Computer Crime
Computer Crime
Computer Crime
A JOINT REPORT
JUNE 2000
COMPUTER CRIME
A JOINT REPORT
M. KAREN THOMPSON
W. CARY EDWARDS
AUDRIANN KERNAN
COMMISSIONERS
JUNE 2000
INTRODUCTION 1
CHILDREN IN JEOPARDY 4
THE PROBLEM 4
THE MAKING OF PREDATORS: CYBERSPACE HELPS
PEDOPHILES ACT OUT THEIR PERVERSION 9
NO EASY SOLUTIONS 11
PARENTAL SUPERVISION 11
BLOCKING, FILTERING AND MONITORING SOFTWARE
AND CHILD-FRIENDLY BROWSERS 14
CHILD-FRIENDLY WEB SITES 16
SCHOOL AND LIBRARY POLICIES 17
CONTROL ORGANIZATIONS AND PROGRAMS 20
UNESCO 20
White House 21
Federal Bureau of Investigation and
Office of the U.S. Attorney for the
District of New Jersey 22
United States Customs Service 23
Federal Trade Commission 24
National Center for Missing and
Exploited Children 24
Office of Juvenile Justice and
Delinquency Prevention 25
Cyber Angels and Other Help
Organizations 26
End Child Prostitution and Trafficking
(ECPAT) and the World Tourism
Organization (WTO) 28
Internet Service Providers 28
New Jersey State Police 29
LAWS AND LEGAL ACTIONS 29
i
SOUTHERN POVERTY LAW CENTER 45
NEW JERSEY COMMISSION ON HOLOCAUST EDUCATION 46
SIMON WIESENTHAL CENTER 46
HATEWATCH 47
OTHER ANTI-EXTREMIST ORGANIZATIONS 47
HACKING 48
THE PROBLEM 48
PASSWORD TIPS 58
WHEN CREATING A PASSWORD: 58
ONCE YOU HAVE A PASSWORD: 58
ENCRYPTION 59
CONTROL PROGRAMS AND METHODS 61
INTERNET FRAUD 69
COMMON SCAMS SPREAD FAR AND FAST ONLINE 69
COMMON FRAUDULENT SCHEMES 72
CONTROL ORGANIZATIONS AND PROGRAMS 76
FEDERAL TRADE COMMISSION (FTC) 77
INTERNET FRAUD COMPLAINT CENTER 78
INTERNET FRAUD COUNCIL 79
INTERNET FRAUD WATCH 80
BBBONLINE 80
SECURITIES AND EXCHANGE COMMISSION (SEC) 82
NORTH AMERICAN SECURITIES
ADMINISTRATORS ASSOCIATION 83
NATIONAL ASSOCIATION OF SECURITIES
DEALERS (NASD) 83
FEDERAL DEPOSIT INSURANCE
CORPORATION (FDIC) 84
MAIL ABUSE PREVENTION SYSTEM 84
NEW JERSEY DIVISION OF CONSUMER AFFAIRS 84
IDENTITY THEFT 88
AN ESPECIALLY EGREGIOUS FRAUD 88
DEMONSTRATION OF ONLINE PITFALLS 94
HOW TO AVOID BECOMING A VICTIM 96
ACTIONS VICTIMS MAY TAKE 98
RECENT LAWS AND CONTROL PROGRAMS 99
NEW JERSEY LAW STRENGTHENED 100
FEDERAL LAW STRENGTHENED –
ENHANCED ROLE FOR FTC 100
OTHER CRIME-FIGHTING FEDERAL AGENCIES 100
KEEPING PERSONAL INFORMATION PRIVATE
AND ACCURATE 101
PRIVATE HELP AND PREVENTION RESOURCES 105
ii
INTERNET GAMBLING 107
OFFSHORE FIRMS SERVE A GROWING DEMAND 107
JUSTIFICATION FOR PROHIBITION 109
EFFECTIVENESS OF PROHIBITION 110
JUSTIFICATION FOR REGULATION 115
EFFECTIVENESS OF REGULATION 118
COMPULSIVE CYBER-GAMBLING 119
RECOMMENDATIONS 136
STRENGTHEN NEW JERSEY’S COMPUTER AND
TECHNOLOGY CRIME LAWS 136
INCREASE, TRAIN AND COORDINATE LAW
ENFORCEMENT RESOURCES 140
INCREASE PREVENTION AND EDUCATION 142
ACCESS TO ELECTRONIC RECORDS OF INTERNET USE 143
ONLINE PRIVACY 144
RESTRAINING ONLINE SALES 145
ESTABLISH AND PUBLICIZE HOTLINES AND
COMPLAINT PROCESSES 145
MAINTAIN PROHIBITION ON INTERNET GAMBLING 146
iii
COMPUTER CRIME
INTRODUCTION
In an unprecedented joint project, the State Commission of
Investigation (hereinafter “Commission” or “SCI”) and then-Attorney
General Peter G. Verniero held three days of public hearings on
computer crime on February 23, 24 and 25, 1999. The hearings, with
more than 30 expert witnesses, capped extensive inquiries by the
Commission and the Attorney General’s Office, headed since June 1999
by Attorney General John J. Farmer, Jr. They underscored the need for
law enforcement at all levels to coordinate efforts to control the
“dark side” of the computer revolution. This includes prosecuting
high-tech conduct offending criminal laws, pursuing civil remedies for
online wrongdoing, and helping adults and children to protect
themselves in cyberspace.
The Web prompted extraordinary growth in both the size and the
use of the Internet. Once limited to military and educational
undertakings, the Web has expanded to become an integral and even
essential part of vast numbers of businesses and households. It
consists of millions of electronic “storefronts,” or repositories,
called Web sites. Businesses, organizations, government agencies and
individuals set up Web sites, which may be a combination of text,
graphics, still pictures, videos and sounds. Each Web site has an
Internet address called a uniform resource locator (URL).
2
and other illegal products, Consumer Fraud Act violations and
discriminatory practices. The Internet Working Group also advises the
Attorney General on matters concerning Internet legislation and
policy. Training is another important focus of the Internet Working
Group. Through the Department’s divisions, the Internet Working Group
ensures that law enforcement agencies throughout the State are advised
of emerging high technology crimes and trained in methods to
investigate and prosecute these crimes.
3
Their inclusion does not constitute endorsement. References to
testimony in the report pertain to witnesses testifying at the
February 1999 public hearing.
CHILDREN IN JEOPARDY
THE PROBLEM
It has been estimated that 11—15 million children in the United
States are currently online. Industry experts estimate that the number
will rise to 45 million by the year 2002. Through Urban League
community centers, free public libraries, Newark’s Millennium Project
and like programs, poor children will achieve online experience
comparable to those whose families can afford computers at home. More
and more “latchkey kids” in empty houses or participants in after
school programs will shun passive television and gravitate toward the
Internet, where they can interact with other children and adults.
IRC channels are similar to the chat rooms offered by ISPs, such
as America Online, but they are not proprietary and thus not subject
to any policing mechanisms ISPs often have in place. IRC channels are
accessible to anyone with an Internet connection and the necessary
free software (“shareware”). The users of these channels can
communicate in “real-time”; that is, they are able to type messages
that are seen by others instantly. They may convey their messages to
all of the other users on the channel, or they may communicate
privately one-to-one. They also may send and receive contraband files,
such as videos or photographs.
4
One significant difference between IRC channels and ISP chat
rooms is that subscribers to the latter have unique and traceable
screen names assigned to them. IRC channel users can assume any screen
name they want and change it at any time. This makes identifying and
tracking IRC users more difficult, but not impossible.
5
Child sexual abusers are rapidly turning the Internet and
commercial online services into red-light districts, where they can
distribute vast quantities of pornography — often depicting bondage
and other forms of violence, including murder — and organize with
like-minded individuals. The Internet gives child molesters and
pornographers unprecedented opportunities to target and recruit new
victims. It allows sexual predators to stalk juvenile victims
anonymously from the comfort of their homes.
6
pretending to be pornography dealers. Such traffickers insist that
their contacts forward child pornography before replying with their
own material. Since authorities will not release illicit images into
cyberspace, sophisticated traffickers can fend off undercover sting
operations.
7
member had to have at least 10,000 pornographic images of children on
his or her computer.
Mr. Megary related a recent case involving two offenders who were
arrested after molesting a 12-year-old boy:
8
Township police departments. The officials responded to a parent’s
complaint that an adult had propositioned her minor son online.
Not all persons with pedophilia are child molesters, but the ones
who are almost always collect child pornography. Many pedophiles are
law-abiding citizens who have a sexual attraction towards children but
control their desires and lead normal lives. Others act on their
impulses, with devastating consequences for the children they
encounter.
9
— United Mothers (SOC-UM) documented 17,000 Web sites on the Internet
devoted to child pornography and pedophilia. By May 14, 1999, the
number had jumped to 21,317, an increase of more than 4,300 sites —
more than 25 percent in less than four months. The Pedophile
Liberation Front (PLF) encourages the creation of Web sites devoted to
sex between adults and children, and it wants children to have access
to them. The National Center for Missing and Exploited Children
estimates that there are about 10,000 Web sites maintained by computer
pedophiles.
However many such sites exist, they are like drops in the huge
ocean that is the World Wide Web. In a July 1999 report, computer
scientists at the NEC Research Institute in Princeton calculated that
there were some 800 million pages on the Web as of February 1999, more
than double the 320 million pages they reported in December 1997.
10
providing false identification numbers. Online, they trade information
about encrypted programs and other ways to escape detection.
NO EASY SOLUTIONS
There are no simple solutions to resolve the twin problems of
child pornography and molestation facilitated by computers. Rather,
law enforcement agencies at all levels, school and library systems,
private help organizations, software and Internet businesses, and
concerned parents must join forces to decrease the risks to children.
Legal solutions should be implemented, provided they do not curtail
the immense capability of the Internet to communicate and inform for
legitimate purposes.
PARENTAL SUPERVISION
11
Parents should encourage their children to report suggestive,
obscene, or threatening e-mail or bulletin board messages. If a
student uses a Web site to threaten violence toward his classmates,
they may report it confidentially to the Executive Director of Cyber
Angels, Parry Aftab, by clicking on KIDReportline at
www.cyberangels.org.
12
Unfortunately, we find that a lot of parents are computer phobic.
They’re still … thinking, “If I touch it, I’m going to blow up
something.” That’s not true. I think it’s better for the child to
teach the parent on a lot of these issues so the parent can get
involved, and just put some fundamental rules and regulations on
the child so they understand what their problems are.
Ms. Aftab has drafted a contract for parents and children to sign
and then post beside the family computer. It delineates a child’s
rights online, and may displace so-called “mommy hacking” — parents
reading their children’s e-mail and spying on their surfing activity —
in households that have developed trust between parents and children.
The contract is available at the Cyber Angels Web site. Children
agree, among other things, to keep personal identifying information
secret, to tell their parents about any pictures someone sends to
them, to neither buy nor order anything without parental permission,
and to seek parents’ approval before calling or meeting anyone
encountered online.
13
and rewarding online experiences. Guides for online privacy are
available from the Center for Media Education at www.cme.org.
14
and find out how much time they spend on the computer offline —
playing games and the like. Some programs even permit parents to
control what times of day their children can use the computer. This is
particularly helpful when both parents are working outside the home,
or when a working single parent is trying to control a latchkey kid’s
activities.
15
The Disney/Infoseek GO Network™ (www.go.com) offers the regular
staples of a Web portal: search engine, free e-mail, yellow
pages, maps and news. It also has GOguardian™, a way to filter
out "adult" content, such as pornography, in Web searches.
Yahooligans: www.yahooligans.com.
Mamamedia: www.mamamedia.com.
16
Kid’s Wave: www.safesurf.com/kidswave.htm. This site features a
partial list, organized by age-appropriateness, of Web sites that have
received the SafeSurf™ seal of approval.
17
The New Jersey Department of Education (DOE) has been providing
information to school districts to help them protect students from
dangers posed by inappropriate use of interactive technology systems
such as the Internet. The state’s High Technology Crimes and
Interactive Computer Services Protection Act, effective May 1, 1999,
requires the DOE to recommend guidelines and curriculum materials to
local school districts on the ethical use of computers and the
potential dangers to juveniles posed by those who use interactive
computer services for illegal purposes. The law mandates that school
districts include such information in their computer instruction, as
well as safe computing guidelines made available by the Department of
Law and Public Safety. DOE’s Web site to accomplish these tasks is
www.state.nj.us/njded/techno/htcrime/index.html.
DOE’s Web site links to the text of the new law, sources of
filtering software and examples of AUPs developed by various school
districts. It contains current information on the debate between those
who would rely primarily on filtering programs and those who would
make students responsible for appropriate use of interactive
technology through clear AUPs. DOE has not adopted or imposed a model
acceptable use policy on local districts. An effective information
access policy (IAP) would probably involve some filtering, at least in
the lower grades; some instruction about dangers and ethics; and some
way to use unfiltered stations safely. Teachers need proper
professional development in this area. Schools need monitoring
software to track sites that students access and to check e-mail
generated by or coming into school computers.
18
Internet — Policy and Perils.” The Association’s Web site,
www.njsba.org, provides some links to Internet safety information.
Parry Aftab reported that Cyber Angels has worked with the
Baltimore County School System in Maryland to set up Parents Internet
Education, the largest program of its kind in the country. Her book, A
Parents’ Guide to the Internet, also is provided to schools on a
courtesy basis. In addition, a security company in Seattle produced a
video that dramatically illustrates dangers children may encounter on
the Internet. The video is distributed free to schools. Meanwhile,
volunteers on the Cyber Angels Sites Team rate Internet sites on their
suitability for children.
19
Nancy Willard is an Oregon-based educator, lawyer and information
technology consultant. She wrote A Legal and Educational Analysis of
K-12 Internet Acceptable Use Policies,
www.erehwon.com/k12aup/legal_analysis.html.
UNESCO
20
plans for online safety and activity to counter child pornography and
pedophilia over the Internet. The committee arose out of a January
1999 U.N.-sponsored conference in Paris on child exploitation and the
Internet. Parry Aftab is the only American on the committee, which
will implement an initiative: World Citizens Movement to Protect
Innocence in Danger. Ms. Aftab is presiding over and forming the U.S.
National Action Committee, which will serve as a model for the
national action committees of Internet-developed nations.
WHITE HOUSE
In June 1998, the White House held a Summit on Online Content for
Children. At an earlier, three-day Internet Online Summit for Kids in
December 1997, a "zero tolerance" policy on Internet child pornography
was announced. It called for increased cooperation between leading
Internet service providers (ISPs) and law enforcement. Most
participants indicated they would prefer to rely largely on market
solutions, such as software that filters out risqué material and
systems allowing Web sites to rate themselves.
21
The initiative included the National Center for Missing and
Exploited Children’s CyberTip Line. It also created a national public-
awareness campaign called "Think Then Link" to educate parents about
the benefits and dangers of the Internet. In addition, it included a
free Education Department manual, Parent's Guide to the Internet,
written to help parents find educational sites online. The entire book
is available on the DOE’s Web site at
www.ed.gov/pubs/parents/internet.html. Lastly, key ISPs agreed to
remove child pornography from their own bulletin boards and services.
The FBI has required that all of its online child pornography and
child sexual exploitation investigations be coordinated by Innocent
Images’ central operation at the Maryland Metropolitan Office,
Baltimore Division. This may serve as an example for a much-needed
national clearinghouse of online child exploitation investigations by
all interested agencies and organizations.
22
knowledge as a vital investigative technique to outwit computer-savvy
child predators.
23
FEDERAL TRADE COMMISSION
24
NCMEC offers two free brochures: Child Safety on the Information
Highway and Teen Safety on the Information Highway. They may be
obtained by writing to NCMEC at 2101 Wilson Blvd., Dept. P, Suite 550,
Arlington, VA 22201-3077.
25
enforcement training programs and sponsored a national teleconference.
The teleconference provided information regarding prevention,
investigation, applicable federal law and available resources to more
than 30,000 viewers in over 400 down link sites. The training courses,
Protecting Children Online and Protecting Children Online Unit
Commander, were developed for law enforcement investigators and
managers. In 1998, more than 400 law enforcement executives and
investigators participated in the two courses.
26
reporting online trouble, a directory of online safety tools, and a
list of sites suitable for children to visit.
27
END CHILD PROSTITUTION AND TRAFFICKING (ECPAT) AND THE WORLD
TOURISM ORGANIZATION (WTO)
28
site from AOL that includes an Internet Driver’s Ed quiz, tips from
teen actors and other celebrities, and useful links.
29
Federal laws dealing with sex crimes against children are tougher
than state laws, and federal authorities can pursue a case across
state lines more easily than state officials can. Moreover, federal
law puts the age of consent for sexual activity at 18, whereas New
Jersey’s age of consent is 16.
Under the Child Protection Act of 1984, the U.S. Customs Service
received the authority to investigate any cases involving the receipt,
transmission, manufacture or possession of child pornography shipped
in foreign commerce. In 1988, Congress passed a law outlawing the use
of a computer to transmit, manufacture or possess child pornography
shipped in foreign commerce.
In June 1997, the U.S. Supreme Court struck down portions of the
federal Communications Decency Act of 1996 on First Amendment grounds,
Reno v. American Civil Liberties Union, 117 S.Ct. 2329 (1997). The law
applied to non-commercial as well as commercial Web sites. The court
struck down Congress’ effort to protect children from sexually
explicit, but not legally obscene, material. However, on April 19,
1999, the Supreme Court, on direct appeal from a three-judge trial
court, unanimously affirmed the law’s ban on obscene e-mail. Such
material must be more than merely indecent. The free-speech protection
is lost only if the material appeals to prurient interests and depicts
sexual conduct in a patently offensive way. The determination is left
to a jury applying contemporary community standards.
The federal Child Online Protection Act (COPA) was signed into
law on October 21, 1998. It requires commercial Web sites to collect
credit card numbers or other access codes as proof of age before
allowing Internet users to view material deemed "harmful" to children
under 17. Violators are subject to up to six months in jail and a fine
of up to $50,000 per day. In November 1998, the federal District Court
for the Eastern District of Pennsylvania temporarily restrained the
government from enforcing the law. American Civil Liberties Union v.
Reno, No. 98-CV-5591 (E.D. Pa.). The court issued a preliminary
injunction on February 1, 1999, shielding Web site operators from
prosecution.
30
• Increases penalties for a variety of sex crimes, including
doubling the maximum prison term from five to 10 years for
enticing a minor to travel across state lines to engage in
illegal sexual activity and imposing a 15-year maximum term
for persuading a minor to engage in prostitution or a sexual
act.
• Authorizes pretrial detention of federal sex offenders.
• Prohibits unsupervised access to the Internet by federal
inmates and encourages state officials to impose a similar ban
on state inmates.
• Provides for a prison term of up to five years for using the
Internet to transmit the name, address, telephone number or
other information about a minor for the purpose of encouraging
or soliciting criminal sexual activity.
31
BIAS AND HATE
THE PROBLEM
All of society degenerates when individuals or groups infringe
the rights of others through prejudice against race, religion, gender,
ethnicity, sexual orientation, disability or occupation. Cyberspace
permits hate mongers, bigots, racists waging what they call “RAHOWA”
(RAcial HOly WAr), extremists, Holocaust deniers, militias, "common
law courts," anti-government radicals, anti-Semites and immigrant
bashers to reach vast new audiences of potential adherents. Hate
groups taking advantage of the new technology include the Ku Klux
Klan, neo-Nazis, skinheads, Christian Identity, black separatists and
a host of others.
The SPLC report added that several of the largest hate groups
have increased in size as they absorbed members of smaller groups.
Thus, the reduction in the number of small groups has been offset by
the increase in membership in large groups.
32
rock concerts, their locations rarely announced far in advance, are
promoted, in part, by e-mail limited to sympathizers and potential
sympathizers.
33
disaffected loners and youths lacking in self-esteem succumb to such
messages and act out in destructive and violent ways. Cyberspace has
permitted propaganda hostile to victim groups to proliferate. This
vastly increases the opportunities for incitement to destructive
action.
The Internet is the first mass medium that operates without any
significant moral, political or economic governor. With cyberspace now
readily available to ordinary people, the cost of reaching a mass
audience is insignificant. As a result, hate Web sites do not
experience the regulatory effect of a market where unappealing
products cannot bear the cost of continuing in business.
Five years ago, if a racist group wanted to get its message out,
its members had to struggle financially, find a sympathetic printer,
and work long hours compiling and editing, just to produce a pamphlet
that might reach a few hundred people. Then, in March 1995, a former
Klan leader created Stormfront, the first white supremacist site on
the Web. Since that time, accessing the Internet and creating Web
pages has become significantly cheaper and less technologically
demanding. Today, a lone racist can quickly pull down copy from other
sites, package it using high-quality photographs and graphics that are
already available on the Internet, and create a Web page that is
accessible worldwide. Often no financing at all is required.
34
extremist sites with broader criteria — including anti-Catholic,
homophobic, abortion provider harassment, etc. — has counted more than
1,000. This does not include a multitude of other extremist
communiqués appearing in youth-oriented chat groups.
Many of the new Web sites and chat groups are aimed directly at
children or teenagers, including upper-middle-class youth in the
suburbs. In particular, the hate groups target high school outcasts
because such students may be loners seeking an identity. Indeed, white
supremacist Benjamin Smith, who in July 1999 killed an African-
American and a Korean-American and wounded nine other Jews, Asians and
blacks before killing himself, grew up in affluent Chicago suburbs.
Smith had been a member of the East Peoria-based World Church of the
Creator, which had touted its intolerance message on a Web site with
separate pages luring small children with racist coloring books and
targeting teenagers and women.
Web sites give hate groups the ability to raise revenue as never
before. Racist musical groups, whose recording sales were formerly
promoted solely to insiders via constricted-circulation magazines, now
reach wide new audiences by using the latest digital compression tools
to offer quick downloading of their audio tracks off the Internet.
This has stimulated the growth of labels, such as Resistance Records,
that produce music appealing to white supremacists and other
extremists.
35
The Internet offers a wealth of information to assist those
inclined to express bigotry through violence. Such material ranges
from instructions on building ammonium nitrate bombs to methods for
converting semi-automatic weapons into full automatics.
36
"Morality cannot be legislated, but behavior can be regulated.
Judicial decrees may not change the heart, but they can restrain the
heartless."
Meanwhile, those who harbor animosity toward the opposite sex use
cyberspace as a tool to harass or intimidate victims more effectively.
The Prejudice Institute (www.prejudiceinstitute.org), a Baltimore-
based, non-profit, non-partisan hate-crime research and education
organization, reported in 1998 that sexual harassment of women on
college campuses by e-mail was four to five times more common than
racial or ethnic harassment.
37
v. Mitchell, 113 S.Ct. 2194 (1993) the United States Supreme Court
unanimously held that the First Amendment of the United States
Constitution does not prohibit a state from providing enhanced
punishment for a crime based on the actor’s discriminatory purpose in
committing the crime. In State v. Apprendi, 159 N.J. 7 (1999) New
Jersey’s Supreme Court validated this state’s hate crime law. The
statute, N.J.S.A. 2C:44-3(e), allows years to be added to a
defendant’s sentence if the judge determines by a preponderance of the
evidence that the criminal acted “with a purpose to intimidate …
because of race, color, gender, handicap, religion, sexual orientation
or ethnicity.” The defendant’s appeal in Apprendi was argued before
the U.S. Supreme Court in March 2000.
38
from appearing on the Web. The court found that a posted disclaimer
discouraging acts of violence was ineffective in the face of specific
posted threats.
39
On February 2, 1999, an anonymous federal civil jury in Portland,
Oregon, awarded $107 million in damages to Planned Parenthood and four
physicians against the American Coalition of Life Activists and
Advocates (ACLAA) of Portland and its officers. The defendants had
distributed wanted posters naming abortion providers and had submitted
a list of the providers, their employees and spouses, judges and pro-
choice advocates to a Georgia-based Web site called “The Nuremberg
Files,” which posted it as a high-tech “hit list.” The list included
home addresses, photographs and license plate numbers of the
providers, and, in at least one case, the names of their children and
the schools they attended. The site’s operators drew lines through the
names of those killed. Those who were wounded were grayed out.
The ACLAA case was brought under the federal RICO statute, 18
U.S.C. §1961 et seq., and the Freedom of Access to Clinic Entrances
Act of 1994, 18 U.S.C. §248, which makes it a federal crime to use
force or threat of force against anyone seeking or providing an
abortion. The case is on appeal. In charging the jury, the judge said
the Web site should be deemed threatening if it could be taken as such
by a "reasonable person." Some experts believe this might not meet the
Supreme Court’s incitement test because it may lack imminent risk of
harm. The Supreme Court eventually will be called upon to refine this
standard in the context of a medium capable of mobilizing a host of
zealots with a single keystroke.
Hate groups and their leaders have been found liable in civil
lawsuits for the violent actions of members or those they purposely
40
orchestrated or negligently encouraged. The Southern Poverty Law
Center has taken the lead in bringing such lawsuits.
41
from liability.) Still, many ISPs have developed a range of policies,
delineated in terms of service agreements, that define what is and is
not appropriate. Although they maintain they cannot possibly monitor
all members, in some cases numbering in the millions, these ISPs do
respond to complaints from both members and outsiders, including anti-
hate groups such as the Anti-Defamation League. By strictly enforcing
carefully drawn terms of service agreements, ISPs could stop hate from
spreading without the government having to violate free speech rights.
42
resource for hate crime information and gives national leadership on
hate crime policy and initiatives. Through the New Jersey Bias Crime
Training Program, the Office trains law enforcement officers in the
investigation of bias crime. It also offers a wide array of other
programs in hate crime awareness and prejudice reduction including the
Prejudice Reduction Education Program (PREP), a curriculum that
teaches students about hate crime prevention.
43
and Citizen’s Rights at (609) 292-2918.
ANTI-DEFAMATION LEAGUE
44
context of media literacy lessons, they will be able to deal with
the material whenever and wherever they come in contact with it.
One of the first such programs in the United States, the Center
analyzes trends and legal and criminological aspects of expressions of
hate, extremism and terrorism. It provides legislative testimony,
amicus curiae briefs and law enforcement training. It is non-partisan
and has an Advisory Board. It has developed a Model Hate Crime
Statute.
45
NEW JERSEY COMMISSION ON HOLOCAUST EDUCATION
46
transmit whatever messages come into their systems. Some ISPs have
catered to extremists.
HATEWATCH
47
The Center for Democratic Renewal was founded in 1979 as the
National Anti-Klan Network. Its Web site, hosted by the Institute for
Global Communications (IGC), is www.publiceye.org. IGC also sponsors
“Not In Our Town” (www.igc.org/an/niot), a national movement against
hate crimes.
HACKING
THE PROBLEM
Unauthorized accessing of computer systems — sometimes called
hacking, industrial espionage, intrusion, penetration or cyber-
terrorism — exhausts massive private and public resources.
Furthermore, such conduct threatens public confidence in national
defense, the ability of strategic industries to function and the
integrity of the cyber-marketplace.
48
agencies, financial institutions and colleges reported serious
computer security breaches within the previous year. System
penetration by outsiders, unauthorized access by insiders and theft of
proprietary information all rose from the period covered by the survey
released in 1999. Almost 90 percent of the security professionals who
answered the survey detected a security threat. Only 42 percent of the
companies affected estimated the amount of damage suffered. The total
came to $266 million, more than double that of 1999.
By the end of 1999, the FBI had 800 pending cases involving
computer hacking and intrusion. This compares with 200 cases just two
years earlier.
49
traffic the way a telephone switchboard could be swamped with too many
calls. Although no consumer data was compromised, the disruptions
jarred consumer and investor confidence in e-commerce, causing high-
tech stocks temporarily to register sizeable losses in value on stock
exchanges.
In May 2000, the so-called “Love Bug” virus and its imitators
disrupted the computers of anyone who opened the attachment to an e-
mail titled “ILOVEYOU.” The virus crippled private sector and
government communications worldwide by clogging e-mail servers and
overwriting files. It also attempted to inject another program from a
Web site in the Philippines that would search computers for Internet
access passwords and e-mail those passwords back to an address there.
Damage estimates have run from hundreds of millions of dollars to $10
billion, mostly the result of lost productivity.
50
Fear of unauthorized intrusion should not deter governments,
individuals or businesses from taking advantage of the unlimited
potential afforded by computers. For the most part people think
nothing of flying, although no one guarantees that there will never be
a plane crash. As long as people are satisfied that all that can be
done is being done, they will continue to fly in great numbers.
Similar reasoning should encourage participation in cyberspace, where
a mishap ordinarily would not end any lives.
51
David J. Goldstone, Trial Attorney in the U.S. Justice
Department’s Computer Crime and Intellectual Property Section,
emphasized in his testimony the need to recognize inside
vulnerability:
52
want to avoid disclosure of intrusions to their systems. In a report
issued on October 4, 1999, the U.S. General Accounting Office stated,
“Private entities are reluctant to disclose known problems or
vulnerabilities that might weaken their competitive positions or
diminish customer confidence.”
53
Hacking offers the thrill of joy riding. It is like a game of
high-speed chess where the skillful seek bragging rights in the hacker
community. The hacker mentality, which used to be "look but don’t
touch" and included help from "white hat" good-guy hackers who pointed
out computer systems’ weak points, has expanded to more sinister
realms. It increasingly involves the quest for money or even "cyber-
terrorism," such as crashing a system.
I have seen Web sites with pages and pages of software programs,
and you don’t even need to learn the ABCs of hacking. All you
need to do is download the software program, point it at the
computer that you would like to attack, and let the program do
the work for you. So you don’t have to be a computer genius to be
a very effective hacker.
54
Keystroke recorder programs allegedly were installed on at least
four computers in the school network. Such programs can be used
legitimately to back up data to mitigate the effects of hard drive
crashes or screen freezes. Parents also can use them to monitor their
children’s activities on the Internet. The Randolph High students also
allegedly loaded another program, called a password buster, on several
computers. That software moves progressively through all known words
in the dictionary attempting to match a password and gain admittance
to the network.
55
traffic from one crowded room to another. A sniffer installed on a
router has the potential to acquire thousands of passwords. Although
sniffer tools, which “listen” over the Internet to intercept
communication, criminally violate federal wiretap law, see 18 U.S.C.
§2511, such tools have proliferated.
In August 1999, the only hacker ever to make the FBI’s Ten Most
Wanted List was sentenced to 46 months in prison on federal computer
crime and wire fraud charges that included stealing thousands of
credit card numbers. A virtual cult figure among the hacking elite,
the defendant often did not use high-tech methods to access computer
systems. He sometimes gained access to computers by impersonating
company employees over the telephone in order to obtain codes and
passwords. The defendant is bound by his plea deal to repay the
damages he caused to victim businesses with any profits from any
future television or book deals.
The court ordered that for three years after his release from
prison, the defendant may not touch computer hardware, software,
peripherals or modems, and he may not work in the computer business in
any capacity. The 35-year-old high school dropout was arrested four
times for hacking during the 1980s and previously served a one-year
prison term. Prosecutors alleged that while on probation in 1992, the
defendant began hacking again. He remained a fugitive until captured
in February 1995. Incarcerated since that time, he was released from
custody on January 21, 2000 after receiving credit for time served.
The sentencing court acknowledged that monitoring the defendant, who
once breached the security of government computers and became an
underground legend among some young computer enthusiasts, might prove
impossible for probation officers.
56
down the national electrical grid. Hackers have boasted in U.S. Senate
testimony that they can bring down the national telephone network. In
February 1998, a teenage Israeli hacker, known as "Analyzer," claimed
to have high-level access to as many as 400 unclassified systems.
Mr. Degnan described the need for proper Web site control:
Everybody has a Web server. The State of New Jersey has a Web
site, and everybody else has Web sites; the government is fraught
with them. … Now, some [of] those Web sites [are] not authorized,
and that is one of the easiest ways to break into a computer
57
system, through the Web site. So you need to isolate that and put
that on a stand-alone computer system with one address ….
PASSWORD TIPS
Experts often say that the security of the system is the security
of the weakest password. Some of the blame rests on users who pick bad
passwords such as someone's name, a birth date or a word from a
dictionary. These may be easier to remember, but they also are very
easy to break. The following security tips offer protection for
passwords.
58
with unexpected numbers, symbols or misspellings. Sniffer
programs that intercept passwords are quite common, and
changing your password offers at least some protection.
• Don’t tell anyone your password, no matter who asks for it. If
someone calls you claiming to need your password, refuse to
provide it. Any legitimate technician already will have
authorization to enter your system. If, for any reason, you
must share your password, change it as soon as possible. Some
secrets are too tempting not to use or share.
ENCRYPTION
Encryption is the mathematical encoding of files and data, via
software, in such a way that, even if accessed by an intruder, they
cannot be read or viewed by anyone other than those with the secret
key to decode the message. Original text (known as “plaintext”) is
transformed into unreadable text (known as “ciphertext”). Although
someone may successfully access encrypted data or communications, he
may not use them for improper purposes if encryption renders them
unintelligible and the intruder cannot break the code. Even relatively
sophisticated encryption is readily and inexpensively available to
businesses and individuals. For example, Pretty Good Privacy’s (PGP)
Help Team of volunteers offers freeware encryption software at
www.pgpi.com. The program uses a system of complementary public and
private keys to encrypt and decrypt e-mail and other electronic files.
59
Sudan, North Korea and Cuba. The federal government adopted the new
regulations in early 2000.
60
Meanwhile, as a computer system security device, strong
encryption, by itself, is like putting steel security doors on a grass
hut. Hackers typically do not break into computer systems by cracking
strong encryption defenses. Instead, they use weaknesses in computer
system structure or in application software.
61
nation, the proposal includes a Federal Cyber Service Initiative to
focus on detecting intruders as they attempt to break into critical
systems. The Initiative also would create a Center for Information
Technology Excellence to train federal workers to meet the new
security challenges. In addition, the Initiative would train a special
cadre of students, called a Cyber Corps. In return for college
scholarships, students in the Corps would agree to work for a time in
computer security after graduation.
62
for the development of anti-hacker defenses. Opponents, such as the
Electronic Frontier Foundation (www.eff.org), claim FIDNet’s
contribution to needed hacker defenses will be minimal compared to the
risk of abuse. Some companies argue that information sharing is
unnecessary because, sooner or later, the marketplace will develop
strong anti-hacker defenses. They contend that society should
emphasize plugging holes in computer security rather than establishing
a huge monitoring system.
63
A recent offshoot of the NIPC, InfraGard, involves businesses and
schools around the nation in protecting information systems. Chapters
throughout the country, including one launched in New Jersey in
November 1999, receive funding and administrative support from the
FBI. Membership is free and includes encrypted access to a secure Web
site through which members can exchange experiences and solutions,
anonymously if desired. In return for agreeing to report actual or
attempted disruptions of their computer networks, members receive non-
classified information on investigations that is not available to the
public, early alerts on threats, and training on vulnerabilities from
government and academic experts on security, including some from
Princeton University. The New Jersey chapter was organized by the
FBI’s Newark division and is one of 56 such partnerships around the
country. It started with two dozen companies, including PSE&G, IBM and
TD Waterhouse Securities. The New Jersey Division of State Police
participates in the InfraGard program.
64
software for large corporations. The Big Five accounting firms also
have consulting groups to help clients cope with penetration of their
computer systems. The International Association of Computer
Investigation Specialists in Portland, Oregon (www.cops.org) provides
training to law enforcement officials. InfoWar.Com (www.infowar.com)
sells computer hardware, software and books relating to computer
security. It also provides free news and information regarding high-
tech security issues, including a free newsletter.
65
in place, the company should thoroughly train employees and monitor
the system that is installed. The company should respond instantly to
security threats and involve law enforcement where appropriate.
Despite all the efforts within the public and private sectors to
convince businesses to report unauthorized intrusions, their
reluctance to do so remains a significant problem. A company often
fears, with some justification, that if it informs the government of a
hacker attack, its business reputation and bottom line will suffer as
the security breach or the information itself is leaked or presented
in court. A survey by the U.S. military indicated that 90 percent of
computer offenses are not reported. A survey of businesses in New
Zealand concluded that 70 percent would rather have suspected activity
investigated privately than involve the police. However, the
willingness to report may be improving. A striking finding of the
Computer Security Institute’s “1999 Computer Crime and Security
Survey” was the dramatic increase in the number of respondents
reporting serious incidents to law enforcement: 32 percent compared to
only 17 percent in the three prior years of the survey.
66
the defendant in state and federal courts in New Jersey in December
1999.
67
Matters that federal enforcers reject for prosecution — due to
the application of a high threshold of monetary damages, for example —
should be candidates for state enforcement action. The U.S. Justice
Department’s David Goldstone testified about the need for effective
state-level enforcement:
68
INTERNET FRAUD
69
I think that with the Internet as the medium, everything happens
more quickly. The business sets up more quickly. They change
identities more quickly. I mean, you can throw up a new Web site
in an hour. It just has moved things to kind of a warp speed. So
you find that the life-span of one of these frauds is much
shorter than might have been the case where the frauds turned out
to rent office space, get phone lines, [and] do all of those
sorts of things. We find more and more that these scams are
operating out of homes.
Noting that fraud over the Internet requires access to some form
of payment system, just as every other kind of fraud does, Ms.
Harrington urged consumers to pay for their online purchases by credit
card. She explained that “consumers have important federal rights that
protect them from being held liable for unauthorized and fraudulent
transactions if they pay by credit card.”
70
independent firm, which rates Web sites for consumers, expects online
auction sales volume to exceed $9 billion in 2000. According to IFW,
online auction complaints led all others with 68 percent of the
Internet-related fraud complaints it received in 1998. Auctions also
were first in 1997 with 26 percent. During the first six months of
1999, IFW received 5,287 auction complaints, surpassing the 5,236 it
received in all of 1998.
71
Online investing is generally a positive development, giving
investors unprecedented access to company and investment information
and individual trading services. As in other areas, however, the
Internet has provided dishonest operators with an efficient medium to
defraud investors. The U.S. Securities and Exchange Commission
reported a 330 percent increase in complaints regarding online
investments in 1998. Its Office of Internet Enforcement receives
between 200 and 300 complaints every day, of which 70 percent allege
Internet securities fraud. Many investors have not developed proper
skepticism about the quality some of the information they encounter
online.
72
Bogus Sales of Hardware or Software. Purchased computer
products may never be delivered, or they may not be as
represented.
73
File Rights Under State and Federal Law" before a contract is
signed.
74
the address is a post-office box. When authorities detect
them, the perpetrators merely shut down the Web site and
impersonate the same or another brokerage firm using a
different Web address and another post office box.
75
have to ask search engines to remove access to the phony
sites, a process that may not occur expeditiously enough to
forestall significant losses of profit and reputation.
76
program and provide prevention tips. Complainants may contact the
program’s toll-free hotline at 1-877-987-3728. Public libraries
received 16,000 informational videos. Coordinating the campaign are
the U.S. Postal Inspection Service, the Federal Trade Commission, the
Federal Bureau of Investigation, the Department of Justice, the
Securities and Exchange Commission, the National Association of
Attorneys General, the American Association of Retired Persons and the
Council of Better Business Bureaus Foundation. Many of kNOw Fraud’s
awareness tips also will help people to avoid becoming victims of
online fraud.
77
Jersey’s Division of Consumer Affairs participates in these periodic
nationwide enforcement “sweeps.” Past targets have included bogus
“lotions and potions” health claims, pyramid schemes and credit repair
frauds. Scamming Web sites that have blocking programs to screen out
anyone using a government computer are accessed by investigators from
their home computers.
The FTC has a list called the "Dirty Dozen: 12 Scams Most Likely
to Arrive Via Bulk E-Mail.” Individuals can forward their scam spam
(unsolicited commercial e-mail, or UCE) to a special FTC e-mail
address [email protected]. The FTC receives more than 1,000 such messages a
day. It also issued a brochure about UCE entitled “Trouble @ the In-
Box.” In 1998, the FTC published a booklet called “Advertising &
Marketing on the Internet: Rules of the Road.”
Ms. Harrington testified that the FTC uses the Internet for
consumer education. Mimicking fraudulent offers with portions of
actual scam pages, FTC staff creates “teaser” Web sites that “look
just like what the scam guys do,” according to Ms. Harrington. If
consumers respond, they view a notice that begins as follows:
If you answered an ad like this, you could get scammed. We’re the
Federal Trade Commission. Here are some things that you need to
watch out for if you’re looking for a home-based business
opportunity on the Internet.
The site then directs the surfer to a series of links where consumers
can learn how to protect themselves from fraud on the Internet.
78
It may be reached through the FBI’s Web site or www.ifccfbi.gov. Co-
sponsored with the National White Collar Crime Center, the IFCC
collects computer crime complaints from the public at its Web site. It
also serves as a clearinghouse of online fraud complaints collected
from a variety of organizations. Approximately 80 percent of the
complaints received do not meet the FBI’s threshold guidelines for
initiating an investigation. These are forwarded to state and local
law enforcement agencies. The National White Collar Crime Center,
which receives some project funding from the U.S. Department of
Justice, provides analytical support and training to the local and
state agencies. It is developing a curriculum for Internet fraud
investigations.
79
INTERNET FRAUD WATCH
BBBONLINE®
80
challenged by the BBB and found not to be substantiated or not
in compliance with the BBB’s children’s advertising
guidelines;
Respond promptly to all consumer complaints; and
Agree to arbitration, at the consumer’s request, for
unresolved disputes involving consumer products or services
advertised or promoted online.
81
companies who are driving the Internet, Internet advertising and
creation of commercial Web sites, are a lot of new young startup
companies … who are not familiar with a lot of the traditional
criteria. So we really have to cite the education aspect.
The SEC asked Congress for $150 million for its enforcement and
investor education programs for federal fiscal year 2001. The agency
plans to create an automated surveillance system to search public
online forums, such as Web sites, message boards and chat rooms for
telltale words or phrases indicating unscrupulous stock promotions.
SEC investigators currently do the job manually with computer search
engines.
82
Gathering, Analysis and Retrieval (EDGAR) system, located at its Web
site. If a company’s reports are not listed on EDGAR, investors may
find out from the SEC (1-202-942-8090) whether the company filed a
stock offering circular under “Regulation A” or a “Form D” notice.
83
FEDERAL DEPOSIT INSURANCE CORPORATION (FDIC)
The FDIC has 20 examiners who surf the Net on a part-time basis
to locate bank scams.
84
In addition to inquiring at the SEC, investors should check with
New Jersey’s Bureau of Securities to see if it has additional
information. The Bureau can check the Central Registration Depository
(CRD) to determine whether the broker touting the stock, or the
broker’s firm, has a disciplinary history. It can also find out
whether the offering has been cleared for sale in New Jersey.
In late 1999, the Division filed two civil cases under New
Jersey’s Consumer Fraud and Pharmacist Licensing laws involving
illicit sales of the drug Viagra over the Internet. In one case the
anti-impotence drug allegedly was shipped in response to a request
over the Internet in the name of an investigator’s dog. In the other
case two men who were not pharmacists allegedly offered Viagra over
the Internet and dispensed it when supplied with physician
prescriptions. Allegedly, in neither case did the purveyor take note
of any other medications the “patient” was taking and warn of
potentially harmful interactions. Meanwhile, one recent federal
investigation turned up 86 Internet sites offering Viagra without a
prescription.
85
although they were not licensed to practice medicine in New Jersey.
The “visits” required the patient to fill out a simple questionnaire
but included no medical examination.
The U.S. Food and Drug Administration estimates that there are in
excess of 400 online pharmacies. According to the market research firm
Cyber Dialogue, more than 200,000 people bought prescription drugs
online from July 1998 to July 1999. The drug mills in the profession
hurt legitimate online pharmacies that work with reputable physicians
and have a genuine concern for patient safety. In December 1999, the
National Association of Boards of Pharmacy (www.nabp.net) established
a voluntary certification program for Verified Internet Pharmacy
Practice Sites™ meeting the requirements of 17 review criteria.
Certifications have been awarded to FamilyMeds.com, Drugstore.com,
Merck-Medco Rx Services and PlanetRx.com.
86
recommendations. The proposed legislation would create a limited
license that physicians outside the State would be required to possess
to diagnose or treat in-state patients through the use of electronic
devices. Provisions also are being drafted that would allow
physicians, including those who hold the new limited license, to e-
mail prescriptions for patients.
87
IDENTITY THEFT
88
A couple of recently exposed incidents have diminished the
absolute confidence with which many consumers conduct e-commerce via
credit cards. In December 1999, an Eastern European hacker, using the
alias Maxus, allegedly stole the numbers of about 300,000 credit cards
from the database of an Internet Web site, CD Universe. When the firm
refused to pay a $100,000 extortion demand, about 25,000 numbers were
sold on a Web site, which has since been taken down.
Banks and credit card companies pick up the lion’s share of the
89
direct financial tab for identity theft. Under the Fair Credit Billing
Act, an individual’s financial liability is limited to $50 if he
promptly reports fraudulent use of a credit card to the credit-card
company. For similar protection, debit-card holders must notify their
banks within two business days. If they wait longer, users are liable
for as much as $500. Meanwhile, the corporate victims pass their
losses on to consumers, who bear the costs indirectly in the form of
higher prices and interest.
A victim may not even know that her identity has been stolen
until she is dunned for a debt about which she knows nothing.
Meanwhile, her credit reports, in the hands of national commercial
credit bureaus that report creditworthiness to vendors and lenders,
may contain errors for a number of years before they are fixed. Unless
the credit reporting companies promptly correct the information in
their files, the victim may have to continuously establish the
creditworthiness that other consumers take for granted.
90
Officials do not have comprehensive figures on how many identity
thefts occur annually because it is not broken out as a separate crime
in analyses of fraud schemes. The U.S. Secret Service’s national
tracking reveals that at least 1,000 Americans are victimized by
identity theft every day and that the cost almost doubled from about
$442 million in 1995 to $745 million in 1997. According to the Public
Interest Research Group (PIRG), up to 40,000 people are victimized by
identity theft every year.
Trans Union LLC — the only credit bureau to track identity theft
cases — reported that two-thirds of all consumer inquiries to its
Fraud Victim Assistance Department involve identity theft, according
to a 1998 General Accounting Office study. The number of cases
reported to Trans Union’s hotline jumped from 35,235 in 1992 to
522,922 in 1997, the GAO added. Another credit bureau, Equifax Credit
Information Services, Inc., received 1,200 calls a day on its fraud
lines in 1997, quadruple the number received in 1995. In 1996 and
1997, identity theft was the number one complaint at the Privacy
Rights Clearinghouse, based in San Diego, California.
91
The Internet now affords perpetrators, whether operating
individually or as members of organized rings, access to a vast amount
of information about individuals and businesses with just a few
keystrokes. Until 1997, the Congressional Record’s Web site included
the Social Security numbers of military officers granted promotion
approval by Congress. Using the data on the government Web site, a
private site operator posted the numbers, along with those of many
prominent public figures. In December 1999, the Newark Office of the
Secret Service arrested three people for allegedly using the military
officers’ numbers to create hundreds of phony credit card accounts,
including at least one in the name of the former Chairman of the Joint
Chiefs of Staff. Two Trenton residents pled guilty in U.S. District
Court in early 2000.
92
Criminals compromise real identities far more often than they
fabricate new ones. Thieves can capitalize immediately on a business’s
confidence in a longstanding relationship with a reliable customer.
The defrauder does not have to cultivate a new relationship with the
corporate victim.
Although Post Office “mail drops” are essential for the success
of many schemes, including credit card and identity theft, in the past
there was little scrutiny to determine if they were being used for
illegal activity. Effective April 24, 1999, new U.S. Postal Service
93
regulations imposed stricter requirements on private mailbox (PMB)
customers and commercial mail receiving agencies (CMRAs). The latter
are private businesses that, through a written agreement, accept their
customers’ mail from the Postal Service, hold it for pick-up (private
mailbox) or re-mail it to other addresses.
Under the new regulations, CMRAs must register with the Postal
Service to act as an agency to receive delivery of mail for others.
They must ask those who rent PMBs from them to produce two forms of
identification, one with a photograph. They may not deliver mail to a
box unless the customer has identified himself in a Form 1583 that is
kept on file. The CMRAs are required to submit quarterly alphabetized
lists of their customers to the Postal Service. Their customers must
use the designation “PMB” and the relevant number in their mailing
address. An address format change will let correspondents know they
are dealing with the holder of a private mailbox at a specific street
address and not an occupant of a “suite” or “apartment.”
94
merchant’s credit card processing number and terminal ID number from
discarded receipts that he might find lying around a mall parking lot.
He programs the numbers into the credit card processing device. Then,
he makes purchase after purchase with the credit card. However, he
never exceeds the card’s credit limit because he uses the processing
terminal and the impersonated merchant’s numbers to enter returned
merchandise credits canceling the charges in the credit-card company’s
computer. By the time the credit-card company realizes what has
happened, the perpetrator, enriched by material goods from several
expensive purchases, is long gone.
Mr. Lucich pointed out that “[a]nybody can set up a Web site for
as little as $15 and attempt to defraud people.” Through online
financial newsgroups, the scammer can find out the e-mail addresses of
people interested in enhancing their credit. He then spams such people
with e-mail touting the easy availability of credit on his Web site.
Once lured there, they provide the information that allows the
perpetrator to steal their identities and leech their good credit
histories. In that way, the schemer can reach thousands or even
millions of specifically targeted potential victims with the click of
a mouse. It would take months, a large staff and significant expense
to reach such an audience with traditional solicitation by telephone
or so-called “snail mail.”
The FTC’s Beth Grossman testified how even a vigilant credit card
company can be duped by a thief armed with an individual’s identifying
information. The thief starts by telephoning the company to change the
address on the account. Armed with his victim’s personal information,
the thief can answer all of the questions asked by the company’s
representative to separate genuine customers from wrongdoers. The
thief knows the legitimate customer’s social security number, date of
birth and mother’s maiden name. Once the company assigns a new address
95
to the account, the thief can order expensive items with impunity,
collect them at various delivery addresses, and never have to fear
timely interruption by authorities tipped off by the victim. Discovery
of the scheme occurs only when substantial monthly bills are not paid
or bogus credits from an impersonated vendor are discovered. When the
true account holder is traced back to his original address, the
impersonator and his purchases are long gone. Ms. Grossman added, “The
frustration happens when people don’t find out about this until it’s
at the time they need credit. They go to get a mortgage or student
loan, and they find that their credit is all screwed up.”
• Get a free copy of your credit report from each of the three
major credit bureaus every year. Check to be sure that
everything, including addresses, is accurate. Under the federal
Fair Credit Reporting Act (amended by the Consumer Credit
Reporting Reform Act of 1996), a consumer who has been denied
credit during the last 60 days may receive a free copy of his
credit report. In New Jersey he is entitled to one free copy
annually, even if he has not been rejected for credit. The cost
is about $8.00 for each additional report.
96
personal information that links your name to an account number.
Do not leave your ATM or credit card receipts intact in the
trash. If you decide not to proceed with a loan or purchase, take
all unused copies with information home with you. Destroy or
delete social security numbers from any documents before throwing
them away.
• If your credit card or other bills are more than two weeks late,
do three things: First, contact the Postal Service to see if
someone has forwarded your mail to another address. Second,
contact your bank to ask if the statement or card has been
mailed. Third, contact the businesses that send you bills.
• Do not pay your bills by putting them in your home mailbox with
the red flag up. Use the Post Office or a postal mailbox for bill
payments. Protect your incoming mail with a locked mailbox or
Post Office box.
• Memorize your social security number and all passwords and PIN
numbers. Do not use common identifiers, such as mothers’ maiden
names and birth dates, as passwords or PIN numbers.
97
of people in New Jersey and at least six other states by, in some
cases, posing as online representatives of the service providers.
They told the subscribers that their account information had been
lost and should be provided again.
• You may want to have your name, address and phone number deleted
from marketers’ lists. Write to the Direct Marketing
Association’s Mail Preference Service (PO Box 9008, Farmingdale,
NY 11735) and Telephone Preference Service (PO Box 9015,
Farmingdale, NY 11735).
98
Trans Union (P.O. Box 6790, Fullerton, CA 92834).
• Order a copy of your credit report. The report is free if you are
a victim of identity theft or have been denied credit in the last
60 days. Anytime you apply for a loan of any type, you are
entitled to a copy of the credit report that is provided for you.
• Immediately notify your banks and obtain new account numbers for
all of your checking, savings and other accounts. Pick new PIN
numbers for your ATM and debit cards. Close all of your credit
card accounts and reopen them with new numbers.
• Call the local field office of the U.S. Secret Service to report
any credit card fraud.
99
prosecutions were limited to fraud, theft, forgery and impersonation
charges associated with the identity theft. Victim loss thresholds of
$40,000 or more limited the number of offenses brought to court.
100
bureau within the Department of Treasury. Historically, it has
investigated crimes that have interfered with evolving payment
methods, from cash to plastic and electronic media. In 1982, with the
passage of the Comprehensive Crime Control Act, the Secret Service
expanded its investigative mission to include the manufacture and
distribution of identity documents, such as social security cards,
state driver’s licenses, birth certificates, passports/visas, voter
registrations and alien registrations.
With the U.S. Secret Service as the lead agency, a West African
Task Force was formed recently in New Jersey to counter identity
theft. Other agencies in the Task Force are the FBI, the State
Department, the INS, the IRS, the U.S. Postal Inspection Service, the
Inspector General of HUD, the New Jersey State Police and prosecutors’
offices in Union and Essex counties. There are similar task forces in
other states, and agents are assigned to the U.S. Embassy in Nigeria.
In 1998, the New Jersey Task Force generated 31 federal and 62 county
prosecutions.
101
to locate people or to verify their identities.
102
of the transaction over the Internet, the one that’s not
expressed is this intent to establish a list, a consumer profile,
that they can then sell to another marketer.
Mr. Flanagan pointed out that although the consumer clearly authorizes
the use of information necessary to complete the transaction, she does
not thereby consent to the sale of her personal information to a party
unknown to her.
The FTC’s Beth Grossman testified that her agency has been
working with major companies to encourage them to adopt online privacy
policies. She advised consumers visiting e-commerce sites to check
whether the sites display privacy policies. She listed what consumers
should look for when they buy online:
Ms. Grossman added that online consumers should apply some of the same
good sense that they use offline: “You deal with the companies that
you know. Don’t provide information that you wouldn’t provide to a
stranger in another context.”
In June 1998, the FTC reported that in its March 1998 review of
1,400 randomly selected Web sites, including 212 directed at children,
at least 85% solicited some sort of personal data. Less than 2% of the
sites disclosed how the information would be used. However, the Direct
Marketing Association, which opposes regulation of the Internet, did a
survey that showed that in May 1998, 70% of 100 popular children's
sites and 64% of popular business sites posted privacy statements.
This was a sharp increase from the figures of a January 1998 survey.
103
Under the federal Fair Credit Reporting Act, consumers and the
FTC can bring actions against consumer reporting agencies and data
furnishers if their information is inaccurate. The law permits
consumers to receive free disclosure of their reports within 60 days
of a credit, insurance or employment denial. It allows consumers to
challenge the accuracy of any item of information in the report and
require it to be re-verified within 30 days, or removed. The law
limits access to consumer reports only to those with a permissible
purpose and permits consumers to bring a civil action against anyone
who accesses a report for false purposes. Lastly, it permits consumers
to remove their names from credit bureau mailing lists sold to credit
grantors for the purpose of making credit card offers. This allows
consumers to stop receiving unsolicited "pre-approved" credit card
offers.
104
surveyed U.S. commercial Web sites to determine how personal
information is being collected from online consumers. In a 3-2 vote,
the FTC in May 2000 approved a report on the survey results to
Congress (www.ftc.gov/reports/privacy2000/privacy2000.pdf). The
report, Privacy Online: Fair Information Practices in the Electronic
Marketplace, concluded that online businesses have not done enough to
ensure privacy. It recommended that Congress enact laws setting “basic
standards” for online collection of information not already covered by
the Children’s Online Privacy Protection Act.
105
Books, September 1997), which contains hundreds of tips for consumers
on how to safeguard privacy, including a chapter on identity theft.
106
Internet browser to alert users when they are tracked on the Internet
and by whom. Users can decide how much information they want to give
away in order to benefit from personalized services.
INTERNET GAMBLING
107
Although there is no central registry of Web sites offering
betting, most experts believe there are more than 850. The January 26,
1998 issue of Sports Illustrated noted that Internet sports-gambling
sites increased from two in 1996 to more that 50 by 1998. On February
1, 1999, the Web site Rolling Good Times listed 110 sports-related
Internet gambling sites.
108
relying on credit cards and cross checking databases operators can
have gamblers verify who they are with a reasonable degree of
assurance.
Mr. Safavian noted that the IGC has “called for hard hitting
third party governmental regulation of Internet gaming.” He testified:
“And let me take a second and say that no one in this [hearing] room,
I suspect, believes the current state of play is appropriate or in the
best interests of the Internet, the player [or] the gaming industry.
Open and unregulated interactive wagering is not a good idea.”
109
desires of its population. Internet gambling nullifies this policy
by making casino gambling and sports betting available to all
citizens with access to a computer. This should not be viewed as
analogous to having its citizens travel to another jurisdiction
where gambling is legal, but, rather, as the equivalent of having
outsiders come in and open casinos or betting parlors within the
jurisdiction’s borders.
EFFECTIVENESS OF PROHIBITION
In most cases, state and federal laws prohibiting various forms
of gambling were adopted before the creation of the World Wide Web.
Owing to the international nature of the business, such laws have
achieved only nominal success in curtailing Internet gambling. Whether
tightened prohibitions would have a significant impact on offshore
operators and their U.S. customers is not clear. Such operators often
are beyond the reach of U.S. laws, and their patrons can effectively
mask their activity.
110
According to the National Association of Attorneys General
(NAAG), of which New Jersey is a member, the federal Wire
Communications Act of 1961 (Anti-Bookie Act), 18 U.S.C. §1084,
insufficiently prohibits gambling over the Internet. The NAAG cites
six "major deficiencies" in the law:
• The present law does not allow a "prospective remedy" for law
enforcement. The NAAG wants Internet gambling operators closed
down before they commit crimes.
111
then placed bets via computers or toll-free phone numbers.
Legislation signed on July 17, 1997, made Nevada the first state
to explicitly prohibit — and allow — Internet gambling. The Nevada law
permits licensed race and sports books, off-track pari-mutuel betting
operators and casinos to accept wagers via the Internet. Therefore, it
is a state crime for a Nevada resident to make an out-of-state bet
over the Internet, but legal under that state’s law for certain Nevada
operators to accept wagers from anywhere in the world.
112
success attacking the financial transactions necessary to pay off
wagers. Some experts contend that about 85 percent of online bettors
use credit cards. The card issuers and banks worry about charge-backs,
where a player can stop payment on his losing bets. They have
considered banning gambling charges because of recent lawsuits by
bettors contending they do not have to pay debts incurred from illegal
activity. The National Gambling Impact Study Commission mentioned two
such cases. The lawsuits have caused some foreign operators to
conclude that they must have the money in hand in their countries, via
wire transfers or other forms of payment, before they can accept
wagers. This reduces the number of customers willing to patronize
those operations.
Although gambling via home computer might violate state laws and
may be subject to creative legislation and civil and criminal
enforcement actions, only the federal government may have the full
panoply of resources to aspire to curtail such activity. Recognizing
the difficulties posed by Internet gambling, the NAAG, with the
approval of New Jersey among numerous other states, passed a
resolution in mid-1998 asking Congress to create a new federal crime
part of which would have made it a misdemeanor to make a bet on the
Internet. Wisconsin Attorney General James E. Doyle, who co-chaired
NAAG’s Internet Working Group, wrote to William A. Bible, Chairman of
the National Gambling Impact Study Commission’s Subcommittee on
Regulation, Enforcement and the Internet, that “NAAG has taken the
unusual position that this activity must be prohibited by federal law,
and that State regulation would be ineffective.”
Although the U.S. Senate passed Senator Jon Kyl's (R-AZ) bill,
the "Internet Gambling Prohibition Act," the House counterpart, H.R.
4427, sponsored by Frank A. LoBiondo (R-NJ) died in the House
113
Judiciary Committee in October 1998. The bills would have amended the
Interstate Wire Act to punish Internet gambling operators and bettors
and to require Internet service providers (ISPs) to block out gambling
sites. The bills were reintroduced in 1999 (see S. 692). They would
provide an exception for pari-mutuels, but an amendment offered to the
Senate bill by Robert Torricelli (D-NJ) would require permission from
a state’s racing commission before an interactive wagering provider
would be permitted to accept accounts from residents of that state.
The 1999 version of the Kyl Bill (which does not criminalize the
act of betting on the Internet) was passed by the United States Senate
in November 1999. A companion bill in the House of Representatives
(H.R. 3125) was approved by the Judiciary Committee in April 2000. It
is not clear at this time whether a federal ban on Internet gambling
will ultimately be enacted, what form such a ban will take, or if any
ban will be enforceable and effective.
114
JUSTIFICATION FOR REGULATION
Some observers believe that prohibition promotes unlawful
activity while regulation diminishes it. Many believe that for the
protection of the industry and consumers Internet gambling should be
regulated by a federal agency with adequate enforcement powers. The
federal District Court in New York recently ruled in a pornography
case that it would burden interstate commerce unduly to have 50
different state laws apply to the Internet.
115
Given a choice, most consumers will participate in a regulated
environment when it competes with an unregulated one, because they
want to avoid being victimized by unscrupulous operators. Although a
rogue company could always exist beyond any regulatory pale, its
customer base would shrink as a regulated industry satisfied consumer
demand. The cost of relocating to new Web addresses to avoid
regulatory sanctions would function as the ultimate market-driven
enforcement mechanism.
116
gaming companies regulate gambling over the Internet. The companies
provide regulatory services to governments and work with Internet
gaming companies on self-regulating the industry.
117
I would suspect that we have a number of operators offshore that
are merely biding their time until they can sell out, and I’ll
tell you why. If … I were going to [bet online], and I had a
choice between www-dot-no name-dot-com and Caesar’s Palace
Online-dot-com, I know where I’d put my blackjack bet, and I
think others do recognize that.
EFFECTIVENESS OF REGULATION
Although nearly universal agreement exists regarding what an
effective system of Internet gambling regulation should require, it is
much less clear that current technology can insure that such
requirements are met. Many of the Internet gambling regulatory systems
currently extant appear to place significant, if not total, reliance
on the integrity of the operators. Although operator integrity is a
vital part of any gambling regulatory system, casinos and other real
gambling businesses are also subject to continuing and pervasive
scrutiny of their activities. Each gambling transaction is monitored,
each slot machine program is checked, and each chip is sealed into the
machine.
118
audit gambling transactions that have already taken place? How can
they assure themselves that the computerized records furnished by
the operator have not been altered?
COMPULSIVE CYBER-GAMBLING
Compulsive people often succumb to the lure of gambling and
degenerate into insolvency, detachment from family and friends, and
despair. Internet gamblers are particularly susceptible to a “cave
syndrome” fostered by convenient, varied and isolated gambling 24
hours a day. Easy access to wagering exacerbates compulsive gambling,
and there is no greater access than that afforded by the Internet.
119
to addressing the issue of compulsive gambling.
120
E-COMMERCE IN ALCOHOLIC BEVERAGES
AND TOBACCO
Sales of alcoholic beverages and tobacco over the Internet
present different problems for law enforcement than Internet gambling.
Whereas the cyber-gambling “product” can be accessed entirely online,
alcoholic beverages can be acquired over the Internet only by physical
shipment of bulky material, regardless of how the customer pays for
it.
A bill pending in Congress, H.R. 2031, would permit the chief law
enforcement officer of a state to seek injunctive relief in federal
court against those violating state law regulating the importation and
transportation of alcoholic beverages. It would permit state
enforcement agencies to confront out-of-state shippers with more
confidence in their jurisdiction.
The online tobacco sellers maintain that their sales are legal
because a credit card is needed to make a purchase, and only
individuals over 18 can obtain a credit card legally. This defense
cannot succeed, however, for sales of liquor in those states, such as
121
New Jersey, requiring purchasers of alcoholic beverages to be at least
21 years old.
More than perhaps any other area computer crime control requires
cooperation between the public and private sectors. Businesses must
have confidence that reporting computer crimes and cooperating with
investigations will have a positive impact on the bottom line. Law
enforcement must earn such confidence. It also must take full
advantage of the vast expertise available from private sources that
have a keen interest in clean e-commerce and the security and
integrity of cyberspace.
122
documents. The hard drives of drug traffickers contain financial
records and data about shipments and customers, and Internet
connections do away with the need for open-air drug markets that can
generate complaints from the surrounding neighborhoods. Bookmakers’
computers store records of bets and bettors. Prostitution rings track
employees and their customers electronically. Highly sophisticated
fraud operations have been detailed in computer records. Even detailed
plans for the commission of a murder have been recovered from a
perpetrator’s computer.
123
strong encryption over the Internet. No longer will you be able
to pull my credit card number out of a server if encryption is
used properly. So I think on the one hand, it’s going to hinder
law enforcement from looking at a bad guy’s hard drive or a bad
guy’s communications. On the other hand, I think it’s going to
protect the public like nothing else can protect the public.
124
officers may or may not have, and you can get up and running.
JURISDICTION
Jurisdiction is one of the greatest challenges to state and local
enforcement in the Internet age. Oftentimes, the person trying to
break into a computer or send pornography to, or lure, a New Jersey
child is doing so from another state. Likewise, the information
necessary to investigate the case may also be in another state. These
two scenarios point up the thorny problems of jurisdiction in a cyber-
world without borders.
125
matters where “conduct which is an element of the offense or the
result which is such an element occurs within [New Jersey].” Thus, a
person may be held criminally accountable in New Jersey for behavior
committed in another state.
126
established a system similar to an interstate compact, thereby
overcoming some of the jurisdictional hurdles that state and local law
enforcement encounter.
Sergeant Doyle testified that his unit has nine law enforcers,
127
including six investigators, two sergeants and one lieutenant for “the
whole City of New York.” He said his caseload “has doubled every
year.” He bemoaned, “[A]nyone who has a computer crime lab at this
point, the minimum is about six months to get something looked at,
unless there’s some sort of compelling reason it has to get done right
away — for grand jury or something of that nature.” Sergeant Doyle
added that the State of New York’s unit “has four investigators right
now.” Abigail Abraham, who heads the Computer Crimes Investigation
Bureau of the Illinois State Police, testified that she had five
people working for her, with a promise of nine more.
128
James Doyle — also a former President of the Northeast Chapter of the
High Technology Crime Investigation Association and its current First
Vice President — supervises the Computer Investigations and Technology
Unit of the New York City Police Department. Public hearing witness
Abigail Abraham, the head of the Computer Crimes Investigation Bureau
of the Illinois State Police, founded and was the first President of
the Midwest Chapter of the High Technology Crime Investigation
Association. These and similar organizations around the country
provide significant assistance to law enforcement personnel trying to
cope with the complexity of computer crime-related investigations. See
the Law Enforcement Internet Intelligence Report at
www.lawintelrpt.com.
129
New Jersey has concentrated much of its computer crime fighting
efforts in two specialized units: the High Technology Crime and
Investigations Support Unit in the Division of State Police and the
Computer Analysis and Technology Unit in the Division of Criminal
Justice (DCJ). These two units coordinate their activities to avoid
duplication of effort. Along with federal, county and municipal law
enforcement representatives, they comprise the Statewide Computer
Crime Task Force, created in December 1999 and growing out of the
cooperation established during the Melissa virus investigation. The
Task Force intends to combat computer crime proactively, but lack of
resources limits its ability to do so more than occasionally.
130
The HTC&ISU provides training to any law enforcement agency, as
well as civic, business and educational organizations. It has been
overwhelmed by requests for training and hands-on presentations. The
number of such requests increased 50 percent from 1998 to 1999 and
came from agencies as far away as Michigan and New England.
131
and was recently used to purchase computer furniture for expanded
quarters to house the Unit at State Police Headquarters.
TRAINING
It is crucial that a core group of investigators and prosecutors
receives enough training to handle computer-related cases properly. In
addition, it is vital that civil attorneys who investigate and
prosecute non-criminal violations of law relating to computers and the
Internet receive similar training. In New Jersey, the divisions of
Criminal Justice and State Police have begun to implement specialized
training programs for law enforcement. The Statewide Computer Crime
Task Force is in the process of designing and implementing a training
program for deputy attorneys general and assistant prosecutors who
must investigate and prosecute computer-related crimes.
132
bimonthly with DCJ deputy attorneys general to address the impact of
emerging technologies on law enforcement in New Jersey. The CTC
program is designed to elicit input from experienced prosecutors in
order to identify new computer and telecommunication issues and
attempt to standardize practices for dealing with them. The
representatives then pass on what they have learned to their
colleagues and make recommendations for more formal training.
133
The NCTP is conducting a comprehensive assessment of the needs of
state and local law enforcement for coping with electronic crime. In
addition, it distributes a 3-part training video and accompanying
manual, Cyber Crime Fighting, to law enforcement personnel.
134
experienced officer or prosecutor’s skills. Two of the witnesses on
the law enforcement panel testifying at the public hearing, Michael
Geraghty and John Lucich, cut short their law enforcement careers
after a few years to pursue high paying, computer security-related
jobs in the private sector. Although they found much that was
satisfying about their law enforcement service, they cited
“bureaucratic nightmares,” budget restrictions and lack of
appreciation of the need for hard-won computer skills as important
reasons for the high turnover among qualified computer crime experts
in New Jersey and elsewhere.
135
RECOMMENDATIONS
New Jersey has taken significant steps over the years to ensure
that its laws give enforcement agencies the power to combat computer
crime. These laws also provide recourse for the victims of cyberspace
wrongdoing. In addition, although the State has taken steps to inform
the public and schoolchildren of online dangers, more remains to be
done.
2C:20-23. Definitions
As used in this act:
136
a. "Access" means to instruct, communicate with, store data in,
retrieve data from, or otherwise make use of any resources of a
computer, computer system, [or] computer network, or computer
storage medium.
b. "Computer" means an electronic, magnetic, optical,
electrochemical or other high speed data processing device or
another similar device capable of executing a computer program,
including arithmetic, logic, memory, data storage or input-output
operations[, by the manipulation of electronic or magnetic
impulses] and includes all computer equipment connected to such a
device, [in a] computer system or computer network, but shall not
include an automated typewriter or typesetter or a portable, hand
held calculator.
c. "Computer equipment" means any equipment or devices,
including all input, output, processing, storage, software, or
communications facilities, intended to interface with the computer.
d. "Computer network" means the interconnection of communication
lines, including microwave or other means of electronic
communication, with a computer through remote terminals, or a
complex consisting of two or more interconnected computers, and
shall include the Internet.
e. "Computer program" means a series of instructions or
statements executable on a computer, which directs the computer
system in a manner to produce a desired result.
f. "Computer software" means a set of computer programs, data,
procedures, and associated documentation concerned with the
operation of a computer system.
g. "Computer system" means a set of interconnected computer
equipment intended to operate as a cohesive system.
h. "Data" means information, facts, concepts, or instructions
[prepared for use] contained in a computer, computer system,
computer storage medium, or computer network. It shall also
include, but not be limited to, any alphanumeric, hexadecimal or
binary code.
i. "Data base" means a collection of data.
j. "Financial instrument" includes but is not limited to a
check, draft, warrant, money order, note, certificate of deposit,
letter of credit, bill of exchange, credit or debit card,
transaction authorization mechanism, marketable security and any
computer representation of these items.
k. "Services" includes but is not limited to the use of a
computer system, computer network, computer programs, data prepared
for computer use and data contained within a computer system or
computer network.
l. “Personal identifying information” shall have the meaning set
forth in subsection a. of section 1 of P.L.1999, c. 117 (N.J.S.
2C:21-17a.), and shall also include passwords and other codes that
permit access to a computer, data, data base, computer program,
computer software, computer equipment, computer system, computer
137
network or computer storage medium, where access is intended to be
secure, restricted or limited.
m. “Internet” means the international computer network of both
Federal and non-Federal interoperable packet switched data
networks.
138
c. Accesses or attempts to access any computer, computer system
or computer network, data, data base, computer program, or computer
software for the purpose of executing a scheme to defraud, or to
obtain services, property, personal identifying information, or
money, from the owner of a computer or any third party; [or]
d. [Alters, tampers with, obtains, intercepts, damages or
destroys a financial instrument] Obtains, takes, copies or uses any
data, data base, computer program, computer software, personal
identifying information, or other information stored in a computer
or computer storage medium; or
e. Accesses any computer, computer system, computer network,
data, data base, computer program, computer software, or computer
equipment and recklessly alters, damages or destroys a computer,
computer system, computer network, data, data base, computer
program, or computer software.
A violation of subsection a. is a disorderly persons offense. A
violation of subsection b. is a crime of third degree, except that
it is a crime of the second degree if the value of the damage
exceeds $75,000. A violation of subsection c. is a crime of the
third degree, except that it is a crime of the second degree if the
value of the services, property, personal identifying information,
or money obtained or sought to be obtained exceeds $75,000. A
violation of subsection d. is a crime of the fourth degree, except
that (1) it is a crime of the third degree if the data, data base,
computer program, computer software, or information has a value of
$500 or more, or it is or contains personal identifying
information, medical diagnoses or treatments, or governmental
records or other information that is protected from disclosure by
law or rule of court, and (2) it is a crime of the second degree if
the data, data base, computer program, computer software, or
information has a value of $75,000 or more. A violation of
subsection e. is a crime of the fourth degree, except that is a
crime of the third degree if the value of the damage is $75,000 or
more. A violation of this section is a crime of the second degree
if the offense results in a substantial interruption or impairment
of public communication, transportation, supply of water, gas or
power, or other public service.
A violation of any subsection of this section shall be a distinct
offense from a violation of any other subsection of this section,
and a conviction for a violation of any subsection of this section
shall not merge with a conviction for a violation of any other
subsection of this section or section 10 of P.L.1984, c. 184
(N.J.S. 2C:20-31), or for conspiring or attempting to violate any
subsection of this section or section 10 of P.L.1984, c. 184
(N.J.S. 2C:20-31), and a separate sentence shall be imposed for
each such conviction.
139
repealed as the provisions of those sections would be incorporated
into the revised N.J.S.A. 2C:20-25.
140
investigators and attorneys who enforce civil laws that are used to
combat illicit online conduct (such as the Consumer Fraud Act and
the Law Against Discrimination) receive training in order to remain
current with technological developments and investigative and
litigation techniques related to computer evidence. Therefore,
ongoing training of employees of the Division of Consumer Affairs,
Division of Law and Division of Civil Rights should remain a
priority. Further, periodic reviews of staff and equipment levels
should be conducted and those levels adjusted as computer-related
cases increase.
141
events.
All public school teachers whose courses involve student use of the
Internet should receive training in the instruction of Internet
safety and the application of critical thinking skills to online
information. Public school teachers can use the resources of the
Educational Technology Training Centers (ETTCs), that include
Internet safety training in each training session that addresses
Internet activities, and the Commission on Holocaust Education,
which works with the ETTCs to offer special training sessions that
incorporate topics such as Internet safety and false information
about the Holocaust.
142
a variety of means, including a special Web site located at
www.state.nj.us/njded/techno/htcrime. The Web site offers
information about where guidelines and curriculum material on the
ethical use of computers, Internet safety, evaluating Web sites and
filtering information may be accessed. The Web site is constantly
evolving to meet the needs of schools on the potential risks and
dangers related to interactive computer services.
The Department of Law and Public Safety should issue safe computing
guidelines on a Web site and publicize its availability. This would
implement a key responsibility given to the Department by the High
Technology Crimes and Interactive Computer Services Protection Act.
143
seeking information and records of electronic communication
services or remote computing services located outside New Jersey.
Alternatively, New Jersey should encourage a new interstate compact
that would help ensure enforcement of out-of-state subpoenas and
warrants stemming from Internet investigations.
ONLINE PRIVACY
144
should be afforded to state attorneys general and aggrieved
private individuals.
The Department of Law and Public Safety’s Web site for safe
145
computing guidelines should include electronic forms for filing
complaints of computer-related wrongdoing with enforcement
agencies.
* * *
The State Commission of Investigation and the Attorney General wish to
extend special thanks to the following staff who assisted in the
preparation of the joint public hearing and this report:
146