9-50.000 - CHIP Guidance
|9-50.100||Overview of Roles and Responsibilities in the Computer Hacking and Intellectual Property (CHIP) Program|
|9-50.101||United States Attorneys|
|9-50.102||Computer Crime & Intellectual Property Section|
|9-50.103||Executive Office for United States Attorneys|
|9-50.104||CHIP Coordinators and CHIP Unit AUSAs|
|9-50.105||National Security Cyber Cases|
|9-50.200||Specific CHIP Program Responsibilities|
|9-50.201||Prosecution of Cyber and Cyber-Enabled Offenses|
|9-50.202||Prosecution of Intellectual Property Offenses|
|9-50.203||Criminal Organizations and Infrastructure that Enable Computer Crime and Intellectual Property Offenses|
|9-50.204||Disruptive Actions to Combat Cyber and Intellectual Property Threats|
|9-50.300||Application of Resources|
|9-50.400||Coordination and Notification of the CHIP Network|
|9-50.700||Respect for Victims of Cyber and Cyber-Enabled Crimes and Intellectual Property Offenses|
9-50.100 - Overview of Roles and Responsibilities in the Computer Hacking and Intellectual Property (CHIP) Program
The United States Attorneys’ Offices (USAOs), the Computer Crime & Intellectual Property Section (CCIPS), and the Executive Office for United States Attorneys (EOUSA), in coordination with the Office of the Deputy Attorney General, have shared responsibilities for the performance, oversight, monitoring, evaluation, and coordination of the Computer Hacking and Intellectual Property (CHIP) program.
9-50.101 - United States Attorneys
The United States Attorneys have primary responsibility for implementing the CHIP program. These responsibilities include implementing the Department’s cyber and cyber-enabled crime and intellectual property crime strategies; ensuring that experienced and technically qualified Assistant United States Attorneys (AUSAs) serve as the district’s CHIP prosecutors; ensuring that full time equivalent (FTE) CHIP resources are dedicated to CHIP program objectives; ensuring that the USAO notifies, consults, and coordinates with CCIPS and other USAOs in accordance with JM 9-50.400; and promoting and ensuring effective interaction with law enforcement, industry representatives, and the public in matters relating to computer and intellectual-property crime. The United States Attorney should also ensure that each CHIP AUSA attends relevant training sponsored by the EOUSA’s Office of Legal Education (OLE), and in turn trains and advises prosecutors within the district.
9-50.102 - Computer Crime & Intellectual Property Section
The Computer Crime & Intellectual Property Section (CCIPS) has primary responsibility for developing the Department’s overall cyber, cyber-enabled, and intellectual property offense enforcement strategies, for providing programmatic support to the CHIP Network, and for coordinating cyber and cyber-enabled crime and intellectual property investigations and cases that may significantly impact more than one district and/or other countries. In addition to developing and prosecuting their own cases and assisting CHIP prosecutors in cases on request, CCIPS supports the CHIP Network by serving as a source and conduit for information through CCIPS Online, a website of resource materials; providing information on cases and current events to the CHIP AUSAs; providing legal expertise through the distribution of manuals, monographs, case summaries, and legislative analysis; and developing and implementing training programs for CHIP and other prosecutors in conjunction with OLE.
9-50.103 - Executive Office for United States Attorneys
EOUSA has primary responsibility for administering the budget for CHIP activities in the USAOs; funding and facilitating training for CHIP prosecutors through OLE; evaluating the CHIP program in the USAOs through its Evaluation and Review Staff (EARS); and providing personnel and facilities support for USAOs that includes CHIP activities. EOUSA’s contact for the CHIP Network serves on the Cyber and Intellectual Property Crime Subcommittee of the Attorney General’s Advisory Committee and assists the Subcommittee by providing legal and administrative support; works with CCIPS to develop and facilitate training at the National Advocacy Center for CHIP and other prosecutors; and works with CCIPS to review evaluations of the CHIP program and provide additional guidance or assistance as needed to the districts.
9-50.104 - CHIP Coordinators and CHIP Unit AUSAs
The CHIP Coordinators and CHIP Unit AUSAs (collectively CHIP AUSAs) in each district have five program responsibilities:
- to prosecute cyber and cyber-enabled crimes and intellectual property offenses;
- to serve as the district’s legal counsel on matters relating to those offenses, and the collection of electronic or digital evidence;
- to train prosecutors and law enforcement personnel in the region;
- to conduct public and industry outreach and awareness activities; and
- to ensure that their district has a process in place devoted to providing investigators with the appropriate legal process for victim identification promptly upon initiating a case and receiving such an investigator’s request.
The specific role of CHIP AUSAs in each of the districts will depend on a variety of factors, including the size of the district, whether it has a CHIP Unit or other dedicated CHIP FTE, the volume of cyber and cyber-enabled crimes and intellectual property cases referred, and the particular crime problems, industries, and critical infrastructure within the district. U.S. Attorneys’ Offices may have a dedicated CHIP unit, or may assign CHIP prosecutors to work in units focused on other offenses. Each U.S. Attorney is charged with implementing the CHIP program in the manner that best fits the resources and needs of their district.
Funded CHIP AUSA resources should be focused on the program responsibilities described above. While the United States Attorney retains the discretion to determine how these various roles and functions are carried out, it is essential that all of the CHIP resources are managed appropriately. Moreover, CHIP AUSA resources will be evaluated based on the district’s prosecution of the CHIP-related offenses set forth in JM 9-50.201 and 9-50.202.
CHIP AUSAs also must serve as the primary points-of-contact for all of the district’s law enforcement activities regarding cyber and cyber-enabled crimes and intellectual property crimes, including the investigation and prosecution of the district’s CHIP cases with a particular emphasis on cyber and cyber-enabled crimes and intellectual property offenses in JM 9-50.201 and 9-50.202.
9-50.105 - National Security Cyber Cases
Investigations of national-security-related cyber or cyber-enabled crimes fall within the scope of chapter 9-90.000 of this Manual. That chapter of the Manual describes the work of the National Security Division (NSD) and the National Security Cyber Specialists (NSCS) Network.
CCIPS, the CHIP network, NSD, and the NSCS network all support each other in the execution of their respective cyber and cyber-enabled crime responsibilities.
At the discretion of U.S. Attorneys, CHIP AUSA(s) can serve as the NSCS AUSA(s).
9-50.200 - Specific CHIP Program Responsibilities
While it is essential to allow each USAO the flexibility to implement its CHIP program to best meet the needs of its district, it is also important to ensure that USAOs are provided the necessary guidance and information to ensure that each CHIP program is operating consistently with the Department’s policies and strategies on the enforcement of intellectual property laws and the disruption and pursuit of cyber criminals.
9-50.201 - Prosecution of Cyber and Cyber-Enabled Offenses
CHIP AUSAs have primary responsibility for cyber crimes, defined as cases where a computer or network is the target of criminal action (e.g., computer intrusions, data breaches, damage to computers, ransomware and digital extortion, botnets, denial of service attacks, and the use or dissemination of malware). CHIP AUSAs' responsibilities can also include the investigation and prosecution of cyber-enabled crimes, specifically:
- crimes where online platforms or digital assets are central to the commission of the offense (e.g., investigations of bulletproof hosting, counter antivirus services, and darknet or online criminal markets; investigations into criminal digital asset exchanges, mixers, tumblers, stablecoin or token issuers, or other decentralized finance (DeFi) platforms (including instances in which the provider or platform is a target of, or a victim in, the investigation); crimes targeting digital asset service providers or other DeFi platforms; and digital asset theft and fraud schemes); and
- crimes in which a computer, electronic device, and/or the internet is used to harass, threaten, stalk, extort, coerce, cause fear to, or intimidate an individual.
When charging cyber and cyber-enabled crimes, CHIP AUSAs frequently charge offenses under 18 U.S.C. § 1030, the Computer Fraud and Abuse Act. Pursuant to JM 9-48.000, AUSAs shall consult with CCIPS with respect to decisions to charge a case under 18 U.S.C. § 1030. Other statutes used to charge the offenses described above include, but are not limited to, 18 U.S.C. §§ 1028, 1028A, 1029 (identity theft and access device fraud), 2261A (cyber stalking), 2511 (illegal interception of electronic communications in violation of Title III of the Omnibus Safe Streets and Crime Control Act), and conspiracy statutes applicable to those sections. U.S. Attorneys have flexibility about what charges are appropriate for a particular case. When a non-cyber offense charge or disposition has been approved, it is particularly important that the CHIP AUSA appropriately enter the case into CaseView as a cyber case (JM 3-16.110), and that the CHIP AUSA accurately reflects his or her time in USA-5 as cyber work (JM 3-16.120).
When determining which cyber and cyber-enabled crimes to prioritize, CHIP AUSAs should generally give priority to cyber and cyber-enabled crimes that endanger the health or safety of the public, including those crimes involving critical infrastructure. A denial-of-service or ransomware attack on a hospital’s computer network is an example of a computer crime with serious public health implications. To protect the economic safety of the public, USAOs should prioritize investigations and prosecutions of ransomware (or other cyber intrusions that involve economic extortion, such as data breaches used as a means of extortion). Those efforts should include outreach to the public and industry to prevent these attacks from succeeding in the first place and efforts to try to address those attacks as they are happening.
Additionally, CHIP AUSAs should work to prevent and respond to unlawful cyber intrusions involving our elections. As an initial matter, responsibility over elections in each district belongs to the District Election Officer (“DEO”), as designated by the U.S. Attorney in that district. But CHIP AUSAs should assist the DEO, in coordination with their federal agency partners, to engage in outreach to state and local election officials throughout their district in advance of federal elections to help identify, report, and stop cyber intrusions. CHIP prosecutors should also work with, and through, the DEO during the election (including on election day and other dates when voters are registered, votes are cast, or votes are tabulated) to address any cyber incidents should they occur (in consultation with the Public Integrity Section).
[added August 2023] [cited in JM 9-50.102]
9-50.202 - Prosecution of Intellectual Property Offenses
CHIP AUSAs should investigate, charge, and seek convictions for intellectual property offenses, including, but not limited to:
- Criminal Trademark Infringement: CHIP AUSAs should investigate and prosecute criminal trademark-related infringement, including, but not limited to, charges under 18 U.S.C. §§ 2318 (trafficking in counterfeit labels) and 2320 (trademark infringement), and 21 U.S.C. §§ 331(i) (counterfeit trademarks on drugs), 333(a)(1) (misdemeanor penalty), and 333(b)(8) (felony penalty for violations of Section 331(i)(3)) (charges under 21 U.S.C. §§ 301, et seq., require consultation with the Consumer Protection Branch, JM 4-8.200).
- Criminal Copyright Offenses: CHIP AUSAs should investigate and prosecute criminal copyright-related offenses, including, but not limited to, charges under 17 U.S.C. §§ 1201-1204 (circumvention of copyright control systems in violation of the Digital Millennium Copyright Act), 18 U.S.C. §§ 2319 (copyright infringement), and 2319A (live music infringement), 2319B (unauthorized recording of a motion picture), and 2319C (unlawful streaming).
- Economic Espionage and Theft of Trade Secrets: CHIP AUSAs should investigate and prosecute criminal economic espionage and theft of trade secrets, including, but not limited to, charges under 18 U.S.C. §§ 1831 and 1832 (although charges under 18 U.S.C. § 1831 require the approval of the Assistant Attorney General for the National Security Division, JM 9-59.100 and consultation with CCIPS is strongly encouraged for charges under 18 U.S.C. § 1832, JM 9-59.110).
These statutes generally best capture the offense conduct as intellectual property crimes and charging these intellectual-property specific offenses will have the additional benefit of allowing the Department to better track intellectual property prosecutions and report the Department’s achievements to Congress. U.S. Attorneys, however, have flexibility about what charges are appropriate for a particular case. When a non-intellectual property offense charge or disposition has been approved, it is particularly important that the CHIP AUSA appropriately enter the case into CaseView as an intellectual property case (JM 3-16.110), and the CHIP AUSA accurately reflects his or her time in USA-5 as intellectual property work (JM 3-16.120).
When determining which intellectual property violations to investigate and pursue, CHIP AUSAs should prioritize:
- Public Health and Safety: CHIP AUSAs should prioritize intellectual property crimes that endanger the health or safety of the public. Trafficking in counterfeit drugs (which are ingested and can include dangerous materials like lead or fentanyl), defective counterfeit electrical devices, or counterfeit automobile brake parts are examples of trademark offenses that pose a health or safety risk.
- National Security: CHIP AUSAs should prioritize intellectual property offenses that implicate national security-related interests including, for example, the sale of counterfeit products intended for use by the military or the acquisition by adversaries of technologies that can be used to enhance military capabilities or support human rights abuses.
- Economic Espionage and Theft of Trade Secrets: CHIP AUSAs should prioritize economic espionage and trade secrets offenses, particularly theft of technology from the United States to those in another country and/or theft that relates to emerging or advanced technology, critical infrastructure, products or technology significant to the United States as a whole or a particular district, sought after by adversaries for disruptive purposes, or dangerous to the integrity of financial markets.
- Large-Scale Trademark and Copyright Offenses: CHIP AUSAs should prioritize large-scale criminal trademark offenses and copyright infringement crimes, such as the illegally copying and distribution of software or the online streaming of pirated movies, where the potential economic harm from that conduct is significant (including where the harm is significant nationally or in a particular district).
9-50.203 - Criminal Organizations and Infrastructure that Enable Computer Crime and Intelectual Property Offenses
CHIP and non-CHIP AUSAs should continue their efforts to pursue large, complex, organized crime groups, including those operating in multiple countries. The disruption of criminal infrastructure that enables computer crime and intellectual property offenses can be particularly beneficial. These include:
- illicit forums, websites, and platforms, including on the darknet, that are used by cybercriminals to communicate with one another, as well as to sell criminal goods and services;
- hosting and other technology companies that deliberately offer online infrastructure (including Internet Protocol (IP) addresses, servers, virtual private networks, and domain names) to criminals in order to facilitate a variety of cybercrimes, such as by anonymizing the actors’ activities;
- counter antivirus services (CAV) that allow “crypters” to test malicious files, URLs, IP addresses, and domains to ensure that they are not detected by antivirus solutions; and
- mixing services and tumblers that let criminals hide illicit virtual currency transactions and launder criminal proceeds.
CHIP AUSAs should take steps to determine whether the computer crime and intellectual property offenses under investigation are being committed to fund or otherwise support terrorist activities or are being carried out by nation-state actors or their agents or proxies. For cases involving international terrorism or domestic terrorism, or affecting, involving, or relating to the national security, JM §§ 9-2.136, 9-2.137, 9-90.010, and 9-90.020 set forth notification, consultation, and approval requirements, including those at the opening and investigative stages, which may warrant additional prosecutorial resources (e.g., the participation of an NSD National Security Cyber Section (NatSec Cyber) trial attorney or a district’s NSCS AUSA).
CHIP AUSAs working on investigations that identify foreign targets or victims should, where appropriate and consistent with the requirements at 9-13.500 et. seq., utilize all available tools and law enforcement channels—including federal investigative agencies’ foreign legal attaches and attaches stationed in-country—to establish channels of communication with our foreign counterparts. Unlike formal methods of obtaining information, such as through Mutual Legal Assistance Treaties, informal evidence-sharing is often more efficient, and sometimes essential, in fast-breaking investigations. This approach has proved successful in obtaining greater cooperation and information sharing in recent international investigations. CCIPS, the Criminal Division’s Office of International Affairs (OIA), and the Money Laundering and Asset Recovery Section (MLARS) can be highly useful resources for CHIP prosecutors when pursuing international leads, seeking to recover forfeitable assets located abroad, and encouraging foreign enforcement of intellectual property and cybercrime laws. They have experience with such cases, and they have developed an extensive network of foreign law enforcement contacts by working international cases, providing foreign training and technical assistance, and leading such international initiatives as the G7 “24/7” Network, a collection of more than 90 countries committed to providing immediate assistance in cyber-related criminal investigations.
9-50.204 - Disruptive Actions to Combat Cyber and Intellectual Property Threats
Unique among the Department of Justice’s authorities is the ability to hold criminal actors accountable through arrests and prosecutions. It is the hallmark of the work that the Department pursues across a wide range of crimes, and it is similarly effective in preventing future threats. Charging, apprehending, and incapacitating actors to hold them responsible for their actions remains a priority in criminal cases.
The Department of Justice’s ability to combat threats, however, is not limited to arresting and prosecuting individual operators. Because the prevention of harm must be our first priority, throughout an investigation, prosecutors shall assess whether other disruptive actions aside from, or in addition to, apprehension of the threat actors could remedy or minimize the ongoing risk of harm in investigations involving cyber or cyber-enabled crimes or intellectual property offenses. Operations that will produce substantial disruptions of significant harmful activity should be prioritized, even if such actions might otherwise alert criminal actors of the nature or existence of the Department’s investigation. These disruptive actions should continue and expand to incorporate all available criminal, civil, national security, and administrative tools to dismantle the infrastructure used by criminals, as well as to deprive malicious actors of the fruits of their criminal actions, including through seizures and forfeitures of property derived from or involved in the criminal activity wherever possible.
For investigations governed by JM 9-51.100 and 9-51.101, at the outset of an investigation, and periodically as an investigation progresses, prosecuting offices will consult with investigative agencies about available online technical disruption options—such as taking control of domain names, servers, or digital assets with lawful authority, remote access search warrants, or injunctions under 18 U.S.C. §§ 1345 or 2521—and other disruption actions available to the Department, other U.S. government departments or agencies, foreign governments, and the private sector, including notifications and information sharing. Such consultations shall include CCIPS (including its National Cryptocurrency Enforcement Team), NatSec Cyber, the Counterterrorism Section (CTS), the Money Laundering and Asset Recovery Section (MLARS), the National Cryptocurrency Enforcement Team (NCET), or the Office of International Affairs, as appropriate. The Office of the Deputy Attorney General (ODAG) shall resolve any disagreements among investigative agencies, prosecuting offices, or other components regarding disruption actions.
9-50.300 - Application of Resources
Although all USAOs are generally expected to devote resources to CHIP program objectives, those districts that have received FTE funding for the CHIP program should utilize those resources consistent with the program objectives described above. The creation of “Intellectual Property” and “Computer Crime” case categories in Form USA-5 and CaseView should enable USAOs to accurately record program work and it is critical that all prosecutors accurately enter that time so that DOJ can track resources on Intellectual Property and Computer Crimes. In addition, the use of performance work elements that reflect non-case related work, such as outreach and training, should encourage such work by CHIP AUSAs and provide an opportunity for them to track and quantify the work not otherwise reflected in case statistics.
The proper application of dedicated CHIP resources will be the subject of review by EOUSA’s Evaluation and Review Staff (EARS). In addition, the annual collection of intellectual property prosecution statistics is required by statute, and those statistics will be reviewed along with EARS reports and other available information by the Office of the Deputy Attorney General, in order to determine whether dedicated FTE resources are being effectively used and appropriately allocated.
9-50.400 - Coordination and Notification of the CHIP Network
The CHIP Network (AUSAs and CCIPS Trial Attorneys) will work together to ensure that computer and intellectual property criminal statutes are vigorously enforced throughout the nation. CHIP Network prosecutors should work with each other and law enforcement agencies to share information and reduce conflicts whenever possible.
To reduce conflicts whenever possible and to ensure best practices in cyber and intellectual-property investigations, the following notices and information sharing should take place:
CCIPS Investigations—Prior to initiating any activity related to an investigation or prosecution in any district, CCIPS shall notify the CHIP AUSA for that district.
Multi-District Investigations and Nationwide Investigations:
- Multi-District Investigations—CHIP AUSAs shall notify CCIPS, and the CHIP AUSAs of the affected districts, of multi-district investigations. “Multi-district investigations” are those in which there is a significant or substantial connection to more than one district.
- Example: An investigation targeting a group suspected of operating a computer server for the distribution of pirated software would be considered to be multi-district in nature if any of the targets or computer servers are located in more than one district. However, the fact that other individuals may have downloaded the software in another district would not be considered to cause “significant impact” or to result in a “substantial connection” to the district.
- Example: If a hacker were to use an Internet Service Provider in another district or counterfeit goods were transshipped through another district, these are not instances that would have a significant or substantial connection to the other district.
- Nationwide Investigations—CHIP AUSAs shall notify CCIPS of nationwide investigations. CCIPS, in turn, shall notify districts in which defendants are located or otherwise have a significant or substantial connection to the case. “Nationwide investigations” are those that will likely have a significant or substantial impact in all or most of the districts in the United States. An example is a creator of a virus that spreads to thousands of computer networks, causing extensive damage in nearly every district. That conduct would be the target of a nationwide investigation. Similarly, a data theft of personal financial information for millions of consumers would be a nationwide investigation.
- Resolving Disputes as to Multi-District or Nationwide Investigations—Disputes about who should handle multi-district or nationwide investigations shall be resolved as set forth in JM 9-51.101.
- International Investigations—CHIP AUSAs shall notify CCIPS as early as possible in the investigative stage and prior to the charging decision in international investigations. “International investigations” are those in which one or more targets are located in a foreign country. In international investigations with significant foreign targets, CHIP AUSAs should notify CCIPS whether the USAO intends to prosecute and determine whether the foreign jurisdiction will prosecute the target. The factors for determining whether an individual is subject to effective prosecution in another jurisdiction are set forth in JM 9-27.240. Additionally, CCIPS will notify the USAO prior to making any disclosure to foreign law enforcement to preclude an adverse impact on the domestic investigation.
- Urgent Reports—CHIP AUSAs should ensure that urgent reports are submitted for matters as set forth in JM 1-13.100 and 9-51.101(4).
- Significant Judicial Decisions—CHIP AUSAs should inform CCIPS of significant investigations and prosecutions and any significant judicial decisions issued in such cases. For example, USAOs should send a copy of Urgent Reports (emailed to EOUSA) in cases falling within the CHIP Network’s subject matter responsibility to CCIPS. CCIPS should, in turn, apprise the CHIP Network of significant case events and decisions through its established methods of communication.
- Computer Fraud and Abuse Act (CFAA) Charging Consultation—Pursuant to JM 9-48.000, AUSAs shall consult with CCIPS with respect to decisions to charge a case under the Computer Fraud and Abuse Act, 18 U.S.C. § 1030, and observe additional notification and approval requirements as applicable.
- Economic Espionage Charging Consultation—Pursuant to JM 9-59.100, CHIP AUSAs shall obtain approval of the Assistant Attorney General for the National Security Division to bring economic-espionage charges under 18 U.S.C. § 1831.
- Trade Secret Theft Charging Consultation—Pursuant to JM 9-59.110, CHIP AUSAs are strongly urged to consult with CCIPS before initiating trade secret theft prosecutions under 18 U.S.C. § 1832.
- Coordination of CHIP and Consumer Protection Branch Attorneys—Pursuant to JM 4-8.200, upon opening a criminal investigation into violations of the Federal Food, Drug, and Cosmetic Act, 21 U.S.C. §§ 301 et seq., including for criminal-trademark violations, CHIP AUSAs must notify and consult with DOJ’s Consumer Protection Branch about the matter.
- Election Matters: Election Related Consultation—Pursuant to JM 9-85.210, CHIP AUSAs shall consult with the Public Integrity Section (PIN) for any matters involving alleged or suspected corruption of the election process or other similar election crimes, prior to opening any such matter or taking potentially overt investigative action. See also JM 9-85.300. Pursuant to JM 9-85.500, CHIP AUSAs also shall consult with PIN regarding any matters or actions that may have an impact on an election or raise the perception of such an issue.
- Coordination of CHIP and NSCS Attorneys—To the extent that the CHIP and NSCS attorney responsibilities are held by different attorneys at a U.S. Attorney’s Office, CHIP and NSCS attorneys should coordinate efforts as identified in JM 9-50.105 and 9-90.040.
- National Security Matters: For cases involving international terrorism or domestic terrorism, or affecting, involving, or relating to the national security, JM 9-2.136, 9-2.137, 9-90.010, and 9-90.020 set forth notification, consultation, and approval requirements, including those at the opening and investigative stages.
9-50.600 - Training
Each United States Attorney and CHIP AUSA has the responsibility of ensuring that CHIP AUSAs maintain their expertise by attending conferences and seminars sponsored by the Office of Legal Education, especially the annual CHIP Conference and Intellectual Property Seminar. Although USAOs should encourage other AUSAs to attend OLE/CCIPS-sponsored training, CHIP AUSAs should conduct in-office legal training to keep other AUSAs apprised of critical search and seizure law applicable to obtaining electronic evidence and conducting electronic surveillance. In addition, CHIP AUSAs should improve regional training on intellectual property enforcement for federal and state agents, and continue to conduct outreach to the high-tech industry and rights holder sector to foster the sharing of information critical to effective prosecutions. CHIP AUSA training should include training on the disruptive options identified in JM 9-50.204 above.
OLE should continue to partner with CCIPS and NSD’s National Security Cyber Section in sponsoring training virtually and in-person, in particular, annual training directed at keeping the Department’s group of expert prosecutors at the cutting edge of law, emerging technology, and the “all tools” approach to disrupting cyber threats. As resources permit, OLE and partners will continue to present seminars such as Electronic Evidence; Computer Forensics; Dark Market and Online Investigations; Intellectual Property Crimes Seminar; Trade Secrets and Economic Espionage Seminar; the Cyber Attacks and Intrusions Seminar; and the NSCS Conference.
9-50.700 - Respect for Victims of Cyber and Cyber-Enabled Crimes and Intellectual Property Offenses
Cyber and intellectual property cases can potentially have victim and witness sensitivity issues. For example, a company may fear public disclosure of a computer intrusion or theft of trade secrets which may, in turn, impact the victim’s willingness to alert law enforcement to an issue. CHIP AUSAs should ensure that they follow current Guidelines for Victim and Witness Assistance issued by the Department, both in the form of guidance memoranda and Justice Manual provisions.
Foremost among the Department’s goals is our pledge to keep our country safe from threatened or ongoing harm. Department personnel are required by law and under the Attorney General Guidelines for Victim and Witness Assistance (AG Guidelines) to identify victims of a crime, notify them of their rights, and offer them services as described in the AG Guidelines. In the context of cyber and cyber-enabled crimes, as with many other crimes, timely victim identification and notification can be the difference between successful mitigation or significant cyber attack. Both the Department and the FBI measure our performance in the context of cyber investigations, in part, by how quickly we are initiating cases and FBI personnel are contacting victims. In this context, investigators frequently require grand jury subpoenas or other legal process to learn the identity of a victim (e.g., to receive subscriber information for an Internet Protocol address). CHIP AUSAs should ensure that their district has a process in place devoted to providing investigators with the appropriate legal process for victim identification promptly upon initiating a case and receiving such an investigator’s request, as identified in JM 9-50.104.
[added August 2023]