Could Blockchain Technology Enhance Communications in Major Law Enforcement Actions?

Complex Cases Present Complex Challenges

On December 2, 2015, a married couple opened fire at a holiday party in San Bernardino, California killing 14 people and injuring 22 others. Both attackers were killed in a gun battle with police. A massive investigation conducted by numerous local, state, and federal agencies found that the attackers were planning a terror attack before the tragedy.

On October 1, 2017, a shooter opened fire on a crowd of concertgoers at the Harvest Music Festival on the Las Vegas strip killing 58 people and leaving 851 injured. The 10 minutes of shooting is now known as the deadliest mass shooting in United States history. A multitude of local, state, and federal authorities participated in the subsequent investigation.

On November 13, 2015, at least seven simultaneous terrorist attacks took place throughout Paris killing 129 people, including 89 in the Bataclan concert hall. More than 350 people were injured as well. At least 7 terrorists were involved in these organized multifaceted attacks which included mass shootings, hostage takings, and suicide attacks. The subsequent investigation involved national and international intelligence and law enforcement agencies.

We also see more and more cases where multiple local, state, and federal law enforcement agencies band together to investigate violent gang members, human traffickers, serial killers, and child abductions, for prosecution in state and federal jurisdictions.

First Responders in Major Events

The initial response to tragic events will involve multiple local, state and federal government agencies guided by unique regulations and procedures. Many cases result in long and complicated investigations and trials where the evidence collected is fiercely challenged in judicial proceedings. Even when the perpetrators do not survive the attacks, the public will demand a full investigation to unravel the evidence, determine motives of the attackers, identify and prosecute co-conspirators, and prevent occurrences in the future.

Case Management Systems

Many investigative agencies and prosecuting authorities have developed their own record keeping procedures to satisfy rules and regulations for the respective agencies. Others may make use of high quality case management software to manage the flow of information. Nothing is wrong or incorrect with the wide variety of systems, but the systems are not necessarily compatible with each other. Some of the compatibility limitations can be identified and addressed through training and practice for major catastrophes.

Can Blockchain Shared Ledger Technology Assist in the Process?

Without being involved in large scale operations, it may be hard to grasp the complexity of gathering, managing, and distributing the enormous amounts of data collected in these matters. Even criminal investigations of lesser magnitudes can result in thousands of pieces of data collected by different investigative agencies. Managing the data is critically important to comply with existing rules, regulations, and laws governing the proper collection of evidence and the resulting admissibility of evidence. Government authorities are also responsible for disclosing evidence to opposing counsel prior to trial, to include evidence that could benefit defendants. Failure of compliance can result in evidence being excluded, mistrials, and overturned convictions. Judicial authorities often have to referee disputes between government and defense counsel over the admissibility or concealment of evidence. Improper management of the data can also fuel unfounded conspiracy theories that survive long after a case is concluded.

Can Blockchain shared ledger technology knit together the roles of investigators and prosecutors while maintaining the separation of responsibilities?

Present time, multiple-agency investigations are the norm in significant government investigations. There is nothing inherently wrong with different agencies using their own procedures to document their work, and this should not be changed. In the United States, we have never had, nor should we have, only one police force to serve the public. Also, to ensure a proper balance of duties, the investigative agencies report the result of the investigations and prosecuting authorities make decisions about persons charged or not charged with crimes. However, investigators need the input of prosecutors as the case unfolds, and prosecutors need the input of investigators for charging and trial considerations. All are responsible for the proper collection and disclosure of evidence to defendants and their attorneys.

During multiple agency investigations, we see that the investigative results can be siloed inside each agency until communication procedures are developed with the other participants in the investigation. Eventually, the job of gathering and forwarding information to prosecuting authorities gets done, but is there a better way?

Enter Blockchain technology and the permissioned shared ledger system. We know that the Blockchain system with Bitcoin and other cryptocurrencies is designed for participants who do not know or have to trust each other. In this un-permissioned system, anyone can be a participant and anyone can view the Blockchain ledger. This model would not work for multi-jurisdictional responses to events as described above.

A Shared Ledger System

In a closed and permissioned Blockchain system, the participants share the same ledger and collectively approve of new additions to the ledger. So each addition of data will be seen by all participants as the Blockchain ledger is being built. At the end, all participants will have an immutable, time-stamped, and un-hackable ledger of all data points in the case. Logically, the participants would be representative(s) from each agency and prosecuting authority. The approved participants could then monitor the investigation as events are unfolding.

If a shared ledger system is implemented, it would be incumbent on each participant to develop reliable procedures to transfer information from their respective investigation to the Blockchain shared ledger in a timely manner. There should be no need for the participating agencies to peer into the entire files of their counterparts. The various agencies may be reluctant to share their entire files that may contain non-pertinent and agency-specific information.

The resulting agreed-upon shared ledger would show the origin and disposition of information gathered by each participant, to include evidence gathered, chain of custody, email and text communications, computer and smart phone analyses, photographs, interview results, other leads generated, etc., all in an unalterable and time-stamped chronology.

A shared ledger system would not solve all communication and evidentiary problems such as non-cooperation between participants or the unauthorized disclosure of information, i.e., leaks. Those issues are left to the professionalism of the people involved.

Challenge to Blockchain Developers and Users

So here are some challenges that Blockchain developers and potential users may want to consider:

Can a closed and permissioned Blockchain system be designed for use by law enforcement agencies and prosecuting authorities?

Can a shared ledger system satisfy judicial requirements for the collection and disclosure of evidence?

Can robust shared ledger software and hardware be developed in a cost effective manner?

Can a shared ledger be beta-tested for efficiency and effectiveness?

Would shared ledger technology be compatible with existing record management systems of the participants?

Can it be demonstrated that Blockchain technology will improve collaboration between existing data management systems within various agencies?

Can Blockchain technology prevent identity theft schemes that may be used to impersonate participants?

Can Blockchain technology prevent the unintentional or intentional spillage of classified information into the shared ledger?

Are Federal grants available to assist with the testing and adoption of new technology for data management?

Conclusion: It seems that emerging Blockchain technology may offer improvement to data management challenges as seen in major law enforcement actions. But could this be done in a cost effective manner and adapted to systems already in place? If not, the technology will face an uncertain future if the costs exceed limited governmental budgets. Blockchain technology will have to demonstrate its worth as a cost effective improvement in a very demanding environment.

Vulnerable Victim Fraud

Senior Citizen Financial Exploitation – Dealing with a Stubborn Victim

Main Discussion Points:

  • Many elderly victims of Romance and Investment scams are reluctant to cooperate with authorities
  • They continue to send money to scammers despite repeated warnings
  • Victims will lie to loved-ones and continue their destructive behavior
  • One-time interventions do not work with chronic victims
  • Using well-informed Mentors or Coaches are recommended for long-term interventions

Nobody wants to be a fraud victim, right? Most victims are more than willing to cooperate with authorities and are ecstatic when the bad guys are busted. However, in the corrupt world of romance and investment fraud scams, we find that many victims are uncooperative with authorities even as the scams generate millions of dollars in losses to fraud victims.

Romance Scams and Financial Exploitation

The art of cheating people out of their money has metastasized into the world of online romance schemes. The problems is particularly acute with financially secure senior citizens who are also experiencing loneliness and/or cognitive deterioration in their lives. These heartless crimes are not based on chance encounters between willing participants, but instead are cold, calculating schemes designed to rob, cheat, and steal from the victims.

The well-practiced perpetrators have formed sophisticated syndicates to identify victims, conduct reconnaissance on the victims to learn about their background, initiate contact through seemingly innocent approaches, establish trust with the victims, and then move in for the swindle. If the fleecing is successful, the organized groups have formed money laundering networks to efficiently move victims’ money through the banking system to avoid detection. Many victims are molded to become unwitting money launderers by convincing them to deposit and transfer money. This money has often been obtained from other scams. As examples, the unwitting money laundering “mules” are encouraged to deposit checks into their own bank accounts and then send money through Western Union, Money Gram, Green Dot Money Pak cards, and other re-loadable cards..

Crooks create and sell “sucker lists” to other scammers and even re-victimize people by impersonating authority figures to assist them, for a fee of course.

As the already prolific number of victims continues to increase, a wide variety of organizations, financial institutions, law enforcement, prosecutors, and family members are forming alliances to identify scammers, arrest perpetrators, and recover money. The good news is the availability of resources explaining the methodology of criminals, the wide variety of scams, and preventative measures. The bad news is that many victims, particularly senior citizens, refuse to believe that they are being scammed and continue to send money to the thieves despite being warned of the crimes.

The Problem of Stubborn and Compliant Victims

Family members and caretakers are frustrated when the victims continue to send money despite being told they have not won a contest, their grandkids are not in jail in need of bail money, or the online love interest is really a fake. As we see in many cases, loneliness and isolation of the victims become powerful roadblocks to careful thought and reason. Matters can become more complicated with the onset of cognitive deterioration, both medically diagnosed or undiagnosed. The weaknesses of loneliness, isolation, and cognitive deterioration are skillfully targeted and exploited by the worst offenders.

Fortunately, many victims will stop sending money after learning of the real facts, but how do we handle the stubborn and/or compliant victims who continue to send money?

Suggestions for Interacting with Chronic Victims:

First, it must be realized that one-time interventions do not work. The deeply rooted problems behind the stubbornness and compliance do not lend themselves to easy solutions. The plan of action may require (a) gaining knowledge of the unique circumstances of each case; (b) tailoring an approach to each victim; and (c) a time commitment to work with the victims, particularly where a family or social safety net does not exist.

Chronic victims may require a long process to rehabilitate their destructive behavior. Victims may not want a family member involved or may not have family support at all. Victims may be afraid of losing their independence if their families decide to take away their ability to handle finances. Victims may not recognize the frauds as crimes, or have been threatened by the criminals. Victims may find it difficult to accept that fake names and photographs were used. Many victims will lie about their continuing interactions with “friends” or online “lovers”.

So how do we lay the groundwork for successful interventions with the compliant or stubborn victims? Answers may be found by forming a long term strategy for changing the behavior of such people.

An Outline for Successful Interventions:

The following lengthy outline is intended to offer suggestions to increase the chances of changing the destructive behavior:

  1. Do not judge and criticize the victim. It is easy to become frustrated and angry when advice is rejected. Patience in developing a trusting relationship is key.
  2. Gather information and conduct research about the current threat, and share this information with the victim.
  3. Discuss the importance of good cyber hygiene practices, particularly with social media.
  4. Contact law enforcement if a fraud has occurred.
  5. If the victim is elderly, contact Adult Protective Services in your state.
  6. Consider a medical assessment. Deteriorating health issues should be identified and handled by medical professionals.
  7. Consider legal and creditor interventions.
  8. Identify all banking accounts used by the victim and encourage the victims to work with their financial institutions to close accounts affected by a fraud and open new accounts.
  9. Change phone numbers and all passwords. If this is done, expect fraudsters to re-establish contact. Beware of unsolicited home deliveries where thieves will attempt to learn of new contact information.
  10. Encourage family involvement.
  11. Discuss improving money management skills.
  12. Learn about Conservatorship and Guardian procedures. Legal advice may be necessary.
  13. Consider and discuss the risks of re-victimization.
  14. Monitor the mail for solicitations of small donations. Scammers have been known to create sucker lists from small checks sent in response to mailed solicitations.
  15. Discuss and reduce the risks of telephone solicitations from persons requesting donations. Do not give credit card information over the phone.
  16. Create a safety network of trusted persons for the victim to contact. Develop a safety plan between the victim and a trusted person or persons.

A Need for Coaches and Mentors

Changing the behavior of the chronic victim may require finding a trusted mentor, or even a “coach” for the victim to check-in with on a regular basis. A coach may be in a better position to convince the victim to rebuff unwanted phone calls, identify spurious mailed solicitations, and avoid sketchy social media contacts. A well-informed coach or mentor could navigate the victim towards assisting agencies, web sites, availability of restitution of losses, potential tax write-offs, and other recovery funds. Coaches or mentors may be found within the family, outside the family with a trusted friend, or from professional resources such as attorneys, investment advisors, and accountants. Professional services may not be free, but the money spent may help to avoid additional losses.

Resources for Coaches and Mentors

Coaches and mentors can learn about threats through a variety of free online resources. The following list provides valuable information. Other sources of information can also be located and used.

To report fraudulent conduct:

The Unites States Consumer Financial Protection Bureau publishes easy to understand booklets called Managing Someone Else’s Money providing guidance to agents with Power-of-Attorney, court-appointed guardians, trustees, and government benefit fiduciaries. The guides will walk fiduciaries through their duties, show how to watch out for scams, and what to do if someone is a victim. The booklets can be located at

Conclusion: Changing the behavior of uncooperative victims being fleeced can be frustrating to those persons who generously attempt to intervene and stop obvious fraud. But don’t give up hope – it is worth the fight. A long-term intervention plan using a trusted mentor or coach may be necessary. Help is available for those who can find it.

Cryptocurrencies, Blockchain and Fraud

Understanding Security Clearances – What Blockchain Users Should Know

Main Points For Consideration:

  • Transmitting classified information requires strict adherence to complex rules.
  • Intentional misuse of security classifications can result in severe penalties.
  • Unintentional misuse of security classifications can also result in adverse actions.
  • Blockchain users doing business with the United States Government are responsible for compliance with existing security rules and regulations.
  • Proper training and knowledge may prevent unauthorized disclosure of classified information into an existing Blockchain shared ledger.

The rapid expansion of Blockchain technology demonstrates increasing involvement with government entities at the local, state and federal levels. Local and state governments are incorporating permissioned shared ledger processes for voting records, real estate records, medical records and other uses. It is not publicly known to what extent the federal government intelligence community is evaluating or using Blockchain technology. It is, however, reasonable to assume that Blockchain technology may be tested and used in a variety of roles to protect and exchange sensitive government information. If so, Blockchain technology will interact with the complex rules overseeing the use of government classified information.

What Are the Different Classification Levels?

Current descriptions of the different levels of U.S. government classifications can be found on multiple open-source resources such as: National security information that requires protection against unauthorized disclosure are classified at one of the following levels:

Top Secret Clearance is applied to information that reasonably could be expected to cause exceptionally grave damage to the national security to unauthorized sources.

Secret Clearance is applied to information that reasonably could be expected to cause serious damage to the national security if disclosed to unauthorized sources.

Confidential Clearance is applied to information that reasonably could be expected to cause damage to the national security if disclosed to unauthorized sources. The vast majority of military personnel are given this very basic level of clearance.

Unclassified is not technically a classification but is the default term referring to information that can be released to individuals without a clearance

What is Sensitive Compartmented Information (SCI)?

SCI information may be either Top Secret or Secret, but in either case it has additional controls on dissemination beyond those associated with the classification level alone. The “need to know” principle is formally and automatically enforced. The SCI designation is an add-on, not a special clearance level.

What is the Special Access Programs (SAP)Designation?

The U.S. Government provides security protocols for highly classified information with safeguards and access restrictions that exceed those regular classified information. In addition to collateral controls, a SAP may impose more stringent investigative or adjudicative requirements, specialized non-disclosure agreements, special terminology or markings, exclusion from standard contract investigations and centralized billet systems. This information can also be found by researching open-source sites such as:

U.S. Government Documents:

To be properly classified, an individual or individual charged by the U.S Government with the right and responsibility to properly determine the level of classification and the reason for the classification must determine the appropriate classification level, as well as the reason the information is to be classified. A determination must be made as to how and when the document will be declassified, and the document marked accordingly. Individual agencies within the government develop guidelines for what information is classified and at what level. Classified U.S. Government documents must be stamped with their classification on the cover and at the top and bottom of each page. Authors must mark each paragraph, title and caption in a document with the highest level of information it contains. Persons with lower clearance levels are not permitted to have access to information classified at higher levels. Conversely, persons with higher levels of clearance have access to information from lower classifications. .

Who is Eligible for Obtaining Security Clearances?

Eligibility for access to classified information is granted only to those for whom an appropriate personnel security background investigation has been completed. It must be determined that the individual’s personal character and professional history indicates loyalty to the Unites States, strength of character, trustworthiness, honesty, reliability, discretion, and sound judgment, as well as freedom from conflicting allegiances and potential for coercion, and a willingness and ability to abide by regulations governing the use, handling, and protection of classified information. A determination of eligibility for access to such information is a discretionary security decision based on judgments by appropriately trained adjudicative personnel. Eligibility will be granted only where facts and circumstances indicate access to classified information is clearly consistent with the national security interests of the United States. Access to classified information will be terminated when an individual no longer has need for access.

Unauthorized Disclosure of Classified Information: .

I found in open-source research that the U.S. Department of Defense states that an unauthorized disclosure is the communication or physical transfer of classified or controlled unclassified information to an unauthorized recipient. An unauthorized recipient can be anyone. Unauthorized disclosure of classified information can be either intentional or accidentally and can occur through leaks, spills, espionage, or not following proper safeguarding procedures.

Leaks are deliberate disclosures of classified information to the media. Classified data spills are accidental or intentional disclosures of classified information that occur across computer systems.

Spills are considered and handled as a possible compromise of classified information involving information systems, networks, and computer equipment until it is determined whether an unauthorized disclosure occurred.

Espionage includes activities designed to obtain, deliver, communicate, or transmit information relating to the national defense with the intent or reason to believe such information will be used to harm the United States or to the advantage of a foreign nation or transnational entity.

Unauthorized disclosure of classified information due to improper safeguarding procedures, although usually unintentional, can be just as damaging to national security as intentional unauthorized disclosures.

Duties to Disclose Unauthorized Disclosures:

Prior to receiving authorization to handle classified information, a classified information nondisclosure agreement is executed between participants. Within this agreement are requirements to receive a security indoctrination concerning the nature and protection of classified information, including the procedures to be followed in ascertaining whether other persons to whom I contemplate disclosing this information have been approved for access to it. The security training will include procedures to be taken when a security breach is discovered. Once discovered, the classified information must be protected to prevent further disclosure. Then, the disclosure must be reported to appropriate authorities who will, in turn, investigate the incident and impose sanctions, if warranted.

Gaining Knowledge of Government Regulations:

Blockchain developers and users conducting business with the U.S government as vendors, employees, or contractors may find themselves interacting with classified information. If so, they, like all others, are responsible for compliance with existing rules and regulations which oversee the exchange of sensitive information.

Conclusion: The Blockchain shared ledger system promises an unalterable time-stamped recording of events that is relatively fraud-proof and un-hackable. When considering the use of classified information, it is imperative that classified information be handled properly.

One unanswered question certainly emerges: What happens to an existing Blockchain system if an unauthorized release of classified is somehow added to the shared ledger? One result could be a freezing of the information per government regulations to prevent further use of the unauthorized leak. Another result may well involve a damage assessment conducted by authorized representatives of the government.

To prevent misuse of classified material, Blockchain developers and users will have to be mindful of the risks and consequences of unauthorized leaks.

(The above information was obtained from open-source research of publicly available web sites).

Cryptocurrencies, Blockchain and Fraud, Uncategorized

Synthetic Identity Theft – What Blockchain Users Need to Know

Main Points for Consideration:

  • Traditional Identity Theft schemes steal the identity of a known person to impersonate the victim.
  • Synthetic Identity Theft uses a Social Security Number for form a new, but fake person.
  • Synthetic identities can satisfy known loan underwriting procedures.
  • Synthetic identities create additional risk factors for Blockchain systems.
  • Synthetic identities can be formed before being included into a Blockchain system.
  • Synthetic identities may be used to impersonate known participants.

Advances in Blockchain technology can develop platforms to protect individuals’ identities from theft and also help businesses authenticate participants. But how can Blockchain provide assurances that the identities are valid in the first place? Answers may be found by understanding the threats of Synthetic Identity Theft, and how to mitigate those threats.

In a more traditional identity theft scheme, a perpetrator will steal Personally Identifiable Information (PII) to impersonate the victim. But Identity Theft has evolved into a hybrid form known as Synthetic Identity Theft where a perpetrator is not trying to impersonate the victim. Instead of stealing and impersonating the identity of actual persons, a new persona is invented by the perpetrator. This is accomplished by using a Social Security number to create a completely fictitious personal profile.

Synthetic Identity Theft – How It’s Done

Identity thieves obtain Social Security numbers using familiar techniques like Phishing schemes; forming phony websites to collect PII from victims; using corrupt internal employees who have access to PII; and even buying stolen SSANS obtained from data breaches. The fraudster will add a name, date of birth, and address to create new PII for a fictitious person. The new identity is then used establish records in public databases, credit files, phone and utility records, and social media profiles, etc. Afterwards, the perpetrators can monitor the payment history, credit score and public persona of the fake person. The new accounts established by the fraudster can be immediately used for financial fraud schemes, or, used as sleeper accounts that lay dormant for long periods of time. The dormant accounts can be sold on the black market to other criminals.

Synthetic Identity Theft Schemes – Where Are They Found?

Fictitious synthetic identities are often used to attack internet-based business transactions. As an example, the automobile industry uses internet-based sales for purchasing vehicles without face-to-face interactions with a sales person. Some dealerships have been victimized by perpetrators forming fake identities used to satisfy standard loan underwriting requirements. Financing arrangements were completed with fake personas and vehicles were delivered to other locations where the vehicles were used in other criminal activity.

These schemes have impacted government operations including Veterans’ benefits, Social Security benefits, Medicare and Medicaid programs, Health Care systems, and private medical insurance systems. For example, synthetic identities have been used to obtain health insurance policies from private insurance companies. Also concerning is the potential use of fake synthetic identities by terrorist groups to launder money through established government financial systems and/or cryptocurrencies. The laundered money can fund terrorists for living expenses, safe houses, renting cars, international travel, and purchasing restricted goods.

Fraudulent identity profiles have also been found in the mortgage process, auto insurance claims, staged accident schemes, schemes involving the IRS, Small Business Administration, FEMA, and other government entities. Within the health care industry, the government is encouraging the digitalization of medical records, and these records are based on the PII of patient. This creates more opportunities for the theft of PII.

Anyone’s Social Security number can be stolen, but certain demographic groups are specifically targeted. SSANs of minors are more likely to be stolen because the younger a child is, the longer the fraudulent identity can be used. The SSANs of elderly people, college students, and indigent people are also targeted. The fraudsters have been known to solicit financially destitute people to buy their identity.

Synthetic Identity Fraud is a Worldwide Problem

In 2017, the World Bank released a study concluding that more than 1.1 billion people in the world lack access to vital government services because they are unable to prove their identity. The World Bank Group’s Identification for Development (ID4D) initiative launched a High Level Advisory Council to advance the realization of robust, inclusive and responsible digital identification systems as a sustainable development priority.

The United States Federal Deposit Insurance Corporation (FDIC) recently estimates there are 10 million unbanked or underbanked households in the country. The FDIC defines unbanked as those adults without an account at a bank or other financial institution and are considered to be outside the mainstream for one reason or another. Many people are squeezed out of normal banking systems because of poor credit. Others choose not to participate in government systems to avoid regulation, oversight, and excessive fees.

Why is This a Concern for Blockchain Technology?

The World Bank ID4D recommends efforts to provide reliable digital identities to 1.1 billion people who want to participate in the economy, but lack provable identities. Similarly, unbanked people choosing to use alternative financial instruments, think cryptocurrencies, also desire a safe and reliable system to conduct financial transactions.

Blockchain technology is envisioned as the record keeping system for new digital identities and/or established identities. And it may be safe to assume that the immutable Blockchain distributed ledger can make it more difficult to use a stolen identity. But vexing questions continue to appear: Prior to the adoption of a Blockchain ecosystem, could a criminal or terrorist form a fake Synthetic identity only to be added to the Blockchain ledger? If so, the Blockchain may then become a hiding place for persons intent on doing harm.

Also, once a permissioned Blockchain system is formed with approved participants, could a synthetic identity be formed to impersonate a participant? If so, could a fake participant cause harm to the information being added to the Blockchain?

These possibilities may not be surprising to persons who use ledgers for normal accounting and business purposes. The ledgers can accurately record numbers and information. As accountants and auditors will certainly attest, ledgers can also accurately record falsified information. The ledger system cannot guarantee the integrity of the information before entries are made, and neither can Blockchain. Only people can determine the integrity of other people.

Mitigating Synthetic Identity Theft:

Synthetic Identity Theft schemes can defeat known preventative measures such as credit checks, locking down credit, changing passwords, two-factor authentication because the schemes do not necessarily involve obtaining credit. The fight against Synthetic Identity Theft will be waged by combining known preventative measures with improved Artificial Intelligence (AI) to study behavior, and Biometric verification, such as voice, face, fingerprints, and DNA to verify the identity of actual persons. As such, maintaining a balance between Security and Privacy will always present challenges.

Conclusion: The intention of raising these issues Synthetic Identity theft is not to discredit the Blockchain infrastructure. Instead, and just like any other new technology, it is imperative to understand risk factors as the technology is developed and implemented. Identifying and understanding risk factors should result in strong measures to mitigate the risks. Blockchain developers and end users will certainly need to develop and improve counter-measures to mitigate Synthetic Identity Theft threat vectors.

Cryptocurrencies, Blockchain and Fraud

The Ghosts of Enron May Haunt Blockchain

The spectacular collapse of Enron exposes million of dollars of fictitious revenues.

As predicted by many, Blockchain technology is becoming a disrupter in business enterprise models and governmental applications. The simplicity of a shared ledger among participants that creates a safe, chronological and unalterable record of events is showing signs of success. This, in turn, attracts attention from more and more people searching for technology to improve their business model. The shared ledger of Blockchain is similar to a ledger-based accounting system as found in Generally Accepted Accounting Principles (GAAP). One caveat to consider: The ledger can accurately record numbers, but cannot measure the truthfulness of the transactions or the integrity of the people behind the transactions. It has always been possible, and will always remain possible, that incorrect or fraudulent numbers can be accurately recorded in the journals and ledgers. The information then flows into the financial statements. The success of GAAP accounting therefore depends on the honesty of the participants.

Open vs. Closed Blockchain models

The original 2009 Blockchain model was incorporated into Bitcoin protocol as an open-sourced ledger system where untrusted participants called Nodes evaluate and approve each transaction before being added as a new block to the existing Blockchain. In this model, the Nodes did not have to know or trust each other. Since the Bitcoin ecosystem was open-sourced, any one with access to the internet could obtain the free software and participate in the mining process for Bitcoin. The design makes it impractical, but not impossible, for sufficient numbers of nodes to band together and override the Blockchain ledger. This became known as the 51% attack where over half of the existing Nodes work together to exert control over Blockchain transactions.

Subsequent Blockchain systems using only trusted participants (Nodes) in a closed environment have shown promise in a variety of business and government applications, and have fueled the interest and growth of Blockchain. But how does Blockchain affect the world of fraud?

There is no accounting system, computer software or hardware, that can prevent fraud schemes or prevent determined people to cheat and steal from one another. Accounting systems are designed to standardize record keeping protocols to create reliable records of financial transactions. Corrupt people working together, of course, will find ways to defeat any control system to lie, cheat, and steal. To counter the fraudsters, we rely on GAAP accounting rules, government regulators, and highly trained auditors to enforce the rules to create reliable financial reports.

Blockchain cannot prevent fraud. However it can be argued that a closed Blockchain system where Nodes are chosen may be a valuable ally in preventing and discovering known schemes such as – Business Email Comprise (BEC)schemes, Email Account Compromise (EAC) schemes, employee embezzlements , theft of Intellectual Property, corrupt vendor schemes, bribery and kickback schemes, and a host of others. These schemes may escape the eyes of management or auditors by hiding in blizzards of transactions . But Blockchain may serve as a deterrent since varying Nodes must unanimously approve each transaction before being added as a new block.

A strong argument can be made that having other participants (Nodes) reviewing and approving transactions before being added to the Blockchain may make such schemes more difficult to perpetrate and more likely to be discovered at early stages.

What Happened at Enron?

The investigation of Enron exposed a massive accounting fraud causing the collapse of the seventh largest company on the Fortune 500 company list and the sixth largest energy company in the world. The $100 billion company was a financial house of cards that concealed massive debt from the Board of Directors, internal and external auditors, investors, and regulators. Attempts to compare present-day capabilities (Blockchain) to historic fact patterns (Enron)can be tricky if the past cases are no longer relevant to current conditions. However, it can be demonstrated that fraudulent financial statement abuses are commonplace today. Here are some of the main accounting abuse issues found by SEC regulators in the Enron investigation:

  • Executives fraudulently used Reserves within Enron’s wholesale trading businesses to manufacture and manipulate reported earnings.
  • Executives manipulated Enron’s “business segment reporting” to conceal losses at Enron’s energy business known as Enron Energy Services (EES).
  • Executives manufactured earnings by fraudulently promoting Enron’s broadband unit, Enron Broadband Services (EBS).
  • Executives used Special Purpose Entities (SPEs) and company partnerships to manipulate Enron’s financial results.
  • Executives profited from illegal insider trading techniques to sell large amounts of Enron stock at inflated prices.
  • Executives made False and Misleading statements concerning Enron’s financial results and the performance of its businesses. These misrepresentations were also contained in Enron’s public filings that generated unlawful proceeds of approximately $63 million.

Given the advancements of Blockchain technology, some may argue that frauds like Enron may have been prevented or discovered earlier had Blockchain systems been implemented. A closer look at the above listed SEC findings indicates a strong, collusive collaboration within the top executives at Enron.

Could Collusion among Corrupt Corporate Executives Defeat Blockchain Advantages?

One would have to assume that corporate executives would be aware of the accounting procedures of a company. If executives were instrumental in designing and adapting Blockchain to their business model, could they appoint themselves as Nodes, or use complicit subordinates as Nodes to implant fraudulent information into the Blockchain? We do know that corrupt Enron executives at the highest levels of the company conspired to hide debt, manipulate profits, and falsely inflate stock prices for their selfish benefit. They successfully concealed the fraud from other company officials, internal and external auditors, bankers, and regulators. They worked hard to find the gray areas of GAAP accounting to justify their actions.

Blockchain developers are fearful of the dreaded “51% attack” that could undermine the advantages of Blockchain. The same concern could be raised by the possibility of corrupt collusion between Nodes to bake fraudulent transactions into the Blockchain, or work together to avoid the scrutiny of other participants.

Conclusion: The internal controls in the best designed GAAP accounting system remain vulnerable to collusion between fraudsters, and Blockchain may be no different. The corrupt Enron executives argued at many judicial proceedings that they were within the gray areas of accounting and therefore did not commit the alleged crimes. Fortunately, juries and judges disagreed and stiff prison sentences followed.

The lessons of Enron can provide guideposts to the applications of present-day technology: The success of any system will depend on the integrity of the participants. The numbers do not lie but liars can make the numbers.

The Ghosts of Enron will always remind us that when people are involved, fraud will find a way.