LAPD Study Urges Funds for Fighting Online Crime

A confidential LAPD report on computer crime warns that the department is woefully ill-equipped to pursue cyber criminals with a force that now consists of one detective and a computer with no Internet access.

The report concludes with the suggestion that seven full-time detectives, including one whose sole duty would be investigating online child pornography, be trained and assigned to computer crime, and that city funds be spent on nine Pentium computers, two laptops and related equipment for them.

The report, obtained by The Times, warns that more police resources are needed to deal with online child molesters, pornographers, software pirates, prostitution rings, con artists and other assorted thieves it says are responsible for hundreds of millions of dollars worth of crimes per year.

But its portrait of the perils of the online world is challenged by some experts in the field, who regard that picture as exaggerated.

“There is crime on the Internet, and there is a potential for very high-stakes crime,” said Donn Parker, a consultant at SRI International who has compiled computer crime statistics for the U.S. Department of Justice and advises several companies on data security.

*

But he dismissed several of the statistics and statements in the report.

“We have files on reported computer crimes going back to 1958,” said Parker. “In all, we have about 4,000 cases, a relatively small number.”

Although he is an advocate of a greater police presence on the Internet, Parker dismissed some assumptions in the LAPD report as unfounded, such as: “Losses from computer crimes in the past three years are estimated to be between $164 million and $5 billion.”

“I’ve been fighting against the publication of these fictitious figures for 25 years,” Parker said, speaking from his office in Menlo Park. “There are no valid statistics on computer crime or high-tech crime, and all the numbers that have been put out there are total nonsense.”

The report was written at the request of the City Council. Its author, according to police officials, was the sole detective in the computer crime unit, who retired since writing it last summer. He could not be reached for comment.

Councilwoman Laura Chick, who sponsored the motion that requested the report, said the council would need more thorough research before deciding whether to foot the bill--not calculated in the report--to arm the LAPD for a new role.

“We can’t even get a handle on framing the parameters of the problem,” said Chick, who represents parts of the west San Fernando Valley.

“At this point, I don’t think we are even ready to start contemplating what kind of staffing we will need,” she said. “The first step is to get a reality-based picture of how big a problem this is.”

Lt. Ken Welty, who oversees the LAPD’s computer crime unit, defended the spirit of the report, although he said he did not know the specific sources for the statistics it cites. He said that much of the information now available on computer crime in Los Angeles and elsewhere is contradictory and confusing.

“It depends on who you talk to and what you read,” Welty said. “This is a lot of guesswork at this point.”

The lack of accurate information on the problem is the first computer crime issue that needs investigation, he argued, and the problem will remain until a wide range of law enforcement agencies, including local ones, are given the basic equipment and personnel needed for research.

“If someone wants us to address the problem, they better give us the equipment to look at it,” said Welty, “or they just have to leave things the way they are.”

The report points out that although the LAPD created a computer crime unit in 1986, it had no computer until late 1994. Funds for Internet access have never been allocated. The only online access was through the lone detective’s private CompuServe account, for which he paid out of his own pocket.

One of the detective’s primary duties was the retrieval of information from computers seized during crime investigations. He also participated in the internal investigation that led to the conviction of a detective in the Devonshire station who sold information from the LAPD database to a private investigator.

Welty said many high-tech crime cases come to the attention of his department. “We have a Department of Water and Power case, which we don’t have any leads on, where someone hacked into their lines and made $40,000 worth of unauthorized calls,” he said.

“We turn down a lot of things because we don’t have the manpower and resources to do them.”

In the last several months, online crime has been a lively topic in the media. But Parker said that media attention is often focused on crimes that are relatively uncommon.

He said this is especially true of online child pornography.

“We have reports of prosecution proceedings around the country . . . maybe once every two or three months,” Parker said.

Online prostitution solicitation does exist to a small extent, he said, but the vast majority of it originates in countries such as Thailand where it is legal.

He also disputed the weight given in the LAPD report to the discovery that an unnamed financial service network had been hacked--broken into by unauthorized users--six times. Two of the intrusions were for the purpose of laundering drug money, the report said.

“That was the Citibank case,” said Parker, “and what you’re talking about there is a period of two or three years, for which they found six intrusions. That’s relatively few.”

*

Parker did not dispute, however, the report’s assertion that large-scale financial crimes can and have been committed online. Another nationally known computer crime consultant, Jay BloomBecker of Santa Cruz, also took exception with some parts of the report. But he, like Parker, said the threat was real.

“Crimes having to do with the malicious interference with other people’s use of a computer are a serious menace,” he said, specifically citing computer viruses and the actions of some hackers.

Hackers, Parker said, seem to enjoy the thrill of breaking into a computer system more than making use of the private materials they find there. But both consultants noted that for a company whose computer has been hacked, the results might not be benign. Sometimes, it requires an expensive cleaning out of the system.

“It’s like a food fight,” Parker said. “The loss is not injury, it’s in the cleaning bills.”

Researching and fighting computer crime is only part of the headache for law enforcement agencies.

“People can’t even agree on what a computer crime is at this point,” said Welty. “A computer is a tool, like a gun. If a bookmaker uses a computer to keep track of bets, does that make it a computer crime? No.

“If someone is in possession of a [commercial software] program they got online, part of that would be a computer crime, but the problem is we’re also dealing with theft and copyright law. It just might fall under receiving stolen property.”

And then there is the problem of jurisdiction. The Internet crosses state and national boundaries, making it difficult to determine just which agencies should be involved in an investigation. Or just where a crime originated.

“What has happened with the Internet is that sovereign boundaries disappear. Something like pornography that might be all right in one place can easily spill over to a place where it’s against the law.

“There are no customs officials on the Internet.”

The LAPD report will next be presented to the City Council’s Public Safety Committee, chaired by Chick. Other reports on the subject, including one by the chief legislative analyst, will also be presented to the committee, which will decide whether to make a recommendation to the full council.