Electronic Commerce Law

Thailand August - September 2006

 

CyberCrime  
Alan Davidson 2006 
   
Read Quirk chapters 14 and 15
Browse Akindemowo - Read Chapter 5: Computer Crime, Telecommunications and Internet Abuse, pages 201-208, 215-222 and 229
 
Read these brief overviews 
Davidson - Cyber Crime - August 2000
Davidson - Cybercrime Bill 2001 (Cth) -  August 2001
Davidson - Interactive Gambling Act 2001 (Cth) -  September 2001

Davidson - Restricting Pornography on the Internet - August 2003

Davidson - The Crackdown on Child Internet Pornography - November 2004

Davidson - Commonwealth Cybercrime Update and Review - March 2005

Including the Cybercrime Bill (Cth) 2001

Internet Industry Codes of Practice 
Read the Preambles, Objectives and Principles 
Browse the remainder 

Spam Act 2003 (Cth)

Spyware Bill 2005 (Cth)

IIA Content Regulation Code of Practice (version 7.2) 
http://www.iia.net.au/contentcode.html

IIA Interactive Gambling Industry Code (version 1.0) 
http://www.iia.net.au/gamblingcode.html

IIA Cybercrime Code (draft version 1.0) 
http://www.iia.net.au/cybercrimecode.html
     
    Activity
To what extent are the Internet Industry Codes of Practice effective? 

Broadcasting Services Act Schedule 5

Notes on the Broadcasting Services Act - Schedule 5


State and Federal Crimes Acts
 
Crimes Act 1914 (Cth) , 
Criminal Code 1995 (Cth) 
Cybercrime Act 2001 (Cth) 

Read: divisions 474 to 478 Criminal Code 1995 (Cth) - Computer Crime 
http://scaleplus.law.gov.au/html/pasteact/1/686/top.htm

Read sections 85ZB-ZKB (offences relative to telecommunications) at http://www.austlii.edu.au/au/legis/cth/consol_act/ca191482/index.html
 

Browse the Explanatory Memorandum to the Cybercrime Bill 2001 (Cth) 
http://scaleplus.law.gov.au/html/ems/0/2001/0/2001072001.htm
 
Computer-related crime prosecuted by prosecutors’ offices 

 
Type of Computer Crime Prosecuted
All offices
Full-time offices (population served)
Part-time
Large (1,000,000 or more)
Medium (250,000 - 999,999)
Small (under 250,000)
Any computer-related crime
41.5%
97.0%
72.9%
44.2%
16.8%
Credit card fraud
27.4
93.5
61.2
28.2
7.4
Bank card fraud
22.3
83.3
50.9
22.6
6.9
Computer forgery
13.3
63.0
39.2
12.8
2.7
Computer sabotage
4.6
53.6
14.4
3.8
0.5
Unauthorized access to computer
9.6
60.7
28.8
8.8
2.3
Unauthorized copying or distribution of computer programs
2.7
53.8
9.0
1.8
0.2
Cyber stalking
16.3
6.7
47.8
15.1
4.5
Theft of intellectual property
3.2
40.7
13.4
2.3
0.5
Identity theft
18.2
80.0
51.9
17.2
4.5

Bureau of Justice Statistics 

http://www.ojp.usdoj.gov/nij/sciencetech/ecrimestats_bjs.htm


Powers

Read Crimes Act 1914 (Cth) 
Section 3C(1) data, data  held in a computer and data storage device
Sections 3K, 3L, 3LA, 3L 
(Similar amendments have been made to he Customs Act 1901 (Cth)

Hart v Commissioner, Australian Federal Police [2002] FCAFC 392. 
S 3K
Prior to the commencement of s 3K it was not possible under s 10 of the Crimes Act to remove things from the warrant premises with a view to deciding at a later time whether or not to seize them. It was possible to remove a file, book, bundle of documents which was believed on reasonable grounds to contain material of evidentiary value, provided that any  necessary sorting process was carried out with reasonable expedition and that those documents not of evidential value be returned reasonably promptly. It was held that it is not open for an executing officer to remove materials for later sorting without consideration of whether or not they might contain evidential material.
     
    Activity
The powers given to the federal police have been described as draconian.  What is the basis for these claims? 
     
   

Australian State Legislative Offences Relating to Computers

There has been no uniform approach taken in relation to offences relating to the use of computers in electronic commerce or otherwise. Every State and Territory legislature has prohibited unlawful access to a computer. (NSW, Crimes Act 1900, s 309; Vic, Summary Offences Act 1966, s 9A; Qld, Criminal Code 1899, s 308D(1); SA, Summary Offences Act 1953, s 44; WA, Criminal Code Act 1913, s 440A; Tas, Criminal Code 1924, s 257D; ACT, Crimes Act 1900, s 135J; NT, Criminal Code Act 1983, s 222.) 

Only New South Wales, Queensland, Tasmania and the Australian Capital Territory have specific legislation dealing with damage to computer data. (NSW, Crimes Act 1900, s 310; Qld, Criminal Code 1899, s 308D(2)(3); Tas, Criminal Code 1924, s 257C; ACT, Crimes Act 1900, s 135K.) In addition, there are a range of offences relating to the misuse of computers such as the falsification of documents, dishonest use of computers, fraudulent use of computers, obtaining property by deception and child pornography. (NSW, Crimes Act 1900, ss 300-304; Vic, Crimes Act 1966, s 83A; Qld, s 408C Criminal Code 1899; Tas, Criminal Code 1924, ss 257B and 257E; ACT, Crimes Act 1900, s 135L; NT, Criminal Code Act 1983, ss 70, 81 and 276.) 

Internet Gambling

The Internet and other new technologies have made possible types of gambling that were not feasible a few years ago. From the home or office anyone with an Internet connection can engage in an interactive poker game operated from a computer located in Antigua. The number of gambling sites operating illegal betting and wagering businesses online has increased at an exponential rate. The Internet allows virtually instantaneous and anonymous communication that is difficult to trace. The potential for operators to defraud customers is significantly greater than with traditional casino-style gambling. Fraudulent activities can range from credit card fraud to the manipulation of gambling odds. As the Internet is both anonymous and widely available, it is difficult to prevent minors from gambling. 

Cyberstalking

Various State legislation defines stalking as continued and intentional conduct directed at another person that would cause a reasonable apprehension of violence or detriment to the stalked person or another person. “Cyberstalking" or stalking online is not dealt with directly by legislation. However, elements of stalking can include use of the Internet, email or other electronic communications to harass or threaten another person. The behaviour includes posting improper messages on bulletin boards, forwarding viruses, threatening or offensive email, and electronic theft. 

The Crimes Acts in most jurisdictions describe stalking in general terms, leaving it to the courts to consider specific instances such as harassment by electronic means. (NSW, Crimes Act 1900, s 562AB; SA, Criminal Consolidation Act 1935, s 19AA; WA, Criminal Code Act 1913, s 338D; Tas, Criminal Code 1924, s 192.) In Victoria, the offence of stalking specifically includes “telephoning, sending electronic messages to, or otherwise contacting, the victim or any other person": Vic, Crimes Act 1966, s 21A. In 1993, the Queensland Criminal Code was amended to include the offence of unlawful stalking. In 1999, the Code was amended to extend stalking to conduct utilising the telephone, fax, mail, email or other technology. (See Qld, Criminal Code (Qld), ss 359A-359F. For generic provisions, see NSW, Crimes Act 1900, s 562AB; ACT, Crimes Act 1900, s 34A.) In the Australian Capital Territory stalking includes where the offender “telephones or otherwise contacts the other person": ACT, Crimes Act 1900, s 34A. However, even if the stalker can be identified, the enforcement of such laws can be problematic as the offender may not be located within the jurisdiction. 

Technical responses available for the consumer include the following:

Blocking and filtering software can delete email or chat-room messages. The criteria used can include the name of the author, certain offensive words and so on. 
Sophisticated encryption programs can prevent messages being read by unauthorised people. 
Digital signatures and certificates can be used to authenticate the author. 
Using a gender-neutral name. 
Changing passwords regularly. 

 

Child Pornography

The International Child Pornography Conference held in Austria in 1999 sought to combat child pornography and exploitation on the Internet. Initially the discussion revolved around the existing international obligations and commitments for the protection of children, including the Convention on the Rights of the Child. The conference built and acted upon commitments undertaken at the Stockholm World Congress against the Commercial Sexual Exploitation of Children (1996) and ongoing initiatives in many countries and regions. 

International Approach

Attacks against commercial websites, such as Amazon.com, have drawn international attention to the dangers presented to the Internet and other computer networks. Cyber-criminals and cyber-terrorists threaten business and government interests and may cause vast damage. 

In October 2000, the Council of Europe released its draft Convention on Cyber-Crime, which is the first multilateral instrument drafted to address the problems posed by the spread of criminal activity on computer networks. (See “Crime in Cyberspace", First Draft of Convention Released for Public Discussion, 2 October 2000, http://conventions.coe.int/treaty/en/projets/cybercrime22.htm.) The text will be the first international treaty to address criminal law and procedural aspects of various types of offending behaviour directed against computer systems, networks or data. It aims to harmonise national legislation in this field, facilitate investigations and allow efficient levels of co-operation between the authorities of different nation states. The text is expected to be finalised by a group of experts by December 2000. The Committee of Ministers could adopt the text and open it for signature as early as Autumn 2001. 

The draft includes provision for the co-ordinated criminalisation of computer hacking and hacking devices, illegal interception of data and interference with computer systems, computer-related fraud and forgery. It prohibits online child pornography, including the possession of such material after downloading, as well as the reproduction and distribution of copyright protected material. The draft defines offences and addresses questions related to the liability of individual and corporate offenders and determines minimum standards for the applicable penalties. 

The draft deals with law enforcement issues including the power to carry out computer searches and seize computer data, to require data-subjects to produce data under their control and to preserve or obtain the expeditious preservation of vulnerable data by data-subjects. These computer-specific investigative measures will also imply co-operation by telecom operators and Internet Service Providers, whose assistance is vital to identify computer criminals and secure evidence of their misdeeds. 


Spam Act 2003

Australian Law Reform Commission's report titled "Principled Regulation - Federal Civil & Administrative Penalties in Australia" December 2002.

At paragraph 2.107 it states "Civil penalty provisions are more closely aligned with criminal fines than with private law civil damages. Civil damages aim to compensate individuals for harm caused. Civil penalty provisions, on the other hand, are punitive - even if their chief aim is said to be a deterrence - and are payable whether or not  any harm was caused by the unlawful action. Whilst civil penalty penalties are thought not to entail the moral sanction of a criminal action, they do not serve as merely the tax or price of an illegal act."

It is an interesting question on whether or not a CPP is considered criminal. There has been a blurring over time. The traditional dichotomy between criminal and non-criminal proceedings no longer holds true. Justice Santow (Corporations Law in a Federal System - 3 November 2000) said "the argument is that a civil penalty is an oxymoron - it is really criminal. "    The reason why regulators such as ASIC and the ACCC have used CPPs is their relative ease to administer and get a result. The average time to bring a criminal prosecution is usually around two years whereas a prosecution for a CPP can be completed within twelve months. A further perceived advantage is the standard of proof is less than the criminal test of beyond reasonable but higher than the civil test of on the balance of probabilities. It is a sliding scale as set out in the case of Briggenshaw v Briggenshaw.

Spam Act and Double Jeopardy

Section 4C  of the Criminal Act 1914 (Cth) states  
(1)      Where an act or omission constitutes an offence: (a) under 2 or more laws of the Commonwealth; or (b)  both under a law of the Commonwealth and at common law;
the offender shall, unless the contrary intention appears, be liable to be prosecuted and punished under either or any of those laws of the Commonwealth or at common law, but shall not be liable to be punished twice for the same act or omission.

(2)     Where an act or omission constitutes an offence under both: (a) a law of the Commonwealth and a law of a State; or (b)   a law of the Commonwealth and a law of a Territory; and the offender has been punished for that offence under the law of the State or the law of the Territory, as the case may be, the offender shall not be liable to be punished for the offence under the law of the Commonwealth.

(3)     Where an act or omission constitutes an offence against a law of a Territory, the validity of that law is not affected merely because the act or omission also constitutes an offence against a law of the Commonwealth."

Does section 4C prevent a person being convicted under the Spam Act and the Telecommunications Act  for the same conduct if the conduct is criminal in nature. The difficulty is that a number of the provisions under the Spam Act are referred to as Civil Penalty Provisions.

The common law in Pearce v The Queen (1998) 194 CLR 610 provides that a person should be protected against multiple punishments for the same conduct or sometime referred to as the rule against double jeopardy.

To date the Australian Courts have not extended the common law double jeopardy protection to civil penalties. The is a lack of cases, the reason may be:

1. The Commonwealth Director of Public Prosecutions may have a policy not to charge a person who has already be convicted or pleaded to a civil penalty provision; 
2. Usually a regulator will not waste time and resources on a criminal action if they have been successful with a civil penalty provision; 
3. Section 4C may be adequate as it is.
 

Australia Thailand Joint Statement on IT and Telecommunicatiosn

5 July 2004
100/04

Australia continues to build on its history of cooperation with our Asian-Pacific neighbours with today's signing of a Joint Statement on telecommunications and information technology with Thailand.

I was pleased to sign the Joint Statement in Canberra today with the Thai Minister of Information and Communications, Mr Surapong Suebwonglee.

Thailand and Australia are both active members of the Asia-Pacific Telecommunity and the International Telecommunication Union (ITU).

Both countries are committed to developing competitive telecommunications sectors in order to increase trade and investment and to stimulate growth in telecommunications access and services.

The Joint Statement will encourage cooperation between Australia and Thailand in the following areas:

  • exchanging information on telecommunications policy and regulatory matters and on the application of information technology;
  • exchanging knowledge about participation in the activities of specialised international organisations;
  • cooperating on implementation of the APEC Telecommunications and Information Working Group Mutual Recognition Arrangement; and
  • exchanging information about anti-spam policies and strategies, security issues and other identified areas of interest to both sides.

The Howard Government's approach to spam is a multi-layered strategy that includes technical countermeasures, domestic anti-spam legislation, user awareness programs, and the active participation of industry bodies.

A critical component of Australia's strategy is to establish sound partnerships with other nations to combat spam.

Just yesterday I announced the signing of a Memorandum of Understanding between Australia, the United States and the United Kingdom that will enable each country's anti-spam enforcement agencies to share information and cooperate in investigating cross-border spamming activities.

Today's Joint Statement with Thailand further supports Australia's plan to pursue bilateral and multilateral agreements against spam. I welcome the opportunity it provides for our two countries to share information about anti-spam strategies and policies.


 

The UK, US and Australia are combining forces to combat spam.

The UK, US and Australia have signed a memorandum of understanding (MoU) to promote joint enforcement and investigation of spammers across the three countries.

The UK communications minister has called on other countries to join the trio in their anti-spam crusade. He said the MoU is "not going to solve spam overnight but it is going to help. It reinforces our determination to tackle spam with a combination of government and industry initiatives, technical solutions, and user awareness.

The chairman of the US Federal Trade Commission, said: "Illegal spam does not respect national boundaries. This agreement is an important next step to help law enforcers on three continents leverage resources to combat illegal spam."

Daryl Williams, Australia's minister for communications, information technology and the Arts, said the anti-spam MoU gives the welcome message that the United States and United Kingdom, like Australia, regard spam as a serious problem, and want to take practical action to reduce that problem."

The UK's Office of Fair Trading (OFT) is hosting a summit in London on 11 October 200411 for consumer protection regulators from approximately 30 countries to discuss anti-spam enforcement and to learn how to find and catch spammers.


Convention on Cyber-crime - Number 185
2001 - European Committee On Crime Problems (CDPC) - Committee Of Experts On Crime In Cyber-Space (PC-CY).  Prepared by the Secretariat Directorate General I (Legal Affairs)
http://conventions.coe.int/Treaty/EN/CadreListeTraites.htm
The Convention and its Explanatory Report have been adopted by the Committee of Ministers of the Council of Europe at its 109th Session (8 November 2001) and the Convention has been opened for signature in Budapest, on 23 November 2001, on the issue of the International Conference on Cyber-crime.
The text of this explanatory report does not constitute an instrument providing an authoritative interpretation of the Convention, although it might be of such a nature as to facilitate the application of the provisions contained therein.
    The revolution in information technologies has changed society fundamentally and will probably continue to do so in the foreseeable future. Many tasks have become easier to handle. Where originally only some specific sectors of society had rationalised their working procedures with the help of information technology, now hardly any sector of society has remained unaffected. Information technology has in one way or the other pervaded almost every aspect of human activities. 

A conspicuous feature of information technology is the impact it has had and will have on the evolution of telecommunications technology. Classical telephony, involving the transmission of human voice, has been overtaken by the exchange of vast amounts of data, comprising voice, text, music and static and moving pictures. This exchange no longer occurs only between human beings, but also between human beings and computers, and between computers themselves. Circuit-switched connections have been replaced by packet-switched networks. It is no longer relevant whether a direct connection can be established; it suffices that data is entered into a network with a destination address or made available for anyone who wants to access it. 

The pervasive use of electronic mail and the accessing through the Internet of numerous web sites are examples of these developments. They have changed our society profoundly. 

The ease of accessibility and searchability of information contained in computer systems, combined with the practically unlimited possibilities for its exchange and dissemination, regardless of geographical distances, has lead to an explosive growth in the amount of information available and the knowledge that can be drawn there from.

These developments have given rise to an unprecedented economic and social changes, but they also have a dark side: the emergence of new types of crime as well as the commission of traditional crimes by means of new technologies. Moreover, the consequences of criminal behaviour can be more far-reaching than before because they are not restricted by geographical limitations or national boundaries. The recent spread of detrimental computer viruses all over the world has provided proof of this reality. Technical measures to protect computer systems need to be implemented concomitantly with legal measures to prevent and deter criminal behaviour. 

The new technologies challenge existing legal concepts. Information and communications flow more easily around the world. Borders are no longer boundaries to this flow. Criminals are increasingly located in places other than where their acts produce their effects. However, domestic laws are generally confined to a specific territory. Thus solutions to the problems posed must be addressed by international law, necessitating the adoption of adequate international legal instruments. The present Convention aims to meet this challenge, with due respect to human rights in the new Information Society. 


The advance of information technology and computer technology has led to a corresponding increase in computer crime. There is no accepted definition of computer crime. On the one hand, computer crime can include the simple theft of the computer hardware. More usually, computer crime is taken to mean the use (or misuse) of computer software technology to elicit an undesirable result in data or processing. However, simple unlawful access to a computer system can be regarded as an offence. The consequences may include the transfer of funds or of confidential information. Sending an email to place a virus can be unlawful. Persons gaining unlawful access to computers for these purposes are typically referred to as hackers. The term cracker refers to a hacker with a malicious intent. Many crimes that are not specifically related to computers can be substantially facilitated by the use of computers. 

Codes of Conduct 

In an environment of minimisation of regulation and of commercial self-awareness, many industries have opted to self-regulate. Industry Codes of Conduct have proved extremely valuable to many individuals. By participating in codes of conduct many industries have avoided draconian legislation and have rectified many undesirable aspects of their practices. Some industry codes include sanctions. Examples of industry codes include: 
 · the Asia Pacific Smart Cards Forum Code of Conduct; 
 · the Insurance Council of Australia Code of Conduct; and 
 · a Direct Marketing Model Code of Practice. 

Investigative powers 

The Cybercrime Act enhanced the criminal investigation powers under the Crimes Act 1914 and Customs Act 1901 relating to the search, seizure and copying of electronically stored data.  The large amount of data that can be stored on computers and the use of security measures, such as encryption and passwords present particular problems for investigators. The enhanced powers are designed to enable police to copy computer data and examine computer equipment and disks off-site and to require assistance from the computer owners. 

 A magistrate may order a person with knowledge of a computer system to provide information or assistance.  This power extends to the compulsory disclosure of passwords, keys, codes, cryptographic and steganographic methods used to protect information "as is necessary and reasonable" (ss 3E to 3S). 

The provisions permit both the Defence Signals Directorate and Australian Security Intelligence Organisation (ASIS) to hack legally. 

Some commentators have described the new investigative powers as draconian and dangerous.  Exaggerated criticism has been made of the provisions which make it offence to possess hacker toolkits, scanners and virus code, on the basis that these are tools of the trade for security vendors. 

Internet Gambling 

The Interactive Gambling Act 2001 (Cth) commenced in full in January 2002.  The regulation of gambling is typically a State and Territory matter.  However, the federal parliament has power in regard to Internet activities and other communications technologies. The Act is the government's response to the community's concern to the expanded activity of gambling through recent technologies. 

The Act prohibits the provision of interactive gambling to people located in Australia. The prohibition applies to casino-type gaming, betting on a sporting event after it has commenced and scratch lotteries online.  Offences apply to both Australian and overseas interactive gambling service providers.  Fines of up to $1.1 million per day apply. 

 The Act prohibits interactive gambling services from being provided in Australia and prohibits Australian-based interactive gambling services from being provided in designated countries.  A complaints-based system is established.  A person may complain to the Australian Broadcasting Authority (ABA) about prohibited Internet gambling content. If hosted in Australia and the ABA considers that the complaint is warranted it must refer the complaint to the Australian police force.  For content hosted outside Australia, the ABA must also notify internet service providers (ISPs) so that the ISPs can apply the industry standard, such as, updating internet content filtering software. 

 The Act encourages the development of an industry code by ISPs.  The ABA has a reserve power to make an industry standard if there is no industry code or if an industry code is deficient. Regulations may provide that civil proceedings do not lie against a person to recover money alleged to have been won or paid in connection with an illegal interactive gambling service.  The Act prohibits the advertising of interactive gambling services. 

 The Act provides for a general review before July 2003 on the impact of the Act.  The review is to take into account the growth of interactive gambling services, the social and commercial impact of interactive gambling services, and the effect of the exemptions relating to excluded wagering services, excluded gaming services, services that have a designated broadcasting or datacasting link, and excluded lottery services. 

 As 99.9 per cent of the gambling sites on the internet are based offshore, the impact of the Act on access to such sites will be minimal. 

Cyberstalking 

Various State legislation defines stalking as continued and intentional conduct directed at another person that would cause a reasonable apprehension of violence or detriment to the stalked person or another person. "Cyberstalking" or stalking online is not dealt with directly by legislation. However, elements of stalking can include use of the Internet, email or other electronic communications to harass or threaten another person. The behaviour includes posting improper messages on bulletin boards, forwarding viruses, threatening or offensive email, and electronic theft. 

 The Crimes Acts in most jurisdictions describe stalking in general terms, leaving it to the courts to consider specific instances such as harassment by electronic means.  In Victoria and the Northern Territory the offence of stalking specifically includes "telephoning, sending electronic messages to, or otherwise contacting, the victim or any other person".  In 1999 the Queensland Criminal Code was amended to extend stalking to conduct utilising the telephone, fax, mail, email or other technology.  In the Australian Capital Territory stalking includes where the offender "telephones, sends electronic messages to or otherwise contacts the stalked person; sends electronic messages about the stalked person to anybody else or makes electronic messages about the stalked person available to anybody else".  However, even if the stalker can be identified, the enforcement of such laws can be problematic as the offender may not be located within the jurisdiction. 

 Technical responses available for the consumer include the following: 

  • Blocking and filtering software can delete email or chat-room messages. The criteria used can include the name of the author, certain offensive words and so on. 
  • Sophisticated encryption programs can prevent messages being read by unauthorised people. 
  • Digital signatures and certificates can be used to authenticate the author. 
  • Using a gender-neutral name. 
  • Changing passwords regularly. 

Congressional Research Service ˜ The Library of Congress 
April 18, 2002 

Congress passed the USA PATRIOT Act (the Act) in response to the terrorists’ attacks of September 11, 2001. The Act gives federal officials greater authority to track and intercept communications, both for law enforcement and foreign intelligence gathering purposes. It vests the Secretary of the Treasury with regulatory powers to combat corruption of U.S. financial institutions for foreign money laundering purposes. It seeks to further close our borders to foreign terrorists and to detain and remove those within our borders. It creates new crimes, new penalties, and new procedural efficiencies for use against domestic and international terrorists. Although it is not without safeguards, critics contend some of its provisions go too far. Although it grants many of the enhancements sought by the Department of Justice, others are concerned that it does not go far enough. 

The Act originated as H.R.2975 (the PATRIOT Act) in the House and S.1510 in the Senate (the USA Act). S.1510 passed the Senate on October 11, 2001, 147 Cong. Rec. S10604 (daily ed.). The House Judiciary Committee reported out an amended version of H.R. 2975 on the same day, H.R.Rep.No. 107-236. The House passed H.R. 2975 the following day after substituting the text of H.R. 3108, 147 Cong.Rec. H6775- 776 (daily ed. Oct. 12, 2001). The House version incorporated most of the money laundering provisions found in an earlier House bill, H.R. 3004, many of which had counterparts in S.1510 as approved by the Senate. The House subsequently passed a clean bill, H.R. 3162 ( under suspension of the rules), which resolved the differences between H.R. 2975 and S.1510, 147 Cong.Rec. H7224 (daily ed. Oct. 24, 2001). The Senate agreed to the changes, 147 Cong.Rec. S10969 (daily ed. Oct. 24, 2001), and H.R. 3162 was sent to the President who signed it on October 26, 2001. This is an abbreviated versions of The USA PATRIOT Act: A Legal Analysis, CRS Report RL31377, stripped of its citations and footnotes. 

Criminal Investigations: Tracking and Gathering Communications 
Federal communications privacy law features a three tiered system, erected for the dual purpose of protecting the confidentiality of private telephone, face-to-face, and computer communications while enabling authorities to identify and intercept criminal communications. Title III of the Omnibus Crime Control and Safe Streets Act of 1968 supplies the first level. It prohibits electronic eavesdropping on telephone conversations, face-to-face conversations, or computer and other forms of electronic communications in most instances. It does, however, give authorities a narrowly defined process for electronic surveillance to be used as a last resort in serious criminal cases. When approved by senior Justice Department officials, law enforcement officers may seek a court order authorizing them to secretly capture conversations concerning any of a statutory list of offenses (predicate offenses). Title III court orders come replete with instructions describing the permissible duration and scope of the surveillance as well as the conversations which may be seized and the efforts to be taken to minimize the seizure of innocent conversations. The court notifies the parties to any conversations seized under the order after the order expires. 

Below Title III, the next tier of privacy protection covers telephone records, e-mail held in third party storage, and the like, 18 U.S.C. 2701-2709 (Chapter 121). Here, the law permits law enforcement access, ordinarily pursuant to a warrant or court order or under a subpoena in some cases, but in connection with any criminal investigation and without the extraordinary levels of approval or constraint that mark a Title III interception. 

Least demanding and perhaps least intrusive of all is the procedure that governs court orders approving the government’s use of trap and trace devices and pen registers, a kind of secret “caller id.”, which identify the source and destination of calls made to and from a particular telephone, 18 U.S.C. 3121-3127 (Chapter 206). The orders are available based on the government's certification, rather than a finding of a court, that use of the device is likely to produce information relevant to the investigation of a crime, any crime. The devices record no more than identity of the participants in a telephone conversation, but neither the orders nor the results they produce need ever be revealed to the participants. 

The Act modifies the procedures at each of the three levels. It: 

  • permits pen register and trap and trace orders for electronic communications (e.g., e-mail); 
  • authorizes nationwide execution of court orders for pen registers, trap and trace devices, and access to stored e-mail or communication records; 
  • treats stored voice mail like stored e-mail (rather than like telephone conversations);
  • permits authorities to intercept communications to and from a trespasser within a computer system (with the permission of the system’s owner); 
  • adds terrorist and computer crimes to Title III’s predicate offense list; 
  • re-enforces protection for those who help execute Title III, ch. 121, and ch. 206 orders; 
  • encourages cooperation between law enforcement and foreign intelligence investigators; 
  • establishes a claim against the U.S. for certain communications privacy violations by government personnel; and 
  • terminates the authority found in many of these provisions and several of the foreign intelligence amendments with a sunset provision (Dec. 31, 2005). 
Foreign Intelligence Investigations 

The Act eases some of the restrictions on foreign intelligence gathering within the United States, and affords the U.S. intelligence community greater access to information unearthed during a criminal investigation, but it also establishes and expands safeguards against official abuse. More specifically, it: 

  • · permits “roving” surveillance (court orders omitting the identification of the particular instrument, facilities, or place where the surveillance is to occur when the court finds the target is likely to thwart identification with particularity); 
  • increases the number of judges on the Foreign Intelligence Surveillance Act (FISA) court from 7 to 11; 
  • allows application for a FISA surveillance or search order when gathering foreign intelligence is a significant reason for the application rather than the reason; 
  • authorizes pen register and trap & trace device orders for e-mail as well as telephone conversations; 
  • sanctions court ordered access to any tangible item rather than only business records held by lodging, car rental, and locker rental businesses; 
  • carries a sunset provision; 
  • establishes a claim against the U.S. for certain communications privacy violations by government personnel; and 
  • expands the prohibition against FISA orders based solely on an American’s exercise of his or her First Amendment rights. 
Money Laundering 

In federal law, money laundering is the flow of cash or other valuables derived from, or intended to facilitate, the commission of a criminal offense. It is the movement of the fruits and instruments of crime. Federal authorities attack money laundering through regulations, criminal sanctions, and forfeiture. The Act bolsters federal efforts in each area. 

Regulation: The Act expands the authority of the Secretary of the Treasury to regulate the activities of U.S. financial institutions, particularly their relations with foreign individuals and entities. He is to promulgate regulations: 

  • under which securities brokers and dealers as well as commodity merchants, advisors and pool operators must file suspicious activity reports (SARs); 
  • requiring businesses, which were only to report cash transactions involving more than $10,000 to the IRS, to file SARs as well; 
  • imposing additional “special measures” and “due diligence” requirements to combat foreign money laundering; 
  • prohibiting U.S. financial institutions from maintaining correspondent accounts for foreign shell banks; 
  • preventing financial institutions from allowing their customers to conceal their financial activities by taking advantage of the institutions’ concentration account practices; 
  • establishing minimum new customer identification standards and recordkeeping and recommending an effective means to verify the identity of foreign customers; 
  • encouraging financial institutions and law enforcement agencies to share information concerning suspected money laundering and terrorist activities; and 
  • requiring financial institutions to maintain anti-money laundering programs which must include at least a compliance officer; an employee training program; the development of internal policies, procedures and controls; and an independent audit feature. 
Crimes: The Act contains a number of new money laundering crimes, as well as amendments and increased penalties for earlier crimes. It: 
  • outlaws laundering (in the U.S.) any of the proceeds from foreign crimes of violence or political corruption; 
  • prohibits laundering the proceeds from cybercrime or supporting a terrorist organization; 
  • increases the penalties for counterfeiting; 
  • seeks to overcome a Supreme Court decision finding that the confiscation of over $300,000 (for attempt to leave the country without reporting it to customs) constituted an unconstitutionally excessive fine; 
  • provides explicit authority to prosecute overseas fraud involving American credit cards; and 
  • endeavors to permit prosecution of money laundering in the place where the predicate offense occurs. 
Forfeiture: The Act creates two types of forfeitures and modifies several confiscation related procedures. It allows confiscation of all of the property of any individual or entity that participates in or plans an act of domestic or international terrorism; it also permits confiscation of any property derived from or used to facilitate domestic or international terrorism. The Constitution’s due process, double jeopardy, and ex post facto clauses may limit the anticipated breath of these provisions. Procedurally, the Act: 
  • establishes a mechanism to acquire long arm jurisdiction, for purposes of forfeiture proceedings, over individuals and entities; 
  • allows confiscation of property located in this country for a wider range of crimes committed in violation of foreign law; 
  • permits U.S. enforcement of foreign forfeiture orders; 
  • calls for the seizure of correspondent accounts held in U.S. financial institutions for foreign banks who are in turn holding forfeitable assets overseas; and 
  • denies corporate entities the right to contest a confiscation if their principal shareholder is a fugitive. 
Alien Terrorists and Victims 

The Act contains a number of provisions designed to prevent alien terrorists from entering the United States, particularly from Canada; to enable authorities to detain and deport alien terrorists and those who support them; and to provide humanitarian immigration relief for foreign victims of the attacks on September 11. 

Other Crimes, Penalties, & Procedures

New crimes: The Act creates new federal crimes for terrorist attacks on mass transportation facilities, for biological weapons offenses, for harboring terrorists, for affording terrorists material support, for misconduct associated with money laundering already mentioned, for conducting the affairs of an enterprise which affects interstate or foreign commerce through the patterned commission of terrorist offenses, and for fraudulent charitable solicitation. Although strictly speaking these are new federal crimes, they generally supplement existing law by filling gaps and increasing penalties. 

New Penalties: The Act increases the penalties for acts of terrorism and for crimes which terrorists might commit. More specifically it establishes an alternative maximum penalty for acts of terrorism, raises the penalties for conspiracy to commit certain terrorist offenses, envisions sentencing some terrorists to life-long parole, and increases the penalties for counterfeiting, cybercrime, and charity fraud. 

Other Procedural Adjustments: In other procedural adjustments designed to facilitate criminal investigations, the Act: 

  • increases the rewards for information in terrorism cases; 
  • expands the Posse Comitatus Act exceptions; 
  • authorizes “sneak and peek” search warrants; 
  • permits nationwide and perhaps worldwide execution of warrants in terrorism cases; 
  • eases government access to confidential information; 
  • allows the Attorney General to collect DNA samples from prisoners convicted of any federal crime of violence or terrorism; 
  • lengthens the statute of limitations applicable to crimes of terrorism; 
  • clarifies the application of federal criminal law on American installations and in residences of U.S. government personnel overseas; and 
  • adjust federal victims’ compensation and assistance programs. 

    •  

__________________________________________________________________________________________


 

 

 

 Alan Davidson 
2006
(21) 

Return to Top