Please adjust the frame on the left to read the following story to avoid using the stroll bars at the bottom.
	Speech by
	Louis J. Freeh, Director of the FBI
                1997 International Computer Crime Conference
                             New York, New York
                               March 4, 1997
   Thank you Jim. Good morning, ladies and gentleman. It's really a
   pleasure to be up here and to welcome you to the conference, and also
   to tell you what a historic and great opportunity this is for all of
   the varying interests represented here.
   It's appropriate that this conference be held in New York City, which
   is a global city in a global economy. It's appropriate, and we thank
   you, Mr. Moran, on behalf of Chase, for involving private industry,
   both nationally and internationally, in the principles and objectives
   of the conference, as well as our law enforcement friends and
   colleagues from around the United States and around the world.
   I just returned from a very brief trip to the Mideast where I visited
   three countries and spent time with the leaders of all the countries
   involved in the current peace process. We met with Yasser Arafat, the
   Prime Minister of Israel, King Hussein, President Mubarak, and, over
   the course of several days, all of my counterparts, both in law
   enforcement services and security services. And part of our agenda,
   although not the priority part, did in fact deal with some of the
   issues that this conference is going to address--issues like
   technology crimes; law enforcement in the information age; threats to
   infrastructure; threats to national security; the new ways that
   criminals and terrorists have found to achieve their objectives;
   taking advantage of all of the technological changes; the transparency
   of borders; the ability to travel and send information
   These are matters that are relatively mid-way on law enforcement
   security agendas--and appropriately so given the enormous security
   problems and the current crises with which those countries and
   authorities deal.
   It's an obvious point, but one which I think we need to make: in the
   United States also, these critical issues will continue to occupy
   industry and law enforcement, but they are not at this time on the
   front burners for law enforcement or for national security people.
   This should not be surprising. We are not imminently threatened with
   the collapse of infrastructures. We are not seeing intrusions at a
   frequent enough index that people are alarmed about them. Our
   experience in 1993, when we addressed the digital telephony issue of
   how to maintain and continue court-authorized wiretaps in a new
   technological environment, is a good illustration.
   At that time, we could not go to the administration or go to Congress
   and say we're in a crisis--we can't do any more wiretaps. We could
   only tell them with a lot of confidence and good information that if
   we did not solve that problem in 1993, we were certain that in 2003 we
   would not be able to perform court-authorized wiretaps--neither in the
   criminal enforcement area, nor in the national security area.
   Today, this kind of debate continues in Washington and around the
   world on encryption. Again, at this point we can't point to a
   proliferation of examples where encryption, unbreakable encryption,
   has caused the loss of lives or shut down major investigations. But we
   know, with great certainly, that if that problem is not dealt with
   very quickly, the time will come that, as robust encryption
   proliferates without any recovery systems, law enforcement and
   national security will clearly be at risk.
   In a sense, this process really describes the history and the saga of
   law enforcement. In 1933, unarmed FBI agents transporting a prisoner
   were gunned down in a crossfire that became known as the Kansas City
   Massacre. Only then was Congress spurred to enact, within a week after
   that attack, the authority for FBI agents to carry firearms and make
   It took the chance discovery of the Apalachin meeting up in New York
   and subsequent investigations in the mid 60's to demonstrate the
   existence of La Cosa Nostra in the United States--and that spurred
   Congress to authorize court-authorized wiretapping in 1968.
   So we see, over the course of time, how law enforcement strives to
   catch up with technology. And I think that's where we are right now
   with computer crime, with the encryption issues, with the
   telecommunication issues, and with the wireless communication
   issues--all of which need to be addressed and solved.
   So I really salute all of you--and of the different countries and
   corporations that you represent--for putting together a conference
   which, for the first time, focuses internationally on this problem.
   Your lead is one that law enforcement must follow.
   Today when new FBI agents graduate from our training academy in
   Virginia, they leave with their firearms and their badges, but they
   also leave with a lap top computer. It's an excellent symbol of the
   changing environment in which these young men and women will function
   over the next 20 years. It is also imperative for the way they must
   conduct investigations. When they serve law enforcement search
   warrants, they seize hard drives and disks instead of the boxes and
   boxes of records and books and ledgers that their predecessors, myself
   included, used to seize to support our cases.
   Today, also, they chase fugitives over cyberspace as well as over
   fences. You may remember when we arrested Mr. Mitnik a year or so ago.
   He was found by the FBI, but he was found because we hired a
   23-year-old computer specialist to locate exactly where he was and
   where he was transmitting from. That was the basis of effecting that
   I thought also I would mention, very briefly, some of the cases where
   the technology of computers and cyber crime is evidencing itself, and
   then talk generally and briefly about recent initiatives undertaken
   between the FBI and other government organizations, in partnership
   with the private sector, to deal with some of these problems.
   Clearly these problems and issues cannot be solved unilaterally by law
   enforcement, no more than they could be solved unilaterally by the
   private sector. If we are to identify and respond to these various
   problems, we've got to unite the efforts of industry and law
   enforcement on an international scale.
   Let me mention very quickly a couple of cases; these are all public
   cases so I can comment on them. The Citibank case, which you've heard
   Mary Jo White refer to, was a case where someone with a lap top
   computer, sitting in an apartment in St. Petersburg, Russia, intrudes
   into a bank and attempts to move millions of dollars out of accounts
   to a place where they can be exploited.
   We had a similar case recently with a so-called "phone phreaker" in
   Sweden--and because of the assistance we received from Swedish
   authorities, we were able to solve that case. There a young man,
   sitting in his own apartment, hacked his way across the Atlantic Ocean
   into U.S. telephone switching systems and worked his way down to
   Northern Florida, where over the course of several weeks, he
   interfered with 911 systems and had the capability to disable the
   system. It could have been disastrous, because 911 systems not only
   affect the police but also affect fire and emergency services.
   Now extrapolate that to imagine if he'd hit to larger systems--banking
   systems, stock exchanges, or power grids in the northeast or northwest
   in the middle of winter.
   We had another recent and continuing case in Baltimore, which we call
   the Innocent Images case. Several speakers today have already referred
   to it. It goes back to 1993 when we began investigating a kidnapping
   case. When we began to focus on several subjects, it became clear that
   they were using computers--computer telecommunications networks--to
   contact, identify and, in some cases, arrange for meetings with
   children. In a sense, they were entering the homes of the children,
   not on the telephone or by a knock on the door, but through computer
   modems. That case, which has become a national initiative by the FBI,
   has resulted, so far, in approximately 88 arrests and 78 convictions.
   And the only people targeted in those cases are the individuals who
   are involved in large-scale distributions of pornography, and that's
   just, in our view, the tip of the iceberg.
   We had a recent terrorism case where an individual maintained plans in
   his lap top computer to attack airliners and other targets. Part of
   the files contained in that lap top is still encrypted and is still in
   need of being deciphered by the law enforcement authorities.
   Those are just several cases on the menu--again, not representative of
   thousands of others, but all of a very serious nature and with grave
   If you take the context of those cases and translate them to large
   scale industries, to infrastructure, and to informational systems then
   you can see that the potential is catastrophic.
   Consider for example, a recent exercise by a government agency that is
   responsible for maintaining and transmitting secure information. This
   agency ran some computer attacks against its own very well defended
   systems, using people inside and outside the agency to perform them.
   The results of the test were that 88 percent of the attacks were
   successful. Again, the implications of that exercise, translated to
   all our informational systems, are sobering.
   We have been trying to respond to the prospective issues involved in
   this issue in a number of different ways. In June last year the
   President signed an Executive Order that asked all government
   agencies, coordinated by the FBI, to do a critical infrastructure
   study over a 1-year period that would focus on the vulnerabilities of
   the systems--both physical and informational security--and that would
   compose and design protocols of plans and systems to protect key areas
   of government, as well as private industry infrastructure.
   That process has been ongoing now for several months. We have enlisted
   the assistance of many agencies, particularly Department of Defense
   agencies, which have great expertise in this area. We have also
   heavily relied upon private industry and private consultants to supply
   some of the necessary expertise for analysis and planning.
   In addition, pursuant to Executive Order and to a Presidential
   Directive on terrorism, we established an FBI Computer Investigations
   and Threat Assessment Center in our Headquarters, which we call CITAC.
   The purpose of that center is two-fold. One, to develop and provide
   expertise in computer investigations. Secondly, to do threat
   assessments with respect to computer crime infrastructure defenses.
   This ties in as best it can with the infrastructure analysis program
   which is ongoing at the same time.
   We've established three FBI computer crime squads in the field now:
   one is here in New York; two, in other cities around the country.
   These are very different animals in terms of our FBI structure. Most
   FBI squads are programmatic squads, dealing with bank robbery or with
   theft from interstate shipment. These new computer crime squads,
   however, are disciplinary squads--nonprogrammatic and specifically
   designed and ordered to gather up, within a particular division, all
   of the computer investigative expertise that we have both from an
   analytic and an operational point of view. We then use them as a
   resource for all other programs in the field divisions, whether they
   be counterterrorism programs, criminal programs, or national security
   matters. We also use them to assist our partners in other law
   enforcement agencies.
   Part of our CITAC program also requires the SACs in all our 56 field
   divisions to form working groups with local industry--banking,
   utilities, energy, whatever the framework may be for that particular
   location--and put together working groups that will serve both to
   advise and respond to a crisis that threatens infrastructure, whether
   it be a criminal or a national security matter. To date, those
   advisory working groups are working very well around the country.
   Again, the real key to success here--and I don't think it can be
   repeated too much--is the critical partnership of government with the
   private sector and private industry. Beyond our best expertise, we
   need additional expertise based on system-design and
   system-engineering infrastructure protection. It is critical that,
   prior to an emergency, we develop the contacts, the associations, and
   the working groups to deal with some of those problems.
   We have worked very hard, as you know, in the legislation area to
   obtain the authorities that not only enable us to continue our
   investigative programs and techniques, but also help us anticipate
   some of the emerging problems. Last year, for instance, the FBI worked
   very hard with private industry and with many distinguished academics,
   to propose and ultimately to see pass the economic espionage statute,
   which is really a trade secrets act.
   The interesting thing behind that initiative, however, was the fact
   that it was computer crime--particularly computer intrusions into
   major companies to valuable trade secrets--that focused our efforts to
   protect commerce and industry here in the United States. We found, for
   instance, that the traditional theft statutes, like the transportation
   of stolen property, just didn't apply to the situations where an
   intruder into or an employee of a corporation quickly downloads an
   important trade secret and transports that information on a disk
   either locally or globally.
   The courts had said in many cases that intellectual property or
   knowledge of a trade secret was not really a "good" or "ware" as
   intended by the Congress in the interstate transportation of stolen
   property act. So we found we had a large area of criminal activity
   legally exempted from the FBI's program.
   A major impetus for this trade secrets act was thus the ability of
   computer criminals to steal valuable intellectual property that
   doesn't quite fit the 1930's definition of "goods, wares, and
   merchandise." This is just one example of our legislative initiatives
   directed towards those technology problems.
   Encryption is another important one. We realize that the need for
   robust encryption is critical for the health of our national economy
   and for American competitiveness, here and overseas. As a law
   enforcement agency that wears a national security hat, however, we
   also realize that we need encryption with some exempted or
   court-authorized recovery mechanism for those very rare instances when
   encrypted channels are used to either transmit or store information,
   relative to a crime, an act of terror, or a national security matter.
   Of course such a mechanism would to be available to us only under
   court orders and very stringent requirements, as with the 1968
   court-authorized wiretapping statute.
   So there is a friction, as there always is, between technology issues
   and law enforcement, with respect to balancing public safety issues
   with first amendment issues regarding free trade. We have worked very
   hard to try to achieve that critical balance. We are not out of the
   woods yet. We cannot do, nor would we advocate doing, what some
   countries have done; Russia, Israel, and France, for example, have
   outlawed encryption. That's a solution that doesn't really deal with
   the problem in all of its dynamics and all of its dimensions. We are
   rather looking for a solution that balances the protection of robust
   encryption with the protection of national security and public
   safety--one that affords both sides the protections and restrictions
   that will keep our intrusiveness limited and will not affect
   competition or the economy.
   Another FBI initiative that deals with cyber crime and global crime
   issues is the expansion of our Legal Attache program. As many of our
   international friends here know, the FBI has had, for many, many
   years, a "Legat" program, as we call it, where FBI agents are assigned
   to various embassies to engage in liaison functions with the host law
   enforcement authorities. They deal exclusively in law
   enforcement-related activities. They don't engage in any other
   non-criminal activities except as liaison.
   We have Legats now in 30 countries. On my last trip, in fact, I
   dedicated an office in Tel Aviv, which will also serve as liaison with
   Jordan, with the Palestinian authority, and with the office in Cairo.
   Over the next two years, pursuant to a plan approved by the Congress,
   we'll open another 16 Legats which will take us to the places like
   Beijing, South Africa, and Buenos Aires--places where law enforcement
   needs cop-to-cop bridges and the police-to-police contacts that are
   necessary to deal with crimes like computer crime and others that have
   no boundaries and that are committed in the twinkling of a eye. These
   crimes absolutely require us to work with our partners in order to
   identify and solve them.
   We are behind the eight ball, I think, in our efforts to deal both
   with cyber crime and global crime. But the initiatives I've
   mentioned--including infrastructure initiatives, training initiatives,
   the Legat programs--are all certainly moving in the right direction.
   My concern is that we are moving too slowly and that the pace of
   change is so rapid that, despite our best efforts and our resources,
   we will still remain a little bit behind the curve. If you think about
   what's happening now with respect to cyber crime and global crime,
   it's not unfair to compare it to the advent of the automobile back in
   the early part of the century. Easy automobile use then changed
   everything. It didn't just changed the economy, it also had an immense
   impact on law enforcement, which had been dealing with crime on a
   localized basis.
   Today the change is from national to international borders. I remember
   when I was a new FBI agent here in New York in 1975. It was an anomaly
   to have a lead in your case which went overseas to a foreign bank
   account, or to need to speak to a witness who was outside our
   jurisdiction, or to need records from an off-shore location where we
   had no jurisdiction.
   Now in 1997, that's all changed. It's probably rare when we don't have
   an international connection in a drug case or an economic crime case,
   or a fugitive case or a national security matter. Just like the
   automobile back in the 1920s and the 1930s, the computer is impacting
   the economy and the science of law enforcement today, except,
   probably, with a ten-fold greater impact.
   It is affecting everything we do in law enforcement. It is changing
   the rules of the game with respect to how we prepare for and deal with
   national security issues. And it will continue to do that at an even
   more alarming rate.
   Remember the old gangster movies where somebody robbed a bank, got in
   an old Model T, and raced away from the police to a state line--where
   the police had to stop because they didn't have jurisdiction to take
   the bank robbers over the state line? Congress intervened when that
   happened. It established interstate banking authority for the FBI with
   respect to the bank robbery jurisdiction. And everybody thought we had
   solved the problem. In today's world, though, we're dealing with
   global borders and economic borders that have ceased to exist. We now
   need to have authorities from Congress, and we also need technological
   means to deal with a problem that is getting increasingly more complex
   and global. We need to draw on your expertise and advice and partner
   our efforts.
   So, let me just close by again thanking you all of your attendance and
   participation here. We certainly appreciate your interest. We thank
   your Chiefs and Director Generals for approving this. And we ask that
   you help us to combat these new crime phenomena. A critical part, of
   our success will come from industry and from you. Thank you very much.

Link to FBI website