Here is a letter from the Director of the Secret Service to US Rep. Don Edwards, D-California, in response to questions raised by Edwards' Subcommittee. This copy comes from Computer Professionals for Social Responsibility in Washington, DC. DEPARTMENT OF TREASURY UNITED STATES SECRET SERVICE WASHINGTON, DC 20223 APR 30 1990 The Honorable Don Edwards Chairman Subcommittee on Civil and Constitutional Rights Committee on the Judiciary House of Representatives Washington, D.C. 20515 Dear Mr. Chairman: Thank you for your letter of April 3, 1990, concerning your committee's interest in computer fraud. We welcome the opportunity to discuss this issue with your committee and I hope the following responses adequately answer your questions. Question 1: Please describe the Secret Service's process for investigating computer related crimes under Title 18, United States Code, Section 1030 and any other related statutes. Response: The process by which the Secret Service investigates computer related crimes is similar to the methods we use to investigate other types of criminal investigations. Most of the investigative techniques are the same; surveillances, record checks, witness and suspect interviews, etc. the primary difference is we had to develop resources to assist in the collection and review of computer evidence. To provide our agents with this expertise, the secret service developed a computer fraud investigation course which, as of this date, has trained approximately 150 agents in the proper methods for conducting a computer fraud investigation. Additionally, we established a computer Diagnostics center, staffed with computer professional, to review evidence on computer systems. Referrals of computer related criminal investigations occur in much the same manner as any other case. A victim sustains a loss and reports the crime, or, a computer related crime is discovered during the course of another investigation. In the investigations we do select, it is not our intention to attempt to supplant local or state law enforcement. We provide enforcement in those cases that are interstate or international in nature and for one reason or another are beyond the capability of state and local law enforcement agencies. When computer related crimes are referred by the various affected industries to the local field offices, the Special Agent in Charge (SAIC) determines which cases will be investigated based on a variety of criteria. Each SAIC must consider the economic impact of each case, the prosecutive guidelines of the United States Attorney, and the investigative resources available in the office to investigate the case . In response to the other portion of your question, the other primary statute we use to investigate computer related crimes is Title 18, United States Code, Section 1029 ( Access Device Fraud). This service has primary jurisdiction in those cases which are initiated outside a bank and do not involve organized crime, terrorism, or foreign counterintelligence (traditional responsibilities of the FBI). The term "access device" encompasses credit cards, debit cards, automatic teller machines (ATM) cards, personal identification numbers (PIN's) used to activate ATM machines, credit or debit card account numbers, long distance telephone access codes, computer passwords and logon sequences, and among other things the computer chips in cellular car phones which assign billing. Additionally, this Service has primary jurisdiction in cases involving electronic fund transfers by consumer (individuals) under Title 15, U. S. code, section 169n (Electronic Fund Transfer Act). This could involve any scheme designed to defraud EFT systems used by the public, such as pay by phone systems, home banking, direct deposit, automatic payments, and violations concerning automatic teller machines. If the violations can be construed to be a violation of the banking laws by bank employee, the FBI would have primary jurisdiction. There are many other statutes which have been used to prosecute computer criminals but it is within the purview of the U.S. Attorney to determine which statute will be used to prosecute an individual. Question 2: Has the Secret Service ever monitored any computer bulletin boards or networks? Please describe the procedures for initiating such monitoring, and list those computer bulletin boards or networks monitored by the Secret Service since January 1988. Response: Yes, we have occasionally monitored computer bulletin boards. The monitoring occurred after we received complaints concerning criminal activity on a particular computer bulletin board. The computer bulletin boards were monitored as part of an official investigation and in accordance with the directives of the Electronic Communications Privacy Act of 1986 (Title 18 USC 2510) The procedures used to monitor computer bulletin boards during an official investigation have involved either the use of an informant (under the direct supervision of the investigating agent) or an agent operating in an undercover capacity. In either case, the informant or agent had received authorization from the computer bulletin board's owner/operator to access the system. We do not keep records of the bulletin boards which we have monitored but can provide information concerning a particular board if we are given the name of the board. Question 3: Has the Secret Service or someone acting its direction ever opened an account on a computer bulletin board or network? Please describe the procedures for opening such an account and list those bulletin boards or networks on which such accounts have been opened since January 1988. Response: Yes, the U.S. Secret Service has on many occasions, during the course of a criminal investigation, opened accounts on computer bulletin boards or networks. The procedure for opening an account involves asking the system administrator/operator for permission to access to the system. Generally, the system administrator/operator will grant everyone immediate access to the computer bulletin board but only for lower level of the system. The common "pirate" computer bulletin boards associated with most of computer crimes have many different level in their systems. The first level is generally available to the public and does not contain any information relation to criminal activity. Only after a person has demonstrated unique computer skills, been referred by a known "hacker," or provided stolen long-distance telephone access codes or stolen credit card account information, will the system administrator/operator permit a person to access the higher levels of the bulletin board system which contains the information on the criminal activity. As previously reported in our answer for Question 2, we do not keep records of the computer bulletin boards on which we have established accounts. Question 4: Has the Secret Service os0someone acting under its direction ever created a computer bulletin board or network that was offered to the public? Please describe any such bulletin board or networks. Response: No, the U. S. Secret Service has not created a computer bulletin board nor a network which was offered to members of the public. We have created an undercover bulletin board which was offered to a select number of individuals who had demonstrated an interest in conducting criminal activities. This was done with the guidance of the U.S. Attorney's office and was consistent with the Electronic Communications Privacy Act. Question 5: Has the Secret Service ever collected, reviewed or "downloaded" transmissions or information from any computer network or bulletin board? What procedures does the Secret Service have for obtaining information from computer bulletin boards or networks? Please list the occasions where information has been obtained since January 1988, including the identity of the bulletin boards or networks, the type of information obtained, and how that information was obtained (was it downloaded, for example). Response: Yes, during the course of several investigations, the U. S. Secret Service has "down loaded" information from computer bulletin boards. A review of information gained in this manner (in an undercover capacity after being granted access to the system by it's system administrator) is performed in order to determine whether or not that bulletin board is being used to traffic in unauthorized access codes or to gather other information of a criminal intelligence nature. At all times, our methods are in keeping with the procedures as outlined in the Electronic Communications Privacy Act (ECPA). If a commercial network was suspected of containing information concerning a criminal activity, we would obtain the proper court order to obtain this information in keeping with the ECPA. The U. S. Secret Service does not maintain a record of the bulletin boards we have accessed. Question 6: Does the Secret Service employ, or is it considering employing, any system or program that could automatically review the contents of a computer file, scan the file for key items, phrases or data elements, and flag them or recommend further investigative action? If so, what is the status of any such system. Please describe this system and research being conducted to develop it. Response: The Secret Service has pioneered the concept of a Computer Diagnostic Center (CDC) to facilitate the review and evaluation of electronically stored information. To streamline the tedious task of reviewing thousands of files per investigation, we have gathered both hardware and software tools to assist our search of files for specific information or characteristics. Almost all of these products are commercially developed products and are available to the public. It is conceivable that an artificial intelligence process may someday be developed and have application to this law enforcement function but we are unaware if such a system is being developed. The process of evaluating the information and making recommendations for further investigative action is currently a manual one at our CDC. We process thousands of computer disks annually as well as review evidence contained in other types of storage devices (tapes, hard drives, etc.). We are constantly seeking ways to enhance our investigative mission. The development of high tech resources like the CDC saved investigative manhours and assist in the detection of criminal activity. Again, thank you for your interest. Should you have any further questions, we will be happy to address them. Sincerely, /s/ John R. Simpson, Director cc: Honorable Charles E. Schumer