Statement of Paul Misener,
Vice President for Global Public Policy, Amazon.com, Inc.
Testimony Before the
Subcommittee on Crime of the House Committee on the Judiciary
and the
Subcommittee on Criminal Justice Oversight of the
Senate Committee on the Judiciary
Hearing on Internet Denial of Service Attacks and the Federal Response
February 29, 2000
My name is Paul Misener, and I am Amazon.com's Vice President for Global Public Policy. Amazon.com opened its virtual doors in July 1995 with a mission to use the Internet to transform book buying into the fastest, easiest, and most enjoyable shopping experience possible. Today, Amazon.com also offers consumer electronics, toys, CDs, videos, DVDs, home improvement tools, and much more. Seventeen million people in more than 160 countries have made us the leading online shopping site.
Amazon.com greatly appreciates the opportunity to testify before these two subcommittees on the recent distributed denial of service attacks. We look forward to working with Congress to address these incidents and other important Internet policy issues.
We particularly support the federal government's involvement in fighting criminal behavior on the Internet, and are actively cooperating with law enforcement agencies in their investigations. Because electronic commerce is the driving factor in the current booming economy, our nation's economic well-being depends in part on stopping criminal activity that impedes e-commerce.
Although the distributed denial of service incidents that occurred three weeks ago have been described many times, a short description of what specifically happened to Amazon.com bears repeating.
In essence, for about an hour on February 8, 2000, a large amount of so-called "junk traffic" was directed to our site. This junk traffic degraded the technical quality of service at the site.
To be clear: this was not a break-in at our online premises but, rather, a deliberate and illegitimate crowding of the virtual "driveways and sidewalks" around our online store. This crowding somewhat hindered our customers' ability to visit and shop.
At all times during this crowding, however, our customers' information was safe and secure, and many customers were able to enter and shop at our store. Nonetheless, for about an hour, our customers experienced congestion-related delays when visiting the site. For Amazon.com's customers, who have come to expect the world's best online shopping experience, even such a relatively minor inconvenience is frustrating.
This is a key point: consumers are the ones inconvenienced by distributed denial of service attacks. Indeed, millions of consumers have come to rely on the Internet to communicate, shop, invest, obtain news, and learn online. The denial of service attacks earlier this month interrupted these important consumer activities and, thus, it is on behalf of consumers that all of us must work to prevent these attacks in the future.
So what can the federal government do about distributed denial of service attacks? Obviously, a key role of government is to prosecute the perpetrators of these criminal actions. Current laws, notably the federal Computer Fraud and Abuse Act, appear to provide some prosecutorial authority, and have been used successfully in several recent hacking cases.
In addition to current law, Attorney General Reno and FBI Director Freeh have suggested extending existing law or enacting new laws to combat distributed denial of service attacks and other criminal behavior on the Internet. And Mr. Holder has suggested establishing stiffer penalties under existing statutes.
On behalf of our current and future customers, Amazon.com would be happy to work with your subcommittees on any new legislation to address Internet crime issues.
Successful prosecutions, of course, also rely on adequate resources with which to conduct investigations. Amazon.com believes that additional resources should be applied in at least four areas:
1. First, continuous training in the latest digital forensic techniques, as well as the newest technologies, should be at the top of any list for additional funding. In particular, additional training in electronic evidence handling is necessary.
2. Second, given the strong demand for information technology experts, both within and outside of government, law enforcement agencies need additional resources to retain senior IT professionals and attract new ones.
3. Third, federal law enforcement agencies should have sufficient resources to help educate private industry and consumers on preventing Internet-related crime.
4. Finally, funding for better coordination among the agencies is needed. The recent incidents were not geographically localized, and there is no reason to expect that future Internet crime will be.
In all of these areas, government interaction with private industry would be helpful. Amazon.com already is engaged in such a partnership: in addition to assisting the ongoing investigations, our technologists are helping to train various law enforcement personnel on the latest developments in Internet technology.
Thank you very much for the opportunity to testify before your subcommittees. I would be pleased to answer your questions and I look forward to working with you in the future.
* * * * * * *
NEWSLETTER
|
Join the GlobalSecurity.org mailing list |
|
|