Skip to local navigation | Skip to main content

Electronic Crime Partnership Initiative

As part of the Electronic Crime Partnership Initiative (ECPI), NIJ has established working groups to help define and inform the Institute's electronic crime research agenda. The initiative includes six working groups:

Tools and Technology Working Group

Technology can be a weapon used by criminals, a defense against those criminals, and a tool to help catch them. This working group will address all three issues.

Tools and Technology As Weapons. Each of these tools deliver different levels of threat and require different countermeasures or defenses. The group will define the threats that a broad range of cyber-weapons pose. This will include:

  • Developing a threat-based classification method for cyber-weapons/
  • Developing a taxonomy for describing cyber-weapons.
  • Defining the graph axis that would help illustrate or contrast cyber-weapons, the threats they pose, the increase or decrease of their popularity, and their evolution.

Tools and Technology As Defenses. Each of these tools and technologies deliver different levels of defense and are effective against a set of known or unknown threats. The group will define the general defensive tools and technologies that exist and attempt to assess their effectiveness against cyber-weapons. This will include:

  • Developing a classification method for defensive tools and technologies.
  • Developing a taxonomy for describing defensive tools and technologies.
  • Defining the graph axis that would illustrate or contrast defensive technologies, the threats they address, the increase or decrease of their popularity, and their evolution.

Awareness and Outreach Working Group

Preventing and responding to electronic crime requires greater awareness by the public, government, law enforcement, academia, and business of the nature of electronic crime and solutions to it. This group will find ways to improve knowledge and understanding of electronic crime by addressing the following needs:

  • A clearinghouse for electronic crime information is needed.
  • Leaders of high-tech companies need better knowledge of IP protection and a risk management methodology.
  • Cyber forensics training opportunities should be better publicized.
  • IP protection model legislation, code of ethics, and non-disclosure templates should be available.
  • Public awareness of IP protection, most effectively with law enforcement participation, could highlight severe penalties and show that businesses can be "hard targets" (i.e. not tolerant of IP theft).
  • Public service announcements, brochures, and ads in business publications could focus on best practices and reasonable security precautions.
  • Public awareness of Internet crimes against children should feature The Internet & Your Child  training package; include the Center for Missing & Exploited Children's centralized number for reporting abuse, best practices for schools, and a Guide for Age-Appropriate Use of the Internet; involve professional, parent, and school associations; and improve public officials' awareness.
  • E-commerce fraud awareness should be raised by publicizing common frauds, the volume of Internet fraud, and the Internet Crime Complaint Center, and by reaching senior industry and law enforcement managers.
  • Raising awareness of gray and black markets should include publicizing the size and scope of the problem, educating consumers on costs and consequences (jobs and economic loss); and informing legislators, who could enhance high-tech theft statutes.

Policy and Legal Working Group

As Electronic Crime Needs Assessment for State and Local Law Enforcement report explains:

Currently there is no formal legal mechanism to allow for the enforcement of State subpoenas in other States. Cooperation can be achieved when one State Attorney General's office voluntarily assists a sister State authority in either serving an out-of-State subpoena or seeking an in-State court order to enforce the out-of-State subpoena. However, the reliability and consistency of this procedure is not uniform, and the ability to secure enforcement of an out-of-State subpoena on a recalcitrant party is questionable at best.

This working group will address issues of reciprocity raised above and issues involving Federal privacy laws and State statutes.

To address reciprocity, the panel will:

  • Define the contours of the need for reciprocity in the enforcement of evidence-gathering mechanisms (e.g., is it limited to subpoenas or does it also encompass warrants and/or court orders?).
  • Identify the mechanism that can best be used to establish State-to-State reciprocity.

Regarding Federal Privacy law, this group will concentrate on identifying the respects in which revisions need to be made in the following, and perhaps other, Federal statutes, as well as in analogous State statutes modeled after ECPA.

  • The Privacy Protection Act, 42 U.S. Code §2000aa, which "potentially applies to almost every search of any computer" and which has, therefore, "shielded criminal activities from legitimate law enforcement investigations.
  • The Electronic Communication Privacy Act (ECPA), 18 U.S. Code §§ 2510-2521, 2701-2710, which "no longer effectively balances the competing interests of telecommunications users, service providers, and the legitimate needs of government investigators."

In addressing State statutes, the working group will determine if they:

  • "Encompass the new ways that crimes are being committed," e.g., with the use of computer technology.
  • Establish consistency in the definitions of what is and is not an electronic crime.
  • Ensure that the penalties and offense levels for electronic crimes are sufficiently stringent to make them a priority for law enforcement.

The group will gather empirical data about the types of deficiencies that exist in State statutes, (e.g., how do substantive statutes need to be revised/amended/enacted to address electronic crime, what types of variations exist in the definition of electronic crime(s) and as to what types of offenses do penalties and offense levels need to be increased). The Policy and Legal Working Group can then use this data to formulate an approach for proposing uniform legislation that addresses these issues and that can serve as a template for state legislators.

Standards and Certification Working Group

This group will examine how to apply standards and certification to the task of fighting electronic crime in several areas (detailed below): people, education and training programs; procedures, tools, and forensics labs. For each of these areas, the group will examine current and past efforts to establish standards and certification; lessons learned from these and similar efforts in other disciplines; options for further work; and the benefits, costs, and obstacles of the different options.

People. This includes investigators, prosecutors, forensics specialists, and teachers (educators or trainers). The working group will explore various options, including:

  • A program for certifying people based on course completion, examinations, experience, etc.
  • Establishing guidelines for different roles/skill sets.

Education and Training Programs. These programs can be designed for any of the people listed above. The group will examine programs from core to advanced courses, from degree to non-degree courses, and from academic to training courses. The working group will explore various options, including establishing:

  • An program to accredit education and training programs based on standards.
  • Standards for education and training programs.
  • Guidelines for education and training programs.
  • Standards for course content.
  • Guidelines for courses or sample courses.

Procedures. The group will look at procedures for conducting investigations, handling and preserving evidence, and prosecuting cases. The working group will explore various options, including:

  • Standards for procedures.
  • Guidelines for procedures.

Tools. This includes those tools used for investigations and for forensics analysis. The working group will explore various options, including establishing:

  • Program for certifying that tools meet standards. This implies there would be labs for certifying the tools. The labs themselves would need to be accredited to do this.
  • Standards for tools.
  • Guidelines for tools.

Forensics Labs. The working group will explore various options, including establishing:

  • Program for accrediting labs based on standards.
  • Standards for labs.
  • Guidelines for labs.

Technical Assistance Working Group

Technical assistance to State and local agencies for electronic crime in large part is provided by the FBI or the U.S. Secret Service. However, these agencies cannot always be available to help State and local agencies. This working group will look to see how partnerships and interagency/sector task forces can fill any assistance gaps. The group also will investigate how assististance and technologies can be delivered efficiently to the field.

Partnerships—Law Enforcement, Private Sector, and Academia

Partnerships between law enforcement, private sector, and academia will be critical to combating electronic crime. However, there are many differences—in culture and motivation—among these sectors that need to be addressed and overcome.

These sectors have considerable cultural differences. Law enforcement is a command and control/paramilitary culture, while private sector entities are often matrix problem-solving organizations. Academia is a culture of shared governance that values intellectual freedom.

These sectors are motivated by different concerns and have varied desired outcomes. Law enforcement agencies are case driven and individual problem focused and have a desired outcome of crime solved. They also have public policy concerns, e.g., weighing civil rights vs. public protection. The private sector is primarily profit driven and focuses on developing specific technologies for applications. Their desired outcome in combating electronic crime is the protection of their assets. Academia is theory driven and motivated by the pursuit and publication of scientific breakthroughs.

This group will look to see if there is enough overlap in motivation to make these partnerships work effectively and what those overlaps are. It will also attempt to discover if there are incentives that can be built into the partnerships to better motivate each of the parties to be more interested in the outcomes desired by the others.

Inter-agency/Sector Technical Assistance—Task Forces and Computer Crime Units

Building on the partnerships discussed above, the working group will look at how interagency/sector task forces can aid computer crime units or serve as de facto computer crime units for agencies that don't have one. The group will look at interagency cooperation from a historical perspective, including past experiences with task forces. This will help them determine who needs their own Computer Crime Unit and how limited resources can be most effectively leveraged among agencies.

The group will also review lessons learned from previous attempts to integrate law enforcement with the private sector and/or academia. Issues that have arisen in those instances include access to law enforcement data by civilians; access to proprietary information by other companies, government, and academia; and freedom of information (right to publish, etc.), and technology transfer issues (rights to theories/inventions).

Delivering Technical Assistance

The first step in delivering technical assistance to State and local agencies has to be a coordinated effort to assess their needs, target those needs, and then help secure funding and other resources to meet those needs. Meeting those needs will involve both technology deployment and transfer, areas that this working group will explore.

Technology deployment is the basic movement of new knowledge/tools from developers to the end-users, in this instance law enforcement agencies. The partnerships discussed above should help in this transfer from developers, such as universities, government agencies, and quasi-governmental agencies. This working group will look into intellectual property issues - dissemination, publication, ownership, and protectability—and commercial applications - evaluation of commercial viability and strategies for commercialization—of newly developed tools.

Technology transfer involves moving new tools to the private sector from academia and government developers. Through commercial agreements with manufacturers in the private sector, the technologies can be made available in sufficient quantity and at a price agencies can afford.

Education and Training Group

Virtually everyone involved in cybercrime has a training need. At one end of the spectrum there is a need for undergraduate and graduate programs to understand and develop new science to combat cybercrime advances for skilled practitioners around the world. At the other end is the need to instruct a first responder to do no harm and preserve the evidence appropriately.

There is a rush to fill the apparent vacuum in education and training. There are actors involved in every aspect of training ranging from respected universities to well-meaning amateurs. The solution to training and education issues clearly requires close cooperation between industry, law enforcement, academia, and professional organizations. This working group will investigate three areas: training courses and degree programs, multidisciplinary labs and research, and faculty development and capacity building.

Training Courses and Degree Programs

"Both entry-level and advanced training are needed for law enforcement officers and investigators, prosecutors, defense attorneys, probation and parole officers, and judges. First-line officers who secure the initial crime scene need training on basic forensic evidence recognition and collection techniques. National standards should be developed and applied toward a certification program that ensures uniform skill levels. Prosecutors and judges require awareness training and case histories on electronic crime incidents"- National Institute of Justice, Electronic Crime Needs Assessment for State and Local Law Enforcement.

The desired outcomes from the working group include:

  • Initial set of organizations providing training and universities providing degrees.
  • Initial set of courses and syllabi as available.
  • Identification of a central Web site for cyber forensic education and training resources
  • An initial set of sanitized case studies.
  • Identification of education and training gaps.
  • Identification of populations beyond traditional criminal justice groups that need cyber forensics education and training.
  • Clearinghouse and database of:
    • Degree programs in electronic crime and cyber forensics and related fields.
    • Training courses for electronic crime and cyber forensics and related fields.

Multidisciplinary labs and research

The need exists for multidisciplinary settings, such as labs for academia, industry, and law enforcement to work collaboratively on emerging problems with the Internet, e-commerce, and state-of-the-art technologies and tools. The desired outcomes from the working group include:

  • Identification of public-private partnerships and task forces formed to address electronic crime and cyber forensics issues and training.
  • Repository of electronic crime and cyber forensics technical papers from conferences and task forces.

Faculty development and capacity building

The need exists for increased Federal government support for basic and applied research at universities and federal labs and R&D centers, for faculty development and capacity building, and for undergraduate and graduate scholarship programs in cyber forensics and electronic crime. The desired outcomes from the working group include:

  • Designated Centers of Excellence with research, curricula, and student scholarships in cyber forensics and electronic crimes.
  • Plan for building capacity for faculty in this field.

Next Section:  Computer Forensic Tool Testing Program