The Silk Road, Federal law enforcement and who’s watching the Undercover Agent!

The week’s arrests of former Federal Agents Carl Mark Force IV and Shaun Bridges is more than just an embarrassment to the agencies involved.  It is another indicator of the managers’ lack of understanding of their agents’ Internet investigations work.  Much to the chagrin of some of our book, Investigating Internet Crimes, readers, we devoted considerable space to discussing investigative policy. Gee, I wonder why? The Silk Road investigation has provided an example, and not a good one for law enforcement managers to have policy and understand what their investigators are doing online.

Several clear things have appeared in this case. Early on the lack of documentation exploded when the former FBI Agent Tarbell wrote in an affidavit that he failed to document his actions when he found the Silk Road server. I had previously defended the FBI and publically stating that we needed to wait until all the facts (and testimony) were in. Well at Ross Ulbricht’s trial it never came in and we have just found out why some things were never discussed. Agents Carl Mark Force IV and Shaun Bridges were under investigation and the defense was prevented from disclosing anything about their conduct.  Now, I am not an attorney and cannot discuss how those motions were or should have been handled, but I can discuss the disclosures recently made and how poorly it appears the Federal supervisors acted.

Supervising people undercover has been a long standing supervision intensive problem. Long ago working vice I remember a supervisor criticizing my performance after the fact. However, that supervisor was right there, listening to the wire and gave me immediate feedback. I would not be making that mistake again.  Internet investigations have changed what it means to be undercover (UC).  When we first started doing UC on the Internet in the late 1990’s to document what we did and the chat’s we had included a video camera over our shoulder. At that point there was not much else we could do.  As investigative techniques continued, law enforcement found tools to assist them in their documentation. Screen captures and video recordings were accomplished with tools like Techsmiths Snagit and Camtasia which were adopted for this new purpose. Later tools like WebCase were designed specifically for treating information on the Internet as evidence.

Collection of evidence from the Internet is a unique and specific problem which I wrote about years ago in a whitepaper Collecting Legally Defensible Online Evidence.  Not collecting Internet evidence properly is just the beginning of the Federal Managers supervision problems in this case. The next issue was the fact that they were not supervising their undercover agents. We do know that some recordings were made, but who looked at them.  Was anyone looking at the UC’s actions online? Was anyone review the recordings being made? Was anyone supervising the agents? Apparently not,  because the criminal investigation of the agents found the use of one of the unauthorized accounts in one of the UC recordings. No supervisor was looking or if they were they didn’t know what they were looking at. Agent  Gambaryan reviewed the case file of Force and found “…several DVDs of video taken with FORCE’s official DEA laptop with a screen-recording program…”.

Image one

Gambaryan found the reference to an account that Force used that was not mentioned in the reports. But it was in the undercover video’s. What supervisor was reviewing his actions.  Again,  apparently no one.

Another indicator  the supervisors should have seen with Agent Force as UC was the encrypted communication.  Everyone should have known he was using encrypted communications with DPR (Ross Ulbricht). In fact in Agent  Gambaryan’s affidavit he comments on the prosecutors continual mentioning of providing all of the encrypted communications.

Image two

Agent  Gambaryan also, although probably not intentionally, puts the issue of undercover Agent supervision squarely on the managers feet when he surmises Force’s failure to provide the encryption keys to his managers.

 Image three

If the supervisors/managers were, doing their job this would not have been an issue. They should have known and would have obtained the keys. But they didn’t.

Okay, back to our book. As a former law enforcement supervisor I have recognized for years that supervision, management of undercover officers and policy go hand in hand.  Previous to writing our book, I wrote the first published model policy on using social media by law enforcement because I saw the need. We included much of this in our book, including ethics discussions and these model policy’s for law enforcement conducting Internet investigations. We did so, because it has not been discussed and needs to be understood. Law enforcement managers at all levels (local, State and Federal) need to understand that undercover work on the Internet has just as many supervision issues as undercover work in the real world. Some of the issues are the same and some are different. But, supervision and management must still occur regardless of the case.

 

Questionable Online Investigations: Missteps Outside the Classroom

Last week we discussed the problems that can occur when an uninformed college educator exposes criminal justice students to online undercover investigations without fully understanding the legal nuances of those operations. This generated a lot of feedback on links to the blog article. We did not mean to imply that these missteps only occur in the academic setting. Unfortunately, they happen whenever staff are not properly trained and are then directed to complete online investigations.

We are aware of law enforcement personal doing the same thing that criminal justice students were directed to do, ie, pulling images from the Internet for use in an online undercover profile. In some cases, law enforcement felt it was appropriate as long as they bought the “model’s” picture. This is an ill-advised practice because it exposes the real person to danger as well as the officer and their agency to civil liability if something goes wrong. Additionally, it can give away the profile as being a “fake,” defeating the purpose for its creation. Again, the real person might be identified. It may be true the model sold their picture but that does not mean they wanted it used for conducting undercover online investigations.

Missteps are not only being committed by law enforcement. We cite in our book several cases where attorneys either directly or through advice participated in legally questionable online undercover activities. In one case a prosecuting attorney impersonated a defendant’s friend online to obtain proof that a witness was lying during a criminal trial. In another an attorney gave the go ahead for an investigator to take over a minor friend’s social networking profile, to obtain access to the minor’s restricted pages in order to get evidence for a civil suit. None of these examples ended well for the attorneys involved.

We devoted Chapters 9, 10, and 11 to covering various aspects to initiating, conducting, maintaining, and managing undercover online investigations. But don’t take our word for how good our book is conducting Internet investigations. Take a look at the following comments from respected law enforcement professionals:

Larry D. Johnson, Current CEO at Castleworth Global LLC, Former Chief Security Officer at Genworth Financial and Special Agent in Charge, Criminal Investigative Division, USSS, Retired, noted:

“This book offers the most comprehensive, and understandable account of cybercrime currently available to all different skill levels of investigators. It is suitable for novices and instructors, across the full spectrum of digital investigations and will appeal to both advanced and new criminal investigators. It will no doubt become a must have text for any law enforcement or corporate investigator’s investigative library.”

Lieutenant Raymond E. Foster (Ret.) Los Angeles Police Department, author, and host of American Heroes Radio, observed:

“Another strength to this book is that is very easy to read and in my opinion it needs read not only by the guys who are going to be doing these investigations but I think supervisors and managers out there need to take a look. … It is written for many levels within an organization.” (The entire show is here American Heroes Radio)

Neal Ysart, Director First August Ltd, Information and Corporate Risk Services writes:

“At last….. Informed, pragmatic guidance from two highly experienced professionals who have actually spent time on the front line, not just the classroom. This book is relevant for practitioners working in both law enforcement and within business – every aspiring cyber investigator should have a copy.”

Jim Deal, United States Secret Service (Ret.) and original Supervisor of the San Francisco USSS Electronic Crimes Task Force notes:

“Cyber-crime, internet fraud, online predators…we think they’re being addressed until we become the victims. Today’s law enforcement is ill-prepared to address against national security, let alone against our law-abiding citizens. Todd Shipley and Art Bowker are able to communicate what law enforcement responders need to know before they get the call – the information in this book must become a mandatory reference for law enforcement agencies everywhere.”

Criminal Justice Student gets A, Perverts Get Off, and Instructor Fails

Todd and I wrote our book for individuals conducting Internet investigations, be they criminal or civil in nature. We made a very conscious effort to include real life cautionary tales of what not to do when conducting online investigations.  One area we stressed concerned online undercover operations and that they were not the same as “role playing” for fun or fantasy. We just heard of a recent real life story involving a major college criminal justice studies (CJS) program. It really shocked us and demonstrates the need for our text in today’s law enforcement training and criminal justice degree programs.

The university mentioned has a respectable CJS undergraduate, which has areas of focus on law enforcement, cyber-defense, information security, terrorism and forensics.  Its graduates go on to obtain careers in law enforcement, intelligence and security officers.  The description could apply to any one of a number of colleges and universities if instructors are following the same kind of in class lab project.  This university’s program has a class focusing on technology and law enforcement, again not unlike numerous other classes in vogue in degree programs around the county.  Many such classes go by names such as cybercrime, Internet, or computer investigations. This particular CJS program class has a hands-on component, which allows undergraduate students to purportedly experience what it is like to actually conduct an undercover online investigation. Yep, we said “undercover online investigation”.   One of the students described the class as follows:

The course is taught by a 10 year plus instructor, experienced in computer security and CJS. The class size is about 30 students and uses a computer lab on the campus. The course is for sophomores and above and has been taught for two or three years.   It is a very popular course on campus, because of this “hands-on” component.  One required exercise in the course is for each student to create a fake e-mail account and Facebook profile of a 13-year old minor and to proceed online and to enter various chat rooms pretending to be a juvenile. The students are advised to pull a picture off the Internet of a minor to complete their profile for this exercise. The exercise occurs over three or four class sessions.  Software is used to record chats and take screen shots of the sessions. Students are then required to submit a “worksheet” of their experiences. The only cautionary directive the instructor gives is if they are sent child pornography they are to report it immediately, in which case the hard drive is “preserved.”

Well, we clearly have some areas of concern about this exercise.  First, none of these undergraduate students are sworn law enforcement officers.  Neither Todd nor myself have ever heard of undergraduate students being required to conduct actual  undercover investigations as part of a course requirement.  Clearly, if something bad happens, the students are woefully unprepared for what follows.  Additionally, because they are not sworn law enforcement officers, they could be criminally and civilly liable for problems that may occur. Then there are also chain of custody issues when something illegal is discovered. They are not trained in how to collect and preserve evidence, which of course our text covers in great detail and goes beyond merely recording chats and taking a few screen shots.  Even Dateline’s to “Catch a Predator”, which had law enforcement involvement and still ran into numerous legal problems. We spent a lot of time in our book discussing policy and the appropriate process for setting up a system and preparing law enforcement officers for online undercover work. There is much more to it than just Googling a name or a website.

One of the most disturbing things about this exercise was the use by the 30 CJS students of REAL minors’ pictures in their profiles, pulled from who knows where on the Internet.  What would the parents of these minors feel like if they knew that their child’s picture from a sporting event or school website was used in this manner? How would you feel if your child’s picture was used to demonstrate how undercover online investigations into sexual exploitation transpire?  Now, how would you feel if we told you there was a way for those perverts to identify and locate your child from those images that were pulled from the Internet? Yeah, we know.  Not good.

It is unclear what happen to these profiles after the exercise ended. It did not appear that these fictitious profiles were deleted. Additionally, the profiles were used for several different class sessions. This means that even if the profiles were deleted, they may still exist as they were probably crawled by a search engine while they were still active. It is tough to get that genie back into the bottle once it is online. So the effect of this exercise may go well extend beyond the timeframe of a single class semester. These profiles were no doubt created to facilitate interaction of a questionable nature with a pervert. The problem is the profiles likely still exist somewhere (anyone look at the Internet Archive lately), including a picture, used without the permission of the parents of minor, waiting for some sex offender to find them.

Again, we noted in our book, investigators have to be extremely careful with using images because there are sites, such as Google Image and Tineye, that can be used to show if that image has appeared elsewhere on the Internet. So taking the image from a profile and running it through one or both of these programs may show where on the Internet it also appeared.  If the image was pulled from say a school website, a person could possibly identify the name of the real minor, the school, and their general location, and not the identity of the CJS student who created the fictitious profile.  No one would want images of loved ones posted on a profile designed to entice pervert until  the Internet runs dry of electrons.

Additionally, the 30 CJS were instructed to collectively violate Facebook’s terms of service agreement for this class exercise.  There have been civil suits filed by several Internet Service Providers for individuals collectively creating fictitious profiles. LinkedIn and Yelp are two such companies that come to mind. Granted in these examples they were used for deceptive practices or to commit fraud, but is exposing an unsuspecting minor to real dangers any better?  It deserves repeating that we discuss these issues in great detail in our book and note that investigators and their agencies must have well thought out policies and procedures dealing with these legal concerns, before undertaking undercover online investigations.

In our example, one CJS student hit the “jackpot” so to speak. One Internet target thought the CJS student was really a 13 year old female and sent the CJS student links to child pornography.  The student, apparently at the professor’s instruction, sent the pervert a “link” so they could capture his IP address (Anonymizing techniques must be taught in another class). This student also received an online invite to meet up in the real world for sex from another individual responding to the CJS students fake profile.  What is incredulous is that the student got an “A” for the assignment.  We don’t even want to know how they identified that the “links” went to actual child pornography. 

Apparently, the rest of the class engaged in chat conversations with numerous individuals who thought they were minors. Frequently, these individuals masturbated on webcams to the students as well. So these perverts “got off” and the CJS students got disgusted. Law enforcement was notified about the child porn links being sent. But this is not going to be an easy case, particularly with the chain of custody concerns presented, not to mention testimony and evidence collection and documentation.

This should never have occurred. These concerns are not mitigated in a college classroom setting, students and teachers do not have an exemption from general legal principles, particularly when they are apparently ignored. Todd and I would both give this instructor an “F” for failing to provide the students with a useful learning environment.  We are confident that anyone reading our book would realize that without the proper structure and policy that this is a big no no. We wrote our current book intending to help prevent these kinds of situations so things like this don’t happen. This is particularly true for in programs that are training future law enforcement officers and investigators.  A copy of our book is on the way to this instructor. Hopefully we can correct his teaching approach to ensure that his students actually are prepared for their future in law enforcement. On that note I left a cigar lit somewhere.

References

Cutler, J. (2013, August 20). Yelp Sues Firm That Sued It for Coercion, Alleging Posting of Fake Favorable Reviews. Bloomberg Law. Retrieved from http://about.bloomberglaw.com/law-reports/yelp-sues-firm-that-sued-it-for-coercion-alleging-posting-of-fake-favorable-reviews/

Gold, M. (2008, June 24). NBC resolves lawsuit over ‘To Catch a Predator’ suicide. latimes.com. Retrieved from http://latimesblogs.latimes.com/showtracker/2008/06/nbc-resolves-la.html

Gullo, K. (2014, January 7). LinkedIn Sues Unknown Hackers Over Fake Profiles. Bloomberg Technology. Retrieved from http://www.bloomberg.com/news/2014-01-07/linkedin-sues-unknown-hackers-over-thousands-of-fake-accounts.html