HONORABLE JOSEPH I. CASSILLY
HARFORD COUNTY, MARYLAND
CHAIR, CYBER CRIME COMMITTEE
NATIONAL DISTRICT ATTORNEYS ASSOCIATION
BEFORE A HEARING OF THE
OF THE COMMITTEE ON THE JUDICIARY
CYBER CRIME AND LOCAL PROSECUTORS
MAY 24, 2001
My name is Joe Cassilly and I am the elected prosecutor in Harford
County, Maryland. I want to thank you on behalf of the National
District Attorneys Association, representing the local prosecutors
of this Nation, for the opportunity to give you our concerns on
cyber crime. On behalf of our members I want to commend this Committee
in pursing an area of vital importance to the citizens and our system
of criminal justice.
I am also the Chair of the Cyber Crime Committee of the National
District Attorneys Association and have served in various capacities
within that organization since 1996. I also serve as the NDAA representative
on FBI cyber crime working groups as we attempt to develop unified
strategies to fight this epidemic. In addition to these national
offices, I am also the president of the Maryland State's Attorneys
The views that I express today represent the views of that Association
and the beliefs of local prosecutors across this Country. Let me
assure you that local prosecutors need your help in tackling this
every increasing criminal threat.
To place my remarks in context - on both a local level and on the
national stage let me briefly tell you about my jurisdiction. Harford
County is northeast of Baltimore and lies along the Susquehanna
River. It has a population of about 225,000 people living in towns,
suburban and rural areas with one large military base within our
jurisdiction. I have been prosecutor for 24 years and honored to
serve in my current office for 19 years, having been elected to
office 5 times. I still actively try cases as well as supervise
a staff that includes 23 deputy and assistant state's attorneys.
Annually, my office handles more than 2500 felony cases.
During my tenure as a prosecutor, my office has investigated various
computer crimes including cyber stalking, bomb and shooting threats
in schools, child pornography, identity theft and on-line fraud
schemes. In the course of those investigations I have worked with
local, state and federal law enforcement agencies as well as security
personnel from the information technology industry.
When we think of "cyber crimes" we frequently look at the headlines
of international bugs and viruses - let me personalize this for
Recently, one of my police departments was contacted by a teenager
in Arizona and told that a teenage boy on an Internet Relay Chat
room had threatened a shooting at a Harford County high school.
Working through the night the police with assistance from AOL were
able to begin to trace back the message. Unfortunately, the police
had to wait until another ISP opened the next morning to complete
the information and arrest the juvenile. Due to the opening time
of school, we were unable to obtain the information before students
began arriving and armed, uniformed police officers had to be stationed
around the school as a precaution. Needless to say parents and students
were quite upset.
In another case, the teenage daughter of a local elected official
met a man in a cyberspace chat room. She agreed to meet him. He
came in from New York. He drugged her drink, undressed her and videotaped
her. When he set up a later meeting, the police were waiting. A
search warrant executed in his residence found other victims.
And finally - child pornography. Nothing is as truly revolting
and heartbreaking as to get into hidden files on a computer disk
only to find movies and still photos of a small child being brutalized,
degraded and scarred for life. The demand for these images is an
international scandal, which starts each time with one child who
needs the protection of local police and prosecutors.
I would like to highlight three areas of concern from the perspective
of local prosecutor and use those as the catalyst for any further
areas of discussion that you wish to pursue. They are the need for
resources and training at the local level; the need for regional
forensic laboratories and, lastly, the need for standardization
of laws and forensic efforts across the nation and even internationally.
TRAINING AND RESOURCES
Crime once required a physical presence but it doesn't anymore.
Computers have created new crimes, such as viruses, denial of services
attacks, and hacking. Computers provide innovative new ways to commit
old crimes; such as theft, pornography and drug dealing. With these
problems have come the development of new investigative challenges,
contacting hundreds, even thousands, of victims from a single internet
solicitation, defining jurisdiction of a crime that spans dozens
of states or countries, getting cooperation from service providers,
record storage sites and investigators in other states or countries,
new laws regarding obtaining evidence or working with laws in foreign
jurisdictions. Learning a new vocabulary of IP, IT, URL, encryption,
steganography and volatile memories. Additionally for the prosecutor
comes the tasks of having courts recognize computer forensic laboratory
techniques and technicians, presenting evidence to judges and juries
and assessing the losses for sentencing.
The majority of law enforcement focus will be on financial records,
location of stolen property, child pornography, terrorist threats,
stalking, trespasses and other thefts and frauds. One or two people
on LAN's using the WAN to defraud other smaller users at the other
end generally perform these.
One of the major problems of state law enforcement has nothing to
do with technology but is basic jurisdiction and cost efficiency.
The majority of frauds and thefts are under $100,000 and usually
involve parties resident in different states. The federal authorities
have little interest in cases under $1 million - so most of the
caseload will naturally fall to the states. But will a Prosecutor
be willing or have the resources to extradite on a $5,000 theft
We also have a lot to learn about search and seizure law as applied
to the cyber world. In seizing a computer system it is important
to have a very expansive list of items that can and should be seized.
Off machine disk drivers can contain more data than the hard drive
but if you don't specify them in the warrant you miss crucial evidence.
We also have to recognize that chain of evidence rules still apply
and may even be more difficult as hard-and-soft ware goes through
various forensic laboratories. A challenge here is when we have
to use non-law enforcement organizations (such as the technology
industry themselves); then we have to ensure they fully understand
the requirements before any thing is actually turned over to them
The sheer numbers of cases, which are increasing exponentially every
year, is beyond the capability of any one law enforcement agency;
yet at the state and local level, where the bulk of our law enforcement
capabilities are concentrated, we are particularity unprepared to
deal with the sophisticated concepts of cyber crime.
Usually, new prosecutors are trained by more experienced prosecutors
in an office, but since cyber crime has only appeared in the last
decade there is a dearth of prosecutors with any knowledge in this
area. There is some training available at for example the National
White Collar Crime Center in West Virginia, but what we need is
funding to bring classes and speakers into the states and provide
multi-disciplinary training so that prosecutors, investigators and
technicians can learn together.
I would note that NDAA's "think tank," the American Prosecutors
Research Institute has done some excellent training on a number
of complex topics but has not been provided opportunities to work
with prosecutors in this emerging and difficult area. A traveling
curriculum could quickly give local law enforcement the tools we
need to plan and react. It's impossible to convince a jury of something
that you don't understand yourself!
Many of our prosecutors have better computers on their kid's desks
at home then they do in their offices - some do not even have computers
in their offices. In addition you need computers, projectors, zip
drives and specialized software to present these cases in the courtroom.
By and large we do not have the equipment needed to investigate
and prosecute cyber offenses and even when we do it is often out
dated compared to the latest equipment that many cyber criminals
Bottom line- we need help in seed money to get the computer equipment
and the skills to use it at the local level. We need intensive efforts
to train prosecutors on trying cases in which computers are used
to facilitate the offense. Congress receives many pleas for help
but the nature of cyber crime demands national attention.
Part of the investigative work necessary to identify and prosecute
a cyber criminal is the forensic work that must be done to capture
and preserve evidence of the criminal activity. Just as a forensic
investigator identifies and analyzes evidence at a "traditional"
crime scene, evidence from computers must be identified and analyzed.
This is, obviously not an easy task and the wait for the work to
be done now can be unreasonable. And while we wait for forensic
work to be completed cyber criminals may be free to victimize others.
I would like to call the Subcommittees' attention to one solution
- that of the regional computer forensic laboratory that has been
established in San Diego. The lab's physical set-up was acquired
principally with Federal money but it is staffed with law enforcement
officers from 27 local, State and Federal police agencies. Not only
does this provide the top of the line resources to local law enforcement,
but also it leads to standardized procedures, and inter-agency cooperation
and information sharing. The lab also contains a classroom that
provides the training we need. I would urge that you visit this
lab and understand the complexity of the work they do; then I would
urge that Congress take the lead to ensure that a series of these
labs is developed to serve all levels of government.
This should be contrasted with other places where competing Federal
agencies have labs within miles of one another, which do not share
resources or experience or cooperate with one another or with neighboring
State and local labs.
Years ago, when DNA first became useful as evidence in criminal
cases we were slow to realize it's potential to both condemn and
clear individuals of criminal activity. And because we were slow
we did not develop the laboratory capacity at either the national
or state levels to accomplish the necessary forensic capability
to support our criminal justice system. We need to learn from this
and make sure that we develop forensic facilities for cyber crime
before it over whelms our system.
Standardization relates to two areas.
First, laws. Just as the action of Congress is responsible for a
uniform .08 alcohol reading across the United States, Congress could
take a lead in uniform laws for securing evidence from out of state
witnesses, ISP's and other record storage facilities. For example,
America On Line's corporate headquarters are across the Potomac
in Loudon County, Virginia. Loudon County is around 200,000 citizens.
According to the Commonwealths Attorney for Loudon County, a day
does not go by that his office is not called upon for information
and assistance to serve subpoenas, warrants and court orders on
AOL for prosecutors from New York to California. In other words
the taxpayers of Loudon County are supporting the efforts in other
states to fight a national crime problem. This inequity is repeated
in many other local prosecutors offices where Internet service providers
Federal laws should make it possible for Federal law enforcement
and U.S. attorneys to use their offices to assist in the preparation
of subpoenas and warrants and the service of same to assist local
law enforcement in the investigation of cyber crime to obtain the
evidence and relay it to those states.
Second, laboratory standards. Why is this an issue for local prosecutors?
One only has to look at the thousands dollars and thousands of hours
of prosecutor preparation and court time for hearings to establish
the scientific acceptability and reliability of DNA and the accompanying
laboratory procedures for its analysis in court after court to understand
why a local prosecutor would be in a standard set of forensic procedures.
Since besides law enforcement there many private, national security
and other computer investigators and forensic laboratories, laboratory
standards might best come from the National Bureau of Standards
with input from law enforcement, the IT industry and others.
A uniform set of standards would improve laboratory quality and
from a prosecutor's perspective allow the prosecutor and the judge
or jury to know that evidence they rely on for guilt or innocence
determinations was obtained with the best practices and is not likely
to be attacked in court
It is crucial that we have the ability to investigate and prosecute
cases involving cyber technology - our citizens deserve nothing
less. We cannot do this unless we adopt courses of action that afford
a unified approach to the problem. If out law enforcement efforts
continue to develop in a random manner, as they are at this time,
we will not be protecting out citizens and our confusion will only
be aiding criminals.
On behalf of America's prosecutors I, and the National District
Attorneys Association look forward to working with you on limiting
and even ending crimes committed using advanced technology.
For further information contact
Director, Government Affairs
National District Attorneys Assn
(703) 519-1651 or firstname.lastname@example.org