IWS - The Information Warfare Site
News Watch Make a  donation to IWS - The Information Warfare Site Use it for navigation in case java scripts are disabled

Statement of Michael T. McCaul,

Deputy Attorney General for Criminal Justice,

Office of the Attorney General, State of Texas,

Before the U.S. House of Representatives Subcommittee on Crime

May 24, 2001

Mr. Chairman and Members of the Subcommittee, I thank you for this opportunity to testify on the topic of cyber crime and efforts at the state level to combat it. Two factors have converged in recent years to bring about a major criminal justice problem: the wide spread use of computers and the Internet to commit crimes, and a critical lack of resources, especially at the state and local level, to combat computer-related crime. Last September, Attorney General John Cornyn launched the Texas Internet Bureau to address the rapid growth of cyber crime in Texas. Since that time the investigators and prosecutors at the Internet Bureau have been faced with a daunting array of cases -- from Internet savvy child predators and online child pornographers to computer hackers, identity thieves and computer fraudsters. Modern day criminals have learned to exploit the Internet and leverage computer technology to reach a virtually unlimited number of victims while maintaining a maximum level of anonymity, and I have no doubt that the number and variety of computer crimes will continue to mount.

Unfortunately, one of the biggest problems is that computer criminals are targeting the most vulnerable of our society -- children. While the Internet has revolutionized the ways in which the world communicates, there is an equally awesome dark side. According to the Federal Bureau of Investigation, child pornography was virtually extinct prior to the advent of the Internet. However, with increased Internet usage in America and the world there has been an alarming increase in child pornography cases. According to the U.S. Postal Service, 40 percent of the offenders who have been arrested with child pornography downloaded from the Internet have sexually assaulted minors. The National Center for Missing and Exploited Children and the Crimes Against Children Research Center's June 2000 report entitled Online Victimization: A Report on the Nation's Youth presents startling and disturbing results. Based on interviews with a nationally representative sample of 1,501 youths ages 10 to 17 who use the Internet regularly, the report found:

  • Approximately one in five children received a sexual solicitation or approach over the Internet in the last year.
  • One in thirty-three received an aggressive sexual solicitation - a solicitor who asked to meet them somewhere; called them on the telephone; sent them paper mail, money, or gifts.
  • One in four children had an unwanted exposure on the Internet to pictures of naked people or people having sex in the last year.
  • One in seventeen children was threatened or harassed.
  • Approximately one quarter of the children who reported these incidents were distressed by them.
  • The interviewed children reported less than 10% of the sexual solicitations and only 3% of the unwanted exposure episodes to law enforcement, the Internet Service Provider, or a hotline.
  • Only about 25% of the youth sexually solicited or approached told a parent and only 40% of those who experienced unwanted exposure to sexual material told a parent.
  • Only 17% of youth and approximately 10% of parents could name a specific authority (such as the FBI CyberTipline, or an Internet service provider) to which they could make a report, although more said they had "heard of" such places.
  • In households with Internet access, one third of parents said they had filtering or blocking software on their computer at the time they were interviewed. (1)
  • A large portion of the Texas Internet Bureau's case load involves the investigation of online child predators. In one case recently investigated by the Internet Bureau, a twenty-five year old school teacher was arrested by Austin police officers and Internet Bureau investigators after he solicited sex from a person he believed to be a minor in a chat room entitled "Younger Girls for Older Men." A subsequent investigation revealed that the suspect had previously used the Internet to seduce a fifteen year old girl, and the suspect was re-arrested on three counts of sexual assault of a child.

    Internet Bureau investigators have been involved in other cases as well. For example, last March, an investigator from the Internet Bureau assisted local police in investigating a potential school shooting case in Brownfield, Texas. The Internet Bureau became involved after Brownfield police received a report that a student was hacking into the local high school's computers. When the Internet Bureau and local police searched the student's home, they discovered a written a narrative detailing a plan to shoot up the school and murder several students, a master key to the high school, and schematic plans of the high school. Investigators also learned that the student was, in fact, hacking into one of the school's computers. The investigation led to the prosecution of the juvenile who is now serving time in a juvenile facility in Texas.

    These cases demonstrate that computer crimes have serious consequences - the rape of a child, and a potential school massacre. If we are to stem the flood of cyber crime, state and local authorities must increase their enforcement efforts. Attorney General Cornyn's Texas Internet Bureau is a step in the right direction, but it is only a first step.

    I believe that any efforts aimed at helping state and local law enforcement authorities combat cyber crime should be focused on three primary areas of concern: (1) jurisdictional issues, (2) cooperative initiatives, and (3) resources.

    Jurisdictional Issues

    Traditionally, state and local law enforcement agencies have been keenly aware of the jurisdictional boundaries in which they operate. City police officers patrol the city, county sheriff's deputies patrol the county outside of the city, and state police officers patrol the Interstate highway system. This enforcement model is very effective in handling local crimes -- crimes where the suspect, the victim, and the crime scene are located within one jurisdiction. The Internet, however, is an environment without boundaries; an environment which enables criminals to victimize local populations from anywhere in the world. Consider an example: a fraudulent scheme targeting Texas residents is perpetrated from a website. The website is hosted on a computer in Ohio, and investigators are not sure where the perpetrator is located. In order to locate the fraudster, Texas prosecutors would likely issue subpoenas to the service provider in Ohio, but currently, there is no formal mechanism for service and compliance with this subpoena and the Ohio provider could choose to ignore the subpoena altogether. Texas prosecutors might succeed in convincing the service provider to comply by obtaining help from authorities in Ohio, but this would be a matter of professional courtesy and not legal process. In addition, because service providers often only temporarily maintain records of Internet activity, the delay caused by having to contact out of state authorities and obtain assistance may result in the deletion of the records sought.

    This example illustrates the kind of jurisdictional hurdles often faced by state and local authorities investigating crime on the Internet. State and local authorities need laws that provide authority for out of state service of process and enforceability of that process.

    Cooperation and Coordination

    I am convinced that the problem of computer crime cannot be addressed by any one level of government acting on its own. It is simply not enough to react to this problem -- law enforcement must learn to interact if we are to triumph over network crime. The vast scope of the Internet and its increasing pervasiveness demands that governments develop partnerships and joint initiatives. Recently, the National Association of Attorneys General ("NAAG") and the Department of Justice's Computer Crime and Intellectual Property Section ("CCIPS") worked together to create a "Computer Crime Point of Contact List" that contains the name of an investigator and prosecutor from each state. These individuals have agreed to provide their telephone numbers and to serve as the contact point when investigators from out of state have questions during the course of a cyber crime investigation or prosecution. A copy of this list is available on NAAG's website at www.naag.org.

    In Texas, our office has been involved in another joint initiative -- the creation of the North Texas Regional Computer Forensics Lab. The North Texas Regional Computer Forensics Lab is a multi-agency facility that serves the computer forensics needs of all law enforcement agencies in a 137 county region surrounding the Dallas metroplex area. The cases investigated and prosecuted by the Texas Internet Bureau often turn on evidence contained within computers, evidence that must be examined and analyzed by experts such as those at the North Texas Regional Computer Forensics Lab. Prior to the creation of the lab, however, there was an eight to twelve month back log of seized computers that needed to be examined. This meant that if an investigator developed probable cause to search a child pornographer's computer for evidence of child pornography, the investigation would be put on hold for almost a year while the computers were analyzed and evidence extracted. Since the creation of the North Texas Regional Computer Forensics Lab, that delay has been reduced to less than a month. Attorney General Cornyn is very proud that the Texas Internet Bureau has joined with the FBI and nine local police departments in creating this Lab as the resource it provides will greatly enhance Texas efforts to bring cyber criminals to justice.

    Because we believe joint law enforcement efforts can have a truly awesome impact, our office is aggressively pursuing collaborations with all levels of law enforcement. For instance, the Texas Internet Bureau is working closely with the Dallas Police Department and the Dallas County Sheriff's office in the Internet Crimes Against Children Task Force. Frequently, investigators from our office conduct joint investigations with the Austin Police Department's High Tech Squad or with the Texas Department of Public Safety's Special Crimes Division.

    We are also working with federal agencies. In fact, we were able to attract a top cyber crime prosecutor, Reid Wittliff, from the Dallas US Attorney's office to head the Internet Bureau. Another one of our prosecutors has been selected for a fellowship sponsored by NAAG with funds received from the Bureau of Justice Assistance at the Computer Crime and Intellectual Property Section here in Washington. In prior years, representatives from three attorneys Generals' offices have gained valuable experience during the fellowship. If this years fellowship is funded, we see two benefits coming from it: first, our attorney will gain expertise and training in the area of computer crime and bring that experience to the Texas Internet Bureau, and second, our office will build a closer relationship with the Department of Justice. Following the success of the CCIPS fellowship, the Texas Internet Bureau has plans to start a similar internship program this Fall. We plan on creating two internship positions for local police officers who will come work at the Internet Bureau and gain experience and hands on training, and then take that experience back to their local departments after the internship.


    Joint partnerships of federal, state, and local law enforcement agencies such as the North Texas Regional Computer Forensics Lab are the solution to the problem of cyber crime -- but these initiatives will not get off the ground without resources. Cyber crime fighting is an expensive endeavor. Technical equipment is expensive, and technology is rapidly changing. The cyber crook is likely to have up to date technology and law enforcement needs to keep pace with him. Funding for personnel is critical. Training an officer is costly. According to the Director of the North Texas Regional Computer Forensics Lab, it costs almost $35,000 to train one of their computer forensics examiners. And once officers are trained, retention becomes a problem as technically trained law enforcement officers are few and far between and often have offers to work at high-paying private sector jobs. The computer crime point of contact list mentioned earlier can be a tremendous resource, but only if the state contacts on the list have the resources and support needed to handle computer crime referrals. Simply put, the states need funding for personnel, training, and not just a one-time allotment, but on a recurring basis. Although Congress authorized money for computer crime investigations and forensics programs last year, the provisions went unfunded. The states desperately need this appropriation. Without it, cash strapped agencies will not be able to effectively investigate the computer crimes reported to them.

    In sum, we believe an effective cyber crime strategy should include: new legislation aimed at breaking down jurisdictional barriers to cyber crime investigations; programs designed to foster multi-agency approaches to computer crime investigations and prosecutions; and finally, an increase in resources to law enforcement for use in cyber crime investigations and prosecutions. We are very pleased to see that Congress is concerned about this pressing criminal justice problem and we look forward to working with the Subcommittee in finding solutions to the growing computer crime problem.

    1. David Finklehor, Kimberly J. Mitchell, & Janis Wolak, Online Victimization: A Report on the Nation's Youth (The National Center For Missing and Exploited Children 2000) (June 2000).