Identity

From HORSE - Holistic Operational Readiness Security Evaluation.
Revision as of 18:04, 22 February 2009 by Mdpeters (talk | contribs) (New page: ==Identity== One of the many purposes of computers is to substitute machine activity for human activity. An individual with a remote terminal at his or her home may get access to the vict...)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Identity

One of the many purposes of computers is to substitute machine activity for human activity. An individual with a remote terminal at his or her home may get access to the victim's computer system from virtually anywhere there is a phone connection. Consequently identify the computer criminal is difficult.

Consider the following example in detail to see how it might affect a computer crime defense:

A procedure calling for all sales slips to be reviewed by a supervisor might be replaced by a procedure in which a sales clerk enters information directly into a point of sale computer. With the old procedure, the supervisor could usually identify the handwriting of the sales clerk and confirm that a certain clerk wrote a questioned sales slip. With the new procedure, it is difficult to establish the identity of the person entering the sales slip information into the computer. While a sales clerk has a unique code that must be used whenever he or she uses the point of sale terminal, proof of the use of the code is only circumstantial evidence that the sales clerk in question made all the entries that are associated with the code.

Defense counsel could attack this circumstantial evidence challenging the admissibility of the computer records used to establish the identity of the person making the entries in question.FN90 Often it is possible to argue that the procedures set up by the victim of a computer crime did not adequately prevent other individuals from gaining access to a computer that is not reflected by a change in the access code. The following are all possible scenarios:

  • Relief personnel used the same access code as regular sales clerks
  • All clerks using the same machine used the same access code
  • The code was written on the machine because clerks often forgot it
  • Clerks occasionally are called away from the computer in the middle of a transaction and other clerks may finish the entries into the computer

Through discovery, cross-examination of prosecution witnesses, or independent investigation, counsel should determine if any of these situations, or other similar situations, cast doubt on the prosecution's allegation that the documents in question prove that the defendant did the acts charged as criminal. Counsel must analyze carefully the technical information concerning the way in which computer access is recorded in determining whether the prosecution can prove that the defendant committed the acts alleged.

Counsel may argue:

  • Unreliability of the computer system's access code system renders the records hearsay that are not admissible as business records
  • The unreliability of the system makes any evidence of the alleged criminal's identity unduly prejudicial, and therefore, subject to the discretionary suppression of the courtFN91
  • Even if admissible, records showing that the defendant's access code was used are not sufficiently reliable to establish beyond a reasonable doubt that the defendant was the person who made the entries in question

When a computer crime is detected, it may be as a result of analysis of computer records that suggest a certain terminal was used to enter information or that a certain access code was used at that terminal. This evidence is not the strongest for which the prosecutor could hope. Often private security personnel or law enforcement officers called in to investigate the case will attempt to bolster their identification of the defendant by instituting surveillance of the computer terminal at which they believe that the crime is or was committed.FN92

Cumulative Supplement

Cases:

Sufficient evidence established that defendant was the person who sent e-mails to company threatening to exploit a breach in its computer security if company did not pay him $2.5 million, as required to support his conviction for extortion; defendant admitted he used his computer and logged onto internet several times a day, three of the e-mails sent to company traced back to internet address defendant was using on day and time extortion e-mails were sent, computer forensic expert found three e-mails and other incriminating documents on hard drive of defendant's computer, expert testified that e-mails and documents were created by someone typing on that computer, and expert stated there was no evidence of any type of remote access or hacking found on defendant's computer. U.S. v. Ray, 428 F.3d 1172 (8th Cir. 2005); West's Key Number Digest, Criminal Law 566.