E-lusive

State and local governments are struggling to contain a new, high-tech criminal:

the cyberstalker.

Legislators across the country have enacted new laws

and updated old ones to prevent cyberstalking — the Information Age crime

in which victims are bombarded with threatening electronic messages while

the stalker hides behind the Internet's veil of anonymity.

The new legislation gives law enforcement officials the power to prosecute

high-tech stalkers. But the criminals can be nearly impossible to catch.

"By definition, any crime you have to investigate in cyberspace is going

to be difficult," said Gail Thackeray, technology crimes special counsel

to the Arizona Attorney General's office. Cyberstalkers "don't leave the

familiar kinds of trails — they're much harder to track down."

In a report last August, U.S. Attorney General Janet Reno urged states

to enact and update laws to crack down on cyberstalking, which she defined

as the use of e-mail or any other electronic communication to "repeatedly

harass or threaten another person."

Cyberstalking, Reno warned, is often "a prelude to more serious behavior,

including physical violence." In the most extreme case of cyberstalking,

a New Hampshire man repeatedly threatened his victim via e-mail messages,

bragged on his personal World Wide Web page that he would kill her, then

finally did.

Although there are few statistics on the number of cyberstalking crimes,

many states and municipalities report a surge in stalking in which e-mail

is the weapon of choice. About 20 percent of the 600 cases reviewed by Los

Angeles' Stalking and Threat Assessment Team last year involved e-mail or

other electronic communications, said Los Angeles deputy district attorney

Rhonda Saunders.

In response, 22 states have enacted cyberstalking laws in the past three

years. Another 15 state legislatures have cyberstalking bills pending, according

to the National Conference of State Legislatures.

But passing legislation has proved to be the easy part. A case in California,

the first state with such laws, is a prime example of how difficult it can

be to catch and prosecute cyberstalkers.

Gary Dellapenta, 50, a Los Angeles security guard, pleaded guilty last April

to charges that he attempted to use the Internet to solicit the rape of

a female acquaintance.

Dellapenta admitted that he posed as his victim — a woman who had spurned

him — in sex-themed Internet chat rooms by placing personal ads in the woman's

name. A slew of men answered the lurid ads, and Dellapenta sent them e-mail

messages in reply, claiming that the woman fantasized about being raped.

In the e-mails, he included the woman's name, physical description, address

and telephone number. He concluded the messages with tips on how to bypass

the woman's home security system.

Six men came to the 28-year-old woman's home saying they wanted to rape

her. Dellapenta was ultimately sentenced to six years in a California state

prison. The conviction was a victory for law enforcement, but one that required

an enormous amount of manpower.

Collaborating in Dellapenta's arrest were

the FBI, the Los Angeles District Attorney and Sheriff offices and even

the victim's father, who learned of Dellapenta's identity by responding

to the chat room messages himself.

Many cyberstalkers remain at large, however, because most municipalities

don't have the necessary expertise and manpower.

"Quite simply, most police departments and law enforcement agencies do not

have the capacity to figure out who is committing these crimes," said Robert

Morgester, a California deputy attorney general who specializes in high-technology

crimes. "They don't have the training, and they don't have the tools."

The first obstacle to most law enforcement agencies is a lack of training

in the intricacies of Internet service providers and e-mail accounts. To

guard his identity, a cyberstalker may use numerous ISPs and e-mail providers,

all of which typically refuse to release clients' identities.

Dellapenta had online accounts with three out-of-state companies; investigators

needed search warrants for all three to track down Dellapenta's e-mail provider.

The e-mail account was with a fourth company, in Oregon. Because Oregon

does not have a cyberstalking law, it took investigators weeks to get the

search warrants necessary to prove that Dellapenta had sent the illegal

e-mails.

Until all states pass cyberstalking laws, investigators will spend too

much time getting search warrants while cyberstalkers continue terrorizing

their victims, Thackeray said. "You can't do cyber investigations at Pony

Express speed. It's good that some states are passing legislation to make

things easier, but we need all 50 states to do it."

On top of ISPs' strict privacy policies, investigators also struggle

with a tangle of federal laws that protect the privacy of anyone who communicates

via the Internet.

Three federal laws — the Privacy Protection Act, the Electronic Communications

Privacy Act and the Cable Communication Provider Act — overlap and contradict

one another in protecting Internet users' identities and personal information.

Prosecutors who aren't thoroughly familiar with the laws can unwittingly

violate one or more of those laws and provide cyberstalking suspects with

grounds for a lawsuit alleging invasion of privacy.

"The bottom line is unless you have trained law enforcement that understands how those laws

interrelate, then you run into all sorts of problems," Morgester said. "You

open yourself up to huge liability as well as possible suppression of evidence

in court."

Perhaps the most frustrating aspect of a cyberstalking investigation is

the crime scene: Many of the clues are locked up inside the suspect's computer.

To reveal the suspect's secrets, police need computer forensic experts,

who are in short supply.

"The computer should be the smoking gun," Morgester said. "But there are

a lot of ways to hide information on a computer, and you need a well-trained

person to unlock it."

Despite the obstacles, investigators such as Gail Thackeray are pleased

to have new state laws that provide tougher sentences for cyberstalkers,

who now often end up with little more than a penalty of community service.

In a case that Thackeray investigated last year, she tracked down a Phoenix

man who harassed his ex-girlfriend by posting personal ads in a Phoenix

community Web site. The ads gave the woman's home and work address and claimed

that she was seeking sex partners. In a span of two weeks, more than three

dozen men appeared at her workplace and home expecting sex.

Phoenix police eventually arrested the man. But, because Arizona did

not have a cyberstalking law, prosecutors charged him with a lesser crime:

using the identity of another person. He was sentenced to 10 days in jail.

"I'm counting the days until July 18, when the new law goes into effect — it includes a stiff penalty for cyberstalking," Thackeray said. The law

will make it easier to obtain subpoenas and will "give us the ability to

track these people down much quicker."

And high-tech crime experts say that the number of cyberstalking cases

will rise. With the ease and anonymity of e-mail, Morgester said, electronic

stalking will become a far more common crime.

"Without ever leaving home, someone can do all sorts of terrible things

to a person," he said. "The Internet has just made it a whole lot easier

for individuals to stalk."

— Simpson is a writer based in New Orleans.