Cybersecurity Concerns of the U.S. Government by Michael Erbschloe - HTML preview

PLEASE NOTE: This is an HTML preview only and some elements such as links or page numbers may be incorrect.
Download the book in PDF, ePub, Kindle for a complete version.

FBI Testimony on Cyber Terrorism 2005

Steven M. Martinez

Deputy Assistant Director, Cyber Division

Federal Bureau of Investigation

Subcommittee on Crime, Terrorism, and Homeland Security Committee on the Judiciary U.S. House of Representatives

Washington, DC

April 21, 2005

 

Good morning Mr. Chairman, Ranking Member Scott, and members of the subcommittee.

 

My name is Steven Martinez, and I am the Deputy Assistant Director of the FBI's Cyber Division. The primary mission of the Cyber Division is to supervise the Bureau's investigation of federal violations in which computer systems, including the Internet, are exploited by terrorists, foreign government intelligence operatives, and criminals. In short, our mission is to protect the American public against a host of significant and potentially deadly high-tech crimes.

 

The uses of technology in our society are innumerable and their value immeasurable. The state of technology has been advancing rapidly over the past twenty years, much of it to the benefit of people living in all corners of the world. Unfortunately, the picture is not always so bright. Technology has also been used to harm people, while offering a particularly effective escape route. In this digital age, crimes can and do occur within seconds without the perpetrator ever getting anywhere physically close to the victim. In such a setting, law enforcement must be equipped with the investigative tools necessary to meet, locate, and incapacitate this growing threat. Law enforcement must be prepared to face sophisticated enemies and criminals who are known to exploit technology because of its ability to keep them far away from the scene of the crime, spread apart even from one another, and who have the ability to delete any digital evidence of their actions at the push of a button.

 

With this background in mind, I want to thank you for the opportunity to appear before you today to discuss certain sections of the USA PATRIOT Act which are scheduled to expire at the end of this year, specifically sections 209, 217, and 220.

 

When Attorney General Gonzales testified before the House Judiciary Committee on April 6, 2005, he shared his firm view that each of the provisions of the USA PATRIOT Act that are scheduled to sunset at the end of this year must be made permanent. Director Mueller provided the FBI's perspective in a hearing before the Senate Judiciary Committee on April 5, 2005, and he too spoke of the crucial need to renew these provisions. Based on my knowledge of the interests, capabilities, and motives of those who, day in and day out, are attempting to do us harm by means of the Internet, I want to express my full agreement about the importance of the PATRIOT Act and the provisions I plan to address today. I believe that the Act's substantial merit can be demonstrated by what we already have experienced as a nation; still, it is equally true that the Act is essential so that we are prepared to confront the ever-evolving threat that no doubt will come.

 

SECTION 209--SEIZURE OF VOICE MAIL WITH A SEARCH WARRANT

 

Going in numerical order, allow me to start with section 209. Section 209 permits law enforcement officers to seize voice mail with a search warrant rather than a surveillance, or Title III, order. Section 209 provides a very good example of how the USA PATRIOT Act simply updated the law to reflect recent technological developments. The drafters of the Act determined that obtaining voicemail stored on a third party's answering system is more similar to obtaining voicemail stored on a home answering machine (which requires a search warrant) than it is to monitoring somebody's telephone calls (which requires a TIII order). In passing this portion of the Act, Congress made the statutory framework technology-neutral. Privacy rights are still well accounted for, since section 209 allows investigators to apply for and receive a court-ordered search warrant to obtain voicemail pursuant to all of the pre-existing standards for the availability of search warrants, including a showing of probable cause. With privacy rights left firmly intact, there is a distinct advantage to the public's safety when law enforcement can obtain evidence in a manner that is quicker than the Title III process.

 

The importance of this provision is best understood in the context of how often terrorists and other criminals rely on technology to relay their plans to each other instead of risking face-to-face in-person meetings. Attorney General Gonzales gave a good sense of the diversity of those who would rely on the simple convenience of leaving voicemail in furtherance of their illegal activities when he pointed out that section 209 has already been relied upon to acquire messages left for domestic terrorists, foreign terrorists, and international drug smugglers.

 

Allowing section 209 to expire would once again lead to different treatment for voicemail messages stored on a third party's system than for the same message stored on a person's home answering machine. Doing so would needlessly hamper law enforcement efforts to investigate crimes.

 

SECTION 217--THE HACKER TRESPASSER EXCEPTION

 

I would like to move next to section 217, the hacker trespasser exception. Like section 209 before it, section 217 also makes the law technology-neutral. Section 217 places cyber-trespassers--those who are breaking into computers--on the same footing as physical intruders. Section 217 allows the victims of computer-hacking crimes voluntarily to request law enforcement assistance in monitoring trespassers on their computers. Just as burglary victims have long been able to invite officers into their homes to catch the thieves, hacking victims can now allow law enforcement officers into their computers to catch cyber-intruders. Think for a moment how odd it would be if a homeowner yelled out to a police officer "Hey, there's a burglar in my house right now, help!", only to have the police respond, "Sorry, I have to apply for a court order first, try not to scare him off." The homeowner would be dumbfounded, and the burglar would be long gone by time the police returned. This, in essence, is what was occurring prior to the PATRIOT Act.

 

It can be said that section 217, in a very significant way, enhances privacy. First, it is carefully crafted to ensure that law enforcement conducts monitoring against trespassers in a manner entirely consistent with protecting the privacy rights of law abiding citizens. Second, the essence of the section-- o help catch hackers--serves a vital function in the FBI's ability to enforce data privacy laws.

 

With respect to the first point, the narrowly crafted scope of this legislation, section 217 preserves the privacy of law-abiding computer users by sharply limiting the circumstances under which the trespasser exception may be used. At its most fundamental level, section 217 requires consent. Law enforcement assistance is by invitation only. The computer crime victim is actually seeking the FBI's help. In addition, a law enforcement officer may not conduct monitoring based solely on the computer owner or operator's consent unless the law enforcement officer is engaged in a lawful investigation; has reason to believe that capturing the communications will be relevant to that investigation; and can ensure that the consensual monitoring will acquire only those communications that are transmitted to or from the hacker. On top of these requirements, section 217 then goes one step further. Based on the definition of a "computer trespasser," section 217 does not allow law enforcement to come to the immediate aid of victims who are being hacked by one or more of their own customers. In those cases the owner or operator of the computer system cannot provide sufficient consent to monitor the trespasser, even if the hacker/customer broke into areas of the computer he has no authority to see (including other customer account information).

 

Still, despite this last limitation, the hacker trespasser exception has been an important tool for law enforcement to obtain evidence based on the consent of the victim, much of which involves protecting people's privacy.

 

A diverse array of real-world examples from our criminal investigations demonstrate that this provision has been significant in order for the FBI to protect the privacy rights of individuals and businesses whose computers are being broken into for the purpose of stealing the personal data stored on their computers. Hackers have no respect for your privacy or mine. When hackers break into a computer network and obtain root access they get to look at, download, and even can make changes to, whatever information is on that network. Hackers can and do routinely steal social security numbers, credit card numbers, and driver's license numbers. Depending on the systems they break into, they can look at health care information and can change it at will. There has been an outpouring of concern from the American public to protect them from identity theft and to ensure that their personal records are secure. Congress has responded with a powerful array of laws that are designed to impose serious consequences on computer hackers. However, if law enforcement does not have the ability to quickly spot and then locate hackers, then the victim toll will mount and only the hackers themselves, remaining anonymous, will be left with privacy. The FBI understands the importance of preventing criminals from stealing and selling our information, and we are resolved to catch those who do. Section 217 is of enormous help in this regard.

 

For example, under this provision, the FBI was able to monitor the communications of an international group of "carders" (individuals that use and trade stolen credit card information). The group used chat rooms and fraudulent websites to commit identity theft, but managed to provide themselves with privacy by using false names to get e-mail accounts. The most important tool in their bid to remain anonymous was their use of a proxy server they broke into and then reconfigured. The identity thieves used the proxy server to disguise where all of their Internet communications were coming from. The owner of the proxy server was himself a victim of the crime, his computer having essentially been hijacked and transformed into the hub of a criminal operation. When he determined that his computer had been hacked he provided the FBI with consent to monitor the intruder and hopefully to catch him. The computer owner's ability to bring in the FBI paid off, not just for him but for the countless other victims of the identity thief. By taking advantage of hacker trespasser monitoring, the FBI gathered leads that resulted in the discovery of the true identity of the subject. The subject was later indicted and is now awaiting trial.

 

Since its enactment, section 217 has played a key role in a variety of hacking cases, including investigations into hackers' attempts to compromise military computer systems. Allowing section 217 to expire at the end of this year would help computer hackers avoid justice and prevent law enforcement from responding quickly to victims who are themselves asking for help.

 

SECTION 220--SEARCH WARRANTS FOR ELECTRONIC EVIDENCE LOCATED IN ANOTHER DISTRICT

 

Lastly, I would like to turn to section 220 of the USA PATRIOT Act. Section 220 enables federal courts--with jurisdiction over an investigation--to issue a search warrant to compel the production of information (such as unopened e-mail) that is stored with a service provider located outside their district. The practical effect of this section is that our FBI Agents are no longer limited to applying for a search warrant solely from the court that sits where the service provider happens to be located.

 

Before discussing this section in depth, I think it is helpful to point out that the borderless nature of Internet crime means that more often than not the victim of a crime, the person who committed the crime, and the evidence of that crime are all located in different parts of the country (or indeed the world). Applying this fact in the context of a search warrant will demonstrate the utility and the necessity of section 220.

 

Prior to the PATRIOT Act, if an investigator wanted to obtain the contents of unopened e-mail from a service provider located in the United States, he or she needed to obtain a warrant from a court physically located in the same federal district as the service provider was located. To accomplish this, the FBI Agent working on the case (this Agent typically would be located where the victim is located) needed to brief another FBI Agent and prosecutor who were located in the ISP's jurisdiction (where the evidence happened to be electronically stored). The second FBI Agent and prosecutor then would appear before their local court to obtain the search warrant. This was a time and labor consuming process. Furthermore, because several of the largest email providers are located in a few districts, such as the Northern District of California and the Eastern District of Virginia, these FBI Agents, Prosecutors, and Judges were faced with a substantial workload dealing with cases in which neither the victim nor the criminal resided, and they had to be brought up to speed about the details of an investigation which, both beforehand and afterwards, they had no need to know.

 

Section 220 fixed this problem. It makes clear, for example, that a judge with jurisdiction over a kidnaping investigation in Pittsburgh can issue a search warrant for e-mail messages that are stored on a server in California. As a result, the investigators in Pennsylvania can ask the judge most familiar with the investigation to issue the warrant rather than having to ask an Assistant United States Attorney in California, who is unfamiliar with the case, to ask a district judge in California, who also is unfamiliar with the case, to issue the warrant. Lest you think this is merely a hypothetical example, it's not. Using section 220, our FBI office in Pittsburgh was able to obtain a warrant for information residing on a computer in California that ultimately led to the rescue of a teenage girl who was being sexually tortured in Virginia while being chained to a wall in somebody's basement. The man who held her hostage is now in prison, serving close to 20 years. The girl's life was saved.

 

Other FBI Field Offices also have repeatedly stated that section 220 has been very beneficial to quickly obtain information required in their investigations. The value of this provision in terrorism cases already has been demonstrated time and again. In his April 6 testimony, Attorney General Gonzales pointed to its important application during investigations into the Portland Terror Cell, the "Virginia Jihad", and the Richard Reid "shoebomber" case.

 

It is imperative that section 220 be renewed. The provision expedites the investigative process and, in doing so, makes it more likely that evidence will still be available to law enforcement after it executes a court-authorized search warrant and obtains further leads; the provision frees up FBI, U.S. Attorney, and judicial personnel to more efficiently pursue other time-sensitive investigative matters; and, section 220 in no way lowers the protections that apply to the government's application for a search warrant.

 

CONCLUSION

 

Mr. Chairman and Members of the Committee, the provisions of the USA Patriot Act I have discussed today have proven significant to a number of our successes and I have every reason to believe that the need to retain these provisions in the future is also significant. By responsibly using the statutes provided by Congress, the FBI has made substantial progress in its ability to enforce the law and protect lives, while at the same time protecting civil liberties. In renewing those provisions scheduled to "sunset" at then end of this year, Congress will ensure that the FBI will continue to have the tools it needs to combat the very real threats to America and our fellow citizens. Thank you for your time today.

Source: https://archives.fbi.gov/archives/news/testimony/computer-provisions-of-the-usa-patriot-act