Выбрать главу

#

The Federal Computer Investigations Committee (FCIC) is the most important and influential organization in the realm of American computer-crime. Since the police of other countries have largely taken their computer-crime cues from American methods, the FCIC might well be called the most important computer crime group in the world.

It is also, by federal standards, an organization of great unorthodoxy. State and local investigators mix with federal agents. Lawyers, financial auditors and computer-security programmers trade notes with street cops. Industry vendors and telco security people show up to explain their gadgetry and plead for protection and justice. Private investigators, think-tank experts and industry pundits throw in their two cents' worth. The FCIC is the antithesis of a formal bureaucracy.

Members of the FCIC are obscurely proud of this fact; they recognize their group as aberrant, but are entirely convinced that this, for them, outright *weird* behavior is nevertheless *absolutely necessary* to get their jobs done.

FCIC regulars -- from the Secret Service, the FBI, the IRS, the Department of Labor, the offices of federal attorneys, state police, the Air Force, from military intelligence -- often attend meetings, held hither and thither across the country, at their own expense. The FCIC doesn't get grants. It doesn't charge membership fees. It doesn't have a boss. It has no headquarters -- just a mail drop in Washington DC, at the Fraud Division of the Secret Service. It doesn't have a budget. It doesn't have schedules. It meets three times a year -- sort of. Sometimes it issues publications, but the FCIC has no regular publisher, no treasurer, not even a secretary. There are no minutes of FCIC meetings. Non-federal people are considered "non-voting members," but there's not much in the way of elections. There are no badges, lapel pins or certificates of membership. Everyone is on a first- name basis. There are about forty of them. Nobody knows how many, exactly. People come, people go -- sometimes people "go" formally but still hang around anyway. Nobody has ever exactly figured out what "membership" of this "Committee" actually entails.

Strange as this may seem to some, to anyone familiar with the social world of computing, the "organization" of the FCIC is very recognizable.

For years now, economists and management theorists have speculated that the tidal wave of the information revolution would destroy rigid, pyramidal bureaucracies, where everything is top- down and centrally controlled. Highly trained "employees" would take on much greater autonomy, being self-starting, and self-motivating, moving from place to place, task to task, with great speed and fluidity. "Ad-hocracy" would rule, with groups of people spontaneously knitting together across organizational lines, tackling the problem at hand, applying intense computer-aided expertise to it, and then vanishing whence they came.

This is more or less what has actually happened in the world of federal computer investigation. With the conspicuous exception of the phone companies, which are after all over a hundred years old, practically *every* organization that plays any important role in this book functions just like the FCIC. The Chicago Task Force, the Arizona Racketeering Unit, the Legion of Doom, the Phrack crowd, the Electronic Frontier Foundation -- they *all* look and act like "tiger teams" or "user's groups." They are all electronic ad-hocracies leaping up spontaneously to attempt to meet a need.

Some are police. Some are, by strict definition, criminals. Some are political interest-groups. But every single group has that same quality of apparent spontaneity -- "Hey, gang! My uncle's got a barn -- let's put on a show!"

Every one of these groups is embarrassed by this "amateurism," and, for the sake of their public image in a world of non-computer people, they all attempt to look as stern and formal and impressive as possible. These electronic frontier-dwellers resemble groups of nineteenth-century pioneers hankering after the respectability of statehood. There are however, two crucial differences in the historical experience of these "pioneers" of the nineteeth and twenty-first centuries.

First, powerful information technology *does* play into the hands of small, fluid, loosely organized groups. There have always been "pioneers," "hobbyists," "amateurs," "dilettantes," "volunteers," "movements," "users' groups" and "blue-ribbon panels of experts" around. But a group of this kind - - when technically equipped to ship huge amounts of specialized information, at lightning speed, to its members, to government, and to the press -- is simply a different kind of animal. It's like the difference between an eel and an electric eel.

The second crucial change is that American society is currently in a state approaching permanent technological revolution. In the world of computers particularly, it is practically impossible to *ever* stop being a "pioneer," unless you either drop dead or deliberately jump off the bus. The scene has never slowed down enough to become well-institutionalized. And after twenty, thirty, forty years the "computer revolution" continues to spread, to permeate new corners of society. Anything that really works is already obsolete.

If you spend your entire working life as a "pioneer," the word "pioneer" begins to lose its meaning. Your way of life looks less and less like an introduction to Тsomething else" more stable and organized, and more and more like *just the way things are.* A "permanent revolution" is really a contradiction in terms. If "turmoil" lasts long enough, it simply becomes *a new kind of society* -- still the same game of history, but new players, new rules.

Apply this to the world of late twentieth-century law enforcement, and the implications are novel and puzzling indeed. Any bureaucratic rulebook you write about computer-crime will be flawed when you write it, and almost an antique by the time it sees print. The fluidity and fast reactions of the FCIC give them a great advantage in this regard, which explains their success. Even with the best will in the world (which it does not, in fact, possess) it is impossible for an organization the size of the U.S. Federal Bureau of Investigation to get up to speed on the theory and practice of computer crime. If they tried to train all their agents to do this, it would be *suicidal,* as they would *never be able to do anything else.* The FBI does try to train its agents in the basics of electronic crime, at their base in Quantico, Virginia. And the Secret Service, along with many other law enforcement groups, runs quite successful and well-attended training courses on wire fraud, business crime, and computer intrusion at the Federal Law Enforcement Training Center (FLETC, pronounced "fletsy") in Glynco, Georgia. But the best efforts of these bureaucracies does not remove the absolute need for a "cutting-edge mess" like the FCIC.

For you see -- the members of FCIC *are* the trainers of the rest of law enforcement. Practically and literally speaking, they are the Glynco computer-crime faculty by another name. If the FCIC went over a cliff on a bus, the U.S. law enforcement community would be rendered deaf dumb and blind in the world of computer crime, and would swiftly feel a desperate need to reinvent them. And this is no time to go starting from scratch.

On June 11, 1991, I once again arrived in Phoenix, Arizona, for the latest meeting of the Federal Computer Investigations Committee. This was more or less the twentieth meeting of this stellar group. The count was uncertain, since nobody could figure out whether to include the meetings of "the Colluquy," which is what the FCIC was called in the mid-1980s before it had even managed to obtain the dignity of its own acronym.