26 April 1997 Source: gopher://198.80.36.82:70/0R45270432-45282977-range/archives/1996/pdq.96 ----------------------------------------------------------------------------------- ACCESSION NUMBER:00000 FILE ID:96102905.LAR DATE:10/29/96 TITLE:29-10-96 FIGHTING ELECTRONIC MONEY LAUNDERING DEMANDS MULTI-PRONGED STRATEGY TEXT: (Byliner by Dep. Asst. Attorney General) (1930) By Robert S. Litt (Mr. Litt, a deputy assistant attorney general, is President Clinton's nominee to head the Justice Department's Criminal Division. The article was adapted from his Oct. 28 speech to the American Bar Association and the American Bankers Association in Washington. It is in the public domain and may be reprinted without permission.) Most observers believe that widespread electronic commerce is probably inevitable. It offers us the exciting prospect of doing away with many of the costs, burdens, and problems associated with paper money. But the advent of electronic commerce presents certain challenges to law enforcement as well. One of the biggest challenges is the new opportunities for criminals to launder their dirty money. Traditionally, money launderers have deposited troublesome and bulky cash proceeds into banks or other financial institutions to obscure its criminal origins. Or they have created phony companies, or engaged in sham transactions, to hide illicit profits. These methods usually create paper trails that can be traced by law enforcement. Through education, training and the enactment of stringent laws and regulations in this regard, and through close cooperation between the Departments of Treasury and Justice, law enforcement has made great progress preventing and detecting money laundering. As a result, it is increasingly difficult for criminals to launder their money successfully. But certain types of electronic commerce systems permit virtually anonymous transactions and leave no paper trail. These systems could undo years of hard law enforcement work. Electronic commerce could allow a money launderer who wants to transfer tainted funds to do so without the risk of engaging in personal contact with a potentially suspicious bank employee. And the funds could be transferred anywhere in the world by an automated on-line banking system that could be accessed from the safety of the money launderer's home. Similarly, a bank that operates completely on-line could court the business of money launderers with little danger of prosecution. Such a virtual bank could easily be located overseas, beyond the reach of U.S. law enforcement. A recent article in the Washington Post suggests that we are already encountering offshore, on-line banks. According to the Post article, one offshore bank describes itself as the first bank on the Internet, offering the opportunity to open accounts, wire money, order credit cards or write checks by computer from anywhere in the world, around the clock. The bank's Worldwide Web page describes the benefits it offers to customers: "Since there are no government withholding or reporting requirements on accounts, the burdensome and expensive accounting requirements are reduced for you and (the bank). The bank maintains the strictest standards of banking privacy in offshore business and financial transactions. Indeed, (the bank's country) has stiff penalties for officers or staff that violate banking secrecy laws." It is not hard to imagine who will be attracted to this kind of banking. Some smart card systems go further, and would permit money launderers to obscure the origins of funds while avoiding financial institutions entirely. These systems have no central registry of transactions which would allow the transactions to be reconstructed. A sophisticated launderer, using multiple cards, could create an intricate series of transfers that could not be unraveled, and that would circumvent almost all existing money laundering laws. Internet payment systems can similarly permit multiple transactions that could be next to impossible to trace, particularly if unscrupulous merchants cooperate with the criminals. How do we respond? One big step toward eliminating money laundering and other law-breaking through electronic commerce would be to implement electronic cash technologies that track all transfers. We have received information that at least one provider of a smart card system that is already in use in Europe has modified its cards for use in the United States so that financial institutions will be able to track card usage. The system will allow them to audit for fraud, if not recreate every transaction. But a solution such as this raises a fundamental philosophical issue for our society -- striking the proper balance between anonymity and accountability. This question is being debated in many contexts as the Internet grows. Important reasons abound to allow anonymity in communications networks. Whistleblowers may want to remain anonymous to avoid retribution. Consumers may wish to obtain information on a product without ending up on hundreds of mailing lists. Rape victims may want to discuss their experiences without revealing their identities. Unfortunately, criminals also benefit from anonymity. They want to avoid getting caught. Anonymous remote communications can help them avoid detection and apprehension. And so effective law enforcement requires accountability. We must be able to hold individuals who harm others accountable for their conduct. We can find a middle ground between anonymity and accountability in the principle of confidentiality. In a confidential system, a person's identity is not generally known, but in appropriate circumstances -- for example when a court order is obtained -- the identity can be determined. Confidentiality permits us to allow anonymity in appropriate circumstances but does not permit criminals to obtain new advantages from the anonymous capabilities of the Net. This concept of confidentiality embodies the message chosen by the framers of the U.S. Constitution to limit law enforcement through the Fourth Amendment. They rejected a system under which law enforcement could have unfettered access to citizens' papers; but equally they rejected a system where those papers could be immune from scrutiny under any circumstances. Rather, they provided for access to a person's documents under appropriate judicial supervision, forbidding unreasonable searches and seizures and requiring warrants and subpoenas. The same kind of balancing, an approach that protects both anonymity and accountability, should govern our approach to electronic cash. Those are some of the challenges we will face. The Department of Justice has been taking some steps to help us prepare for these challenges, drawing on the expertise we have had in dealing with other computer crimes such as hacking. The first lesson that we have learned is the need for extensive training. To fight computer crime, agents and prosecutors must understand computer and telecommunications technology, and be dedicated full time to this complex area of law. The FBI has now created three computer crime squads, in Washington, San Francisco and New York City. The Secret Service also has agents trained to deal with electronic crimes against financial institutions. The expertise of these agents will be a crucial asset in fighting abuses of electronic commerce. Successful investigation of high-technology crime also requires the participation of technically literate prosecutors. In 1991, the Criminal Division of the Department of Justice created what is now the Computer Crime and Intellectual Property Section, which we have recently doubled in size. And we have set up, with the cooperation and support of our U.S. attorneys nationwide, a network of prosecutors who have been specially trained to serve as Computer and Telecommunications Coordinators. These "CTCs," as they are known, presently serve as resident experts on computer crime issues. But to be successful in combating money laundering or any other form of electronic crime, an international response is absolutely necessary. Many of the crimes of the future will not be hampered by international boundaries, because electronic funds need not be physically transferred; they can be instantaneously and covertly shipped via telephone and data networks. Because computer criminals often are not in the same country as the electronic funds that they are stealing, passports and other existing international controls are of limited use in identifying and apprehending them. Thus, a concerted international effort will be necessary to ensure that electronic commerce criminals cannot take advantage of weak laws in one country to commit crimes with impunity in the United States. We are making great progress in this effort. We have already had several instances of international cooperation leading to the arrest of overseas hackers who have broken into U.S. computers, and we are working in a number of international forums to institutionalize that cooperation and to seek coherent rules and policies that will enable us to prevent abuses of electronic commerce. In addition to working with other governments, we will have to work with industry. The issue of encryption is particularly prominent now. Without strong encryption, successful electronic commerce is probably a fantasy. But encryption that is too strong -- that cannot be broken when appropriate -- risks terrible and irrevocable damage to law enforcement capabilities that are critical to our ability to protect us all. Our goal is to encourage the use of strong encryption to protect privacy and commerce, but in a way that preserves law enforcement's ability to protect public safety. We're not looking to expand what we can do now, just to preserve this ability against the threat of unbreakable encryption. Our goal is confidentiality -- protecting the privacy of individual communications while preserving our present ability under the law to obtain this information when we need it. Similarly, in electronic commerce, we want to work with industry to ensure that the needs of law enforcement are met without either stifling the development of a vibrant new technology or compromising individual rights. We believe that the electronic commerce industry should incorporate certain features into the designs of their smart cards systems, features that we consider necessary to avoid abuses in this area. We don't want to dictate how these features are designed, but there are certain reasonable elements that industry should build into its systems. First, a transaction using a digital purchasing system should generate and safely store records similar to those of credit cards whenever a cardholder makes a purchase or transfer that exceeds a designated size. In this regard, we must again emphasize that we are not seeking to give government any new authority, merely to ensure that we can get information when we are authorized to do so. Second, electronic commerce systems should be designed to maintain sensible limits on the amount of value that may be stored or transferred on a single smart card or personal computer. Few people carry tens of thousands of dollars in cash on their persons; permitting "smart cards" of such value would greatly increase the opportunities for fraud. Finally, and for obvious reasons, we must encourage the major smart card system providers to use responsible financial entities as the primary outlets for their cards. Our last challenge is to update laws that might otherwise become outdated. At present it is not clear whether our existing laws are adequate to deter and punish electronic commerce abuses. Since Congress did not and could not have foreseen the current electronic commerce revolution, law enforcement authorities must be prepared, at least at first, to combat these abuses through existing criminal statutes that are not perfectly adapted to the problem. We do not want to create new laws for their own sake, and certainly not without understanding the effects that they would have on a vibrant new industry. On the other hand, if we find that the law enforcement problems presented by electronic commerce are outstripping our ability to deal with them, changes in our legal structure may be required. The challenges faced by law enforcement in electronic commerce will be enormous. We have already begun to prepare for some of these challenges, but we realize that we have much more to do. With training, technological understanding, international cooperation, diligent law enforcement, and the cooperation of industry, we will meet these challenges. -----------------------------------------------------------------------------------