Mr. Chairman and Members of the Subcommittee, I thank you for
this opportunity to testify on the topic of cyber crime and efforts
at the state level to combat it. Two factors have converged in
recent years to bring about a major criminal justice problem:
the wide spread use of computers and the Internet to commit crimes,
and a critical lack of resources, especially at the state and
local level, to combat computer-related crime. Last September,
Attorney General John Cornyn launched the Texas Internet Bureau
to address the rapid growth of cyber crime in Texas. Since that
time the investigators and prosecutors at the Internet Bureau
have been faced with a daunting array of cases -- from Internet
savvy child predators and online child pornographers to computer
hackers, identity thieves and computer fraudsters. Modern day
criminals have learned to exploit the Internet and leverage computer
technology to reach a virtually unlimited number of victims while
maintaining a maximum level of anonymity, and I have no doubt
that the number and variety of computer crimes will continue to
Unfortunately, one of the biggest problems is that computer
criminals are targeting the most vulnerable of our society --
children. While the Internet has revolutionized the ways in which
the world communicates, there is an equally awesome dark side.
According to the Federal Bureau of Investigation, child pornography
was virtually extinct prior to the advent of the Internet. However,
with increased Internet usage in America and the world there has
been an alarming increase in child pornography cases. According
to the U.S. Postal Service, 40 percent of the offenders who have
been arrested with child pornography downloaded from the Internet
have sexually assaulted minors. The National Center for Missing
and Exploited Children and the Crimes Against Children Research
Center's June 2000 report entitled Online Victimization: A Report
on the Nation's Youth presents startling and disturbing results.
Based on interviews with a nationally representative sample of
1,501 youths ages 10 to 17 who use the Internet regularly, the
- Approximately one in five children received a sexual solicitation
or approach over the Internet in the last year.
- One in thirty-three received an aggressive
sexual solicitation - a solicitor who asked to meet them somewhere;
called them on the telephone; sent them paper mail, money, or
- One in four children had an unwanted exposure on the Internet
to pictures of naked people or people having sex in
the last year.
- One in seventeen children was threatened or harassed.
- Approximately one quarter of the children who reported these
incidents were distressed by them.
- The interviewed children reported less than 10% of the sexual
solicitations and only 3% of the unwanted exposure episodes
to law enforcement, the Internet Service Provider, or a hotline.
- Only about 25% of the youth sexually solicited or approached
told a parent and only 40% of those who experienced unwanted
exposure to sexual material told a parent.
- Only 17% of youth and approximately 10% of parents could name
a specific authority (such as the FBI CyberTipline, or an Internet
service provider) to which they could make a report, although
more said they had "heard of" such places.
- In households with Internet access, one third of parents said
they had filtering or blocking software on their computer at
the time they were interviewed. (1)
A large portion of the Texas Internet Bureau's case load involves
the investigation of online child predators. In one case recently
investigated by the Internet Bureau, a twenty-five year old
school teacher was arrested by Austin police officers and Internet
Bureau investigators after he solicited sex from a person he
believed to be a minor in a chat room entitled "Younger Girls
for Older Men." A subsequent investigation revealed that the
suspect had previously used the Internet to seduce a fifteen
year old girl, and the suspect was re-arrested on three counts
of sexual assault of a child.
Internet Bureau investigators have been involved in other
cases as well. For example, last March, an investigator from
the Internet Bureau assisted local police in investigating a
potential school shooting case in Brownfield, Texas. The Internet
Bureau became involved after Brownfield police received a report
that a student was hacking into the local high school's computers.
When the Internet Bureau and local police searched the student's
home, they discovered a written a narrative detailing a plan
to shoot up the school and murder several students, a master
key to the high school, and schematic plans of the high school.
Investigators also learned that the student was, in fact, hacking
into one of the school's computers. The investigation led to
the prosecution of the juvenile who is now serving time in a
juvenile facility in Texas.
These cases demonstrate that computer crimes have serious
consequences - the rape of a child, and a potential school massacre.
If we are to stem the flood of cyber crime, state and local
authorities must increase their enforcement efforts. Attorney
General Cornyn's Texas Internet Bureau is a step in the right
direction, but it is only a first step.
I believe that any efforts aimed at helping state and local
law enforcement authorities combat cyber crime should be focused
on three primary areas of concern: (1) jurisdictional issues,
(2) cooperative initiatives, and (3) resources.
Traditionally, state and local law enforcement agencies have
been keenly aware of the jurisdictional boundaries in which
they operate. City police officers patrol the city, county sheriff's
deputies patrol the county outside of the city, and state police
officers patrol the Interstate highway system. This enforcement
model is very effective in handling local crimes -- crimes where
the suspect, the victim, and the crime scene are located within
one jurisdiction. The Internet, however, is an environment without
boundaries; an environment which enables criminals to victimize
local populations from anywhere in the world. Consider an example:
a fraudulent scheme targeting Texas residents is perpetrated
from a website. The website is hosted on a computer in Ohio,
and investigators are not sure where the perpetrator is located.
In order to locate the fraudster, Texas prosecutors would likely
issue subpoenas to the service provider in Ohio, but currently,
there is no formal mechanism for service and compliance with
this subpoena and the Ohio provider could choose to ignore the
subpoena altogether. Texas prosecutors might succeed in convincing
the service provider to comply by obtaining help from authorities
in Ohio, but this would be a matter of professional courtesy
and not legal process. In addition, because service providers
often only temporarily maintain records of Internet activity,
the delay caused by having to contact out of state authorities
and obtain assistance may result in the deletion of the records
This example illustrates the kind of jurisdictional hurdles
often faced by state and local authorities investigating crime
on the Internet. State and local authorities need laws that
provide authority for out of state service of process and enforceability
of that process.
Cooperation and Coordination
I am convinced that the problem of computer crime cannot be
addressed by any one level of government acting on its own.
It is simply not enough to react to this problem -- law enforcement
must learn to interact if we are to triumph over network crime.
The vast scope of the Internet and its increasing pervasiveness
demands that governments develop partnerships and joint initiatives.
Recently, the National Association of Attorneys General ("NAAG")
and the Department of Justice's Computer Crime and Intellectual
Property Section ("CCIPS") worked together to create a "Computer
Crime Point of Contact List" that contains the name of an investigator
and prosecutor from each state. These individuals have agreed
to provide their telephone numbers and to serve as the contact
point when investigators from out of state have questions during
the course of a cyber crime investigation or prosecution.
A copy of this list is available on NAAG's website at www.naag.org.
In Texas, our office has been involved in another joint initiative
-- the creation of the North Texas Regional Computer Forensics
Lab. The North Texas Regional Computer Forensics Lab is a multi-agency
facility that serves the computer forensics needs of all law
enforcement agencies in a 137 county region surrounding the
Dallas metroplex area. The cases investigated and prosecuted
by the Texas Internet Bureau often turn on evidence contained
within computers, evidence that must be examined and analyzed
by experts such as those at the North Texas Regional Computer
Forensics Lab. Prior to the creation of the lab, however, there
was an eight to twelve month back log of seized computers that
needed to be examined. This meant that if an investigator developed
probable cause to search a child pornographer's computer for
evidence of child pornography, the investigation would be put
on hold for almost a year while the computers were analyzed
and evidence extracted. Since the creation of the North Texas
Regional Computer Forensics Lab, that delay has been reduced
to less than a month. Attorney General Cornyn is very proud
that the Texas Internet Bureau has joined with the FBI and nine
local police departments in creating this Lab as the resource
it provides will greatly enhance Texas efforts to bring cyber
criminals to justice.
Because we believe joint law enforcement efforts can have
a truly awesome impact, our office is aggressively pursuing
collaborations with all levels of law enforcement. For instance,
the Texas Internet Bureau is working closely with the Dallas
Police Department and the Dallas County Sheriff's office in
the Internet Crimes Against Children Task Force. Frequently,
investigators from our office conduct joint investigations with
the Austin Police Department's High Tech Squad or with the Texas
Department of Public Safety's Special Crimes Division.
We are also working with federal agencies. In fact, we were
able to attract a top cyber crime prosecutor, Reid Wittliff,
from the Dallas US Attorney's office to head the Internet Bureau.
Another one of our prosecutors has been selected for a fellowship
sponsored by NAAG with funds received from the Bureau of Justice
Assistance at the Computer Crime and Intellectual Property Section
here in Washington. In prior years, representatives from three
attorneys Generals' offices have gained valuable experience
during the fellowship. If this years fellowship is funded, we
see two benefits coming from it: first, our attorney will gain
expertise and training in the area of computer crime and bring
that experience to the Texas Internet Bureau, and second, our
office will build a closer relationship with the Department
of Justice. Following the success of the CCIPS fellowship, the
Texas Internet Bureau has plans to start a similar internship
program this Fall. We plan on creating two internship positions
for local police officers who will come work at the Internet
Bureau and gain experience and hands on training, and then take
that experience back to their local departments after the internship.
Joint partnerships of federal, state, and local law enforcement
agencies such as the North Texas Regional Computer Forensics
Lab are the solution to the problem of cyber crime -- but these
initiatives will not get off the ground without resources. Cyber
crime fighting is an expensive endeavor. Technical equipment
is expensive, and technology is rapidly changing. The cyber
crook is likely to have up to date technology and law enforcement
needs to keep pace with him. Funding for personnel is critical.
Training an officer is costly. According to the Director of
the North Texas Regional Computer Forensics Lab, it costs almost
$35,000 to train one of their computer forensics examiners.
And once officers are trained, retention becomes a problem as
technically trained law enforcement officers are few and far
between and often have offers to work at high-paying private
sector jobs. The computer crime point of contact list mentioned
earlier can be a tremendous resource, but only if the state
contacts on the list have the resources and support needed to
handle computer crime referrals. Simply put, the states need
funding for personnel, training, and not just a one-time allotment,
but on a recurring basis. Although Congress authorized money
for computer crime investigations and forensics programs last
year, the provisions went unfunded. The states desperately need
this appropriation. Without it, cash strapped agencies will
not be able to effectively investigate the computer crimes reported
In sum, we believe an effective cyber crime strategy should
include: new legislation aimed at breaking down jurisdictional
barriers to cyber crime investigations; programs designed to
foster multi-agency approaches to computer crime investigations
and prosecutions; and finally, an increase in resources to law
enforcement for use in cyber crime investigations and prosecutions.
We are very pleased to see that Congress is concerned about
this pressing criminal justice problem and we look forward to
working with the Subcommittee in finding solutions to the growing
computer crime problem.
1. David Finklehor, Kimberly J. Mitchell,
& Janis Wolak, Online Victimization: A Report on the Nation's
Youth (The National Center For Missing and Exploited Children
2000) (June 2000).