02:20 - what are the different types of computer... Lou thompson
2010-01-21 08:40:08 - whats up ppl???? andrea and laquan
2009-11-30 23:44:39 - can you discuss it more grace
2009-08-25 09:10:56 - hey!!! robyn
2008-09-27 07:44:36 - k jk
2008-07-07 16:39:22 - Hello everyone! My name is Jackie. I am a... Jacqueline McNeil
2008-06-17 21:29:03 - h!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!... emerzon mananzala
2008-04-24 16:01:01 - Hello I'm doing a research paper on... Regina Martinez
Total 32 comments
Copyright © 2001-2013 Computer Crime Research Center
CCRC logo