A government cybercrime expert explains how students are at risk from fraud and revenge porn

Cybercrime laws are still years behind the technology we have

Michael Levy, a Chief of Computer Crimes with the US Attorney’s office, never expected to go to Law school. He studied Math as an undergraduate, and was advised that Law school was “the ideal place for a senior who doesn’t know what he wants to do next year.” Years later, he didn’t think he’d work in cybercrime. When he was put in charge of the cybercrime division, he needed to learn the subject from scratch. Even today, Levy is met with surprises. Cybercrime “is an area that changes so rapidly – just keeping up is a fun challenge,” he told The Tab. I sat down with the prosecutor to learn more about his ever-changing practice and how computer crimes can be both helpful and harmful to college students.

What kind of work do you currently do, knowing that the division that you work in is for “Computer Crimes, Child Exploitation, and Intellectual Property Crimes?”

I would describe my area as covering “hackers and perverts” … the investigative skills in both areas are very similar, since so much of the child exploitation stuff is online. So when you’re investigating your hacking case or denial of service or child exploitation case, it’s all going to involve trying to figure out “who did this?” My job is to prosecute the people who do it. And so it’s tracing them, finding them through the internet, locating them – physical location. And the final step of the investigation is search warrants to go into their houses, and take their computers so we can have the evidence that they’re the ones who did it.

Cybercrime has been a huge topic in the news lately, particularly with the latest presidential election, what with Russian interference and the leaked DNC emails – has cybercrime always looked like this? And have they become easier or more difficult to prosecute since you became Chief of Computer Crimes?

Cybercrime keeps changing as computer technology keeps changing. The law tends to be slow in catching up to developments. And computers change so fast that the law is still catching up. For example, most of our evidence-gathering is done with the Stored Communications Act (SCA), which has been amended; it was originally passed in 1986 … it’s clunky, but it works. And there have been major efforts to overhaul it. But it takes a while. And when a target keeps moving, it gets hard to come up with stuff. So the idea of intruding into a computer in 1997 would be unusual, it’s a whole lot different today, it’s a whole lot easier. We didn’t have network computers back then, and to a large degree we do now. So part of the challenge is dealing with how fast things change.

And if you had to estimate where the law is compared to where computers are today, would you say we’re five years behind? Ten years behind?

Somewhere between five and ten years behind. I mean, we have tools we can use, but they probably need refinement … we’re always going to be behind.

Our readers at The Tab are predominantly college students, and we’ve experienced cybercrime like credit card scams, revenge porn, etc. Have you worked with those kinds of cases at all? And have you faced any challenges or trends that might apply to young users of the internet?

Mostly intrusions and identity theft – don’t click on links. Don’t open attachments to emails which are really short, or from emails you don’t recognize … breaking into a computer is hard, and tricky, tricking the owner of a computer is a whole lot easier. And so what we refer to as social engineering is probably the most significant kind of attack, so be careful what you click on.

The other thing with revenge porn, and this is a your-generation thing not mine because we didn’t carry cameras around with us, not that we didn’t do anything less stupid than any other set of teenagers. The idea of taking pictures of yourself and sending them to somebody else with the belief that they’ll never share them with anybody else is foolish. And revenge porn is the perfect example of what happens.

Do technologies like Tor make your job difficult, and what other similar technologies might college students have access to to commit cybercrime?

Tor makes it difficult, because it basically hides who you are, and Apple iPhone encryption, which is effectively unbreakable, and Apple has set it up in a way that they can’t help us either. To me that’s a serious problem. To me it’s a political problem, one that needs to be resolved by our elected representatives and not by a company whose only interest is in making as much money as they can. Encryption’s a useful tool, don’t get me wrong, You are paying for identity theft protection … there are uses for encryption, the debate is just whether there should be backdoors for encryption. And that’s a serious fight, if you talk to the computer security people, they say building a backdoor is building an insecure system.

Last question – do you have any advice for young people and budding lawyers interested in cybercrime and computer crime?

If you’re interested in cyber, I would try to learn as much about computers as you can tolerate. … My frustration in my office is that we can’t get the 30-somethings to learn it! You know, I’m stunned, because they grew up on computers. But they grew up on computers in the sense that they know how to use a computer the same way we all know how to drive a car. But none of us knows what happens when you lift up the hood of a car, and if you’re going to work in this area, you need to know something about what goes on underneath the hood.

More
Harvard