1996-11-13 - Litt: 10/28 speech to ABA/ABA

Header Data

From: Robert Hettinga <rah@shipwright.com>
To: cypherpunks@toad.com
Message Hash: d83cebd140198c4d2ea847d2b1873bff0aea0984d840c6785358d15a0f1de59f
Message ID: <v03007817aeaf7c3419db@[206.119.69.46]>
Reply To: N/A
UTC Datetime: 1996-11-13 14:47:28 UTC
Raw Date: Wed, 13 Nov 1996 06:47:28 -0800 (PST)

Raw message

From: Robert Hettinga <rah@shipwright.com>
Date: Wed, 13 Nov 1996 06:47:28 -0800 (PST)
To: cypherpunks@toad.com
Subject: Litt: 10/28 speech to ABA/ABA
Message-ID: <v03007817aeaf7c3419db@[206.119.69.46]>
MIME-Version: 1.0
Content-Type: text/plain



--- begin forwarded text


X-Sender: oldbear@tiac.net
Date: Tue, 12 Nov 1996 17:46:02 -0500
To: Digital Commerce Society of Boston <dcsb@ai.mit.edu>
From: The Old Bear <oldbear@arctos.com>
Subject: Litt: 10/28 speech to ABA/ABA
Mime-Version: 1.0
Sender: bounce-dcsb@ai.mit.edu
Precedence: bulk
Reply-To: The Old Bear <oldbear@arctos.com>

 < gopher://198.80.36.82:70/00s/current/news/topic/econ/96102905.lec >


*96102905.LAR 10/29/96

FIGHTING ELECTRONIC MONEY LAUNDERING DEMANDS MULTI-PRONGED STRATEGY

(Byliner by DAAG Robert S. Litt)  (1930)
By Robert S. Litt


Most observers believe that widespread electronic commerce is probably
inevitable. It offers us the exciting prospect of doing away with many
of the costs, burdens, and problems associated with paper money. But
the advent of electronic commerce presents certain challenges to law
enforcement as well.

One of the biggest challenges is the new opportunities for criminals
to launder their dirty money. Traditionally, money launderers have
deposited troublesome and bulky cash proceeds into banks or other
financial institutions to obscure its criminal origins. Or they have
created phony companies, or engaged in sham transactions, to hide
illicit profits.

These methods usually create paper trails that can be traced by law
enforcement. Through education, training and the enactment of
stringent laws and regulations in this regard, and through close
cooperation between the Departments of Treasury and Justice, law
enforcement has made great progress preventing and detecting money
laundering. As a result, it is increasingly difficult for criminals to
launder their money successfully.

But certain types of electronic commerce systems permit virtually
anonymous transactions and leave no paper trail. These systems could
undo years of hard law enforcement work. Electronic commerce could
allow a money launderer who wants to transfer tainted funds to do so
without the risk of engaging in personal contact with a potentially
suspicious bank employee. And the funds could be transferred anywhere
in the world by an automated on-line banking system that could be
accessed from the safety of the money launderer's home.

Similarly, a bank that operates completely on-line could court the
business of money launderers with little danger of prosecution. Such a
virtual bank could easily be located overseas, beyond the reach of
U.S. law enforcement. A recent article in the Washington Post suggests
that we are already encountering offshore, on-line banks. According to
the Post article, one offshore bank describes itself as the first bank
on the Internet, offering the opportunity to open accounts, wire
money, order credit cards or write checks by computer from anywhere in
the world, around the clock.

The bank's Worldwide Web page describes the benefits it offers to
customers: "Since there are no government withholding or reporting
requirements on accounts, the burdensome and expensive accounting
requirements are reduced for you and (the bank). The bank maintains
the strictest standards of banking privacy in offshore business and
financial transactions. Indeed, (the bank's country) has stiff
penalties for officers or staff that violate banking secrecy laws." It
is not hard to imagine who will be attracted to this kind of banking.

Some smart card systems go further, and would permit money launderers
to obscure the origins of funds while avoiding financial institutions
entirely. These systems have no central registry of transactions which
would allow the transactions to be reconstructed. A sophisticated
launderer, using multiple cards, could create an intricate series of
transfers that could not be unraveled, and that would circumvent
almost all existing money laundering laws. Internet payment systems
can similarly permit multiple transactions that could be next to
impossible to trace, particularly if unscrupulous merchants cooperate
with the criminals.

How do we respond? One big step toward eliminating money laundering
and other law-breaking through electronic commerce would be to
implement electronic cash technologies that track all transfers. We
have received information that at least one provider of a smart card
system that is already in use in Europe has modified its cards for use
in the United States so that financial institutions will be able to
track card usage. The system will allow them to audit for fraud, if
not recreate every transaction.

But a solution such as this raises a fundamental philosophical issue
for our society -- striking the proper balance between anonymity and
accountability. This question is being debated in many contexts as the
Internet grows. Important reasons abound to allow anonymity in
communications networks. Whistleblowers may want to remain anonymous
to avoid retribution. Consumers may wish to obtain information on a
product without ending up on hundreds of mailing lists. Rape victims
may want to discuss their experiences without revealing their
identities.

Unfortunately, criminals also benefit from anonymity. They want to
avoid getting caught. Anonymous remote communications can help them
avoid detection and apprehension. And so effective law enforcement
requires accountability. We must be able to hold individuals who harm
others accountable for their conduct.

We can find a middle ground between anonymity and accountability in
the principle of confidentiality. In a confidential system, a person's
identity is not generally known, but in appropriate circumstances --
for example when a court order is obtained -- the identity can be
determined. Confidentiality permits us to allow anonymity in
appropriate circumstances but does not permit criminals to obtain new
advantages from the anonymous capabilities of the Net.

This concept of confidentiality embodies the message chosen by the
framers of the U.S. Constitution to limit law enforcement through the
Fourth Amendment. They rejected a system under which law enforcement
could have unfettered access to citizens' papers; but equally they
rejected a system where those papers could be immune from scrutiny
under any circumstances. Rather, they provided for access to a
person's documents under appropriate judicial supervision, forbidding
unreasonable searches and seizures and requiring warrants and
subpoenas. The same kind of balancing, an approach that protects both
anonymity and accountability, should govern our approach to electronic
cash.

Those are some of the challenges we will face. The Department of
Justice has been taking some steps to help us prepare for these
challenges, drawing on the expertise we have had in dealing with other
computer crimes such as hacking.

The first lesson that we have learned is the need for extensive
training. To fight computer crime, agents and prosecutors must
understand computer and telecommunications technology, and be
dedicated full time to this complex area of law. The FBI has now
created three computer crime squads, in Washington, San Francisco and
New York City. The Secret Service also has agents trained to deal with
electronic crimes against financial institutions. The expertise of
these agents will be a crucial asset in fighting abuses of electronic
commerce.

Successful investigation of high-technology crime also requires the
participation of technically literate prosecutors. In 1991, the
Criminal Division of the Department of Justice created what is now the
Computer Crime and Intellectual Property Section, which we have
recently doubled in size. And we have set up, with the cooperation and
support of our U.S. attorneys nationwide, a network of prosecutors who
have been specially trained to serve as Computer and
Telecommunications Coordinators. These "CTCs," as they are known,
presently serve as resident experts on computer crime issues.

But to be successful in combating money laundering or any other form
of electronic crime, an international response is absolutely
necessary. Many of the crimes of the future will not be hampered by
international boundaries, because electronic funds need not be
physically transferred; they can be instantaneously and covertly
shipped via telephone and data networks.

Because computer criminals often are not in the same country as the
electronic funds that they are stealing, passports and other existing
international controls are of limited use in identifying and
apprehending them. Thus, a concerted international effort will be
necessary to ensure that electronic commerce criminals cannot take
advantage of weak laws in one country to commit crimes with impunity
in the United States.

We are making great progress in this effort. We have already had
several instances of international cooperation leading to the arrest
of overseas hackers who have broken into U.S. computers, and we are
working in a number of international forums to institutionalize that
cooperation and to seek coherent rules and policies that will enable
us to prevent abuses of electronic commerce.

In addition to working with other governments, we will have to work
with industry. The issue of encryption is particularly prominent now.
Without strong encryption, successful electronic commerce is probably
a fantasy. But encryption that is too strong -- that cannot be broken
when appropriate -- risks terrible and irrevocable damage to law
enforcement capabilities that are critical to our ability to protect
us all. Our goal is to encourage the use of strong encryption to
protect privacy and commerce, but in a way that preserves law
enforcement's ability to protect public safety. We're not looking to
expand what we can do now, just to preserve this ability against the
threat of unbreakable encryption. Our goal is confidentiality --
protecting the privacy of individual communications while preserving
our present ability under the law to obtain this information when we
need it.

Similarly, in electronic commerce, we want to work with industry to
ensure that the needs of law enforcement are met without either
stifling the development of a vibrant new technology or compromising
individual rights. We believe that the electronic commerce industry
should incorporate certain features into the designs of their smart
cards systems, features that we consider necessary to avoid abuses in
this area. We don't want to dictate how these features are designed,
but there are certain reasonable elements that industry should build
into its systems.

First, a transaction using a digital purchasing system should generate
and safely store records similar to those of credit cards whenever a
cardholder makes a purchase or transfer that exceeds a designated
size. In this regard, we must again emphasize that we are not seeking
to give government any new authority, merely to ensure that we can get
information when we are authorized to do so. Second, electronic
commerce systems should be designed to maintain sensible limits on the
amount of value that may be stored or transferred on a single smart
card or personal computer. Few people carry tens of thousands of
dollars in cash on their persons; permitting "smart cards" of such
value would greatly increase the opportunities for fraud. Finally, and
for obvious reasons, we must encourage the major smart card system
providers to use responsible financial entities as the primary outlets
for their cards.

Our last challenge is to update laws that might otherwise become
outdated. At present it is not clear whether our existing laws are
adequate to deter and punish electronic commerce abuses. Since
Congress did not and could not have foreseen the current electronic
commerce revolution, law enforcement authorities must be prepared, at
least at first, to combat these abuses through existing criminal
statutes that are not perfectly adapted to the problem.

We do not want to create new laws for their own sake, and certainly
not without understanding the effects that they would have on a
vibrant new industry. On the other hand, if we find that the law
enforcement problems presented by electronic commerce are outstripping
our ability to deal with them, changes in our legal structure may be
required.

The challenges faced by law enforcement in electronic commerce will be
enormous. We have already begun to prepare for some of these
challenges, but we realize that we have much more to do. With
training, technological understanding, international cooperation,
diligent law enforcement, and the cooperation of industry, we will
meet these challenges.

(Mr. Litt, a deputy assistant attorney general, is President Clinton's
nominee to head the Justice Department's Criminal Division. The
article was adapted from his Oct. 28 speech to the American Bar
Association and the American Bankers Association in Washington. It is
in the public domain and may be reprinted without permission.)


NNNN

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To unsubscribe from this list, send a letter to: Majordomo@ai.mit.edu
In the body of the message, write:  unsubscribe dcsb
Or, to subscribe,           write:  subscribe dcsb
If you have questions, write to me at Owner-DCSB@ai.mit.edu

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/







Thread