IWS - The Information Warfare Site
News Watch Make a  donation to IWS - The Information Warfare Site Use it for navigation in case java scripts are disabled

TESTIMONY

OF

HONORABLE JOSEPH I. CASSILLY

STATE'S ATTORNEY

HARFORD COUNTY, MARYLAND

AND

CHAIR, CYBER CRIME COMMITTEE

NATIONAL DISTRICT ATTORNEYS ASSOCIATION

BEFORE A HEARING OF THE

CRIME SUBCOMMITTEE

OF THE COMMITTEE ON THE JUDICIARY

ON

CYBER CRIME AND LOCAL PROSECUTORS

MAY 24, 2001

My name is Joe Cassilly and I am the elected prosecutor in Harford County, Maryland. I want to thank you on behalf of the National District Attorneys Association, representing the local prosecutors of this Nation, for the opportunity to give you our concerns on cyber crime. On behalf of our members I want to commend this Committee in pursing an area of vital importance to the citizens and our system of criminal justice.

I am also the Chair of the Cyber Crime Committee of the National District Attorneys Association and have served in various capacities within that organization since 1996. I also serve as the NDAA representative on FBI cyber crime working groups as we attempt to develop unified strategies to fight this epidemic. In addition to these national offices, I am also the president of the Maryland State's Attorneys Association.

The views that I express today represent the views of that Association and the beliefs of local prosecutors across this Country. Let me assure you that local prosecutors need your help in tackling this every increasing criminal threat.

To place my remarks in context - on both a local level and on the national stage let me briefly tell you about my jurisdiction. Harford County is northeast of Baltimore and lies along the Susquehanna River. It has a population of about 225,000 people living in towns, suburban and rural areas with one large military base within our jurisdiction. I have been prosecutor for 24 years and honored to serve in my current office for 19 years, having been elected to office 5 times. I still actively try cases as well as supervise a staff that includes 23 deputy and assistant state's attorneys. Annually, my office handles more than 2500 felony cases.

During my tenure as a prosecutor, my office has investigated various computer crimes including cyber stalking, bomb and shooting threats in schools, child pornography, identity theft and on-line fraud schemes. In the course of those investigations I have worked with local, state and federal law enforcement agencies as well as security personnel from the information technology industry.

When we think of "cyber crimes" we frequently look at the headlines of international bugs and viruses - let me personalize this for you.

Recently, one of my police departments was contacted by a teenager in Arizona and told that a teenage boy on an Internet Relay Chat room had threatened a shooting at a Harford County high school. Working through the night the police with assistance from AOL were able to begin to trace back the message. Unfortunately, the police had to wait until another ISP opened the next morning to complete the information and arrest the juvenile. Due to the opening time of school, we were unable to obtain the information before students began arriving and armed, uniformed police officers had to be stationed around the school as a precaution. Needless to say parents and students were quite upset.

In another case, the teenage daughter of a local elected official met a man in a cyberspace chat room. She agreed to meet him. He came in from New York. He drugged her drink, undressed her and videotaped her. When he set up a later meeting, the police were waiting. A search warrant executed in his residence found other victims.

And finally - child pornography. Nothing is as truly revolting and heartbreaking as to get into hidden files on a computer disk only to find movies and still photos of a small child being brutalized, degraded and scarred for life. The demand for these images is an international scandal, which starts each time with one child who needs the protection of local police and prosecutors.

I would like to highlight three areas of concern from the perspective of local prosecutor and use those as the catalyst for any further areas of discussion that you wish to pursue. They are the need for resources and training at the local level; the need for regional forensic laboratories and, lastly, the need for standardization of laws and forensic efforts across the nation and even internationally.

TRAINING AND RESOURCES

Crime once required a physical presence but it doesn't anymore. Computers have created new crimes, such as viruses, denial of services attacks, and hacking. Computers provide innovative new ways to commit old crimes; such as theft, pornography and drug dealing. With these problems have come the development of new investigative challenges, contacting hundreds, even thousands, of victims from a single internet solicitation, defining jurisdiction of a crime that spans dozens of states or countries, getting cooperation from service providers, record storage sites and investigators in other states or countries, new laws regarding obtaining evidence or working with laws in foreign jurisdictions. Learning a new vocabulary of IP, IT, URL, encryption, steganography and volatile memories. Additionally for the prosecutor comes the tasks of having courts recognize computer forensic laboratory techniques and technicians, presenting evidence to judges and juries and assessing the losses for sentencing.

The majority of law enforcement focus will be on financial records, location of stolen property, child pornography, terrorist threats, stalking, trespasses and other thefts and frauds. One or two people on LAN's using the WAN to defraud other smaller users at the other end generally perform these.

One of the major problems of state law enforcement has nothing to do with technology but is basic jurisdiction and cost efficiency. The majority of frauds and thefts are under $100,000 and usually involve parties resident in different states. The federal authorities have little interest in cases under $1 million - so most of the caseload will naturally fall to the states. But will a Prosecutor be willing or have the resources to extradite on a $5,000 theft case?

We also have a lot to learn about search and seizure law as applied to the cyber world. In seizing a computer system it is important to have a very expansive list of items that can and should be seized. Off machine disk drivers can contain more data than the hard drive but if you don't specify them in the warrant you miss crucial evidence.

We also have to recognize that chain of evidence rules still apply and may even be more difficult as hard-and-soft ware goes through various forensic laboratories. A challenge here is when we have to use non-law enforcement organizations (such as the technology industry themselves); then we have to ensure they fully understand the requirements before any thing is actually turned over to them for analysis.

The sheer numbers of cases, which are increasing exponentially every year, is beyond the capability of any one law enforcement agency; yet at the state and local level, where the bulk of our law enforcement capabilities are concentrated, we are particularity unprepared to deal with the sophisticated concepts of cyber crime.

Usually, new prosecutors are trained by more experienced prosecutors in an office, but since cyber crime has only appeared in the last decade there is a dearth of prosecutors with any knowledge in this area. There is some training available at for example the National White Collar Crime Center in West Virginia, but what we need is funding to bring classes and speakers into the states and provide multi-disciplinary training so that prosecutors, investigators and technicians can learn together.

I would note that NDAA's "think tank," the American Prosecutors Research Institute has done some excellent training on a number of complex topics but has not been provided opportunities to work with prosecutors in this emerging and difficult area. A traveling curriculum could quickly give local law enforcement the tools we need to plan and react. It's impossible to convince a jury of something that you don't understand yourself!

Many of our prosecutors have better computers on their kid's desks at home then they do in their offices - some do not even have computers in their offices. In addition you need computers, projectors, zip drives and specialized software to present these cases in the courtroom. By and large we do not have the equipment needed to investigate and prosecute cyber offenses and even when we do it is often out dated compared to the latest equipment that many cyber criminals use.

Bottom line- we need help in seed money to get the computer equipment and the skills to use it at the local level. We need intensive efforts to train prosecutors on trying cases in which computers are used to facilitate the offense. Congress receives many pleas for help but the nature of cyber crime demands national attention.

FORENSIC LABS

Part of the investigative work necessary to identify and prosecute a cyber criminal is the forensic work that must be done to capture and preserve evidence of the criminal activity. Just as a forensic investigator identifies and analyzes evidence at a "traditional" crime scene, evidence from computers must be identified and analyzed. This is, obviously not an easy task and the wait for the work to be done now can be unreasonable. And while we wait for forensic work to be completed cyber criminals may be free to victimize others.

I would like to call the Subcommittees' attention to one solution - that of the regional computer forensic laboratory that has been established in San Diego. The lab's physical set-up was acquired principally with Federal money but it is staffed with law enforcement officers from 27 local, State and Federal police agencies. Not only does this provide the top of the line resources to local law enforcement, but also it leads to standardized procedures, and inter-agency cooperation and information sharing. The lab also contains a classroom that provides the training we need. I would urge that you visit this lab and understand the complexity of the work they do; then I would urge that Congress take the lead to ensure that a series of these labs is developed to serve all levels of government.

This should be contrasted with other places where competing Federal agencies have labs within miles of one another, which do not share resources or experience or cooperate with one another or with neighboring State and local labs.

Years ago, when DNA first became useful as evidence in criminal cases we were slow to realize it's potential to both condemn and clear individuals of criminal activity. And because we were slow we did not develop the laboratory capacity at either the national or state levels to accomplish the necessary forensic capability to support our criminal justice system. We need to learn from this and make sure that we develop forensic facilities for cyber crime before it over whelms our system.

STANDARDIZATION

Standardization relates to two areas.

First, laws. Just as the action of Congress is responsible for a uniform .08 alcohol reading across the United States, Congress could take a lead in uniform laws for securing evidence from out of state witnesses, ISP's and other record storage facilities. For example, America On Line's corporate headquarters are across the Potomac in Loudon County, Virginia. Loudon County is around 200,000 citizens.

According to the Commonwealths Attorney for Loudon County, a day does not go by that his office is not called upon for information and assistance to serve subpoenas, warrants and court orders on AOL for prosecutors from New York to California. In other words the taxpayers of Loudon County are supporting the efforts in other states to fight a national crime problem. This inequity is repeated in many other local prosecutors offices where Internet service providers are located.
Federal laws should make it possible for Federal law enforcement and U.S. attorneys to use their offices to assist in the preparation of subpoenas and warrants and the service of same to assist local law enforcement in the investigation of cyber crime to obtain the evidence and relay it to those states.

Second, laboratory standards. Why is this an issue for local prosecutors? One only has to look at the thousands dollars and thousands of hours of prosecutor preparation and court time for hearings to establish the scientific acceptability and reliability of DNA and the accompanying laboratory procedures for its analysis in court after court to understand why a local prosecutor would be in a standard set of forensic procedures. Since besides law enforcement there many private, national security and other computer investigators and forensic laboratories, laboratory standards might best come from the National Bureau of Standards with input from law enforcement, the IT industry and others.

A uniform set of standards would improve laboratory quality and from a prosecutor's perspective allow the prosecutor and the judge or jury to know that evidence they rely on for guilt or innocence determinations was obtained with the best practices and is not likely to be attacked in court

It is crucial that we have the ability to investigate and prosecute cases involving cyber technology - our citizens deserve nothing less. We cannot do this unless we adopt courses of action that afford a unified approach to the problem. If out law enforcement efforts continue to develop in a random manner, as they are at this time, we will not be protecting out citizens and our confusion will only be aiding criminals.

On behalf of America's prosecutors I, and the National District Attorneys Association look forward to working with you on limiting and even ending crimes committed using advanced technology.

For further information contact

Jim Polley

Director, Government Affairs

National District Attorneys Assn

(703) 519-1651 or james.polley@ndaa-apri.org