Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Security Strategy, Plan, Budget, Incident Response, TDR, Threat Management, Threat Management, Governance, Risk and Compliance, Compliance Management, Privacy, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Got something to say?

I, my staff and the thousands of law enforcement officers around the nation that have been trained by the NW3C (the National White Collar Crime Center) take exception to the statement you make in your cover story, “Law and Order” [July]. The article discussed the creation of the computer crime training facility in Alabama.
You wrote, “The facility will replace other computer crime-specific training efforts, such as the White Collar Crime Center in Glen Allen, Va.” This statement is inaccurate.

Another inaccurate statement is contained in your March 13 article [Secret Service, Homeland Security team up... us/news] which read, “first-of-its-kind federal facility designed to train local law enforcement officials from around the country on cybercrime.”

NW3C is the foremost training provider to law enforcement in the area of computer crime and digital forensics in the nation, and possibly the world. In fact, the individuals involved in the Alabama facility have been trained by NW3C.

Specifically, NW3C has been providing this computer crime training primarily to state
and local law enforcement since 1996. 

Additionally, NW3C has worked with the U.S. Secret Service to provide training to law enforcement in the past, and will continue to do so.

Currently, NW3C offers 16 distinct computer crime training courses to law enforcement. These classes are taught across the nation by our staff and others who we have trained and authorized to teach our curriculum. Additionally, our courses have been approved by state “POSTs” for credit nationally. 

NW3C is a nonprofit 501c3 organization with a mission to serve state and local law enforcement. We do this in three primary ways. First and foremost, by providing training; secondly, by providing investigative support; and thirdly, by conducting research. We are a member driven and governed organization. Our membership is comprised of 2,000-plus law enforcement agencies from all 50 states and our eight member board of directors are elected by that membership. 

Finally, I note that NW3C provides training to law enforcement agencies in three categories, including computer crime, as well as financial crime and criminal intelligence. I refer you to our public website, for more information. 

It is our hope that you correct the record and publicly properly state that this new Alabama project will not replace NW3C.

Mark R. Gage,
NW3C Deputy Director

Dan Kaplan responds: Let me say thanks for informing our readers as to the instrumental work being done at a nonprofit such as NW3C. My story in no way meant to disparage or downplay the admirable training efforts taking place there. I understand your issue with the word “replace,” and I did not mean to imply that the NW3C will close its doors upon the NCFI's arrival. What I did mean was, considering the investment and endorsement made by Homeland Security and the Secret Service, the NCFI has been designated America's gold standard for training on computer crime investigation, not just for local and state police, but also prosecutors, judges and the private sector. It should also be noted the NCFI will be structured much differently than NW3C, thus offering a draw for both entities.

Amero trial fallout
I'm Jeanne Bandy, Matt's mom. I was so pleased to read your article [“Amero supporters form The Julie Group,”], and Julie [Amero]'s website. We are happy that more people are speaking out about this issue. However, I'd like to clarify that my son was not convicted of child pornography. He accepted a plea agreement for a 16-year-old boy showing another 16-year-old boy a Playboy at school. In Arizona that is a felony. Through our website we were hoping to increase awareness of this growing problem so others would not become victims and go through what we did.

We did not have to go public with our story — and we have suffered because of it (especially our son). We did so with good intentions and high hopes of helping others. We recognized the injustice of this situation, and realized that not many families could afford to fight the system as we did.

In addition to our website and agreeing to appear on 20/20, we tried to take civil action against the prosecution and internet providers (who need to be held accountable as well), only to learn that they all have immunity. They do not have to be held accountable for their actions. YOU are accountable for everything on your computer, even though you have no knowledge of all its contents, or who may be controlling it. We need (we deserve) reasonable laws and reasonable people enforcing the laws. We need (we deserve) a safer internet. At this point in time, prosecutors are prosecuting innocent people for the sake of conviction records and public appearance. Internet providers only go as far as turning IP numbers over to the police to identify computers which may have possible contraband on it. So the law, government officials and the internet providers can tell the public they are doing their jobs — the public is safe — and YOU, the average American, is in more danger than you can imagine!

Jeanne Bandy

via email

Police, hack?
I'd like to pose a follow-up question for Mikko Hyponnen, in response to the interesting article “Should police be allowed to hack?” [Last Word, May 2007]. Let me be clear that I am in no way condoning hacking by law enforcement or otherwise, only posing a theoretical question about deontological ethics.

Consider the case of a large botnet to which anti-virus vendors have no "sampl.". Let's assume that a sample is necessary for security software to detect the malware — and let's also assume that if left undetected the botnet will continue to grow and pose an increasing risk. Lastly, let us assume that the botnet is propagating in a worm-like manner by exploiting some vulnerability. In this case, is it ethically justified for a virus researcher to retrieve a sample from a compromised machine by exploiting the same hypothetical exploit that was used to propagate the malware in the first instance? Does anything change if such behavior is legal within the country that the researcher resides?

Tareq Saade

via email

The opinions expressed in these letters are not necessarily those of SC Magazine.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.