Page images
PDF
EPUB

APPENDIX #2

APPENDIX II

Governmental Agencies Sharing Jurisdiction Over Internet Fraud

I. Federal

A. Criminal Jurisdiction

Two federal investigative agencies share jurisdiction over the bulk of traditional frauds committed over the Internet: the Federal Bureau of Investigation ("FBI”) and the United States Secret Service. FBI's Office of Computer Investigations and Infrastructure Protection specializes in investigating high technology crimes such as Internet fraud, theft of computer information, and computer intrusions and impairment. In addition, the FBI established a National Computer Crime Squad in its Washington, D.C. field office that is specifically charged with investigating violations of the Federal Computer Fraud and Abuse Act of 1986. This act also empowered the Secret Service to investigate fraud and related activities concerning computers. Secret Service's Financial Crimes Division is responsible for investigating incidents of Internet fraud, as well as traditional financial crimes that can take place over the Internet, such as money laundering and credit card fraud.

Cases investigated by FBI and Secret Service are prosecuted by the United States Department of Justice ("DOJ"). DOJ's Computer Crime and Intellectual Property Section ("CCIPS") is responsible for implementing DOJ's Computer Crime Initiative, which is a comprehensive program designed to address the growing global computer crime problem. CCIPS attorneys litigate cases, provide litigation support to other prosecutors, train law enforcement personnel; and coordinate international efforts among law enforcement agencies to combat computer crime. In addition, DOJ has a Computer/Telecommunications Coordinator program in each of the ninety-four United States Attorney's Offices, where at least one Assistant United States Attorney serves as an in-house expert for the prosecution of high technology crimes.

The bulk of traditional Internet fraud defrauds the consumer of a low dollar amount, somewhere in the neighborhood of $100 - $500. Cyberfraudsters, of course, make their money by defrauding a high volume of consumers. Nevertheless, because of the low dollar amount of the individual frauds perpetrated, the bulk of federal criminal enforcement does not focus on traditional frauds perpetrated over the Internet. Instead, it focuses on the invasion of electronically maintained databases, also known as “hacking," which will be the subject of our second hearing.

B. Civil Jurisdiction

The primary federal agency exercising civil jurisdiction over Internet fraud is the Federal Trade Commission (“FTC”). FTC is responsible for investigating allegations of consumer fraud and bringing suit to stop fraudulent activities, including those perpetrated over the Internet. For example, FTC successfully froze an estimated $13 million in assets that one company reaped from over 25,000 consumers by promulgating a pyramid scheme over the Internet.

FTC has also coordinated "Surf Days" on which federal, state, and local law enforcement groups "surf the "Net" to identify possibly fraudulent Web sites relating to a specific subject matter, such as health fraud or sweepstakes gimmicks. On "Internet Pyramid Surf Day," for example, law enforcement officials from four federal agencies and seventy state and local agencies located over 500 Web sites offering potentially illegal pyramid schemes. Participants preserved the information found at those sites for possible future law enforcement action. In addition, FTC sent e-mail messages to the operators of each of the sites warning them that their pyramid schemes are illegal, describing the characteristics of illegal pyramids, and providing FTC's home page address to help entrepreneurs and consumers distinguish between illegal pyramids and legal multi-level marketing plans.' FTC plans to revisit the Web sites in the future and take further action if evidence suggests they are illegal operations.

In addition to enforcement activities, FTC also operates a consumer education program to inform consumers about deceptive and fraudulent practices. FTC administers this program through regular publications as well as through its Web site, <http://www.ftc.gov>.

Another federal agency that has done an exemplary job in proactively combating Internet fraud is the Securities and Exchange Commission (“SEC”). SEC has jurisdiction over fraudulent investment activities on the Internet. Recently, SEC began an Internet enforcement program under its Division of Enforcement to search the Internet for fraudulent investment opportunities. For example, in 1996 the SEC filed several civil actions against companies soliciting unregistered securities or fraudulent off-shore investments over the Internet. SEC actions have resulted in injunctions against the fraudulent activity, freezing of defendants' assets, and levying of monetary penalties against defendants. SEC operates a Web site, <http://www.sec.gov>, that consumers can access to learn more about securities fraud on the

Internet.

II. State

Each state has an office of the attorney general with the power to investigate and prosecute the use of the Internet to commit or facilitate fraud. As the state's chief legal officers, attorneys general can bring both civil and criminal actions against those accused of perpetrating fraud on the Internet. For example, state attorneys general have filed numerous civil Internet consumer cases covering fraudulent health care product sales, business opportunities, credit repair, and miscellaneous product and service offerings.' Earlier this year, the Idaho attorney general's investigation of securities fraud over the Internet resulted in the arrest and conviction of the perpetrator."

One obstacle states face in prosecuting online fraud is the absence of physical boundaries on the Internet. Establishing jurisdiction may be difficult because a company located in one state can easily and readily use the Internet to defraud consumers located in another state. Conflict among state laws may further complicate Internet prosecutions by states. In other words, an Internet activity may be legal one state but illegal in another. Such conflicts of laws pose particular problems with the use of Web sites, because persons can access them regardless of their location and thus without regard to the law of any particular

state.

Despite these difficulties, states do have one advantage over prosecution by federal agencies: They generally have more flexibility with regard to the dollar value of cases they accept, and thus can prosecute cases of Internet fraud that would otherwise fall through the cracks in the federal system.

[blocks in formation]

Local law enforcement agencies also have jurisdiction to investigate and prosecute Internet fraud. However, local law enforcement agencies often lack sufficient resources, equipment, and specialized training to effectively prosecute these cases. In order to address these problems, some local law enforcement agencies are working with multi-jurisdictional task forces. For example, a High Tech Crime Task Force has been established in California that includes the participation of the California Highway Patrol, California Department of Justice, and local law enforcement agencies from several counties in the Sacramento region to investigate computer and other high technology crimes.' Similar high technology crime units are operating or are being considered in other regions, including Illinois, Massachusetts, Ohio, Michigan, and Pennsylvania."

1. See "Federal-State Surfing Catches a Wave of Potential Internet Scams; Over 500 Pyramid Operations Put on Notice," FTC press release, Dec. 12, 1996.

2. Criminal/Civil Rights Subcomm., Internet Working Group, Nat'l Ass'n of Attorneys Gen., The Internet and Crime: A Report to the Internet Working Group of the National Association of Attorneys General 1 (June 1997) (hereinafter “NAAG Internet and Crime Report")

3. Christine Milliken, Office of the State Attorney General and Cyberspace 9 (1997) (unpublished manuscript, on file with the National Association of Attorneys General).

4. Id. at 12.

5. NAAG Internet and Crime Report, supra n. lat 28.

6. Id. at 28-29.

[merged small][merged small][ocr errors][merged small][merged small][merged small][merged small][merged small]

I recently heard that over one-third of the companies in America monitor their employees' email, computer files and telephone voice mail. While this is not a fraud issue per se, it is a privacy issue with perhaps some dangerous implications. I'd like to get your thoughts, Mr. Pitofsky, on whether you think there should be privacy laws in cyberspace?

Response:

The FTC has been focusing on privacy issues in cyberspace over the past three years because it has become apparent that electronic commerce will not meet its full potential unless consumers' privacy is protected in this new medium. The question is how best to achieve privacy protection.

Our preference has been to encourage self-regulation in the first instance. Accordingly the agency held a number of public workshops to facilitate self-regulation by bringing together industry members, consumer and privacy advocates, and government agencies. Because workplace issues are beyond our primary mission of protecting consumers, the agency has not focused on the issues you pose of monitoring of employees' e-mail, computer files, and telephone voice mail. Our focus has been the privacy protections afforded consumers in general, and children in particular, as they use the Internet to engage in commerce and gather information. In fact, the FTC is currently undertaking a survey of 1,200 World Wide Web sites to assess whether industry self-regulatory efforts have led sites to post privacy policies. The results of this survey will be sent to the Congress in June.

Consumer Education

Question 2:

Mr. Pitofsky, I understand that the FTC has also launched a significant consumer education initiative. Could you describe for me the consumer protection program that you have put in place?

« PreviousContinue »