 You're watching FJTN, the Federal Judicial Television Network. 89 people nationwide were charged yesterday in connection with an internet-based child pornography ring. Known as Operation Candy Man, this 14-month FBI investigation expects 50 more arrests, and later this week, even more are coming up. A report quietly issued by the Canadian government last month raises the possibility of cyber attacks by the Al Qaeda terrorist organization. According to the Canadian study, Bin Laden and his associates have been planning to cyber crime. Welcome to the broadcast. Today's subject is cyber crime and cyber terrorism. Welcome. We're going to do something new with the Special Needs Defenders program today in that we're following up the introduction to cyber crime program, which was launched back in August and September of 2000. So this program assumes that you are somewhat familiar with the introduction to cyber crime bulletin and broadcast, and it also assumes that you're familiar with the Special Needs Defenders close-up on cyber crime and cyber terrorism, which accompanies this broadcast. Our main focus today is going to be on what's been happening in the field since introduction to cyber crime. Now, for the objectives of this program. Basically, they're twofold. We want to update you on federal law enforcement oriented news related to cyber crime and cyber terrorism, and we want to provide guidance on how to assess in-district needs, coordinate resources regarding cyber crime, develop a computer search policy and choose among monitoring and forensic applications, and investigate computer defendants and offenders and develop cyber specific special conditions. Now, the format for the program is basically going to be that we're going to have three panel discussions for each guidance oriented objective. Some panelists will join us here in the studio while others will join us on the telephone. Our overall goal is to engage in a focused discussion and to address your questions, concerns, and comments, and you need to help us do that by faxing them in to 1-800-488-0397. That's 1-800-488-0397. Now, that special needs offenders close-up that I referred to on cyber crime and cyber terrorism highlights several initiatives and provides details on initiatives happening at the federal level regarding cyber crime and cyber terrorism. We want to just touch on a few of those here today. On the legislative side, perhaps the most important initiative has been the USA Patriot Act, which was enacted after September 11. That law touches on cyber crime in several sections. And a few months ago, the FJC broadcast a program on the USA Patriot Act. It doesn't address probation and pretrial services officers or the practices directly, but it's an important piece of legislation to know about because of the direction that it takes cyber crime, the messages that it sends for policy, etc. And we have a short clip from that FJC broadcast to show you now involving a couple of the sections on cyber crime. Let's roll that clip. Several sections seek to update the government's powers concerning modern electronic communications. Similar to Section 219, Section 220 allows for nationwide service of search warrants for electronic surveillance. Section 206 grants roving surveillance authority under the Foreign Intelligence Surveillance Act of 1978. That is, surveillance can follow the person who uses multiple communications devices or locations. And sections 214 and 216 expand the government's powers to gather information through pen registers and trap and trace devices. Pen registers capture phone numbers dialed on outgoing telephone calls and trap and trace devices capture numbers identifying incoming calls. On the executive side, the Department of Justice is also taking several initiatives. A few weeks ago, I had the chance to sit down with Chris Painter, who's the Deputy Chief of the Computer Crime and Intellectual Property Section. I'll never get that one straight. At the Criminal Division, at the Justice Department. Painter was the Assistant U.S. Attorney who prosecuted Kevin Mitnick in the Central District of California. Mitnick is now under federal supervision. He was one of the original cyber punks who was prosecuted at the federal level. And I wanted you to have an opportunity to take a look at that discussion. And you'll note, in that discussion as well, Painter also touches on the USA Patriot Act in addition to a number of other DOJ initiatives. Let's take a look. Chris Painter, welcome to our program on cyber crime and cyber terrorism. Thank you. Let's start by first talking about definitions. And give us, if you would, the definition if there is such a thing of cyber terrorism and contrast that with what has come to be known as cyber crime. Well, I think it's a difficult distinction to make. I think that it's clear that as society and critical information systems and critical information systems that control things like responses for 911, control systems for companies, everyone is relying more and more on computers. And as attacks are launched on those computers, there's a fear that those attacks could also include terrorist attacks on those computers, which would be cyber terrorism. The problem is it's very difficult in the beginning of a case, or even halfway through a case, for law enforcement to make that distinction. It's difficult to determine if the attack is being launched by someone who is state-sponsored, someone who is a cyber terrorist, or someone who is a 14-year-old from Canada. There was a case where a lot of the internet major web portals were taken down by a denial-of-service attack, what's called a denial-of-service attack, and that ended up being, in fact, a 14-year-old in Canada. What we really have to look at in these cases is both what the intent of the party who's doing the conduct is and what the effect of the conduct is. The effect is to really affect major information systems, to take them down, to cause problems, to take down the 911 system, for instance. I think we need to look at that as a cyber terrorist event. When we talk about cyber terrorism, then we are also including, but it's not limited to acts enacted or conducted by state-sponsored or non-state-sponsored international terrorist organizations. Right. It could be practically anything. And I think it's also clear that just like society as a whole is becoming much more computer savvy and has over the last 10 years, that includes the criminal community, the terrorist community. Everyone is using computers to communicate, and certainly I think everyone can start using the same systems and the same knowledge that's out there to attack those systems. What are some of the federal anti-cyber crime and anti-cyber terrorism initiatives that have been initiated recently? Well, there have been a number of changes. First of all, in the legislative arena, it's called the USA Patriot Act was passed back, I think, signed in November of last year. That did a number of things to enhance both the procedural authorities. They're used not just in computer crime cases, but across the board, but particularly how communications occur over the internet. Strengthen law enforcement's ability to do things like trap and traces and wiretaps, et cetera. So that was one element. The other element was to actually strengthen the substantive computer crime law, which is called 18 USC 1030, to provide for a number of things. Enhanced penalties for one, a greater definition of loss so that more of these cases can be investigated and prosecuted. There's a limit for certain kinds of attacks that if it doesn't rise to the level of $5,000 in damage, there's not a federal crime. But now the definition of loss and damage has been expanded. So many more cases, I think, fit within that definition. Also, a provision was added that an attack on a computer system that affects the administration of justice, the national defense, or national security is now prosecutable clearly as a federal crime. So there were those enhancements. That's coupled with a number of things that the Department of Justice has been doing for some time. I work at the computer crime and intellectual property section. It's a group of approximately 40 lawyers growing to 40 lawyers. It's now about 25 lawyers in D.C. that coordinates these cases nationally, does international work, does legislative work, and it covers the waterfront on these cases. One thing that we've done for some time is train in the field at each of the 94 U.S. Attorney's Office at least one what's called computer crime and telecommunications coordinator. One AUSA, one prosecutor who actually understands the technology, understands the law, and understands how to prosecute and investigate these cases. That's been supplemented recently by something, another Department of Justice initiative called the CHIPS Initiative. The CHIPS Initiative in 10 U.S. cities created even enhanced stability. They strengthened that network. And because these are network crimes, we need a network of prosecutors and a network of agents to investigate and prosecute these crimes. So you've got stuff going on at the legislative angle. We've got stuff happening at the operational level. What about other kinds of actions that are occurring at the national executive level? Well, there are a few things. First, at the FBI, there is the National Infrastructure Protection Center. That was created a little while ago, but it focuses on protecting our critical national infrastructure and realizes that a lot of those systems are connected by computers and information technology. They have squads around the United States in the FBI office to deal with this, and it's a multi-agency effort. It's not just the FBI, it's the Secret Service, it's the Department of Defense, and their missions are not just the investigation but the watch and warning effort. Also recently at the White House, there was created something called the Office of Cyber Space Security and of course the Homeland Defense Office. But really talking about the Office of Cyber Space Security, it's a group run by Dick Clark at the White House, and there's also now the vice chair of that group, someone named Howard Schmidt, former Air Force OSI agent, former Microsoft person, but a lot of attention to coordinate these efforts, the outreach efforts, the training efforts, the law enforcement efforts, the watch and warning efforts, all of those things around the national government. Very good. We're running low on time, so I wanted to get to using some of your background as an assistant U.S. attorney and talk about some of the tips if you have any for probation and pre-child services officers with regard to developing special release conditions or things they should do when supervising a cyber-savvy defendant or offender. Well, I think, as with any other defendant, you have to look at the characteristics of the defendant and see what you need to do both to protect society and to rehabilitate the defendant. So with cyber criminals, you have to look at what they did online. Make sure they're using, I mean, you can have conditions from least restrictive, which are to make sure they use their correct name online and don't engage in that kind of fraudulent conduct, to much more restrictive, where if they're a cyber hacker, you may well want to prevent them from having access to any computer's computer equipment, computer-related jobs that forbid them from being engaged in those for some period of time, access to cellular telephones that they might be able to use to dial into computers. There are a host and a range of conditions that you can look at and you should very carefully evaluate the range of conditions prior to sentencing. So it's really important for the officer at the sentencing and to make sure that they are clear on the offense conduct and the offenders' history of using computers and connected devices as they think about developing cyber-specific special conditions and working, therefore, with the court and then with the supervision officer. I mean, certainly when an offender is a recidivist or has shown that they will continue to go back and do this, even if prohibited from doing it in the past, there's a very, very important reason to protect society from that kind of conduct, especially given how interconnected we are these days. So you really need to make sure those conditions protect society. And of course, you want to talk about, you want to make sure that the offender is not tempted to engage in illegal conduct again. Very good. I would say one other thing. I would couple that also with an ability of the probation officer or the pretrial service officer to make sure those conditions actually are enforced. And that's a little more difficult in this area. I guess both enforced and enforceable. Correct. I mean, it's a little more difficult because when you're dealing with cyberspace, the probation officer can't necessarily watch everything that happens. You can monitor someone's Internet activity if they're allowed to have it, but it's very easy to go to Internet cafe to go to some other venue. And it poses a real challenge. So I guess it would require a combination of both technical monitoring and sort of using traditional supervision tools. I think that's right. And I also think it means, as a practical matter, the probation and pretrial services officers need to become familiar and cognizant of the technology. It's out there and how it can be used. Very good. Are there things that CCPS? CCPS, as we call it. Can do. One of the many government acronyms. The Computer Crime and Intellectual Property Section can do in terms of training or providing technical assistance to officers. Well, we do a number of training efforts around the country with AUSAs, with agents, with members of the public and outreach. Certainly, we can continue those efforts with officers if that's acceptable. We certainly are willing to do that. There are also a number of publications we have. The most important one, I think, is to go to our website, which is www.cybercrime.gov. It's fairly catchy for a government website. That has, among other things, a manual on searching and season computers, recent cases and press releases and indictments, et cetera, from recent cases, and a host of other training material that's available. So certainly check that out, but we are happy to provide that kind of training. Great. Chris Painter, thanks very much for being with us today. You're quite welcome. Chris Painter mentioned the website for the Computer Crime and Intellectual Property Section. I certainly wanted to commend that to you. That, again, is www.cybercrime.gov. It's a site that I've used in helping to put together this program. And in fact, on that site is an article written by Painter on cyber-specific special conditions for probation, so I would commend that article to you as well. As for the judiciary, several initiatives are occurring. The AO Office of Probation and Pre-Trial Services has distributed to all chiefs several CDs and a videotape on computer crime or cybercrime. So you want to check that out. Also, the AO was represented on the planning committee for this program, both the Office of General Counsel and the Office of Probation and Pre-Trial Services have participated throughout the planning process for this special needs offenders program. Finally, the federal courts of appeals are beginning to grapple with cases involving cyber-specific special conditions. Several of those cases are detailed in the close-up, and I wanted to just reiterate the importance of those cases now. They're starting to bubble up from the districts, so take note of those as well if you need details, check out the close-up. And that basically brings us up to date on where things stand now at the federal level. We're going to be back in a minute for the first panel discussion, but before we get to that, we wanted to give you this word from Orange County, California Deputy Probation Officer and cybercrime expert Ed Harrison, and he's going to talk about computers as instruments in crime and the role of the officer. I'm sure when Henry Ford developed his automobile, he never thought that it would be used as a getaway car from a bank robbery. I'm sure when, you know, Bell developed the telephone, he thinks the same way that they are using it, and when folks develop computers, they thought of these wonderful things that would be done with it. There is certainly an element in the population that's criminals because they're criminals, and they're going to take advantage of whatever weaknesses they can, and certainly the computer is just another tool, the way the getaway car is a tool, the way some of these other tools are there. A lot of the same scams and griffs that were going on before are now going on at the internet with this apparent anonymity that occurs with that, and so there's a lot of traditional criminals that have migrated, but then there's also the computer element that's just enticed by the wonders of the computer to be able to do these crimes. It's very awkward for an officer who does not have a background or comprehension of what computers are all about to supervise that, but then that doesn't mean that they can't supervise that person, and it's just ridiculous to think that probation officer could be knowledgeable on all of the different kinds of computers that are out there. There's a myriad of operating systems, there's literally tens of thousands of computer programs out there, you can't know them all, nor should you know them all. We are behaviorists. I mean, we're really looking at how someone behaves. The computer is simply an instrument to the crime. We don't need to understand how to ingest drugs in order to supervise a drug offender. We don't need to be able to operate a firearm to be able to supervise someone who's a weapons dealer, but those are certainly traits that help, but it's more about understanding the personality and knowing how to preserve any computer evidence that you may come across so that someone who is an expert could then make a determination and do a proper inquiry into a possible new crime. Welcome back. In this segment we hope to provide some guidance on how to assess needs and coordinate resources in your district regarding cybercrime, and to do that we have several panelists. Here in the studio we've got Computer Crime Specialist Art Bocher from the Northern District of Ohio. We have Senior U.S. Probation Officer and Cyber Crime Specialist Brian Kelly from the Eastern District of New York and United States Probation Officer Monica Hampton from the District of South Carolina. Welcome all. Monica, this is your second time around having participated on our first introduction to cybercrime programs, so welcome back. We also are joined by several panelists on the telephone, and joining us from the Middle District of Florida is Chief U.S. Probation Officer Elaine Terenzi. We're also joined by United States Pretrial Services Officer Ruben Morales from the District of Arizona. Also, United States Probation Officer Kathleen Hervatitz from the Western District of New York and U.S. Probation Officer Andre Wilson from the District of Columbia. Welcome all. Let's start off with you, Art. And if you could briefly talk to us about the cybercrime initiative that's been going on in your district, tell us how it got started and now where you stand. Well, it started in 1998 with myself and another probation officer, Greg Thompson, who's now in the Southern District of Indiana, going to the Chief at that time, Keith Kenning, and saying we're getting a lot of computer crime cases. We need to start focusing on this area. We put together a proposal to assess needs, develop techniques for supervising offenders, investigating offenders, and equally important, setting up conditions to have imposed in these cases. From that initial start, we focused a lot on the conditions and training, and over the years, Greg left and went to Indiana. I continued with training in about year 2000. I was enrolled in the Leadership Development Program, and because of my interest in the computer crime, I proposed as my Leadership Development Project to have a working group to focus on cybercrime and the new chief, John Pete, agreed that that was a good objective. We put together the working group, brought members from all over the office, from automation, from pre-sentences, supervisors, deputy chiefs, and we started focusing on the issues. And from there, we came up with a manual which was approved within the last week by our supervisors, and we ended up creating a specialist position, which I was lucky enough to get. Congratulations. Thank you. Let me stop you there, and then I want to go out to Ruben Morales in Arizona, but before we do that, just summarize some of the things you said, because you've pointed out some things that we need to focus on. First, your district has undergone a change in chiefs, and you've continued with this initiative throughout that change, so you've experienced a major change in your district, yet been able to continue with this because you've been able to communicate well with the chief and have them buy into this important project. That's correct. Secondly, you talked about the inclusion of automation staff in your committee that you formed as a way of bringing them into the fold and letting them know how they can help. Right. We thought it was important to bring as many people to the table on this issue as possible because it's the old saying, more heads are better than one type philosophy, and they bring expertise that I can't have because I'm focused on the probation end, so they bring a good component to the group. One of the other points you mentioned was that this was a grassroots officer-initiated project at the very beginning, and you've sort of helped bring along the management team, and now you've basically got buy-in from within your district. Yes, yes. Very good. All right, let's go out to Ruben Morales, U.S. Pre-Child Services Officer in Arizona, Ruben. If you could just describe how you got started with your initiative and give us sort of the pre-child services perspective. Thanks, Mark. Our initiative arose as a result of a case we had that involved cyber crime conditions, and at that time, back in 1999, we had no way of enforcing those or imposing those, so our chief approached us, myself and my counterpart in Phoenix, Rodney Rockamore, and said, you guys learn as much as you can and attend as much training as possible, and we set out to start policies and procedures regarding cyber offenders. We're in the process of developing this policy now, and where that sits, it's actually on our chief judge's desk, and we've already proposed it to the chief judge, and we will make a presentation in the next few weeks for his approval of that policy. As I indicated, the chief has, myself and Rodney, to collect as much information on computer crime as possible, and then we started developing some resources with other districts to see what's out there, to see what's available, what other folks were doing, and how they were doing it. That turned us on to several forensic programs, and we have been networking with the other districts throughout the whole process. We developed this approach of monitoring or putting a monitoring program in place, and it's a work in progress. It's still not the final product, but we're still evolving with it. Okay, let me stop you there, Ruben, because again, you've hit on some things that we want to emphasize. First of all, in contrast to the project in Arts District, your project was sort of initiated by your chief. Your chief came to you and to one of your colleagues a little bit more closely, and I think that that's an important distinction. Also, like Arts District, you are taking a more formal approach by proposing policies or developing policies that you're submitting to the management team and to your judges in your district. And you mentioned something that's really important that I think is going to come up a lot over the course of the next hour or so, and that is the importance of networking. You talked about how you networked with other districts in determining what kinds of monitoring and forensic applications were out there. We're going to talk about that a little bit more a bit later on in the program, but those were just some of the things I wanted to emphasize, and the audience will notice that these are going to become familiar themes over the course of the broadcast. I want to now come back into the studio to Monica Hampton and Monica, I'd like you to focus on what's happening in your district. Particularly interesting is what's happening in the task force, your role in that, and then what has occurred as a result of the task force's final report. Well, Mark, as a result of the FTJM broadcast on the intro to cybercrime, I brought to the chief's attention that, you know, look, there's a lot of cases out there. I've been supervising a lot of them. So what he thought the best method was was to let's do an assessment of our district, find out what type of crimes we have out there, to what extent is computer crime, the computer crime problem in our district. So he suggested that I spearhead a committee, we call it the computer task force in our district, and I thought the best methodology would be to include somebody from every component of the system, because like Art here, I thought that the input from different areas, you know, will help out, give you ideas, and make sure that everything is covered, because you want to make sure that, you know, everything is feasible, you know, you want to make sure if there's money there, there's money there. So the district's writers are, you know, getting their input involved in the process as well, because it affects everyone in the system. And so the first task of the task force was to do the assessment. We went out, we had automation to pull records from PACS and to determine, you know, what particular numbers were out there. And the first slew of numbers was over 600, so we had to narrow it down. We narrowed it down to the crimes that we knew were computer crimes or had components of computers being involved in the offense conduct. An important categorization issue there. When we talk about cyber crime or computer crime, often we limit ourselves to just 18 USC section 1030 or sort of the traditional kinds of crimes, but computer crime perhaps is more often traditional types of offenses that involve the use of computers as an instrument, something like what Ed Harrison was referring to and what Chris Payne was referring to in those interviews. That's exactly right. Like counterfeiting, for instance, but we wanted the manufacturers. We didn't want the passers. We wanted the ones that were actually using the computers to commit the offenses. And so we narrowed it down. And the conclusion of the report was there was about 90 true computer crime cases last year being supervised. And as a result of the upward trend of the supervision issues that we had with computer crimes, the chief decided, well, let's go forward. Let's look at developing more strategies to supervise these type of guys. And so that's where we are now. We're developing strategies. We're looking at a computer monitoring program to implement. And we plan to launch that sometime at the end of this year. Very good. Let me stop you there. Yeah. Just to summarize a couple of things you said. First, the importance of background research needs assessment. That's right. And taking a systematic approach. If folks are able to, if folks want to contact you, would you be able to talk to them more about how you did that and maybe even supply them with that report? Exactly. Yeah. I mean, that is something that is so important, made reference to how his project started out in terms of being appointed a computer crime coordinator along with a colleague and how they kept track of what was going on in their district. Again, took a systematic research-based approach before they did anything significant in terms of initiatives regarding supervision and investigation. That's exactly right. And what we've been able to do also is test products like eBlaster, you know, Inspector. We've been actually able to, we've had courtesy cases that we've supervised and that task force were tasked with looking at these different products to see if they work and don't work. Very good. Just a second. I want to go out to Kathleen Hurvatt. It's in New York Western, but before I do that, again, just wanted to emphasize that systematic approach and the importance of buy-in from everybody within the district as you proceed with the program and that these are programs that do not, these are initiatives that do not happen overnight. That's right. They've been happening over a period of years. Kathleen, could you give us a, also a description very briefly of what's been going on in your district and your approach? Sure, Mark. Thank you. Our district initiative arose out of two computer seizures that were done in the year 2000. Our automation unit conducted the exams on those systems, but after consultation with the administrative office and other districts throughout the system, our chief determined that the breast approach would be to appoint an officer to become trained to address cyber crime issues. I was chosen and began consulting with local law enforcement officers to determine the, what our training needs really were. I began participating in training on computer investigations and computer forensics, and after the intro to cyber crime broadcast, I began networking with other federal probation officers throughout the system who already had initiatives that they were involved in. From those officers, I pretty much begged, borrowed, and stole policies, forms, procedures that we've used to incorporate into our own initiatives. Very good. Again, a couple of points you made. First, the initiative, your chief came to you and asked you to look into it. It's very similar to what had happened in Ruben's office. So that's one point to keep in mind, but also this notion of begging, borrowing, and stealing is encouraged within this group. Again, you're talking about a group of people who have been networking with each other in very formal ways to create a community of practice in this area and get up to speed on the latest. And because this is such a dynamic area, that is incredibly important to continue to do. I want to come back in the studio and now turn to Brian Kelly from New York Eastern. Very briefly, if you could just sort of start where you are now and then maybe work backwards to describe how you got there. Great. In the Eastern District of New York, our program is basically a three-year work in progress. And I think any good program is always going to be a work in progress based on new technology and you want to keep the program updated. Right now we have a lot of forms in place. We're formalizing a lot of our procedures, such as the computer internet restriction program, the computer internet monitoring program. I was appointed cybercrime specialist in October 2000. I'm responsible for a majority of the duties that are involved in that, including supervision of all cybercrime cases excluding sex offenders. We've kept that separate, but we do work hand in hand. We also created an in-house working group called the Electronics and Internet Training and Investigations Group. We revamped that to include myself as the chair and officers that will specialize in areas to accelerate the learning process. We also want to get someone from Automation on board as well as some management positions to help consult and get ideas out there. Very good. I think the session of a work in progress is an important one. I mean, we're talking about initiatives that have begun back in 1998, 1999, and worked from there. So here we are in 2002 and we're still getting up to speed, always getting up to speed and networking. Absolutely. Our network with Art, Monica, Kathleen, even planning this broadcast brought a lot of new ideas to the table, a lot of different things are going. You don't have to recreate the wheel in this type of environment. You can beg, borrow, and steal from other officers in other districts. With permission. Absolutely. Right, right. I want to go out to Elaine Torenzi in the Middle District of Florida because we've mentioned several times the importance of automation and automation staff. Elaine, I know that you've worked hard to create an environment where there is collaboration and inclusion of automation staff and that you've created something quite special in your district. And I was hoping you could describe what's been going on in your district, not just in terms of the cyber crime initiative that has been going on, but how you've created that kind of collaborative environment. Well, we were very fortunate from the get-go to have Dan Weiser in the district as a person who really sat on both sides of the fence as a probation officer who also was very savvy, computer savvy himself. He really worked to bridge the gap in a lot of different areas and was, I believe, the first electronic crime specialist in the country in 1999, although we all know that Dan had worked very hard for years prior to that on cyber crime initiatives. We have our systems managers and our systems staff as part of everything that we do. Our systems managers attend their managers' meetings, our systems staff are members of our key policy making committees, our supervision committees, pre-sentence committees. As a court, we have our systems staff meeting from all the agencies throughout the court together on a regular basis, generally four or five times a year, which also exposes into the broader perspective not just a probation and pretrial work, but to the work of the court as well. And I think that the key is collaboration and communication between all members of the staff because it really is a joint process. Excellent. I think it's important also to note that it's important for the management team to set that tone of collaboration and I think you've done that quite well, so I really appreciate your contribution to this particular panel discussion. It's an important one, not just to hear from line officers, but to hear from management and the chief as well, so thank you. We're running out of time, we're going to move to the learning principles that underpin this segment, so let's do that now. To assess and coordinate resources, as we've heard described, you want to start small. You also want to attain the buy-in of your stakeholder. There's your automation staff, your management, your judges, et cetera. You want to keep management a prize and obtain approval if it's an officer-initiated type of project. And you want to use existing successful models. You also want to collaborate and network to create a community of practice, and there are several ways in which officers have been doing that and those are detailed in the close-up. Finally, you want to develop and you want to implement in-house training, education and information are key. I want to thank our panelists, both on the phone here in the studio for getting us started. Don't forget to fax in your questions and comments. Two, one, 800-488-0397, that's 1-800-488-0397. Operators are standing by and if you fax them in early, we can take them up during the broadcast. Otherwise, we'll have some time set aside toward the end to take up those questions and comments. We'll be back with our second panel in a moment, but after this important message about managing technology in the era of cybercrime. Defendants and offenders are increasingly cyber-savvy. To keep up, chiefs must learn to view themselves as technology managers and overcome three challenges. The first challenge is mental. To believe in technology. Consider how pervasive technology is in our lives. Computers and the internet are now as common as the landline telephone and its network. Just as phones and networks are used to commit crimes, so are computers and the internet. Traditional phone systems are used to monitor defendants and offenders. In some districts, computers and the internet serve similar monitoring functions. However, technology is not a panacea for all of the system's ills, but rather a helpful tool in the management of daily operations. That makes the second challenge strategic. How to fully exploit technology instead of using it simply to automate bureaucratic routines. Mobile computing, hand-held devices and networks can greatly enhance productivity and improve services, including supervision of cybercrime defendants and offenders. Finally, there's the challenge of implementation. How to make it all work. For this, managers may need their system staff. And automation professionals see the world quite differently from probation and pretrial services. Developing excellent relationships with system staff and effective management strategies for their continuous development are key ingredients for successfully implementing technology initiatives. Managers who embrace technology develop strategies, exploit its benefits and build collaborative relationships for successful implementation are not only effectively managing technology, they're effectively managing cybercrime defendants and offenders. In this segment, we hope to provide some guidance to districts on developing a computer search policy and choosing among monitoring and forensic applications. Back with us in the studio are US probation officer Brian Kelly and Art Boker, welcome, and joined by United States pretrial services officer, and I better make sure I say senior United States pretrial service officer, Lanny Neuval. Lanny, welcome back. Again, Lanny was with us in our initial program on introduction to cybercrime and he has stuck with us throughout. Lucky guy that he is. All right, we're also joined on the telephone by Sean Brewer, US probation officer from the District of Kansas. Elaine Torenzi is no longer with us, but our panelists are standing by on the telephone. And Sean Brewer in Kansas, I want to start with you. Again, if you could just sort of, we're talking about searches and search policies here. If you could just describe how your district started and where you were when you started and now where things stand in terms of your search policy. All right, thank you, Mark. First of all, what we did is we created a high technology and computer crime team composed of three members and looking over our general search policy that we had based on the model of the guidelines, we decided that we needed something more specific to address computers. So we started doing some research and looked into what other districts were doing, obtained copies of different search policies, consulted with our supervision committee in the district and management prior to drafting. And then we started to implement and draft our policy. We looked into a lot of computer terminology on how to address those specific computer questions and the needs. Once we drafted the policy, we submitted to our management staff and they reviewed it, and the management staff wanted the Office of General Counsel's review of that policy, which time we sent it to the AO, they reviewed the policy, provided an opinion and submitted it back to us. Upon receiving that opinion, we altered our program based on the different comments made, suggestions made, presented that to our management staff and reviewed it, made a few minor modifications and corrections, and we have since implemented that. It is a lot more specific compared to our general search and seizure policy, which is a plain view policy in that it is just geared towards computer crime computer related issues. Okay, let me stop you there. You made several points that we want to highlight. First, you already had a general policy in place, and that's an important thing to keep in mind. And that when you were thinking about a computer search policy, you were keeping in mind the model search and seizure guidelines of the criminal law committee. Important place to start, to be sure. Also, is the importance of the review that it underwent at different levels, both within your district and by the AO Office of General Counsel. The revisions that you made after you received the comments and the opinion of the Office of General Counsel also an important point, and then you went to implementation. Something I wanted to ask you, Sean, that we thought was important when we were talking about the broadcast as we were preparing is what were just some of the major issues that came up as you were drafting the policy? A lot of the major issues were the terminology relating to that and approval process and the forms needed to pertain to custody. Our approval process consists of a supervision officer that supervises a computer savvy offender will, if they see the need to do a search of offender's computer, they would consult with his or her Suspo. At which time that supervising Suspo would then pull in that supervision officer with one of our HAC committee team members and we would provide some opinions as far as if we thought it was needed or required because at this point the only people that would do the search of the computer would be a member of the HAC team. And at that point it cleared and all three thought that it was a good idea we would then submit it through our deputy chief or chief then she would consult with our chief Suspo excuse me, chief probation officer and that was one of the things we wanted to make sure we included was the fact that we had a HAC team member included in that that way that person would be familiar with what was going on and understand what was needed. Again, the importance of a systematic approach practices in place sort of a thoughtful approach to the different levels of approval that are going to be needed. I want to switch now back to the studio to Lanny Neuvel to get the pretrial services perspective Lanny, we actually have our first facts in which you were kind enough to hand me when you came in the studio and you're the lucky guy who's going to get it but before that I want you just to describe what your general approach is in your district because it's different than going out in Kansas. We basically chose an informal approach my chief is not wanting right now to implement a formal policy we've done a lot of networking with other districts and basically have developed procedures that we're following pretty much actually in line with the model search policy we've always kept that in mind even though we aren't implementing a policy we've tried to develop our practices to be in line with that along with that we developed what we're calling our computer restriction and monitoring program which was a two part document that has conditions and rules we put together a training presentation that we have distributed to our judges it's a self running narrow rated power point presentation that discusses legal issues it talks about the actual monitoring program itself and we discussed the use of monitoring software and how we chose the products that we're using right now we've also developed some training that we've been so far delivering to the new officers in the district and we're going to be doing some training I believe at our next district meeting next year to bring the rest of the officers up to speed very good our first facts is from the pretrial services office in the eastern district of Missouri and thank you for getting that to us early because now we get to weave it into this part of the discussion and it's important because it's about the ability of pretrial services officers to conduct searches and the question is this at the pretrial stage we have no authority to conduct searches something you've already referred to with that in mind, what supervision techniques are available to monitor a defendants computer or internet use to assure the safety of the community and be certain that defendants are not continuing illegal activity and in parentheses it says filtering and monitoring devices are likened to a search in response David Adair has held all along even though we don't have a statute or case law authorizing us to participate in searches as long as the search is ordered by the court and it's a condition on the bond that we can conduct a search he's also held again that the monitoring software is considered a type of search as long as we've got the condition in place and we feel that we need to have a condition from the judge imposing the installation of the software also which is part of it so you're going to take your cue from the court and I also think it goes to the informal approach that your district has taken in terms of the policy but the not so informal approach that your district has taken in terms of making sure you've got the practices in place and that you've done the training very good I want to go out now to Kathleen to get another probation perspective Kathleen if you could just describe how you all conduct how you all approach your searches and whether you have a formal policy or an informal policy that kind of thing briefly Mark we do not have a formal computer search and seizure policy we do however have a formal search and seizure policy based on the model search policy and an active seizure enforcement team the supervision officers conduct random computer monitoring in the field as they deem appropriate during the course of standard supervision practices however when reasonable suspicion is present that contraband may exist on the system our search team will conduct a formal search and seizure and the system will be seized and an exam would be conducted within our office very good again I think that this notion of having a general policy in place and an active search and seizure team but not a formal procedure or formal policy for computer search and seizure again it just reflects a different approach and that's one of the things we want the audience to get out of this is that the goals may be the same but the practices and approaches can be different from district to district and just sort of have to be very sensitive to what is tolerable and what will what is what can occur in districts because they have their individual personalities and cultures we've got another couple of faxes in a couple of them that refer to things we've discussed in our first panel but we've got our two of our panelists from that first panel with us the first question is directed to Brian Kelly it's from Maureen Kelsey in the eastern district of Pennsylvania sending this in the question is this Brian why have sex why have the sex offenders who've committed cyber crimes or I guess the computer sex offenders been excluded from your supervision as the cyber crime specialist we had a sex offender unit already in place prior to us starting our cyber crime program based on that and the fact that sex offence in my opinion and I think of anyone that is a sex offender it's a little different approach there's a mental health aspect of it and also the approach that if you take away the sex offender's computer he's still a sex offender he's just happened to use technology to implement his crime it won't take that away from him so based on that we kept it all grouped together in the sex offender group but we work hand in hand between the monitoring and any type of computer based searches so we work directly with them now along with that since we're on the subject of the eastern district of New York talk to us a little bit about your how you approach searches and what you had in place before and how you act now for years the eastern district of New York has had a formal general search policy we have a search enforcement team which I'm a member of we have not and in the near future don't plan to create a computer specific search search policy the reason being is because under the duties of the cyber crime specialist it's my responsibility to be able to handle a computer and conduct the search based on tagging the evidence bring it back and conducting a forensic examination we approach each search on a case by case basis including whether or not a computer is involved and if the computer is involved you're going to keep a lot of things into consideration what type of search you're doing is it going to be an unannounced home visit or is it going to be a full blown out search what type of evidence are you looking for and also different systems you may encounter I want to talk about the kinds of applications that you use and the criteria for using those different applications in a minute but we also got another fax thank you Karen Pace from the district of Utah I want to direct this to art and the question is this what are some of the common obstacles or challenges that need to be addressed prior to program implementation I think you have to find out what your problem is with cyber crime how many cases you have along with that the officers need to understand what cyber crime is what is out there what training through the federal law enforcement training center national white collar crime and get training from there you need to get the parties together management maybe an aftercare specialist if it's a sex offender and get them to understand the special issues involved in cyber crime and if I get them to buy into it and to see we really need to work as a team to address this issue so you need a solid needs assessment the actions that you take need to be based on research you need to get your training take advantage of some of the resources that have been listed in the special needs offenders close up on cyber crime and cyber terrorism and the introduction to cyber crime introduction to cyber crime lists some basic training information whereas the cyber crime and cyber terrorism close up lists some advanced coursework that you can take and finally like you said get the buy in that's right if you do those things any obstacles that are going to be minimized and you're going to be able to overcome them yeah Lenny please yes one population art left out and I know it was inadvertent as the judges we have to get the judges to buy in on this too and there's going to be an educational process involved in that too because a lot of them don't like computers to begin with and they don't understand why we have to do something with them to supervise people talk a little bit about what you've done in your district because you've really sort of in fact you're making a presentation to I think the 5th circuit next week or something well you know I mentioned briefly a few minutes ago what we what I did I took a thankfully graciously my boss gave me the time to do it but it took about 3 weeks and I developed a self running narrated PowerPoint presentation you know I talked about real briefly we distributed on a limited basis that presentation and it's fairly well accepted by the judges and our plan right now is that we're going to distribute on CD to all the judges in the district and possibly even the circuit we're going to be giving it out to the magistrates at least at the circuit conference next week to just bring them up to speed with what's happening the increase then they're already seeing the increase of the cases coming in on their dockets but also some of the complexities of having to supervise these defendants notwithstanding the fact that we need to rely on our traditional supervision methods we now have to implement some special tools to be able to track them trying to ensure that the conditions are followed very good let me stop you there because we're quickly running out of time briefly very briefly I wanted to start with you Art talk about the kinds of commercial applications that you use in conducting your supervision work and particularly the criteria that you use for determining which application to use in a given case well in our district we want to have the monitoring software installed on anyone that we consider to be a computer offender the reason why is it it's easier to have that monitoring software installed than to go out and do a search of a person's computer especially with the size of computers out there it just takes too long and it's too time consuming monitoring provides a way to to watch them I know David Adair says the monitoring is a search I'm glad you touched on it there are there are two programs that we use and a lot of the districts use them E Blaster Inspector E Blaster both of them are installed on the offender's machine but E Blaster once it's installed you don't have to go back out to the offender's machine until you uninstall it it sends reports to you telling you what the person is doing on their computer telling you what websites they're going to key words that pop up specter records screenshots continuously and saves them on the offender's machine I think the argument could be made that E Blaster is more of a consensual wire tap if you were surveillance oriented correct and specter you have to go to the offender's machine turn it on and pull that file on perhaps more intrusive we use those to the monitoring software to provide reasonable suspicion that's the keystone in a search is you got to have the search condition and then you got to have reasonable suspicion before you do the search we have the search condition use the monitoring software to as one component in providing that reasonable suspicion and I think by using these monitoring softwares and the searches we're providing the court with another option other than just taking the offender's machine away and a lot of circuits are saying you can't do that anymore we're about providing the court options we're seeing more and more cases come up from the circuits which are striking down the blanket no internet no computer use especially in cases where you've got a defendant who is a systems administrator or somebody who needs to use a computer in their employment there are several other forensics monitoring applications that we wanted to describe but we're running out of time all of the ones we wanted to describe here including computer cop p3 and several others are described in detail in the cyber crime and cyber terrorism close up so we refer you to that and now we need to get to the learning principles underpinning this segment in developing a search policy you want to first consult the model search and seizure guidelines of the criminal law committee and then you want to consult your opinions and what other districts are doing the goals among districts can be the same but specific practices and policies can vary if you're conducting a computer search you want to do so systematically you don't want to bite off more than you can chew and you want to get training first you want to consult best practices manuals and in choosing among monitoring a forensic applications you want to do so according to the desired result you want to get out of the tool and you want to know what the tools can and cannot do that does it for this segment thanks again to our panelists and to those of you on the telephone with us don't forget to continue faxing your comments and questions it's extremely helpful we'll be back with our final panel in a moment but first here are some messages about conducting computer searches and seizures our guide did a remote preview of the defendants hard drive yeah a 60 gig hard drive it's hard to complete so he calls the vendor and they want to know if he's preserving the hard drive for forensics he says no he just needs a clean system to install the monitoring software so they tell him to install it right on the defendant's hard drive right on the hard drive then he runs a search to pull up all the images as thumbnails and what is he fine? nothing that's good but then he does a text search a text search case related keywords, preteen, gay, sex he finds something he finds files with very questionable titles questionable titles? very deep in the restore directory I have a restore directory yeah me too but the point is our guy finds files made the day before the defendant went to court what happened? everything, our guy calls the AUSA AUSA calls the case agent case agent gets a search warrant computer seized, our guy worries our guy installs the software on the hard drive could have rendered evidence inadmissible oh no especially when the assistant federal defender shows up demanding an explanation oh no 4th and 5th amendment rights could have been violated now the chief's involved our guy explains the court's search condition and the fact that we notify the court and the U.S. attorney of potential violations chief backs him up that's that nope, customs forensics examiner called yesterday found even more images and movies AUSA will probably file additional charges and inadmissibility? not sure so they found the notebook computer it didn't have a power cord and the offender said it was from pre-prison days and never used who was this guy? he liked teen and pre-teen porn he was restricted from having a computer and internet access so the team tagged the computer and brought it back to the office a preview found a lot of deleted porn files what else is new? here's the thing, the offender was unaware of the search yet on the very morning he deleted all of his porn files he didn't know about the search? he must have known about the search they ran an e-mail search several e-mail accounts in the computer slack areas and the offender gave permission to look at them he must have known about the search why else would he delete the files? I'm getting to that one message was from an online file storage and exchange service where they welcomed our offender to their site and gave him a login and password when they looked into that site, guess what they found deleted files yep, uploaded, morning of the search he admitted it, got revoked and an additional 10 months prison with two year supervised release so he didn't know about the search once again welcome back in this segment we hope to provide you with some guidance on how to investigate cyber crime defendants and offenders and develop cyber specific special conditions back in the studio with us are Brian Kelly Art Bocher and Lanny Novel and also remaining on the telephone line are our telephone panelists Brian, let's start with you this time if you could describe how you go about conducting an investigation of a cyber offender and some of the tools that you use and how that works well first and foremost what I try to stress to our officers is that information is the key you want to accumulate as much information on the offender and his computer use and access as possible and there are three basic questions that I stress to officers that they can ask during the initial pre-sentence interview or upon the initial supervision interview and this can be done on both computer offenders and non-computer offenders the first question is one, do you own or have access to a personal computer two, who is your internet service provider assuming that all computers have internet access especially nowadays and three, what is your email address and or screen names from those three basic questions you can get a lot of information and decide whether or not you want to get more detailed from that point on we stress to use the computer internet data form that form I created a short form in our district about two years ago Art and his district went on and expanded it greatly and we've since adopted that form because it was so extensive we've added some things just that we wanted to have but the main form is arts creation we have the officers have the defendants fill out that form and it can be used for information purposes where you can stick it in the file and for future reference or you can use and expand and interview the defendant about why he or she may have certain equipment or have certain levels of access we also have two specific programs in place one is the computer internet restriction program and the second is the computer internet monitoring program we've chose to split those up because you may not want or the judge may not want to have every defendant being monitored but you do if a defendant has been convicted of a cyber crime you do want to have a restriction program in effect and what the restriction program does is it'll have once a general special condition that the offender participate in the program at the officer level we then have an extensive contract with different directives and guidelines for the defendant and you can tailor each contract towards that defendant based on their criminal history the offense conduct, their education and employment needs and also very importantly on case law in your circuit in the second circuit we just had a major decision come down on usb sofsky which now eliminates the ability to the court to order a blanket ban on computer and internet restriction so that caused a lot of problems for us but also stress emphasizes the need for this type of program let me stop you there and I want to get more into the computer restriction internet monitoring programs that we've got going on in the various districts but let's stick to just sort of the investigation tools I want to go out to Andre Wilson in DC but you emphasize something again that we want folks in the audience to take note of and that is the importance of networking collaboration Brian made reference to his work with art and arts district in developing the computer and internet data form that they use in conducting investigation and how they've tailored each for their own needs in their districts Andre Wilson I want to come out to you in the District of Columbia a few blocks away from the FJC and if you could just sort of react to the things that Brian has said and talk about some of the more traditional tools that you use in conducting an investigation as you're conducting supervision and you can also provide us with sort of the supervision officers approach as well as the pre-sentence officers approach Okay, thanks Mark. Basically what we do in the District of Columbia is similar to what Brian outlined in the beginning we try to obtain as much information as possible on if offenders need to use computer internet service providers that accounts screen names and so forth and since in the District of Columbia we normally prohibit home computer use and restrict internet and connected devices used at employers and basically how we do that is use standard field work and observations we go through the homes and do visual surveillance of computers look at the computers and see what type of hardware they have we monitor telephone cell phone and credit card bills because those are the means of how most internet service providers get paid. We also use mail covers by the U.S. inspector service. You see what type of documents are actually coming into the homes and use collateral contact with family members to see how often is the person visiting the local library because that's a place where you can use computers free to leave a long day in the cyber attack phase and so forth so there's plenty of traditional field work techniques that can be used to monitor cyber crime offenders. Excellent. Just to emphasize the importance of those traditional tried and true methods of supervision investigation and that these sort of highfalutin high tech approaches should merely supplement those traditional tried and true methods and there's clearly overlap between the two I wanted to come back into the studio now to Lanny Nuval and focus now on as Brian was talking about these computer restriction and monitoring programs that you all have because they are variations on the theme you guys are all doing it a little bit differently Lanny you've been doing this for quite some time especially in your pre-trial services office how you all approach it we created a four part condition it's one condition with four different parts on it and what the condition does is it separates the administrative sections of how to supervise these guys and what we need from them from what the judge needs to order and we did that because when we started doing this we ended up with a laundry list of conditions and it was difficult to deal with we had to address every one of the conditions that were on the order on our case plan and it was really time consuming we've condensed that now and we patterned it very much after how the electronic monitoring program was put together it was a very good model to use to start from the conditions that we asked the judge to impose are things the way we separated them out was we wanted the judge to make decisions on things that we felt impacted liberties freedoms and constitutional issues so it's you know whether or not they can use a computer whether they can have access to the internet whether a search is going to be allowed and whether the software can be installed and then the rest of what needs to be done is handled in the rules document the defendant signs as an agreement and then it's referenced by the condition and they're bound to that as if it was a condition very good I like your reference to the EM approach because you're using that basically you're using an existing successful model you're not reinventing the wheel and also from an efficiency standpoint this is something that serves your district well very much I wanted to come now to Brian just if you could reiterate how your district approaches it it's a little bit different than the way Lanny does it and the way that ARC does it if you could just elaborate a bit in regards to the internet the computer internet program we again also based it on our existing EM program and basically it's the same process where an offender would be ordered for internet monitoring and he would come in for processing and be processed in the same way he would be processed for EM we do want to stress that like I said before that everyone on the monitoring program should be in the restriction program but not necessarily the other way around all right give us the pre-settings officer's perspective I mean that's where you're coming from here well we want to find out as much information not only about where the offender is at when he comes to us but how did he use an offender in this computer in this particular case and has he used a computer in prior conduct I think those things are important to know and again same questions of does that person need a computer for work education is our family in the house that has to have a computer those types of things and then from there we decide what type of condition would be appropriate either a computer with monitoring and they're allowed internet access or a computer with no internet access or possibly no computer or internet access and another case of where we're borrowing from each district we use pretty much the same form that Laney's referring to as the restrictions that the laundry list of things that you need to help you supervise the case and we borrowed it from them and tweaked it so a lot of networking going on very good I wanted to go out to Ruben Morales in just a moment to talk about courtesy cases switching gears a little bit here because when we were planning this broadcast it came up several times that it's important for us to talk about courtesy cases particularly in situations since this is a national system you've got defendants and offenders going from district to district often times and you've got districts that are at different degrees of sophistication complexity in terms of their understanding of computers and connected devices and networks so Ruben give us an example if you would of a courtesy case that you had to deal with in some of the issues that have arisen one of the cases that comes to mind is a case that came in where the defendant was not only under cybercrime conditions but he was also under mute so we had two different things to consider there the host district was not as sophisticated as we were here in Arizona regarding monitoring the defendant and being able to install software and see what's going on the other factor on this defendant is that he was a UNIX administrator and we seem to be getting a lot of these technical folks that are really really really computer savvy and one of the things that we ran into is that we had to be patient and work with the host district to try and get the conditions modified so that we could allow our software to be installed and our monitoring to take place and that was one of the biggest things is when we are receiving or sending cases that we learn to keep that in mind is that you have to like you said take into account where the other districts are at and where you're at in relation to a cyber crime program or being able to supervise somebody who has these conditions very good thanks I want to now turn again to Lanny also if you could just give us an example of a courtesy case and if you could maybe even react to some of the things that Rubin has said you're both patrol services officers you both deal with this on a regular basis in your districts I think in Rubin hit on it the key to this is communication between the districts it's as easy as picking up the telephone when I'm getting ready to make a recommendation on a case that we've interviewed and I know we live someplace else call them and say this is what we generally do can you guys handle it or not we don't want to ask the judge to impose conditions that the other district cannot implement we have had several cases come in where we had problems we had a man transferring from another district who had traveled from San Antonio to the other district basically to have sex with what he thought was a 13 year old child and what ended up happening was we got a general blanket condition basically saying that the man couldn't use a computer but there was nothing with that condition that authorized us to monitor or gave us any way to even go into the man's house other than just maybe on a supervision visit but we couldn't conduct a search so there's no way to manage it so we contacted them and asked them basically sent them what we use and said can you implement at least part of this to allow us to do it the other important thing that came along with that is that in cases especially when there is a real or perceived victim we think it's very important to take a look geographically where the defendant lives this particular defendant lived within a mile and a half of three elementary schools and a middle school which was right at the target age of who his victim was so we went back also and asked them to impose an electronic monitoring condition because we wanted to limit his access to those victims you know he was in a target rich environment thanks very much we have another fax this time from Terry Smith in the western district of Michigan thank you Terry this is directed toward art here's the question officers in the western district of Michigan are discouraged from doing search and seizure however officers have become affianced in law enforcement officers for law enforcement officers to confront offenders with either consent to search forms or search warrants are there currently special conditions available to mandate that offenders submit to a search of their computer systems by law enforcement officers designated by the probation officer for this purpose reactions I think you could modify the conditions that allow a search to take place by probation officer by inserting the words or law enforcement I personally wouldn't want to do that because you could be cut out of the loop and there was a recent supreme court case not a computer case the night case right and that involved a California state probation officer or county probation right and they had a condition at probation or law enforcement could conduct a search warrantless search there is you could insert it there myself from our district I would not want to do that we could get cut out of the loop but I have seen conditions where probation will direct who they want to do the search you have to be careful also about the stocking horse issue where you're not working for law enforcement on those cases if I could just break in one of the consent to form search forms that we use the wording does include a third party designation just in the case that if for whatever reason due to us not having a full functioning forensic lab that we want to send it out or use a Secret Service or New York City Police Department which do have full functioning forensic labs if we need to do that that's already in place very good I think the messages here Terry handle with Karen Lanny I was going to say I think it's also important and I think this goes back to some case law that I read but I'm not sure which case it was as long as the probation officer maintains control of the search and directs it that issue of the stocking horse to come up and we also are not going to subject ourselves to problems with law enforcement good point I wanted to throw this open also to our telephone panelists do any of you have a reaction to Terry's question Andre or Sean no I was going to touch on what Lanny said is just to make sure that the probation officer actually controls the search and directs the law enforcement officers on what to do Sean any reactions just that we have networked with the local KBI Kansas Bureau of Investigation Shawnee County Sheriff's Office who have computer crime units to maybe provide assistance to us in doing it since they are more qualified and trained than we are but as Art said we would want to make sure that we're in control and that we're not out of the loop per se I think again it's sort of something that you want to be careful to do if you're going to do it as our panelists have pointed out also the question in a more general sense raises that issue of how districts are so individual and sort of have their own approaches to these kinds of things that you need to create a policy that is sensitive to those idiosyncrasies of your district so thank you Terry very much for the question a good one that I think a lot of people wanted to know the answer to we have several minutes left in the program I wanted to go to learning principles for this segment now okay in investigating cyber crime defendants and offenders you want to develop a specific approach to collect information about the defendants or offenders capacity with computers you want to use tried and true investigation methods to identify issues related to computer use and you want to understand the alleged offense conduct by combining information on technical and non-technical capacity in developing cyber specific special conditions they should be efficient and forcible and flexible they have to correspond with circuit precedent so you want to be up to speed on that you've heard it referred to several times here by our panelists and you want to consider other districts technical capabilities especially when we're talking about courtesy cases now that does it for our third and final panel again we have several minutes left in the broadcast in which we hope to take up your further questions comments, concerns, etc keep them coming at 1-800-488-0397 stay with us and in the meantime we're going to take you through some navigation of the federal judicial centers internet site so that you can find out more information on this particular program and on special needs offenders programs generally let's take a look okay if you want to find any program materials related to special needs offenders you can find them on the FJC internet site and to get there from the JNET you would type in jnet.fjc.dcn and hit enter and that will bring you to the federal judicial center internet site on the DCN from there you can just click on FJC broadcast on the FJTN and that brings you to the general FJTN site and you can scroll down for the most recent programs and you will see special needs offenders cyber crime and cyber terrorism for example click on it and this brings you to the program specific page where you can download all related program materials for example you can download the close-up by clicking here and there it is special needs offenders close-up cyber crime and cyber terrorism and to print just click on your print icon and you can download all program related materials from this site if you wanted to find other special needs offenders programs like introduction to cyber crime you would click there and it brings you to the general special needs offenders page where you can find all of the programs and you would click on the link in this case to introduction to cyber crime and again it brings up a program specific page where you can download pretty much all of the program materials including the special needs offenders bulletin for introduction to cyber crime there it is and again you would click on the print icon to print and you'll note that on all of these pages is my contact information here's my telephone number and my email address and you'll find it on the general program information page as well and back to the cyber crime and cyber terrorism page information you can click on the email address and it will give you a method to email me or you can give me a call on the telephone and that's it alright we've got several minutes left in the program and there are a few issues that we touched on earlier that we want to come back to because we didn't have enough time in the individual panel discussions the first one which I know the field is very interested in back to this notion of what kinds of monitoring and forensic applications are out there both on the commercial side and on the non-profit side or the government side what kind of applications are available to use and what criteria do you use to determine which one is appropriate I want to come to Brian Kelly and Brian ask you about echo which is a particular type of application that does certain things and doesn't do certain things echo is by pearl software we're actively using it in the eastern district of New York right now we do also have licenses for specter and eblaster and that our use of specter resulted us in using echo and just to give you a brief background we had specter installed on a sex offender who happened to be a violent offender doing home contacts had become a problem I had accompanied the sex offender officer to the home contact we found out that the offender had located the files, deleted them and then the final home contact resulted in him refusing us access and he ended up being violated from that what we needed at that point to address the officer's safety issue is I was asked to try to locate a remote monitoring application and around the same time as part of the New York electronic crime task was listserv a member had brought up this product the manufacturer of the product came up, demoed it, we did like it there's a few things you need to know about what it does and what you need to have in place what it allows for is two installations, you need to have a dedicated server which is the first installation we were lucky enough to have one right in our office the second installation is the workstation or the offender's computer and it's a small file, small application and nothing is stored on the offender's hard drive other than the application and what it does is in real time every time the offender initiates an internet connection it will shoot out real time data to us breaking down, capturing all email sites visited and you can basically if you wanted to sit there and view his path in real time what it does not capture is offline activity so if that's what you're looking for maybe not the product you might want to use this in conjunction with another product but it is very useful just to reiterate, that means again know what your tools can do and what they can't do and you raise another issue which is understand the capabilities and levels of sophistication you mentioned that one of the defendants who had Spectre on his hard drive was able to circumvent it basically that doesn't say that Spectre is not a good product exactly it just happened so it would be that we address it in need because he's coming back out off the violation and we want something there that we'll know back at our office without having to put perhaps an officer at risk to sit there it does take some time to view the information off Spectre and you're there in the home those are monitoring we've been talking primarily about monitoring types of applications I want to shift this a little bit to talking about forensic applications which are different and Lanny I know that you've had some experience probably with the premier forensic application at least among pre-trial services and probation officers that I've heard about which is NCASE could you talk a little bit about that and how you use it well NCASE is a commercial product but it's also a very good product it basically automates a lot of the processes that are done when we go through training they train us how to do everything in DOS and it's real time consuming NCASE kind of integrates all that into one application and just makes it a lot easier to run things you can go out and restore deleted images from a hard drive you can view internet history you can do text searches and although time consuming depending on the size of the hard drive it brings a lot of the tools together and you can have several searches running at the same time you mentioned the cost of the application and I think that's something it's sort of like the elephant sitting in the middle of the table especially when we're talking about districts with limited resources you don't want to put them all I know you guys would say otherwise but you don't want to put them all with cybercrime initiatives to what degree in your view just in your humble opinion do you think that costs should be a consideration actually what we're doing I don't think it should be a consideration because I think it's very important that we need to keep in mind the end result of what may happen when we conduct a search and that is I think my biggest fear is to go out and conduct a search on somebody's computer change something on the computer find evidence that he's been molesting children actively molesting children and then not be able to have the prosecution do something about it to me the peace of mind with having a valid forensically sand tool available to avoid that possible problem is worth it the product runs a little under $2,000 to actually purchase the software so it is very expensive but compare that with what the damages cause to these children when they're harmed and to me that's worth it about the cost issue I wanted to bring out a point one of the things we brought out was if you try and hire somebody to do this it's very expensive if you buy the software yourself get the training you can do it a lot cheaper so in the long run it can be cost effective as well as some districts want to rely on the FBI Secret Service to do that they're overburdened and they may say the other cases the priorities are different as well it goes back to do we involve law enforcement with this or not Monica I know you had something to say about training as well I agree with Lanny on the cost of the software because our mission is to protect the public and to me that is of paramount importance when you're looking at what tools we need to have in order to supervise these guys because we would not want these guys in our families and when we look at our mission I think that it doesn't matter the price should not matter we need to get the training know what it is that is out there and entail it to the needs of that particular offender Ruben Morales I want to come out to you briefly I've got about 30 seconds left if you could just describe some of the training that you've gone through or that you're heading toward that you think would be of value to other pretrial services officers and probation officers the first thing was the NW3C the basic data recovery class which was in West Virginia that was helpful we also coordinated with our local or state police and we're lucky in Arizona that they're one of the pioneers in the country as far as forensics and what we're going to do now is attend training in Pasadena for in case and we'll be up to speed on that program very good thanks very much we run out of time I wanted to thank our panelists so much both on the telephone and certainly here in the studio for giving us the benefit of your wisdom and knowledge I also wanted to on behalf of the planning committee and the federal judicial center especially acknowledged the contribution of the late Dan Weiser senior United States probation officer and electronic information specialist in the Middle District of Florida Dan passed away recently and he was the authority when it came to cyber crime in the field he was instrumental in helping to develop both this program and the introduction to cyber crime program therefore it's only fitting that this program be dedicated to Dan's memory I wanted of course to thank the audience for faxing your questions and comments concerns and for participating don't forget to complete and submit those evaluations we need to know how we're doing and where we need to improve and then finally I wanted to thank you again for participating and we will see you next time