Some Golden Rules for Investigating On-Line Child Sexual Exploitation
By Brad Astrowsky and Susan Kreston
Introduction
With computer facilitated child sexual exploitation coming to the top of the agenda for both police and prosecutors, new issues are arising concerning what should be regarded as the best practices for investigating these crimes against children. To assist front line law enforcement professionals in responding to these issues, the following suggestions are offered.
The Golden Rule
#1. Never say or do anything you wouldn't want to repeat to a jury. Keep in mind that whatever is done during the course of an investigation must be presented and justified to a jury. If, for example, a perpetrator sends the undercover detective a sexually provocative piece of clothing and asks the "child" to put it on and send a picture to him, the detective must not do this. Think like a 13-year-old to come up with reasons to decline. "I don't want to send it off to be developed -- I might get caught," or "How can I take a picture of myself?" Refusing to pander to the perpetrator's wishes is not the end of the case. Sending a picture of a detective dressed in such an item is.
#2. Never send child pornography, adult pornography, erotica, pictures of yourself or your child over the Internet. It goes without saying that the job of law enforcement is not to add to the volume of illegal materials available on the Internet. If the perpetrator wants to swap pictures, the detective may send corrupted images. A lack of digital camera and a scanner might also be raised as a bar. Alternatively, undercover detectives may tell the perpetrator that they don't have pictures, but they do have child pornography videos, so a face-to-face meeting might be better. Finally, if there is no other way, arrange a controlled delivery of the materials with immediate seizure after delivery.
Often, the perpetrator will ask the "child" to send a picture of him or herself. Once an image, no matter how innocent, leaves the possession of the sender, it is forever out of his or her control. There is nothing to prevent the recipient of the image from cutting and pasting the head from the image onto the body of another child being abused in another picture thereby creating new child pornography.
#3. Log everything. It is important in these cases as in any other to keep complete, well documented records of any transactions that occur in the course of the investigation. It is of paramount importance to log everything so that a full and absolutely accurate accounting may be made of any correspondence between the victim/undercover detective and the perpetrator. It is incumbent upon the investigator to know what is automatically logged and what is not. For example, Internet Service Providers (ISPs) will not automatically preserve instant messages or chat room conversations on their servers. "To do so would be an extreme financial burden. Therefore, if a detective attempts to subpoena an ISP for that information, it will be to no avail. Detectives must know how to save and log all communications between the perpetrator and the "victim" to best facilitate the effective prosecution of the case.
#4. Never work from your home or your personal account. Every office should have a protocol delineating the parameters and proper techniques for investigating these cases. When detectives go on-line, they should know what is acceptable and legally defensible in such an undercover operation. Two key pieces of any such protocol should be that no detective ever work from his/her home computer or from a personal account. These two rules simplify the issues attendant to properly backstopping accounts, and also firmly and effectively establish the boundaries within which the detective may pursue these cases. By particularly designating who will be allowed to conduct these investigations and on what computer(s), the protocol additionally preempts and precludes the defense of "I was working on a case/I had no criminal intent" being raised. It also helps to insulate both the detective and his/her office from liability issues.
#5. Give the defendant an out. At some point in the correspondence with the perpetrators, give them "an out." In a traveler case this might be "Are you sure you want to have sex with me? Can't you get in trouble?" In a child pornography case it might be "I'm worried about getting together to exchange pictures. Isn't this stuff illegal? Can't we get in trouble?" This will help the prosecutor to show that the perpetrator had the opportunity to abandon the activity but, rather chose to pursue it.
#6. Don't be the slime ball - that's the defendant's job. When conducting an undercover investigation, it is crucial that the detective let the perpetrator lead the communication. It should never be the undercover detective who first uses sexually explicit language or suggests a sexual encounter. Issues of both entrapment and jury nullification are always best avoided, particularly in this context. Remember, whatever you say, you will have to repeat in front of the jury. Make certain the jurors know that it was the defendant who escalated the conversation and steered it toward sexual matters, not the detective.
#7. If you seize it, you must search it. It is imperative that any computer seized be examined quickly. Jurisdictions in the U.S. are, on average, six months behind in their analysis of computer forensic evidence. With each analysis taking approximately 40 hours to complete, it is extremely easy to fall behind. Backlog, however, is not a legally recognized excuse for failing to conduct a forensic analysis in a timely manner. Charging and pre-trial decisions must be made with all deliberate speed, and with issues of civil liability regarding failing to return the computer to innocent third parties (usually businesses who use the computer(s) in everyday work), it is exceptionally important to conduct the forensic analysis of the materials and then return anything that is not evidence to its owner. It should be remembered that seizure of BOTH the defendant's and the victim's computer is optimal to retrieve all possible electronic evidence relevant to the case.
#8. Consider the pros and cons of a face-to-face meeting. One of the best ways to place the perpetrator behind the computer and preempt the Some Other Dude Did It (SODDI) defense is to arrange a face-to-face meeting between the perpetrator and the undercover detective purporting to be a child, or purporting to want to exchange child pornography. Two issues must be addressed when deciding whether or not to arrange such a meeting. The first is officer safety. Simply because the perpetrator is (or seems to be) a preferential sex offender does not mean that there are no issues of officer safety. The offender may be armed and fearful that the meeting is, in fact, a sting. Additionally, there is always the possibility that the person who shows up may be a "cyber vigilante" prepared to attack the presumed pedophile.
The second issue relates to potential defenses that such a meeting might inadvertently support. While the face-to-face meeting will effectively counter the "it wasn't me on the computer" defense, it may pose other problems. By having a very young looking officer impersonate the "child" the perpetrator is supposed to be meeting, the defense of "fantasy" may be given unintentional credibility. With the fantasy defense the defendant claims that he knew the "child" was not really a child and that he was just role-playing. The defendant could allege that he was expecting a young looking adult and, in fact, that is who showed up. Before using this technique, consider whether it is necessary to actually have someone impersonate the child/victim or whether the defendant merely showing up is sufficient. UNDER NO CIRCUMSTANCES WHATSOEVER SHOULD A REAL CHILD EVER BE USED TO EFFECTUATE THE MEETING.
#9. If you discover that the perpetrator is in another jurisdiction, immediately forward the file to that jurisdiction. When you find that the Internet account is registered to a John Doe in another state (or even a foreign country), inform that other jurisdiction immediately and decide if it is better for the perpetrator's home county to take over the investigation. The multijurisdictional aspect of these cases cannot be overemphasized. Cooperation is needed to both apprehend the perpetrator and protect the victim.
#10. Computer forensics is not a substitute for solid, old-fashioned police work. Two classic areas of police work predominate this area: suspect surveillance and suspect interrogation. Surveillance is one way to put the perpetrator behind the computer. Meeting the untrue SODDI defense may require that the perpetrator's home/business be surveilled to determine who has access to the computer and at what times of the day. It is crucial that information be gained at the investigatory stage to defeat this claim.
Suspect interrogation remains one of the three most critical pieces of the successful prosecution of these cases, the other two being the victim and the forensic/medical/physical evidence in the case. Questions that should be asked of the suspect include: "How many computers do you have access to?" "How many computers did you use to correspond with the child?" "Where are they all located?" "Are there password protected or encrypted files in those computers?" "What are the passwords?"
Conclusion
No one protocol or set of rules can definitively deal with all the issues that might arise in the investigation of a computer-facilitated child sexual exploitation case. However, by adhering to some simple strategies that reflect the best practices to date, many of the problems and pitfalls of investigating these cases can be avoided and the children victimized by these crimes will have a better opportunity to obtain justice in the courts.
Bureau Chief, Technology and Electronic Crimes Bureau, Maricopa County Attorney's Office, Phoenix, AZ.
Deputy Director, APRI's National Center for Prosecution of Child Abuse.
The U.S. Postal Inspection Service can assist local investigations with this type of operation.
This does not mean, however, that the perpetrator and/or the victim have not logged these conversations themselves. A search of their computers will be necessary to determine if this has occurred.
For a detailed explanation of these concepts, see James M. Peters (ed.), Prosecuting Internet Child Sexual Exploitation Crimes, U.S. Department of Justice (publication expected 2001). See also, Steve Jackson Games, Inc. v. United States Secret Service, 816 F. Supp. 432 (W.D. Tex. 1994), aff'd, 36 F. 3d 457 (5th Cir. 1994).
For a brief discussion of the issue of civil liability for failure to return in a timely manner, see Susan S. Kreston, Alphabet Soup: ECPA, PPA and Privacy Protection Issues in Computer Facilitated Child Sexual Exploitation Cases, UPDATE, Vol. 13, No. 11, 2001.
A cyber vigilante is someone who poses on-line as a pedophile in hopes of meeting real pedophiles and then inflicting harm on them.
|
