JD Guest Lecture Series

• • National media releases
  • Forms
  • National Police Check
  • Jobs
  • Terrorism
  • Publications
  • Crime Stoppers
  • Site map
  • Related links
  • Missing Persons
  Quick Links

JD Guest Lecture Series

Law School, University of Melbourne, Melbourne

Speech from AFP Commissioner Mick Keelty APM

Wednesday 11 July 2007, 12.30pm to 2.00pm

(Check against delivery)

Ladies and gentlemen.

Good afternoon and thankyou for inviting me to participate in this lecture series.

I would like to begin by acknowledging the traditional owners of this land, the Wurundjeri people of the Kulin nations, and their Elders, both past and present, and their connections with this land.

Introduction

The events of recent days in London and Glasgow have provided a grim reminder of how much the world has changed in the 21st century.

It’s hard to imagine, but 20 years ago mobile phones were still mostly regarded as curiosities. Who would have thought that one day they would be used as the detonators of bombs which have wrought such destruction and pain on the streets of our cities?

Now, it’s not news that police and lawyers don’t always see eye-to-eye and, while we all work in the legal world, we have different roles to perform.

Yet both roles are necessary and it’s important that we understand and respect those different roles.

In my part of the legal world, in law enforcement, we are finding that the world is changing so rapidly that we must continually update our education and training if we are to properly respond to the challenges we face today.

As you embark on your legal careers I have no doubt that you will be confronted by many difficult questions and issues which evolve at a pace which is almost faster than our ability to comprehend them.
Today, I’d like to talk about two areas where revolutionary change is having a significant impact on law enforcement and on the law. These areas are countering terrorism and dealing with technology-aided crime.

It is only about 15 years since the internet expanded beyond the defence and education sector.

The way we go about our daily lives – for instance, how we do our work and how we access entertainment – has changed so profoundly in the past two decades that it is hard to imagine what awaits us two decades from now.

For example, the next generation of mobile phones and internet platforms will make interception more difficult and communication extremely easy and rapid. The transfer of knowledge and ideas will be almost instantaneous to ever-increasing audiences unfettered by traditional means of control such as national borders and State-based legal regimes.

The internet has become a tool to create unbounded opportunities – not only for students with little time for study or for those who live too far from a university to be able to attend.
Knowledge in all fields can be quickly and easily shared, helping improve our lives in ways we haven’t even imagined.

One area which helps the Australian Federal Police is in personal communication. We are sending more and more officers overseas on short and long-term missions and assignments, and that always imposes strains and stresses on their personal lives. But with the internet, they are able to communicate with their families and friends in real time – and almost in person with the use of webcams – making the difficulties they face in overseas deployment much easier.

While the internet began as a domain for only those with IT skills and institutions, its expansion into the broader community and into a range of social, economic and political activities has led to broad generational change. The impacts from internet use are affecting a diverse range of social groups, relationships, power structures and processes at a rate we can barely keep up with. Just imagine what it will be like in another twenty years.

Crime on the Internet

The pace of change, and the directions taken by developments in technologies such as biometrics and bionics are already throwing up public policy issues which will became problems for lawmakers and law enforcement.

Regulation of such dynamic areas is increasingly complicated and time-consuming, while innovation and development outstrip our capacity for legislative response. The whole way our societies create laws may need to be reconsidered as this acceleration in technological development continues.

The internet has already generated changes for policing and the criminal justice system. Among some of the most difficult challenges confronting policing in the 21st century are those posed by criminal activity in cyberspace.

The internet has created new ways to carry out old crimes, such as theft, fraud and deceit. In itself, this is not new. For example, widespread credit card use enabled people to steal more easily without always having to get their hands on cash or goods. Legislators and law enforcement have always had to respond to technological evolution.

The internet also challenges the legal regimes we have put in place to regulate trade. These are mostly enacted in national legal systems, yet you can shop online in practically any country in the world. This means people can buy goods online that would be illegal and not sold in their home nation.  A black economy has flourished.  While goods bought this way may be caught by checks at mail and transport borders, some may still get through.

At first glance, this may seem minor, but just think of the problems which may occur through buying medicine which is not subject to proper controls.

A more challenging development for policing is the use of cyberspace to facilitate crime in the real world. In traditional policing, we are able to seek warrants for electronic surveillance of people we have reasonable suspicions are committing serious crimes. The records of the surveillance – typically transcripts of phone conversations and the like – form part of the evidence used in court. But this becomes much more difficult when criminals use nick names and visit chat rooms to transmit information, or when they assume multiple identities through using avatars in cyberworlds like Entropia or Second Life where they may be interacting with genuine criminals or with people who are experimenting with alternative realities.

Other ways websites may be used are for advertising illicit services or for recruiting a clientele or like-minded people into groups; or for shifting undeclared money through unmonitored channels. 

More worryingly, the internet has made it easier for some types of crimes to be committed in the real world. Obvious examples are crimes related to pornography and exploitation of children. Identity theft and associated frauds are also easier to commit – and harder to detect – when the internet is used.

Additionally, the internet has also introduced new crimes such as spamming, phishing, denial of service attacks, hacking, and transmitting viruses and malicious software.

According to recent figures, there are two sectors doing very well out of the internet: crime and security.

The scale of criminal activity on the internet almost defies belief. A few examples: a US-based discount fashion retailer has recently released details of illegal intrusions into its computer system in 2005 and 2006. More than 45.7 million credit and debit card details were stolen from its system, as well as more than 450,000 details of personal identity information, such as drivers licence numbers.¹

So far the theft has cost $US17 million – and this does not include potential legal liabilities or exposure to card companies and banks.²

A survey published in 2004 by the British National High-Tech Crime Unit found that 77 per cent of British businesses had been subjected to virus attacks. They estimated companies were victims of an average of 254 malicious attacks every year at a cost of £195 million annually with fraud the highest cost (£121 million).

A senior executive at IT security firm McAfee Advert Labs said recently that phishing was continuing to rise with his company recording an almost eightfold increase in the number of phishing websites setup to steal personal data in the first quarter of 2007.

The executive noted that the unauthorised transfer of data, such as customer records, employee personal information and intellectual property, was becoming more of a risk.

He also reported that much of the creation and exploitation of malicious software had been taken over by criminal groups.

Threat to Security

Online crimes which attack the national information infrastructure threaten the systems on which we base our economy, our government and our society.

At the most basic level, any attack on the national information infrastructure can erode confidence in commerce. They can also effectively shut down services offered online, leading to disruption of emergency services or communications. Hackers might alter personal data, perhaps leading to a later denial of access to government services or to banking facilities.

They can also mount a fundamental threat to national security as we will see in this recent example.

In April and May, the country of Estonia was subjected to three weeks of sustained attack on its information technology systems.

Especially targeted were sites belonging to the presidency, government departments, the parliament, political parties, its major mass media, two of its largest banks and companies which deal in communications.

Although a very small country of around 1.4 million people, Estonia is a world-leader in e-government.

This, of course, makes it particularly vulnerable to this kind of attack.

While the attack may have brought the business of government to its knees for some time, the wider implications are far more worrying.

Estonia’s relationship with Russia had been deteriorating for some time, when in late April the government relocated a World War II Soviet war memorial in the capital, Tallinn, despite the loud protests of its ethnic Russian minority who took to the streets.

The first wave of attacks on its IT came right after the relocation. These were Distributed Denial of Service attacks – an orchestrated strategy to hit targeted websites with tens of thousands of visits simultaneously.

The websites get jammed and the servers are overloaded until they crash.

It was quickly perceived that the subsequent waves occurred on the anniversaries of significant dates in Soviet history and that the first attacks seemed to have been launched from websites in Russia. Could these have been the opening salvos of war? Many Estonians clearly thought so.

NATO, too, was immediately concerned and dispatched cyber-terrorism experts to the Baltic state to help it put its systems back on line and to investigate the source of the attacks.

While it’s hardly news that government websites are subject to Distributed Denial of Service attacks, the incidents in Estonia are alarming because they were orchestrated, sustained and they targeted the government and other vital sites broadly, rather than randomly. This, and the fact that some websites used to launch the attacks were linked to the Russian government was enough to lead to the perception – in Estonia anyway – that the attacks were an act of war. Estonia’s defence minister has since called for NATO to reconsider its definition of the sorts of attacks that automatically trigger the collective self-defence provisions of the treaty as cyber warfare is not yet included.

The attack on Estonia and the potential for it to be misinterpreted as warlike are causes for grave concern. Latest news reports suggesting that the real attacker was a criminal gang provide no relief, merely the new worry that crime could become embroiled in affairs of State, threatening the diplomatic and treaty systems we have taken centuries to create to maintain order and stability.

Terrorism

The cyber attack on Estonia also brings to mind the other source of rapidly evolving crime which poses a substantial challenge to us all and that is terrorism.

A little more than a week ago, London was the site of another attempt to indiscriminately murder and maim hundreds of people.

The arrests which have come about since London and Glasgow demonstrate the new emphasis in law enforcement prompted by the terrorist attacks in the United States on 11 September 2001 which changed the nature of policing forever.

Some of those changes remain largely out of the public view because they involve differences of emphasis – the increased focus on intelligence-gathering and analysis, for example.

Increased security at airports and other points of entry is an example of the more obvious changes.

This is because prevention is crucial in the fight against terrorism. The consequences of a successful terrorist act can be enormous, as we have seen.

The September 11 terrorist attacks, as well as the recent incidents in the UK, provide a graphic demonstration that those who undertake these crimes are audacious, ambitious and willing to go to extraordinary lengths to achieve their criminal intentions.

Their methods are constantly evolving, as shown by the foiled 2006 plot to detonate liquid explosives on board planes travelling out of Heathrow. It is hard to imagine how our lives would have changed had law enforcement officers failed to detect and prevent that plan. Or if the London and Glasgow attempts had gone as planned.

These incidents provide a compelling argument as to why police can no longer respond to crime through more traditional reactive measures.

Control Orders

The stakes are so much higher in the case of a possible terrorist attack that law enforcement action needs to be taken much earlier than in most other forms of crime.

One of the tools we have introduced in response to this need to act before the crime occurs is the possibility to seek control orders for people who are a national security concern – for example, a person who may have trained with a terrorist organisation before this became an offence in July 2002.

Control orders can be used in order to prevent an offence from occurring and the possibility of using this type of preventive action has caused some concern.

While the use of these orders remains in its infancy, it is envisaged that they might be used when there is reliable intelligence that a person may be involved in planning a terrorist act, but it proves impossible to gather enough evidence of the necessary criminal standard to make an arrest.

A judge can approve a control order if there is evidence on the balance of probabilities, rather than the criminal standard of beyond reasonable doubt, if a person poses a terrorism threat.

For the AFP, a control order means we have to undertake a new type of task, that of monitoring and enforcing the orders That may mean we have to work in areas of even greater sensitivity as control orders may relate to activities that are everyday – computer and internet use, for example.

Some terrorists have been quick to seize the communications power of the internet to further their cause.

While people like me make distinctions between the cyberworld and the real world, for people who have grown up using computers their whole lives, the lines between these places are less distinct.
Online experiences are just as real and meaningful as those they have in the physical, off-line world. At the moment, because of the amount of time the internet has been widely available, those people are less than twenty years old.

We know that the terrorist organisations Hamas and Hezbollah have created cartoons aimed at attracting children.  Until this year, Al Aqsa Television in Jerusalem broadcast a program called Tomorrow’s Pioneers which had a Mickey Mouse-like character named Fafur who taught his fans about world Islamic domination and urged them to resist the United States and Israel.³

In 2003, Hezbollah released a game called Special Force in which the player is involved in Hezbollah operations against Israeli forces. A high score earns the player a signed certificate presented in a cyber-ceremony. At the end of the game, players are shown a display of Hezbollah ‘martyrs’.

The importance of these games was underscored in a quote from Hezbollah’s Mahmoud Rayya who said: "In a way, Special Force offers a mental and personal training for those who play it, allowing them to feel that they are in the shoes of the resistance fighters".⁴

Feeling that you are taking part in a real event makes the games successful and attractive, but it may also do harm. The closer the game comes to reality the less the player questions the difference between the game and world events – the barriers between the false world of the game and the real world become blurred.

Some writers on terrorism suggest players of these games may come to believe that the game harmonises with reality, making radicalisation a possibility. We can see these groups are reaching out through the internet, through chat rooms and through other online venues to people who may be easily attracted to different ideas.

Interactions online take place in a different environment – the usual social inhibitors, such as your friends telling you that the person you are talking to is a loser – don’t apply.

But teenagers feel at home online as they have been doing it all their lives. They may even feel more comfortable there than they do in real life social communications and so may be at risk of being influenced by those whose intent is malicious. Is there a point at which encouraging people online could become incitement? Well, we have seen in recent days that this may indeed be the case.

Last week, in London, three men described as Islamists were jailed for engaging in what the sentencing judge called “cyber-jihad”. Justice Openshaw said the men had encouraged others to kill nonbelievers. He noted that much of the material they published online was directed at young men of military age who were more likely to be impressionable. “Much of it does amount to incitement to commit murder by way of encouragement to join the call to arms, to participate in jihad, to go on and commit an act of terrorism. Some of the material went further and amounted to a direct and obvious incitement to murder,” Judge Openshaw said.⁵

Younes Tsouli, 23, who set up and ran several sites over during 2005 was imprisoned for 10 years.
Tariq Al-Daour – who was also involved in a £1.8 million fraud – was jailed for six-and-a-half years, while Waseem Mughal received seven-and-a-half-years. The fraud helped fund the internet sites.

Challenges for Law Enforcement

As with terrorism, the internet poses many challenges for law enforcement and the criminal justice system.

Botnet attacks, such as the one that occurred in Estonia, may involve computers in several countries with controllers based in one nation using servers in another and enslaving unsuspecting home user computers, for example, in other countries.

Pursuing all these elements of the crime requires very high levels of international cooperation. At the AFP, we have been boosting our international activities in a number of ways. We now have an international AFP network which comprises 80 officers in 33 cities in 27 countries.

This year, we opened a new office in Bangladesh and next year we plan to open offices in New Delhi and in Vientiane.

We work with our international colleagues in other ways, too.

For example, the Australian High-Tech Crime Centre, established in 2003, is a founding member of the Virtual Global Taskforce which is a group of law enforcement agencies including the Royal Canadian Mounted Police, the US Department of Homeland Security and Interpol, who work together globally to reduce the incidence and impact of online child exploitation. The advantages of this high level of international cooperation were demonstrated last month after a ten-month international investigation across 35 counties culminated in the conviction of the man behind the online UK-based paedophile network. More than 700 suspects have been identified and 31 children were rescued from abuse or positions of harm.

Challenges in Cases

As well, as the issues confronting legislators and law enforcement, there are challenges which may be of more relevance to you in your future work. For example, demonstrating a chain of evidence is vastly more difficult when overseas data and inquiries are involved.

Cases involving online crimes tend to require expert witnesses as the material is highly technical – the data starts off as a series of binary code (zeros and ones) and needs to be converted in some way to make sense. Sophisticated software converts the material. Often jurors need this interpretation to be explained by an independent expert, but this can be problematic, given the vast range of propriety programs on the market and the lack of nationally accredited or rated IT software programs or accredited experts.

There are also issues in presenting evidence. Many jurors expect evidence bags, containing guns and drugs. However, the evidence in online crimes is usually data and the ways it is criminally manipulated are often not easily understood. There may be no fingerprints or incriminating evidence placing a suspect at the scene, making it difficult to illustrate links and causal relationships.

Prosecuting online crimes is more difficult when the criminal mastermind of a mule or botnet operation cannot be readily identified as a person in the real world.  Internet programs enabling anonymous work online and encryption may obscure these details. Yet cases proceed where the ‘middle part’ of the criminal supply chain can be identified and a crime proved, leaving the masterminds and real reason for the crime unknown. 

And a problem we are all familiar with – the amount of data generated by computers. It can be so overwhelming that it requires significant resources to analyse and sometimes that does not fit in with the principle that the process of justice should be timely.

For example, in Operation Proxima – an investigation into a denial of service attack on an Australian-based internet chat service – the AFP had to seek an extension of time to process 500 gigabytes of data. That is equivalent to a house full of A4 sheets of paper.

Cases being managed by the AFP currently involve numerous terabytes of data. One terabyte is the equivalent of two million trees.

Our inquiries into the Australian connection to the London and Glasgow incidents have provoked some media comment about the amount of time the Dr Haneef has been in AFP custody. I might say that the case has required us to analyse data amounting to about the equivalent of 31,000 single pages.

Challenges for the Legal Regime

Australian cyber crime laws were introduced in 2001, but as we noted before, developments in this field are astonishingly rapid and common online practices and developments are outpacing legislative cover.

As well, there are few tried cases, so existing laws are often untested before they become outdated.

Our legal system is based on the accumulated knowledge acquired through cases being brought before courts and through decisions being tested through the appeals process at several levels over many years. But the pace of change on the internet is so rapid we cannot match it with developing statutes, let alone through the patient accumulation of case law. For example, who had even heard of cyber-bullying in 2001?

Crimes are starting to emerge in online games but in many cases the appropriate response is difficult to work out. For example, what is the appropriate response to online avatars indulging in sexual predation? While many online gamers have a significant emotional investment in their avatars, should crimes committed, at least arguably only in the imagination, be treated in the same way as those committed in the real world?

And how, for example do we respond to ‘Evangeline’, the avatar of a 17-year-old boy  who built a cyber-brothel in The Sims Online and sold cyber-sex in exchange for the online currency of the Sims world.

Online games with cyber-currency, such as Second Life, also pose problems for law enforcement because of the potential for money-laundering when the online currency crosses to the real world.
The Linden Dollars used in Second Life have been traded via online auction sites for real cash or real goods. So, what if Evangeline had traded his Sim dollars for real dollars – which is possible in the game. Should his actions be treated any differently then? I’ll be interested to hear your views on these issues later.

More recently, there have been reports of paedophiles using online games to develop relationships which result in real world meetings and abuse.

The crossover of online activities into the real world ensures that at some point national laws will be activated however, which law is unclear and it may depend in part on which law enforcement agency gets the referral and/or works up a case.

E-commerce is another area where demand for regulation is likely to grow. Currently, jurisdictional issues make prosecutions and investigations difficult and expensive if there is an international angle.
Often internet trade scams have low financial value and so do not compete well for limited policing resources. The global nature of these scams makes it difficult for us to see the magnitude of the loss.
For example, a scam which costs people a few hundreds dollars in loss might not seem that significant to a police officer stationed in Carlton or Dandenong or Footscray. But if all the losses of a single scam from around the world were reported to that one officer, then we would know that the cost of that crime was perhaps millions of dollars.

Conclusion

As we have seen, we live in not one, but two rapidly-changing and highly dynamic worlds.

Both worlds are constantly challenging me, and other police officers, to look into the future – to try to see where the next threat is coming from and what the likely target will be.

These issues we have examined briefly today confront all societies, all people, but for police officers, and others involved in the legal world – like you –  they challenge the foundations on which we have built our lives.

Our approach to policing has changed enormously since the 2001 attacks in New York and Washington, and it will have to change even more in the next 20 years.

None of us can remain grounded in the familiar if we are to ensure that we all have a future.

Thankyou.

I’d like to hear some or your views or answer any questions in the time we have remaining.

---

Footnote

1. Kaplan, Dan, ’45.7 Million-Victim TJX Companies Breach Could Lead to Federal Notification Law’, SC Magazine, 29 March 2007, http://scmagazine.com/us/news/article/647277/457-million-victim-tjx-companies-breach-lead-federal-notification-law/
2. Murphy, Colm, ‘Counting the Cost of Cyber Crime’, 18 June 2007, http://www.net-security.org/
3. The Australian, ‘Hamas TV Station to Replace Martyred Mouse’, 3 July 2007 http://www.news.com.au/story/0,23599,22008855-401,00.html
4. WorldNetDaily, ‘Hezbollah’s New Computer Game’, 3 March 2003, http://www.worldnetdaily.com/news/article.asp?ARTICLE_ID=31323
5. Woolcock, N., ‘Three Students Jailed for Inciting Terrorism on Holy War Websites’, The Times, London, 6 July 2007.