Note: This document may not reflect changes made in actual delivery.
Chairman Kyl, Members of the Subcommittee: Thank you for the opportunity to submit my comments for the record on the issue of encryption technology and its use by the organized international criminal groups engaged in drug trafficking and other crimes. Before that discussion, it is important to discuss several lessons we have learned over the past several years in international criminal groups -- lessons which are shaping our current approach to drug law enforcement at home and overseas.
I would like to provide you and the Members of the Subcommittee with a picture of how today’s international organized crime syndicates operate and how they use sophisticated command and control to run drug trafficking organizations within the United States to distribute the poison the bring into our country. I would like to set the stage with the evolution of drug traffickers use of technological advances in the past and how we see them using technology now.
Powerful international drug syndicates operate around the world, supplying drugs to American communities, employing thousands of individuals to transport and distribute drugs. The most significant international drug syndicates operating today are far more powerful and violent than any organized criminal groups that we have experienced in American law enforcement. Frequently, these trafficking groups are referred to as "cartels" or "federations" -- titles that make these organizations sound like businessmen but that do not capture the true nature of their criminal activities.
Today’s major international organized crime drug syndicates are simply the 1990's versions of traditional organized crime mobsters U.S. law enforcement officials have fought since the beginning of this century.
Traditional organized crime leaders operating in places like New York, Chicago or Las Vegas called their business shots on American soil; major traffickers from Colombia and Mexico make decisions from the safety of their headquarters in Cali or Guadalajara. After several decades, law enforcement officers in the U.S. were eventually able to identify, target, arrest, and prosecute mob bosses. Experience has demonstrated that the most effective strategy against organized crime is to target, arrest, and prosecute the leadership of the organized crime syndicates.
Today, however, there are several key differences between these groups and their one-time domestic counterparts. Members of international groups headquartered in Colombia and Mexico have at their disposal sophisticated technology -- encrypted phones, faxes, and other communications equipment. Additionally, they have in their arsenal aircraft, radars, weapons and an army of workers who oversee the drug business from its raw beginnings in South American jungles to the urban areas within the United States. All of this modern technology and these vast resources enable the leaders of international criminal groups to build organizations which reach into the heartland of America, while they themselves remain beyond the reach of American justice.
During the time the Colombian National Police were engaged in their campaign to bring down the Medellin Crime Syndicate, a group of young criminals in Cali, Colombia, led by Miguel Rodriguez Orejuela, his brother Gilberto, and Jose Santacruz-Londono were building what was to become the most prolific and successful criminal enterprise in history. Orejuela created an enormous monolithic organization that orchestrated the manufacture of hundreds of tons of cocaine in Colombia, which were moved through the Caribbean and later Mexico, to U.S. markets. However, they were far wealthier, far more dangerous, far more influential, and had a much more devastating impact on the day-to-day lives of the citizens of our country than either their domestic predecessors or the crime families from Medellin.
The Cali bosses were pioneers in using technology to further their goals. They were sophisticated, high tech and proficient in the use of cell phones, pagers, faxes and other conveniences. The cell structure of the monolithic Cali mafia necessitated a complex system of communications to enable the organization’s leaders to know in a moment where every kilo of cocaine was located, how much profit was being made, and where and when deliveries would take place. By using cell phones and pagers, the Cali leaders communicated with different segments of the organization, and provided only pieces of information to each segment, reducing the vulnerability of individuals and the entire organization.
Colombian traffickers gained notoriety through their acts of brazenness, violence, and intimidation, which served to intensify law enforcement attention and presence in the Caribbean, into Florida and along the Eastern seaboard. This forced the Colombians to turn to the less sophisticated and structured Mexican marijuana traffickers to move their products to growing American drug markets through Mexico and across the U.S. border. These Mexican groups have come to dominate the cocaine trade into the United States and their ascension to power has garnered them enormous wealth and a demonstrative expansion in their spheres of influence. The organized criminal groups from Mexico now control virtually all cocaine sold in the Western half of the United States and, for the first time, we are seeing a concerted effort on their part to expand into the lucrative East Coast market.
As complex as these communications arrangements of these criminal groups were, U.S. law enforcement agencies have been able to exploit their communications by using court approved telephone intercepts. With the top leadership of these organizations in hiding beyond the reach of U.S. law enforcement, we directed our resources at their organizational structure, and their transportation and distribution elements in the United States.
Technology has advanced rapidly and the traffickers have more than kept up. As long as there is technology, the world’s most powerful drug traffickers find ways to conduct their business, even from jails. Recently the Colombian National Police (CNP) learned that Miguel and Gilberto Rodriguez Orejuela were conducting business over cell phones, the Internet and faxes from their prison cells. The CNP raided offices of private telecommunications switching centers in Bogota which allowed the jailed leaders to dial local numbers and have a clerk patch their calls to anywhere in the world.
The international drug trafficking syndicates cannot operate effectively without an infrastructure in the United States composed of high level managers, transporters, accountants, communications experts, storage experts and enforcers. The Colombian traffickers, and to a large extent, the traffickers from Mexico who are currently dominating the international drug traffic, establish bases of operations in major U.S. cities, and rely on an intricate network of cells, similar to international terrorist organizations in the way they are insulated from each other. Cell managers maintain close communication with organized crime figures in Colombia and Mexico, and are in some sense, the "foreign service" of these drug organizations, representing the syndicate’s interests abroad.
These managers use an effective communications system to coordinate daily operations and ensure that U.S. representatives are given the most recent information on loads, prices, storage locations and contacts in order to conduct the complex business of drug trafficking. A cell director typically reports directly to the organization head in Colombia or Mexico. Depending on the particular trafficker, his location, and how the organization is structured, the cell director oversees a portion of the operations in the United States. He may direct specific functions including accounting, financial movement, storage of the product, transportation and other logistical matters requiring high level attention and discretion.
During the 1980's, for example, 80 percent of the cocaine entering New York was controlled by Cali drug lord Jose Santacruz-Londono. Investigations revealed tightly-controlled cells that oversaw the distribution of cocaine throughout the state. Orders were issued from Cali via sophisticated state-of-the-art communication systems -- but not yet encrypted communications. Orders rapidly went from the leadership in Cali---to cell heads in Queens---to street distribution in Utica.
Surrogates who controlled operations throughout the Eastern seaboard engaged in complicated efforts to avoid having their telephone communications vulnerable to legal wiretaps. These criminal surrogates within the U.S. bought cell phones in lots of 10-20, which were used for a few weeks or even days and then quickly discarded and replaced in order to evade wiretaps by moving from phone to phone more quickly than law enforcement could keep up. Pagers were used to communicate locations and codes, not phone numbers, which could be incriminating. Pay phones were frequently used instead of their private line phones which were likely to be tapped. The sight of a drug trafficker stuffing rolls of quarters into pay phones during long distance calls to Colombia was common. Sophisticated codeword systems were developed to communicate times and locations for drug deliveries and money pickups, as well as key telephone numbers which could be used for incoming calls. We were able to exploit all these communications to some degree by using court approved wiretap intercepts.
When DEA raided a New York location in 1991 and shut down an operations cell of the Herrera organization, we obtained a lot of information which at the time was state of the art. Computerized records of transactions and personnel were seized, indicating to us that the drug lords in Cali were becoming more dependent upon computer systems to maintain records. When the headquarters of Jose Santacruz-Londono was raided a few years ago, we seized a large number of computer systems which contained over 300 pieces of software. From this seizure, we were then able to identify previously unknown elements of the Cali mafia infrastructure and were able to get a look at the inner workings of the most sophisticated criminal syndicate in history. This type of investigative information, in addition to information gleaned from wiretap intercepts, is needed to continue fight the spread of international drug organizations into the United States. Encryption technology threatens to remove this kind of information from our reach.
Today’s international drug trafficking organizations are the wealthiest, most powerful, and most ruthless organized crime organizations we have ever faced. We know from our investigations that they utilize their virtually unlimited wealth to purchase the most sophisticated electronic equipment available on the market to facilitate their illegal activities. We have begun to see that this includes even state-of-the-art communications devices with encryption capabilities. Encryption technology reduces a voice or data communication to a string of digits, then multiplies that number by a second number, the encryption key. The message is then transmitted digitally. Decrypting the message at the other end requires using the key to get back the original string of digits, which is then re-converted into the plain text message.
We have seen these criminals not only purchase, but actually use this encryption equipment as part of their command and control process in international trafficking of drugs -- encrypting key orders to the leaders of transportation and distribution cells regarding the movement of thousands of tons of cocaine from Colombia and Mexico into the United States. It would be foolish to think that they would not use this advanced technology to the fullest, taking advantage of any products with high level encryption capabilities which become available on the market, to insulate their heinous actions from American justice.
DEA’s ZORRO II investigation showed conclusively that the criminals at the highest levels of the international criminal syndicates use encrypted communications in order to control their organizations, including their henchmen, in the United States. This investigation was the first time that DEA encountered encrypted telephone conversations. The investigations revealed that encryption was used in communications between high-level members of these criminal organizations, and dealt with the movements of smuggled cocaine and the illicit cash profits of the trafficking.
As part of the inter-agency Southwest Border Initiative, on May 2, 1996, Federal, state and local law enforcement agencies successfully completed this unique operation, dubbed ZORRO II, which targeted a cocaine smuggling and distribution network comprised of traffickers from Mexico operating within the United States and having ties to Colombian traffickers. Using over 90 court-authorized wiretaps, law enforcement personnel were able to make 156 arrests in Los Angeles, Chicago, El Paso, Houston and other cities, seize 5,600 kilograms of cocaine, and over a thousand pounds of marijuana. Operatives of organized criminal groups in Mexico smuggled cocaine over the U.S./Mexican border to storage facilities in the LA area, for eventual distribution to Miami, Chicago, Philadelphia, New York, Newark and Richmond, Virginia. Zorro II involved over 40 state and local law enforcement agencies, the DEA, the FBI, the DOJ Criminal Division, 10 U.S. Attorney’s Offices and seven other Federal agencies.
This case was extremely significant because it simultaneously dismantled both the organization that owned the cocaine, as well as a second organization that ran the transportation system. The investigation revealed that encryption was limited to the upper levels of management communications. Zorro II would not have been the success it was if the traffickers had wider access to encrypted communications technology or had used more sophisticated technology..
The Zorro II investigation, which began in September 1995, relied upon Title III interception of cellular telephone communications used by Colombian and Mexican traffickers in sixteen U.S. cities. As part of this investigation, the Los Angeles HIDTA task force encountered level one encryption of communications over telephones used by Mexican transporter Arturo Felix-Felix. The encrypted communications were primarily between Felix-Felix (the transportation cell head), his Los Angeles-based lieutenant "Jorge" (last name unknown) and his Mexicali, Mexico-based lieutenant "Cecilio" (last name unknown). At the end of the investigation, seizure of the telephones revealed that they were equipped with an add-on encryption device purchased from A-Tel Communications, a cellular telephone reseller in the Los Angeles, California area. Since the communications were at the relatively low, level one encryption level, the Technical Unit in DEA’s Los Angeles Division was able to hand-build a crude de-coding device which worked well enough to allow investigators to decipher the conversations between Felix-Felix and his U.S. and Mexico-based managers, resulting in significant seizures of cocaine and money.
As the investigation continued, and DEA seized significant amounts of cocaine and cash from the transportation groups, the organization responded by increasing the level of encryption technology used in their communications from level one to level two. A second transportation organization, managed by a Mexican national named Rafael Alapizco, used NEC cellular telephones equipped with an internal chip capable of level two encryption. This equipment enabled Alapizco to communicate with his Mexican-based managers in the organization by encrypting selected communications. This equipment was also purchased from A-Tel Communications. The higher, level two encryption encountered in these communications meant that it was impossible to descramble them. Because we were not able to gain access to the content of these vital command and control communications, we were not able to use the communications in investigations leading to seizures of drugs or money, in contrast to the Felix-Felix investigation.
DEA is working with a number of other Federal law enforcement entities--the FBI, the U.S. Attorneys’ offices, the Criminal Division at the Department of Justice, the U.S. Customs Service, the Border Patrol--and a host of state and local law enforcement organizations to respond to the significant problems posed by organized crime groups from Mexico. In order to effectively meet the challenges presented by sophisticated drug trafficking organizations, it is necessary for us to attack the command and control mechanisms of these organizations. We must maintain this ability as communications technology changes.
Most recently, Operation Reciprocity and Operation Limelight demonstrated how important is DEA’s ability to target successfully the upper echelon of international criminal organizations. In these two operations, DEA, with the cooperation of other Federal and state law enforcement agencies, targeted cocaine distribution cells commanded by the Amado Carrillo-Fuentes organization. The investigation resulted in the arrest of 42 individuals in 10 U.S. cities. Until his death in July, Fuentes was the most powerful drug dealer in Mexico. The organizations that were taken apart in these two operations show that the traffickers from Mexico are expanding their reach across the United States, and as far as New York City.
These organized syndicates whose leadership is based in Mexico have dumped tons of cocaine on New York City and they are moving closer to eclipsing the Colombians and controlling the U.S. drug market. We in law enforcement can strike major blows against these groups, such as Operation Limelight and Operation Reciprocity, only because we maintain the technological ability to target their command and control communications.
We started Operation Reciprocity, nearly a year ago, in October 1996, by identifying the command elements of the Amado Carrillo-Fuentes organization dealing drugs in New York and Los Angeles. Working through a multi-agency investigative approach, we identified how the traffickers transported cocaine across the country in tractor trailer loads, and returned the illicit profits in the form of bulk cash, using drivers hired largely from the Grand Rapids, Michigan area.
Operation Limelight began in August 1996, in Imperial County, California, focused on the Alberto Beltran transportation and distribution cell of the Amado Carrillo-Fuentes organization. By targeting the command and control communications systems of this group, we identified how they smuggled drugs across the country by tractor trailer truck through California, Texas, Pennsylvania, Illinois, and New York. The encrypted communications encountered by investigators in New York, Illinois, and California began at level one and moved to level two following the first seizures of cocaine and money. As with Operation ZORRO II, level two encryption was impossible to decrypt. From the level one communications, we found that the calls were orders for distribution of cocaine and cash pick-ups in New York and Chicago. The calls were placed between United States-based cell heads for the Amado Carrillo-Fuentes organization, Gerardo Gonzales, Leonel Valencia Mendoza, Amador Tapia, and Rebecca Ramos, and their Mexico-based managers. There were also calls from encrypted cellular phones roaming the country to the command and control number in Chicago. As with the Zorro II investigation, when the equipment was seized (by DEA Task Force Group-22 in New York) it turned out to be from a U.S. source -- a Motorola encrypted cellular telephone using a scrambler circuit with a MicroTAC chip, available on the open market for $10,000.
In all, DEA Divisions have had some 8 separate investigations in the recent past in which we encountered the use of encrypted communications: in the Houston, Los Angeles, San Diego, New York, and Chicago divisions. Several of these investigations were part of larger Operations, such as ZORRO II or Limelight. Current information shows that the highest levels of Mexican trafficking organizations are now more frequently using encrypted communications to issue orders to their transportation elements smuggling drugs into the United States and to their distribution elements inside the country. These traffickers are able, when using encryption, to pass orders on movements, places and times of delivery, and mode of transportation of thousands of tons of cocaine and methamphetamine, with a more than reasonable certainty that U.S. law enforcement will not be able to intercept their communications. In all of these operations, had these distribution groups more widely used encrypted communications, to which we did not have access to the keys, we could not have been nearly so successful in taking apart their operations.
As encryption technology becomes more widespread among international drug traffickers, we will face a number of difficulties, which may threaten our ability to combat these organizations, and undermine the ability of all law enforcement agencies to deal effectively with the problem. These problems are tactical, strategic, and inter-agency.
The first problem is tactical, and potentially threatens the lives of U.S. citizens. These international criminals have shown they are extremely violent, and willing to use violence when and where it suits them to carry out their lethal trade. Violence along the Southwest Border has escalated. Unfortunately, the violence that is attendant to the drug trade in Mexico is spilling over the border into U.S. towns, like San Diego, California and Eagle Pass, Texas.
If these criminal drug gangs have unfettered access to encrypted communications, which we in law enforcement cannot penetrate, then they will be able to do more than issue orders for transporting drugs which we cannot foil. They will be able to issue with impunity "death warrants" for U.S. law enforcement officers, for witnesses, or for innocent civilians. They will be able to continue their reign of drug terror in the United States -- a very immediate, bloody threat to the national security in addition to the threat from the drugs they sell.
The second problem is strategic. DEA’s focus is on the communications of command and control functions of international drug trafficking organizations. We rely on the intelligence gathered from Title III intercepts of their communications to build a picture of the organizations, identify the individual members, and obtain evidence enabling us to make arrests and take apart whole sections of the criminal organizations at a time -- as we did in Operations Limelight and Reciprocity. These investigations have clearly demonstrated the value of this approach. To the extent that the communications of these groups are placed beyond our reach by encrypted communications to which we cannot gain legal access to the keys, we will be severely hindered in our ability to make cases against the leadership and U.S.-based infrastructure of these powerful organizations which control the drug trade in our hemisphere.
Finally, there is a larger, interagency problem for the whole range of agencies in the Federal government which are employed in stemming the tide of drugs into the United States. DEA will not be able to intercept these encrypted communications in real time, if at all, meaning that we cannot obtain the tactical-level intelligence needed to provide the interdiction elements of the U.S. Customs Service and the U.S. Coast Guard with the information they need. Without this intelligence, which the interdiction elements have stated is vital for their operations, they cannot move as efficiently to interdict drugs before they come into the United States.
The potential spread of encryption technology into the drug trade is real. Money is no object for these criminals. Their profits, estimated in the tens of billions of U.S. dollars, allows them to buy on the open market whatever they need. We are witnessing beginnings of what may become widespread use of encryption technology in the trafficking arena.
Sophisticated targets require sophisticated investigations. Drug networks, controlled by sophisticated organized crime leaders headquartered in Colombia, Mexico, and in many other countries, have sophisticated technology and modern equipment at their disposal. I have already painted a picture of the level of technological sophistication at which the traffickers operate. Now I would like to spend a few moments on an public issue which threatens to make the job of law enforcement much more difficult in the months and years ahead. FBI Director Freeh has been very articulate and effective in identifying the challenges to law enforcement posed by rapidly changing technology. He has brought to the attention of the Congress and the American people the need to balance privacy issues against emerging law enforcement needs as technology is being developed and marketed.
In order to penetrate these international organizations, and gather information to make solid cases against their leadership, Federal law enforcement must be able to compete on a level playing field. Effective investigations, such as Zorro II, are expensive and labor-intensive. The Zorro case, which took three years from beginning to end, depended in large part on wiretaps. This investigation was extremely complex, with an estimated cost of $13 million. Over 103,000 hours were devoted by DEA Special Agents, and another 10,300 by Intelligence Analysts. These costs and manpower estimates do not take into account contributions made by state and local agencies. It is already tough enough to target organized crime, Congress must not allow it to be made even tougher by placing law enforcement at a technological disadvantage by giving criminals free access to communications technology that cannot be penetrated by law enforcement agencies.
It would be a historic mistake to allow encryption technology to become readily available, without any attempt to check its potential spread to international criminals. The drug traffickers operating on a global scale today have at their disposal technology, transportation capabilities and communications equipment which are the envy of many U.S. corporations. Law enforcement capabilities must match the capabilities of major traffickers. However, with rapid changes in technology, such as digital communications systems, and encrypted equipment, and with only modest assistance from U.S. manufacturers, law enforcement is facing a difficult situation which, unless quickly addressed, will even more seriously impede our ability to do business in just a few, short years.
The Congress is now considering legislation to ease restrictions on the sale of encrypted technology overseas. This legislation (HR 695) contains a provision to ban a key recovery system which would allow access for law enforcement to encrypted communications during criminal investigations. We support key recovery, where access would be granted only through a court order. We do not believe key recovery for law enforcement would represent additional authority to pry into the private lives of law abiding citizens. Key recovery would only make it technologically possible for law enforcement to retain the same ability it has now to monitor the communications of criminals, by showing probable cause and obtaining approval of the courts. Such a system would not allow criminals to hide their activities behind technology which is developing too fast for the legal system to keep pace.
Our primary concern with the pending encryption legislation is domestic, but the legislation has international aspects as well. We would support legislation that would restrict the level of encryption technology that can be exported, and would not encourage export of technology at more than the presently approved levels in accord with Executive Order 13026. No matter what is done with export of encryption technology, however, we must ensure that a viable, key recovery system is in place in the United States, to allow law enforcement court-ordered access to the plain text of encrypted communications and data in the course of counter narcotics investigations.
As shown in our investigations, such as Zorro II and Limelight, the international traffickers have purchased encryption technology on the U.S. market. We believe these criminals are likely to continue to use U.S. technology because it is readily available, just as they now use telephones to control their organizations, because they are so universally available. We were not able to penetrate the encrypted communications encountered in Zorro II, because there were technical and legal problems with getting them decrypted, and we did not have access to the decryption keys.
Finally, there needs to be a firm enforcement mechanism in place to criminalize both the improper use of key recovery information [to protect the privacy of law abiding citizens], and the use of encryption to facilitate a criminal act. Such legislation would enable the DEA, in cooperation with other Federal agencies and our state and local partners, to continue to combat international drug trafficking organizations. If we cannot reach the heads of the organizations directly, we can at least do everything we can to cripple their reach into the United States.
Thank you for the opportunity to present my comments on encryption. I will be happy to answer any questions you may have.