banner
toolbar
August 20, 1999
By CARL S. KAPLAN Bio

Report Questions Government Efforts Against Computer Crime

 Federal authorities generate plenty of headlines when they catch computer criminals. Just look at the high-profile case of Kevin Mitnick, who was sentenced earlier this month in a federal court in Los Angeles to 46 months in prison. Mitnick pleaded guilty to computer fraud for breaking into dozens of computers around the United States.

But a researcher who has spent time analyzing official computer crime statistics from the Department of Justice believes the Mitnick prosecution and others like it are the exceptions rather than the rule. He questions whether law enforcement officials and prosecutors are capable of vigorously pursuing high-tech crime.
Why so few referrals and even fewer prosecutions?

"We are hearing a lot of discussion from this administration about the problem of computer crime," said David Banisar, a Washington-based lawyer who specializes in computer law and recently wrote an article on prosecutions of high-tech crime for Criminal Justice Weekly, a legal newsletter. "But that high level of concern does not mesh well with the actual number of investigations and prosecutions," he said in a recent interview.

As part of a project on computer crime, Banisar has been studying Justice Department data obtained under the Freedom of Information Act by the Transactional Records Access Clearinghouse, a nonprofit group at Syracuse University that monitors government activity.

Banisar sliced the data to focus on one category of crime, computer fraud, which would include alleged offenses under the Computer Fraud and Abuse Act (18 U.S.C. §1030), the most important federal law covering computer crimes. He tracked the number of times a federal agency like the FBI had formally referred, or recommended, a computer fraud case to federal lawyers for prosecution following an investigation. He also looked at the number of actual federal computer fraud prosecutions that resulted from the referrals.

What he found was that the referrals were relatively few, though increasing on a year-to-year basis, and prosecutions were rare.

In 1998, for example, federal agencies referred 417 cases of computer fraud for federal prosecution, Banisar said. Of that total, lawyers for the government chose to prosecute only 83, or 20 percent -- a "rather low ratio" between referrals and prosecutions, he said. In the same year, 47 persons were convicted of federal computer crimes, and 10 were found not guilty.

By contrast, federal investigative agencies referred a total of 132,772 cases in all criminal categories for prosecution in 1998, and federal lawyers filed 82,000 prosecutions -- representing a ratio of referrals to prosecutions of well over 50 percent. In the category of consumer fraud, said Banisar, there were 627 referrals and 319 prosecutions in 1998.

Banisar found that the rate of referrals for federal computer fraud has been rising for the past few years. Three years ago, for example, there were 197 referrals for computer fraud prosecution, he said. In 1997, the number jumped to 292.

But the number of prosecutions have increased at a slower rate: from 56 in 1996 to 66 the following year. For the seven-year period of 1992 to 1998, Banisar reckons that the Justice Department declined to prosecute referred computer fraud cases between 64 percent and 78 percent of the time.

Why so few referrals and even fewer prosecutions? Banisar offered a few theories. First, he suggested that the threat of federal computer fraud is over-hyped by the law enforcement agencies.

More significantly, it can be very difficult to detect and investigate a computer fraud crime, he said. Many intrusions go unnoticed by victims because intruders can cover their tracks by erasing various logs on the targeted computer system.

Even when a complaint is lodged with law enforcement, it can be difficult to trace the crime back to a specific, identifiable criminal. "A person might hack into one system and then hack into another system," said Banisar, who also works as a senior fellow for the Electronic Privacy Information Center in Washington. The chain of intervening computers leading to the targeted machine "can run through Sweden, Norway, anywhere in the world," he said.


cyberlaw

Internet links of interest to Cyber Law Journal readers

Harder to explain is the low ratio between referrals and prosecutions. Banisar suggested that in some cases federal lawyers might decline to prosecute because the injury to the victims amounted to mere annoyance or minimal monetary damages (the federal statute requires $5,000 in damages). He also pointed out that, according to the data, many of the cases were declined because of weak or insufficient admissible evidence, the cases were taken over by other law enforcement authorities, or there was a lack of proof of criminal intent.

Prosecutors and former prosecutors said the true picture of federal computer crime enforcement is more complicated than the numbers make out.

Andrew Grosso, a lawyer in Washington who specializes in computer law and who was an assistant United States attorney for 10 years in Boston and Tampa, agreed that prosecutors might decline to prosecute computer fraud referrals partly because in many cases the damages caused by intruders are minimal. "I think it's a question of exercising prosecutorial discretion to determine where your resources are best put to good use," he said.

"If significant hacker cases like Mitnick's are prosecuted, then all is as it should be," Grosso added. "The purpose of law enforcement is not to prosecute 100 percent of the crimes out there. These kinds of cases are often brought for purposes of deterrence."

The statistics on computer crime "can be misleading," said David Green, deputy chief of the Computer Crime and Intellectual Property section of the Department of Justice, a unit that prosecutes computer crime and assists federal prosecutors across the country.

Many cases referred to federal attorneys as possible computer crime cases are eventually prosecuted under different laws, like wire fraud or child pornography, and thus would not show up as a "computer fraud" prosecution, he said. He added that some referrals were also turned over to state authorities for prosecution.

Green acknowledged, however, that computer fraud cases were hard to investigate and prosecute. He said companies are sometimes reluctant to report computer crime owing to embarrassment or fear of adverse publicity, though "that's beginning to change," he said. Also, successful investigations and prosecutions can depend on what amount of evidence is left on the computers involved and for how long.

Even when a suspect is identified, jurisdiction can be problematic. "There is no U.S. Attorney for Cyberspace," Green said. "A U.S. Attorney for a particular district has to bring the case."

"These cases are really challenging, but I think we are making tremendous progress," he said.

Jennifer S. Granick, a criminal defense lawyer in San Francisco who has represented people charged with computer crimes, said that she believed the low ratio between computer fraud referrals and prosecutions was "heartening."

"It shows a proper exercise of discretion on the part of federal prosecutors as to what kind of action is really worth making into a federal case,'" she said, suggesting that many cases involving computer break-ins were small potatoes in terms of damages.

"The downside is that many people have been the subject of investigations when maybe the investigations were possibly not appropriate," she said.

CYBER LAW JOURNAL is published weekly, on Fridays. Click here for a list of links to other columns in the series.

Related Sites
These sites are not part of The New York Times on the Web, and The Times has no control over their content or availability.

Carl S. Kaplan at kaplanc@nytimes.com welcomes your comments and suggestions.


Home | Site Index | Site Search | Forums | Archives | Marketplace

Quick News | Page One Plus | International | National/N.Y. | Business | Technology | Science | Sports | Weather | Editorial | Op-Ed | Arts | Automobiles | Books | Diversions | Job Market | Real Estate | Travel

Help/Feedback | Classifieds | Services | New York Today

Copyright 1999 The New York Times Company