III. 1. The Internet as the Medium for Commission of Traditional Frauds 2. 3. Auction sales 2 3 4 5 Damaged, defective, misrepresented, undelivered, or stolen merchandise Misrepresented online business opportunities and franchises 5 5 5 6 6 7 7 7 7 APPENDIX I: State and Federal Criminal Laws Targeting Computer Crime - 2 I. Introduction In the late nineteenth century, French social theorist Gabriel Tarde constructed his "law of insertion," which noted how newer criminal modes are superimposed on older ones through a process of imitative learning and technological innovation.' Thus, for example, the snake oil salesmen who entranced crowds at the vaudeville shows of the nineteenth century paved the way for the telemarketers of the twentieth century, who in turn set the stage for the infomercials of the past decade. Now, as the twenty-first century looms, Tarde's insight is being validated again -- this time in ways Tarde himself scarcely could have imagined.2 Among the 175 countries presently connected to the Internet, the United States has the largest proportion of Internet users. The exact number of such users is subject to some debate, however; it has been estimated to be as high as fifty million3 and as low as 5.8 million.* A more realistic estimate is that 28.8 million persons in the United States age sixteen and over have access to the Internet, 16.4 million use the Internet, 11.5 million use the World Wide Web, and 1.51 million have used the Web to purchase something. The number of subscribers is expected to rise to approximately half a billion worldwide by the year 2000. Internet commerce is predicted to rise correlatively. In 1995, consumers made an estimated quarter of a billion dollars of credit card purchases over the Internet.' In 1996, 2.1 million American households were banking online. By the year 2000, Internet commerce is expected to increase to between $6.6 billion and $7.4 billion.10 This rise in the use of the Internet as a vehicle of commerce and communication has yet another correlative. Because it can be used to transfer text, pictures, and sounds, as well as money, credit card numbers, and personal information, the potential for criminal use of the Internet is infinite." Corresponding to the phenomenal growth of the Internet, the number of security incidents reported to the Computer Emergency Response Team Coordination Center at Carnegie Mellon University12 has increased by 498%, and the number of Web sites affected worldwide has increased by 702%.13 Law enforcement groups are quickly learning that almost any crime that can be committed in the real world can also be committed in the virtual world -- except that by using the Internet, criminals can target more victims faster, cheaper, and with an alarmingly lower chance of apprehension. 14 The first hearing of PSI's Internet fraud investigation will focus on the proliferation of traditional fraudulent schemes now being perpetrated over the Internet. "Fraud” is generally defined as “[a]n intentional perversion of truth for the purpose of inducing another in reliance upon it to part with some valuable thing belonging to him or to surrender a legal right." In the context of the Internet, traditional fraud can be classified into two categories, depending on the role the Internet plays in the crime." First, the Internet may be used as the venue of committing such traditional frauds as pyramid schemes, bogus medical treatments, work-at-home promotions, and sweepstakes scams. In these cases, the type of fraud being committed is not new; rather, it is the use of the Internet as the medium of commission that is new. Second, the Internet may be the instrument used to commit the fraud. In these cases, the computer connected to the Internet is the physical site of - 3 the fraud, or is the source of or reason for the particular form of assets lost. In other words, the fraud is unique to computers and the Internet. The use of such weapons as viruses, logic bombs, and Trojan horses (described infra Sec. IV, p. 11), to commit fraud fits into this category." 16 This memorandum first provides an informational background section on the Internet. It then discusses in greater detail the two categories of traditional Internet fraud outlined above. The memorandum goes on to discuss the aspects of the Internet that make it such an attractive tool for cybercrooks, as well as some of the legal and practical issues that pose obstacles to law enforcement efforts to identify, apprehend, and prosecute online fraudsters. Finally, this memorandum concludes by outlining the goals of our first hearing. The Internet began in 1969 as a Department of Defense initiative to connect itself via computer with military research contractors, including a large number of universities engaged in militaryfunded research. Following the proliferation of university computers during the 1980s, and the establishment of the National Science Foundation's supercomputer centers and corresponding National Science Foundation Network (“NSFNet"), the modern Internet was born. Because, however, NSFNet permitted traffic related only to research and education, independent commercial network services developed for other kinds of traffic."7 In 1989 the Internet reached the mainstream of popular interest with the arrival of the World Wide Web," a subset of the Internet." Before the Web came along, users could access Internet sites through other methods, such as the File Transfer Protocol ("FTP"), Telnet, and Gopher.20 The Web, which is now the most popular means of entering the Internet,11 allows users to access Internet sites by means of a software package called a "browser."22 What makes the Web so appealing is that it enables the display of full-color graphics.23 What makes it so powerful is its hyperlink feature, through which highlighted words enable users to access relevant information on other Internet sites, thereby allowing users quickly and easily to explore numerous "Web sites," which exist only on computers connected to the Web and otherwise have no physical location. This activity is known in the vernacular as "surfing the Web."25 Web sites each have a unique Internet address, known as a Universal Resource Locator ("URL") or “domain name.' "26 URLS end in letters that identify the Web site's resource type. For example, the URL for the United States Senate's Web site is www.senate.gov. In this URL,.gov refers to a government resource. Similarly, a URL ending in .com refers to a private company resource, and .org refers to an organization." A company called Network Solutions, Inc., of Reston, VA, administers the server that distributes new address information to the other root servers worldwide. It also registers the most popular domain names, including ".com" and ".org," for a $100 registration fee for the first two years and $50 per year thereafter. Network Solutions performs these functions pursuant to a contract the National Science Foundation awarded it five years ago. The imminent expiration of this contract at the end of March 1998 has sparked a hotly contested debate over whether Network Solutions' lucrative but efficient monopoly should end in favor of open competition among software firms in assigning domain names.2 28 4 There are other areas of the Internet besides the World Wide Web, including the User Network, or "Usenet." Before the advent of the Web, Usenet was the biggest attraction on the Internet.29 Usenet is a worldwide network of special interest electronic bulletin boards where messages about a subject are posted at a central location for anyone to read and reply.30 Usenet consists of thousands of public discussion groups called "newsgroups." Each newsgroup has a specific topic, such as chemistry, feminism, alternative music, or television shows. Using a computer program called a news-reading program, a user can subscribe to newsgroups, read the articles, and write his own articles. Contributing an article is called "posting." Usenet's audience numbers in the tens of millions, and there are about 15,000 newsgroups." 31 No single entity governs the Internet. The only structure even coming close to resembling a governing body consists of four primary organizations that coordinate the technological management of the Internet.32 Membership in each of these organizations is drawn primarily from the research and technical communities. Aside from providing technical direction, however, these groups pay little if any attention to the content of material found on the Internet or the practices of its users.33 III. The Internet as the Medium for Commission of Traditional Frauds - The Internet and the many commercial online services provide a valuable new information source for consumers, and tremendous opportunities for retailers, who are finding that the Internet is a low cost method to quickly reach millions of potential consumers.34 However, cyberspace has another side: Fraudulent sellers seeking to exploit the virtues of the Internet -- including colors and graphics, anonymity, and mass marketing at low cost to commit the same types of frauds that have been promulgated for generations.35 In the past two years, the attorneys general of Minnesota, Illinois, Missouri, and Massachusetts have brought twenty civil Internet consumer cases covering such issues as health care product sales, business opportunities, credit repair, illegal gaming, and product and service offerings ranging from phony securities and university degrees to miracle drugs.36 In these cases, use of the Internet is not essential for the crime to occur these types of fraud occur frequently without use of the Internet, through the mail, telephone, and print mediums. The use of the Internet, however, facilitates the commission of the fraudulent act by enabling the crook to commit the crime faster, process greater amounts of information, and become more difficult to identify and trace." The Internet also lends an air of legitimacy that may not be available to fraudsters committing traditional fraud. - The National Fraud Information Center (“NFIC”), a project of the non-profit National Consumers League, was first established in 1992 to combat telemarketing fraud. In 1996, NFIC expanded its mission and began collecting consumer complaints about Internet fraud via a toll-free number and a Web site. NFIC is now the primary clearinghouse for consumer complaints about Internet fraud. NFIC relays these complaints to the Federal Trade Commission and the National Association of Attorneys General. During all of 1996, NFIC received a total of 389 complaints regarding Internet fraud.38 During 1997, in contrast, NFIC has received an average of 100 complaints per month dealing with Internet fraud." The ten Internet fraud scams consumers most frequently report to NFIC are:40 - 5 1. Undelivered Internet and online services: One common scam targeting consumers in this area involves attempts to convince victims to pay hundreds or thousands of dollars to get their own Web site, which many Internet service providers give to subscribers at little or no cost." Other scams promise but fail to provide free Internet access with the purchase of software; convince users to pay for a password to access nonexistent pictures; or trick consumers into paying for advertisements that never materialize.^2 44 2. Damaged, defective, misrepresented, undelivered, or stolen merchandise: The types of merchandise being both bought and sold fraudulently over the Internet range from lasers13 to baseball cards." For example, one common promotion is for a "black box" that promises satellite telephone connections at low cost. In reality, such technology has not yet been perfected for consumer telephone communications."" Online retailers are also frequent fraud victims in this category. Overall, electronically purchased goods are significantly more susceptible to fraudulent purchases than physically delivered goods. According to one statistic, 7% of all attempts to purchase goods online are fraudulent." This is due at least in part to the ease with which criminals can establish fictional identities using temporary e-mail accounts they set up by providing Internet service providers with stolen or counterfeit credit card numbers. From these aliases they order goods and request they be delivered to a mail drop or vacant house or, in the case of software, downloaded directly over the Internet. Once the criminal receives the product, he can cause the e-mail address to disappear without a trace. The result: The product is lost and the merchant is stuck with a bad debt, which is then passed on to bona fide consumers. Forty-two percent of all attempted fraudulent online purchases involve attempts to purchase software." This is because criminals can download software directly from the Internet, thereby eliminating the possibility of apprehension upon delivery. No signature is required upon receipt of goods in the virtual world, and no physical address is required for delivery, which is why the risk for online software merchants is appreciably greater. 3. Auction sales: Internet web sites are used to auction all types of merchandise, including antiques, new and used computer equipment, videos, and games. In many cases these items are never delivered or their value is overstated." In one reported case, a consumer was the successful bidder for a computer hard drive and mailed a money order to the vendor. When the consumer received a damaged hard drive and tried to contact the vendor, he found that the vendor's e-mail account had been closed and his phone line had been disconnected." 4. Pyramid schemes attempt to imitate legitimate multilevel marketing or "network marketing" opportunities in that they may appear to offer a legitimate product or service for the victim to sell. Unlike a legitimate multilevel marketing operation, however, a pyramid scheme operates by generating fast cash through the recruitment of new participants into the scheme. Instead of focusing on generating sales and building a downline, the participant's only goal is to recruit.50 The Internet facilitates this type of fraud by allowing the perpetrators to quickly reach millions of potential victims."1 |