Ask the Scholar

Document scope · 1 page
doc
Scholar
Ask about this object, its catalog metadata, its source description, or the page inventory. For page-specific OCR and visual context, open one of the page chats.

Scholar Source Context

Document identity
localId
118567858
label
Computer Crime (1 of 2)
core
doc
dtoType
document
pageCount
1
Source metadata
id
118567858
contentType
document
title
Computer Crime (1 of 2)
identifierLocal
485
collections
Records of the Office of Counsel to the President (Reagan Administration)
John Roberts' Subject Files
imageCount
1
hasImages
yes
source
import
hasTranscription
no
Source extras
naId
118567858
coverageEndDate
logicalDate
1986-12-31
year
1986
coverageStartDate
logicalDate
1982-01-01
year
1982
levelOfDescription
fileUnit
recordType
description
ocrSource
nara-archive
Single page context
seq
1
pageIndex
0
type
document
mediaId
0d92a870e6c6f2a9
ocrText
Ronald Reagan Presidential Library Digital Library Collections This is a PDF of a folder from our textual collections. Collection: Roberts, John G.: Files Folder Title: Computer Crime (1 of 2) Box: 11 To see more digitized collections visit: https://reaganlibrary.gov/archives/digital-library To see all Ronald Reagan Presidential Library inventories visit: https://reaganlibrary.gov/document-collection Contact a reference archivist at: [email protected] Citation Guidelines: https://reaganlibrary.gov/citing National Archives Catalogue: https://catalog.archives.gov/ THE WHITE HOUSE WASHINGTON October 14, 1983 MEMORANDUM FOR FRED F. FIELDING FROM: JOHN G. ROBERTS SUBJECT: Testimony of Floyd Clarke on Computer Crime - October 17, 1983 We have been provided with a copy of the testimony that FBI Deputy Assistant Director Floyd Clarke proposes to deliver on Monday before the House Subcommittee on Transportation, Aviation and Materials. The testimony concerns computer related crime. Clarke makes clear that the FBI does not have accurate statistics on computer related crime, since the Bureau does not break down crimes according to whether computers were involved. He reviews several recent FBI investigations into computer piracy, and expresses general support for H.R. 3970 and S. 1733, bills designed to improve federal computer crime legislation. The proposed testimony concludes by noting that the computer and communications systems of the FBI would be enhanced by greater security systems. In particular, Clarke urges voice protection measures for the Bureau's radio system. The Administration has asked Congress for funds for this purpose in the past. I have reviewed the proposed testimony, and have no objections to it. Attachment THE WHITE HOUSE WASHINGTON October 15, 1983 MEMORANDUM FOR BRANDEN BLUM LEGISLATIVE ATTORNEY OFFICE OF MANAGEMENT AND BUDGET FROM: FRED F. FIELDING Orig. signed by FFF COUNSEL TO THE PRESIDENT SUBJECT: Testimony of Floyd Clarke on Computer Crime - October 17, 1983 Counsel's Office has reviewed the above-referenced testimony, and finds no objection to it from a legal perspective. FFF: JGR:aea 10/14/83 CC: FFFielding JGRoberts Subj Chron THE WHITE HOUSE WASHINGTON October 15, 1983 MEMORANDUM FOR BRANDEN BLUM LEGISLATIVE ATTORNEY OFFICE OF MANAGEMENT AND BUDGET FROM: FRED F. FIELDING COUNSEL TO THE PRESIDENT SUBJECT: Testimony of Floyd Clarke on Computer Crime - October 17, 1983 Counsel's Office has reviewed the above-referenced testimony, and finds no objection to it from a legal perspective. FFF: JGR:aea 10/14/83 CC: FFFielding JGRoberts Subj Chron ID # CU WHITE HOUSE CORRESPONDENCE TRACKING WORKSHEET O OUTGOING H INTERNAL I INCOMING GR Date Correspondence Received (YY/MM/DD) / / Name of Correspondent: Branden Burn MI Mail Report User Codes: (A) (B) (C) Subject: Testimony of Floyd Clashe on Transportation, aviation and Materials- October 17, 1983 ROUTE TO: ACTION DISPOSITION Tracking Type Completion Action Date of Date Office/Agency (Staff Name) Code YY/MM/DD Response Code YY/MM/DD CU/Holland ORIGINATOR 83,10,14 / / Referral Note: CUAT18 D 83/10/14 583,10,15 Referral Note: / / / / Referral Note: / / / / Referral Note: / / / / I Referral Note: ACTION CODES: DISPOSITION CODES: A - Appropriate Action I - Info Copy Only/No Action Necessary A Answered C Completed C - Comment/Recommendation R. Direct Reply w/Copy B - Non-Special Referral S Suspended D Draft Response S For Signature F - Furnish Fact Sheet X Interim Reply to be used as Enclosure FOR OUTGOING CORRESPONDENCE: Type of Response = Initials of Signer Code = "A" Completion Date = Date of Outgoing Comments: Keep this worksheet attached to the original incoming letter. Send all routing updates to Central Reference (Room 75, OEOB). Always return completed correspondence record to Central Files. Refer questions about the correspondence tracking system to Central Reference, ext. 2590. 5/81 DRAFT TESTIMONY OF DEPUTY ASSISTANT DIRECTOR FLOYD I. CLARKE CRIMINAL INVESTIGATIVE DIVISION FEDERAL BUREAU OF INVESTIGATION WASHINGTON, D. C. BEFORE THE HOUSE SUBCOMMITTEE ON TRANSPORTATION, AVIATION, AND MATERIALS OCTOBER 17, 1983 Thank you Mr. Chairman for providing me an opportunity to present the FBI's views on the subject of telecommunications, security and- privacy, and to respond to your specific areas of concern. Prior to responding to your specific questions, I would like to point out three things that we in the FBI believe are key to understanding the FBI's perspective on computer related crimes. The first of these issues is that a computer is an instrumentality of some other form of traditional crime, for instance theft or larceny. It is much like a gun, a knife, or a forger's pen. The second issue is of a more academic nature, but nevertheless important in that there does not exist, at this time, one generally recognized and accepted definition as to what computer related crime is. Therefore, we do not have an objective standard to measure the trends of computer related crime. Lastly, in view of the FBI's current structure of management by program, rather than by case, there is no method in place now to observe the statistical dimensions of computer related crime. With that in mind, I would like to discuss the nature, extent, and dimensions of crimes involving computers and communi- cations from the FBI's perspective. As you are aware, there is no one agency at this time that has jurisdiction for computer related crimes and very probably there cannot be because of the wide application of computers. The FBI's jurisdiction in computer related crimes is derived from jurisdiction previously assigned to the FBI by Congress or the Attorney General of the United States in more traditional areas. Generally speaking, the statutes most frequently used by the Department of Justice and the FBI to prosecute and investigate computer related crimes are Fraud by Wire, Interstate Transportation of Stolen Property, Bank Fraud-and Embezzlement, Destruction of Government Property, and Theft of Government Property. However, computer related crimes transcend all the crime categories and jurisdictions, local, state and Federal, again making it difficult to measure trends in this type of crime. Another problem that has been encountered is a reluctancy on the part of some businesses, especially those in the financial community, to report losses attributable to computer related crimes in an attempt to avoid developing an image of fiscal insecurity. Therefore, in the absense of a generally accepted definition of computer related crime, coupled with the lack of a central repository for the statutes on computer related crimes, it would appear the current position in response to your question as to the extent of computer related crime is that no one knows for sure. Since the early 1970's, the FBI has been involved in computer related crime investigations, and with our limited scope to track computer related crime we have noted no dramatic increase in this type of crime. Logic would indicate that with the ever increasing number of computers in use today, there ought to be a corresponding increase in computer related crimes; however, we have no credible documentation to support this sort of conclusion. As to the dimension of computer related crimes, there is a large potential for extremely large losses. Most financial institutions, our government and governments of other countries, utilize computers to facilitate their operations. This creates a potential for abuse by persons who have the necessary knowledge, time and access to the correct hardware or software. In a very short period of time, programs, high technology information, proprietary information or classified information can be taken from a computer without leaving much evidence of the crime. This is to say nothing of wire transfers of large amounts of money between financial institutions. In response to your request for illustrations of computer related crime that the FBI has been involved in, I would like to bring to your attention some specific instances of these type crimes. In 1979, the New York Division of the FBI identified a computer information service company (which is a company that enters, edits, stores, and retrieves information in a text format) that was, without authorization, accessing and modifying records of a similar computer information service in the State of California. The second computer service was the primary competitor to the first and the actions of the first computer service caused an estimated loss of $7.5 million. In 1980, the New York Division again identified a group of children of middle school age who accessed without authorization, over 20 computers from the computer located at their school. The unauthorized accesses by this group in both the United States and Canada not only caused the loss of computer time and disrupted computer services, but caused the destruction of inventory and billing figures of a Canadian firm, which necessitated substantial efforts by that firm to duplicate. In late 1982, our Washington Field Office identified a former employee of the Federal Reserve Bank who was then employed privately as a financial analyst, who attempted to continue to access information in the Federal Reserve Bank's money one file without authorization. Any information he might have obtained from this file would have been useful in the analysis of his client's holdings. Early in 1983, our office in Alexandria, Virginia, identified an individual who without authorization accessed computerized consumer credit information to obtain credit account information on over 80 people. Thereafter he used this information to charge goods including additional computer equipment to the major credit cards of the people whose credit information he had accessed. More recently, a great deal of media coverage has been afforded our efforts in an investigation of a computer related matter in the Mid-West. That matter is currently pending prosecution. These examples are certainly not all inclusive of our efforts in computer related crimes, but they give a broad view of the types of computer related crimes that are presented to the FBI for investigation. We have so far been able to identify and locate the person(s) committing each of the beforementioned crimes. We hope to continue to due SO. We have also had successful prosecutions in all but two of these matters. Prosecution was mitigated in one instance by the age of the subjects, and the other matter is pending prosecution now. We in_ the FBI have not had, to date, any significant problems in prosecution of computer related crime under already existing statutes over which we have jurisdiction, such as the Fraud by Wire Statute. There are currently two bills pending before Congress which would provide Federal computer crime legislation. These bills are HR 3970, introduced by Congressman Bill Nelson of Florida, and S 1733, introduced by Senator Paul Tribble of Virginia. We support both bills in principle. There are currently some 21 states that have specific computer legislation to address computer related crime on a local and state level. Our experience indicates that certain legal issues involving computer related crime could be clarified, particularly the definition of property in the sense of a computer program having its own clearly defined inherent value and the issue of trespass. The most frequently heard defense for simple unauthorized access into someone else's computer is that the individual making the access has no criminal intent, meant no harm, there was no security system and therefore there is no trespass. However, it is fairly commonly held that if an individual without authorization enters the unlocked house of another and rummages through that person's closets with no intent to steal or to do harm that person could still be guilty of trespassing. It is important that a legal clarification be made in this regard. In regard to preventive measures necessary to deal with computer related crime it appears from our experience that this is more of a human problem than a technological one. In most instances where we have been involved in an investigation of computer related crime the crime was perpetrated by someone who had access to the computer and authorization to use it. The crime was facilitated by the access and in most cases the authorization was exceeded or misused. In conclusion, I would like to address the need of law enforcement agencies for computer and communications security and privacy in their own operations. It is a well documented fact that government. law enforcement agency radio communications are monitored by non-law enforcement elements, ranging from the hobbyist, who gains a vicarious thrill from being "in" on law enforcement operations, to the entrepreneur, who listens for profit; the news media or the person who markets lists of government frequencies exhibiting interesting activity, to the criminal who listens to evade law enforcement operations as well as the foreign intelligence operative. These elements monitor our radio circuits to gain information on our operations, through intercept and analysis of our radio traffic; to disrupt operations by learning of our movements in advance and evading or countering them; to identify and associate agents with ongoing operations. In short, we pay a severe penalty due to the vulnerability of our clear text voice radio system used to control our operations. We pay this penalty in terms of personnel overhead. Up to 20% of a surveillant's time may be spent to accomodate the verbal codes, additional surveillance vehicles, and other burdens imposed to protect operations. There are compromised cases, wherein hundreds of hours of effort may be wasted because the subject learned of our operations by monitoring our circuits and successfully evaded apprehension or, forewarned, was able to destroy vital evidence, thus jeopardizing prosecution. There is a hazard to Agents, Agent identity, location or cover, and if compromized, it could place him in a highly dangerous position. Subjects have used intercepted radio transmissions to identify and endanger the life of operatives. To counter the threat, voice protection measures must be applied to our radio system. In our counterintelligence operations, national defense is at stake and full speech "security" is required. In conducting our law enforcement operation; however, a significant deficiency exists in countering the known threat. In this area, speech security is not always warranted, but there is a distinct and pressing need for voice "privacy" on our radio system nationwide. This concludes my prepared remarks Mr. Chairman. I will be happy to address any questions you may have. THE WHITE HOUSE WASHINGTON November 9, 1983 MEMORANDUM FOR FRED F. FIELDING FROM: JOHN G. ROBERTS SUBJECT: Statement of John Keeney Regarding Credit Card and Computer Fraud H.R. 3570 and H.R. 3181 on November 10, 1983 Deputy Assistant Attorney General John Keeney proposes to deliver the attached testimony before the House Judiciary Subcommittee on Crime on November 10. Keeney's testimony discusses two bills, H.R. 3570 and H.R. 3181, which provide penalties for credit and debit card counterfeiting and other related fraud. H.R. 3570 also provides penalties for anyone who "uses a computer with intent to execute a scheme to defraud." The testimony expresses strong support for the portions of both bills dealing with crimes involving credit and debit cards. Like other testimony delivered on behalf of the Administration on this subject, this statement suggests various amendments to the bill to correct problems caused by judicial decisions, such as the fact that illegal use of a credit card number, as opposed to the card itself, is not covered. The testimony also suggests that the provisions dealing with computer fraud be severed from the legislation, so that Justice and other agencies have more time to study possible solutions to the problem. I have reviewed the testimony, and find no objections to it. Attachment THE WHITE HOUSE WASHINGTON November 9, 1983 MEMORANDUM FOR GREGORY JONES LEGISLATIVE ATTORNEY OFFICE OF MANAGEMENT AND BUDGET FROM: FRED F. FIELDING Orig. signed by FFF COUNSEL TO THE PRESIDENT SUBJECT: Statement of John Keeney Regarding Credit Card and Computer Fraud H.R. 3570 and H.R. 3181 on November 10, 1983 Counsel's Office has reviewed the above-referenced testimony, and finds no objection to it from a legal perspective. FFF:JGR:aea 11/9/83 CC: FFFielding/JGRoberts/Subj/Chron THE WHITE HOUSE WASHINGTON November 9, 1983 MEMORANDUM FOR GREGORY JONES LEGISLATIVE ATTORNEY OFFICE OF MANAGEMENT AND BUDGET FROM: FRED F. FIELDING COUNSEL TO THE PRESIDENT SUBJECT: Statement of John Keeney Regarding Credit Card and Computer Fraud H.R. 3570 and H.R. 3181 on November 10, 1983 Counsel's Office has reviewed the above-referenced testimony, and finds no objection to it from a legal perspective. FFF:JGR:aea 11/9/83 CC: FFFielding/JGRoberts/Subj/Chron ID # CU WHITE HOUSE John CORRESPONDENCE TRACKING WORKSHEET O OUTGOING H INTERNAL I : INCOMING Date Correspondence Received (YY/MM/DD) / / Name of Correspondent: grea Jones MI Mail Report User Codes: (A) (B) (C) Subject: Statement of John keeney rc: Credit Card and Computer Fraud H.R. 3570 and H.R. 3181 on November 10, 1983 ROUTE TO: ACTION DISPOSITION Tracking Type Completion Action Date of Date Office/Agency (Staff Name) Code YY/MM/DD Response Code YY/MM/DD WHOLL ORIGINATOR 83,11,04 / / Referral Note: WAT18 D 83,11,04 $ 83,11,09 Referral Note: / / / / - Referral Note: / / / / - - Referral Note: / / / / - Referral Note: ACTION CODES: DISPOSITION CODES: A Appropriate Action I - Info Copy Only/No Action Necessary A Answered C Completed C - Comment/Recommendation R - Direct Reply w/Copy B - Non-Special Referral S Suspended D Draft Response S For Signature F - Furnish Fact Sheet X Interim Reply to be used as Enclosure FOR OUTGOING CORRESPONDENCE: Type of Response = Initials of Signer Code = "A" Completion Date = Date of Outgoing Comments: Keep this worksheet attached to the original incoming letter. Send all routing updates to Central Reference (Room 75, OEOB). A ways return completed correspondence record to Central Files. Reter questions about the correspondence tracking system to Central Reference, ext. 2590. 5/81 DRAFT STATEMENT OF JOHN C. KEENEY DEPUTY ASSISTANT ATTORNEY GENERAL CRIMINAL DIVISION BEFORE THE SUBCOMMITTEE ON CRIME COMMITTEE ON THE JUDICIARY HOUSE OF REPRESENTATIVES CONCERNING CREDIT CARD AND COMPUTER FRAUD H.R. 3570 and H.R. 3181 ON NOVEMBER 10, 1983 Mr. Chairman and Members of the Subcommittee, I am pleased to be here today to present the views of the Department of Justice on two bills, H.R. 3570, the "Counterfeit Access Device and Computer Fraud Act of 1983," and H.R.3181, the "Credit Card Counterfeiting and Fraud Act of 1983." The Department strongly supports in concept the portions of the two bills that deal with various crimes involving credit and debit cards although we will suggest various drafting changes along the way. We can also understand the desire to provide a federal sanction against computer fraud as is done in H.R. 3570, since, to a certain extent, computer fraud and credit and debit card offense are related. Nevertheless, at this juncture, we strongly urge that the two issues be severed and that legislation be processed relating only to credit and debit card crimes. The reason is that, quite frankly, the Department of Justice has not reached a position on the desirability and scope of specific legislation in this area, nor is it clear that there exists sufficient information about the extent and nature of computer crime to formulate such views, although from what we have been able to determine preliminarily, federal legislation may indeed be necessary. In response to a request from the Attorney General, an intradepartmental task force is now actively studying this issue and we hope to have a set of recommendations for the Congress in the relatively near future. That consideration of specific computer crime legislation may be premature at this time is underscored by the action taken by the House in its passage on October 24th of H.R. 3075, "The Small Business Computer Crime - 2 - Prevention Act." As you probably know, Mr. Chairman, that act does not create any new offenses but requires the Small Business Administration to establish a task force to study several aspects of computer crime. Consequently, I will today confine my remarks to credit and debit card crimes, an area which has received a good deal of attention in the Congress, and on which there is a general consensus that new federal statutes are in order. I might also add, Mr. Chairman, that we think the need for legislation in the card area is such that we hope it Will not be delayed pending either the Justice Department's or the Small Business Administra- tion's study of the computer crime problem. Turning then to the question of credit and debit card offenses, I think it would be useful first to describe for the Subcommittee the recent efforts of the Department in attempting to deal with the problems of credit card and debit card counter- feiting and fraud. For more than a year, officials of the Criminal Division and of the Federal Bureau of Investigation have been meeting with bank and bank card industry representatives concerning problems that have developed with the enforcement of the criminal provisions of the Truth in Lending Act, 15 U.S.C. 1644, which covers credit cards, and with the similar criminal provisions in the Electronic Fund Transfers (EFT) Act, 15 U.S.C. 1693n, which covers debit cards. These contacts with the industry have made us very much aware of the dramatic increase in the counterfeiting and the fraudulent use of credit cards. We - 3 - are also familiar with the major increase in EFT activity through a preliminary study done by the Department's Bureau of Justice Statistics in June of 1982, and our conversations with industry representatives. This increase creates the distinct possibility of a sharp upswing in crimes involving EFT systems and their accompanying debit cards. Our concern in this area, however, is not with the high volume, low dollar losses of present or future credit or debit card transactions. The average credit or debit card fraud loss is so small that the crime can generally be prosecuted on a local level where personnel resources are much greater than those available to the federal government. 1 Rather, our concerns have focused primarily on four issues. They are: (1) the lack of current statutory coverage over the burgeoning problem of counterfeiting credit and debit cards; (2) the need to clarify 15 U.S.C. 1644 so as to reach the misuse of another person's card number, in addition to the plastic card 1 To do our part in ensuring that these matters are, in fact, handled by state or local prosecutors, officials in the Department of Justice have worked closely with the state Attorneys General and local District Attorneys through our Executive working Group of Federal, State and Local Prosecutors on a national level, and the Law Enforcement Coordinating Committees on a state and local level. Our contact with our state and local counterparts has convinced us that while some improvements in existing federal laws are needed, there is no need for the massive federal involvement in areas of traditional local concern, such as minor fraud cases, that would result if virtually every credit card crime were made a federal offense, the approach of some early draft bills prepared by the banking and credit card industry. - 4 - itself; 2 (3) the gap in the present credit card fraud provisions in the Truth in Lending Act which has been construed not to reach transactions in which a credit card is originally obtained without fraudulent intent from a card issuer but subsequently transferred to another person with the knowledge that it will De fraudulently used; 3 and (4) the difficulties arising from the current monetary jurisdictional limitation in the Acts which, as presently written, allow a person to use unlawfully one card, accumulate just under $1,000 worth of purchases, discard it, and use another card to do the same thing without committing a federal violation. 2 The Ninth circuit, in United States V. Callihan, 666 F.2d 422 (1982), held that only misuse of a card, not the card number, is prohibited by the statute. By contrast, the Fourth Circuit has held that the fraudulent use of a credit card number is covered by 15 U.S.C. 1644(a). See United States V. Bice-Bey, 701 F.2d 1086, 1091-1092 1983). 3 15 U.S.C. 1644(a) criminalizes the actions of one who "knowingly in a transaction affecting interstate or foreign commerce, uses or attempts or conspires to use any counter- feit, fictitious, altered, forged, lost, stolen or fraudulently obtained credit card to obtain money, goods, services, or anything else of value which within any one-year period has a value aggregating $1,000 of more." (Emphasis added) 15 U.S.C. 1693n (b) (1) tracks this language for debit cards. In United States V. Kasper, 483 F. Supp. 1208 (E.D Pa., 1980), the court held that 15 U.S.C. 1644 (a) did not cover the situation where credit cards were obtained by the original cardholders without the intent to defraud the issuing companies, subsequently sold or given to the defendants with the knowledge of the original cardholders that the defendants would use them to make charges without paying for them, and the cards then reported as lost or stolen. - 5 - In our view, both H.R. 3181 and H.R. 3570 effectively cover the counterfeiting of credit and debit cards, and also contain important provisions prohibiting the sale, transfer, or posses- sion of equipment used in making phony cards. Thus, both bills take a substantial step in dealing with card counterfeiting, the most important offense in this area. However, these bills only partially overcome the problems created by the Kasper case concerning the meaning of the phrase "fraudulently obtained" and the problems created by the Callihan case concerning the existing statutes' lack of coverage of card numbers. We note parenthetically that the two bills do not deal with the "accumulation issue", the gap in the present law whereby a person can purchase just under $1,000 worth of goods with one stolen or lost card, then purchase just under $1,000 worth of goods with a second such card, and continue this activity indefinitely without violating the statute. We do not mean this as criticism of the scope of H.R. 3181 and 3570, for as you know the issue of the fraudulent use of a card number and the accumu- lation issue are dealt with in H.R. 3622, a bill reported by the Banking Committee on October 6th and presently awaiting floor action. Inasmuch as H.R. 3622 does not, however, deal with the issue of the judicial construction of the phrase "fraudulently obtained" in the Kasper case, I would like to explain briefly how the two bills pending here, H.R. 3181 and H.R. 3570, in our view require some modification in order effectively to overcome the - 6 - holding in that case. Both bills add a new section 1029 to title 18. In H.R. 3181, the section would proscribe the knowing production, sale, or transfer of a "fraudulent payment device," while in H.R. 3570, the section would prohibit such production, sale, or transfer of a "fraudulent access device." The two terms are defined virtually identically. 4 However, the actual use of the credit card to obtain goods by the person who purchases the card from, or is given it by, the original holder -- one of the offenses charged in Kasper -- is not covered in either bill. Moreover, neither bill would directly cover a person who obtained a card for no consideration⁵ although it would cover a person who bought the card from its original owner and the original card- holder who sold it or gave it away. These problems may be resolved by minor amendments to H.R. 3181 and H.R. 3570, and we would be pleased to work with the Subcommittee and its staff to accomplish this goal. We also 4 In H.R. 3181, the term "fraudulent payment device" is defined as " (A) any payment device or a representation, depiction, facsimile, aspect or component of a payment device that is counterfeit, fictitious, altered, forged, lost, stolen, incomplete, fraudulently obtained or obtained as part of a scheme to defraud; or (B) any invoice, voucher, sales draft, or other reflection or manifestation of such a device." In H.R. 3570, the term "fraudulent access device" is defined as "any access device or a representation, depiction, facsimile, or component of an access device that is counter- feit, fictitious, altered, forged, lost, stolen, incomplete, fraudulently obtained or obtained as part of a scheme to defraud." 5 The person might be chargeable under 18 U.S.C. 2 as an aider and abettor of the transferror, but this seems a peculiarly oblique method of punishing the conduct. - 7 - suggest that the Subcommittee may wish to review the question of whether to address the issue of clarifying the coverage of the misuse of card numbers, in view of the adequate resolution of this issue in the Banking Committee bill. A final suggestion, Mr. Chairman, is that while we believe it is both important and appropriate to cover card counterfeiting in title 18, we would prefer that the description of the device counterteited or altered be set out by cross-reference to the existing definitional sections of the Truth in Lending and EFT Acts (15 U.S.C. 1602(k) and 15 U.S.C. 1693n(c)). This approach avoids the problem of introducing into the law multiple and confusing definitions of credit and debit devices in two differ- ent titles of the United States Code. In sum, Mr. Chairman, we support the thrust of these bills to the extent that they proscribe debit and credit card counter- feiting in title 18, but suggest that the objects counterfeited be defined by reference to the definitional sections of the Truth in Lending and EFT Acts. The three other problems in the enforcement of those Acts which I have discussed can perhaps best be overcome by amendments to those Acts, as is proposed with respect to two of the three issues in the pending Banking Committee bill. If, however, the Subcommittee decides to attempt to deal in its legislation with the problem caused by the Kasper case whereby a card is not considered "fraudulently obtained" - 8 - unless it was so obtained by the original holder, we think that an amendment is needed to cover the actual use of such a card to obtain goods or services. Mr. Chairman, that concludes my prepared testimony, and I would be pleased to try to answer any questions the Subcommittee may have. THE WHITE HOUSE WASHINGTON November 17, 1983 MEMORANDUM FOR FRED F. FIELDING FROM: JOHN G. ROBERTS Q2R SUBJECT: Statement of John C. Keeney Re: Computer Crime -- H.R. 1092 on November 18, 1983 We have been provided with a copy of the above-referenced testimony, which Deputy Assistant Attorney General Keeney proposes to deliver before the House Judiciary Subcommittee on Civil and Constitutional Rights on November 18. The testimony notes that the Department is still reviewing the question of computer fraud, and that it hopes to submit proposals in the near future. Accordingly, Keeney takes no position on proposals currently pending before the Subcommittee. He does note that computer fraud fits uncomfortably into existing criminal provisions, with gaps caused by requirements such as the need for transmissions to cross state lines to be covered by federal law or the need to consider theft of information the theft of a tangible asset with fixed value. Keeney defers to Commerce on a proposal to fund a grant program to develop new methods of protecting computers, and to Treasury on a proposal to give tax credits to those who purchase computers. He does object to a plan to create an interagency advisory committee on the subject as an overly formal and cumbersome approach. I have no objections. Attachment PUEASE RETURN TO JOIN'S flas. THE WHITE HOUSE WASHINGTON November 17, 1983 MEMORANDUM FOR GREGORY JONES LEGISLATIVE ATTORNEY OFFICE OF MANAGEMENT AND BUDGET FROM: FRED F. FIELDING Orig., signed by FFF COUNSEL TO THE PRESIDENT SUBJECT: Statement of John C. Keeney Re: Computer Crime -- H.R. 1092 on November 18, 1983 Counsel's Office has reviewed the above-referenced testimony, and finds no objection to it from a legal perspective. FFF:JGR:aea 11/17/83 CC: FFFielding/JGRoberts/Subj/Chron THE WHITE HOUSE WASHINGTON November 17, 1983 MEMORANDUM FOR GREGORY JONES LEGISLATIVE ATTORNEY OFFICE OF MANAGEMENT AND BUDGET FROM: FRED F. FIELDING COUNSEL TO THE PRESIDENT SUBJECT: Statement of John C. Keeney Re: Computer Crime -- H.R. 1092 on November 18, 1983 Counsel's Office has reviewed the above-referenced testimony, and finds no objection to it from a legal perspective. FFF:JGR:aea 11/17/83 CC: FFFielding/JGRoberts/Subj/Chron ID #. CU WHITE HOUSE CORRESPONDENCE TRACKING WORKSHEET John o OUTGOING H INTERNAL I INCOMING Date Correspondence Received (YY/MM/DD) / / Name of Correspondent: greg Jones MI Mail Report User Codes: (A) (B) (C) Subject: Statement of John C keeney re: computer Crime H.R. 1092 on November 18, 1983 ROUTE TO: ACTION DISPOSITION Tracking Type Completion Action Date of Date Office/Agency (Staff Name) Code YY/MM/DD Response Code YY/MM/DD WHOLL ORIGINATOR 8311116 / / Referral Note: WATI8 D 83111 1/6 583/11/18 Referral Note: / / / / I Referral Note: / / / / I Referral Note: / / / / Referral Note: ACTION CODES: DISPOSITION CODES: A Appropriate Action 1. Info Copy Only/No Action Necessary A Answered C Completed C - Comment/Recommendation R Direct Reply w/Copy B * Non Special Referral S Suspended D Draft Response S For Signature F Furnish Fact Sheet X Interim Reply to be used as Enclosure FOR OUTGOING CORRESPONDENCE: Type of Response = Initials of Signer Code = "A" Completion Date = Date of Outgoing Comments: Keep this worksheet attached to the original incoming letter. Send all routing updates to Central Reference (Room 75, OEOB). Always return completed correspondence record to Central Files. Refer questions about the correspondence tracking system to Central Reference, ext. 2590. 5/81 DRAFT STATEMENT OF JOHN C. KEENEY DEPUTY ASSISTANT ATTORNEY GENERAL CRIMINAL DIVISION BEFORE THE SUBCOMMITTEE ON CIVIL AND CONSTITUTIONAL RIGHTS COMMITTEE ON THE JUDICIARY HOUSE OF REPRESENTATIVES CONCERNING COMPUTER CRIME - H.R. 1092 ON NOVEMBER 18, 1983 Mr. Chairman and Members of the Subcommittee, it is a pleasure to be here today to help present the views of the Department of Justice in regard to computer fraud and related topics. I would note initially that, as you are no doubt aware. there is currently no sanction available specifically dealing with computer-related crime. Any enforcement action in response to criminal conduct indirectly or directly related to computers must rely upon a statutory restriction dealing with some other offense. This requires the law enforcement officer, initially the agent, and then the prosecutor, to attempt to create a "theory of prosecution" that somehow fits what may be the square peg of computer fraud into the round hole of theft, embezzlement or even the illegal conversion of trade secrets. The crafting of such a theory can be awkward, and the results far from perfect. Even if a theory is devised that apparently covers the illegal acts, it still must be treated as an untested, untried basis of prosecution in the trial court. This could lead to the dismissal of a prosecution, notwithstanding the egregious nature of the crime or the extensiveness of trial preparation, because decades old statutory elements designed to deal with other crimes have been stretched too far to accommodate modern criminality. Mr. Chairman, let me give you some examples of the difficulties that can arise in trying to prosecute computer- related crime under existing statutes. - 2 - Three well known cases, all of which were unreported, present themselves. In the Seidlitz case, a federal wire fraud case tried in Maryland, the owner of a computer company stole confidential software by tapping into the computer system of a previous employer from his remote terminal. Had the defendant not made two of the fifty access calls across state lines, there would have been no basis for federal prosecution. Only a state statute on theft of trade secrets would have remained as a possible recourse. In the Langevin case, another case involving a violation of the federal wire fraud statute in which the defendant eventually pleaded guilty in the District of Columbia, a former employee of the Federal Reserve Board who was then employed privately as a financial analyst was apprehended after he attempted to continue to access information in the Federal Reserve Board's money supply (M-1) file without authorization. Any information he might have obtained would have been extremely useful in analyzing his client's holdings. As in Seidlitz, had the access telephone calls not gone across state lines, we would not have been able to use the wire fraud statute and would have had to prosecute the defendant for theft of government property, i.e. the information. Fixing a value on the information, a necessary element of proof, would have been very difficult. In the Rivkin case, a computer expert fraudulently used a bank's in-house access codes to transfer millions of dollars to accounts he controlled in another bank. As it turned out, the - 3 - defendant was prosecuted in the California state court system. However, the facts of the case point up the potential gaps in the current laws that may be present in any case in which federal prosecution is considered. If the wire communications transfer- ring the funds had all been in the same state there is no apparent theory under which federal prosecution could have been undertaken. Turning to the three bills presently before the Subcommit- tee, all of them attempt to close the potential gaps that exist in the present law that could negate present federal statutes. As you probably know, the Administration is actively reviewing various legislative proposals in this area but at this juncture we have not yet reached a final decision on what type of new legislation we believe is needed. We hope to send a recommenda- tion to the Congress in the near future. In that context, let me give some very preliminary comments on the three bills before you. H.R. 1092 would criminalize a number of acts committed upon, or by means of, various computers. This approach is one which we are carefully considering, along with other concepts not in H.R. 1092 such as a misdemeanor for simple unauthorized access to computers in which there is a particular federal interest. Moreover, if we ultimately support the approach of H.R. 1092 we would probably recommend that it be slightly redrafted to track the present mail and wire fraud statutes, 18 U.S.C. 1341 and 1343, respectively. These statutes have beem interpreted in literally hundreds of cases and the - 4 - adaptation of the same language would ensure that the new statute would cover virtually any type of fraud scheme using the desig- nated computers. As for H.R. 4021, while we are still studying all options, at this point we believe that the approach incorporated in bills such as H.R. 1092 is preferable to creating what is essentially an enhanced penalty section in title 18 for crimes committed with computers. 1 Turning finally to H.R. 4259, the bill has four titles. I would authorize the Secretary of Commerce to make grants to private persons for the purpose of developing new methods of protecting computer systems from unauthorized access and use. While such a program might be beneficial, we would prefer to wait until the Administration is able to take a final position with respect to the need for new legislation in this area to comment on the need for such a program and, in any event, we would defer to the Commerce Department as to the feasibility of a grant program in this area. Title II would create a Federal Interagency Committee on Computer Fraud and Abuse which would be chaired by the Attorney General. The Committee would perform various functions such as compiling and disseminating statistics on computer fraud and 1 While we realize that 18 U.S.C. 924(c) concerning the use of a firearm in a federal crime, on which H.R. 4021 is based, has been interpreted as creating a distinct offense and not as an enhanced penalty provision, H.R. 4021 would still require the proof of all of the elements of some other federal crime and thus would not help in filling potential gaps in the coverage of existing statutes. - 5 - coordinating the development of more secure computer systems for the federal government. It would also make recommendations on improving the security of federal computers and on the need for new legislation. We do not believe that it is necessary to establish the somewhat cumbersome vehicle of a formal interagency committee to accomplish these tasks. While laudatory, they can be carried out by much less formal means of coordination and consultation. For example, I mentioned earlier that the Justice Department is presently studying the need for additional legislation that would criminalize the use of a computer in fraud scheme and a provision making it a crime to access a computer without authority. Before being adopted, any such proposal will be discussed with all other interested agencies in the course of the normal OMB review process. Title III is very similar in substance to H.R. 1092, and my comments on that bill are equally applicable here. As for Title IV, which provides for tax credits for persons who purchase certain home computers, this is a matter on which the Department of Justice would defer to the Treasury Department. Mr. Chairman, that concludes my prepared testimony and I would be happy to attempt to answer any questions that the Subcommittee may have.