Department Of Justice Describes Cyber Dangers, Legal Weaknesses
At the Senate hearings on mobile privacy, the Department of Justice took the opportunity to speak on the current dangers of cybercrime, cyberstalking and the need for increased data retention in a world where more and more consumers carry devices that serve as portals to their personal information, location, and activities.
"We can bank, shop, conduct business, and socialize remotely with our friends and loved ones instantly, almost anywhere. These devices drive new waves of innovation, personal convenience, and professional resources," said Jason Weinsten, the deputy assistant attorney general for the criminal division of the Department of Justice. "They also present increasingly tempting targets for identity thieves, cyberstalkers and other criminals."
Emphasizing that 64 percent of American cell phone users now have smartphones, Weinstein underlined the dangers inherent in the vast amount of information such gadgets can store, and the heightened capabilities of cybercriminals to use digital means to access and steal information from business and consumer networks.
All of these dangers led Weinstein to call for the ability for law enforcement officials to collect the electronic evidence they need to pursue such cases. Currently, inconsistent laws regarding data retention can stymie investigations when Internet Service Providers do not hold onto digital information for long enough.
He described "one heart-wrenching example," where an undercover investigation found a movie online showing the rape of a two-year-old child. The ISP transmitting the video had not kept information about the transmitter. Officials could not rescue the child, or apprehend the criminals involved.
"When a criminal uses a computer to commit crimes, law enforcement may be able, through lawful legal process, to identify the computer or subscriber account based on its IP address," Weinstein said. "This information is essential to identifying offenders, locating fugitives, thwarting cyber intrusions, protecting children from sexual exploitation and neutralizing terrorist threats – but only if the data is still in existence by the time law enforcement gets there."
Weinstein also discussed the rise of "botnets," a code used to infect and remotely control computers, as well as to capture keystrokes and mouseclicks, giving criminals knowledge of passwords, credit card numbers and more. On cell phones, cases like the "Droid Dream" malware attacks saw malicious apps install code designed to steal information from the handsets. Between 2008 and 2010, the U.S. Attorneys' Offices saw about 4,000 identity fraud cases.
But, Weinstein noted, "under current law, communications providers may voluntarily disclose or sell any noncontent data – such as information about a user’s location – for any reason without restriction to anyone other than state, local, and federal government agencies." The Electronic Communications Privacy Act, which regulates how companies can share data, was written at a time when "there was great concern over ensuring the flexible development of the then-nascent Internet industry." But times have changed, and the privacy landscape today is vastly different from the early days of the Internet.
Weinstein also highlighted another major issue regarding smartphone use: cyberstalking.
"One important consequence of the proliferation of mobile devices and services that collect location and other personal information about their users is the risk that stalkers, abusive spouses, and others intent on victimizing the user could use information from their mobile device to determine their whereabouts and activities," he said.
Current cyberstalking laws allow for the prosecution of those cyberstalkers that are in a different state from their victims, even though cyberstalking could take place with both parties on the same street.
"If an abusive spouse uses his spouse’s phone to determine when she visits law enforcement for assistance, or to find where she is when she takes refuge with a friend, this may not violate [the law] as currently drafted because the two live in the same state," Weinstein said.
While the Department of Justice has increased the attention its given to cybercrime, Weinstein's testimony made it clear that the legislation regarding prosecution of cyber-criminals is currently insufficient.