Audit Failures in Fraud Investigations: Lessons for the Future

A recent study, released last month, analyzed alleged auditor deficiencies in U.S. Securities and Exchange Commission (SEC) fraud investigations between 1998 and 2010. A total of 87 audits were sanctioned during that period, the study found, 46 of which were performed by a non-national audit firm, 35 by a national audit firm, and six were “bogus audits” defined as an audit in which no meaningful level of audit procedures were followed.

After the passage of the Sarbanes-Oxley Act (SOX) in July of 2002, the number of audits sanctioned decreased dramatically, and only 11 of the cases studied occurred after 2003; however, it should be noted that that there is a period of lag between an infraction and SEC enforcement, and the number of cases may increase.

In 73 of the cases, there were 19 permanent disbarments, and other disbarments averaged approximately 3 years, with a range of 6 months to 10 years. In 16 cases, civil penalties averaged approximately $5.8 million, median of $687,500, with a range of $20,000 to $50 million.

The study revealed that many of the SEC sanctions against auditors involved four primary deficiencies that appeared in both non-national and national sanctioned audits:

1)      Failure to gather sufficient competent audit evidence (59 cases)

2)      Failure to exercise due professional care (54 cases)

3)      Insufficient level of professional skepticism (49 cases)

4)      Failure to obtain adequate evidence to management representations (44 cases)

The data collected in the study shows that the deficiencies committed by auditors and audit firms are failures of basic procedures that are generally expected to be performed in any audit, and yet insufficient practices were exercised.

In one example of failure to gather sufficient competent audit evidence, the audit firm over-relied on management’s inventory reports even though the audit firm detected a difference between inventory on the books and the physical inventory.

In another example, auditors failed to exercise due professional care when the audit firm ignored the client’s failure to record depreciation expense.

Failure to maintain sufficient level of professional skepticism was shown when an auditor suspected documents provided by the client might have been fictitious and yet did not follow procedures to assess the authenticity of those documents.

The study suggests that some of these audit failures could be a result of poor training, education, time-restraints, multi-tasking, and can be resolved through further education and training on the fundamentals of the audit process, peer reviews, quality review assessments, reminders, and identifying patterns of where audit procedures are lacking.

Whether the audits are internal or external, or for due diligence before a merger or acquisition, the researchers of the study hope that the report will help further improve audit procedures in order to lower the occurrences of undetected fraudulent financial reporting by shedding light on past mistakes.

Ricky Tong is a Coordinating Investigative Analyst with MSA Investigations. For more information on this blog post contact Mr. Tong at rtong@msainvestigations.com.

(Image Credit: Dilbert)

Liberty Reserve: Cyber Crime and Money Laundering

Liberty Reserve, an online digital currency exchange founded in 2006, was shutdown recently because of the arrest of its founder, Arthur Budovsky, and six others on charges of perpetrating a $6 billion money-laundering scheme. Liberty Reserve was based in San Jose, Costa Rica; however, criminals around the world allegedly used the service to launder their ill-gotten gains. The New Yorker commented that Liberty Reserve "provided a key piece of the infrastructure for criminal activity on the web."

According to prosecutors, over a seven year period more than 55 million transactions for 1 million users (200,000 users in the U.S.) passed through Liberty Reserve. Middlemen in locations with lax regulations such as Russia, Vietnam and Nigeria were also supposedly involved in the scheme. These middlemen, called "exchangers," are often used by criminals in money laundering schemes to exchange dirty money for virtual funds. The virtual funds used in this case were Bitcoin, described on its website as "an experimental, decentralized digital currency that enables instant payments to anyone, anywhere in the world." Bitcoin is not regulated by a country, bank, organization or individual and is nearly inflation-free due to its fixed allocation of 21 million units. 

As part of their investigation, federal prosecutors were able to set up fictitious accounts called "Russian Hacker" and "Hacker Account" to detect the criminal activity. An undercover investigator used the name "Joe Bogus" to sign on and listed "123 Fake Main Street" in "Completely Made Up City, New York" as his address. He was allowed to make transactions titled "ATM skimming network" and "for the cocaine" without any recourse or investigation.

Liberty Reserve created its own currency using Bitcoin, called Liberty Reserve USD and Liberty Reserve EURO, which was allegedly bought and sold by criminals to wash dirty money. Liberty Reserve appears to have played a role in the recent $45 million scheme in which thieves stole debit card information and drained cash from two Middle Eastern banks from ATMs around the world. This is one of the largest anti money-laundering schemes in U.S. History, but with more digital currencies coming into existence, such as Litecoin, Namecoin and PPCoin, there will be more frequent and much larger schemes on the horizon.

As we have seen with the recent mortgage collapse and subsequent financial problems on Wall Street, even private and government regulatory organizations aren't enough to prevent fraudulent activity. Companies and organizations wishing to ward off cyber criminals should utilize a cyber security consultant to ensure Internet and network security.

Real Estate and Mortgage Fraud: Timeshare Schemes on the Rise

On May 9, 2013, three former employees of The Vatican Ownership Group LLC admitted to conspiring to defraud owners of timeshare properties by offering phony consulting services. In addition, one of the defendants admitted to illegally collecting unemployment benefits. According to court documents and statements made in court, The Vatican Ownership Group, also known as VO Group LLC, claimed to offer consulting services to owners of timeshares, including canceling, purchasing and upgrading the timeshares. In order to perpetrate the scam, the defendants regularly lied to customers using prepared scripts. The defendants would contact the customers and give them the false impression that they were working for a bank or lending institution. After listening to these scripts, some customers would send checks to the company. According to court documents, one defendant convinced a costumer that if he sent a check for $21,328.28 to the company’s office, he would be able to settle all of the customer’s timeshare debt. Another defendant acted as if he were a satisfied customer of the company and allegedly tried to convince people to send money to the group.

Fraudulent timeshare schemes are becoming a real problem especially in these economically challenging times as more timeshare owners decide they no longer can afford them. Earlier this year, the FBI’s Internet Crime Complaint Center issued an alert on timeshare telemarketing scams after seeing a significant increase in the number of complaints about these scams. The victims were mostly owners scammed by criminals posing as representatives of timeshare resale companies that were committing fraud. 

Many of these types of complaints are handled by each state’s attorney general’s office and local law enforcement. However, the FBI will get involved when there is evidence that the fraud extends across state lines, usually through wire or mail fraud, and/or involves a large number of victims, large losses and an organized crime enterprise.

There are almost endless variations of timeshare resale fraud, for example, in 2012, the California Department of Real Estate (DRE) released a consumer alert warning of timeshare resale fraud. The alert identified the three most common types of scams that the DRE has seen:

1. Unlicensed, unregulated, and illegitimate timeshare reseller fraudsters are posing as or using the identities of legitimate and licensed real estate brokers; in doing so, they provide a false sense of security, and then demand payment upfront. No service of any kind is actually provided.
2. Fraudsters target timeshare owners and falsely tell them that the “agent” has found a “ready and willing” buyer for their timeshares (which in some cases may not currently be listed or be for sale).
3. Fraudsters posing as timeshare buyers and using advertising slogans such as “Will Buy Your Timeshare for Cash,” “Timeshares Wanted,” or something similar, to lure timeshare owners, and then ask the owners for a “small amount of” money (which is often times $1,000 or more) up front to process paperwork for the transfer. Once the payment is made, the owners never hear from the scammers again.

The Federal Trade Commission (FTC), the nation’s consumer protection agency, provides useful information for consumers interested in a timeshare or vacation plan. The American Resort Development Association (ARDA) has likewise issued a series of advisories on resales to consumers and timeshare owners.

Three steps recommended to avoid timeshare scams:                                                     

Step 1: Know the person with whom you're speaking

Step 2: Do your research

Step 3: Never pay upfront fees

Do your homework and proceed cautiously. Timeshare resale scams are some of the most common and potentially devastating consumer frauds out there. It’s important to take the necessary precautions to avoid these scams. At MSA Investigations, we have professionals with significant experience working on a wide-range of fraud investigations. If you are establishing a business relationship and would like to have a better understanding of the possible risks associated with a potential business partner, contact us to learn more about our investigative due diligence services.

Melissa Rodriguez is Senior Investigative Analyst with MSA Investigations. For more information on MSA Investigations' fraud investigations and investigative due diligence services, contact us today.

Cyber News Update: CISPA Bill Shut Down in Senate

According to a Senate Commerce Commitee spokesman, a controversial privacy bill, the Cyber Intelligence Sharing and Protection Act ("CISPA"), won't be considered for a Senate vote, after it passed the House vote on April 18th. President Obama had previously threatened to veto the bill.

What is CISPA?

The bill, (H.R. 624), would have allowed for the sharing of internet traffic information between the U.S. government and technology and manufacturing companies in order to help the U.S. government investigate cyber threats and ensure the security of networks against cyberattacks.

Why is CISPA controversial?

The bill has come under criticism by detractors who argued that the bill lacks confidentiality and civil liberties safeguards. For example, civil liberties groups as as the ACLU, ETC argue that the bill lacks limits on when and how the government may monitor a private individual's browsing information. It has also been argued that the new powers provided in the bill may allow the government to spy on the general public not just pursue malicious hackers.

Opponents of CISPA also argue that it would allow companies to hand over users' private information to the government. According to the Electronic Frontier Foundation, a liability clause in the bill, "essentially means that CISPA would override the relevant provisions in all other laws -- including privacy laws." The EFF also stated that "CISPA is written broadly enough to permit your communications service providers to share your emails and text messages with the government, or your cloud storage company could share your stored files."

Proponents of the bill on the other hand, argue that CISPA is needed to keep that same information safe from foreign hackers, as the bill allows the U.S. government to quickly and efficiently acquire information about incoming cyber attacks.

The bill also had a number of controversial proposed amendments -- the most notable of which was a ban on employers requiring employees to provide them with their social media login details. This amendment was ultimately blocked by Congress. 

For more information on cyber security, read our FREE guide on how to avoid getting hacked, and follow our blog for the latest news in cyber security.

Due Diligence: Insider Trading and Client Confidentiality

Over the course of the past few months there have been a number of instances where we have read about insider trading cases in the financial community. According to the Securities and Exchange Commission website, in fiscal year 2012, the agency brought 58 separate actions against 131 individuals and entities and during the course of the past three years, the agency has filed more insider trading actions (168) than in any previous three-year period.

During the past several days it has been reported that a the partner in charge of KPMG’s audit practice in the southern California region was arrested by the FBI and fired by the firm amid allegations that he leaked confidential information concerning two clients, Herbalife and the footwear company Skechers USA.  KPMG has announced that given these circumstances, they had no alternative but to withdraw its audit reports for the past three years for Herbalife and the past two years for Skechers. A few weeks back, Herbalife’s shares traded at a loss of 3.75%.

The leaking of information is not necessarily always with the intention of reaping financial benefits. This past January, a former officer of the CIA was sentenced to 30 months in prison for disclosing the identity of another CIA undercover officer to a freelance writer. The undercover officer’s name, who was involved in the detention and interrogation program in Guantanamo Bay, was passed from the freelance writer to attorneys for Guantanamo suspects.

Although never to be condoned, the instances where individuals are reaping financial benefits for divulging confidential information are self-explanatory. However, the passing of secret, confidential or proprietary information to a third party is a practice that cannot be tolerated.

When a client retains an investigative firm for any number of reasons, whether it is a misdeed which requires a corporate investigation of a member of senior management or a simple investigative due diligence request and your engagement letter reads that we “agree to treat as highly sensitive and confidential any information,” and that we will only divulge information provided by the client “if compelled by subpoena or other judicial process,” you are duty bound to abide by those agreed upon statements.

In my 29-year career with the FBI, I was primarily assigned to violations of federal criminal statutes.  I had always been intrigued with the activities of the FBI’s Foreign Counter Intelligence Division, whose mission is exposing, preventing, and investigating intelligence activities in the U.S.  What were these FBI Agents doing on a daily basis to fight the threats to U.S. citizens?   What were their methods and how did they differ from what I did each day? There is an expression that all trainees learn in the FBI Academy, in Quantico and is often used even long after they have graduated, “This is on a need to know basis and you don’t need to know.”

It seems as if the FBI had the right idea when it came to confidentiality.

Neil Moran is Director of Background Screening and Investigations at MSA. Contact Us for information regarding MSA's due diligence capabilities.

Clicktivism: Social Media Monitoring at the Boston Marathon Bombing

Social media becomes more prevalent each day, as does the need for companies to invest in social media monitoring. Considering its infancy, social media has already had countless major impacts on world events. From the Arab Spring to the Occupy Wall Street movements, large groups of activists have been able to assemble and become more organized quicker than ever thanks to Facebook, Twitter and other networking sites. Several weeks ago we saw another instance of activism through social media in the outpouring of Tweets, Facebook posts, Reddit discussions, etc., regarding the search and capture of those accused in the Boston Marathon bombings. Moments after the explosions, police were requesting videos and photos captured by onlookers near the finish line of the race. This "crowdsourcing" is becoming more popular in the investigation of crimes committed in public view. Surveillance cameras captured images of the bombers, but due to the amount of storage space needed the clarity is not on par with a handheld camera or smartphone. A clear photo of one of the fleeing suspects was taken via smartphone and given to the police which gave the investigation momentum.

Due to the ever-increasing number of social media users, people were planning to tweet and post videos of a notable Patriot's Day in Boston. Unbeknownst to the attendees they would be filming a horrific tragedy and become crucial elements in bringing the alleged offenders to justice. One minute after the bombing took place there had already been nearly 1,000 tweets detailing what had occurred. The convenience of updating social media profiles via smartphones is a plausible reason there were so many videos and pictures readily available to assist the police in their investigation. In the ensuing hours and days, the over 158 million Facebook users and 23 million active Tweeters in the U.S. embarked on a massive manhunt. The amount of people following the Boston Police Department's Twitter Feed went from 40,000 to 300,000 during the week of the bombings, and the "captured" tweet is the second most retweeted comment behind President Obama's "four more years." So many people were interested and involved in helping find the suspects that the FBI's website crashed. This barrage of activism has been given the term "clicktivism," which is basically taking action for a common cause from a computer.

Clicktivism has been blamed for the casual nature and loss of passion in protests and other activist gatherings. One can now join a cause and "be heard" from his or her living room with the click of a button, instead of having to make a placard and travel to a rally. Critics voice that there is no heart anymore in activism. Perhaps this is true, but Clicktivism can also be hailed as one of the reasons this manhunt ended so swiftly and efficiently. Users of social media networks definitely showed heart and passion.

Contact Us to learn more about MSA Investigations' social media monitoring capabilities.

(Image Credit: Guardian U.K.)

Health Care Fraud: Physician Admits to Record Medical Fraud Scheme

According to an FBI press release, on April 10, 2013, Jose Katz, M.D., 68, a board-certified cardiologist, licensed to practice medicine in New Jersey and New York, pleaded guilty to one count of conspiracy to commit health care fraud and one count to commit Social Security fraud. The total cost to Medicaid, Medicare and insurance companies was $19 million, the largest amount by an individual practitioner convicted of heath care fraud in the tri-state area.

Katz advertised his companies, Cardio-Med Services, LLC and Comprehensive Healthcare & Medical Services, LLC, heavily on Spanish-language television and radio stations.  From July 2006 through February 2009, Katz spent more than $6 million on advertisements, resulting in hundreds of patients contacting his New York and New Jersey-based medical companies each day.

Court documents reveal, Katz’s conspiracy to commit health care fraud involved ordering the same diagnostic tests for patients, regardless of their symptoms.  Katz also had his employees, who were not licensed to practice medicine, order and perform diagnostic tests on the patients of other physicians who did not think the tests were necessary.  Some of these diagnostic tests entailed a “basic profile blood panel,” which Katz created, comprised of roughly 30 tests. 

Katz was also accused of purposefully misdiagnosing patients with angina pectoris, a symptom of coronary artery disease, and which can be described vaguely as chest pain, in order to prescribe enhanced external counterpulsation (EECP) treatments.  The treatment is non-invasive and according to court documents involves “placing the patient on a treatment table and wrapping the patient’s lower trunk and legs in three air cuffs, similar to blood-pressure cuffs, which inflated and deflated in synchronization with the patient’s cardiac cycle.”  The treatment usually lasts 1 to 2 hours and is administered 5 days a week, for 7 weeks.  According to prosecutors, Katz performed these treatments even when it was not advisable as it may have been harmful to the patient.  Between 2005 and 2012, Medicare and Medicaid paid Katz’s companies more than $15.6 million for EECP treatments.

Prosecutors also claimed, Katz ordered a co-conspirator and work associate Mario Roncal, 62, who had a medical degree from Puerto Rico, but was not licensed to practice medicine in the United States, to unlawfully perform medical procedures on behalf of Katz. Additionally, Roncal at the direction of Katz called himself “Dr. Roncal” and forged Katz’s signature on paperwork in connection with the unlawful services.

Katz admitted to Social Security fraud, in which he created a “no show” job for his wife at Cardio-Med Services.  Katz forged W-2 forms for his wife, from 2005 through 2011 to the U.S. Social Security Administration, for an aggregate amount of $1,251,604 in earnings, which resulted in approximately $263,000 in Social Security benefits for which she was not eligible.

As a result, Katz defrauded Medicare, Medicaid, and private insurers of $5.6 million related to medical testing; $12.89 million related to fraudulent EECP treatments ($11.88 million for Medicare; $.73 million for Medicaid; $.22 million for Aetna; $.06 million for Empire Blue Cross Blue Shield); and $.51 million related to evaluation and management services provided by an unlicensed physician, for a total cost of $19 million.  At sentencing, scheduled for July 23, 2013, Katz is expected to be ordered to pay restitution to his victims. He faces a maximum penalty of 10 years for the health care fraud conspiracy and 5 years for Social Security fraud.

Ricky Tong is Coordinating Investigative Analyst with MSA Investigations. For more information about this blog post and MSAI's fraud investigative services, please contact Mr. Tong at rtong@msainvestigations.com.

(Photo credit: katzcardiomedicalcenters.com)

Identity Theft: IACC Launches Anti-Counterfeiting Website

Last month, the International Anti-Counterfeiting Coalition (IACC) launched DesignsFauxReal.com, a website that looks like a legitimate online marketplace at first blush. However, visitors to the site are greeted with the headline “Free identity theft when you shop on knock-off sites like this one.” DesignsFauxReal is not an online store, but is actually an educational tool, created to inform online shoppers about the risks of purchasing counterfeit goods online. The website, created in partnership with the Department of Homeland Security, United States Immigration & Customs Enforcement (ICE) and MasterCard, is intended to illustrate the pitfalls of the booming online counterfeit industry.

DesignsFauxReal highlights a major problem with the proliferation of online commerce. It takes minutes to create a new website, and there is no verification process for the goods being sold on any website. In addition, services like PayPal make it possible to carry out secure, anonymous transactions, which guarantee that the money will be exchanged without providing any information about the seller. Many credit card companies will not allow their cards to be used by sites that sell questionable merchandise. A website that does not accept any major credit cards should set off a warning to the consumer that the site may not be trustworthy. 

The notion that trademark counterfeiting is a victimless crime is false, and as DesignsFauxReal repeatedly highlights, the most devastating consequence of making purchases from an unauthorized retailer is not that the item may be counterfeit, but that the buyer's identity is compromised by using such sites. Individuals who maintain online marketplaces for fake goods are breaking the law, and such criminals should not be trusted with one's personal information. 

Those who maintain the websites may also be part of organized criminal networks, and such websites may fund much more "serious" criminal enterprises.

DesignsFauxReal is an important educational tool for shoppers. Many may be aware that they are purchasing counterfeit goods - the low price point is often an attractive alternative to purchasing genuine products - but are probably naive to the risks inherent to using such sites.

Some brands have incorporated verification into their websites. The high-end outerwear manufacturer Canada Goose has dedicated an area of their website to counterfeit detection, which tells a buyer how to identify fake merchandise and if the website that they are accessing is an authorized retailer of the brand's merchandise. The most important thing to know about potential counterfeit merchandise, as the Canada Goose website states: "If it seems too good to be true, it probably is." 

Sean Cordes is a Coordinator with MSA Investigations' Intellectual Property practice.  For more information, please contact Mr. Cordes at scordes@msainvestigations.com.

 

 

Teacher Background Check: Naval Officer or Elementary School Teacher?

Teacher Background Checks are becoming more vital in today's volatile world. MSA Investigations' Director of Investigative Due Diligence and former longtime FBI Special Agent Neil Moran's tale from the field illustrates why.

Notes from the Field

How do you think you would react as the assistant principal of a parochial elementary school if one day there was a knock on the door from a well-groomed man in his 50s wearing the uniform of a vice admiral in the United States Navy, looking for a position as a teacher? Even though there was no posting for an open teaching position and the man had no references or known reason for selecting your school, he presented himself as a consummate professional and within several minutes had captivated the attention of school officials with his charismatic manner. In this instance, is a background check really necessary? After all, the individual has already demonstrated allegiance to his country, never mind the fact that he humbly appeared at your door ready and willing to work. 

Parochial school teachers are notoriously low paid with their private and public school counterparts. In addition, teachers affiliated with a religious institution, at least in New York, where this scenario occurred, do not have to be licensed or have the same teaching credentials as in public of private schools. So, the mere thought of having a vice admiral retired from the U.S. Navy as a member of your staff would add considerable credibility and stature. Is it possible that the judgment of school officials speaking with the man made them somewhat "star struck," with this larger-than-life figure and overlooked potential "red flags," including how and why the man selected their school and moreover, why a retired senior U.S. Navy officer was parading around New York City seeking a job by knocking on the school door with his active duty uniform. This is the set of circumstances with which I was presented as an FBI Special Agent during the early 1980s when I was assigned to a possible "Impersonation" of a naval officer matter.

When my partner and I arrived on the scene in the Bronx we were greeted warmly by school officials. Both of us had been educated in parochial schools and were raised in New York City, which appeared to provide a measure of comfort to school administrators. 

As they went over the story step-by-step starting with the man's unexpected arrival, we both began to wonder, "Did these folks hire this guy on the spot without having performed a background investigation?" We soon had our answer, "Yes." The story developed as red-faced and clearly embarrassed officials showed us pictures of the man who embraced the school and the parish community as a whole to the point where he had been honored as the "man of the year" and had been feted at the annual gala parish ball. Photos of the man giving his acceptance speech adorned the principal's office. "Did you folks do your due diligence and perform a background investigation?" we asked. The response, which was shocking to us was, "No."

As we pressed on for further details, we clearly had the sense that behind all of this school administrators were not forthcoming on all of the details and we soon discoverd why. They clearly felt foolish having been so captivated and endeared by the man upon meeting him that they failed to exercise sound judgment in ensuring that he would be exposed to young children and, regardless of his prior military career, should be thoroughly vetted. And then the bomshell dropped.

Among the many parish sponsored activities in which the man exhibited an interest was the Boy Scout troop, which included weekend trips to area campsites. The Boy Scouts have had a number of similar child abuse problems in recent months and years, as news sources report. Several young male scout members, who were also parish members and students, had come forward and informed their parents that the man had sexually molested them on several of the camping outings. The man, having realized that the parish community was aware of what had occurred departed the school suddenly and without explanation.

Although the man was arrested and prosecuted at a later date, this is a situation which should never have occurred. Imagine that school officials never confirmed that the man had retired from the U.S. Navy, which the FBI later determined that he never spent a day in military service. Also imagine that on the man's word the school hired him for a position of trust where he was exposed to children without first conducting a background investigation, which would have revealed that the man had no college degree.   

Another lesson learned, no matter what the scenario or circumstances, if it's too good to be true it probably is. More importantly, would you buy a car without having a qualified mechanic look at it? Or purchase a home without having a professional engineer perform a thorough examination? So why would anyone hire a total stranger, no matter how impressive he or she may be on the surface for any position of trust without a complete background investigation?

Teacher background checks and pre-employment screening are necessary means to raise awareness and help enforce laws that protect children from abuse.

Email Neil Moran to learn more about MSA Investigations' background investigations services. 

(Image Credit: Reuters News)

Cyber Forensics: ‘Top Priority’ for FBI in 2013: Real-Time Snooping

The complexity and variety of today’s online communication services and technologies means that law enforcement must keep up with online communications. Last month, the Federal Bureau of Investigation (FBI) announced that real time monitoring of Web-based services is a “top priority” for 2013.  At a luncheon for the American Bar Association in Washington, D.C., FBI general counsel Andrew Weissman discussed new technologies and the challenges the FBI and other law enforcement agencies face in getting private communication records for criminal cases.  

Mr. Weissman provided updates on the FBI’s efforts to address what it calls the “going dark” problem – how the rise in popularity of email and social networks has made its ability to monitor communications difficult. Under the Electronic Communications Privacy Act, the feds can easily obtain archive copies of emails but when it comes to monitoring emails or Gchat in real time, they do not have those capabilities. The reason, according to Mr. Weissman, is that a 1994 federal law known as the Communications Assistance for Law Enforcement Act, or CALEA, was designed to help law enforcement conduct lawful surveillance and is not up-to-date with modern forms of technology. CALEA applies to telecommunications companies, but does not fully apply to Web-based companies. Mr. Weissman said this distinction has prevented the law enforcement from conducting surveillance on Web-based services such as email, cloud services, online chat providers like Google Chat, Skype, or the file-sharing service Dropbox and online games, such as Words with Friends, with chat features.

While CALEA can only be used to make Internet and phone providers to build surveillance capabilities into their networks, the FBI does not have existing powers to request surveillance of other services. While the federal wiretap statute, originally passed in 1968 and sometimes called “Title III” or the “Wiretap Act, requires law enforcement to get a wiretap order (often called a “super-warrant” because it is even harder to get than a regular search warrant) before they monitor or record communications, authorities can ask email and online chat providers to furnish the government with “technical assistance to accomplish the interception.” However, the FBI claims that this is not sufficient because asking “technical assistance” is not the same as forcing them. In 2011, Mr. Weissman’s predecessor, FBI general counsel Valerie Caproni stated that Title III orders did not provide the bureau with an “effective lever” to “encourage providers to develop and maintain lawful intercept solutions.” State and local enforcement agencies face a serious intercept capabilities gap as it does not have enough power under the current legislation to coerce companies into providing real-time wiretaps of communications. According to Mr. Weissman, the FBI’s “top priority this year” is to create a proposal that modernizes the law to allow law enforcement to obtain such data with a court order.

Melissa Rodriguez is Senior Investigative Analyst with MSA Investigations. For more information on MSA Investigations' cyber security and digital forensics capabilities, contact us today.

(AFP Photo: Stan Honda)