Baltimore, MD
~ Friday, September 15, 2017
Good morning and thank you to all of you for coming to the
Third Annual Cybercrime Symposium. This
is an event that our Computer Crime and Intellectual Property Section co-hosts
each year and they never fail to put together a great agenda. This year is no exception. We are proud to be partnered with the
University of Maryland’s Francis King Carey School of Law, to whom we owe a
tremendous amount of gratitude for making this event possible. A special thank you to the Dean Tobin for
your welcome as well as Professor Danielle Citron for all of your hard work.
Each year, this symposium provides an opportunity for us to
think critically about a specific topic in cybercrime. It gives us an opportunity to connect with
the larger community about how we fight cybercrime at the Department of
Justice, and engage in a reasoned discussion about some of the hardest issues
we face in protecting public safety in an online world. This annual symposium gives us an opportunity
to ask, what do we need to focus on in cybercrime? Who else has equities affected by efforts to
address the threat? What are their
ideas? What can we do better, more
efficiently, more effectively? How can
we deliver better justice for the American people? These questions are not rhetorical; these
questions are the reason we are here today.
The topic of this year’s symposium, When Cybercrime Turns
Violent and Abusive, has unfortunately become a growth area for our casework
and an area of increased focus for our computer crime team. The terms in this area can be confusing and
some of them overlap, but for today’s purposes we are talking about the entire
gamut - cyberbullying, cyber harassment, cyber threats, cyberstalking,
sextortion, revenge porn, non-consensual pornography, swatting and doxing. We could spend the entire morning trying to
define all of these terms, but I expect the discussions throughout the day will
help us all understand each one better as well as what they have in common and
how they may be different.
We recognize that many of these behaviors really are crimes
against Americans’ cherished right to privacy – and the violations of privacy
that happen through these forms of abuse have a tremendous and lasting harm
upon victims. When a person has their
intimate photos stolen and then is threatened with having them exposed to
friends, family, employers, victims often are humiliated and feel
powerless. In extreme cases they may be
fired from jobs, forced to move or change schools and live in constant fear of
sexual or other physical violence. In
one case, victims of a serial sextortionist were so afraid they would not even
leave their homes alone. One needed to
be escorted whenever she walked outside after dark. Another had to sleep in her mother’s bed
every night – a teenager, afraid to sleep in her own bed. Victims may contemplate suicide as a result
of this terrifying fear. We are not
talking about sensitive people taking offense at something they saw online – we
are talking about targeted attacks designed to hurt people, violate privacy and
do very real damage.
Even though I am sure many of you here recognize and accept
the seriousness of the harms these acts can create, some of you may be
wondering, why are the feds – me, the head of the Criminal Division is here discussing
this topic. Why is the Department of
Justice dedicating a whole day to talking about it? The Internet has changed the landscape of
these crimes significantly.
While it is true that stalking, bullying and harassment have
more commonly been dealt with by local law enforcement or outside the criminal
justice system, the increased use of computers and mobile networks has turned
many such crimes into multi-jurisdictional and even multinational crimes. A criminal in one state can easily disseminate
graphic images and personally identifying information of his victim in another
state to viewers around the world. He
can store the images and information on servers in unfriendly foreign
jurisdictions, using proxy technology to conceal his true location. He can threaten and extort the victim using
end-to-end encrypted communication applications that store little or no
information about subscribers. Without
leaving his home, the perpetrator can commit an elaborate and hard-to-trace
scheme using technology easily accessible to anyone. Worse, someone with no technical
sophistication at all can hire someone to do the harassment for him from a dark
market online.
The Internet has not only complicated these crimes, but it
has magnified them as well. Stalking
need not be from the bushes and harassment goes well beyond a momentary
encounter in the streets. Threats and
intimidation can be piped into victims’ bedrooms at any hour and the Internet
never forgets.
Whether due to greater opportunity or less fear of being
caught, the commission of these types of offenses is increasingly
widespread. A study released in July
2017 by the Pew Research Center found that four in ten Americans have
personally experienced online harassment and 62% consider it to be a major
problem. Nearly 20% of survey
respondents had experienced severe forms of harassment online, including
physical threats, sustained harassment, stalking, or sexual harassment. We have prosecuted cases where one defendant
victimized hundreds of people he had never met from half way around the
world. Put simply, too many of our
friends, family and neighbors are being hurt, and we need to find better ways
to stop it.
The Internet has thrived with no one entity or person
controlling its development – and similarly, no one entity or person can tame
the horrific abuses happening through the Internet. Federal law enforcement has a role to play,
but certainly cannot do this alone. This
is why I am so encouraged by today’s symposium: in addition to our strong law
enforcement presence, we also have many of the brightest academics, policy
advocates, victim advocates, civil attorneys and major technology companies
represented and engaged in these topics today.
For our part, we believe that, as violence and abuse moves
online, experts in conducting online investigations must be there too. The U.S. Department of Justice has exactly
that expertise and so we are uniquely able to help. We are proud of the successes we have had in
fighting these crimes. In recent years,
the Department’s prosecutors around the country have obtained convictions in
numerous hard-fought cyberstalking, sextortion and swatting cases. I will highlight just a few of them.
Last year, federal prosecutors obtained a 57-month sentence
against Michael Ford, a Department of State employee at the London embassy, for
engaging in a widespread, international computer hacking, cyberstalking and
sextortion campaign. Ford’s scheme had many steps, but it is worth explaining
in some detail. He would start by
sending emails to thousands of potential victims pretending to be from his
targets’ email provider. His fake emails
would warn that a victim’s online accounts would be deleted if she or he did
not verify the passwords. If a victim was tricked into sending the passwords,
Ford then hacked e-mail and social media accounts, thousands of them, where he
searched for sexually explicit photographs. Once Ford located private photos,
he continued to search for information about his victims, including their home
and work addresses, school and employment information, and names and contact
information of family members.
Ford then used the stolen photos and information to engage
in an ongoing cyberstalking campaign, demanding additional sexually explicit
material and personal information. Ford e-mailed his victims with their stolen
photos attached and threatened to release those photos if they did not submit
to his demands. When the victims refused to comply, threatened to go to the
police, or begged Ford to leave them alone, Ford responded with additional
threats. For example, Ford wrote in one e-mail “don’t worry, it’s not like I
know where you live,” then sent another e-mail to the victim with her home address. He even described the victim’s home to her,
stating “I like your red fire escape ladder, easy to climb.” He threatened to
post her photographs to an escort website along with her phone number and home
address. Ford followed through with his threats on several occasions, sending
his victims’ sexually explicit photographs to family members and friends. The ability of one individual to terrorize so
many victims and so intimately, is truly horrifying.
Cyberstalking cases can also turn deadly. Last year, federal prosecutors obtained three
life sentences for defendants David Matusiewicz, his mother Lenore Matusiewicz
and his sister Amy Gonzalez, in the first case to allege the federal stalking
statute’s “resulting in death” enhancement.
The defendants engaged in a prolonged campaign to surveil and harass
David Matusiewicz’s ex-wife, Christine Belford, during a bitter child custody
dispute over their three children that began in 2007. The interstate stalking and cyberstalking
conduct took the form of a three-pronged campaign, which used the Internet, the
mail and third parties, to vilify and torment Ms. Belford and her
children. David Matusiewicz and his
family created a webpage called “Grandmother’s Impossible Choice,” which was
dedicated to casting Ms. Belford as a crazed, mentally unstable child
molester. David Matusiewicz and his
family also posted surreptitious videos of Ms. Belford and her children on
YouTube, posted defamatory comments online and bombarded people in Ms.
Belford’s life with emails and written letters repeating these same pernicious
accusations. The Matusiewicz family sent
written letters to the children’s school, Ms. Belford’s neighbors and her
church where she taught Sunday school.
In February 2013, the three defendants, along with David’s father,
Thomas Matusiewicz, traveled to Delaware for a family court hearing where
Thomas tragically shot and killed Ms. Belford, her friend Laura Mulford and
himself, while also injuring two police officers.
Investigating these offenses involving complex electronic
evidence spread around the globe is hard enough. But even when we find and apprehend
perpetrators, prosecution can be challenging.
The offenses we are discussing today come in a variety of types of
conduct carried out by different types of offenders. Fact patterns vary widely. Yet, of the types of criminal conduct that I
have described, only cyberstalking is directly proscribed in a dedicated section
in the federal criminal code. The others
do not have directly controlling federal statutes, although the behavior often
violates more general federal statutes.
For example, while there is no specific “sextortion” offense, such
behavior may implicate the extortion, threats, or – depending on the ages of
the victims – child exploitation statutes.
When the basis for the extortion in the first place is stolen intimate
photos taken from computers, the computer hacking statute comes into play as
well. But fact patterns vary from case
to case and a statute used to charge one case may not fit the facts in another.
Our first panel will discuss some of these challenges to
holding offenders accountable. I am glad
to see it will cover not only federal criminal prosecution, but also include
what other approaches can accomplish, through civil law or maybe by updating
our laws. Some lawmakers have started to
try to find a way to address more specific fact patterns; several bills in the
House of Representatives have been introduced aimed at criminalizing
sextortion, swatting and doxing. I look
forward to the First Amendment panel’s views on how legislation can strike the
right balance in proscribing criminal conduct in this area without unduly
impacting protected free expression.
I am also very excited for our lunchtime keynote address
from Ann Marie Chiarini – a professor at a Maryland community college who found
herself a victim of non-consensual pornography, and who has since then fought
at every level for the rights of all victims.
Her story is truly inspiring and I hope it will help encourage other
victims in their fight.
There is no question that more must be done to stop the
alarming rise of violence and abuse on the Internet, and as I stated earlier,
it will truly take efforts and commitments from a wide variety of stakeholders
– far beyond federal criminal investigators and prosecutors to accomplish this
task. Today we will hear from private
sector victim advocates, scholars, social media companies, privacy advocates
and others with unique experiences and perspectives. We are very excited to hear how others are
innovating to prevent, disrupt and mitigate such abusive activities online.
In particular we will hear from some of our largest Internet
companies about their efforts to protect their users. I was interested to read in the Pew Study I
mentioned earlier that nearly eight in ten Americans believe that online
service providers have a duty to address harassment that occurs on their
platforms. It is clear from the research
and from publicly reported events that both the public’s and many providers’ views
on the proper approaches to hate, abuse and violence on the Internet are
evolving. We are encouraged by social
media companies and others who have committed to enforcing their terms of
service which can lead even to blocking and banning subscribers that use their
services for violent and abusive behavior.
Our final panel today on anonymizing technologies will help
shed a light on some of the darkest places of the Internet, which pose some of
the most serious challenges to law enforcement in combatting violent
cybercrime. We look forward to a
vigorous discussion on the costs and benefits of the anonymizing technology
known as TOR Hidden Services.
I want to conclude by noting that the subject matter of
today’s symposium and the cases I described should be a signal to all that law
enforcement serves an important role in protecting and defending against
invasions of privacy and upholding this value for all Americans.
We are honored to have the opportunity to engage with the
entire community of stakeholders on the topic of violent and abusive cybercrime
today, and thank you all for coming to participate in today’s event.
Posts
No comments:
Post a Comment