WASHINGTON-The Justice Department, severely challenged with combating cyber crime in the new century, is expected to press Congress this year and well into the future for a load of new legislation that would expand law enforcement authority, increase penalties for cyber crimes and provide stronger investigative tools to curb unlawful conduct on the Internet.
To do this, Justice faces the delicate task of making a strong case to law enforcement-friendly lawmakers on Capitol Hill without unnecessarily provoking privacy advocates.
Indeed, in a new report produced by a presidential working group, Justice attempted to walk that fine line in stating, “Despite the general adequacy of laws that define the substance of criminal and other offenses, the Working Group finds that the Internet presents new and significant investigatory challenges for law enforcement at all levels.”
The report goes on to identify six laws that need strengthening. They include the pen register and trap and trace statute, the computer fraud and abuse act, the privacy protection act, the electronic communications privacy act, the telephone harassment statute and the cable communications policy act.
Proposed changes to the six laws, which law enforcement maintains are needed to fight cyber crime, constitute more than a casual wish list. The recommendations constitute Justice’s cyber crime legislative agenda for 2000.
As the wireless industry transforms itself into an appendage of the Internet and a handy enabler of e-commerce, cyber crime and new laws to fight it will take on greater significance for carriers.
Already, the wireless industry and privacy advocates find themselves engulfed in litigation over digital wiretap regulations approved by the Federal Communications Commission that they see as an affront to constitutional privacy protections.
The FBI, for its part, claims industry is fighting some digital wiretap requirements because carriers want to minimize their costs.
One change sought by Justice has attracted the interest of privacy watchdogs.
Justice wants new authority to obtain trap and trace orders on a nationwide basis. Such a tool, according to Justice, would greatly aid the tracking of hackers like those who early this year temporarily sabotaged the popular Web sites of Yahoo!, Amazon.com, E-bay, CNN, Buy.com and others.
Justice does not come right out and ask for nationwide trap and trace order legislation in the March report. Rather, the report merely alludes to the problem of obtaining court orders in multiple jurisdictions for trap and trace authority.
But in testimony before Congress this year, both Attorney General Janet Reno and Deputy Attorney General Eric Holder pushed nationwide trap and trace orders as a needed tool for law enforcement in cyberspace.
Trace and trap orders enable law enforcement to collect outgoing and incoming telephone numbers of calls made by and to a suspect. The legal standard for obtaining trace and trap orders is much lower than that for securing a court-authorized wiretap order.
A lawfully obtained wiretap order allows law enforcement to intercept the contents of a given communication whether it be voice or data.
In fact, obtaining a trace and trap order from a judge is a mere formality. All a prosecutor must do is tell the court such an order is needed to aid an ongoing investigation. Under the law, the judge is required to approve it.
“Before we start extending the scope of pen registers nationwide let’s put real teeth into the standard for approving these orders,” said James Dempsey, senior staff counsel at the Center for Democracy and Technology.
Under current law, Dempsey said judges are reduced to rubber stamps.
“It [pen register/trap and trace statute] should be subject to a higher degree of privacy protection than current law provides,” said Dempsey.
Dempsey predicts Justice will get most, if not all, of the legislative changes it seeks this year. He said the only questions are whether cyber crime bills become vehicles for other law enforcement initiatives and whether privacy rights will be adequately addressed.
Dempsey, like others, also has serious concerns with a national plan being developed by the Clinton administration for the protection of government computer systems.
A controversial aspect of the plan is the recommended development of a Federal Intrusion Detection Network. Under the plan, the General Services Administration would have the authority to track communications across all federal government computer networks.
As such, electronic communications by federal employees (including e-mails from private citizens to federal employees) would be fair game for FIDNET eavesdropping.
But privacy groups insist there is no legal authority to create such an entity.
In testimony last month before a Senate Judiciary subcommittee, Marc Rotenberg, executive director of the Electronic Privacy Information Center, urged the FIDNET proposal be dropped.
“There is no `cyber threat’ exception to the Fourth Amendment. The fact that the government announces that a warrantless search may occur is hardly a sufficient legal basis to permit such searches to take place,” Rotenberg stated in written testimony.
For different reasons, some members of Congress find the administration’s National Plan for Information Systems Protection lacking as well.
Even if it gets legislation and an additional $37 million from Congress, the Justice Department concedes it will have a hard time keeping up with cyber criminals.
For one thing, there is a shortage of high-tech savvy personnel in federal law enforcement. And with huge salaries and stock options in the private sector, the odds of attracting computer experts to federal government jobs are not good.
Moreover, Justice said fighting cyber crime will require cooperation among law enforcement at the state, local, federal and international levels. It also will require help from industry in the form of secure Web sites.
While the high-tech industry has shown an inclination to band together in fending off cyber crime, executives are not keen on sharing information or cooperating on a large scale with law enforcement.
The industry also is leery about getting too much assistance from the government, fearing such intervention could lead new regulations.
