Forensics Journal Stevenson University 2014

FORENSICS JOURNAL
Welcome to the fifth annual Stevenson University Forensics Journal. This year, our authors cover a wider range
of topics than ever before. New areas of exploration include immigration marriage fraud, construction fraud,
arson investigation, and fraud predictors in non-profit organizations. As a result, articles extend beyond our
usual focus areas of accounting, information technology and law.
In the Masters in Forensic Studies program, students are encouraged to consider their own careers and
education and to bring those experiences into their choices for research topics. Our students vary widely
in their skills, expertise, location, age and interest areas, allowing us to harness those differences into the
dynamic and rich group of articles presented this year.
Each edition of the Journal is meant to bring the field of Forensic Studies to the public in a way that is
understandable and relevant to the reader. It is my hope that you agree we have done so in this fifth edition
and that you enjoy the diversity of its content.
Carolyn Hess Johnson, Esquire

Editor and Publisher
STEVENSON UNIVERSITY
FORENSICS JOURNAL
TABLE OF CONTENTS
1
4
8
14
20
26
31
37
43
49
INTRODUCTION
CAROLYN JOHNSON
INTERVIEW WITH SCOTT DECKER, PH.D

STEPHANIE WITT
PRINT TECHNOLOGY AND

FORENSICS
AMIRA EDEN
THE METHODS TO PREVENT AND DETECT
FRAUD IN THE SUPPLEMENTAL NUTRITION
ASSISTANCE PROGRAM
VALERIE ROEBUCK
53
U.S. CITIZENSHIP AND IMMIGRATION

SERVICES: INVESTIGATING AND PREVENTING
IMMIGRATION MARRIAGE FRAUD
SARA E. TORRES
59
HOW FORENSIC SCIENCE HAS INFLUENCED

WILDLIFE INVESTIGATIONS
MEGAN ANSBERRY
64
WHAT ARE THE BEST PRACTICES FOR

PREVENTING, IDENTIFYING AND INVESTIGATING ARSON BY FIREFIGHTERS?
CHRISTOPHER ALLEN
IS FAIR VALUE ACCOUNTING

A FRAUD RISK?
COURTNEY MOORE
DEMOLISHING CONSTRUCTION FRAUD
KRISTI OCONNOR
SOCIAL MEDIA PUBLIC OUTREACH:

IS THE PUBLIC PLAYING A ROLE IN
THE CRIMINAL JUSTICE PROCESS?
ERIC SHIFFLET
THE WAR ON TERROR: HABEAS
CORPUS, INDEFINITE DETENTION,
AND EVIDENTIARY MATTERS
JAMES SEVISON
WILL THE FUTURE OF DIGITAL FORENSICS
AND LAW ENFORCEMENT INVESTIGATION
STRATEGIES NEED TO ADAPT TO
MALICIOUS HARDWARE DEVICES?
WESTCOTT HYDE
FRAUD PREDICTORS AND NON-PROFIT
ORGANIZATIONS
RENITA DANDRIDGE - SHOATS
Interview with Scott Decker

Stephanie Witt
the company that I worked for was to research new procedures for
marketing infectious disease diagnostics using DNA, which was at
this time in its infancy. At this point, the patent for PCR was being
held by a corporation named Cetus, and was not available for use. I
spent several years researching alternative methods to PCR, but nothing proved more successful than PCR which was eventually licensed
for use. PCR has revolutionized the field of Biotechnology.
SCOTT DECKER, BIOGRAPHY

Dr. Scott Decker received his Ph.D. in Human
Genetics from the University of Michigan
in 1982 where his studies focused on serum
proteins.. He then became a Post-Doctoral
Fellow at Harvard Medical School in the
Department of Biological Chemistry where he
studied DNA replication mechanisms. Following his time at Harvard Medical, he joined a small biotechnology
startup company in Boston. In 1990, he applied to the FBI and after
graduating from the academy, he became a special agent. His first
appointment with the FBI was investigating bank and armored car
robberies in Boston from 1990-1997. He was then transferred to the
Hazardous Materials Response Unit (HAZMAT) where he stayed
until 2001. He worked as a Special Agent and Supervisory Special
Agent on the Amerithrax investigation from 2001-2007. Currently,
Dr. Decker works at American International Biotechnology, LLC
as the Director of Security. Dr. Decker is currently writing a book
detailing the Anthrax case titled: Attribution: Inside the FBIs Anthrax
Investigation--An Evolution of Forensics.
WHAT IS THE RESPONSIBILITY OF THE HAZARDOUS

MATERIALS RESPONSE UNIT (HAZMAT)?
The Hazardous Materials Response Unit included Special Agents with
backgrounds in science including, Biology, Chemistry, and Medicine. The goal was to prepare for an event of the use of weapons of
mass destruction against the United States. We were responsible for
developing methods for processing crime scenes that were associated
with methods of mass destruction. These would include Radiological, Chemical, and Biological warfare. We also responded to crime
scenes around the country, because at the time there were very few
agents trained in Hazardous Materials evidence collection. One case
I worked on was in Texas where several individuals were trying to
weaponize Rabies, HIV, and Botulism.
WHAT ARE YOUR CURRENT RESPONSIBILITIES AT

AIBIOTECH?
HOW DID THE FBI HAZARDOUS MATERIALS RESPONSE

UNIT DIFFER FROM THEIR COUNTERPART, THE FBI BOMB
DATA CENTER?
I currently act as Director of Security at AIBioTech. I oversee a range

of security programs for our company. I ensure that we adhere to
The Health Insurance Portability and Accountability Act of 1996
(HIPAA) to protect our patients who seek our services We also
maintain a Bio-Safety Level 3 Laboratory which means that we are a
containment laboratory certified to work with dangerous pathogens,
including Bacillus anthracis. In order to obtain this safety level, we
must adhere to the safety guidelines and protocol set forth by the
Center of Disease Control (CDC). I also oversee restricted access of
employees and personnel, closed circuit TV to monitor work, negative
and positive air pressure for ventilation and other security measures
necessary to protect the sensitive materials and information that our
organization is responsible for.
The FBI Bomb Data Center was responsible for investigating crimes
involving bombs and explosives. However we did work closely
with them on cases involving what are known as dirty bombs or
bombs that combine radioactive or biological materials with conventional explosives. A bomb expert would be needed to determine
if the device was explosive but a hazardous materials expert would
be needed to examine potential radioactive or biological materials.
On occasion, someone who is responsible for producing destruction
devices such as bombs and explosives, is also experimenting with
weaponizing other materials such as botulism, radiation, and other
chemical hazards. Today the Bomb Data Center of the late 1990s has
evolved into the FBIs Hazardous Devices Operations Section.
COULD YOU EXPLAIN SOME OF THE ADVANCEMENTS IN

DNA THAT YOU WERE INVOLVED IN DURING THE EARLY
YEARS OF YOUR CAREER?
DURING YOUR TIME WITH THE FBI HAZARDOUS MATERIALS RESPONSE UNIT, YOU WERE RESPONSIBLE FOR
RESPONDING TO THE SEPTEMBER 11, 2001 ATTACKS.
COULD YOU GIVE SOME BACKGROUND ON YOUR
RESPONSIBILITIES?
During the mid-80s, biotechnology companies were just starting to appear and take off. These were the early days of polymerase
chain reaction (PCR). PCR is a method for replicating DNA which
involves a series of heating and cooling cycles necessary to denature,
anneal, and elongate the original DNA strand to produce replicated
copies of the strand. At this time the PCR procedures were completed exclusively by hand and would require manually alternating the
tubes from ice to heat. Heat stable polymerase was being developed
at this time which allowed this process to be automated. The goal of
Following the 9/11 attacks we set up a command post at ground zero,

the site where the trade center collapsed. There were several reasons
that the services of the FBI Hazardous Materials Response Unit were
needed. Since there were several unstable buildings, engineers were
stationed at the site to monitor the remaining buildings in the area.
FORENSICS JOURNAL
Lasers were setup to measure the movement of these buildings. If a

building moved out of specification, the buildings were evacuated.
HAZMAT teams were also present to address the hazards related to
confined spaces. We were responsible for evidence recovery associated with hazardous materials which included jet fuel, smoke, burned
materials, and possible toxic fumes. Another reason we were stationed
there was in the event of a second attack, which could possibly have
been biological or chemical in nature. I was stationed there for 2-3
weeks following the attacks.
Terrorism is an act of violence or disruption to change government

action. It is important to characterize certain crimes as acts of terrorism because these types of crimes are the number one priority for FBI
resources. With crimes characterized as acts of terrorism, no potential
leads go uninvestigated. In addition, the charges for an act of terrorism may carry the death penalty. In the case of international terrorism, this characterization is very important because it invokes the use
of the United States Foreign Intelligence Surveillance Court (FISA
Court) instead of the United States criminal court.
AS A SPECIAL AGENT AND SUPERVISORY SPECIAL AGENT,

YOU WORKED WITH ANTHRAX. WHAT EXACTLY IS
ANTHRAX AND HOW IT CAN BE CONTRACTED?
GETTING BACK TO THE ANTHRAX ATTACKS, WHAT WERE

THE INITIAL STEPS TAKEN TO ANALYZE THE SUSPECTED
ANTHRAX?
Anthrax is the disease caused by the bacteria; Bacillus anthracis. When

an individual is infected by the bacteria, they are said to have contracted Anthrax. Anthrax can be contracted by either inhalational,
cutaneous, or gasteointestional means. Cutaneous Anthrax is the most
common but is the least lethal whereas, inhalational Anthrax is almost
always 100% lethal unless treated immediately but is much less seen.
The remedy for inhalational Anthrax is high levels of intravenous antibiotics administered immediately. In 2001 there were 5 fatalities, but
there also were several survivors who were put on antibiotics.
The first step was to determine the strain of Anthrax bacteria that was
being used in the attacks. At the time, there were close to one hundred known strains of the Anthrax bacteria. Only two laboratories in
the country had the ability to identify the strain of the Anthrax and
because the procedure used was very new at the time, it was important that both laboratories conducted the analysis.
Within 24 hours, both of the laboratories conducting the analysis
confirmed that the Anthrax used in the attacks was of the Ames
strain. The Ames strain was named for the location for where the
original strain was believed to be isolated (Ames, Iowa). While it was
later discovered the Ames strain actually originated from Texas, the
name continued to be used.
REGARDING THE ANTHRAX ATTACKS IN 2001, HOW DID

THE SITUATION EVOLVE?
The Anthrax attacks occurred several weeks following the attacks that
occurred on September 11, 2001. At this time, letters were mailed
through the U.S. Postal Services which contained various threatening
letters accompanied by powdered Anthrax spores. At least three of
these letters were mailed to news agencies, while two of them were
addressed to United States Senators. Over the course of the Anthrax
attacks, 22 people contracted inhalational Anthrax, which resulted in
5 fatalities.
Determining the strain was a very important step because early in the
investigation, there was no threatening letter to suggest an intentional
act. If the strain of the Anthrax was found to be one that was regularly used in research, this would have suggested that the attacks could
be intentional. If the strain of the Anthrax was one not seen before, it
could suggest a natural infection.
The Ames strain was a well-known strain of Anthrax that was used in
research and was a strain typically used to test vaccine development.
With the knowledge that the strain was used in research and that the
victim was from a location where a natural occurrence was unlikely,
investigators were considerably sure they were dealing with an act of
biological terrorism.
The first victim, located in southern Florida, was admitted to the

hospital after suffering an illness with symptoms of vomiting and
shortness of breath. On Oct. 4, 2011, the Center for Disease Control (CDC) confirmed that the victim had contracted inhalational
Anthrax. There was initial skepticism because inhalational Anthrax
had not been seen in the US since 1976. A natural occurrence of
inhalation Anthrax could be seen in arid areas where cattle ranches are
in abundance because Anthrax can come from exposure to farm animals that had ingested the spores through grazing. Since the victim
was located in Southern Florida, a natural occurrence was unlikely.
When the second victim, also located in Florida appeared, it was
relatively clear that this was an act of terrorism.
ONCE THE STRAIN OF THE ANTHRAX WAS DETERMINED,

WHAT FURTHER ANALYSES WERE CONDUCTED?
Almost immediately following the determination of the strain of
Anthrax used in the case, the FBI sent out subpoenas to identify every
laboratory in the country that had Anthrax in their possession. In
1996, Congress mandated that the shipping of select agents (Anthrax
being one of them) had to be regulated and approved by the CDC.
YOU MENTION THAT THIS WAS AN ACT OF TERRORISM.

HOW IS AN ACT OF TERRORISM DEFINED AND HOW
DOES IT DETERMINE THE COURSE OF ACTION IN A CASE?
5
Due to this mandate, the FBI was able to access the database that
held every transfer of Anthrax across the country to determine which
laboratories had access to the Anthrax strain in question. From this
database, a list of institutions with Anthrax in their possession was
generated. This reduced the potential laboratory sources to 16 located
in the United States and 4 located internationally that possessed the
Ames strain of Anthrax. Obtaining the samples from laboratories
located within the United States was relatively easy since we were
able to use the court system to subpoena the laboratories. However
obtaining the samples from laboratories overseas was a more arduous
task. We could not use the legal system and had to rely on diplomatic
means, which took much longer. We eventually were able to collect
samples from Canada, United Kingdom, and Sweden.
Senator Leahy with identical handwriting, return address, and postage

as the letter sent to Senator Daschle. This unopened letter contained
nearly 1 gram of Anthrax powder which allowed us the freedom to
conduct testing that previously was not available because of the small
samples we recovered from the opened letters. It opened the door for
Carbon-14 dating, which was very helpful in determining the age of
the Anthrax spores.
In this case, two laboratories were able to conduct Carbon-14 dating and they both came to the same conclusion: the Anthrax spores
were modern and dated from 1998-2001. This was especially important because the government had forbidden the use of Anthrax as a
weapon in 1969, at which point, there were hundreds of pounds of
classified dried Anthrax powder in the countrys arsenal. The Carbon
dating analysis showed that the samples used in this attack did not
come from the government supply.
Once we obtained these Ames samples, we compared them against

the Ames that was found in the mailed letters. We used DNA fingerprinting to identify a unique genetic signature in the mailed spores.
From this information, we were able to determine that the attack
Ames originated from the United States Army Medical Research
Institute of Infectious Diseases located in Frederick, Maryland
(USAMRIID).
HOW DID THE CASE RESOLVE?

The samples were all shown to have originated from USAMRIID and
were traced back to one scientist located there who was an Anthrax
vaccine expert. Nine of the samples came from one flask which
originally contained 1000 ml of Ames strain spores. The scientist
named Bruce Ivins had contracted production of the spores for use in
vaccine challenge studies, for which he was responsible in his duties
at USAMRIID. The samples from the flask matched genetically with
the samples taken from the mailed letters. At this time, an investigation ensued which included investigating his emails, computers,
purchase history which showed some very incriminating evidence.
Once it became clear that he was close to being indicted on terrorism
charges that might include the death sentence, he committed suicide
in July 2008.
WHAT WOULD YOU SAY WAS THE BIGGEST BREAKTHROUGH IN THE CASE?
There were two important breakthroughs during this case. First and
foremost, the genetics used in this case was groundbreaking. Using
newly available procedures in the field of microbiology, we were
able to find unique mutations in ten of the 1000 plus samples we
had collected. We were able to match the unique mutations in the
samples collected from the letters with the samples in our collections
of known exemplars of Anthrax. All ten matches came from the same
location. This was the first breakthrough, which determined that the
Anthrax came from USAMRIID.
IN THE TERMS OF BIOLOGICAL TERRORISM ATTACKS,

HOW WERE THE INVESTIGATORY TECHNIQUES USED IN
THE ANTHRAX ATTACKS DIFFERENT FROM THOSE USED
IN THE PAST?
The second important breakthrough was finding the Senator Patrick

Leahy letter in a batch of quarantined mail. After the letter sent to
Senator Thomas Daschle was found on Capitol Hill, the Sargent in
Arms of the House of Representatives and Senate quarantined all
of the mail coming into the location that day. The mail flow to the
House and Senate resulted in 642 trash-bags of unopened envelopes.
We collected those trash bags in 55 gallon drums, resulting in 280
barrels of mail.
What was unique in the Anthrax case was the way that the FBI
structured their investigative squads. There were three squads of
FBI agents. The squad that I was a part of was responsible for the
forensics and consisted of agents with scientific backgrounds such
as Biology, Forensic Chemistry, Medicinal Chemistry and Genetics.
This was unique because to my knowledge, this structure had not
yet been utilized and has not been used since. All of the agents were
required to have advanced degrees in their field of science and 3 years
of work experience in their area of expertise. The other two squads
consisted of agents with a variety of backgrounds including but not
limited to accounting, engineering, and military officers. This squad
was responsible for interviews, email searches, etc. Each of the three
squads also consisted of several postal inspectors.
A Biosafety level 3 laboratory was built in a vacant warehouse where

HAZMAT trained agents analyzed the contents. Air sampling and
swabs of the trash-bags was performed by placing Q-tips into the
bags. These Q-tips were cultured for Anthrax bacteria. One bag of
quarantined mail showed a very large spike in Anthrax bacteria. Once
this bag was sorted through, a letter was found that was addressed to
6
FORENSICS JOURNAL
COULD YOU EXPLAIN WHAT THE LABORATORY

RESPONSE NETWORK IS AND HOW IT WAS INSTRUMENTAL IN HELPING TO INVESTIGATE THE ANTHRAX
ATTACKS?
STEPHANIE WITT completed her Undergraduate studies in 2008 at the University

of Baltimore, with a B.S. degree in Forensic
Science. She continued her studies at Stevenson University where she received a Masters
degree in Forensic Science in May 2011.
Stephanie currently works at Stevenson
University as the Assistant to the Dean in the
School of Graduate and Professional Studies.
The Laboratory Response Network was established in January 1999.

The Center for Disease Control (CDC) held a meeting in which
representatives of the major U.S. Laboratories were present including
Department of Defense (DOD), Association of Public Health Laboratories (APHL) and FBI. The idea was to create a critical component
for the countries readiness to detect and respond to bioterrorism
incidents. The CDC developed corporative agreements with the states
and larger municipalities. The CDC supplied funding to state and
large local public health laboratories to buy state of the art equipment.
The laboratories were also provided with quality-controlled reagents
and standardized protocols for the analysis of each select agent or
pathogen. This allows analytical results to be comparable between
Laboratory Response Network members. In the Anthrax case, it was
the Jacksonville Florida public health laboratory that identified the
first victim. The understanding was that these laboratories could use
the equipment for daily public health, however they would assist in
the event of a bioterrorism incident.
One reason that the Laboratory Response Network was extremely
important during the Anthrax attacks was because once it became
public knowledge that the Anthrax attacks were being conducted
through the mail, the result was a rash of white powder letters across
the country. Individuals were sending acquaintances, enemies, businesses, etc. letters filled with white powder. All of these incidents had
to be investigated and the substances had to be tested. The Laboratory Response Network enabled the state public health laboratories to
conduct the analyses. If the Laboratory Response Network was not
available at the time, the national level laboratories at Fort Detrick
and the CDC would have had to analyze about 50-60 thousand additional letters, during November 2001 alone. Instead, the state and
local laboratories that were part of the Laboratory Response Network
were available to test the potential Anthrax using standardized procedures, which greatly lessened the workload of the Federal Laboratories. These hoax incidents often developed into their own criminal
cases requiring the normal police work that accompanies criminal
cases. The Laboratory Response Network members worked with
their local FBI offices to institute procedures for maintaining chain of
custody and evidence control. Thus, if and when charges were filed
against an individual responsible for mailing white powder, the hoax
letter and its contents would be admissible in court.
Print Technology and Forensics

Amir Eden
Three-dimensional print technology is a cutting edge technology
on the consumer market. New consumer technology creates new
problems in need of innovative solutions. More specifically, it is
necessary to explore the issues that 3D print technology will present
to forensic examiners and forensic investigations compared to its twodimensional counterpart. In the case of this emerging technology, it
is essential for forensic examiners to know how to access valuable data
from these devices. It is also necessary for examiners to remain current on 2D print technology and explore more ways to access valuable
data, as well as expand current methods. Print technology can truly
impact forensic examinations. Exploration is the most effective way
to understand the extent to which this technology will affect forensics.
Although 3D technology made its first appearance in the 1950s on

movie screens, the first 3D printing device was not created until
the 1980s (What is 3D Printing?!). According to Tony Hoffman,
printer analyst and author for PC Magazine, the inventor of this
innovative device was Charles Hull, using a method known as stereo
lithography. Within this process, an ultraviolet laser traces the object
in photopolymer. Afterwards, the polymer turns solid under the
beam and the object is printed in stacked layers based on the computer design sent to the printer (Hoffman). In 1986, Hull patented
this method and founded 3D Systems (The Journey of a Lifetime).
Following this, the Selective Laser Sintering (SLS) and Fised Deposition Modeling (FDM) methods debuted new 3D printers in 1992
(What is 3D Printing?, 3dPrinting.com). Depending on the availability of materials and type of 3D printer, these devices can produce
a multitude of objects including general equipment parts, toys,
sculptures, utensils, product prototypes and more.
Computer print technology has been in existence for quite some

time. Recently, headlines about 3D printing have surfaced in online
news and magazine articles with stories about this technology posted
in online technology forums. Within the industrial sector, there is
an abundance of history surrounding 3D printers as well as its 2D
counterpart. Although 3D print technology is new on the consumer
market, this type of technology originated in the 1980s but remained
on the fringes of the technical market.
Generally, a 3D printer can either be industrial, for the manufacturing sector and large companies, or commercial, for at home or
consumer use. Industrial 3D printers are massive in size and more
expensive to operate as they are used to create bigger object designs
for manufacturing companies. Software for this type of printer usually involves larger scale prototype designs (What is 3D Printing?,
About3DPrinters.com). For example, the automotive companies use
them to make test vehicle parts. In addition, developers for various
products use 3D printers for prototyping in the beginning stages of
product development before mass production. The availability of
commercial 3D printers for average consumer use is a new phenomenon. These printers are currently being introduced via the consumer
market. Currently, investors are being sought by small hobbyist organizations to bring more 3D printers into the homes of consumers.
This is apparent based on various 3D print funding campaigns that
appear as pop-ups throughout the cyber realm. However, the lack of
demand for 3D printers is based on the lack of knowledge regarding
availability and capability of 3D print technology by the less technical
consumer (What is 3D Printing?, About3DPrinters.com).
WHAT IS 3D PRINT TECHNOLOGY?

3D print technologies consist of a special process. This type of printing is also referred to as a prototyping process whereby a real object
is created from a 3 dimensional design (3D Printing Basics). This
print technology requires a design. This design is either downloaded
from a free online library or created using a computer modeling software design tool, such as computer aided design (CAD) software and
generated by a user on a computer (Pellet). The user must then send
his or her file containing the design to the 3D printer. From there, the
printer selects the raw materials that will be used to create the real-life
replicated object. When the printer prints the design, the chosen
materials are layered on top of one another, forming small stacks (3D
Printing in News). This is the basis and foundation of 3D printing
devices as objects take form.
WHAT IS 2D PRINT TECHNOLOGY?
The method used in replicating real object designs is referred to as an

additive production technique (3D Printing in News). Specifically, this method refers to the process by which raw materials are
added into the layers. These materials include items such as ABS
plastic, polyamide (nylon), glass filled polyamide, stereo lithography
materials (epoxy resins), silver, titanium, steel, wax, photopolymers
and polycarbonate (3D Printing Basics). Once a material is
selected, the 3D printer discharges it sparingly, just as a 2D inkjet
printer would; however, the material distributed from a 3D printer is
printed by layer as opposed to across a page (3D Printing in News).
As a result of the additive method, all materials used to form the final
object are efficiently used.
Lower on the printing spectrum is 2D print technology which

produces flat, vertical or horizontal documents from computer files
and consists of two main categorical types: impact and nonimpact.
According to Jeff Tyson, author and certified systems engineer, impact
printers have parts that actually touch the paper to create a document. Within this category are dot matrix and character printers.
Tyson states that a dot matrix printer uses an array of small pins. The
pins strike a ribbon coated with ink, causing the ink to transfer to
the paper at the point of impact (Tyson). Character printers have
a series of bars with characters on each of them consisting of normal
numbers and letters. Similar to a typewriter, each bar hits the ink
FORENSICS JOURNAL
ribbon and transfers the image of the character to paper. Nonimpact

printers function as the name implies. No part within the printer
touches the paper. Inkjet printers employ an array of tubes that squirt
ink onto the paper (Tyson). Laser jet printers use a method of fusion,
bonding and static electricity to place toner, also known as dry ink, on
paper using heat (Tyson).
(How 3D Printing Is Changing). The medical industry has also

been impacted by this technology. While still in the development
stage, 3D printers can now produce molds for dentists, prosthetic
body parts for patients, and print almost functional human organs.
This print technology is making strides in the medicinal industry.
These printers assist with drug testing and tissue re-creation (How
3D Printing Is Changing). Specifically, 3D printers assist by recreating human tissue samples used to directly test the outcome and
effects of treatments. Doctors are then able to accurately document
treatment effects. Since its inception, 2D technology has made an
impact on everyday life. Without it, the ability to create physical
documents from computer files, copy or even scan files to produce
another document wouldnt exist. Curiously, the lesser known individuals affected by both printers are the computer security personnel
or forensic examiners in the computer forensic field. These professionals will be impacted by this technology on the industrial and
commercial front.
Georgiana Bobolicu, technology journalist, reports that the first computer associated printer was developed in 1953 by an inventor named
Remington-Rand. Bobolicu further reports that International Business Machines (IBM) marketed the first dot matrix printer in 1957.
She notes that the process was a dry print method, known as electro
photography, invented by Chester Carlson. During this process, a
photosensitive surface is uniformly charged with static electricity
forming an invisible layer (Bobolicu). Toner is finely spread, which
reveals the once invisible image. The image is then transferred and
developed. Next, fusion occurs between the toner and paper by
strained heat. Residual toner is cleaned using charged electricity
particles and the process is complete. This dry print process is the
forerunner of the modern laser printer (Laser and LED Printers).
COMPUTER FORENSICS
Computer forensics is defined as the application of computer investigation and analysis techniques to gather evidence suitable for presentation in a court of law (Bassett, Bass and OBrien 22). Forensic
examiners in this field recover data from an array of media sources
which include hard drives, files and even printers. It is the duty of
these individuals to recover and collect important electronic information for evidence. In computer forensics, examiners must follow
rigorous procedures during each investigation conducted on digital
media and keep clear documentation of evidence. During an investigation, examiners must maintain accurate records of conduct and
discoveries for presentation in court. It is the forensic specialists duty
to collect enough evidence to piece together a clear picture in order to
reveal criminal activity.
Unlike 3D printers, 2D print devices are prominent on the commercial market. Despite the fact that large companies and business
institutions may use them, laser and inkjet printers are generally sized
to fit on desks or table-tops. There is no special software required
when using these printers other than the setup programs to connect
the device to a network. These devices generally print documents
such as reports, presentation slides, graphs, photographs, etc. As a
result, only ink or toner and computer paper is needed for document
production.
SIMILARITIES AND DIFFERENCES
3D and 2D printers are the same type of product; printers. These
devices also serve the same purpose, i.e. produce a print from a file
that is sent to it. Although this basic concept is true, these devices
differ in a variety of ways. The most significant difference is that a
3D printer prints up as opposed to across. As stated earlier, a 3D
printer uses materials, while a 2D printer exclusively uses ink or toner
cartridges. In addition, the time it takes to finish a print job on a 3D
printer can be longer compared to the time it takes to finish a print
job on a standard 2D printer. This is because the 3D object is based
on a complex design, while a 2D document is a basic computer file.
A more evident fact is that the end product is obviously different. A
3D printer will produce an object, whereas a 2D printer will produce
a document. Lastly, the 3D printer costs more as new consumer technology usually does, which makes its 2D counterpart more affordable.
Computer forensics is a field where various specialty software tools

are used by examiners to recover incriminating data by searching for
items such as recently opened and deleted files. A forensic examination consists of searching through slack spaces as well as unallocated
file spaces within a hard drive. Through the course of an examination, an examiner may also look through data clusters within a hard
drive in order to recover evidence or the presence of a suspicious file.
It is a fact that erased files are never permanently deleted. This fact
makes it possible for an examiner in the forensic field to retrieve data
previously thought by the user to be lost. This is because the clusters
on the hard drive are still reserved as place holders for the erased data;
however, to the untrained eye, it appears as if the files are gone. An
examiner simply has to dig in order to find this information. It is in
these areas where key evidence may surface. It is a forensic examiners
responsibility to collect as much electronic information as possible
and preserve it with the utmost integrity for use, if needed, in a court
of law. An abundance of evidence must not only be retrieved, but
3D print technology has already made an impact on the automotive

industry through utilization of 3D printers to produce prototypes
and car parts that are sturdy as metals are added into the material mix
collected in accordance with various ethical procedures. These ethical

procedures protect examiners and recovered evidence against any form
of corruption. Evidence can include any details such as passwords,
filenames, personal identifiable information in memory, and even
running programs and files. In the case of 3D and 2D print technology, this will include printers as the connected media.
information from a printer can identify the device by its Uniform

Resource Locator (URL), embedded by manufacturers within a small
microchip, which serves to monitor ink or toner supply (Hoekstra).
VULNERABILITIES AND LIMITATIONS
PRINTER FORENSICS
Unfortunately, printer technology has vulnerabilities and limitations

like other technological devices. In general, a major vulnerability
within print technology is that a printer can be readily attached to a
local area network (LAN). This feature makes a printer accessible and
visible to every device that is connected or able to be connected on
that network. Because of this security issue, printers are good targets
for hackers. Generally, 2D printer devices use the Jet Direct protocol
(Guerrero). This protocol establishes contact with awaiting network
printers, adds information only understood by the printers, identifies
what content needs to be printed, and detects the format as displayed
by the document file extension. As a result of the ability of a printer
to receive commands, a hacker gains the ability to access a variety of
print devices in different locations. This opens the door for denial-ofservice (DOS) attacks i.e. sending unrecognized information to overwhelm the machine thus rendering it non-functional or essentially
taking it off-line, and remotely controlling it with malicious intent.
A more significant branch of the computer forensic field to this exploration is printer forensics. Printer forensics is not yet a defined field but
it is emerging in the forensic arena. The ideal goal for printer forensic
data recovery is to be able to identify the technology, manufacturer,
model, or even specific unit that was used to print a given document
(Mikkilineni et al. 223). There are currently two strategies proposed
for printer forensics using support vector machine (SVM) techniques.
According to Mikkilineni et al. these strategies are described as passive
and active. The passive strategy involves identifying features that are
specific to a certain printer, model, or manufacturers products (Mikkilineni et al. 223). This will help to determine which device printed
the document in question. The second strategy, referred to as active,
involves embedded information from the printer to the document.
Within this process, information such as the serial number of the
printer and the date on which a document was printed can be found
embedded within a printed document (Mikkilineni et al. 223).
One other vulnerability involves the ability to circumvent authentication processes. Any maliciously driven individual can entirely
sidestep the process of authentication by making a direct connection
to the port or sending content to print (Guerrero). This is significant because when a print job is sent, labels appear when viewing the
scheduled print job, which include network information, folder setup
and structure as well as names of the folders along with filenames.
This information can be used to gather data about a company, obtain
sensitive information and threaten national security if attacks are carried out on high target printers (i.e. Department of Defense assets).
The fact that printers can potentially store print jobs leaves information vulnerable to unauthorized access. The fact that encryption is
lost once a document is sent to a printer should put many industries
on alert and convince them to secure printers in addition to the usual
computer and other electronic devices containing sensitive information (Guerrero).
There is a more commonly known technique for identifying the

source of a printed document. The technique for identifying the
relationship between a printed document and its printer is known
as banding (Mikkilineni et al.). In banding, virtual fingerprints or
drum rotation marks are left on each paper produced by a printer.
The imperfect horizontal markings on printed documents reveal its
manufacturer type. Also, printer companies currently embed manufacturing codes to each document produced in addition to serial
numbers (Hoekstra). In this area of forensics, an examiner focuses
on the scattered dot signature left behind on documents, which can
serve as identifiable information. An examiner attempting to retrieve
Numerous limitations within both the computer and printer forensic

communities exist. A shared limitation in terms of print technology
is the lack of software constructed tools for use in forensic examinations. There are many forensic tools available; however, these tools
are not designed to retrieve information from printers. Currently
available tools are also not equipped to identify tampering within
printer hardware or software. Another limitation is that a universal
tool would not be an option since manufacturers typically keep their
products secret from competitors. This poses a problem because a
forensic examiner cannot possibly have a separate or custom made
software tool designed for each printer on the market. This makes it
In forensics, it is essential that examiners adhere to strict rules. These

individuals must ensure that evidence is collected from an item (i.e.
electronic media) that has been protected and remains in the same
state in which it was received. This ensures that potentially valuable
evidence is free from damage. Examiners discover a variety of valuable data during the course of an investigation and retrieve as much
information as possible whether hidden, deleted, etc. It is essential to
accurately organize and analyze each piece of data. Evidence presented in court requires procedures that can be re-created to ensure
accuracy by a third party examiner. For this reason, it is essential that
forensic examiners in the field keep detailed and accurate notes so that
an outside individual can replicate the recovery of the same evidence,
executing the same process and procedures without error.
10
FORENSICS JOURNAL
difficult to create a new functional forensic tool that will recover data,
print history, metadata and product production dates.
not currently have a dedicated set of tools to recover information.

This makes data recovery difficult because there is no foundation on
which to start an initial analysis. There is also no set standard for data
collection from a printer. This makes evidence recovery a challenge.
A final limitation regarding 3D print technology is the protocol for
documentation, preservation and storage parameters for recovered
data. The final limitation includes the space needed to examine 3D
print objects of different shapes and sizes.
Previously listed vulnerabilities and limitations are common for 2D

printers when it comes to forensic data recovery; however, 3D printers represent a new set of vulnerabilities and limitations. First, the
network connection will prove to be a significant weakness. 3D
printers are new to the consumer market; therefore, the product is in
an experimental stage. This means that the ability for the device to
be connected to a computer network via physical or wireless methods
is a considerable vulnerability. This is a likely vulnerability because
hackers can gain remote access to 3D printers and cause damage to a
network through its connection by virtually transporting and executing malicious codes or programs over open ports. This is worse in the
case of 3D printers because the device is so new that it is reasonable to
assume all bugs have not yet been worked out.
DATA RECOVERY
This brings the discussion to what significant data can be recovered
from print technology. Generally, metadata is recoverable from a
print file. Metadata is a small hidden description of a file. This data
typically includes the author, date of creation, last date of access,
file type and other small data details. In 2D printers, it is easy for a
computer professional to locate the metadata within the file and discover key elements. This sort of data is useful in determining where a
document was made and by what machine. According to Benjamin
Wright, a Professor in the law of data security and investigations at
the System Administration, Networking and Security (SANS) Institute, metadata can reveal the location of the first owner through code.
He also states that, in theory, a 3D printer can leave trace information
in the form of metadata, which would include numbers, words or
codes physically located within the produced object. Serial numbers,
codes, GPS location details and timestamps would also be likely to be
embedded in printed 3D objects (Wright). This information will be
useful in forensic cases where little information is known.
A second vulnerability is that 3D printers have their own specialty

software, which enables them to print a file from the specifically
created file extension for its particular device. Because this is true,
exploits will inevitably be discovered as they are in all computer based
technology. Specific hacking techniques will also be developed as a
result of the custom software. This will allow the software to be maliciously re-written, which will encourage hackers to create malevolent
executable programs. A third vulnerability, is that project data will be
open to theft, meaning a malicious user, after gaining access on the
printer network, will be able to view print jobs in the queue. This
is a problem because if a company wants to conceal a product until
official release from competitors until development, exploitation of its
recent print jobs will be damaging.
Metadata is not the only significant information. The material type

of a 3D printed object will be helpful in determining its source. Not
only can the object be physically searched for embedded information,
but the material can also be biopsied. This will allow examiners to
identify what material was used. Material identification can lead to a
specific printer, which will allow the object to be traced to a particular
manufacturing company just as ink or toner can be traced to a certain
model of 2D laser or inkjet printer. Once the identification has been
made, examiners will be able to detect the printer source. This will be
useful in cases of fraud or investigations into malicious activity.
The most significant vulnerability and limitation within the forensics

community is the lack of knowledge. Most forensic examiners arent
aware of the type of data that a printer can hold. Many examiners
do not fully understand the technicalities of how a printer functions
physically as oppose to just on the network. This fact is why print
technology forensics has not evolved as far as computer and mobile
device forensics. Overall, this combination of vulnerability and
limitation will hinder progress in print technology investigations until
more knowledge about print technology is gleaned.
WHATS IN STORE FOR THE FUTURE?
A plethora of limitations exist that are specific to 3D printers in forensics. First, this technology is up and coming, meaning it is new and
improved each day. This is a limitation because forensic examiners
are bombarded with a complex new technology. In addition to that,
the software component to a 3D printing device is open source or
freely shared. This will present a steep learning curve for examiners.
As a result of the open source nature, it will constantly be upgraded
and forensics cannot keep up with such rapid growth. Examiners are
already at an unfair disadvantage based on the speed in which this
print technology is being introduced to society. Second, printers do
The future holds endless possibilities for 3D print technology. It

seems that there is no object a 3D printer will not be able to create
within the next few years. This is especially true based on its product growth. At this rate, items produced by 3D printers will include
house parts, furniture, vehicles, appliances and other electronic
devices. Yet to come is the ability of 3D printers to create developed
human cells, tissues, ligaments, organs and various other body parts
from organic materials (Rosenbach and Schulz 2). In addition, 3D
printers will further advance the medical field by printing prescribed
11
medications. In this case, a doctor will send the prescription and its
ingredient list to the computer design software. The 3D printer will
create the medication based on the doctors list and custom create a
patients prescription (Rosenbach and Schulz 2).
technology that will significantly impact the forensic field. Expansion

of printer forensics will be important as this technology advances.
Although there are a lot of benefits to this technology, the limitations
and vulnerabilities create concern. In order to stay ahead of the game,
forensic examiners must understand exactly how printers function.
This will allow them to fully grasp how these devices can be examined. The big questions are: What can be collected from a printer?
What data is physically stored on a printer? How is this information,
once identified, going to be useful in an investigation? After a forensic investigator learns what information a printer can provide, he or
she can identify what information can be recovered from such devices.
3D print technology will change the manufacturing business. The

most significant change will come in the form of profits. As 3D
companies expand with the success of 3D printers, more money will
flow into them. Production costs will be cut drastically as steps are
eliminated from the production cycle. Costs for making changes to
product prototypes will be reduced because a company will only have
to reprint the item (Rosenbach and Schulz 1). There will likely be a
surplus in new products because 3D printers will make it easier for
anyone to design and print prototypes.
The key to a computer forensic investigation is to figure out the facts:

who, what, when, where, why and how. The answer of who, in this
case, is the hacker. Why hackers? Because these are the individuals
who are sniffing open ports on a network to figure out how to gain
access. In this case, what, will be the data retrieved by the hacker as
a result of an unsolicited intrusion. It will also include figuring out
the type of information the examiner wishes to retrieve to prove an
intrusion or fraud occurred. Figuring out when, will be finding out
the date and time of an intrusion on a network. It will also be the date
and time a 3D object was printed. The answer to where, in this case,
will be the location of a potential crime. It will include the location of
traced attacks linked back to an Internet Protocol (IP) address contained on a specific suspects network. Why was the crime committed? The answer will always arise as the investigation progresses if
one is not readily apparent at the outset. Last but not least, is how?
This information will come based on the location of the evidence or
lack thereof. Figuring out how a hacker gained access to or control
of a printer is essential to solve an investigation and implement new
methods to prevent a crime involving a printer in the future.
It is obvious that the ability to print an item on a whim means fast

product delivery. This print technology device will alter the way
people shop. Not only will businesses and purchase patterns be
altered, but inventors and product makers will be able to enter the
consumer market at a lower cost than usual (Rosenbach and Schulz
1). This will happen because the cost to design, develop and produce
a product will be significantly lower.
In the future, 3D print technology will challenge society. When a
product has been on the market for a certain period of time, the size,
shape and functionality is modified in order to appeal to more consumers. 3D print technology will branch into full size scanning and
duplication in the future. The outcome of this spread or overlapping
of similar types of technologies will create a bigger challenge for forensics but will also bring innovations that have been previously unseen.
Based on further technical advances, the printer forensics branch of
computer forensics will evolve into a separate discipline. The evolution of print technology will create specialized forensic examiner
positions in 3D and 2D print technology, thus an understanding of
3D print technology will be critical.
Tools will need to be produced which allow an examiner to examine

print technology in a way that preserves data without alteration or
contamination. Once the body and components of a 3D printer
are fully understood, forensic recovery tools must be developed that
will function with the in-house software components. Tools created
specifically for 3D print devices must be able to collect history, print
files, and identify metadata and user data residing on the network.
Information will be easily recoverable for a forensic examiner seeking
to discover evidence with the creation of forensic print tools. It will
also be beneficial if the 3D printer companies shared the product map
of their devices to allow examiners to build efficient general tools with
applications.
CONCLUSION
The success of 3D printers means a rise in crime involving fraud,
copyright, product patent laws and licensing rules. 3D printers will
open the door for imitators to copy products, works of art, etc., which
will lead to stricter rules and ethical standards. Many legal conflicts
will arise in the face of this new technology. Because of the intricacies of patent and copyright laws, there will always be a debate about
product infringement. Unfortunately, issues regarding reproduction
are a separate topic of uncertainty in regards to 3D print technology.
To gain knowledge about these devices, forensic examiners will need

to complete courses in 3D print technology. As examiners familiarize
themselves with the intricacies of 3D technology, variety of printers
manufactured, and specific attributes, these forensic experts will be able
to provide insights regarding exploitation. Additionally, reverse engineering methods can provide tools to extract evidence while employing
In researching 3D and 2D print technology, it can be stated that both

have an effect on the forensic field. 2D technology currently impacts
forensics based on the hacking techniques and attacks outlined
previously. Conversely, 3D print technology is the specific print
12
FORENSICS JOURNAL
distinctive evidence collection procedures. As 3D printers become

available to consumers, the prices will drop to a reasonable range.
When this happens, 3D cyber-crime will increase and forensic specialists will be in high demand. Formal coursework and training specifically designed to counter 3D printing technology crimes is the solution.
The Journey of a Lifetime. 3DSystems. 3D Systems, n.d. Web. 9 Apr.

2013. <http://www.3dsystems.com/30-years-innovation>.
Laser and LED Printers Technology. Mimech.com. Micromechanic
Company, n.d. Web. 17 Apr. 2013. <http://mimech.com/printers/
laser-printer-technology.asp>.
With all the possibilities and wonders of 3D technology, forensic

examiners must be prepared with data recovery tools, methods, techniques and tactics. This type of print technology is a challenge for
forensics as it pushes the boundaries of technology, tests the rules of
evidence, reimagines intellectual property laws, and has the capability
to threaten society. The optimal approach for forensic professionals is
to learn everything about this emergent print technology in order to
counter the threat of malicious activity, recognize it when it occurs,
and provide irrefutable evidence in court.
Mikkilineni, Aravind K., et al. Printer Forensics Using SVM Techniques. NIP21: International Conf on Digital Printing Technologies.
Vol. 21. N.p.: n.p., 2005. 223-26. NIP 21. Engineering.purdue.edu.
Web. 23 Mar. 2013. <https://engineering.purdue.edu/~prints/public/
papers/nip05-mikkilineni.pdf>.
Pellet, Jennifer. How 3D Printing Works. T. Rowe Price. T. Rowe
Price Investment Services, May 2012. Web. 23 Mar. 2013. <http://
individual.troweprice.com/public/Retail/Planning-&-Research/
Connections/3D-Printing/How-3D-Printing-Works>.
REFERENCES
Rosenbach, Marcel, and Thomas Schulz. 3-D Printing: Technology May Bring New Industrial Revolution. Spiegel Online. Spiegel
Online, 4 Jan. 2013. Web. 20 Feb. 2014. <http://www.spiegel.de/
international/business/3d-printing-technology-poised-for-new-industrial-revolution-a-874833.html>.
3D Printing Basics. www.3ders.org. www.3Ders.org, n.d. Web. 23

Mar. 2013. <http://www.3ders.org/3d-printing-basics.html>.
3D Printing in News Videos. About3DPrinters.com. About3dPrinters.com, n.d. Web. 23 Mar. 2013. <http://www.about3dprinters.
com/3d-printing-news.html>.
Tyson, Jeff. How Inkjet Printers Work. HowStuffWorks. HowStuffWorks, n.d. Web. 17 Apr. 2013. <http://computer.howstuffworks.
com/inkjet-printer.htm>.
Bassett, Richard, Linda Bass, and Paul OBrien. Computer Forensics:

An Essential Ingredient for Cyber Security. Journal of Information
Science and Technology 3.1 (2006): 22-32. Citeseerx.ist.psu.edu. Web.
20 Feb. 2014. <http://citeseerx.ist.psu.edu/viewdoc/download?doi=10
.1.1.126.2719&rep=rep1&type=pdf>.
What Is 3D Printing? 3dPrinting.com. N.p., n.d. Web. 23 Mar.

2014. <http://3dprinting.com/what-is-3d-printing/>.
Bobolicu, Georgiana. History of Computer Printers. Softpedia. Softpedia, 7 Nov. 2008. Web. 17 Apr. 2013. <http://gadgets.softpedia.
com/news/History-of-Computer-Printers-032-01.html>.
What Is 3D Printing? About3DPrinters.com. About3DPrinters.com,

n.d. Web. 23 Mar. 2013. <http://www.about3dprinters.com/what-is3d-printing.html>.
Guerrero, Sebastin. Exploiting Printers via Jetdirect Vulnerabilities. VIAForensics. viaForensics, 14 Jan. 2013. Web. 24 Mar. 2013.
<https://viaforensics.com/security/exploiting-printers-via-jetdirectvulns.html>.
What Is 3D Printing?! Squidoo. Squidoo, n.d. Web. 9 Apr. 2013.

<http://www.squidoo.com/3d-printing-jewellery>.
Wright, Benjamin. 3D Printing Forensics. Legal-beagle.typepad.com.
N.p., 7 July 2011. Web. 20 Feb. 2014. <http://legal-beagle.typepad.
com/security/>.
Hoekstra, Marjolein. Quiet Encoding: How Your Laser Printer

Manufacturer Has Embedded an ID Code on Every Page You Print.
MasterNewMedia. N.p., 27 Nov. 2004. Web. 17 Apr. 2013. <http://
www.masternewmedia.org/news/2004/11/27/quiet_encoding_how_
your_laser.htm>.
AMIR EDEN recently graduated from

Stevenson University with a B.S. in
Computer Information Systems. She started
in Stevensons BS/MS program her junior
year and is currently working to complete
her M.S. in Computer Forensics. She is
currently working for a defense contractor
and is looking forward to a fulfilling career
in computer forensics.
Hoffman, Tony. 3D Printing: What You Need to Know. PC Magazine. Zaff Davis, 17 Oct. 2011. Web. 9 Apr. 2013. <http://www.
pcmag.com/article2/0,2817,2394722,00.asp>.
How 3D Printing Is Changing the World. About3DPrinters.com.
About3DPrinters.com, n.d. Web. 9 Apr. 2013. <http://www.about3dprinters.com/how-3d-printing-is-changing-the-world.html>.
13
The Methods to Prevent and Detect Fraud in the

Supplemental Nutrition Assistance Program
Valerie Roebuck
The Supplemental Nutrition Assistance Program (SNAP)1 experienced
a spike in enrollment during the last few years due to the economic
crisis (Supplemental Nutrition Assistance Program). According to
Congressional Budget Office statistics, SNAP recipients increased
by 70 percent between 2007 and 2011 with the program now rated
the second largest assistance program for low income families (Issa).
In 2012, SNAP issued over $74 billion in benefits (Supplemental
Nutrition Assistance Program).
rate has decreased from four cents per dollar of benefits redeemed
to one cent per dollar (Lavallee). Even though the fraud rate has
declined, SNAP fraud remains a major problem and costs the Federal Government millions of dollars every year. Between the years
of 2006 and 2008, SNAP lost $330 million in benefits to trafficking
(The Extent of Trafficking 2). The USDA should review the current
methods used to combat SNAP fraud and work to identify technologies and policies which should be revised, upgraded, or modified to
prevent, detect, and prosecute fraudsters.
With the large growth in program participation and costs, the Federal
Government is scrutinizing the methods used to combat SNAP fraud
(Issa). There are four basic methods of SNAP fraud: misrepresentation, multiple states enrollment, misuse of another persons benefits,
and trafficking. The first SNAP fraud occurs when people misrepresent themselves on applications in order to receive or redeem benefits
(Concannon). The applicant may provide false information such as a
fake Social Security number, incorrect address, or inaccurate employment status. The second fraud is when recipients violate program
regulations and receive SNAP benefits in multiple states (Fong). The
third occurs when someone uses another persons SNAP benefits.
Only the recipient is authorized to access and use the benefits he or
she is awarded (Food Supplement Program).
PROGRAM BACKGROUND AND PARTICIPATION

REQUIREMENTS
In order to understand the current issues of SNAP, it is important to
examine the programs background. The SNAP program is funded
and regulated by the Food and Nutrition Service (FNS) division of
the USDA (Supplemental Nutrition Assistance Program). Each
state administers the program and determines the eligibility of its
participants (United States Government Accountability 2). The FNS
is required to ensure that states are complying with its policies and
are taking the means necessary to prevent SNAP fraud (United States
Government Accountability 2).
Trafficking is the fourth type of SNAP fraud that refers to the

exchange of benefits for cash or other consideration (Supplemental
Nutrition Assistance Program: Trafficking Controls and Fraud Investigations). SNAP benefits may only be used on specific food items
that the United States Department of Agriculture (USDA) identifies.
These items include meats, vegetables, fruits, dairy, breads, cereal and
seed to grow food producing plants (Supplemental Nutrition Assistance Program). People are not allowed to use their benefits on prepared, hot foods such as food served in a restaurant (Supplemental
Nutrition Assistance Program). When individuals receive too much
or too little in SNAP benefits, the result is a payment error (United
States Government Accountability 4). The payment error rate is the
percentage of benefits that were issued in error (United States Government Accountability 4). The current payment error rate is 3.8
percent (Fong). In 2011, the Office of the Inspector General (OIG)
audited five states (Fong). They found 8,594 cases in which benefits
were improperly distributed resulting in a potential loss of around
$1.1 million in benefits a month due to payment errors (Fong).
In the program, individuals receive SNAP benefits based on their economic needs. Individuals must apply in the state in which they reside
and are not allowed to receive benefits in multiple states (Residency).
The amount of SNAP benefits a household receives is based on the
household income, household composition, shelter costs, and other
expenses, such as child support and dependent care payments (Food
Supplement Program). According to the Code of Federal Regulations (CFR), a household is eligible based on income if its income is
at or below 130% of the Federal income poverty level (Income and
Deductions). Every household begins with a baseline USDA determination as the maximum allotment for the household size (Supplemental Nutrition Assistance Program). This number is based on
current food prices and will be adjusted periodically to reflect changing prices (Food Supplement Program). The higher the household
income, the lower the household SNAP benefits entitlement. Shelter
costs or qualified expenses will increase the benefit amount and offset
the income adjustment (Food Supplement Program). Applicants
are required to provide verification at the time of application such
as income, identity of the head of household, alien status, and residency (Office Operations and Application Processing). States have
the option to request verification of deductable expenses such as
The USDA has implemented technologies and policies in SNAP to

protect the program from fraudulent practices. Since 1993 the fraud
The program was previously known as the Food Stamp Program. The name was changed to SNAP on October 1, 2008 to emphasis nutrition in the program and
increased benefit amounts (Supplemental Nutrition Assistance Program).
1
14
FORENSICS JOURNAL
shelter costs and child care costs (Office Operations and Application
Processing). Also, the administering offices can request additional
documentation if they believe there is inaccurate information on the
application (Office Operations and Application Process).
records the information such as where the transaction occurred and

how many benefits were used during a transaction (Hatcher). Once
the transaction occurs, the system automatically deposits money into
the retailers account (Food Stamp Program).
In addition to income requirements, applicants must also meet

citizenship requirements to receive SNAP benefits. As a rule, an
individual must be a citizen of the United States or be a legal permanent resident who has maintained legal status for at least five years
(Citizenship and Alien Status). There are exceptions to these rules
based on age and how the person entered the country. For example, a
legal permanent resident under the age of 18 who has not been a legal
permanent resident at least five years may qualify for benefits (Citizenship and Alien Status). An individual who entered the country
as a refugee or who has been granted asylum may also be entitled to
benefits (Citizenship and Alien Status). Benefits may be granted to
individuals from a particular country or ethnic group that the CFR
identifies as eligible recipients2 (Citizenship and Alien Status).
The EBT system is one of the primary tools used by fraud detection
units to identify fraudulent activities in SNAP (Hatcher). It reads into
the Anti-Fraud Locator EBT Retailer Transactions System (ALERT)
which produces EBT management reports (Fong). The fraud detection
units can look at these reports and take note of any potential fraudulent patterns (Fong). One suspicious pattern is the use of benefits
across state lines (Hatcher). If a majority of purchases are occurring in
a state outside the recipients residential state, this may be an indicator
of someone other than the recipient using the EBT card (Ballou).
Prior to the use of the EBT system, benefits were issued by paper
coupons. It was difficult to track the use of the coupons and individuals could more easily traffic their benefits (Hatcher). In 1993 paper
coupons were still in use and an estimated $811 million dollars in
benefits were trafficked (The Extent of Trafficking 3). The amounts
decreased between 1999 and 2002 to $393 million dollars (The
Extent of Trafficking 3). During this time period, states were beginning to implement the EBT system (Klerman and Danielson 870).
All state EBT systems were operational in 2004 and the estimated
amount of benefits trafficked between 2002 and 2005 decreased from
$393 to $278 million (The Extent of Trafficking 3). These numbers demonstrate that EBT was successful in reducing the amount of
benefits being trafficked.
If a household is found eligible for benefits, the recipient is given a

set dollar amount to spend on eligible food items every month. The
benefits are automatically credited to an Electronic Benefit Transfer
(EBT) card which is used like a debit card at participating retailers
(Food Supplement Program). States are required to ensure applicants and recipients know and understand the rules of the program
(Program Informational Activities).
CURRENT TECHNOLOGY SYSTEMS
There are flaws in the EBT system and the way the system is handled
by the states. First, not all states are making use of the EBT management reports to track fraud (State Fraud Detection 2). FNS
requires states to have access to the system, but does not require the
states to utilize the system (State Fraud Detection 2). States must
review the reports the system generates, but they do not have to use
the data from the reports (State Fraud Detection 5). This can result
in fraud detection units overlooking cases of potential fraud. In an
audit done by the USDA Office of the Inspector General (OIG) of
the states of New Jersey and Florida, the auditors discovered 2,600
potentially fraudulent cases through the EBT reports that were not
identified or acted upon by either state (State Fraud Detection 7).
If states are not using the information provided by the system, there
could be more accounts of undetected fraud. This is a problem since
It is difficult to identify and discuss every technology system used

to combat SNAP fraud since each state is allowed to create its own
methods of fraud detection (State Fraud Detection 5). However,
some technology systems are utilized by both the FNS and State governments agencies to aid their fraud detection efforts. These systems
include: EBT system, Anti-Fraud Locator EBT Retailer Transactions
System (ALERT), and income eligibility verification systems (IEVS).
The EBT system replaced paper coupons and was first mandated in
1996 (Klerman and Danielson 870). All states became operational
by June 2004 (Supplemental Nutrition Assistance Program). Every
EBT card is protected by a personal identification number (PIN)
that is known only to the cardholder (Hatcher). Whenever a recipient swipes his or her card at a retailer, the EBT system automatically
Refer to Code of Federal Regulations 273.4 for a detailed list of qualified alien groups.
15
the Federal Government is losing large amounts of money to fraud.

In addition, the fraud data collected may not be as accurate due to
cases of undetected fraud.
(Ballou). The applicants may have to provide further documentation

if they claim they are no longer working, but there is employment
showing in the previous quarter. If a person did not work in the
previous quarters but is currently employed, the system will not show
this information. In addition, the system only shows employment
in the State of Maryland (Ballou). MABS is not able to reflect work
information for an applicant working across state lines.
Another problem with the EBT system is that states claim the EBT
management reports are tedious and time-consuming to review
(State Fraud Detection 9). They prefer to use their own methods
of fraud detection (State Fraud Detection 9). In many cases, FNS
and the states have online sites and telephone hotlines for the public to report suspected fraud (Supplemental Nutrition Assistance
Program). The fraud investigators also rely on the administering
offices to refer potential fraud cases (Ballou). Another method of
fraud detection used is when states concentrate efforts in areas where
they believe fraud may be more prevalent (State Fraud Detection
9). These may be areas where trafficking occurred in the past and are
identified as high risk areas (USDA Announces Latest Actions).
There is also a nationwide IEVS available to states called The Work

Number (Verification Services). The Work Number is an online
site that provides employment information for individuals in any state
in the United States (Verification Services). The applicants Social
Security number is entered and the administering office can access the
applicants employment information (Malone 1). This is beneficial
since the administering agencies can verify work in any state at the
time of application. The drawback with Work Number is its reliance
on employers to sign up with the site in order to have their information available (Verification Services). If an applicant is not working for one of the employers on the system, his or her employment
information will not be reflected.
The problem is that some of the fraud detection methods chosen by

the states may not be as effective as the data gathered directly from the
EBT system. Thomas Ballou, an investigator with the Office of the
Inspector General in the State of Maryland, notes many of the fraud
reports that come from the public through the hotline and online
fraud site are anonymous and lack evidence (Ballou). The inspectors are required to follow up on every tip, but they sometimes find
they have insignificant information to pursue a full investigation (Ballou). With the EBT system data, the investigators are able to document the fraud based on the detailed transactions. This information
can make it easier to follow through on a fraud investigation.
CURRENT POLICIES
The Federal Government has policies in place to protect SNAP from
fraudulent activities. The CFR outlines the penalties of SNAP fraud
which can deter individuals from participating in fraud. States also
have discretionary policies to determine what verifications are needed
during the application process. The area of concern encompasses
those policies that are vague, subject to multiple interpretations, complicate both states and the Federal Government efforts to prosecute a
program violator.
In addition to the EBT and ALERT systems used by FNS and the
state fraud detection units, there are systems used by the administering agencies to verify information when someone applies to receive
benefits. One type of system is known as the income eligibility verification systems (IEVS) (Faulkner). With the IEVS, the administrator
reviewing an application enters a persons Social Security number into
the IEVS and verifies his or her employment (Faulkner). The CFR
gives states the authority to use any IEVS to aid with the administering of benefits however the systems vary from state to state (State
Income and Eligibility Verification System).
CFR 271.5 section 15(b)(1) outlines the penalties that can be applied
to individuals caught defrauding SNAP. Any fraudulent behavior
resulting in the misuse of $100 or more in SNAP benefits is considered a felony (Coupons as Obligations). A person can receive up
to $250,000 in fines, up to 20 years in prison, or both for misusing
$5000 or more in benefits (Coupons as Obligations). For violations resulting in $100-$4999 in benefits, a person can be fined up
to $10,000, or face up to five years in prison, or both (Coupons as
Obligations). A person is guilty of a misdemeanor if they misuse less
than $100 in benefits (Coupons as Obligations). The consequences
of a misdemeanor are fines up to $1000, up to a year in prison, or
both (Coupons as Obligations). If a person is convicted two or more
times for any level of violation, then he or she will be subject to both
imprisonment and the fine (Coupons as Obligations). In addition
to facing a conviction in a criminal court, a program violator can
face administrative consequences such as disqualification from the
program (Coupons as Obligations). In lieu of imprisonment, there is
also the option of restitution (Coupons as Obligations).
The benefit of the IEVS is that the systems can identify an applicant
reporting false information on the SNAP application. If the applicant falsely reports no employment, the administrator can pull up
the employment information on the IEVS and despute the claim
(Faulkner). These systems prevent payment errors since they highlight employment discrepancies.
The drawback of the IEVS is that every state has its own system and
the systems may have limitations. For example, the State of Maryland uses an IEVS known as Maryland Automated Benefits System
(MABS) (Ballou). MABS is only able to show someones work history for past quarters and not the current employment information
The benefit of this policy is that individuals can face a felony convic16
FORENSICS JOURNAL
tion in a federal court for misusing as little as $100 in benefits. With

these consequences in place, people may be less likely to commit
fraud. Another benefit of this policy is it gives the option of restitution. The Federal Government loses millions of dollars every year to
fraud and restitution is one way to get recoup some of its losses. The
problem is the courts lack of ability to handle all of the fraud cases
(Ballou). If every instance of SNAP fraud resulting in $100 or more
was taken to court, the courts would be overwhelmed with cases. The
state investigators have to select which cases they refer to the Federal
Government for prosecution, thus resulting in fewer criminal prosecutions (Ballou). The cases most likely to be referred are those that
involve larger amounts of money (Ballou).
substances, as defined in section 802 of title 21, United

States Code, for coupons (Definitions).
The definition is vague and does not account for individuals attempting to sell benefits or those who offer to buy benefits (Supplemental
Nutrition Assistance Program: Trafficking Controls and Fraud Investigations). It is difficult to prosecute these individuals because the
definition does not specifically include these behaviors (Supplemental
Nutrition Assistance Program: Trafficking Controls and Fraud Investigations). FNS is studying a revised expanded definition of trafficking
to include the phrase intent to sell (Concannon).
ANALYSIS AND PROPOSED SOLUTIONS
There are consequences in addition to the felony convictions for

individuals caught defrauding the program. SNAP violators can sign
a disqualification consent agreement in instances where they are not
referred to criminal proceedings (Ballou). By signing the agreement,
the violator admits to participating in fraudulent behavior in the
program (Ballou). The state will then disqualify the violator from the
program and use methods such as wage garnishment to recoup the
stolen money (Ballou).
There are aspects of the current technologies and policies that are
successful in the fight against SNAP fraud; however, there are areas
in each of the systems and policies that can be improved upon. The
amount of benefits lost each year to fraud is enormous and there are
ways to increase the efforts to combat fraud. SNAP fraud is a reality. The fraud rate is based on what percentage of benefits issued each
year are lost to trafficking (Lavallee). The amount of benefits issued
every year is increasing. If the fraud rate remains the same, then the
amount of money lost to fraud is increasing as well. The statistics
already show an increase in the amount of money lost every year to
trafficking (Extent of Trafficking 3).
Another SNAP policy that could affect fraud statistics is that which
that allows states to decide what verifications they will request from
applicants and recipients. The Federal Government allows the states
flexibility to decide if they want to require verification of household
deductions (Office Operations and Application Processing). An
example of this is the state option to decide whether or not to require
verification of housing and child care expenses (State Options
Report 6).
There are several other statistics that need to be analyzed in order to

understand the reality of the fraud problem. These statistics include:
fraud investigations, prosecutions, fraud hearings, disqualified consent
agreements, fraud claims established and total number of disqualifications (State Activity Report 2). The State Activity Report issued
by FNS in December 2012 shows the statistics for these areas for the
Federal Fiscal Years 2010 and 2011 (, State Activity Report 2). The
only statistic that did not increase is prosecutions (State Activity
Report 2). This confirms the problem of unsuccessfully prosecuting
individuals (Supplemental Nutrition Assistance Program: Trafficking
Controls and Fraud Investigations). The number of investigations
increased by 1.71 percent while fraud hearings increased by 6.22
percent (State Activity Report 2). The number of disqualification
consent agreements rose 6.45 percent, the total number of disqualifications increased by 4.24 percent, and the fraud claims established
went up by 5.74 percent (State Activity Report 2). It is clear from
these statistics that SNAP fraud continues. There are changes that
can be made to the current technologies and policies to better protect
the program from fraud. These changes focus on three different areas:
fraud prevention, fraud detection, and violator prosecution.
This policy is beneficial in getting assistance to more people since it

can speed up the application process. Conversely, by requiring less
documentation it is more difficult to verify what people report on their
applications and fraudulent information can easily go undetected. A
household can report more rent than it is actually paying and receive
more benefits than it is entitled. Without the documentation to verify
the claim, the household can continue to receive an incorrect benefit
amount. The result of this is an undetected payment error. The payment error rate only reflects cases where benefits are found to be issued
incorrectly (United States Government Accountability 4). Without
the documentation to show incorrect benefit issuance, the payment
error rate may not be accurate due to undetected payment errors.
The third policy issue that can affect SNAP fraud is policies that are
vague and not well-defined. An example of this is the definition of
trafficking. The CFR definition is as follows:
The priority is to prevent SNAP fraud. This will save the program
from paying out millions of dollars to ineligible personnel every year.
The key to preventing fraud is to identify fraud during the application
process. When applicants apply to become recipients it is up to the
Trafficking means the buying or selling of coupons,

ATP cards or other benefit instruments for cash or
consideration other than eligible food; or the exchange
of firearms, ammunition, explosives, or controlled
17
state administrators to decide whether or not an individual is eligible

for benefits (United States Government Accountability 2). The
administrators need to have all resources available in order to identify
fraudulent applications. One way to do this is to provide a more
effective IEVS that all states can access. There should be one system
that reports current and past employment history of every person possessing a Social Security number. The system should not be limited to
specific states or employers. This will enable SNAP administrators to
immediately verify income information for applicants and promptly
catch fraudulent employment information reported on the applications. This can save SNAP from payment errors and reduce the
number of ineligible people receiving benefits.
Overall, fraud has been and continues to be a major concern in SNAP.

The fraud rate has decreased and the implementation of systems
such as EBT has been effective in lowering the fraud rate. However,
the monetary loss is still substantial. The key is continuous process
improvement, clear policies, and aggressive prosecution of violators.
REFERENCES
Ballou, Thomas. Personal interview. 19 Feb. 2013.
Citizenship and Alien Status. 7 C.F.R. Sec. 273.4. 2007. Print.
Concannon, Kevin. Store Food Stamp Fraud and USDA Enforcement. FDCH Congressional Testimony. Committee on House
Oversight and Government Reform, 8 Mar. 2012. Military and
Government Collection. Web. 24 Jan. 2013.
Another preventative method is for states to require more documentation during the application process. Requiring less documentation
streamlines the process; however, it facilitates fraud. The lack of
documentation makes it more difficult to verify what is on an application, creates more opportunity for benefits to be issued improperly,
and leads to more cases of undetected fraud and undetected payment
errors. The administrators need to be able to prove that the information on the application is accurate in order to be certain benefits are
being issued properly. Also, fraud investigators rely on verifications to
prove cases where fraud is discovered (Ballou). When there is a lack
of proof to convict someone of fraudulent behavior, then it is more
likely individuals will not be prosecuted or disqualified. Complete,
accurate documentation at the outset is the solution.
Congressional Budget Office. The Supplemental Nutrition Assistance

Program. By Kathleen FitzGerald et al. N.p.: n.p., 2012. Congressional
Budget Office. Web. 25 Jan. 2013. <http://www.cbo.gov/sites/default/
files/cbofiles/attachments/04-19-SNAP.pdf>.
Coupons as Obligations of the United States, Crimes and Offenses. 7
C.F.R. Sec. 271.5. 2012. Print.
Definitions. 7 C.F.R. Sec. 271.2. 2011. Print.
Faulkner, Kenya Mann. Store Food Stamp Fraud and USDA
Enforcement. FDCHCongressional Testimony. Committee on
House Oversight and Government Reform, 8 Mar. 2012. Military
and Government Collection. Web. 24 Jan. 2013.
Fraud detection improvements are required. The EBT system is a

useful tool to identify potential fraudulent activity. Since the information in the system is derived directly from SNAP transactions, it
remains one of the best options to combat SNAP fraud. The problem
appears to be that the EBT management reports are difficult to analyze and review in a manner that is time efficient (State Fraud Detection 9). One solution would be to have the system create reports
that are more user-friendly. They can be organized and categorized
in a way that can help states quickly identify potential fraud. In
addition, FNS should provide more training to the state agencies on
optimal ways to run and analyze the reports. By providing additional
training, state employees can become more comfortable with the
reports and be able to utilize them as fraud detection tools.
Fong, Phyllis K. Store Food Stamp Fraud and USDA Enforcement.

FDCH Congressional Testimony. Committee on House Oversight
and Government Reform, 8 Mar. 2012. Military and Government
Collection. Web. 24 Jan. 2013.
Food Stamp Program: Electronic Benefits Transfer (EBT) Systems -Statement on Auditing Standards No. 70 (SAS No. 70) Examination
Requirements. 65 Fed. Reg. 10675-78. 29 Feb. 2000. Print.
Food Supplement Program. Maryland Department of Human
Resources. N.p., n.d. Web. 9 Feb. 2013. <http://www.dhr.state.md.us/
blog/?page_id=5514>.
The final area where improvements can be made is in the prosecution of violators. There may not be an easy solution to the problem
of courts being inundated with cases; however, the policy can be
changed to ensure SNAP violators who are sent through the system
are not able to find loopholes in the policy. One of these changes
is to make sure the policy is clear and well-defined. FNS should be
actively assessing the situations where SNAP violators are not convicted because the policy is too vague. Based on these cases, FNS can
better determine where the policy needs to be clarified.
Hatcher, Jennifer. Store Food Stamp Fraud and USDA Enforcement. FDCH Congressional Testimony. Committee on House
Oversight and Government Reform, 8 Mar. 2012. Military and
Government Collection. Web. 24 Jan. 2013.
Issa, Darrell E. Store Food Stamp Fraud and USDA Enforcement.
FDCH Congressional Testimony. Committee on House Oversight
18
FORENSICS JOURNAL
and Government Reform, 8 Mar. 2012. Military and Government

Collection. Web. 24 Jan. 2013.
14 Feb. 2013. <http://www.fns.usda.gov/sites/default/files/10-State_

Options.pdf>.
Income and Deducitons. 7 C.F.R. Sec. 273.9. 2011. Print.
United States Department of Agriculture. Supplemental Nutrition

Assistance Program: State Activity Report Fiscal Year 2011. N.p.: n.p.,
2012. United States Department of Agriculture: Food and Nutrition
Service. Web. 15 Feb. 2013. <http://www.fns.usda.gov/snap/qc/
pdfs/2011_state_activity.pdf>.
Klerman, Jacob Alex, and Caroline Danielson. The Transformation of the Supplemental Nutrition Assistance Program. Journal of
Policy Analysis & Management 30.4 (2001): 863-88. Business Source
Complete. Web. 23 Jan. 2013. <http://eds.b.ebscohost.com/ehost/
pdfviewer/pdfviewer?sid=e0a6d359-bb03-45bd-8539-77819d040107
%40sessionmgr113&vid=4&hid=115>.
United States Government Accountability Office. Supplemental Nutrition Assistance Program: Payment Errors and Trafficking Have Declined, but
Challenges Remain. By Kay E. Brown. Research rept. no. GAO-10-956T.
N.p.: n.p., 2010. United States Government Accountability Office. Web.
23 Jan. 2013. <http://www.gao.gov/new.items/d10956t.pdf>.
Lavallee, Aaron. FACT vs. FICTION: USDAs Supplemental Nutrition Assistance Program. United States Department of Agriculture
Blog. N.p., 24 June 2011. Web. 3 Feb. 2013. <http://blogs.usda.
gov/2011/06/24/fact-vs-fiction-usda%E2%80%99s-supplementalnutrition-assistance-program/>.
USDA Announces Latest Actions to Combat Fraud and Enhance

SNAP Program Integrity Strengthened Measures Help Fight Fraud in
Nations Most Critical Nutrition Assistance Program. United States
Department of Agriculture. N.p., n.d. Web. 14 Feb. 2013. <http://
www.usda.gov/wps/portal/usda/usdahome?contentid=2012/02/0042.
xml&navid=NEWS_RELEASE&navtype=RT&parentnav=LAT
EST_RELEASES&edeployment_action=retrievecontent>.
Malone, Rosemary. The Work Number Express Service. N.d. PDF file.
Office Operations and Application Processing. 7 C.F.R. Sec. 273.2.
2011. Print.
Program Informational Activities. 7 C.F.R. Sec. 272.5. 2011. Print.
<http://www.usda.gov/wps/portal/usda/usdahome?contentid=2012%
2F08%2F0269.xml&contentidonly=true>.
Residency. 7 C.F.R. Sec. 273.3. 2011. Print.
Verification Services. Theworknumber.com. Equifax, n.d. Web. 15

Feb. 2013. <http://www.theworknumber.com/go/>.
State Income and Eligibility Verification System. 7 C.F.R. Sec. 272.8.

2012. Print.
VALERIE ROEBUCK graduated with

a Bachelors of Arts Degree in Sociology
from Eastern University in St. Davids,
Pennsylvania. She has been employed
for almost seven years with the State of
Maryland. Mrs. Roebuck administers Long
Term Care Medicaid benefits to individuals
in nursing facilities for the State of
Maryland. She is currently working on her
Masters Degree in Forensic Studies in the
investigations track at Stevenson University.
Supplemental Nutrition Assistance Program (SNAP). United States

Department of Agriculture: Food and Nutrition Service. N.p., n.d. Web.
15 Feb. 2013. <http://www.fns.usda.gov/snap/supplemental-nutrition-assistance-program-snap>.
Supplemental Nutrition Assistance Program: Trafficking Controls and
Fraud Investigations. 77 Fed. Reg. 31738. 30 May 2012. Print.
United States Department of Agriculture. The Extent of Trafficking in
the Supplemental Nutrition Assistance Program: 2006-2008. By Richard
Mantovani and Hoke Wilson. N.p.: n.p., 2011. United States Department of Agriculture: Food and Nutrition Service. Web. 14 Feb. 2013.
<http://www.fns.usda.gov/sites/default/files/Trafficking2006.pdf>.
United States Department of Agriculture. State Fraud Detection Efforts
for the Supplemental Nutrition Assistance Program. By Gil H. Harden.
Rept. no. 27703-0002-HY. N.p.: n.p., 2012. United States Department of Agriculture. Web. 25 Jan. 2013. <http://www.usda.gov/oig/
webdocs/27703-0002-HY.pdf>.
United States Department of Agriculture. Supplemental Nutrition
Assistance Program: State Options Report. N.p.: n.p., 2012. United
States Department of Agriculture: Food and Nutrition Service. Web.
19
U.S. Citizenship and Immigration Services:

Investigating and Preventing Immigration
Marriage Fraud
Sara Padgett Torres
Since the early 2000s, immigration to the United States via marriage
to a citizen has increased exponentially (DHS Office of Immigration
Statistics 3). In 2003, 184,741 foreign nationals obtained green cards
through marriage, according to U.S. Citizenship and Immigration
Services (U.S. Census Bureau 6). In 2009, the number of immigration visa petitions through marriage drastically increased to 317,129
(DHS Office of Immigration Statistics 3). The immigration policy
of the United States requires that alien spouses receive priority over
all other immigration petitioners since alien spouses are in the immediate family category. The goal of the policy is to keep immediate
families together, by providing a higher priority status in comparison
to petitioners who do not fall into this category. While it is possible
to legally immigrate to the United States without being immediate
family of a U.S. citizen or permanent resident, the waiting period
to receive a green card can be upwards of five years (DHS Office of
Immigration Statistics 3). Thus, the increase in petitions for legal permanent residency through marriage demands a greater investigative
process of applicants, due to the potential of partaking in a fraudulent
marriage in order to expedite the immigration process.
record warrant the request for further information from the petitioner
or beneficiary. Until officers receive the pertinent information, the
investigation of the couple and the immigration proceedings are
suspended.
Once the criminal and immigration record of the petitioner and
beneficiary is complete, the officer examines the biographical data the
couple submits through the I-130. The I-130 asks questions such as
the dates of birth of the petitioner and beneficiary, where the beneficiary plans to live in the United States, and the last address at which
the couple lived together (Instructions for Form-130, Petition).
These questions may seem typical of a government form, however
officers scrutinize the answers for any inkling of fraud. For example,
couples whose dates of birth are several years apart (typically over six
years in age difference) are more closely examined than couples who
may only be three years apart. Officers investigate under the belief
that spouses who are closer in age are more likely to have a bona fide
marriage (Bernstein). A beneficiary who responds to the question
that asks where the spouse plans to live in the United States with
an address that is different than their spouse could encounter delays
in the investigation as it raises a red flag for fraud. USCIS officers
expect to see partners cohabitating before and after filing the I-130
(Bernstein). Officers make note of any discrepancy that they find in
the I-130 in order to discuss and verify their concerns with the couple
during the interview.
The U.S. Citizenship and Immigration Services (USCIS) is the

government agency responsible for investigating and interviewing
all petitioners of green cards through marriage. USCIS employs
immigration officers to conduct investigations and interviews of the
petitioners (U.S. citizens) and beneficiaries (alien spouses). Through
investigative methods, officers must identify individuals who pose as
couples, but are not in a bona fide marriage. USCIS uses the term
bona fide to describe a legitimate marriage. Through the use of an
investigative process that has adapted to the increase in petitions in
recent years, USCIS works to ensure that fraudulent marriages are not
only exposed, but prevented, and violators prosecuted.
The next step in the investigation process is the interview of the couple. Officers see many couples throughout each day and are trained
to make a decision on the legitimacy of the marriage based on several
aspects. The USCIS staff instructs couples to bring evidence that
documents their relationship. Evidence that helps to prove a marriage
is bona fide includes photographs of the couple and their respective
families, photographs from the marriage ceremony, correspondence
such as letters, instant messages, or e-mails, and any trip itineraries
(Chetrit 721). Officers learn to inspect all the evidence the couple
submits for any obvious signs of staged photographs. USCIS officer
Bryant Chisholm recalls viewing, photos of a couple lying in bed
on their wedding nightwhat normal couple would allow someone
to come into their room and photograph husband and wife in bed?
(Winston). Any sort of staged photographs, or photographs that are
supposed to show the couple over a period of time, but instead show
the couple in the same clothes in each photo, are an obvious clue to
officers that the marriage is not bona fide.
1. THE INVESTIGATIVE PROCESS

The path to receiving a green card through marriage begins when the
U.S. citizen files an I-130 petition for an alien relative. When USCIS
receives the petition, officers begin to investigate the petitioner and
beneficiary. Officers conduct criminal background checks on both
individuals, specifically to determine if the alien could pose a threat
to national security (Paulin). USCIS officers realize that an easy
way for a terrorist to legally enter and remain in the United States is
through marrying a U.S. citizen (Paulin). Beneficiaries must submit to fingerprinting at a USCIS field office in order to conduct the
criminal background check. Officers can also conduct a credit check
on the petitioner. In addition, officers check for any past immigration
history for both the petitioner and the beneficiary. An attempt in
the past to submit an immigrant visa petition for a different partner,
whether the petition was approved or denied, can indicate potential
fraud. Officers also search for any previous or current immigration
court proceedings involving the beneficiary (Paulin). Any suspicious findings by USCIS officers regarding a criminal or immigration
In addition, the couple can ask family and friends to write notarized
letters acknowledging the relationship for the interviewing officer to
read. Even these letters can be scrutinized for fraud. Diane McHughMartinez, an immigration attorney who has been in practice for over
twenty years, describes an instance in which the immigration officer
detected fraud. The couple had four affidavits from people who
have similar ethnic names, such as an African last name. The officer
20
FORENSICS JOURNAL
checked the database to see if those people had marriage cases. The
officer later said you have someone here by this name who is vouching
for your marriage and you wrote a letter vouching for his marriage
(McHugh-Martinez). The detection of a pattern can lead the officer to
believe there is a possibility of fraud. In a case such as this, the officer
searches for a connection between different petitioning couples.
tion investigation process (Poole 3). By knowing what to expect and

how to prepare for the investigation, couples who are not in a legitimate relationship are more likely to receive approval for their I-130
petition. Marriage brokers are an expensive, but are used to match
immigrants with a potential spouse who can petition for a green
card on their behalf. Marriage brokers assist immigrants who may
have overstayed their visas (such as a tourist or work visa), but want
to remain in the United States (Smith). The marriage broker finds a
U.S. citizen for the immigrant to marry in order to file the petition to
become a conditional resident. Usually, the marriage broker and the
U.S. citizen receive thousands of dollars in compensation (McHughMartinez). Using a marriage broker to find a spouse is not always a
guaranteed method to obtain immigration benefits, as the new spouse
is only assisting the immigrant for the monetary compensation.
Critical evidence used by officers to approve an I-130 petition are

documents showing the comingling of finances and assets (Chetrit
742). Couples prove the comingling of finances and assets by submitting bank statements, insurance policy forms, mortgage or lease
paperwork, and bills (electric, cable, water) that show the couple
live together and are financially connected. This evidence is crucial
to an immigration marriage investigation, as the documents prove
that the couple trusts one another with personal finances. However,
providing this evidence can be difficult in the instance where one
spouse has recently moved to the United States and was never issued a
social security number. Most banks and utility companies require an
applicant to have a social security number. These obstacles add to the
challenges USCIS officers and couples face when trying to adjudicate
an I-130 marriage petition (Chetrit 742).
Instead, many immigrants who have overstayed their visas may ask a
friend who is a U.S. citizen to marry them and petition for their green
card (Poole 3). Marrying a friend can make the investigation process easier since the couple already knows one another. During the
interview with a USCIS officer, the couple may appear more at ease
since they know many of the answers to the questions the officer may
ask, such as dates of birth or the names of parents (Paulin). Friends
posing as a married couple will have overall better body language than
an immigrant and a spouse that has been paid thousands of dollars.
After reviewing supplementary evidence, officers engage the couple

in simple discussions about their relationship. Officers typically ask
basic questions such as how the couple met, how long they have
been in a relationship, their dates of birth, and their parents names
(Chetrit 710). Besides answering the questions correctly, the officer
observes how the couple interacts with each other. The body language of the couple plays an important role in the adjudication of
the petition. Officers look to see if the couple is comfortable around
each other and to see if they truly appear to be a married couple. A
couple that appears uneasy and cold around each other may alert an
officer to potential fraud (McHugh-Martinez). If the couple is easily
able to answer the questions posed by the officer and appear to have
a normal marital discourse, the officer can inform the couple that he
approves the I-130 petition. If there are any signs of fraud from the
interview, whether the husband did not know the date of birth of his
wife, or the wife could not give an explanation as to how she met her
husband, the officer can choose to have the couple return in order to
separately interview each spouse (Chetrit 710).
In regards to creating documentary evidence of the marriage, couples

can be married at the local courthouse and have photographs taken
of the ceremony. If a couple is already friends, they are likely to have
photographs of themselves together through the years at different life
events. Letters confirming the marriage can be requested from friends
who understand and empathize with the situation of the immigrant
and want to help he or she stay, even if the relationship is not bona
fide. Documents proving joint assets are one of the more important
pieces of evidence (Chetrit 742). Couples can create a new bank
account together, yet keep their own personal accounts for security
reasons. While there are many ways a couple can attempt to evade
immigration laws and pass the interview process of a marriage investigation, USCIS officers are very skilled in detecting fraud (McHughMartinez). Body language is key to determining the legitimacy of a
marriage, sometimes proving to be more important than photographs
or letters (McHugh-Martinez). Most officers who have several years
of experience can distinguish between friends posing as a married
couple and married couples who are in love (McHugh-Martinez).
2. EVADING IMMIGRATION LAWS THROUGH MARRIAGE

USCIS created the immigration marriage investigation process in
order to detect fraud among couples who attempt to evade immigration laws by marrying a U.S. Citizen or permanent resident. Even
with the in-depth investigation process enacted by USCIS, there are
instances when petitioners and beneficiaries that are not in a bona
fide marriage wrongly receive immigration benefits. It is simply not
possible to detect every fraudulent marriage case. Couples are able
to evade immigration laws by studying and learning the immigra-
3. CHANGES SINCE THE IMMIGRATION MARRIAGE

FRAUD ACT
The investigative process has evolved since the 1980s. Prior to 2003,
the Immigration and Naturalization Services (INS) was the agency
responsible for conducting investigations for individuals petitioning
for green cards for their spouses (Moyce 2). During this period, an
21
INS official would review the petition and conduct the interview
of the petitioner and the alien spouse. The official would decide to
grant or deny the petition based on the review of the petition and the
interview. If the official felt the marriage was not bona fide, but a
sham marriage, after reviewing the findings, the petition was denied
(Moyce 2).
submit any other petitions on behalf of immediate relatives to receive

immigration benefits (McHugh-Martinez).
4. THE DEVELOPMENT OF THE FRAUD DETECTION AND
NATIONAL SECURITY DIRECTORATE
In 2004, USCIS created the Fraud Detection and National Security
Directorate (FDNS) to, strengthen efforts to ensure immigration
benefits are not granted to individuals who pose a threat to national
security or public safety, or who seek to defraud our immigration
system (Instructions for Form-130, Petition). The goal of FDNS is
to assist USCIS officers in detecting fraud in the application process.
By assisting in early detection, FDNS helped streamline the processing of legitimate petitions. FDNS made the application process more
efficient by investigating any responses to questions regarding background information that raise concerns. FDNS uses law enforcement
and intelligence agencies such as U.S. Immigration and Customs
Enforcement to conduct any additional research of a petitioner or
beneficiary (Instructions for Form-130, Petition). The objectives of
FDNS are to ensure immigration benefits are not given to fraudulent
beneficiaries, as well as guarantee that those who deserve and have
properly applied for immigration benefits do receive them (Instructions for Form-130, Petition).
In 1986, Congress became concerned with the reported increasing

rates of marriage fraud and decided to revise the immigration petition
procedure (Moyce 3). Congress passed the Immigration Marriage
Fraud Amendments (IMFA) as a way to detect fraudulent marriages
by testing the longevity of the relationship (Poole 1). The IMFA
amended the Immigration and Nationality Act by creating the conditional green card. The conditional green card was a significant change
to the past petitioning system. Instead of granting an immediate
legal permanent residency status to an alien spouse whose marriage is
less than two years old at the time the petition is approved, the alien
spouse becomes a legal conditional resident for a two year time period.
The conditional green card is not applicable to an alien spouse who has
been married to their U.S. citizen spouse for over two years (Poole 2).
In order to have the conditional status lifted from the green card,
the immigrant spouse must file with their spouse 90 days prior to
the expiration date of the conditional green card. The couple must
prove that they are still in a bona fide relationship by submitting
documentary evidence as they had in the initial interview (McHughMartinez). Officers select various couples at random to interview as
a form of auditing. Not all couples are interviewed when they file for
the removal of conditions from the green card (Poole 2). If a couple
chooses to not file or forgets to file to have the conditions removed,
the green card will expire at the end of the two year period and the
immigrant spouse can face deportation proceedings (Poole 2).
FDNS is responsible for conducting site visits for immigration applicants. The program uses unannounced site visits as a way to verify
information submitted in I-130 petitions. Officers conduct both
pre- and post- adjudication site visits at random (Instructions for
Form-130, Petition). Site visits for purposes of investigating marriage
petitions usually take place at the home. Many officers refer to home
visits as bed checks, meaning the officer is looking to see both spouses
living in the same residence (Bernstein). Site visits to a couples home
may seem intrusive, however in many cases, the visit can assist in proving a marriage to be bona fide. In addition, the site visits can help
deter others from attempting to commit immigration fraud. During a
site visit, the immigration officer may take digital photographs, speak
with those inside the home or neighbors of the couple, and review
the information submitted with the petition in order to verify that
it matches the actual location. If an officer finds potential proof of
fraud, he or she can forward the case to ICE officers for a possible
criminal investigation (Instructions for Form-130, Petition).
In addition, the Immigration Marriage Fraud Act introduced criminal

penalties to individuals who attempt to defraud the USCIS by entering into a sham marriage for immigration purposes (Department of
Justice). According to the Department of Justice, Marriage fraud has
been prosecuted, inter alia, under 8 U.S.C. 1325 8 U.S.C. and 18
U.S.C. 1546(a). The Immigration Marriage Fraud Amendments
Act of 1986 amended 1325 by adding 1325(c), which provides
penalty of five years imprisonment and a $250,000 fine for any individual who knowingly enters into a marriage for the purpose of evading any provision of the immigration laws. Prosecution is usually
only pursued for those who are part of an immigration marriage fraud
ring or who attempt to repeatedly defraud the U.S. government, such
as a marriage broker. Couples who act on their own and lie to USCIS
officers can still expect repercussions, however, very rarely do they face
prosecution in a federal court (McHugh-Martinez). Instead, USCIS
officers work with U.S. Immigration and Customs Enforcement
(ICE) in order to begin deportation proceedings for the alien spouse,
and the U.S. citizen or legal permanent resident is not allowed to
5. SOCIAL NETWORKING AND IMMIGRATION

INVESTIGATIONS
Since the early 2000s, social networking has become a popular trend
in technology. Social networking is the use of Internet sites such as
Facebook, MySpace, and Twitter, to share details about an individuals
life through photographs, messages, and postings by the user. These
sites broadcast personal information to the masses unless the user
restricts what is seen through privacy settings. Recently, immigration
22
FORENSICS JOURNAL
and law enforcement officers have begun using social networking sites
to investigate persons of interest (Chetrit 720). Facebook is the most
commonly used site for investigations due to its popularity and easy
search options.
the statistic given regarding marriage fraud was completely false (Winston). Immigration marriage fraud is not nearly as prevalent in the
United States as society may think, however it does exist. Over the
years, USCIS has enacted different measures in attempts to prevent
immigration marriage fraud, but there are ways that USCIS could
further decrease the amount of fraudulent I-130 petitions.
In 2008, a memorandum written by FDNS, entitled Social Networking Sites and Their Importance to FDNS was released. The
memorandum suggested USCIS officers create fake accounts in order
to search for couples to add as friends on sites such as Facebook.
By having access to a profile of the spouse, the officer can see their
photographs, relationship status, current city, and other personal
information. Officers can verify that the spouse is listed as married
and that their photographs reflect an individual engaged in an exclusive relationship.
Even though the Immigration Marriage Fraud Act of 1986 was developed after false reporting by the INS Commissioner Alan Nelson, the
IMFA created a program of conditional residency which helped to
detect and prevent fraud in marriage petitions (McHugh-Martinez).
The change from receiving immediate legal permanent resident status
to conditional resident status permitted checkpoints to be established
on the path to naturalization. The two year conditional approval
helped prevent fraudulent marriage petitions because U.S. citizens
realize that assisting an immigrant who has paid them or an immigrant friend who needs a favor, is no longer a quick process of getting
married and filing the petition. Instead, the potential fraudulent
marriage takes much more of a commitment on the part of the U.S.
citizen. The ruse must be maintained for over a two-year time period,
as the couple committing the fraudulent marriage must file a new
petition to have the conditions lifted from the green card of the beneficiary (Poole 1). By filing the new petition, the couple may be asked
to return for another interview. The couple will have to provide the
same sort of documentary evidence to the USCIS officer as they did
during in the initial interview in order to prove that they are still married (McHugh-Martinez). The officer asks the couple similar questions as during the first interview to confirm that the relationship is
bona fide. If the couple does not file to have the conditions removed
from the green card or are not approved for permanent residency at
the interview, the immigrant spouse will no longer have legal status
in the United States and deportation proceedings can begin soon
thereafter (Poole 2). In cases such as these, the consequences that the
fraudulent couple endures can be used as a deterrent to other immigrants who might consider marrying for a green card.
The memorandum generated negative publicity for USCIS and other

investigative government agencies. Due to its lack of guidance, the
memorandum does not inform officers whether they must reveal to
their new friends that they are in fact affiliated with the government
(Chetrit 729). Many critics feel that creating fake accounts in order
to investigate spouses crosses the line of marital privacy. However, as
USCIS stated in the memorandum, In essence, using MySpace and
other like sites is akin to doing an unannounced cyber site-visit on
petitioners and beneficiaries (Instructions for Form-130, Petition).
In these cases of unannounced cyber site visits, social networking sites
have made the USCIS officers task easier. Officers conduct fewer inperson site visits and instead rely on Facebook or MySpace profiles for
information verification (McHugh-Martinez).
The leaked FDNS memorandum reveals important issues regarding the use of social networking sites in immigration marriage fraud
investigations. By considering the review of a Facebook or MySpace
profile the same as an unannounced site visit, officers are assuming
that what an individual posts is the truth. In addition, officers assume
that how an individual behaves on their profile is how he or she will
act in daily life (Chetrit 729). These assumptions can be untrue and
costly to those involved in an immigration marriage fraud investigation. For example, a petitioner who does not update their profile and
has very liberal privacy settings may project to the public that they
are not married, or even in a relationship, when in reality they may
have just lost interest in social networking sites and have discontinued
their use prior to meeting or marrying their spouse. Officers cannot
assume that the profile they are viewing actually belongs to that person. Many profiles on social networking sites are not legitimate and
are created by imposters. Therefore, officers should not fully rely on
social networking sites as a substitute for a site visit (Chetrit 731).
The conditional residency process may seem like a burden to couples

who feel that they have already proven their relationship to be legitimate, however this is the exact reason for the additional step. The
removal of conditions is another obstacle for aliens in the quest to
naturalization. The conditional residency has been seen as so effective
in preventing marriage fraud that other countries such as the United
Kingdom, Australia, and most recently Canada (in October 2012),
have adopted such measures (The Jig Is Up on Marriage Fraud).
These countries have faced issues with increased immigration marriage
fraud due to the desirability and benefits of becoming residents and
eventually citizens. The conditional measure improved immigration
and continues to assist in preventing fraud. The measure gives USCIS
the opportunity to catch those who committed marriage fraud in the
initial immigration process and stops the fraudulent applicants from
receiving full naturalization benefits.
6. IMMIGRATION MARRIAGE FRAUD PREVENTION

In 1985, INS Commissioner Alan Nelson testified before the U.S.
Senate that 30 percent of I-130 applicants attempted to commit
immigration marriage fraud (Winston). The INS later confessed that
23
become a legal permanent resident (De Armas 6). Currently, most

fraudulent marriage cases discovered result in the immigrant spouse
entering into deportation proceedings. USCIS should consider
harsher penalties such as consistent prosecution for U.S. citizens who
participate in fraudulent marriage petitions (Thomas 1). Pursuing
prosecution may deter other U.S. citizens who may be considering
assisting someone in filing a fraudulent petition.
6. FRAUD PREVENTION THROUGH PROSECUTION

The consequences for U.S. citizens who file immigration marriage
petitions for alien spouses in a fraudulent marriage should be more
severe. Currently under the IMFA, U.S. citizens can be imprisoned
for up to five years and receive a $250,000 fine for knowingly entering into a marriage for the purpose of evading any provision of the
immigration laws (Department of Justice). While incarceration and
fines are potential punishments for U.S. citizens, they are not used
frequently in single cases of immigration marriage fraud (McHughMartinez). If USCIS turned more marriage fraud cases over to ICE
to pursue the prosecution of U.S. citizens found in violation of 8
U.S.C. 1325(c), it could prevent immigration marriage fraud cases
in the future, as U.S. citizens may not risk imprisonment to help
an immigrant friend. The current immigration system punishment
policy for a U.S. citizen is weak. When USCIS believes a petitioner
is assisting in a one-time case of immigration marriage fraud (as
opposed to a marriage fraud ring or scheme), they want the petitioner to confess to the officers about the illegitimate relationship and
fraudulent I-130 petition in order to begin deportation proceedings
for the immigrant (McHugh-Martinez).
The investigative process of immigration marriage fraud by USCIS

officers is a lengthy and time-consuming procedure that when completed successfully, detects immigrants and their U.S. citizen spouses
attempts to defraud the United States government. It is impossible to
detect all immigration marriage fraud, however USCIS has a program
in place that is capable of detecting and preventing many fraudulent
marriage petitions.
REFERENCES
Bernstein, Nina. Without Guns or Raids, a Tiny Squad of Officers
Homes in on Visa Fraud. New York Times 17 July 2007: 1. Print.
Chetrit, Samantha L. Surviving an Immigration Marriage Fraud
Investigation - All You Need Is Love, Luck, and Tight Privacy Controls. Brooklyn Law Review (2012): 709-43. LexisNexis Academic.
Web. 6 Feb. 2013.
7. EVALUATION AND CONCLUSION

Overall, the program USCIS currently has in place to investigate
immigration marriage fraud cases is effective. From the beginning
of the process in which the petitioner files the I-130 petition on
behalf of the beneficiary alien spouse, to the interview portion where
USCIS officers review documentary evidence to determine whether
the marriage of the couple is bona fide, officers use a thorough process
of background and database checks to ensure the alien spouse does
not pose a national security threat and should be allowed to remain
in the United States (Paulin). In cases of suspected fraud, USCIS
officers conduct a methodical investigation where they gather evidence against the couple to prove the relationship is not legitimate
(McHugh-Martinez).
De Armas, Marcel. For Richer or Poorer or Any Other Reason:

Adjudicating Immigration Marriage Fraud Cases within Scope of the
Constitution. American University Journal of Gender, Social Policy &
the Law (2007): 1-8. LexisNexis Academic. Web. 6 Feb. 2013.
DHS Office of Immigration Statistics. U.S. Legal Permanent Residents: 2010. By Randall Monger and James Yankay. N.p.: n.p., 2011.
Department of Homeland Security. Web. 7 Feb. 2014. <http://www.
dhs.gov/xlibrary/assets/statistics/publications/lpr_fr_2010.pdf>.
Instructions for Form-130, Petition for Alien Relative. 18 Dec.
2012. PDF file.
The changes made in 1986 by the enactment of the Immigration Marriage Fraud Act improved the previous process by granting immigrant
spouses conditional residency as opposed to permanent residency.
The new change forces spouses to file a second petition requesting the
removal of the residency conditions two years after the initial petition was granted (Poole 1). In addition, USCIS developed the Fraud
Detection and National Security Directorate in order to better assure
that only deserving immigrants received immigrant benefits. FDNS
uses site visits as an investigative tool to detect fraud in immigration
marriage petitions (Instructions for Form-130, Petition).
The Jig Is Up on Marriage Fraud, says Minister Kenney. Government

of Canada. N.p., 26 Oct. 2012. Web. 27 Apr. 2013. <http://www.cic.
gc.ca/english/department/media/releases/2012/2012-10-26.asp>.
Marriage Fraud. Department of Justice. n.d. Web. 7 February 2013.
McHugh-Martinez, Diane. Personal interview. 20 Feb. 2013.
Moyce, David. Petitioning on Behalf of an Alien Spouse: Due
Process Under the Immigration Laws. California Law Review 74.5
(1986): 1-12. LexisNexis Academic. Web. 16 Feb. 2013.
Prevention of immigration marriage fraud has expanded since the

IMFA. The removal of conditions has served as a fraud prevention
measure due to the greater obstacles and longer waiting period to
Paulin, Joshua Daley. Fraudulent Marriages in Immigration Cases.

GPSOLO 2010: n. pag. Web. 6 Feb. 2013. <http://www.americanbar.
24
FORENSICS JOURNAL
org/newsletter/publications/gp_solo_magazine_home/gp_solo_magazine_index/paulin.html>.
Poole, Heather L. The Quickest Way To a Green Card Is Harder
Than You Think. Orange County Bar Association. July 2007. 1-6.
LexisNexis. Web. 6 February 2013.
Smith, Van. Maryland Immigration Attorney Pleads Guilty to
Sham-marriage Conspiracy. CityPaper. Baltimore City Paper, 11
Jan. 2012. Web. 6 Feb. 2013. <http://citypaper.com/news/marylandimmigration-attorney-pleads-guilty-to-sham-marriage-conspiracy-1.1255644>.
Social Networking Sites and Their Importance to FDNIS. Memo.
20 July 2010. Electric Frontier Foundation. Web. 7 Feb. 2013.
<https://www.eff.org/files/filenode/social_network/DHS_CustomsImmigration_SocialNetworking.pdf>.
Thomas, Brian. Prosecuting Sham Marriage Under 18 U.S.C. 1546:
Is Validity of Marriage Material? Suffolk Journal of Trial & Appellate
Advocacy. 2006. 1-5. LexisNexis. Web. 10 February 2013.
U.S. Census Bureau. Statistical Abstract of the United States: 2006.
125th ed. Washington, DC, 2005. Google eBook file.
Winston, Ali. Marrying for Love? Youll Have to Prove It. City
Limits. n.p. 28 July 2008. Web. 8 February 2013.
SARA TORRES is currently pursuing a
Masters degree in Forensic Studies with a
concentration in Investigations from Stevenson
University. She completed her undergraduate
studies in 2009 at Towson University,
graduating magna cum laude with a BA in
Sociology/Criminal Justice and Spanish. Sara
works in the Protective Services Division at
NASA Goddard Space Flight Center.
25
How Forensic Science Has Influenced Wildlife

Investigations
Megan Ansberry
The legality of wildlife killings depends not only on the species, but
also the circumstance of the killing as killing animals is not always
illegal. In order to determine the legality of a case, wildlife investigators first have to answer three questions: What species is the victim?
Was the killing legal or illegal? And if illegal, who committed the
crime? Wildlife forensic scientists often find that the first question
is the hardest one to answer. The potential victims of wildlife crimes
include tens of thousands of species. Although wildlife forensic
investigators may use traditional forensic techniques to answer the
question of who committed the crime; they must constantly develop
new methods and techniques in order to determine the species and
legality of the killing.
Arising from this international conference was a global treaty to

protect wildlife, the Convention on International Trade in Endangered Species of Wild Fauna and Flora, (CITES) (What is CITES).
CITES made it unlawful to internationally trade any wildlife that may
be threatened or exploited by illicit trade (What is CITES). CITES
was initially signed in 1973 by 80 nations and today 178 nations
voluntarily enforce CITES (What is CITES). The Endangered
Species Preservation Act was further amended in 1973 and renamed
the Endangered Species Act so as to include implementation of
CITES (Endangered Species Act). CITES outlines different levels
of protection depending on the threat levels to each species in various
Appendices. Species in CITES Appendix I are the most endangered,
and thus have the most protection as they may not be imported for
commercial trade. Species in CITES Appendix II are not necessarily
threatened, but may become threatened in the future if they are not
currently protected. Lastly, species in CITES Appendix III are listed
because they are protected by one of the countries participating in
CITES and said country requested international protection as well
(Appendices).
Conservatively, illegal wildlife trading nets approximately $20 billion

a year worldwide, with only illicit drugs and weapons sales earning
a higher profit (Neme xii). Wildlife poaching, trafficking, and trading are highly lucrative businesses. For instance, poachers can earn
$1000 a gram for a rare animal part, which is twenty times the profit
of heroin (Neme xii). Whether it is selling a part to be used in the
fashion industry, traditional Chinese medicine, or as art, the profit
margin is high. Prior to the establishment of the National Fish and
Wildlife Forensics Laboratory in 1988, wildlife crimes were difficult
to investigate and even more difficult to prosecute (About the Lab).
These two factors combined with high profits created the perfect business for wildlife criminals.
The aforementioned treaties are a few examples of the federal and

international laws which protect wildlife and implement a conservation effort. Only animals covered by a state or federal law (including
all species on the endangered and threatened lists) are illegal to kill.
However, many unprotected animals require a permit to hunt, kill,
and/or take. Consequently, without a valid permit even an animal
that is not legally protected would be illegal to hunt, kill and/or take.
Therefore, it is imperative that any wildlife investigator understands
the law and knows which species may or may not be protected and
thus the legality of actions affecting the animal.
Humans have always posed a threat to animals. Animals, plants, and

their respective habitats are already threatened because of climate
change and legal human activity. Poaching further threatens their
lives and well being. Endangered and threatened species require protection from illegal killing, trading, and trafficking to save them from
extinction. To protect these threatened animals, Congress enacted the
Lacey Act in 1900, which was the first federal law to protect animals.
The Lacey Act made it unlawful to transport any wildlife or wildlife
product acquired in violation of state law (Jackson 16).
The United States Fish and Wildlife Forensic Laboratory is responsible

for assisting the Special Agents and Wildlife Investigators who enforce
the federal wildlife laws. (Science Professionals). A wildlife forensic
scientists duties are similar to those conducted by traditional forensic
scientists who work on human cases i.e. conducting crime scene investigations, determining cause of death, and linking the suspect to the
crime scene. The U.S. Fish and Wildlife Forensic Laboratory is comprised of five different units: Morphology, Genetics, Pathology, Criminalistics, and Chemistry (Science Professionals). These units are
typically seen in traditional forensic laboratories, with the exception
of morphology. The morphology unit is responsible for identifying
the species of the victim through comparative anatomy techniques
(Morphology Unit). The morphology unit is comprised of experts
in the fields of: herpetology (reptiles and amphibians), mammalogy
(mammals), and ornithology (birds) (Morphology Unit). Each
expert is knowledgeable and experienced in not only the morphology
of the animals in his or her field, but also the evolution and taxonomy
of the animals. The experts also have specific analytical skills unique
to their field and the animals within their field (Morphology Unit).
While the Lacey Act was the first federal law to protect wildlife, it certainly was not the last. The Migratory Bird Treaty Act was enacted in
1918 and made it unlawful to kill, take, or possess any migratory birds
including nests and eggs (Migratory Bird Treaty Act). The Bald Eagle
Protection Act of 1940 made it unlawful to kill or possess the bald
and golden eagle (Bald Eagle Protection Act of 1940). The Marine
Mammal Protection Act of 1972 made it unlawful to kill, possess,
or import any marine mammal without a permit (Marine Mammal
Protection Act). As a way to protect endangered species, Congress
passed the Endangered Species Preservation Act of 1966, which made
it unlawful to kill, take, possess, or transport any endangered or threatened species. This Act was amended in 1969 to combat a global issue
thus making it unlawful to import endangered species into the United
States; it also called for an international conference on the worldwide
protection of endangered species (Endangered Species Act).
26
FORENSICS JOURNAL
The first task a wildlife investigator is faced with is to determine the

species of the victim. The evidence may be in the form of a dead
body, and therefore obvious because of the animals appearance, size,
and shape. Conversely, it may be obscure and in the form of jewelry,
where appearance, size, and shape are of little help to investigators. In
the case of the latter, the wildlife investigator would send the evidence
to the U.S. Fish and Wildlife Forensic Laboratorys Morphology Unit.
Some legally protected species have similar characteristics to that of
an unprotected species. For example, different bird species may have
similar looking feathers; elephant tusks at first glance appear similar to
a mammoths tusks; and a bears inner organs may be indistinguishable
from other unprotected species (Neme). Approximately 75% of the
U.S. Fish and Wildlife Forensic Laboratorys work is species identification. Without the forensic science techniques to confirm the species,
investigators would have no way to determine what species the part
came from and therefore the legality of the trade.
Wildlife forensic scientists use and adapt the universally accepted

DNA techniques to fit their needs of identifying the species of the
victim.
DNA can be found in the nucleus of all cells, called nuclear or
genomic DNA and in the mitochondria, called mitochondrial DNA
or mtDNA. DNA analysis can be performed on an individual level
or at the species level (Rao). Species identification using genomic
DNA uses a specific nucleotide sequence known to vary between
species, and if two samples have the same or similar sequences they
are from the same species (Wildlife Crime). DNA fingerprinting
works because of the variations found within certain fragments of
DNA that are known to be hyper-variable (Rao). DNA sequencing
only works with certain cases. In order to positively identify a species
with DNA sequencing, the laboratory has to have a reference sample
to compare the two sequences. Consequently, the laboratory needs to
maintain thousands of reference samples, one for each protected species, in order to identify them through DNA sequencing (Neme 196).
Although reference samples can be hard to obtain, the U.S. Fish and
Wildlife Forensic Laboratory has 40,000 samples (Neme 196). If the
case involves a species that the laboratory does not have a reference
sample for, another species identification method must be utilized.
Wildlife forensic scientists have to conduct extensive research in order

to establish methods and protocols (for positively identifying species)
which are then accepted in a court of law. There may be only a small,
indistinguishable animal part or byproduct which is available for
analysis. One of the first established protocols for identifying a species
won the U.S. Fish and Wildlife Forensic Laboratory an international
award (Our Labs Timeline). A scientific method for identifying
ivory had to be established concerning the unlawful import of African
elephant ivory as set forth in the African Elephant Conservation Act
of 1989. This Act made it unlawful to import or export any African
elephant ivory or product after 1989 (Jackson 17). Criminalists Dr.
Ed Espinoza and Mary-Jacque Mann developed a legally accepted
scientific method to distinguish the ivory of an elephants tusks from
that of a mammoths tusks (Jackson 29). Mammoths are extinct and
thus cannot be harmed or threatened; however, their tusks remain
fossilized in the earth and accessible for trade. Mammoths tusks are
legal to trade because there is no harm to the animal itself (Jackson
29). Espinoza and Mann used a scanning electron microscope and
measured the angles of Schreger lines, which are the lines formed on
the ivory tusks. They concluded that the angles of the Schreger lines
were different between elephants and other animals. In their analysis,
they concluded that if the average of the Schreger lines angles was
greater than 100 degrees, the ivory was from an elephant, and if the
average of the angles was less than 100 degrees, it was from a mammoth (Natural Ivory). Espinoza and Manns analysis may be used in
future elephant poaching and ivory cases.
mtDNA is circular in form and contains more copies within the

mitochondria than just the two copies of nuclear DNA found in the
nucleus (Houck and Siegel 282). Thus, mtDNA persists longer than
nuclear DNA and can often be used in analyses when nuclear DNA is
degraded or the sample size is too small. mtDNA is only passed down
from the mother, unlike nuclear DNA where the offspring receives a
copy from the mother and father (Houck and Siegel 282). Therefore,
mtDNA genes are useful in species identification because there is little
intraspecies diversity (Dawnay et al. 1). Several research methods
have been developed to use mtDNA analysis in wildlife forensics.
The cytochrome oxidase I gene (COI) and cytochrome b are the most
commonly used genes in mtDNA species identification (WilsonWilde et al. 233). In order for these analyses to work, a reference
database is used to compare the unknown sample with a known
species sample. Currently, researchers in Australia are sequencing the
COI in all living species in order to create a barcoding database
(Wilson-Wilde et al. 234-235). Upon completion, this database
will enable wildlife forensic scientists all over the world to positively
identify all species using the COI gene (Wilson-Wilde et al. 235).
The researchers used the COI gene because it is a shorter sequence
than the cytochrome b gene, has a wide range of primers available
for sequencing, and changes within the gene are not as rapid as with
the cytochrome b gene (Wilson-Wilde et al. 234). The COI gene
also enables scientists to identify the sample down to the species level
(Wilson-Wilde et al. 234). A study was conducted on the validity of
the COI barcode database and researchers concluded that while it is
an accurate method of species identification, there were an inadequate
Deoxyribonucleic acid, more commonly known as DNA, is the

molecule found in cells of all living things that make them unique.
There are several different DNA analysis techniques and methods,
which are used in traditional human forensic science to link a suspect
to the crime scene. In wildlife forensics, these DNA techniques and
methods may also be used to link a suspect with the crime scene, but
are more commonly used in species identification (Wildlife Crime).
27
number of reference samples. However, even with DNA degradation

of samples, the COI gene could still be sequenced after four weeks
(Dawnay et al. 4). Therefore, even with a degraded sample, if a reference sample is available in the database, scientists may still be able to
identify the species using the COI mtDNA gene.
for its gall bladders (Neme 73). The fact that gall bladders are one
of the most profitable animal products, coupled with the fact that
a layperson may not be able to distinguish a bear gall bladder from
another animals gall bladder, creates an opportunity for traders to sell
counterfeit bear gall bladders. In order to prosecute someone for killing the bears and trading their gall bladders, scientists needed to prove
the gall bladders were in fact from the protected black bears. Due to
the corrosive nature of the bile salts contained within the gall bladders, scientists cannot perform DNA analysis (Neme). As a result,
the wildlife forensic scientists had to develop an alternative method to
distinguish bear gall bladders from other species gall bladders.
Researchers in India were able to sequence a mitochondrial rRNA

gene fragment from a suspected tiger sample. They used this region
because it is highly variable between species and can be conducted on
a variety of different species (Prakash et al. 1240). In their analysis,
they concluded that the skin sample was not in fact tiger, but positively identified the sample as cattle (Prakash et al. 1240 ). While
this was not what the researchers expected to conclude, their research
is important because they were able to positively identify a severely
processed, decomposed, and therefore degraded skin sample using
mtDNA analysis (Prakash et al. 1240). In a separate study, scientists
were able to extract mtDNA from a sample of just a few bird feather
barbs (Speller et al. 1). The scientists used both fresh and degraded
samples from four separate bird species. They were able to sequence
and positively identify each species with only two to five feather barbs
(Speller et al. 1). This study is important for two reasons. First,
feather evidence may be limited and with this technique the scientists
do not have to destroy or use the entire feather in order to positively
identify the species (Speller et al. 2). Second, part of the feather
may be damaged and/or destroyed prior to submission; however,
scientists can still analyze and identify the species. Even if the feather
and nuclear DNA is degraded, scientists may be able to sequence
the mtDNA and identify the species with only a minimal amount of
sample using this method.
Scientists at the U.S. Fish and Wildlife Forensic Laboratory were able
to develop a method of positively identifying the bear gall bladders
by the high levels of ursodeoxycholic acid, which is the very reason
bear gall bladders are desired in the first place. The wildlife forensic
scientists used a technique commonly used in traditional forensic
science, high performance liquid chromatography (HPLC). HPLC
separates molecules out by size creating a chromatogram, which is a
color-coded chemical profile. This profile or chromatogram indicates
which molecules and chemicals are present in the sample by the colors
displayed (Neme 101). Each unknown sample was tested along with
a known bear gall bladder sample with which to compare the chromatogram. To ensure the accuracy of the test, the wildlife scientists
also performed a more sensitive test, Thin Layer Chromatography or
TLC. TLC works in a similar manner to HPLC by separating molecules in a mixture based on the size of the molecules. The scientists
determined the chromatogram for the bear gall bladder samples had
three distinct peaks corresponding to the high levels of ursodeoxycholic acid, chenodeoxycholic acid, and cholic acid (Neme 102). With
the results from the HPLC and TLC tests, the scientists realized that
their method of positively identifying bear gall bladders worked;
however, in this case their unknown samples did not have the three
distinct peaks and therefore were not bear gall bladders (Neme).
Processed samples are common in wildlife crimes because the animal

part is often used for various purposes. Many times the animal part
is no longer recognizable as it may have been carved, dyed, ground
up, etc. These processes may have a negative effect on the DNA, and
analysis of nuclear DNA may be difficult to achieve. Being able to
analyze these products with DNA sequencing is important because
traditional morphological techniques may not be useful if the animal
part is not recognizable, and there are no other available identification
methods. Moreover, the International Society for Forensic Genetics
has approved DNA sequencing for forensic wildlife identification
(Ogden et al. 181).
This case demonstrated the importance of being able to develop a

scientifically accepted method of identifying bear gall bladders. Even
though their samples did not prove to be bear gall bladders, their
analysis worked and demonstrated the ability to positively identify
bear gall bladders from those of other species. This analysis will be
useful in investigating and potentially prosecuting future bear gall
bladder investigations. Wildlife forensic scientists need to continuously develop unique methods of positively identifying different
protected species.
Even in cases when a reference sample is available for comparison,

DNA sequencing may not work. Bear gall bladders are commonly
used in traditional Chinese medicine. Ounce for ounce, bear bile is
one of the highest-value commodities on the black market (Neme
74). The Asiatic black bear was the most common source of bear gall
bladders, however, all of Asias bear species have been targeted for
their gall bladders (Neme 72). The decline in Asian bear populations
caused them to be placed in CITES Appendix I. With the Asian
bears protected, the North American black bear became threatened
Knowing whether a crime has been committed is the first step in

any investigation. Most of the time the wildlife forensic scientists
need to identify the species of the victim in order to determine if a
crime has been committed; however, this may not always be the case.
Some protected animals are legal to kill in certain circumstances. For
instance, Native Alaskans are able to legally hunt walrus for subsis-
28
FORENSICS JOURNAL
tence (Espinoza et al. 104). Special Agent Al Crane, of the United

States Fish and Wildlife Service, witnessed a scene in rural Alaska
where hundreds of deadless walrus had washed ashore (Neme 7). Special Agent Crane knew what species the victim was, a walrus; however,
he needed to further investigate the circumstance of the killing in
order to determine whether it was an illegal act.
ent at different locations on each tusk or tooth (Nuke Test). Next,

they used an accelerated mass spectrometer to compare the levels of
carbon-14 to carbon-12. The scientists could determine when the
animal died by the carbon-14 levels present at the most recent tissue
formed on the tusk (Nuke Test). They concluded that their method
could determine if an animal died prior to 1955 because of the low
levels of carbon-14 due to pre-nuclear testing, and could determine
death within one year after 1955 (Nuke Test).
For the walrus killings to be legal subsistence hunting, the investigators needed to prove the Native Alaskans killed the walrus, and that
no part of the walrus was wasted (Espinoza et al. 104). If during the
investigation the evidence proved wastefulness with only removal of
the tusks, then the walrus killings would be an illegal act. To be considered non-wasteful, the hunters would recover the blubber, flippers,
liver, heart, and ivory (Espinoza et al. 104). It would be impossible to
bring hundreds of walrus into the laboratory for examination. Thus,
the wildlife forensic scientists and investigators examined the walrus
carcasses and performed necropsies, or animal autopsies in the field.
As evidenced by the aforementioned cases, wildlife crimes may have

exceptional situations or difficulties compared to human crime scenes.
Prior to the determination that an illegal act has occurred, multiple
tests, analyses, and investigations have been performed. With the
knowledge provided by wildlife forensic scientists, investigators make
the determination whether to proceed with an investigation of a
wildlife crime. The uniqueness of wildlife forensics lies in the fact
that most of the activities are conducted prior to the identification of
the illegal act. Once the determination has been made that a wildlife
crime occurred, traditional forensic science methods of linking the
suspect to the crime scene may be employed.
The wildlife forensic scientists conducted various studies to effectively

determine the legality of the headless walrus killings. They looked
at the sea currents, previous studies of walrus decomposition, and
weathering of exposed bone in the climate in which the carcasses were
discovered (Espinoza et al. 104-111). Following their extensive studies, the scientists created five categories. The first category included
headless walrus with clean vertebrae, which indicated the head was
removed prior to the carcass washing ashore. The killing of the walrus
in this category would be illegal if no other meat or part was taken
from the walrus (Espinoza et al. 110). Throughout the course of the
investigation, they determined that 169 out of 249 walrus illegal
killings (Espinoza et al. 111). Categories II, III, and IV had various
stages of decomposition and conditions of the carcasses; all three were
indicative of legal hunting (Espinoza et al. 111). Category V included
carcasses that were too decomposed to properly and accurately analyze
and no determination on the legality of the killing could be inferred
(Espinoza et al. 111). The studies conducted by the scientists are
reproducible; therefore it was an acceptable method of determining
the legality of subsistence hunting.
The species identification methods the U.S. Fish and Wildlife Forensic
Laboratory have developed are fundamentally important to the field
of wildlife forensics. Without these methods, officers would be unable
to conduct proper investigations. Wildlife investigators depend
on the wildlife forensic scientists who conduct and adapt scientific
methods specific to wildlife crimes. Wildlife forensic science is dependent on the widely accepted analytical techniques used in traditional
forensic science. This is especially true when adapting the already
accepted DNA methods to species identification. Moreover, wildlife
forensic investigators employ traditional forensic science methods
of linking the suspect to crime scene and/or evidence on a routine
investigatory basis. Wildlife forensic scientists have used and adapted
many techniques from the field of human forensics. Being able to
adapt and create new and emerging investigatory techniques is critical to the field of wildlife forensics. With a continued focus on the
investigation and prosecution of wildlife crime and the advancement
of wildlife forensic techniques, wildlife forensics may even influence
new traditional forensics techniques in the future.
Many of the federal laws protecting species are effective only after
the date they were enacted. For example, the African Elephant
Conservation Act of 1989 made it unlawful to import or export any
African elephant ivory or product after 1989. Therefore the legality
of the import is contingent upon the 1989 date. If elephant ivory
was imported prior to 1989 it is legal. This may create a problem for
investigators and/or prosecutors because if a suspect knows the law, he
may claim he imported the ivory prior to 1989. Researchers developed a method using radioactive carbon 14 present in ivory tusks,
to determine the year the animal died (Nuke Test). Nuclear tests
conducted in the 1950s and 60s converted nitrogen into carbon-14,
significantly increasing the amount of carbon-14 in the atmosphere
(Nuke Test). Scientists measured the amount of carbon-14 pres-
REFERENCES
About the Lab. U.S. Fish & Wildlife Service: Forensic Laboratory.
U.S. Fish and Wildlife Service. n.d. Web. 20 Sept. 2013.
Appendices. Convention on International Trade in Endangered Species
of Wild Fauna and Flora. n.d. Web. 23 Sept. 2013.
Bald Eagle Protection Act of 1940. Digest of Federal Resource Laws
of Interest to the U.S. Fish and Wildlife Service. U.S. Fish & Wildlife
Service. n.d Web. 20 Sept. 2013.
29
Dawnay, Nick, et al. Validation of the Barcoding gene COI for Use
in Forensic Genetic Species Identification. Forensic Science International. 173. 1-6. 14 Feb. 2007. Science Direct. Web. 6 Oct. 2013.
Science Professionals. U.S. Fish & Wildlife Service: Forensic Laboratory. U.S. Fish and Wildlife Service. n.d. Web. 20 Sept. 2013.
Speller, Camilla, et al. Feather Barbs as a Good Source of mtDNA
for Bird Species Identification in Forensic Wildlife Investigations.
Investigative Genetics. 2.16. (2011): 2-7. Web. 3 Oct. 2013.
Endangered Species Act. U.S. Fish & Wildlife Service: Endangered

Species. U.S. Fish & Wildlife Service. n.d. Web. 20 Sept. 2013.
Espinoza, Edgar, et al. Taphonomic Indicators Used in Infer Wasteful Subsistence Hunting in Northwest Alaska. Anthropozoologica.
1997. 103-112. Web. 29 Sept. 2013.
What is CITES? Convention on International Trade in Endangered

Species of Wild Fauna and Flora. n.d. Web. 20 Sept. 2013.
Wildlife Crime: A Guide to the Use of Forensic and Specialist Techniques in the Investigation of Wildlife Crime. Department for Environment Food and Rural Affairs. Mar. 2005. Web. 28 Sept. 2013.
Houck, Max M., and Jay Siegel. Fundamentals of Forensic Science.

Burlington: Elsevier Academic Press, 2006. Print.
Jackson, Donna, M., The Wildlife Detectives: How Forensic Scientists
Fight Crimes Against Nature. Boston: Houghton Mifflin Company,
2000. Print.
Wilson-Wilde, Linzi, et al. Current Issues in Species Identification

for Forensic Science and the Validity of Using the Cytochrome Oxidase I (COI) Gene. Forensic Sci. Med. Pathol. June 2010. 6: 233-241.
Science Direct. Web. 6 Oct. 2013.
Marine Mammal Protection Act. The Marine Mammal Center. n.d.

Web. 20. Sept. 2013.
MEGAN ANSBERRy graduated from

the Ohio State University with a Bachelor
of Science in Microbiology and a Minor
in Forensic Science. She is employed by
the federal government and has worked
for them for the past four and half years.
She is currently enrolled at Stevenson as
a graduate student in Forensic Studies on
the interdisciplinary track and hopes to
graduate July 2014. She hopes to stay with
the federal government upon graduation,
and either work in the field of forensics or
investigations.
Migratory Bird Treaty Act. Digest of Federal Resource Laws of Interest

to the U.S. Fish and Wildlife Service. U.S. Fish & Wildlife Service. n.d.
Web. 20 Sept. 2013.
Morphology Unit. U.S. Fish & Wildlife Service: Forensic Laboratory.
U.S. Fish and Wildlife Service. n.d. Web. 20 Sept. 2013.
Natural Ivory. U.S. Fish & Wildlife Service: Forensic Laboratory. U.S.
Fish and Wildlife Service. n.d. Web. 20 Sept. 2013.
Neme, Laurel, A. Animal Investigators: How the Worlds First Wildlife
Forensics Lab is Solving Crimes and Saving Endangered Species. New
York: Scribner, 2009. Print.
Nuke Test Radiation Can Fight Poachers: Age and Legality of Ivory
by Carbon-14 Dating. Research From the U. The University of Utah.
1 July 2013. Web. 5 Oct. 2013.
Ogden, Rob, Nick Dawnay, and Ross McEwing. Wildlife DNA
Forensics -- Bridging the Gap Between Conservation Genetics and
Law Enforcement. Endangered Species Research 9.179-195 (2009):
179-95. Web. 3 Oct. 2013.
Our Labs Timeline. U.S. Fish & Wildlife Service: Forensic Laboratory. U.S. Fish and Wildlife Service. n.d. Web. 20 Sept. 2013.
Prakash, S., et al. Mitochondrial 12S rRNA Sequence Analysis in
Wildlife Forensics. Current Science. 78.10. (200) : 1239-1241. Web.
27 Sept. 2013.
Rao, Dr. G V. DNA Fingerprinting and Wildlife Forensics. Weblog
entry. The Writers Forensic Blog. 6 Apr. 2011. Web. 27 Sept. 2013.
30
FORENSICS JOURNAL
What are the Best Practices for Preventing,

Identifying and Investigating Arson by
Firefighters?
Christopher E. Allen
The fire station in the bucolic northern Vermont village of Albany was
destroyed by fire in August 2013. The town, whose closest mutual
aid department was forty minutes away, lost all of its fire apparatus. Immediately following the fire, Albany Fire Department Safety
Officer Elmer Joerg was interviewed by the media as Joerg was one
of the first volunteer firefighters on scene. During a rambling six
minute interview, Joerg told WCAX News how frustrated he was by
the crime and stated if somebody calls for help tomorrow I dont
know what were going to do (Reading). Within five days, Joerg
was arrested for setting the very fire that had frustrated him. Joerg
confessed after being captured on video surveillance setting the fire,
having used his personal access code to enter the station (Reading).
Further research revealed that a business and a house owned by Joerg
had previously burned (in separate incidents). The house fire resulted
in the death of Joergs father in law. Investigators planned on reopening both of these cases.
unpublished novel entitled Points of Origin, a book that authorities

said mirrored his own life as a firefighter and serial arsonist (Lee).
Some firefighter arsonists are lone wolves while others act in groups
or teams. One recent example of a lone firefighter arsonist was a
volunteer firefighter in New Hampshire arrested in September 2013
for setting multiple fires in February 2013 (Haas). A recent example
of a firefighter arsonist team is that of a current volunteer firefighter
and a former volunteer firefighter from the same department, who
were arrested in September 2013 for setting fire to a vacant factory
in Sellersville, Pennsylvania. Controlling and extinguishing the fire
required the response of 16 fire departments and 200 firefighters from
two counties (Domizio). A unique case involving a group of arsonist
occurred in the late 1990s, when a former volunteer firefighter was
attempting to secure his position back and encountered resistance
from the chief (United States Fire Administration 10). The former
volunteer firefighter and six active volunteer firefighters entered into
a conspiracy to burn a vacant house, thereby providing this former
firefighter an opportunity to call it in and regain the confidence of the
chief (United States Fire Administration 10). While setting the fire,
the former firefighter became trapped inside the house and died. The
six volunteer firefighters were arrested and convicted (United States
Fire Administration 10).
OVERVIEW OF THE PROBLEM

The firefighter arsonist is not a recent phenomenon. Archive searches
of major American newspapers from the late 1800s reveal headlines
including: Incendiary Fireman, Volunteer Firemen as Incendiaries
and Fireman Accused of Arson (Report on Firefighter Arson 8).
The fire service in the United States is comprised of career fire departments, combination fire departments (a mix of paid and volunteer
employees) and departments staffed solely by volunteers. The number
of volunteer firefighters in the United States declined by over 18%
between 1984 and 2011. The loss of volunteers has been attributed
to increased time demands, more rigorous training requirements, and
the proliferation of two-income families whose members do not
have time to serve as volunteer firefighters (Volunteer Fire Service
Fact Sheet 2). Due to the decline in volunteers, some fire departments have been reluctant to institute mandatory background checks,
even though background checks could potentially identify a firefighter
arsonist (Burton).
Identifying the actual number of firefighters arrested for arson each

year is problematic, as no national data collection system for documenting firefighter arson cases exists (Report on Firefighter Arson
4). However, analysis of media reports indicates that approximately
one hundred firefighters are arrested for arson each year in the United
States (Frankel). According to retired Bureau of Alcohol, Tobacco
and Firearms (ATF) Special Agent Daniel Hebert, who arrested at
least thirty firefighter arsonists during his federal law enforcement
career, Really, it goes on way more than anyone knows; we dont
really know about most of them (Frankel).
Fire Chief Thomas W. Aurnhammer, who has written and lectured
extensively about the firefighter arson problem, describes the issue as
nothing more than a cancer growing within some of our organizations (Aurnhammer). San Mateo, California Fire Department
Battalion Chief John Warren states any firefighters who maliciously start a fire are going against the very credo that we all honor in
our profession (Lee).
Most documented cases of firefighter arson are from volunteer fire

departments, which is not surprising since volunteers far outnumber
career members (United States Fire Administration 9). In addition,
many volunteer fire departments serve less populated areas, often
resulting in lower call volumes and fewer fires leading to both boredom
and a lack of opportunities to exercise firefighting skills and equipment. However, according to the FBIs National Center for the Analysis of Violent Crimes, probably the most prolific American arsonist of
the twentieth century was John Orr, a career fire department Captain
and Arson Investigator in California (Waumbaugh). Orr was ultimately convicted on both state and federal charges for setting multiple
fires over a period of two decades, including a fire in a home improvement store that killed four people, one of whom was a two year old
child (Waumbaugh). While committing his own crimes, Orr wrote an
MOTIVES AND PROFILES OF FIREFIGHTER ARSONISTS

What motivates a firefighter to set fires is a subject of great debate
(United States Fire Administration 6). The U.S. Fire Administration
defines motive as the inner drive or impulse that is the cause, reason,
or incentive that induces or prompts a specific behavior (United States
Fire Administration 6). The six general motives for fire setting include:
Excitement, Vandalism, Revenge, Profit, Extremist/Terrorism and
31
Crime Concealment. Examples of firefighter arson can be found in

each of the six motive categories (United States Fire Administration 6).
TABLE 1 - COMPARISON OF SOUTH CAROLINA FORESTRY

COMMISSION VS. FBI NCAVC PROFILES
The most frequent motives of firefighter arsonists include the need

to be seen as a hero, to practice extinguishing fires, or to earn extra
money (United States Fire Administration 6). Excitement was also
a common motive of firefighter arsonists (Burton). The Australian
Institute of Criminology found that when firefighters commit arson,
it was usually out of a desire for excitement or as a way of gaining
attention and recognition. Ken Cabe, author of a South Carolina
Department of Forestry study of firefighter arsonists, noted that
many firefighter arsonists belonged to fire departments that do not
respond to many calls. Cabe concluded that the firefighter arsonists
are excited, eager, and motivated and that the alarm doesnt sound
nearly often enough (Cabe). Matthew Hinds-Aldrich, an assistant
professor of fire science, and the lead author of the Report on the
Firefighter Arson Problem, concluded that some volunteer firefighters
illegally set fires out of boredom (Frankel).
SOUTH CAROLINA
FORESTRY COMMISSION
Limited scientific research exists about the profiles of firefighters

arsonists; however, two prominent studies have been conducted. One
was Cabes study; the second study was conducted by Tim Huff of the
FBIs National Center for the Analysis of Violent Crime (NCAVC).
Both studies drew from small samples of arrested and convicted
firefighter arsonists; sixty-six in Huffs research and eighty in Cabes
research (Report on Firefighter Arson16). The studies were
researched independently of each other yet were striking in their
similarities (Report on Firefighter Arson 16). However, one key
difference between the results was that the FBI profile showed most
firefighter arsonists worked alone, yet many of the South Carolina
cases involved several firefighters from a single department working
as a group to set fires (Cabe).
The profiles are limited by several factors, including the small number
of cases studied by each. In the vast majority of arson cases no one
is arrested, thus it is likely that many firefighter arsonists remain
undetected (Report on Firefighter Arson 16). As a result, Cabe and
Huff had to base their research on a small sample of known convicted
firefighter arsonists, not the entire population of actual firefighter
arsonists.
The South Carolina and FBI profile are listed for comparison purposes in Table 1 (United States Fire Administration 5).
32
FBI NCAVC
White male, age 17-26
White male, age 17-25
Product of disruptive, harsh, or

unstable rearing environment.
One or both parents missing

from home during childhood.
If from an intact home, the
emotional atmosphere was
mixed and unstable.
Poor relationship with father,

overprotective mother.
Dysfunctional. One of their

parents left home before the
child reached age 17. Cold,
distant, hostile, or aggressive
relationship with natural father.
If married, poor marital

adjustment.
Poor marital adjustment. If

not married, still living at home
with parents.
Lacking in social and

interpersonal relationship.
Lack of stable interpersonal

relationships.
Poor occupational adjustment,

employed in low-paying jobs.
Poor occupational adjustment.

Menial laborer, skilled laborer,
clerical jobs.
Fascinated with the fire service

and its trappings.
Interested in the fire service in

the context that it provides an
arena for excitement, not for the
sake of public safety.
May be facing unusual stress

(family, financial, or legal
problems.)
Alcoholism, childhood
hyperactivity, homosexuality,
depression, borderline
personality disorder, and
suicidal tendencies.
Average to above average

intelligence, but poor or fair
academic performance in
school.
Mixed findings on intelligence,

but most arsonists have been
found to have average to higher
intelligence. Poor academic
performance.
FORENSICS JOURNAL
There are firefighters who meet some or all of the traits described
above yet do not commit the crime of arson. Forensic psychologist
Rebekah Doley noted that the similarities between firefighters who
light fires and those who dont, emphasizes how difficult it is to spot
the threat from within (Report on Firefighter Arson 17). The
National Volunteer Fire Council described the South Carolina profile
and the FBI profile as popular in large part because they condense
a complex phenomenon into a succinct and straightforward chart
(Report on Firefighter Arson 17). However, many firefighter arsonists do not fall within the parameters of the two profiles and that
while firefighter arsonists may share some statistical similarities, they
are not homogenous (Report on Firefighter Arson 17).
The National Volunteer Fire Council developed several recommendations mirroring Martinezs. Their recommendations included: adopting firefighter arson prevention training programs on a national level;
conducting background checks and applicant screenings for all new
recruits; establishing zero-tolerance policies regarding fire-setting; and
empowering members to take a stand (Report on Firefighter Arson
27). The last point is critical as firefighter arson was not always
considered a bad thing by some firefighters and was actually viewed
as a rite of passage in some fire departments (Report on Firefighter
Arson 12).
A model training program called Hero to Zero was developed by
the Pennsylvania State Police. The program is required for all recruit
firefighters in the state (Martinez 66). The goal of the three hour
program is to reduce the rate of firefighter arsons through awareness
(Report of Firefighter Arson 25). Pennsylvania State Police Trooper
David Klitsch said the program has been credited with uncovering
cases of firefighter arson since its inception. Trooper Klitsch expected
to see an increase in the number of firefighters arrested for arson as
the fire service goes through a period of cleansing as a result of the
information gathered through this program and the action taken by
the students in identifying these criminal actions (Report on Firefighter Arson 25).
REDUCING THE LIKELIHOOD THAT A FIREFIGHTER WILL

BECOME AN ARSONIST
As noted earlier, retired ATF Special Agent Daniel Hebert estimated
that he arrested at least thirty firefighter arsonists during his career.
Hebert and Rick Jones, a retired state fire investigator in Louisiana,
developed a program called Secrets in the Firehouse and now travel
together throughout the United States, discussing the firefighter
arson problem (Hebert and Jones). Several convicted felons (former
firefighters whom Hebert arrested for arson,) often travel with Hebert
and speak to crowds of firefighters about the life-long ramifications of
their crimes. When asked what, if anything, could have been done to
prevent the firefighters he arrested from becoming arsonists, Hebert
immediately stated 28 of the 30 would have never set a fire had they
had training and education (Hebert).
RECOGNIZING A FIREFIGHTER ARSONIST

What red flags or warning signs might indicate that a firefighter
arsonist is at work? Before that question is answered, it is necessary
to understand how fire departments operate. Most fire departments
cover a specific geographic area i.e., a city, county, town, taxing district, etc. Fire departments with more than one station further define
their coverage areas as first due territory, referring to the specific
geographic area covered by an individual fire station. In the context
of firefighter arson, many firefighters set fires out of excitement or
boredom, so it is logical they would set fires in the same areas covered by their fire department or fire station. The United States Fire
Administration noted that firefighters are known to set fires so they
can engage in the suppression efforts (1).
Hebert described most of the firefighter arsonists he arrested as kids

who felt bulletproof and were people trying to do right by joining
their local fire department. Hebert believes effective training about
the ramifications of firefighter arson would have made the young
firefighters understand that setting any fire illegally was a crime. As
many of the fires were set in vacant or abandoned buildings, the
firefighters often viewed their actions as simply a training opportunity
or an opportunity for excitement that did not harm or risk anyone.
The firefighter arsonists did not consider the permanent consequences
of becoming a convicted felon including the loss of ability to vote,
carry a firearm, and be a member of a fire department. The firefighter
arsonists also did not consider that a firefighter or a member of the
public could be hurt or killed in the execution of a response, and
subsequent fighting of a fire. Hebert strongly reiterated that education would have prevented the majority of the thirty firefighters he
arrested from becoming convicted felons (Hebert).
Several warning signs exist that might indicate a firefighter is setting

fires. Chief Aurnhammer stated that firefighter arsonists always
seem to be in the right place at the right time (Lee). Firefighters
who live far from the station or the fire scene yet are always the first
to arrive at the station or on-scene, particularly in the middle of the
night, may warrant investigation. The Report on the Firefighter Arson
Problem noted that in several firefighter arson cases, firefighters who
lived nearby confronted another firefighter who lived miles away from
the fire station about how he was able to arrive so quickly in the early
hours of the morning (22). Firefighters noticing such red flags are
critical to reducing the firefighter arson problem.
Brett Martinez, a veteran fire marshal, firefighter and peace officer in

New York state wrote that the three best tools for preventing firefighters from becoming arsonists were screening, testing, and education (65). Martinez argued that screening should be conducted to
vet for any past criminal activity and fire setting activity (66).
33
Chief Aurnhammer identified another warning sign of firefighter

arson as sudden increases in the number of fires or severity of blazes
(Lee). The FBI found a tell-tale sign that a firefighter may be setting
fires is a sudden increase in nuisance fires within a companys first
due area (United States Fire Administration 1).1
to respond to every fire call, day and night (Report on Firefighter

Arson 22).
911 AND DISPATCH RECORDS: Firefighter arsonists have been
known to report the fires that they started to ensure that they were
able to participate in the suppression effort (Report on Firefighter
Arson 22). Some firefighter arsonists have raised the suspicions
of dispatchers by referring to them by their first name, by using fire
department codes, and even leaving their fire pager on high volume
so the dispatcher could hear it in the background (Report on
Firefighter Arson 22). Dispatch and 911 recordings should always be
reviewed and preserved early in any arson investigation.
In a Louisiana case, a single rural fire department responded to over

five hundred fire-related calls in one twelve month period. At the
end of that twelve month period, the ten firefighters were arrested
for arson. During the next twelve month period, the fire department
ran only sixty-four calls, including for the first time ever, emergency
medical first responder calls (Hebert). Fire chiefs should pay close
attention to sudden and sustained jumps in call volume and quickly
notify investigative authorities so that the problem can be addressed.
ORIGIN AND CAUSE INVESTIGATION: Huff recommends that

at least a cursory investigation is conducted of every fire regardless
of the size (as many firefighter arsonists begin setting small fires
before graduating to larger and more dangerous fires) (Report
on Firefighter Arson 21). Unfortunately, limited resources often
make investigating the origin and cause of every fire an unrealistic
expectation. However, fire investigators should at least develop
systems to identify trends.
INVESTIGATING THE FIREFIGHTER ARSONIST

As soon as it becomes evident that a firefighter arsonist may be at
work, it is critical that a coordinated, effective and timely investigation is initiated. Successfully investigating and apprehending a
firefighter arsonist requires close cooperation among the fire service,
law enforcement and dispatch personnel; data collection and analysis;
review of 911 and dispatch records; use of technology; and effective
interviewing and interrogation skills.
The Knox County, Tennessee Fire Investigation Unit (KCFIU) is

responsible for conducting origin and cause investigations and fire
related criminal investigations in Knox County, TN. The KCFIU
covers a county of over five hundred square miles. Although KCFIU
investigators respond to every confirmed structure fire, they do not
have the resources to respond to every car, brush or trash fire. However, to ensure that potential serial arsonists are identified early, the
KCFIU receives a daily report from the county dispatch center that
provides basic details about every fire related call that occurred in the
county during the previous twenty-four hours. KCFIU investigators examine the report daily, looking for trends. When a pattern of
serial fire setting is identified, KCFIU investigators concentrate their
efforts on the area of increased fire activity. This program has led to
several arrests and could be a useful model for other fire investigation
units when attempting to determine if a firefighter arsonist is at work
(Knox County Fire Investigation).
COMMUNICATION AND COORDINATION: Developing positive

working relationships between fire service and law enforcement
personnel before a firefighter arsonist strikes is crucial to ensuring
information is shared in a timely manner when a firefighter arsonist is
suspected (Report on Firefighter Arson 21). Fire investigation units
vary widely in staffing and duties however, proactive efforts should
be undertaken to encourage members of the fire service to report
any concerns or suspicions about possible firefighter arson activity
(Report on Firefighter Arson 21).
DATA COLLECTION: Fire service run reports and incident reporting
software can provide valuable leads for investigators. Fire departments
should document the names of all firefighters who responded to
each call, noting those firefighters who were first to arrive on-scene
or at the station. Fire investigators typically want to interview the
first arriving firefighter(s) as their observations can help narrow the
search for the fires area of origin. The information can also be useful
in firefighter arson investigations as it may identify patterns where
particular firefighters were always on the first arriving apparatus
(Report on Firefighter Arson 22). This data is important as it is not
statistically likely that the same volunteer firefighters(s) will be able
TECHNOLOGY: GPS tracking data and cellular telephone records

have proven useful in firefighter arson investigation. The ATF
used a GPS tracking device attached to a vehicle in order to track
the movements of firefighter arsonist John Orr prior to his arrest
(Waumbaugh). Retired ATF Special Agent Hebert used data from
GPS tracking devices to overcome denials from firefighter arsonists
regarding their whereabouts at the time a fire was set.
The term company is often used to refer to a fire department as a whole or to a single fire station.
34
FORENSICS JOURNAL
Hebert used cellular telephone records in several firefighter arson

investigations. The GPS and/or cellular site data from a cellular telephone can be used to determine the location of a firefighters cellular
telephone at the time of a fire. If the investigator can establish that
the firefighter had the telephone on his person at the time the fire was
set, the investigator may be able to refute denials by a firefighter who
insists he was not in the area when the fire was set. Cellular telephone
records may also be useful when investigating a group of firefighter
arsonists who are working together to set fires. Cellular telephone toll
records can be used to demonstrate contacts (calls and text messages)
between groups of firefighters just before or after a fire was set.
ences in the fire service. Rapport should be infused throughout the

entire interview and not simply treated as a step that can be checked
off once it is initially developed (Anderson).
As previously discussed, Hebert emphasized the importance of developing effective themes. FLETC said that themes help suspects rationalize, project, and minimize their behavior, which makes it easier for
them to confess (Anderson). FLETC recommends against judging
or condemning the actions of a suspect and instead, helping them
to justify why a good person would make a mistake (Anderson).
FLETCs instruction directly mirrors Heberts interview theme of the
hero who made a mistake. FLETC also encourages interviewers to
anticipate denials. By using information gained from investigative
techniques such a GPS records or telephone toll records, investigators
may be in a better position to counter denials.
Hebert used consensual monitoring of telephone calls and meetings

in several firefighter arson investigations. After successfully obtaining a confession from a firefighter arsonist, Hebert was able to have
the cooperating firefighter arsonist record conversations with other
firefighter arsonists (co-conspirators) about past arsons and future
planned crimes (Hebert).
Chief Aurnhammer argued that a fire chief who suspected a firefighter

of setting fires but did not have specific proof may be able to confront the suspect with suspicions (Aurnhammer). Although Aurnhammer does advocate notifying law enforcement if there is hard
evidence of arson, the simple act of confronting a firefighter arsonist
without first contacting law enforcement could lead the suspect to
destroy evidence, compromise the investigation, or limit the effectiveness of a law enforcement interview. Fire chiefs who suspect one of
their own firefighters of being an arsonist must balance their role and
duties as fire chief with the needs of law enforcement to conduct a
thorough and complete investigation. Although the fire chief may
have to act before law enforcement has completed their work, the
chief should consult with investigators before taking unilateral action.
INTERVIEW AND INTERROGATION: Hebert described effective

interview and interrogation skills as the thing that is key to bringing
these cases home (Hebert). No other investigative technique was
more critical to Heberts success in investigating firefighter arsonists
than good interview techniques. Hebert said that most of the
firefighter arsonists he arrested were not hardened criminals but
instead were people who entered the fire service for all the right
reasons (Hebert).
Hebert believes the two most important interview techniques he used
with firefighter arsonists were 1) developing rapport and 2) creating,
and using effective interview themes. As most firefighter arsonists
were not hardened criminals, Hebert often used the interview theme
of a hero who made a mistake (Hebert). By treating firefighter
arsonists as decent people versus as criminals, Hebert was able to
obtain confessions from the majority of the firefighter arsonists he
interviewed and later arrested (Hebert).
CONCLUSION
Pennsylvania State Fire Commissioner Edward A. Mann summed
up his views on the problem of firefighter arson by saying but if
you are a firefighter and youre convicted of arson, you ought to have
the entire damn bookcase thrown at you (Burton). In The Myth of
Pyromania, the authors note that many non-arsonists are fascinated
by fire, including firefighters, both professional and volunteer; an
extremely small percentage of firefighters actually are arsonists (Huff,
Gary, and Icove 36).
The Federal Law Enforcement Training Center (FLETC) defines an

interview as a conversation with a purpose or point (Anderson).
FLETC organizes the law enforcement interview into five steps,
which include in order: 1) Introduction 2) Rapport 3) Questions
4) Summary and 5) Closing (Anderson). During their instruction
on interviewing, FLETC places an emphasis on the importance of
building rapport. Rapport is important as it prepares the interviewee
to talk; establishes a baseline of behavior; and can establish trust
(Anderson). FLETC described rapport as a critical element of suspect interviews and concluded that suspects confess to interviewers
they like and trust (Anderson).
However, that extremely small percentage of firefighters who commit the crime of arson out of boredom, for excitement, or for some
other reason, cause great harm to the reputation of the fire service.
Chief Aurnhammer describes firefighter arson as a cancer that can
be cured (Aurnhammer 3). Aurnhammer eloquently adds that
aggressively combatting the firefighter arson problem represents the
highest form of loyalty to the fire service and its mission. Improved
firefighter selection and screening processes, better education and
effective fire service and law enforcement investigations can drastically
reduce the occurrence of firefighter arson.
FLETC recommends that the interviewer identify areas where rapport

can be developed. Fire department based investigators may be able
to establish rapport with a firefighter arsonist based on shared experi35
Lee, Henry K. A Call to Track Firefighter Arsonists / 3rd Arrest of

Season Fuels Experts Fears. sfgate.com. San Francisco Chronicle,
1 Sept. 2002. Web. 9 Sept. 2013. <http://www.sfgate.com/crime/
article/A-call-to-track-firefighter-arsonists-3rd-2775743.php>.
REFERENCES
Anderson, Mark A. Interviewing. Inspector General Criminal Investigator Academy. Glynco, GA. 5 June 2013. Lecture.
Aurnhammer, Thomas W. Addressing the Firefighter Arson Problem. New Mexico Fire Chiefs Association. New Mexico Fire Chiefs
Association, Mar. 2002. Web. 9 Sept. 2013. <http://www.nmfirechiefs.
com/ee/index.php/articles/fullstory/addressing_the_fire_fighter_
arson_problem>.
Martinez, Brett. Tools to Help Prevent Firefighters from Becoming

Arsonists. Fire Engineering (2010): 63-68. Print.
National Volunteer Fire Council (NVFC). Report on the Firefighter
Arson Problem: Context, Considerations, and Best Practices. Greenbelt:
National Volunteer Fire Council, 2011. Print.
Australian Institute of Criminology. Firefighter Arson: Part 1 - Incidence and Motives. BushFIRE Arson Bulletin 7 June 2005: n. pag.
Web. 10 Mar. 2014
- - -, Volunteer Fire Service Fact Sheet. Greenbelt: NVFC, 2013. Print.

Reading, Jennifer. Firefighter Arrested in Albany Fire Station Arson.
WCAX.com. WCAX-TV, 18 Aug. 2013. Web. 9 Sept. 2013. <http://
www.wcax.com/story/23148043/firefighter-arrested-in-albany-firestation-arson>.
Burton, Jeremy G. Firefighter Arsonist Profile: Young, Vengeful With

a Hero Complex. thetimes-tribune.com. The Scranton Times-Tribune,
17 Apr. 2010. Web. 9 Sept. 2013. <http://thetimes-tribune.com/
news/firefighter-arsonist-profile-young-vengeful-with-a-hero-complex-1.733567>.
United States Fire Administration. Special Report: Firefighter Arson.

Technical rept. no. USFA-TR-141. Emmitsburg: U.S Fire Administration, 2013. Print.
Cabe, Ken. Firefighter Arson: Local Alarm. Fire Management Notes

56.1 (1996): n. pag. Web. 10. Mar. 2014
Wambaugh, Joseph. Fire Lover. New York: HarperCollins, 2002.

Print.
Domizio, Tony D. Former and Current Sellersville Fire Co. Members Charged with Arson in Wednesday Fire. Montgomeryville-Lansdale Patch. Patch, n.d. Web. 14 Sept. 2013. <http://lansdale.patch.
com/groups/police-and-fire/p/former-and-current-sellersville-fire-comembers-charged-with-arson-in-wednesday-fire>.
CHRISTOPHER E. ALLEN has been

employed as a federal law enforcement
agent since December 2001. Mr. Allen has
also been in the fire service since 1985,
serving as a career firefighter / fire officer
and later as a volunteer firefighter / fire
officer. Mr. Allen currently resides in the
Nashville, Tennessee area and is employed
as an Assistant Special Agent in Charge
with a federal office of inspector general.
Mr. Allen is also a volunteer Captain with
his local fire department.
Frankel, Todd C. Fascination and Contradiction in Firefighters

Accused of Setting Fires. stltoday.com. St. Louis Post-Dispatch, 8
Aug. 2013. Web. 9 Sept. 2013. <http://www.stltoday.com/news/
local/metro/fascination-and-contradiction-in-firefighters-accused-ofsetting-fires/article_ce8a070b-24e8-506b-b861-e2fe640d93fb.html>.
Haas, Kimberley. Police: Arson Suspect Nearly Killed Three People.
Fosters.com. Fosters Daily Democrat, n.d. Web. 18 Sept. 2013.
<http://www.fosters.com/apps/pbcs.dll/article?AID=/20130918/
GJNEWS_01/130919325>.
Hebert, Daniel. Personal Interview. 11 Sept. 2013.
Hebert, Daniel, and Rick Jones. Secrets in the Firehouse. Aug.
2008. Digital file.
Huff, Timothy G., Gordon P. Gary, and David J. Icove. The Myth
of Pyromania. Fire and Arson Investigator 51. January (2002): 35-38.
Print.
Knox County Fire Investigation Unit. Knox County Tennessee. N.p.,
n.d. Web. 4 Oct. 2013. <http://knoxcounty.org/fire/fire_investigation/index.php>.
36
FORENSICS JOURNAL
Is Fair Value Accounting a Fraud Risk?

Courtney Moore
to sell the asset in the market. Similarly, the company is also required
to assess whether there is evidence of impairment for any of their
financial assets, such as an estimated decrease in estimated cash flow
from the asset. If so, the asset must be devalued to the extent of the
lost value (Wells). Subsequently, the accumulated depreciation can be
restated in two ways: (1) restate the amount of accumulated depreciation to the change in the fair value of the assets or (2) eliminate to the
extent of the increase in fair market value (Wells).
INTRODUCTION
The Association of Certified Fraud Examiners (ACFE) defines financial statement fraud as [an act] in which an employee intentionally
causes a misstatement or omission of material information in the
organizations financial reports (e.g., recording fictitious revenues,
understating reported expenses or artificially inflating reported assets)
(Association of Certified Fraud Examiners). According to the ACFEs
2012 report, financial statement fraud cases comprised only 8% of the
cases in 2012, but caused the greatest median loss of all types of occupational fraud considered at an average loss of 1 million dollars per
case (Association of Certified Fraud Examiners). Financial statement
fraud is so costly because investors rely on financial statements to
make important financial decisions. Therefore, accounting standards
must be stringent enough to eliminate loopholes that companies use
to distort their financial statements.
While both methods still depreciate the assets value over its useful
life, the fair value method requires obtaining an updated value for the
asset. Both International Accounting Standards and United States
Accounting Standards set forth three levels of hierarchy on which fair
value can be determined with highest priority given to the highestlevel inputs (International Accounting Standards Board 72). The
IASB explains, Level 1 inputs are quoted prices in active markets for
identical assets or liabilities that the entity can access at the measurement date (International Accounting Standards Board 76). If an
asset has an active market, like most publicly traded stocks do, the
asset should be valued at such. Nevertheless, not all assets have a
readily active market to value their assets in, and if no active market
exists for that specific asset, the fair market value of a similar asset that
can be readily traded in an active market will suffice under a Level 2
input (International Accounting Standards Board 81). Lastly, if the
asset cannot be valued at either of the previous two levels, an entity
can estimate the assets fair value using an alternate valuation technique such as a Level 3 input (International Accounting Standards
Board 86). When addressing Level 3 inputs, IFRS sets forth a general
rule that the value reflected must reasonably reflect what amount
could be expected for the asset if sold (International Accounting
Standards Board 87-89).
The widespread application of fair value accounting principles has

become a controversial topic because critics claim that fair value
accounting contributed to the recent financial crisis (Centre for Economic Policy Research). While fair value standards may offer a more
accurate picture of what a companys assets are worth, applying the
concepts identified by U.S. accounting standards and international
accounting standards can be difficult. By examining the current
laws and valuation methods in place for both international and U.S.
accounting standards and the nature of financial statement fraud, it
can be determined whether implementing fair value standards further
would leave companies at risk for improper asset valuation.
VALUATION OF FIXED ASSETS
The two common measurements for fixed assets are historical cost
and fair value. While International Accounting Standards (IAS)
allows companies to choose between historical cost and fair value
when valuing fixed assets, U.S. principles require that companies
report their assets at historical cost. The International Accounting
Standards Board (IASB) states that historical cost values fixed assets at
the amount of cash or cash equivalents paid or the fair value of the
consideration given to acquire the asset at the time of its acquisition
(International Financial Reporting Standards). The asset, when first
purchased, is valued at the consideration the company paid to acquire
it. Over time, a portion of the asset will be expensed and by the end
of its estimated life, will have a value of zero.
Most concerns have been expressed about valuing assets with no active
market due to the recent financial crisis (KPMG). Critics of fair value
accounting believe that during the financial crisis, fair value accounting inflated the value of assets to reflect a market value that was not
appropriate due to the long-term nature of the assets held (Centre
for Economic Policy Research). The general principles described give
broad guidance to accountants, but the IASB also recognized the
professions need for further guidance in this area.
IFRS RECENT REGULATIONS
Internationally Accepted Accounting Principles include IFRS 13, which
was enacted to provide more clarity to companies on how to apply fair
value principles to fixed assets. According to the international accounting firm KPMG, the standard does not introduce any new requirements for financial reporting. Instead, it provides more guidance on
how the principles defined earlier can be applied, and addresses the
detail that companies must provide for disclosures pertaining to the
accounting methods used to value these assets (KPMG).
Fair Market Value Accounting does not value an asset at its original
cost. Instead, the asset is periodically revalued to reflect what the
entity could receive if the asset were sold. Under the International
Financial Reporting Standards (IFRS) revaluation method for fixed
assets, the asset must be revalued periodically to fair market value,
less accumulated depreciation and the aggregate amount of losses
from the impairment of value (Wells). Each period, the company
first revalues its fixed assets to the value they could receive if they were
37
In particular, the IASB focused on disclosures for Level 3 inputs due

to the increased amount of subjectivity used in applying valuation
techniques (KPMG). Level 3 inputs require the following disclosures:
can be developed, capital expenditure estimations can be risky because

they are discretionary in nature (Harman). Not all equipment burdens
can be predicted, and the value of an asset can be over-appreciated by
estimating cash flows. Growth rates also require many assumptions; in
particular, using a perpetual growth rate can lead to an overstatement
of value. The assumption that a growth rate will remain constant is
highly unlikely as markets are usually volatile and company earnings
can change dramatically from year to year (Harman). Each years
predicted cash flow is multiplied by these growth rates, so the methods
are very sensitive to small changes in the growth rate.
a) A description of valuation processes applied.

b) Quantitative information about significant unobservable
inputs.
c) Narrative disclosure of the sensitivity of the fair value mea
surement to significant reasonably possible alternative unob
servable inputs (KPMG).
U.S. AND FAIR VALUE ACCOUNTING
Therefore, lower inputs in the fair value hierarchy require a greater

extent of disclosure.
Over the years, the Financial Accounting Standards Board (FASB) has
extended fair value accounting to valuing debt and equity securities
held for sale, derivatives, and reporting changes in fair value in the
income statement and comprehensive income (Lefebvre, Simonova
and Scarlat). In recent years, FASB and IASB have been working
together to converge U.S. GAAP with IFRS. The American Institute
of Certified Public Accountants (AICPA) distinguishes the meaning of convergence and adoption: convergence involves the U.S. and
IASB working together to develop high quality, compatible financial
statements whereas adoption would require the SEC to set a specific
time in which public companies would be required to issue financial statements based upon international standards (International
Financial Reporting Standards). As of this writing, the Securities
and Exchange Commission (SEC) is only focused on convergence,
with the expectation that it will make a determination on whether
or not the U.S. will incorporate IFRS into U.S. financial reporting.
Since IFRS relies heavily on fair value accounting when valuing assets,
convergence could involve the U.S. adopting these same rules.
Despite such specific requirements for disclosure and guidance

when classifying assets among the fair value hierarchy, IASB does
not establish specific valuation techniques that companies must use
under Level 3. However, there are certain valuation methods that are
generally accepted in practice, and even though IASB doesnt provide
specific guidance, generally accepted practices give accountants some
guidance as to how to value assets at Level 3 (KPMG).
LEVEL 3 VALUATION METHODS
Two commonly used methods are applicable to assessing the value
of fixed assets: the discounted cash flow method and capitalized cash
flow method (Putra). The discounted cash flow method involves estimating the future cash flow the asset is expected to provide, which can
involve either a short or long period of time. After determining what
future cash flow the asset will bring in, a discount rate is established.
Then, by multiplying expected future cash flow by the determined
discount rate, the fair value for the asset will be determined (Putra).
THE U.S. FINANCIAL CRISIS

In response to Enron and other accounting scandals, the SEC issued
many regulations in an attempt to provide more meaningful information to investors. The Sarbanes Oxley Act of 2002 helped fund
further FASB efforts to develop new accounting standards through
new funding (The Sarbane-Oxley Act). Through this Act, the SEC
increased accounting regulation and facilitated development of more
accurate accounting standards. FASB reformed U.S. accounting
standards by implementing fair value accounting because officials
believed market values would provide investors with more relevant
information than historical cost was providing (Shorter). The SEC
wanted to switch to fair value accounting because historical cost may
have kept potentially worthless assets on the books of companies.
Specifically, many investors were worried about mortgage-backed
securities (Shorter). Under historical cost, these mortgages may still
have some value on the financial statements of banks, but under fair
value accounting, these mortgages must be marked down to the actual
amount the bank expected to collect.
The capitalized cash flow method is very similar to the discounted

cash flow method: the future cash flow must be determined and the
discount rate must be applied. However, the difference between the
capitalized cash flow method and the discounted cash flow method
is that the capitalized cash flow method assumes that the discount
factor stays constant throughout the period in which the future cash
flow has been determined (Putra). Under the discounted cash flow
method, the discount factor can change from period to period and
thus, requires a greater degree of calculation.
While most valuation analysts prefer the discounted and capitalized
cash flow methods, applying them can be difficult in certain situations
(Harman). First, estimating future cash flows can be very uncertain;
some valuations project cash flows for five to ten years. As the time
period involved becomes longer, the cash flow projection becomes
more uncertain (Harman). The second downfall of the discounted
cash flow method involves capital expenditures. When predicting
future cash flows, cash outflows offset cash inflows. While budgets
38
FORENSICS JOURNAL
After the implementation of FAS 157, Fair Value Measurements, many

insurance firms and banks criticized fair value accounting standards
(Shorter). FAS 157 forced companies to write down their distressed
assets when many companies were already experiencing financial
hardships. Critics claimed the standard forced holders to write down
assets below their true economic value, thus potentially worsening
the U.S. economic recession. Conversely, supporters claimed the fair
value standards were simply protecting investors because the financial
statements reflected the coming financial downturn (Shorter). When
implementing fair value, FASB and the SEC experienced a conflict
their duty was to protect investors, but they did not want to add any
more failing companies to the struggling economy.
tal-European, with investment property and excluded firms that had

less than 10% of investment property (Muller, Reidl and Sellhorn).
Results of the study indicated that before the IFRS implementation,
Scandinavian countries were the primary subjects applying the fair
value model (Muller, Reidl and Sellhorn). France and Germany
experienced substantial variation in the application of either historical
cost or fair value standards (Muller, Reidl and Sellhorn). Ultimately,
the majority of the firms that did not provide fair value information
were in countries with less effective judicial systems, less tradition for
law and order, and higher levels of corruption. The primary reason
why companies chose to provide investment property fair values was
in response to the greater demand for such information and a commitment to financial transparency (Muller, Reidl and Sellhorn). After
the implementation of IFRS, the study failed to find any evidence of
a change in information consistency for firm disclosure of fair value
(Muller, Reidl and Sellhorn). Also, investors still perceived a lack of
consistency in reporting despite the implementation of a universal
standard (Muller, Reidl and Sellhorn). These results suggest that
implementation is not a definitive solution to the inconsistencies in
financial statements across countries.
Financial journalists claimed, By making the banks look so valueless in the middle of a credit crunch, mark-to-market accounting was
procyclical in that it accelerated the downturn (Best of 2008).
Fair value accounting forced banks to devalue their long-term assets;
despite the fact that these assets were no longer liquid in nature. It
may not be appropriate to value illiquid assets at fair value because
it represents the current value of an asset at a given time. While fair
value accounting can provide beneficial information to investors when
an asset will be sold in the near future, fair value accounting may not
be appropriate for assets held for longer terms.
Based on the results of the study, the implementation of IFRS standards across European countries did little to resolve the discrepancies
in financial reporting. Therefore, if the U.S. was to implement IFRS
fair value standards, there would be a risk of inconsistency in financial
reporting. At the same time, results still show that fair value reporting supports financial transparency. Therefore, the U.S. could benefit
from implementing such a standard because some investors may find
fair value information more useful than historical cost information
when making investment decisions.
EUROPEAN REAL ESTATE REGULATIONS

In January of 2005, International Accounting Standards required publicly traded companies within European regulated markets to implement IFRS standards when preparing their financial statements. The
Harvard Business School conducted a study that examined the consequences of the implementation (Muller, Reidl and Sellhorn). Before
the implementation of IFRS, asset valuation varied across countries in
Europe. While the United Kingdom required companies to value their
assets based upon the revaluation model, recognizing changes in asset
value through equity and not income, other countries could choose
between the revaluation model or cost model (Muller, Reidl and
Sellhorn). No countries in Europe permitted companies to recognize
changes in asset value through income (Muller, Reidl and Sellhorn).
IFRS IN GERMANY
In 2005, the European Union (EU) required publicly traded firms
in Germany to prepare their financial statements based upon IFRS
(Liao, Sellhorn and Skaife). By requiring other countries to report
their financial statements under IFRS, the EU was encouraging comparability of financial information across the EUs states. Despite this
effort, comparability of financial information can only be achieved
when companies report their financial information in the same manner (Liao, Sellhorn and Skaife). When accounting standards allow
companies to report transactions based on multiple methods, comparability may be sacrificed. Qing Liao, Thorsten Sellhorn, and Hollis
Skaife investigated the comparability of financial information in the
EU by comparing the valuation usefulness of earnings and book
values (Liao, Sellhorn and Skaife).
As noted earlier, IFRS allows companies to choose between reporting their assets at historical cost or fair value, with changes in value
recognized through income. To encourage consistency, IFRS requires
that companies implement one method for all investment property
reported (International Accounting Standards Board). While firms
are encouraged to hire independent valuation analysts with relevant
qualifications and experience to determine asset values, they are not
required to do so (International Accounting Standards Board). By
reporting changes in fair value through income as opposed to equity,
asset value volatility will affect and possibly distort a companys
reported earnings.
The results of the study suggested that in the initial years of IFRS
adoption, the book values of French and German firms were similar
(Liao, Sellhorn and Skaife). However, over time, the book values of
French and German firms were less comparable (Liao, Sellhorn and
Skaife). Countries may use similar valuation techniques in the initial
The sample studied by Harvard included 77 firms, mostly continen39
and Abdullatif ). Unlike the previous countries, Jordan is a less-developed country. Even though Jordan has an open economy and exports
phosphate, it has limited natural resources and scarce water supplies
(Siam and Abdullatif ).
years of IFRS adoption, but the companies stray from these methods
in later years.
The study of initial Germany IFRS adoption shows that a single set of
accounting standards may not always produce comparability. IFRS
allows multiple methods for valuation techniques, and choices may
differ across businesses and countries. When considering the benefits
of implementing IFRS, comparability is not as a guaranteed result.
Since 1998, Jordan has required its banks to report financial statements based upon IFRS principles (Siam and Abdullatif ). Therefore,
fair value accounting has been implemented on a larger scale than
U.S. standards allow. In 2005, many banks in Jordan saw a boom
in their stock values because their financial statements made the banks
appear very prosperous. This was due in part to a prosperous economy; new capital was entering Jordans economy at the time (Siam
and Abdullatif ). While the banks may have in fact been more prosperous at the time, fair value accounting increased the volatility in the
banks financial position (Siam and Abdullatif ). When the economy
stopped expanding, investors unexpectedly lost large amounts from
their bank investments.
IFRS IN CANADA
Despite its close ties with the United States, Canada decided to
adopt International Accounting Standards rather than U.S. standards
because of the growing international acceptance of IAS in the rest of
the world (The Case for Interntional Accounting). The Certified
General Accountants Association of Canada (CGA) recognizes that
U.S. standards are more rule-oriented and descriptive than international standards but felt international standards would give them an
opportunity to open more trade with the rest of the world (The Case
fo Itnernational Accounting).
After Jordan officials witnessed the volatility in the banks financial

figures, they required the cost alternative to be used for property,
plant, and equipment under IFRS 16 and the fair value option was
no longer allowed (Siam and Abdullatif ). While Canada and Europe
believed that the benefits of fair value accounting outweighed the
costs, Jordan disallowed fair value of fixed assets due to extreme
volatility. According to the survey Siam and Absullatiff conducted,
the three biggest concerns about fair value accounting in Jordan were:
1) fair value accounting fraud, 2) ambiguity of IFRS accounting
standards, and 3) reliability of valuations used to determine fair value
(Siam and Abdullatif ). In an unstable economy, fair value accounting is a concern because volatility in markets will further increase the
volatility of a corporations positions. Such accounting could lead to
improperly valued fixed assets and even worse, misreported earnings.
When IFRS was implemented, Canadian companies experienced

many changes in their financial statements. In particular, since IFRS
relies more heavily on fair value than the previous Canadian standards
did, many companies experienced changes in their income figures due
to changes in asset value. Fair value accounting led to more volatility
in financial ratios as well, such as current and quick ratios, and return
on assets (The Effects of IFRS).
While CGA recognized the concerns that many accountants raised
about Level 3 fair value measurements, the Association points out that
an insignificant amount of assets comprise Level 3 valuations (The
Effects of IFRS). Based on research, Level 3 valuations comprised
only 9% of assets and liabilities on the financial statements of the
Canadian Imperial Bank of Commerce, and only 1% of assets and
liabilities on the financial statements of other existing major Canadian banks (The Effects of IFRS). Instead, Canada favored Level
2 inputs (The Effects of IFRS). Even if some fair value concepts
raised concerns with investors, the overall amount of assets and liabilities valued at Level 3 was insignificant.
IFRS IN CHINA
China is one of the worlds largest emerging markets; therefore, it
plays a significant role in the global economy (He, Wong and Young
538). Financial reporting in China is tailored towards a contractual
role rather than an informational role; if firms report losses for three
consecutive years, they are delisted (He, Wong and Young). Therefore,
business managers in China receive more pressure to report profits
than businesses in most other economies. He et al. conducted a study
to determine if the pressure China businesses receive reduced the benefits intended from fair value accounting (He, Wong and Young).
Therefore, despite the increased volatility in the financial statements,

the CSA decided that IFRS would be the better choice for financial
reporting due to the benefits they would receive in the form of new
trade. While Level 3 valuations include assumptions and estimations,
the CSA is not concerned due to the fact that the assets valued at this
level reflect a low percentage of major companies assets and liabilities.
Before fair value concepts were implemented, Chinese businesses

were required to report trading securities at the lower of cost or
market value (He, Wong and Young). The change from lower of
cost or market to fair value accounting requires companies to report
fluctuations of asset values in earnings, which was not an allowed
practice under the previous principles. If market fluctuations cause
the fair value of assets to decrease, this could cause Chinese compa-
IFRS IN JORDAN
Walid Siam and Modar Abdullatiff conducted a survey detailing the
utility of fair value accounting in the Jordan banking industry (Siam
40
FORENSICS JOURNAL
nies to miss their targets as well. The study identified that due to this
pressure and the potential loss resulting from fair value accounting,
firms will be more likely to set up sales for their available securities
in order to offset these losses with gains (He, Wong and Young).
While the intended benefit of fair value accounting was to encourage
transparency, the fair market values were difficult to determine due to
the differences in Chinese markets compared to other countries the
Chinese rarely exchanges assets between independent parties (He,
Wong and Young). Despite efforts to produce a more accurate value
for Chinese assets, fair value accounting actually devalued the assets
to an amount lower than the company would receive when it sold the
asset. While convergence of International Standards globally would
be ideal, the Chinese case study highlights the fact that markets differ
around the world.
for valuation error due to improperly applied valuation principles.

When using externally developed appraisals, the personnel involved
should always be independent valuation experts, and their certifications and references verified (Putra). Hiring an independent expert
will eliminate the risk of a tainted report due to conflicts of interest or
lack of technical expertise.
Based on the research presented, the IFRS revaluation concept for
fixed assets may result in improper valuation in the United States.
Despite Canadas success implementing IFRS full-scale, IFRS principles have not had the same effect for all countries. In countries such
as Jordan with a volatile economy, investors suffered from severe distortion in company financial statements. Fair value principles require
recognition of asset market value fluctuation in earnings, which can
adversely affect a companys financial position. Over the years, the
U.S. has made a concerted effort to improve U.S. generally accepted
accounting principles and provide investors with accurate information. Implementing a standard similar to IFRS 13 could compromise
the integrity of financial information that the U.S. worked so hard to
improve. Fair value accounting also relies heavily on estimates and
assumptions that can leave companies vulnerable to fraud, especially
when considering Level 3 fair value inputs.
VALUATION FRAUD CONSIDERATIONS AND

CONCLUSIONS
Appraisals can be developed either internally or externally, and both
are acceptable under IFRS fair value accounting standards. When
appraisals are used to determine the fair value asset, additional considerations need to be made. Li Dharma Putra identifies five situations
in which fraudulent valuations can result: bribed appraisers, conflicts
of interest, unwitting accomplices, sham valuation specialists, and
altered reports (Putra). Bribed appraisers and conflicts of interest
involve fraudulent activity that results in a valuation preferred by
management: conflicts of interest involve a concealed relationship
and bribes involve appraisers receiving unnecessary consideration in
return for a certain appraisal result (Putra). When bribed appraisers
and conflicts of interest are involved, the valuation experts may have
the required skills needed to perform the valuation but influence
from management or another party results in an inaccurate valuation.
An unwitting accomplice involves either valuation personnel lacking appropriate knowledge or carelessness in valuation preparation.
(Putra). Unlike the last two forms of valuation fraud, this accounting
fraud involves a valuation analyst who is unaware that he or she is
inaccurately preparing a valuation. Sham valuation specialist fraud
involves a fictitious valuation report that is prepared by a nonexistent
valuation analyst (Putra). Unlike other valuation fraud, no valuation
analyst is involved. Therefore, the fraud originates from within the
company requiring the valuation. Lastly, an altered valuation report
scheme occurs when a company receives a valuation report and alters
it to show a more favorable result (Putra). The original valuation may
have been prepared by a qualified appraiser with proper ethics and
expertise however, fraud have occurred because companies alter the
valuation reports and manipulate the results.
While the benefits of reliable information may outweigh the risk

of fraud when fair valuing short-term assets, long-term assets such
as property, plant, and equipment do not benefit from fair value
accounting. Instead of implementing IFRS 13 when converging to
international standards, the U.S. should continue to disallow fair
value reporting for fixed assets. Such an action will preserve the integrity of U.S. financial reporting and protect the interests of investors.
REFERENCES
Association of Certified Fraud Examiners. Report to the Nations on
Occupational Fraud and Abuse. N.p.: n.p., 2012. ACFE. Web. 11 Mar.
2014. <http://www.acfe.com/uploadedFiles/ACFE_Website/Content/
rttn/2012-report-to-nations.pdf>.
Best of 2008: Fair Value. CFO. CFO, 24 Dec. 2008. Web. 18 Feb.
2013. <http://ww2.cfo.com/accounting-tax/2008/12/best-of-2008fair-value/>.
Centre for Economic Policy Research. The Future of Regulatory
Reform. Center for Economic Policy Research. N.p., 4 Oct. 2010. Web.
17 Feb. 2013. <http://www.cepr.org/2432/LauxFinal.pdf>.
Certified General Accountants Association of Canada. The Case for
International Accounting Standards in Canada. N.p.: n.p., 1999. Certified General Accountants Association of Canada. Web. 11 Mar. 2014.
<http://www.cga-canada.org/en-ca/ResearchReports/ca_rep_199909_case_acc_standards.pdf>.
Based upon the five situations in which fraudulent valuations can

result, counter measures can be identified to prevent valuation fraud.
Internally developed appraisals should involve personnel with the
proper valuation expertise (Putra). Expertise will eliminate the risk
41
- - -. The Effects of IFRS on Financial Ratios: Early Evidence in Canada.

N.p.: n.p., 2011. Certified General Accountants Association of Canada.
Web. 11 Mar. 2014. <http://www.cga-canada.org/en-ca/ResearchReports/ca_rep_2011-03_IFRS_early_adopters.pdf>..
Shorter, Gary. Fair Value Accounting: Context and Concerns. Mark

to Market and Fair Value Accounting: An Examination. Ed. James
W. Curtis. N.p.: n.p., 2009. 1-23. Print. Business Economics in a
Rapidly-Changing World.
Harman, Bryn. Top 3 Pitfalls of Discounted Cash Flow Analysis. Investopedia. Investopedia US, 22 Sept. 2010. Web. 26 Feb.
2013. <http://www.investopedia.com/articles/07/dcf_pitfalls.
asp#axzz2L7jBrQ00>.
Siam, Walid, and Modar Abdullatif. Fair Value Accounting Usefulness and Implementation Obstacles: Views from Bankers in Jordan.
Research in Accounting in Emerging Economies 11: 83-107. Web. 11
Mar. 2014.
He, Xianje, T.J. Wong and Danquing Young. Challenges for Implementation of Fair Value Accounting in Emerging Markets: Evidence
from China. CAR 29.2 (2012): 538-562.
Wells, Joseph T. Let Them Know Someones Watching. Journal

of Accountancy (2002). World GAAP Info. IAS 16. 2008. World
GAAP Info. 10 February 2013 <http://www.worldgaapinfo.com/pdf/
IAS/IAS16.pdf>.
International Accounting Standards Board. IFRS for SMEs. 2009.

IASB: E-IFRS. 10 February 2013 <http://eifrs.iasb.org/eifrs/sme/en/
IFRSforSMEs2009.pdf>.
COURTNEY MOORE is a Certified Fraud

Examiner and Certified Public Accountant
in the State of Maryland. She currently
works at Hertzbach & Company, a regional
accounting firm that serves clients in the
Baltimore, Washington DC, and Northern
Virginia area. Courtney received her Bachelor
of Science degree in Accounting from
Stevenson University in 2012. She continued
her studies at Stevenson University and
received her Masters Degree in Forensic
Studies in July of 2013.
International Financial Reporting Standards. AICPA IFRS Resources.

American Institute of Certified Public Accountants, n.d. Web. 24 Feb.
2013. <http://www.ifrs.com/updates/aicpa/ifrs_faq.html>.
KPMG. First Impressions: Fair Value Mesaurement. N.p.: n.p., 2011.
KPMG. Web. 10 Feb. 2013. <http://www.kpmg.com/Global/en/
IssuesAndInsights/ArticlesPublications/first-impressions/Documents/
first-impressions-fair-value-measurement.pdf>.
Laio, Qing, Thorsten Sellhorn, and Hollis A. Skaife. The CrossCountry Comparability of IFRS Earnings and Book Values: Evidence
from France and Germany. Journal of International Accounting
Research 11.1 (2012): 155-84. Web. 11 Mar. 2014. <http://www.
mccf.ch/docs/Comptabilite%20et%20marches%20financiers/Papier%5B08%5D.pdf>.
Lefebvre, Rock, Elena Simonova, and Mihaela Scarlat. Fair Value
Accounting: The Road to Be Most Travelled. N.p.: n.p., 2009. Certified General Accountants Association of Canada. Web. 11 Mar. 2014.
<http://www.cga-canada.org/en-ca/ResearchReports/ca_rep_200912_fair_value_accounting.pdf>.
Muller, Karl A., III, Edward J. Riedl, and Thorsten Sellhor. Consequences of Voluntary and Mandatory Fair Value Accounting: Evidence
Surrounding IFRS Adoption in the EU Real Estate Industry. 2008. TS.
Putra, Lie Dharma. Approaches to Determine Fair Value and Its Fraud
Risks. Accounting Financial & Tax. Accounting Financial & Tax, 9
Mar. 2010. Web. 13 Feb. 2013. <http://accounting-financial-tax.
com/2010/03/approaches-to-determine-fair-value-and-its-fraud-risks/>.
The Sarbanes-Oxley Act of 2002. NYSSCPA.ORG. New York State
Society of Certified Public Accountants, n.d. Web. 25 Feb. 2013.
<http://www.nysscpa.org/oxleyact2002.htm>.
42
FORENSICS JOURNAL
Demolishing Construction Fraud

Kristi OConnor
From the beginning of time, a common goal in every business has

been to maximize profits. In ancient Rome, builders were working to
find ways to make an extra profit using marble as their primary material source (Hurley and Harvey). The top layer of marble was easier
to excavate, while the deeper layers took much more time and effort
to extract (Hurley and Harvey). Builders found they could save time
and ultimately money by using only the top layers of marble in their
projects. Unfortunately, the top layer of marble was riddled with
holes and air pockets which made it less sturdy than the deeper layers
(Hurley and Harvey). These flaws were typical for the top layer of
marble and could be covered up with mud putty or wax that would
make the marble look solid, but not strengthen it (Hurley and Harvey). When structures began collapsing, the government investigated,
resulting in a law requiring all builders to list the materials they were
using and sign a statement verifying the quality of the marble (Hurley
and Harvey). If a building collapsed and the builder was found to
have used the cheaper marble, the punishment was death (Hurley
and Harvey). Although the methods of building and punishments
for crimes have changed since the first century, construction fraud
continues to exist today. This article will discuss common methods
used to commit construction fraud as well as techniques to detect and
prevent fraud from occurring.
Overbilling frequently accompanies materials fraud because it allows

the fraudster to cash in on the difference between what they spent
on the project and what the customer reimburses them. Baker Tilly
defines these actions as abusive billing practices because they violate
terms of the contract and harm the customer in some way (Construction Fraud: Stories). This could include charging the customer
for first-rate materials, when cheaper goods would have fulfilled the
terms of the contract just as well. Contractors can overbill for both
the materials they used as well as the time spent working on the project (Kolke 10). Some contractors charge for work that was not actually performed (Kolke 10). Many consumers can relate to this fraud if
they have ever taken their car to the maintenance shop and wondered
if the repairman actually performed all the tests indicated on the
checklist. Unless the customer is knowledgeable about car mechanics,
he/she may never know if any work was actually performed.
Ideally, the person hiring the contractor is knowledgeable about the
construction work to be completed and will notice if any of the bills
seem unreasonable or fictitious. Yet even with a strong construction background and reliable estimates of costs, the process of billing
for construction projects is complex because there are many ways
to measure costs. Often times, contractors will agree to a cost-plus
contract instead of a fixed price contract on the entire project (Palmer
19). A cost-plus contract requires the customer to compensate the
contractor for the exact labor and materials used on the job plus pay
an agreed upon fee which represents the contractors profit on the job
(Palmer 19). These types of contracts are susceptible to overbilling
and need to be specific in order to avoid confusion. Even if the original contract is followed precisely, change orders are almost inevitable
in construction projects when unexpected problems or issues arise
that alter the original scope of the work to be performed. The change
orders have to undergo an approval process, but they still leave room
for deceit and improper billing (Kolke 10).
The fraud committed by the Roman builders is an example of one of

the most common deceptions employed in the construction industry;
providing used or substandard materials on a project (Construction
and Procurement). The finished product may not meet the customers standards, last as long as anticipated or survive in harsh conditions. Fraudsters gain an additional benefit by billing the customer
for new materials even if they are not used on the project (Construction Fraud: Stories). The perpetrator gambles on the assumption the
client will not notice the materials used on the project were not the
materials for which they were billed. An example of this kind of fraud
was described in a presentation by Baker Tilly, member of a prestigious international accounting firm. Baker Tilly was assisting one of
their clients in performing an inspection of repair work completed
by the clients usual local contractor (Construction Fraud: Stories).
The inspection team noticed the window casings were nicked and
cracked which was strange as the owner had been billed for new
materials to be used on the job (Construction Fraud: Stories). The
team then examined the records detailing the waste removed from
the site and noted it was less than estimated; indicating some of the
waste remained on site (Construction Fraud: Stories). After interviewing some of the project workers, it was revealed they had been
instructed to use salvage material from the job site for the contracted
repairs (Construction Fraud: Stories). The contractor had billed the
client for new materials and supplies needed to complete the work,
but instead kept the new items for his own inventory (Construction
Fraud: Stories). This left the client with subpar used materials even
though he had paid for higher quality and new materials.
The frauds described thus far are executed by outsiders of the victim
company, such as contractors performing work for the victim company. A more disturbing fraud is one involving insiders at the victim
company. Collusion occurs when two or more people work together
in order to commit fraud (Part I - Kickbacks). In the construction
industry this most commonly occurs between an employee of the
victim company and an employee of a subcontractor, vendor, supplier
or customer. Bribery is a common byproduct of collusion and corrupts the construction industry to an extraordinary degree. According
to the anti-corruption agency, Transparency International, the Public
Works Contracts and Construction sector is the most likely to commit bribery (Corruption Prevention). The long duration of most
contacts, the involvement of multiple suppliers, subcontractors and
vendors, plus the varying rules and regulations depending on the
jurisdiction the work is being conducted in create a complex structure
that is ripe for manipulation (Corruption Prevention). Construction companies have to be sensitive to these types of fraud as they can
43
the construction industry can expect their revenue loss percentage to

be even higher because construction proved to be the industry with
the third highest median loss of $300,000 (Report to the Nations).
Unfortunately, the ACFE found that approximately half of the victim
companies they studied did not recover any of the losses they incurred
as a result of the fraud (Report to the Nations). Other trends
revealed: small businesses are more at risk than larger ones, high-ranking officials tend to inflict more financial damage on a company than
lower-level employees, and most fraudsters are first-time offenders
with no criminal record (Report to the Nations). The Report to the
Nations seeks to educate professionals across the globe and increase
their awareness of various frauds that are perpetrated on the economy.
The ACFE also offers prevention and detection techniques to help
businesses protect themselves. Many of these techniques are especially
useful to combat construction fraud.
cause more than monetary damages. Involvement in bribery schemes

is likely to trigger negative media attention and can have a destructive
impact on a companys reputation (Corruption Prevention). The
adverse publicity can cause loss of customer loyalty, resignation of staff,
and discouragement of interested recruits (Corruption Prevention).
Kickbacks are one of the most common forms of bribery (Part I Kickbacks). In the Construction Law and Business Journal, two
senior managers at Ernst & Young, LLP with decades of experience
in fraud investigations describe a kickback as when a contractor
or vendor transfers or offers to transfer a direct or indirect financial
benefit to another to influence the business decision without the
knowledge of the contracting employer (Farragher 17). An example
of this would be a vendor working with the purchasing manager of
the victim company to ensure the victim company purchases all of
its materials from the vendor (Farragher 17). The vendor marks up
the prices of its goods in order to make more of a profit and give the
purchasing manager payment for making the deal happen (Part I Kickbacks). The victim company is now overpaying for its supplies
because of a secret agreement between one employee and one vendor.
In order to detect fraud within the construction industry, it is

important for managers and owners to keep track of their materials.
Contractors should take steps to protect the procurement area by
keeping comprehensive records of materials projected, bought, and
received (Noyes 10). These records should be reconciled on a regular
basis and any unusual discrepancies should be further investigated
(Noyes 10). For example, a large difference between the amount of
materials ordered and the amount of materials delivered could indicate that someone is stealing goods from the company. Alternatively,
if the amount of supplies ordered is well above the amount of supplies
estimated, that could raise questions of whether the subcontractor is
overbilling the owner for unnecessary materials on the job. Managers
should also compare the prices and quantities of goods ordered from
a vendor with the same types of goods ordered for another project or
from other vendor (Noyes 10). This test of reasonableness will help
detect any overpriced items or excessive ordering. If prices are found
to be higher than those offered by other similar vendors and projects,
collusion may exist between the vendor and an employee with the latter receiving a kickback for directing business to that vendor.
Another collusion fraud affecting construction companies is bidrigging. The bidding process to win the right to take on a construction job is intended to foster a competitive environment in which
the best contractor for the job will be awarded the contract (Part I
- Kickbacks). However, with the help of someone inside the company offering the contract, an unfair advantage can be created and
the process tainted. Bid-rigging can occur in a number of ways, but
in its simplest form an employee inside the victim company offers
inside information to a competing contractor to help them win the
bid, usually in exchange for a kickback (Part II Bid-Rigging). This
information could include when the bid is going to be made available
to contractors and what specifications the bid entails so the contractor
can get a head start on the competition (Farragher 18). Alternatively,
the corrupt employee could use his power inside the company to
manipulate the bid in some way. He could alter the specifications of
the contract to involve a task that only the designated contractor can
complete or mandate qualifications on the bid with which competitors will not be able to comply (Farragher 18). Ultimately, this harms
the victim company because they do not obtain the best possible bid
on the job.
Collusion often makes a fraud even more difficult to detect because

someone on the inside of the company is able to bypass or override
preventative controls. Therefore, it is also necessary for managers to
analyze the financial data of each employee. A comparison of the
costs incurred on jobs as well as the number of change orders issued
on jobs between employees will reveal if any one employees numbers
are particularly high (Part III - Prevention). If the costs associated
with the employees job are consistently higher than estimated or
when compared to other employees, it could be indicative of a kickback or bribery scheme. Similarly, an exorbitant amount of change
orders associated with one employee may be the result of collusion
with a vendor to overbill the company. Managers should also monitor employees qualitatively by observing behavior, especially interaction with vendors. Relationships that appear more personal than
professional in nature should be examined for illegal dealings (Part
It is easy for a company owner who deals in the construction industry

to become overwhelmed with the vast number of ways his business
can be attacked financially. Fraud is a pervasive issue negatively affecting business entities across the globe. Every two years, the Association
of Certified Fraud Examiners (ACFE) issues a comprehensive report
detailing a study of hundreds of frauds all over the world (Report to
the Nations). The 2012 Report to the Nations estimated the average company loses 5% of its revenue to fraud every year (Report to
the Nations on Occupational Fraud and Abuse). Those involved in
44
FORENSICS JOURNAL
III - Prevention). Other red flags corrupt employees often exhibit

include: living beyond their means, never taking vacations, and being
overly protective of their project duties (Part III - Prevention). All
executives want to trust the people whom they employ, but owners
should be aware that too much trust in one individual might establish
a baseline for future fraudulent activity.
tions of the business can quickly spot when something is awry. The
infamous WorldCom fraud case in which executives used accounting
maneuvers to misstate over $7 billion in earnings was uncovered by a
team of internal auditors who noticed that $500 million in computer
purchases did not have any supporting documentation (Pulliam and
Solomon). While WorldCom will be remembered as one of the largest occupational frauds in American history, the same concepts can
be applied to any company. It is important for auditors to look for
discrepancies and then gather evidence to support those discrepancies.
Many times fraud will be detected by someone in the company who

does not have the proper authority to take action against it. The
witness may be afraid of getting his coworker in trouble or he may
not want to be involved in the situation at all. Arguably the most
beneficial fraud detection technique is to implement a whistleblower
hotline. According to the ACFEs 2012 Report to the Nations,
43.3% of occupational frauds are discovered by tips from whistleblowers, the majority of whom work for the victim organization
(Report to the Nations). This is by far the most effective detection
technique and is worthwhile for every company to have. The CPA
Journal highlights some key recommendations to ensure a whistleblower hotline will operate successfully (Eaton and Akers). First, the
policy should explicitly state who is protected under the program
(Eaton and Akers). Employees of the organization should be included
in this description, as well as those who do regular business with the
organization such as vendors, suppliers, subcontractors and customers (Eaton and Akers). Even though most frauds are detected by
someone inside the company, sometimes it is easier to see malpractice
from an outside perspective. The policy also needs to explicitly state
how the confidentiality of the whistleblower will be maintained and
how she will be protected from retaliatory and discriminatory actions
(Eaton and Akers). Those who suspect fraud is occurring may be
hesitant to report it because they are afraid it will negatively impact
their career with the company. If the whistleblowers name is released
or if she tells someone who is actually involved in the fraud, she could
be demoted, fired, and possibly even blacklisted in the industry. The
whistleblower policy should clearly state who the whistleblower is
reporting to in order to ensure she feels comfortable telling an objective source (Eaton and Akers). Of course for any of this to work, the
hotline needs to be communicated to all those potentially involved
and encourage them to use it (Eaton and Akers). The employee
handbook, training sessions, the company newsletter or even a statement on all company emails are useful ways to foster awareness of
the whistleblower policy. Enlisting the help of employees, suppliers,
vendors, subcontractors and customers to detect fraud sets a strong
foundation for an ethically stable corporation.
In order to gather evidence to investigate audit findings, the auditor

must make inquiries of management (Auditing: CPA Exam A4-16).
Possessing strong interview skills is not only helpful in gaining a better
understanding of certain situations, but is critical in detecting fraud.
The Journal of Accountancy, among many other publications, stresses
the need for auditors to practice their interviewing skills and offers a
number of suggestions to conduct a purposeful inquiry (Ten Steps).
The inquiry should seek to gain more information and encourage
cooperation from the person being interviewed without being accusatory. The auditor should be conscious of taking her time and not be
pressured to move along to the next question until she is comfortable
with the explanation she has received (Ten Steps). Internal and
external auditors alike may have the tendency to drop an issue if the
interviewee becomes frustrated or impatient. However, the auditor
should know that those traits are more common in guilty individuals and should continue to press the interviewee until the matter is
settled (Ten Steps). Auditors should not be ashamed for being
adamant in understanding a policy or transaction because that is part
of the job description. Auditors conducting inquiries should also be
careful not to suggest answers to the interviewees (Ten Steps). It
may seem helpful to offer a theoretical explanation for a proposed
question in order to help stimulate an answer, but that is not advisable. Instead, the auditor should ask her question and wait for an
answer (Ten Steps). The CPA Journal advises interviewing auditors to do more listening than talking because that is the only way
they are going to get the desired information (Ten Steps). While
the auditor is listening to the interviewees answers, she should also
be aware of the nonverbal cues the interviewee is providing (Interviewing Techniques). Lack of eye contact, fidgeting, and sweating
may indicate that the interviewee is hiding something (Interviewing
Techniques). Some people will naturally exhibit these tendencies
if they are nervous with the general interview process. However, if
these traits do not subside as the interview continues or they increase
in intensity when tough questions are asked, it may be indicative of
deception (Interviewing Techniques). Auditors should never make
any accusations, but should note when the person showed signs of
uneasiness and expand the investigation in those specific areas.
Executives should also take advantage of their internal and external

audit teams to join the battle against fraud. Internal audits are the
third most effective detection technique according to the 2012 ACFE
study, detecting 14.4% of cases (Report to the Nations). Internal
audits fall only .2% behind the second most effective detection technique of management review which detects 14.6% of cases (Report
to the Nations). Internal auditors familiar with the daily transac-
If a manager or employee behaved suspiciously during an interview

or was unable to explain discrepancies during a job, an appropriate
follow-up detection technique is conducting a surprise on-site audit of
45
that project (Noyes 10). Many times visual observations can alert an
auditor or owner to fraudulent acts. As described in the Baker Tilly
case above, on-site auditors were able to note that substandard materials were being used on the job and not as much waste as predicted was
being generated by the project (Construction Fraud: Stories). Auditors should examine how many people are working on the job site and
compare that to the daily payroll records (Noyes 10). This will help
detect if the owner is being overbilled for labor costs. On-site audits
operate as effective internal controls and should be utilized to detect
and prevent fraud.
could suggest that improper techniques are an acceptable means to

reach a desired result. Managers need to find a way to motivate their
employees to help the company perform well while emphasizing
ethical business practices. Pressure and stress should not blind staff
members from being able to discern right from wrong.
Many owners assume they can avoid fraud by simply hiring the right
individuals to run their company. While it is vital for a successful
company to hire dependable and trustworthy workers, executives
should never assume their employees are incapable of deceitful
acts (Roberts). As noted previously, the majority of offenders have
never committed a criminal act prior to their fraud (Report to the
Nations). Even if the background search is negative for questionable behavior and no prior employers complain of deceitfulness, the
interviewee is not automatically immune to engaging in fraud. It is
necessary to develop a level of trust throughout the organization, but
management needs to be wary of placing too much responsibility in
the hands of one trusted employee (Roberts). In order to guarantee
that no one individual has enough authority to override controls,
there are some guidelines to put in place. Requiring all employees to
take their vacation can help deter fraud (Roberts). Employees who
never take a vacation are often afraid that their fraud will be uncovered if they are away from work for too long. Another way to prevent
employees from committing fraud is to segregate duties within the
organization.
The methods described above are some of the many detection tools
and techniques owners, auditors, employees, customers, vendors,
and suppliers can utilize to uncover fraud. However, the easiest and
most effective way to combat fraud is to prevent it before the scheme
begins. The ACFE recommends that of all the prevention techniques
available to business owners, the most critical to implement is targeted fraud awareness training for all levels of employees (Report
to the Nations). This training should be mandatory and should be
conducted at least once a year. During the training, fraud should
be defined with specific examples related to the industry of operation (Report to the Nations). Upper management is responsible to
ensure the rules are understood throughout their organization. The
fraud training should also cover how fraud is destructive to everyone
within and around the entity (Report to the Nations). First-time
offenders may believe they are actually helping the company when
they falsify the financial statements in order to make results look more
favorable. However, they need to understand their actions are directly
harming potential investors, bankers who rely on financial information to approve the company for loans, and the future of the entire
company when the fraud is eventually discovered. Lastly, the training
should articulate how someone can disclose suspicious activity to the
appropriate source (Report to the Nations). This would be an ideal
time to mention the whistleblower hotline if one is in place or direct
their complaints to another objective source such as the independent
auditors, the Board of Directors, or even the Securities and Exchange
Commission (SEC). The training will serve as a solid base for preventing fraud throughout the company and will help ensure everyone
is following the same ethical guidelines.
At a minimum, the responsibilities of authorizing transactions,

recording transactions, and maintaining custody of the related assets
should be separated amongst different employees (Auditing: CPA
Exam A3-52). The more processes that are segregated in a single
transaction, the less risk exists that a fraud will be concealed. This is
especially important for the construction industry concerning materials fraud. One person should be responsible for approving material
acquisition forms, another person should be in charge of recording
those purchases on the books, and a third person should be held
accountable for receiving the materials. At each step in the process,
a new person is checking and reviewing the transaction to make sure
everything appears correct. Similarly, the cash receipts process should
be split between those who collect the payments and those who
record the payments in the system (Auditing: CPA Exam A4-26).
Segregating duties can be difficult in smaller businesses where there
are fewer people to carry out complex transactions. This is one of the
main reasons small businesses are more susceptible to fraud and need
to take even more actions to protect their company (Report to the
Nations). Oversight is also an important duty to implement in every
accounting process. Giving one person sole authority to approve all
purchasing activities leaves the company vulnerable to overbilling
and kickback schemes (Occupational Fraud). Companies should
consider using double approvals for large purchases or rotating the
approval duty.
In order for employees to be willing to follow the ethical guidelines

established by management, they must have strong leaders to set an
example. The tone at the top sets the precedence for all those on
the lower rungs of the corporate ladder (Preventing & Detecting
Fraud). The idea is that the morals and values of the top executives
will trickle down to be reflected in their subordinates. Conversely, if
the top executive behaves unethically, his subordinates are likely to
engage in similar fraudulent activities. Management is also responsible for monitoring the pressures they place on their employees (Preventing & Detecting Fraud). All companies strive to make a profit,
but placing too much emphasis on meeting budgets or expectations
46
FORENSICS JOURNAL
Similar to interviewing employees, owners of construction companies should also screen their business partners (Noyes 10). As with
employees, it is impossible to know unequivocally whether someone
is more prone to commit fraud, but there are traits to avoid in business relationships so as to reduce the risk of dealing with a crook.
Construction companies are encouraged to conduct research before
working with a new supplier or subcontractor (Noyes 10). First, it
is important to find out how long the company has been in business (Noyes 10). This does not imply that all start-up companies
are corrupt, but lack of experience may result in a company being
susceptible to fraud. Construction companies should also perform a
background check on the supplier or subcontractor to see if they have
been involved in any illicit business in the past (Noyes 10). A quick
internet search can uncover any unfavorable media attention the company may have received and a search of the SEC filings can determine
if they have ever been investigated for fraudulent activity. A clear
record is a good sign, but should not be misconstrued as an indicator of a flawless company. Owners of construction companies could
also contact industry peers to check if anyone else has conducted
business with the potential candidate (Noyes 10). People who have
worked with the supplier or subcontractor can share their experiences,
whether positive or negative, thus allowing the owner to obtain a better understanding of the quality of work the company performs.
and materials to what the subcontractor purchased for supplies and

materials on the same job. The general contractor is usually permitted
to inspect documents and make inquiries of the subcontractors staff
(Palmer 21). Not all standard contracts include a right to audit clause
so the general contractor should make certain that one is explicitly
stated (Palmer 21).
Fraud is an inevitable part of doing business that has existed since the
beginning of time and will continue to exist as long as individuals
are able to exercise free will. Construction companies are particularly vulnerable to a number of damaging frauds such as materials
fraud, overbilling, and bribery. Awareness of the types of fraud that
the industry frequently encounters can help owners develop ways to
detect fraud in their own companies. Common detection methods
in the construction industry include protecting the procurement
area, creating a whistleblower hotline, conducting internal audits,
interviewing staff, and implementing surprise on-site audits. Perhaps
more beneficial than detecting frauds currently afflicting a company is
identifying proactive measures to prevent fraud before it occurs. Conducting fraud training, setting an ethical tone at the top, hiring the
right people, segregating duties, screening suppliers, drafting detailed
contracts, and including a right to audit clause are all invaluable
techniques for preventing fraud in the construction industry. It is
imperative that those working with construction entities realize fraud
is a common occurrence and could happen to their company. Management should take proactive and deliberate steps to protect their
company and business partners. A combined and determined effort
can help reduce construction fraud to rubble.
Subcontractors are crucial to the success of a construction contractor because they are relied upon to perform work for which general
contractor will be ultimately responsible. Subcontractors usually
perform work according to a contract agreed upon with the general
contractor. A useful fraud prevention technique is to ensure the
contract is detailed enough to specifically cover what the general
contractor wants completed. If a fixed price for the project has been
set, the general contractor needs to stipulate the type and quality of
materials he wants for the job (Palmer 21). Since the price on the
contract is essentially non-negotiable, general contractors need to be
very precise about the end result so the subcontractor cannot take any
cost-cutting measures. If the contract is a cost-plus contract, then the
price will fluctuate depending on the materials and labor used on the
job (Palmer 19). In this case, the general contractor can protect himself from overbilling by setting a price ceiling that the contract cannot
exceed (Palmer 21). The more detailed a contract becomes, the less
room it will leave for misinterpretation and mismanagement.
REFERENCES
Auditing: CPA Exam Review. Becker Professional Education. 2011
ed. Devry, 2010. Print.
Construction and Procurement Fraud. False Claims Act Resource
Center. False Claims Act, 2013. Web. 8 Sept. 2013.
Construction Fraud: Stories from the Field. Baker Tilly. Baker Tilly
Virchow Krause, LLP, 2010. Web. 8 Sept. 2013.
Corruption Prevention in the Engineering and Construction industry. PricewaterhouseCoopers. PricewaterhouseCoopers, LLP, 2009.
Web. 24 Sept. 2013.
Another essential element to include within the contract with a subcontractor is a right to audit clause (Palmer 21). This clause states
a distinct time period during which the general contractors audit
team can examine the accounting records of the subcontractor (Noyes
10). The inclusion of this clause in all contracts is advantageous to
the general contractor because he will have the ability to perform
substantive audit procedures that may detect fraud. The audit team
can compare what the general contractor was billed for supplies
Eaton, Tim V., and Michael Akers. Whistleblowing and Good Governance. CPA Journal 77.6 (2007): 65-71. Web. 30 Sept. 2013.
Farragher, George P., and Stephen M. Nelder. Construction FraudThe Cost Of Doing Business? Construction Law & Business Journal
2.2 (2001): 17-20. Business Source Complete. Web. 10 Sept. 2013.
47
Hurley, Richard, and Tim Harvey. All Construction Frauds Lead

Sincerely to Rome. Fraud Magazine. Association of Certified Fraud
Examiners, May/June 2012. Web. 10 Sept. 2013.
KRISTI OCONNOR graduated from the

University of Maryland, College Park in 2010
with a degree in Accounting. She worked at
a CPA firm for 3 years performing tax and
audit services primarily in the construction
industry. Kristi is now pursuing a Masters in
Forensic Accounting at Stevenson University.
She is a licensed CPA in Virginia and is
currently working as an accountant for Flying
Dog Brewery.
Interviewing Techniques for Investigations and Audits. AICPA.

Web. 17 June 2013.
Kolke, Kelly. Construction Fraud. Canadian Consulting Engineer
54.1 (2013): 10. Business Source Complete. Web. 10 Sept. 2013.
May, Don. Bribery in the Construction Industry: Part I Kickbacks. Construction Executive. Magazine Xperts LLC, 30 Jan. 2013.
Web. 24 Sept. 2013.
May, Don. Bribery in the Construction Industry: Part II BidRigging. Construction Executive. Magazine Xperts LLP, 31 Jan. 2013.
Web. 29 Sept. 2013.
May, Don. Bribery in the Construction Industry: Part III Prevention and Detection. Construction Executive. Magazine Xperts LLC, 4
Feb. 2013. Web. 29 Sept. 2013.
Noyes, Mike. Combating Construction Fraud. Engineering NewsRecord. The McGraw-Hill Companies, Inc., 10 Sept. 2008. Web. 8
Sept. 2013.
Palmer, Eric. Contract Analysis. Internal Auditor 67.4 (2010):
19-21. Business Source Complete. Web. 25 Sept. 2013.
Preventing & Detecting Fraud in Construction Companies. Feeley
& Driscoll, P.C. Feeley & Driscoll, P.C., 2013. Web. 8 Sept. 2013.
Pulliam, Susan and Deborah Solomon. How Three Unlikely Sleuths
Exposed Fraud at WorldCom. The Wall Street Journal. Dow Jones &
Company Inc., 30 Oct. 2002. Web. 30 Sept. 2013.
Report to the Nations on Occupational Fraud and Abuse. 2012
Global Survey. Association of Certified Fraud Examiners, 2012. Web.
25 Sept. 2013.
Roberts, Jeff. Managing Fraud Risk in Construction. BKD Forensics.
22 August 2012. Web. 28 Sept. 2013.
Wells, Joseph T. Occupational Fraud: The Audit as Deterrent.
Journal of Accountancy. April 2002. Web. 7 Oct. 2013.
Wells, Joseph T. Ten Steps to a Top-Notch Interview. Journal of
Accountancy. Nov. 2002. Web. 30 Sept. 2013.
48
FORENSICS JOURNAL
Social Media Public Outreach: Is the Public

Playing a Role in the Criminal Justice Process?
Eric Shifflett
munity outreach. To date the IACP survey/studies do not provide
a clear profile of community outreach and social media use in law
enforcement. Research data findings in such an area currently rely on
smaller samples and case studies.
Social media use as a law enforcement tool is a recent phenomenon.

The Boston marathon investigation is a recent example of this public/
private collaboration. On April 17, 2013, the marathon festivities,
were cut short when two bombs detonated close to the finish line of
the Boston Marathon, causing damage to runners and onlookers alike.
By evening, three people were confirmed dead and 144 more were
being treated at Massachusetts General Hospital (Levs and Plott). In
order to counteract the ensuing chaos immediately after the explosions, law enforcement reached out to the public through social media,
provided up-to-date information about the investigation, corrected
misinformation to alleviate panic, and requested photos or footage
of the finish line from the public (McGovern). Partnering with the
public via social media assisted law enforcement agencies during the
manhunt and eventual capture of the two suspects, Tamerlan Tsarnaev
and Dzhokhar Tsarnaev. This incident raises the question of whether
the positive results from public outreach over social media on a larger
scale benefit both the public and law enforcement as a whole?
One smaller scale case study conducted in 2012 focused on the Philadelphia Police Department (PPD). The research scope was limited to
arrests by the PPD through the use of community outreach on social
media. These social media arrests were made by posting information
about the crimes on the social media accounts owned by the department (Philadelphia, Pennsylvania, Police). The primary social media
websites used by the Philadelphia Police Department were Facebook,
Twitter, and YouTube. The PPDs social media public outreach begins
on YouTube with posting of a video and further dissemination to
other social networks (Philadelphia, Pennsylvania, Police). The
social media methods used by the PPD are replacing or supplementing
the traditional methods used by law enforcement in the past. Traditional techniques included: speaking to news reporters, placing tips in
newspapers, holding press conferences, going door-to-door requesting
crime details, or spreading the pertinent information through CDROMs. The Philadelphia Police Department finds the new social
media outreach approach to be more effective and efficient than past
communication methods with the public. As the crime details are
an online link which is easily accessible to the public on social media,
the agency receives a greater number of tips about suspects still on the
loose (Philadelphia, Pennsylvania, Police). Not only is the department obtaining a large amount of feedback, but it is also saving time
and money due to the relative ease of using social media and the lack
of service fees (Philadelphia, Pennsylvania, Police). These statements
and details provided in the case study demonstrate that social media
methods of communicating with the public are effective in time,
feedback, and money thus positively increasing the number of successful arrests.
To answer this query, the social media foundation used by law enforcement requires analysis. Social media websites law enforcement may
use include: Facebook, Twitter, YouTube, Myspace, LinkedIn, and
other smaller, tight-knit social networks. In 2010, the International
Association of Chiefs of Police (IACP) Center for Social Media conducted a survey examining the use of social networks as a tool for law
enforcement agencies. The survey encompasses 728 law enforcement
agencies with an 81 percent positive response rate for active social
media use (International Associations of Chiefs, 1). When asked
which social media websites were utilized, the most prominent network was Facebook reflecting 66.8 percent of the 728 police agencies
(International Associations of Chiefs, 1). Additional social media
sites law enforcement agencies signed up for include: Twitter (29.8%),
Nixle (29.8%), Myspace (21.6%), and Youtube (17.6%) (International Associations of Chiefs, 6). The study reflected estimated future
growth rates with 61.6 percent not currently using social media planning to begin signing onto such websites (International Associations
of Chiefs, 4). The results of this study show the use of social media is
quickly gaining traction in the field of law enforcement.
In October 2012, Erik Barrett was arrested through an anonymous

tip. The tip arrived a few days after the Philadelphia Police Department posted a surveillance video on social media. Barretts arrest was
a milestone for the department, as it was the 100th arrest made since
February 2011 as a result of the departments social media community
outreach (Your Tips at Work). Overall, the PPD received 6,500 tips
which resulted in a 33.5 percent clearance rate due to social media
posts (Your Tips at Work). The results of the study are promising for
the use of social media by law enforcement.
Police organizations maintain a presence on social media sites for a

variety of purposes including: community outreach, citizen engagement, and case closure. The IACP Center for Social Media survey
noted 40.3 percent of the departments that used social media
reported doing so for the purpose of community outreach and citizen engagement (International Associations of Chiefs, 3). Agencies
surveyed found that social media was instrumental to case closure.
Overall, the survey results indicate 45.3 percent of agencies found
social media helpful, 23.1 percent were not sure, and the remainder
agencies found it to be of little assistance (International Associations
of Chiefs, 9). While these statistics appear to be promising, the data
is incomplete. The statistics provide insight regarding the general use
of social media by law enforcement but not specifically about com-
The Philadelphia Police Department is a prime example of successful community outreach by law enforcement through social media.
Corporal Frank Domizio of the Philadelphia Police Department
explained that while the chance of arrest, clearance rate, and number
of closed cases associated with social media may not seem impressive, the statistics would be much lower without the agencys use of
networking (Philadelphia, Pennsylvania, Police). The Philadelphia
49
in the investigation progress. On the fourth day after the riot, the
Vancouver Police department released statistics that provided insight
as to just how much help the agency received from the public. Within
a four day span, the community sent approximately 3,500 e-mails to
the Vancouver Police Department (Riot Investigation Fact Sheet).
The department noted 676 of the e-mails contained hyperlinks to
YouTube videos and 1,011 provided links to social media networks,
with most hyperlinks from Facebook (Riot Investigation Fact
Sheet). The department reported twelve suspects voluntarily reported
to the Vancouver Police and three other persons to other jurisdictions
(Riot Investigation Fact Sheet). The information received from
the public is still being used two years after the investigation. The
police reported in June 2013 that ten more rioters were charged with
crimes, bringing the total number of rioters charged to 325 (Riot
Investigation Update). While not every rioter was arrested and
charged through the assistance of the social media community, the
ample amount of social media evidence received by the department
was undoubtedly a factor in the arrest of many rioters. The Vancouver
Police Department, in an effort to assist with the identification of rioters, even created a website listing the top most wanted rioters in June
2012 (Riot Investigation Update). By the next year, law enforcement
was able to identify seven of the rioters on the list through the public
and the website (Riot Investigation Update).
Police Department continues to refine and modify its social media

outreach processes.
The United States is not the only country having success with community outreach through social media. In 2011, Canada explored and
exploited this tool. During the 2011 Vancouver Stanley Cup, a riot
broke out in Canada. When the game officially ended, thousands of
fans began to riot in the streets. There were reports of people breaking
windows, causing fires, flipping over vehicles, and looting numerous
establishments (Schneider & Trottier, 58). People were injured in
the riots due to stabbing incidents. Vancouver riot police expended
several hours dispersing and arresting the rioters. The chaotic nature
of the riot resulted in the police being unable to take every criminal
into custody (Schneider & Trottier, 58-59). Therefore, the Vancouver
police requested public assistance through social media to locate missing suspects involved in criminal activities during the time of the riot.
Millions of people all over the world were watching the riots either on
television or on the web. People close to the rioting were using their
phone to text information, record videos, or take pictures of the events
as they unfolded (Schneider & Trottier, 60). The pictures, messages,
and videos from the mobile devices were then posted online with the
content being passed around on various social media sites (60). By
using the information posted on social media, online members of the
websites were able to identify certain suspects from the riot. Numerous identifications resulted from videos, photos, and details from the
riot posted online, as this public information caused people to turn
themselves in or be reported to the police by friends or family.
The analysis of the 2011 Vancouver Stanley Cup riot does not reflect
the exact number of persons brought into custody solely due to social
media outreach. However, the Vancouver Police and people who
have studied the riot have provided evidence that social media made a
difference in some cases. The Vancouver Police Department released a
review entitled 2011 Stanley Cup Riot which stated that the phenomenon of turning oneself into the police seems to be impacted by
the media and social media commentary (Schiender & Trottier, 64).
The review further explained that there was a slight increase in the
number of people who turned themselves in because of social media
(Schiender & Trottier, 64).
In the analysis of social media during the 2011 Vancouver Stanley

Cup riot, the authors focused on the website Facebook. A group was
created on Facebook shortly after the riots called Vancouver Riot
Pics: Post Your Photos. Within the next 24 hours, 70,000 persons
subscribed to or liked the page (Schneider& Trottier, 61). A few
weeks after the riot, the page recorded a total of 102,784 subscribers
(Schneider & Trottier, 61). The group members were reading the
material, sharing it on their Facebook profiles, and commenting on
the posts with relevant information. The number of posts in those few
weeks amounted to 12,587 separate postings on the page (Schneider
& Trottier, 61). These postings resulted in some persons turning
themselves in or leading the police to suspects. One case involved a
twenty-one year old man who lived in Vancouver. A few days after the
riot, a picture of the man was posted on the Facebook group (Schneider & Trottier, 64). Upon seeing his photo on the site, the man called
the Vancouver police to apologize for the damage he caused to cars
during the riots (Schneider & Trottier, 64). Using the description of
the man who called, the police were able to determine that the man
participated in five other crimes by viewing videos of the riot (Schneider & Trottier, 64).
The Boston Marathon, the Philadelphia Police Department case study,

and the 2011 Vancouver Stanley Cup riot all present evidence that
social media community outreach can positively affect case closure
rates. Despite the pros of using social media for community outreach,
departments should also be aware of the cons. While the Vancouver
Police riot had great success with utilizing the community and social
media during the 2011 Vancouver Stanley Cup investigation, the
departments use of social media also created negative consequences.
Such pitfalls included false accusations and privacy violations alike.
Nathan Kotylak became a target over social media following the 2011
Vancouver Stanley Cup riot. At the time, Nathan Kotylak was a
seventeen-year old water polo player who was photographed attempting to light a police car on fire during the riot (Beaumont). The public
outrage concerning Nathan Kotylaks action prompted concerns about
From June 2011 to the present, the Vancouver Police Department has
posted updates, released statements, and kept the community engaged
50
FORENSICS JOURNAL
the investigation and justice. As Kotylak was still a minor, his name
should not have been made public (Beaumont). As a result of his
name being released, Kotylak and his family were forced to flee their
home because their address was posted on social media and the internet by the public (Beaumont). The posting of the address by social
vigilantes caused the family to relocate, thus impeding the investigation, prompting concerns about rights, and violating the Youth Criminal Justice Act (Schiender & Trottier, 60).
cally classify Sunil Tripathis death as a suicide, there were factors

indicating his death was likely a suicide. In March 2012, Sunil Tripathi disappeared from his apartment and left behind a note that hinted
at suicide (Schaefer). The Tripathi family was concerned previously
with Sunil Tripathis mental health, as he suffered from depression
(Schaefer). Speculation remains that the incident did not help Sunil
Tripathis troubled mindset. The police require further investigation,
but social media witch hunts during the Boston Marathon bombing
raise concerns about social media as a law enforcement tool.
However, problems with citizen engagement and social media during

the 2011 Vancouver Stanley Cup riot investigation were not limited to
the case of Nathan Kotylak. A suspects information posted on social
media sites also caused many hate and prejudicial messages to appear.
When people on the internet tag or link the suspects details to posts
made about him or her, it allows persons to easily access a medium
through which to send messages. One of many victims of such messages was Robert Snelgrove who was intoxicated after the game and
joined the rioting (Beaumont). Snelgrove was identified on social
media sites and hateful messages were sent to his profiles (Beaumont).
He explained that the messages were mild at first, but then got worse
as persons began to use homophobic slurs and tell him that he should
kill himself (Beaumont). Snelgrove and other victims abused by the
public online must be of equal concern to the justice community as
the messages escalated into action.
When assessing the different methods law enforcement use on social

media to assist in capturing criminals, most of the statistics and
research relating to social medias effect on closing cases is minimal.
Efforts to determine social medias effect on law enforcement focus primarily on case studies or single case incidents. While these studies give
a reader a personal look into the impact social media has on particular
cases, it does not provide a comprehensive picture. Determining how
many cases are solved directly through social media outreach across the
United States or on a global scale remains difficult. Research compiled
thus far is insufficient. Case studies show promise for community
outreach through social media, making additional research in this area
crucial. Surveys remain a valid data collection tool. The survey should
have the same scope as the Uniform Crime Report under the jurisdiction of the Federal Bureau of Investigation. In order for the Federal
Bureau of Investigation to create the Uniform Crime Report, police
agencies across the United States submit crime statistics to the FBI for
compilation and analysis. The FBI could modify the Uniform Crime
Report to report various crime statistics and to also report the number
of cases solved through social media outreach. While it would not give
a global perspective as to the number of cases solved through social
media outreach, it would still provide insight on a larger scale than
is currently available. Reporting of this nature would provide better
insight as to whether the social media methods used by the police are
effective in all cases or in only high profile cases. If modification of the
Uniform Crime Report is not feasible, a survey designed by appropriate subject matter experts should still be created in order to obtain the
necessary details regarding social media use by law enforcement.
The Boston Marathon bombing also prompted negative public behavior through social media which adversely affected the investigation.
Early in the investigation, a bombing suspect was identified through
social media. Users on these social networks believed a missing college
student, Sunil Tripathi, was a possible suspect due to a former high
school class posting on a popular social news site that she recognized
him in a picture of the finish line near where the bombs exploded
(Sunil Tripathi). On the social media site Twitter, members began to
re-tweet messages saying that Tripathi was one of the suspects (Sunil
Tripathi). People continued to spread this news despite the fact police
announced Tripathi was not one of the suspects (Sunil Tripathi).
While people eventually began to realize that Tripathi was misidentified, the damage was already done. The media had already begun to
hound the Tripathi family with a multitude of phone calls and attacks
on the Facebook page maintained by the family who were attempting
to locate the missing relative (Sunil Tripathi). Even after the manhunt for the two true suspects ended, the effects continued to be felt
by Sunil Tripathi and his family.
The survey should be meticulously designed and beta tested. If possible, the IACP Center for Social Media should head the initiative due
to the organizations current experience with social media research.
Funding would hopefully come from the federal government as the
studies could assist in persuading law enforcement organizations at all
levels of the benefits or consequences of utilizing social media public
outreach methods. The survey should not ask questions about the
number of cases solved through social media outreach because accurate
statistics will not be produced. The questions should examine what
types of cases were assisted by social media outreach, but also seek to
obtain some sense of how much social media use affected the case.
The study should be voluntary and the IACP Center for Social Media
could contact the law enforcement agencies used in the past surveys
Police were unable to locate Sunil Tripathi after the Boston Marathon
bombing, and the search for him continued until April 25, 2013,
when his body was found in a river near the City of Providence (Family of Sunil Tripathi). Although an official statement as not been
released, the police examiner explained while further examination is
necessary, he does not believe there was any foul play involved (Family of Sunil Tripathi). While the lack of foul play does not automati-
51
Buncombe, Andrew. Family of Sunil Tripathi - Missing Student

Wrongly Linked to Boston Marathon Bombing - Thank Well-Wishers
for Messages of Support. The Independent. independent.co.uk, 26 Apr.
2013. Web. 8 Oct. 2013.
such as the 728 law enforcement agencies who answered in the 2013
Social Media Survey. The researchers should create a trend study that
is one of the three sub-types of longitudinal surveys. Since the research
will include a longitudinal survey, the analysis will be gathered over a
long period of time such as one year. To keep the populations consistent, the survey should focus on rural versus urban police departments.
The trend study would request police departments to submit the
number of cases that used any form of social media public outreach to
further the investigation. This could include a tip submitted on social
media, a photo posted to assist in identification, a cellphone video
tweeted to a police organization, or any submission over social media
by the public to help the investigation. In order for a case to count
towards the survey, the social media public outreach must further the
case in some way, such as providing evidence, assisting in identifying a
suspect or posting a location of stolen goods. The information should
be gathered at the end of the month for a year. The survey would then
show a year trend of social media public outreach and whether the
cases affected by social media are increasing, fluctuating, or decreasing.
The trends could also show whether social media public outreach is
better implemented in urban, rural, or both areas. This information
gathered from such a survey would allow police departments to make
more effective decisions about how to utilize social media.
Buncombe, Andrew. Sunil Tripathi: The Other Victim of Bostons

Bombs. The Independent. independent.co.uk, 23 Apr. 2013. Web. 8
Oct. 2013.
Domizio, Frank. Philadelphia, Pennsylvania, Police Department Thoughts on Content, Data Analysis, and Media. IACP Center for
Social Media. N.p., 6 Feb. 2013. Web. 5 Sept. 2013.
Domizio, Frank. Your Tips at Work: 100 Arrested through the Use
of Social Media. PhillyPolice Blog. N.p., 10 Oct. 2012. Web. 8 Oct.
2013.
International Association of Chiefs of Police 2013 Social Media
Survey Results. IACP Center for Social Media. N.p., 2013. Web. 8
Oct. 2013.
Levs, Josh, and Monte Plott. Boy, 8, One of 3 Killed in Bombings
at Boston Marathon; Scored Wounded. CNN U.S. Cable News
Network, 18 Apr. 2013. Web. 8 Oct. 2013.
Social media in the hands of law enforcement is a powerful tool, especially when the public is included in the process. Police departments
can choose to reach out to the public by posting details on agency
profiles in hopes of receiving tips from the public, a method found to
be successful in cases such as the Boston Marathon bombing, the 2011
Vancouver Stanley Cup riot, and the Philadelphia Police Department
case studies. While social media outreach has had great success in the
field of law enforcement, it has also caused issues that affect investigations negatively. Asking for the assistance from the public can lead to
persons sponsoring vigilantism or initiating witch hunts. Vigilantism
and harassment may have caused a suicide in the Boston Marathon
bombing and also impeded the investigation of 2011 Vancouver
Stanley Cup riot. While there have been many small scale examples
of social media outreach, not many studies have looked at the bigger
picture. A more accurate assessment of how law enforcement should
use social media and social medias effect on law enforcement should
be conducted using teams of researchers to send out surveys on a large
scale that ask agencies questions regarding social media outreach.
The current research being conducted is a step in the right direction;
however, more research needs to be conducted before the true impact
of the use of social media techniques by law enforcement can be
understood.
McGovern, Alyce. Crime-fighting, Twitter and the Boston Bombing.

The Crime Report. N.p., 7 May 2013. Web. 8 Oct. 2013.
Riot Investigation - Fact Sheet. The Vancouver Police Department.
City of Vancouver, 20 June 2011. Web. 8 Oct. 2013.
Riot Investigation Update. Riot Investigation Update. City of
Vancouver, 14 June 2013. Web. 8 Oct. 2013.
Schaefer, Mari A. How Sunil Tripathis Family Coped with Tragedy.
Philly.com. N.p., 7 Aug. 2013. Web. 8 Oct. 2013.
Schiender, Christopher J., and Daniel Trottier. The 2011 Vancouver
Riot and the Role of Facebook in Crowd-Sourced Policing. BC
Studies 175 (2012): 57-72.
ERIC SHIFFLETT completed his
undergraduate degree in Criminal Justice at
Stevenson in 2013. He currently is working
at Stevenson University as a Graduate
Assistant for the School of Graduate and
Professional Studies. At the same time, he is
completing his Graduate Degree in Forensic
Studies at Stevenson.
REFERENCES
Beaumont, Peter. Vancouver Rioters Named and Shamed in Internet
Campaign. The Guardian. Guardian News and Media, 30 June 2011.
Web. 8 Oct. 2013.
52
FORENSICS JOURNAL
The War on Terror: Habeas Corpus, Indefinite

Detention, and Evidentiary Matters
James Sevison
INTRODUCTION
World War II
Throughout American history there have been numerous attempts to

encroach upon the right to petition for habeas corpus relief. These
earlier bids to cast aside individual freedoms encountered great
opposition and routinely sparked fierce debate. This same firestorm
of criticism has recently been reignited, as civil libertarians and
human rights organizations have begun to censure current legislation
concerning the practices of habeas corpus suspension and indefinite
detention. However, despite common belief and although highly
unpopular, the suspension of habeas corpus and the practice of indefinite detention remain unequivocally permissible under this nations
current system of laws. Furthermore, the practice of using inaccessible, classified information as a means to sustain an individuals detention is not only permissible but gains its authority from the pre-9/11
Classified Information Procedures Act of 1980. The perception that
these practices are constitutionally proscribed is more public opinion
than comprehension of applicable law (Classified Information Procedures Act). An examination of relevant lawboth past and present
will lay the foundation for current government policy.
Franklin Rooseveltin the aftermath of the attack on Pearl Harborsuspended habeas corpus via Executive Order 9066. This Order
relocated people of Japanese ancestry, involuntarily placing them
in government run internment camps. According to the National
Archives and Records Administration, Nearly 70,000 of the evacuees
were American citizens. The government made no charges against
them, nor could they appeal their incarceration (National Archives
and Records Administration). The Supreme Court decisions handed
down in Hirabayashi v. United States, Yasui v. United States, Ex parte
Endo, and Korematsu v. United States upheld the legality of Executive Order 9066, thus depriving Japanese-Americans (United States
citizens) the right to challenge their detentions.
Global War on Terror (GWOT)
In response to the attacks of 9/11, Congress passed legislation aimed
at bringing to justice those responsible for creating such devastation,
ultimately granting the President extensive authority. George Bush,
in his memoir, aptly attributed his wartime powers as President to
Article II of the Constitution and the Authorization for Use of Military Force (AUMF) issued by Congress following 9/11 (Bush, 154).
On November 13, 2001, President Bush signed a Military Order
titled Detention, Treatment, and Trial of Certain Non-Citizens in
the War Against Terrorism which established military tribunals to try
captured terrorists. According to Bush, this system was based closely
on the one created by FDR in 1942 (Bush, 167). The ensuing suspension of habeas corpus, as witnessed, would be the eventual cost of
doing business in the Bush Administrations post-9/11 world. Unfortunately, for the Administration, a series of complex legal challenges
would expose this policy to keen scrutiny, and it would ultimately
face strong resistance.
Habeas corpus is the legal concept that ultimately allows a prisoner to

challenge the basis of his confinement before the court, subsequently
forcing the government to show just cause. Those who are found to
be unjustifiably detained must be released. Nevertheless, issues have
arisen regarding the continued detainment of suspected terrorists
despite the government producing justification. While the privilege
of the writ of habeas corpus is constitutionally mandated, one must
understand that it can be lawfully invalidated under certain conditions. As stated in Article I, Section 9, Clause 2 of the U.S. Constitution, The privilege of the Writ of Habeas Corpus shall not be
suspended, unless when in Cases of Rebellion or Invasion the public
Safety may require it. This clause, more commonly referred to as
the Suspension Clause, ultimately allows the government to rescind
habeas corpus protection in the face of looming turmoil. As history
has shown, the suspension of habeas corpus has deep roots in American law.
INDEFINITE DETENTION
The Bush Administration cautiously acknowledged that the war
on terror would be drastically different from any war ever fought
(Margulies, 3). In order to effectively fight terrorism there would
be sacrifices both abroad and at home. The Administration cited Ex
parte Milligan, Ex parte Quirin, and Johnson v. Eisentrager to legitimize its legal policy, but this did not pacify the critics. According to
Margulies, in regard to the ongoing war in Afghanistan, The Bush
Administration maintains that people seized in this conflict may be
takenkidnapped if necessaryfrom any location in the world, even
thousands of miles from any battlefield, without the knowledgeof
the host government and without any judicial process (Margulies, 3).
A BRIEF HISTORY OF HABEAS CORPUS SUSPENSION

Civil War
In the opening months of the Civil Warin the aftermath of the
attack on Fort SumterAbraham Lincoln authorized Union officers
to suspend habeas corpus when required by the public safety in and
around parts of Maryland, Pennsylvania, and Washington, DC (Federal Judicial Center, 3). In Ex parte Merryman, Circuit Court Chief
Justice Roger B. Taney ultimately held that the President did not have
the authority to suspend habeas corpus (Sauter and Carafano, 6).
Lincoln sustained his directive despite being indemnified.
Margulies, although somewhat critical, captured the reality of the

Administrations overall strategy and policy concerning suspected
terrorists. This policy would be used in the ensuing war in Iraq, and
53
it would subsequently be used to detain practically any suspected

terrorist nearly anywhere in the world. The purported purpose of this
plan was to more effectively fight terrorism and to ultimately secure
the homeland; however, its constitutional infringement, and legal
aftermath, instead created difficulties for the Administration.
Bay holding facility. In his first year in office, Obama amended the
MCA by signing into law the National Defense Authorization Act for
Fiscal Year 2010. This Act contained revisions to the MCA of 2006
and ultimately became known as the MCA of 2009. This amended
version of the MCA addressed concerns about detainee resources,
but otherwise remained unchanged, thus reinforcing the MCA of
2006. This was not the expected outcome. Also unchanged was the
promise to permanently close Guantanamo Bay. What remained was
an ad hoc court system charged with addressing the rising concerns
regarding potentially unlawful and indefinite detentions. While the
Boumediene decision guaranteed defendants a habeas review, it was
the lower courts responsibility to decide what evidence, if any, was
sufficient to justify continued imprisonment (Boumediene v. Bush).
This caused confusion amongst law professionals, as the burden of
proof was less than uniform.
The Bush Administration elected to try captured enemy combatants

in military courts, but the legal consequencesand ensuing misstepsconflicted with efforts to effectively capture and try suspected
terrorists. Additionally, prison conditions rapidly deteriorated and
allegations of prisoner mistreatment and abuse began to surface. The
Administration attempted to deflect many of these allegations as the
misdeeds of a few rogue soldiers but the courts took notice (Margulies, 229). From the establishment of the Military Order of November 13, 2001 until June 28, 2004, the Bush Administration effectively
detained suspected terrorists without challenge. In some cases, little
to no credible evidence was needed to essentially condemn an individual to a life sentence (Military Order, 2001)
In the years following passage of the MCA of 2009, and in further

opposition to the projected stance of his Administration, President
Obama signed the National Defense Authorization Act of 2012
(National Defense Authorization Act for Fiscal Year 2012). This
new legislation would reignite previous fears as a close examination
revealed baffling findings. The NDAA 2012 essentially reinforced
Bush Administration policy, thus prolonging the practice of indefinite detention. The ACLU abhorred the NDAA 2012, labeling it as
worldwide detention policy (American Civil liberties Union). The
ACLU said this about the NDAA 2012:
In 2004, several U.S. Supreme Court decisions were handed down

regarding the Bush Administrations detention policy and its suspension of habeas corpus. Hamdi v. Rumsfeld and Rasul v. Bush ultimately declared that U.S. citizens labeled as enemy combatants retain
habeas corpus rights, and that the U.S. court system maintain jurisdiction over Guantanamo detainees. The U.S. Supreme Court, in 2006,
ruled in Hamdan v. Rumsfeld that the military tribunals established to
try enemy combatants violated the Uniform Code of Military Justice
and the four Geneva conventions. This appeared to be a setback, but
the Administration responded with legislation of its own.
On December 31, 2011, President Obama signed the National

Defense Authorization Act (NDAA), codifying indefinite
military detention without charge or trial into law for the first
time in American history. The NDAAs dangerous detention
provisions would authorize the president and all future
presidents to order the military to pick up and indefinitely
imprison people captured anywhere in the world, far from any
battlefield. (American Civil Liberties Union)
In the wake of Hamdan and in an attempt to circumvent the Courts

decision, Congress passed the Military Commissions Act of 2006
(MCA). The MCA essentially gave congressional approval to try
enemy combatants via military tribunals and to deny them habeas
corpus rights. This marked the first time since WWII that habeas
corpus had been formally suspended (Military Commissions Act).
Despite initial success, the victory was short lived as the Supreme
Court handed down a landmark decision in the 2008 case of Boumediene v. Bush. In Boumediene, the Court affirmed that Guantanamo
prisoners have the right to challenge their detention, and the suspension of this right under the MCA of 2006 was unconstitutional;
therefore, if the government wanted to indefinitely detain suspected
terrorists they would only be able to do so after showing just cause
(Boumediene v. Bush). This shifted the burden of proof onto the
government, forcing them to appear before the Court with sufficient
evidence justifying the detention of every petitioner. Instead of
focusing all of its resources on the GWOT, the government was put
in the position of defending its policy. With the election of President
Barack Obama, civil liberties authorities expected a policy change.
The controversy referenced just two sections in the lengthy document:

sub-sections 1021 and 1022. These sub-sections (found under Title
X, Subtitle D) dealt specifically with counterterrorism (National
Defense Authorization Act fir Fiscal Year 2012). Section 1021
granted the President the broad authority to arrest and indefinitely
detain covered persons, while Section 1022 authorized trial by
military tribunal (National Defense Authorization Act for Fiscal Year
2012). This authority extended to individuals arrested on American soil, and was recognized as pertaining to citizens as well. The
term covered persons was vague and open to misinterpretation, but it
remained nonetheless. Section 1021 of the NDAA 2012 describes
covered persons as the following:
A covered person under this section is any person as follows:
(1) A person who planned, authorized, committed, or aided
the terrorist attacks that occurred on September 11, 2001, or
Upon taking office, President Obama vowed to review the practice

of indefinite detention and pledged to shut down the Guantanamo
54
FORENSICS JOURNAL
harbored those responsible for those attacks. (2) A person who

was a part of or substantially supported al-Qaeda, the Taliban,
or associated forces that are engaged in hostilities against the
United States or its coalition partners, including any person
who has committed a belligerent act or has directly supported
such hostilities in aid of such enemy forces.
the preponderance standardbecause preponderance of evidence

is typically the standard presumptively applied in habeas contexts
(Waxman, 248). This would essentially become the post-Boumediene
requirement for habeas reviews.
As noted earlier, the courts opinions regarding indefinite detention
have not been uniform. Although the U.S. Supreme Court justices
agreed upon a standard of proof in the case of Al-Bihani, they left
the weight of the evidentiary material presented to be decided by
the lower courts (Vladeck, 1453). This freedom of interpretation
has resulted in rulings on both sides of the preponderance line
(Waxman 249). For example, in the similar cases of Al Mutairi
v. United States and Boumediene, the presiding judges came to
conflicting conclusions. In Al Mutairi, Judge Colleen Kollar-Kotelly
declared that the government failed to provide sufficient evidence
justifying the defendants continued detention (Al Mutairi v. United
States). Judge Kollar-Kotelly offered that simply linking the defendant
to al-Qaeda through his actions was not, in itself, enough to meet
the preponderance standard. In Boumediene, a consolidated case,
Judge Richard Leon ordered five of the six defendants to be released;
however, the detention of the sixth defendant was upheld citing
evidence (behaviors) linking him to al-Qaeda (Boumediene v. Bush).
The ambiguity of this language was the reasoning behind Hedges v.

Obama, an ongoing case. This case, filed by a team of former reporters, is seeking to receive clarification on several aspects of the NDAA
2012. For example, are reporters interviewing and chronicling the
doings of Taliban and al-Qaeda fighters effectively aiding and supporting their efforts? As of this writing an injunction is pending.
Subtitle D, drawing on the AUMF, also authorized the indefinite
detention of covered persons under the law of war without trial until
the end of the hostilities authorized by the Authorization for Use of
Military Force (National Defense Authorization Act for Fiscal Year
2012). It was further argued by the ACLU that the breadth of the
NDAAs worldwide detention authority violates the Constitution
and international law because it is not limited to people captured in
an actual armed conflict, as required by the laws of war (American
Civil Liberties Union). The detention policy of the Obama Administration failed to address the concerns of civil libertarians, and despite
aggressive opposition carried the same policy into the ensuing year.
Both cases offered evidence linking the defendants to the al-Qaeda

terror organization, yet contrasting conclusions were reached: In Al
Mutairi the defendant was released, but in Boumediene the defendant was detained. Waxman offered that the courts descriptions
highlight how easily different judges viewing the same evidence could
reach different conclusions, either because they weigh certain pieces
of evidence differently, or because they view the standard differently
(Waxman, 249). Despite this imbalance, the preponderance standard
has been adopted by both military and federal courts alike; however,
the amount of classified evidence introduced in habeas hearings and
criminal proceedings has provoked an added debate on both sides. It
is a complex issue that must be discussed.
On January 2, 2012, President Obama signed into law the National

Defense Authorization Act for Fiscal Year 2013 (National Defense
Authorization Act for Fiscal Year 2013). The NDAA 2013 continued
to authorize the practices of indefinite detention and trial by military
tribunal. An amendment seeking to eliminate the controversy caused
by the NDAA 2012 was deleted from the final version of the bill.
The Feinstein-Lee Amendment would have excluded American citizens from the above stated practices by affording them habeas corpus
rights and due process of law; however, the House of Representatives removed it without explanation prior to finalizing the bill. The
NDAA 2013, in support of the AUMF, is the current standard for the
Obama Administrations handling of suspected terrorists.
CLASSIFIED EVIDENCE
Since the wars inceptionand after several key decisionsthe
amount of evidence required to indefinitely detain a suspected terrorist has unquestionably changed. The courts have, over time, created
a more uniform standard in dealing with suspected terrorists, but
debate continues. The governments stance on classified evidence has
created what can be considered an unfair advantage which favors the
government. For example, while petitioners are now afforded habeas
corpus protection, they may find themselves unable to refute governmental claims as incriminatory evidence may be deemed classified;
this renders it inaccessible by the defense. The underlying concept
suggests that evidence detrimental to government interests and
national security be excluded.
STANDARDS OF PROOF
In the early years of the GWOT, the standard of proof required to
detain suspected terrorists was vague and open to interpretation; only
some evidence was required to lawfully detain suspected terrorists. The
various levels of the American court system created their own requirements for what was deemed, in the eyes of the individual judge, to
be sufficient. Over time this changed to a more universally accepted
system of finding. Referencing Al-Bihani v. Obama, Stephen Vladeck
stated, the court (as it did with respect to the governments detention
authority)agreed with the government that preponderance of the
evidence is the appropriate burden of proof (Vladeck, 1466). Matthew Waxman suggests that the courts probably gravitated toward
55
In 1980 Congress passed the Classified Information Procedures Act

(CIPA) in an effort to address mounting concerns related to the
introduction of classified material in criminal proceedings. According
to Melanie Reid, CIPA was not intended to alter the Federal Rules
of Evidence, but was rather intended to provide a procedural framework (Reid, 274). CIPA is not a foolproof remedy. Just as judges are
granted discretion in determining the value and weight of evidence
in habeas hearings, they are also the ultimate authority in determining what classified material is inherently relevant to the issue at hand.
Stephen Schulhofer asserts that CIPA requires the judge to make
difficult determinations about precisely what information should be
disclosed to the defense and what information should be withheld
(Schulhofer, 65). This wide scope of authority creates tension between
the government and the defendant(s), as governmental interests and
individual rights to a fair trial may be in conflict. The presiding judge
has the final say in what is admissible and what is inadmissible.
While CIPA was not drafted with the GWOT in mind, it is the current accepted framework being utilized to address issues arising from a
non-traditional war environment. There is no readily available remedy
to appease the critics; however, some solutions have been proposed,
such as a National Security Bar (Litt and Bennett, 13). As proposed
by Litt and Bennett, Congress should establish a National Security
Bar, consisting of lawyers with the highest level of security clearance.
These lawyers would agree to be available for appointment to represent defendants in terrorism-related cases (Litt and Bennett, 13). The
courts will continue to review the procedures outlined in CIPA in
order to make them more applicable to the current, ongoing war.
GATHERING EVIDENCE
Gathering sufficient evidence during an active military operation is
a difficult task at best. Professionals have developed an across-theboard standard; however, new approaches are being examined. While
a range of theories are available for consideration, they all seek to
address the same fundamental issue: how can one effectively collect
and maintain evidence on an active battlefield? It is undoubtedly difficult, at times, for qualified law enforcement professionals to observe
and gather evidence within a secure, domestic crime scene. Envision
now a young soldier: no law enforcement experience, in the mountains of a foreign country, attempting to gather evidence in the heat of
combat. Some may offer that it is virtually impossible. Furthermore,
one must consider that evidence may be inaccessible or destroyed on
the battlefield.
Reid says, many of CIPAs provisions have provided a skeletal infrastructure but relatively little substantive guidance to courts, leaving
judges to set forth differing standards on classified informations use,
relevance, and admissibility at trial (Reid, 278). CIPA allows the
government, upon approval, to withhold or redact classified evidentiary material. As illustrated by Robert Litt and Wells Bennett,
critical evidence against a defendant may derive from the interception of communications, yet the government may not wish to reveal
that it has the capability to intercept those communications (Litt and
Bennett, 6). This poses a significant challenge for defendants, as their
lone source of exoneration may rely upon information that has been
deemed inadmissible due to security concerns. While the process may
be controversial, it does follow appropriate procedure. For example, if
the government does not wish to disclose specific information during proceedings, they must abide by the rules set forth in Section 4
of CIPA (Reid, 280). According to Reid, Section 4 applies when a
defendant is unaware of the classified information, and the prosecutor
does not want to disclose such information during discovery (Reid,
280). Reid further states Section 4 authorizes the government to
file a written motion requesting either a protective order prohibiting
disclosure of the classified information or the granting of a partial
redaction/substitution/summary of the classified materials at issue
(Reid, 280).
The difficulties are obvious and a definitive solution is an arguable

topic of discussion; nevertheless, ideas have been proposed. For
example, it has been suggested that military units keep an embedded
forensics expert among their ranks for this very purpose. The belief is
that these experts will recognize what evidence needs to be collected
and how to go about collecting it efficiently and quickly. This could
minimize the exclusion of tainted evidence. Another suggestion
offers that the federal courts grant some leniency in recognizing these
hardships. Litt and Bennett believe that federal evidentiary rules
are too strict, thus making the prosecution of terrorists too difficult
(Litt and Bennett, 9). For instance, they offer that hearsay evidence
be permissible and the absence of Miranda warnings be forgiven (Litt
and Bennett, 9-10). As with the concept of classified evidence, there
is currently no definitive cure-all. Evidence collection in such poor
environments will continue to be a challenging feat.
CIPA may be regarded as controversial; however, national security

remains a critical underlying factor. Reid states that The United
States government maintains certain sources and methods at a classified level and withholds information from the public at large in order
to protect its security. What seems to concern most people is that
this entails a great deal of trust on our part that our government is
not abusing this right (Reid, 300). As seen with past habeas corpus
suspensions, the act of denying a defendant full access to the evidence
held against them will continue to be subject to criticism.
CONCLUSION
The governments decision to deny enemy combatants the right to
petition for a writ of habeas corpus, and to detain them indefinitely,
has been a source of great controversy and debate. The GWOT
remains a war like no other. The series of decisions made in the
immediate aftermath of the attacks of 9/11 were done so hastily
56
FORENSICS JOURNAL
and without due regard for civil liberties. The idea of indefinitely
detaining someone with no legal resources and no immediate end in
sight remains controversial. Nevertheless, this power was ultimately
granted to the President via Article II of the U.S. Constitution, and
the AUMF of 2001.
hensive study of relevant law confirms the legality of its actions. The
current system in place is not flawless, but an unconventional war
calls for unconventional methods. While they may not be widely
accepted, present governmental actions are permissible under this
nations current system of laws.
As history demonstrates, and this article discusses, past presidents

have enacted questionable policies, particularly during times of
war. Although these policies are debatable, they are not necessarily
unlawful. In support of the AUMF, the MCAs of 2006 and 2009,
and the NDAAs of 2012 and 2013, have codified the Presidents
ability to carry out these actions officially and lawfully. For obvious
reasons, the Founding Fathers maintained that no single branch of
government be granted excessive power. Still, in a system of checksand-balances, all three branches of government have found reason to
believe that these practices are legitimate and necessary. For instance,
the Supreme Court concluded in Hamdi that the President does in
fact have the authority to indefinitely detain individuals, and Congress penned the MCAs and NDAAs that now bear the Presidents
signature of approval.
REFERENCES
Al Bihani v. Obama. 590 F.3d 866. District Court of the United
States. 2009. Legal Information Institute. N.p., n.d. Web. 29 Jan. 2013.
Al Mutairi v. United States. Civil. Action No. 02-828 (CKK). District
Court of the United States. 2009. Legal Information Institute. N.p.,
n.d. Web. 7 Feb. 2013.
American Civil Liberties Union. Indefinite Detention, Endless Worldwide War and the 2012 National Defense Authorization Act. New York:
American Civil Liberties Union, 22 Feb. 2012. Web. 27 Jan. 2013.
Authorization for Use of Military Force Against Terrorists. Pub. L.
107-40. 115 Stat. 224. 18 Sep. 2001. Web. 26 Jan. 2013.
Standards of proof have remained the same as a result of the Boumediene and Al-Bihani rulings; however, the level of evidence required
to satisfy the preponderance requirement still rests solely with the
presiding judge. This ultimately creates a system of imbalance. As
was illustrated, the same evidence can authorize the continued detention of a suspected terrorist, or conversely direct their release. These
inconsistencies in court opinion must be minimized, and current
criterion must be reviewed in order to preclude the potential for an
unfair trial. The Supreme Court should offer unequivocal guidance in
lieu of the broad discretion currently practiced. Contradictory court
opinions (e.g., Al Mutairi and Boumediene) only create skepticism
and confusion.
Boumediene v. Bush. 553 U.S. 723. Supreme Court of the United

States. 2008. Legal Information Institute. N.p., n.d. Web. 25 Jan.
2013.
Bush, George. Decision Points. New York: Crown Publishers, 2010.
Print.
Classified Information Procedures Act. Pub.L. 96-456. 94 Stat. 2025.
15 Oct. 1980. Print.
Ex parte Endo. 323 U.S. 214. Supreme Court of the US. 1944. Legal
Information Institute. N.p., n.d. Web. 25 Jan. 2013.
Evidentiary omissions and redactions, chiefly the exclusion of classified evidence in a criminal trial, are an issue that should be addressed
as well. CIPA provides an operational framework, but this framework
was never intended to combat terrorism at its current level. Several
ideas have been proposed, and some are plausible. The suggestion of
a national review panel of lawyers and judges seems reasonable, but a
definitive decision must be made. Evidence gathering techniques also
are a work in progress. The concept of an embedded forensic expert
seems to be the most practical method of combating evidentiary
concerns. Evidence is the backbone of the prosecution, and proper
collection techniques, along with a clear and indisputable chain-ofcustody, are indispensable.
Ex parte Merryman. 17 F. Cas. 144. Circuit Court of the United

States. 1861. Legal Information Institute. N.p., n.d. Web. 25 Jan.
2013.
Overall, American citizens traditionally react negatively to what they

perceive as an injustice; however, what is perceived as unjust does not
equal unlawful. The belief that the government is currently acting
outside constitutional law limits is a matter of opinion, as compre-
Hamdi v. Rumsfeld. 542 U.S. 507. Supreme Court of the US. 2004.
Legal Information Institute. N.p., n.d. Web. 25 Jan. 2013.
Ex parte Milligan. 71 U.S. 2. Supreme Court of the US. 1866. Legal

Ex parte Quirin. 317 U.S. 1. Supreme Court of the US. 1942. Legal
Hamdan v. Rumsfeld. 548 U.S. 557. Supreme Court of the US.
2006. Legal Information Institute. N.p., n.d. Web. 25 Jan. 2013.
Hedges v. Obama. No. 12 Civ. 331. District Court of the United

States. 2012. Legal Information Institute. N.p., n.d. Web. 7 Feb. 2013.
57
Hirabayashi v. United States. 320 U.S. 81. Supreme Court of the US.
Vladeck, Stephen. The D.C. Circuit After Boumediene. Seton Hall

Law Review 41.4 (2011): 1451-90. Web. 29 Jan. 2013.
Johnson v. Eisentrager. 339 U.S. 763. Supreme Court of the US.

Waxman, Matthew. Guantanamo, Habeas Corpus, and Standards

of Proof: Viewing the Law through Multiple Lenses. Case Western
Reserve Journal of International Law 42.245 (2009): 245-66. Web. 9
Feb. 2013.
Korematsu v. United States. 323 U.S. 283. Supreme Court of the

United States. 1944. Legal Information Institute. N.p., n.d. Web. 25
Jan. 2013.
Yasui v. United States. 320 U.S. 115. Supreme Court of the US.1943.
Legal Information Institute. N.p., n.d. Web. 25 Jan. 2013.
Litt, Robert, and Bennett, Wells. Better Rules for Terrorism Trials.
Counterterrorism and American Statutory Law 8 May 2009: 1-29.
Print.
JAMES SEVISON is a twelve year veteran of

the United States Secret Service and a sixteen
year veteran of the federal government. He
holds a Bachelor of Science in Criminal
Justice from the University of Maryland
University College. Currently, James is
enrolled in the Graduate and Professional
Studies program at Stevenson University,
where he is pursuing a Master of Science in
Forensic Studies. Presently, James serves as a
nationally accredited instructor at the United
States Secret Service training academy.
Margulies, Joseph. Guantanamo and the Abuse of Presidential Power.

New York: Simon & Schuster, 2006. Print.
Military Commissions Act of 2006. Pub. L. 109-366. 120 Stat. 2600.
17 Oct. 2006. Print.
Military Order of November 13, 2001, Detention, Treatment, and
Trial of Certain Non-Citizen in the War Against Terrorism. 66 Fed.
Reg. 57,833. 16 Nov. 2001. Print.
National Archives and Records Administration. Executive order 9066:
Resulting in the Relocation of Japanese. Washington: GPO, 1989. Web.
27 Jan. 2013.
National Defense Authorization Act for Fiscal Year 2010. Pub. L.
111-84. 123 Stat. 2190. 28 Oct. 2009. Print.
112-81. 125 Stat. 1298. 31 Dec. 2011. Print.
112-479. 74 Stat. 128. 2 Jan. 2013. Print.
Rasul v. Bush. 542 U.S. 466. Supreme Court of the US. 2004. Legal
Reid, Melanie. Secrets behind Secrets: Disclosure of Classified
Information before and During Trial and Why CIPA Should be
Revamped. Seton Hall Legislative Journal 35.2 (2012): 271-301.
Web. 9 Feb. 2013.
Sauter, Mark, and Carafano, James. Homeland Security: A Complete
Guide to Understanding, Preventing, and Surviving Terrorism. New
York: McGraw-Hill, 2010. Print.
Schulhofer, Stephen. Prosecuting Suspected Terrorists: The Role of
the Civilian Courts. The Journal of the ACS Issue Groups 2.2 (2008):
63-71. Web. 9 Feb. 2013.
U.S. Constitution, Art. I, 9, cl. 2.
58
FORENSICS JOURNAL
Will the Future of Digital Forensics and Law

Enforcement Investigation Strategies need to
Adapt to Malicious Hardware Devices?
Westcott Hyde
ing community, the DIY hobbyist electronics community has grown
exponentially. This growth is due to low cost and easy consumer
accessibility to programmable microcontrollers. The electronics DIY
industry expansion was recently featured by the financial publication - Entrepreneur Magazine. One of the more popular online
DIY embedded system retailers, Adafruit Industries, founded by
Limor Fried, was featured as 2012s entrepreneur of the year (Wang).
Last year New York City-based Adafruit did a booming $10 million
trade in sales of DIY open-source electronic hardware kits, so-called
because project designs are free and publicly accessible, and customers are encouraged to modify or hack the final product (Wang).
Retailers such as RadioShack recognize the market potential of these
devices and have expanded their inventories to cater to the electronic
DIY hobbyist community. An unanticipated growth occurred within
criminal enterprises which capitalized on quick and easy access to
these powerful microcontroller devices. The Arduino and Raspberry
Pi open source microcontroller devices have dominated this niche
market but they are not the only (nor the most powerful) feature-rich
devices commercially available. The Arduino in particular, is highly
successful because of its open source support, diverse capabilities, generous learning curve, cheap entry fee, and massive online attention.
INTRODUCTION
As digital computing technology continues to rapidly evolve and
become more affordable and accessible to the public, law enforcement and digital forensic investigators will be increasingly challenged
to identify and respond to electronic devices leveraged for criminal
activities. An emerging technology that will test digital forensic skills
and resources involves adaption of embedded microcontroller systems
for criminal use. Embedded microcontrollers enhance functionality
of refrigerators, microwaves and automobile control systems but have
recently emerged as deployable criminal tools. Once the exclusive
domain of electrical engineers, embedded microcontrollers have been
adapted and adopted by hackers and criminals at a disturbing rate.
Malicious hardware previously described technological devices
designed to perform targeted covert missions. Today the definition
includes small embedded microcontroller systems that can be rapidly
prototyped, quickly programmed and discretely deployed in order to
execute a spectrum of nefarious targeted missions. In a counter intuitive sense, the complexity and availability of these devices has become
inversely proportional to their sophistication and criminal capability.
Digital forensic investigations deal almost exclusively with conventional computing devices such as cell phones, laptops, tablets and
personal computers. While extracting evidence from these digital
systems can certainly be challenging for the forensic investigator, data
storage mediums and evidence extraction techniques for these devices
are generally well understood. With embedded malicious hardware,
classic digital forensic methodology is inadequate.
THE EVOLUTION OF MALICIOUS HARDWARE

Only within the last five years have law enforcement agencies discovered miniature circuit based devices performing high tech criminal
tasks. In Northern England, 2008, European law-enforcement
officials uncovered a highly sophisticated credit-card fraud ring that
funnels account data to Pakistan from hundreds of grocery-store card
machines (Gorman). Uncovered in this sophisticated operation was
a professionally designed piece of malicious embedded hardware that
mated perfectly with the internal circuitry and was small enough to
fit inside the plastic swipe patron checkout terminal without any
case modification. The malicious circuitry was designed to record
information from the magnetic stripe on the back of credit cards,
store the information and transmit the siphoned credit card records
to a criminal faction allegedly operating in Pakistan (Gorman). This
international case of malicious embedded hardware was an omen in
the then nascent world of criminalized malicious technology.
WHAT IS MALICIOUS HARDWARE?

Malicious hardware consists of some form of complex integrated
circuit based system where either the embedded microprocessor or
the actual device circuitry is constructed to execute instructions or
perform functions in an unexpected and nefarious way. Leveraged for
their autonomous functionality, low power consumption, compact
circuit density and powerful digital processing, hardware systems can
be transformed into dangerous and potent criminal devices. Embedded systems (sometimes referred to as programmable microcontrollers) are an amalgamation of conventional computer technology
and dedicated functionality; a footprint that defies common sense.
These devices rely on minimal constituent resources: power, memory
and external user interfaces such as the common keyboard or mouse.
The result is a compact device with negligible reliance on external
control or interaction from a human user, which is an ideal conduit
for a criminal requiring a low or virtually non-existent profile while
committing a crime.
Devices like those discovered in Northern England (and other parts

of Europe) are also present in the United States. Malicious hardware
was discovered in gas pumps in Alachua County, Florida. In 2005,
Lt. Stephen Maynard explained, Our device is not the traditional
skimmer but rather a Bluetooth enabled equivalent of a thumb drive
programmed to capture the data as it was transmitted from point A
to point B inside the gas pump itself (Krebs). Gas pumps, checkout
counter swipe terminals and ATM machines are popular credit card
siphoning targets but often employ differing embedded system technology and strategies. The successful exfiltration of credit card information from these malicious hardware devices is on the rise. In 2012,
Today embedded programmable microcontrollers can be purchased at

a local RadioShack and programmed with free downloadable software
within minutes of acquisition. Spurred on by the computer hack-
59
Sparkfun Electronics was subpoenaed for their customer database

because a similar malicious embedded device was discovered in a gas
pump in Coweta County, Georgia (Seidle). As embedded technology becomes easier to understand and programming code becomes
more pervasive on the Internet, the more germane the technology will
become to motivated criminals. The boundaries of criminal potential
and utility are not only continually being expanded but also being
streamlined in the process. This was discussed in July, 2012 at the
Black Hat Conference in Las Vegas, Nevada when Cody Brocious, a
security researcher for Mozilla Software Corporation, demonstrated
that with less than $50 of off-the-shelf hardware and a little bit of
programming, it is possible for a hacker to gain instant, untraceable
access to millions of key card-protected hotel rooms (Anthony). The
device configuration could be accomplished in less than 15 minutes
while all the programming software is freely available on the Internet.
This demonstration transferred embedded malicious hardware from
the realm of tech savvy hackers to the everyday activities of criminals.
device to execute directed missions such as confidential communication interception. The introduction of malicious hardware into systems
running critical national infrastructure presents a clear and present
danger. Large scale manipulation of hardware was articulated by the
Defense Science Board Task Force 2005 report on High Performance
Microchip Supply. The report noted, Because of the U.S. dependence
on advanced technologies whose provenance is progressively more
offshore, opportunities for an adversary to clandestinely manipulate
technology used in U.S. critical microelectronics applications are
enormous and increasing (Department of Defense 14). The Defense
Science Board has noted that this type of malicious hardware can be
placed in any domain that inherently relies on circuit based technology. However, the most common large scale malicious hardware operation that law enforcement is likely to encounter would be some form
of covert communication interception and/or corporate espionage.
The 2005 Defense Science Board report was referenced by an October, 2012 report released by U.S. Government House Intelligence
Committee. The 2012 report announced that there could be substantial security risks if domestic companies purchase communications
equipment from Chinese companies such as Huawie or ZTE (House
of Representatives, Permanent). In the report, Chairman Mike
Rogers (R-MI) stated, Any bug, beacon, or backdoor put into our
critical systems could allow for a catastrophic and devastating domino
effect of failures throughout our networks (House of Representatives,
Permanent). These interlocutor devices include communication infrastructure components such as routers, switches and other evolving
man-in-the-middle communications technology that could allow for a
variety of espionage acts.
SCOPE OF MALICIOUS HARDWARE

Malicious embedded technology resides in a large illicit domain. The
criminal potential ranges from misdemeanor crimes (e.g. breaking and
entering - as in the hotel door locks) to national infrastructure failures
(e.g. gas pipelines, water treatment and power facilities). This massive scope complicates law enforcement countermeasures. One logical
response is to create a basic taxonomy of malicious device attacks.
A hierarchical measure of malicious technology is now necessary for
both forensic investigators and digital forensic researchers to facilitate
these complex investigations. However, current research revealed the
lack of a viable malicious hardware classification strategy. The lack of
any classification strategy may be attributed to the variety of available
microcontrollers and endless potential device circuit manifestations.
Further impediments to identifying an organized taxonomy are complicated by the disparity in technological acumen required to turn a
microcontroller into a malicious device and the availability of malicious related programming through mediums such as the Internet.
The suggestion that a taxonomy of malicious hardware be created is,
in itself, a clarion call to any digital forensic unit.
The utility of malicious embedded systems is only bounded by a

criminals imagination. Small scale operations can leverage microcontroller technology to supplant wireless utility meter readings thus in
effect modifying utility company billing. A microcontrollers inherent small size and power make them uniquely attractive for placing
remote sensing devices in a variety of discrete locations. There are
two fundamental inherent qualities of embedded malicious hardware
that are cause for law enforcement concern. First, todays embedded
microcontroller reduced form means that they can be integrated with
commercially developed devices and covertly placed inside the manufacturers original casing. Second, light weight and reduced power
consumption equates to longer lasting operation when powered by
Lithium Polymer battery technology thereby enhancing their autonomous and prolonged functionality.
While this paper asserts the ease of use and accessibility of microcontrollers such as the Arduino will facilitate criminal potential, there
exist even more advanced and sophisticated microcontrollers such as
the ARM (found in many modern cell phones). These are more powerful however require a higher degree of microcontroller architecture
understanding and programming. With the ubiquity and simplification of these devices, the domain of the criminal threat landscape is
destined to expand. As a result, many law enforcement agencies will
contend with devices as compact as a small cellphone but capable of
performing any number of sophisticated criminal operations.
Drone technology is not a domain restricted only to military, industry

or tech savvy engineers. Airborne remote control toys can be purchased for less than one hundred dollars from various toy retailers and
easily converted to relay video imaging or wireless communications
for only a modest additional investment. For the criminal, the return
on this modest investment can range from focused espionage pay offs
Large scale clandestine operations can leverage an innocuous appearing
60
FORENSICS JOURNAL
to acquisition of private information to invasion of privacy. In previous decades, a remote control toy was simply that, but today there
is an increasing likelihood that the device is actually on a targeted
mission.
but information gathering and digitized evidence collection from

these devices remains complex.
IMPACT ON LAW ENFORCEMENT INVESTIGATIONS
Conventional digital forensic investigations focus on where to find

incriminating evidence within the file or memory structure of a
conventional computing device. The lack of internal access to an
embedded data storage system memory represents one of the most
challenging aspects of malicious embedded hardware forensic analysis.
With data, programming and mission objectives buried deep within
the chips parceled circuitry, there is no easy way to interface with
or extract evidence. To contend with this fundamental issue, digital
forensic units will need to expand their hardware reverse engineering
skills and embedded system understanding. For specific investigations
and circumstances, the device itself without forensic dissection, might
constitute sufficient corroborating evidence for a prosecutor. However, without legal precedent this postulation could be a legal gamble.
CHALLENGES FOR DIGITAL FORENSIC INVESTIGATORS
Malicious hardware devices have a unique potential for harboring or

creating backdoor technology. Hardware facilitated backdoors allow
unauthorized access into a target system in order to command said
target system to perform specific unauthorized tasks. This is problematic if the malicious hardware is embedded in the design of a commercial product. This subject was comprehensively covered in a 2010
IEEE report, A Survey of Hardware Trojan Taxonomy and Detection
(Tehranipoor and Koushanfar 1). The report articulates how hardware Trojans are likely to be a specific integrated component of the
overall system circuitry and architecture. Malicious hardware Trojans
are extremely difficult to detect and represent a unique challenge for
digital forensic investigators.
Forensic investigation practices must be rigorous and performed using

well established protocol based strategies that withstand courtroom
scrutiny. Digital forensic practitioners are trained to follow standardized procedures accepted by the court to be defensible. These
procedures are largely based on extracting data or evidence without
manipulating or disturbing the original data/evidence. This can be
accomplished by creating cloned copies (forensic images) of disk
drives and dumping resident memory using legally established procedures and certified digital forensic technology. With an embedded
malicious hardware system this poses a difficult challenge for the
forensic team as there exists little legal precedent to support reverse
engineering or data extraction strategies on these systems. Reverse
engineering analysis of malicious hardware can be destructive, or at
the very least - manipulative. This strategy will fail most legal cross
examinations and tampering of evidence tests.
This level of malicious hardware detection and forensic dissection

will require substantial resources and technicians skilled in reverse
engineering electronic circuitry, which is currently outside the realm
of conventional digital forensic lab capabilities. Forensic units should
develop a system of resources that can be accessed in the event a
device like this is encountered. Malicious embedded hardware constitutes unfamiliar territory for a majority of law enforcement agencies and digital forensic units. The number of differing devices and
their infinite configurations can even confound individuals trained in
electrical and computer engineering.
Contemporary digital forensic kit suppliers focus on data extraction
from cell phones, computers, or tablets because this type of consumer
technology is pervasive in society and therefore more likely to be
utilized by common criminals. Often digital evidence can be extracted
from these devices despite the efforts by a device owners proactive
attempts to circumvent digital forensics. A host of evidence can be
obtained from these conventional computing devices which corroborate both device ownership and deliberate usage that will satisfy the
requirements of digital nonrepudiation (that the data discovered on
the device is the result of the owner or primary user of the device). As
digital microprocessor technology becomes more advanced, compact,
power efficient, affordable, and embedded, malicious hardware architects will be more difficult to trace.
For the digital forensic team there must be a standardized and legally
sustainable approach to examining a microcontroller. One possible
method is debugging. If a debugging option is available on the malicious device and it is enabled, (or the option has not been locked
out), a forensic investigator has non-destructible access to valuable
features, i.e. internal memory structures and input/output decoding.
Debugging permits an embedded system developer to validate various functioning aspects of the system design during prototyping. It
is normally a non-destructive technique that gives a unique view into
the processor and can possibly reveal a disassembly of the code running on the device. This can be important and useful for a variety of
forensic related reasons such as unique code based signatures, undisclosed or undiscovered device functionality and functionality specific
to criminal development and deployment.
A unique quality of embedded systems is the proprietary nature of

its functionality. An investigator cannot simply plug it into a forensic computer via USB or other serial interface and quickly generate
a canned report establishing the presence or absence of digitized
evidence. The programming is also unique and proprietary to each
embedded device. It is easy to program and pass data to these devices
61
The embedded system undergoing analysis in the forensic lab must

support debugging. While this is typically the case for a majority of
microcontrollers it might not be the case for specific commercially
available microcontrollers. However, despite a microcontrollers
support for debugging, it can and often will be, programmatically
disabled with lock bits and/or fuse bits. Normally, these bit specific
directives function to protect and conceal the internal programming,
which is the intellectual property (IP) of the commercial manufacturer. These lock bits can also disable external access to data and flash
memory resident on the chip further limiting forensic analysis.
any electrical device to a (often wireless) network like environment.

As devices like refrigerators, home security systems, automobiles,
door locks, lighting systems and surveillance systems become more
interconnected the potential increases that a criminal will attempt
electronic manipulation or electronic molestation through malicious
hardware projects. If these devices (e.g. home security system, door
locks) have anything of value behind their functionality, then there
must be an automatic assumption that it is a legitimate target for the
malicious hardware capable criminal.
The Internet of things is prevalent in the medical field. This makes
homicide now plausible by way of leveraging the growing interconnectedness of embedded hardware enabled devices. For instance,
implantable cardiac defibrillators (ICDs) and insulin pumps can
now be controlled remotely and wirelessly. Newer devices recently
approved by the FDA operate with wireless transceivers from a range
of up to 400MHz, or roughly 400 meters (Kirk). In a disturbing
malicious hardware example, security researcher Barnaby Jack from
the security firm IOActive has successfully demonstrated how to take
over these specific devices and turn them into murder weapons. Jack
stated that not only is it possible to assassinate a target victim, it is
possible to upload specially-crafted firmware to a companys servers
that would infect multiple pacemakers and ICDs, spreading through
their systems like a real virus (Kirk). This presents an entirely different challenge for law enforcement and digital forensic investigators.
Due to the number of microcontroller variants on the market, a

consequence is that each variant requires a unique debugging interface
and debugging methodology. Debugging is only industry standardized to a certain extent and requires a different level of understanding, expertise and interaction as compared to conventional computer
based forensics. This means a digital forensic unit should be well
versed in the more common microcontroller variants that are likely
to be used by criminals. Without access to the internal memory or
data storage medium within malicious embedded hardware, other
less conventional forensic strategies and methodologies must undergo
systematic and departmental legal scrutiny. Many devices will have
to be externally stimulated in order to produce an observable output
that can be readily interpreted. Improper external stimulation, however, can potentially cause unseen harm to the internal circuitry of
the device. This approach will fail under courtroom scrutiny since the
evidence may be considered tampered with and device functionality
is no longer reproducible if the device is damaged.
There are two important prerequisites to effectively investigate and

prosecute crimes involving malicious hardware. First, law enforcement
and investigators must be aware of the expanding use of malicious
hardware in order to quickly recognize its potential use in criminal
acts. Investigators must recognize that an innocuous (or confusing)
looking electronic device might be a key piece of evidence related to a
particular type of remote crime. Knowing where to look for these key
pieces of evidence is essential to solving complex crimes that incorporate technology. Second, a plan to forensically analyze malicious
hardware is essential for all forensic labs. New forensic methodologies
must withstand courtroom scrutiny, build on existing legal precedent
while exploring new interpretations and reflect consultation with
subject matter experts in the technology, forensics, and legal fields.
WHY INVESTIGATORS AND LAW ENFORCEMENT NEED TO

BE CONCERNED
The ability to remotely commit a physical crime is a quality belonging
almost exclusively to the domain of malicious hardware. Criminals
will become increasingly clever in exploiting embedded systems for
criminal acts. A critically important characteristic of malicious hardware allows a device to perform what a human could or would not.
Timing of instructions and actions can be extremely precise allowing
a device to execute criminal activities in a more reliable and consistent
manner than a human could. Additionally, in an embedded system
(or any computing system) the element of psychology is completely
removed allowing the hardware device to execute unethical actions
without emotional concerns or accidental abortion. Divorcing the
physical and emotional element from a criminal act is another unique
and enticing attribute of malicious embedded systems.
REFERENCES
Anthony, Sebastian. Black Hat Hacker Gains Access to 4 Million
Hotel Rooms with Arduino Microcontroller. Extreme Tech. Ziff
Davis, 25 July 2012. Web. 18 Jan. 2013. <http://www.extremetech.
com/computing/133448-black-hat-hacker-gains-access-to-4-million-hotel-rooms-with-arduino-microcontroller>.
While malicious hardware related crime will not rival the scope of
conventional criminal acts, it is inevitable that malicious hardware
related crime will expand and become pervasive in society. A major
reason for this is the increasing computerization of the social environment. The phrase the Internet of things relates to the connection of
Department of Defense. High Performance Microchip Supply. By

Defense Science Board Task Force. ACQWeb. N.p., 2005. Web. 26
Feb. 2014. <http://www.acq.osd.mil/dsb/reports/ADA435563.pdf>.
62
FORENSICS JOURNAL
Gorman, Siobhan. Fraud Ring Funnels Data From Cards to Pakistan. The Wall Street Journal. Dow Jones & Company, 11 Oct.
2008. Web. 26 Feb. 2014. <http://online.wsj.com/news/articles/
SB122366999999723871>.
WESTCOTT HYDE received his Bachelor of Science

(double major) in Computer Science and Computer
Networking from Regis University, Denver, Colorado.
He holds a Master of Science in Information Assurance
(specializing in Computer Security) from Regis University,
Denver, Colorado. He is currently a candidate for a
Master of Science Forensic Studies - Computer Forensics
at Stevenson University. Additionally, he is currently a
student working on an additional Bachelor of Science in
Electrical and Computer Engineering at the University
of Colorado, Boulder. He works as a Computer Scientist
assisting in cyber investigations and is directing his skills
by specializing in malicious embedded hardware devices
and developing sound forensic strategies for the same.
House of Representatives. Permanent Select Committee on Intelligence. Investigative Report on the U.S. National Security Issues Posed
by Chinese Telecommunications Companies Huawei and ZTE. By
Mike Rogers and Dutch Ruppersberger. U.S. House of Representatives
Permanent Select Committee on Intelligence. N.p., 8 Oct. 2012. Web.
26 Feb. 2014. <https://intelligence.house.gov/sites/intelligence.house.
gov/files/documents/Huawei-ZTE%20Investigative%20Report%20
(FINAL).pdf>.
Kirk, Jeremy. Pacemaker Hack Can Deliver Deadly 830-volt Jolt.
Computerworld. Computerworld, 17 Oct. 2012. Web. 19 Feb. 2013.
<http://www.computerworld.com/s/article/9232477/Pacemaker_
hack_can_deliver_deadly_830_volt_jolt>.
Krebs, Brian. Skimmers Siphoning Card Data at the Pump. Krebs
on Security. Krebs on Security, 20 July 2010. Web. 11 Feb. 2013.
<http://krebsonsecurity.com/2010/07/skimmers-siphoning-card-dataat-the-pump/>.
Seidle, Nathan. SparkFun Gets a Subpoena. SparkFun. SparkFun
Electronics, 9 May 2012. Web. 12 Feb. 2013. <https://www.sparkfun.
com/news/836>.
Tehranipoor, Mohammad, and Farinaz Koushanfar. A Survey of
Hardware Trojan Taxonomy and Detection. IEEE Design & Test of
Computers 27.1 (2010): 10-25. Web. 26 Feb. 2014. <http://aceslab.
org/sites/default/files/A%20Survey%20of%20Hardware_0.pdf>.
Wang, Jennifer. Entrepreneur of 2012: Limor Fried. Entrepreneur
Magazine 18 Dec. 2012: n. pag. Web. 26 Feb. 2014. <http://www.
entrepreneur.com/article/225213>.
63
Fraud Predictors and Non-Profit Organizations

Renita Dandridge-Shoats
As of 2006, the Association of Certified Fraud Examiners estimated

that non-profit organizations experience approximately $40 billion in
losses due to fraud (Greenlee et al. 677). While this reflects an average
6% of revenue lost to fraud across all organizations it still represents a
nominal amount of funding that is not available for these non-profit
organizations to meet obligations and fulfill missions of assisting
those in need (Greenlee et al. 677),. Quite literally, every dollar lost
to fraud represents a lost ability to provide needed public services
(Greenlee et al. 677). Reducing fraud for non-profit organizations
allows these entities to provide additional benefits and services to program participants. As non-profit organizations face increased public
scrutiny, reducing fraud also strengthens their integrity and reputation
as legitimate and trustworthy operations which are fiscally responsible
for the procurement, management, and usage of the charitable donations they receive (Greenlee et al. 677). As organizations experience
fraud and become aware of relevant fraud risk factors, they can analyze this historical data to identify patterns and incorporate valid risk
factors to develop functional fraud predictors. This article discusses
different types of fraud that affect non-profit organizations, identifies
non-profit fraud risk factors, and focuses on the use of possible fraud
predictors to assess and mitigate fraud risk for non-profit organizations.
By understanding known fraud risk factors and using various fraud
predictors, non-profit organizations can effectively and proactively
address, and possibly minimize, their exposure to fraud-related losses.
External frauds are committed against the non-profit organization by

persons outside the organization, such as vendors, grant applicants,
sub-recipients, and program participants. The most common forms
of external fraud are vendor billing schemes, sub-recipient fraud,
and financial assistance fraud. Vendor billing schemes may involve
overbilling the non-profit organization or billing the non-profit
organization for fictitious goods or services. Sub-recipient fraud
can involve fraudulent reporting of program data to the non-profit
organization awarding the grant. Financial assistance fraud usually
involves program participants who apply for and receive assistance or
benefits under false pretenses (Nonprofits Not Immune to Fraud;
Keller & Owens, LLC).
As non-profit organizations are susceptible to internal and external
frauds committed against and by the non-profit organization, these
entities should consider, evaluate, and monitor relative fraud risk factors. From an audit perspective, this is often accomplished through
a fraud risk assessment where the auditor should consider fraud risk
factors that relate to misstatements arising from fraudulent financial
reporting and misstatements arising from misappropriation of assets
(Grice). For asset misappropriation, two categories of risk factors
are noted: susceptibility of assets to misappropriation and controls (Grice). Susceptibility of assets to misappropriation involves
understanding the assets of the organization and how specific assets
may be more or less prone to theft, manipulation, misuse, or abuse.
Controls relate to the supervision, oversight, and monitoring (or
lack thereof ) of assets and financial transactions. One common
example among smaller and non-profit entities is a lack of resources
that does not allow for adequate and effective supervision or separation of duties. For fraudulent financial reporting, three categories
of fraud risk factors are noted: management characteristics and
influence over the control environment, industry conditions, and
operating characteristics and financial stability (Grice). Management characteristics and influence over the control environment
relate to the abilities, pressures, style, and attitude of management
in implementing and following policies and procedures for the
internal controls and the financial reporting process (Grice). This
category can also be viewed as management setting the tone at the
top by establishing, expecting, demonstrating, and requiring ethical behavior within the organization. Industry conditions relate to
the economic and regulatory environment in which the organization
operates. Operating characteristics and financial stability are usually organization-specific, relating to expected types of transactions
(including the documentation and recognition of those transactions),
financial position, and profitability (Grice). For non-profit organizations, examples can include aggressive goals and accounting practices,
unfavorable changes in political or legal arenas, and liberal interpretation of split-interest agreements or donor stipulations.
Non-profit organizations are exposed to internal and external frauds.

Internal frauds are committed by persons within the organization,
such as employees, volunteers, managers, directors, and officers.
These internal frauds may be committed against the non-profit
organization or by the non-profit organization. Internal frauds committed against the non-profit organization typically occur in the form
of asset misappropriation, which includes revenue and cash receipt
schemes (skimming); theft of cash, property, or other non-cash donations (larceny); purchasing and cash disbursement schemes (check
tampering, register disbursements, credit card abuse, and fictitious
vendors); and payroll and employee expense reporting schemes (ghost
employees, overstated hours, fictitious or duplicate reimbursable
expenditures). Internal frauds committed by the non-profit organization usually occur in the form of fraudulent financial reporting. This
can involve the misclassification of restricted donations, failure to
make required disclosures, revenue overstatement, timing differences,
misclassification of fundraising and administrative expenses, inappropriate asset valuation, and submission of false statements to external
parties for application or compliance requirements. Internal frauds
committed by the non-profit organization also occur in the form of
fraudulent fundraising practices where the organization misrepresents
the extent of a charitable contribution deduction entitled to a donor,
fails to comply with donor-imposed restrictions on gifts, manipulates
various costs to improve expense ratios, or misrepresents the portion
of donations used in charitable programs (Nonprofits Not Immune
to Fraud; Keller & Owens, LLC).
While most organizations are predisposed to these fraud risk factors, non-profit organizations are usually more vulnerable due to one
64
FORENSICS JOURNAL
major reason the inherent environment of trust that is so easily and

frequently presumed within and relative to these types of organizations. Excessive trust and control is placed in the founder, an executive director, or a substantial contributor or sponsor. Only limited
resources are available to be allocated to accounting operations, internal controls, and financial oversight; for example, only one person
completes all the steps in the payroll process. Members of the Board
of Directors are usually volunteers, whose financial oversight experience is minimal. In daily operations, many volunteers have access to
assets and confidential information. Charitable contributions are also
at greater risk of theft compared to other more traditional exchangetype transactions. Because non-profit organizations are also more
vulnerable to the impact of negative publicity, they are less likely to
report occurrences of fraud (Nonprofits Not Immune to Fraud).
As these risk factors should be considered individually and collectively, it is also beneficial for the auditor to tailor the risk factors
so that [they] particularly are applicable to [non-profit organizations]
(Grice). This type of fraud risk assessment is not restricted to audit
procedures the non-profit organization should perform a similar
evaluation in the form of a fraud risk self-assessment.
ment (founders or executive directors), lack of board members with

expertise in financial oversight, and limited resources for financial
management (Holtfreter 46). The same challenges are still prevalent
ten years later, especially for smaller non-profit organizations.
A 2008 study supports earlier findings that focusing on victim organization characteristics of financial controls, nonfinancial mechanisms,
and management oversight and behavior can reduce losses experienced by non-profit organizations. Some of these control mechanisms include pre-employment background checks, internal controls,
internal and external audits, and the use of anonymous employee
hotlines (Holtfreter 48 49). Pre-employment screenings can identify potentially questionable applicants; this information can be used
to disqualify applicants or determine more appropriate assignments
for new employees. As post-employment control mechanisms, internal controls should be adequate and effective in segregating duties and
monitoring and supervising activities where assets are exposed and
financial transactions can be impacted. This study also cites internal
and external audits as vital post-employment controls (Holtfreter 49).
Noting that employee tips are the most frequent method of fraud
detection, anonymous hotlines assist early detection and can minimize
losses (Holtfreter 49). As of 2012, the Association of Certified Fraud
Examiners reports that fraudulent activity is detected with employee
tips via organization hotlines in more than 50% of fraud cases (Association of Certified Fraud Examiners 16).
A 2013 case study observed several characteristics that can make

a non-profit organization particularly vulnerable to asset misappropriation (Ulmer and Noe 159). First, non-profit organizations
receive a high volume of cash contributions, many of which are not
well documented. This makes it difficult for management to estimate
incoming donations and detect fraudulent shortfalls. Second, nonprofit organizations are usually managed by a board of volunteers,
which is often amateurish in composition, and can easily become
more of a social organization than a conscientious oversight body
(Ulmer and Noe 159). The naivet that everyone is dedicated to
the cause and thoughts that nobody would steal from a non-profit
organization often translate to a disadvantage in the fiduciary responsibility of the board. Third, with limited resources, non-profit organizations typically have smaller accounting operations where separation
of duties is often inadequate. Fourth, another less obvious characteristic is the non-profit organizations desire to protect its reputation and
avoid negative publicity about any fraudulent activity. The nonprofit organization has a primary interest in maintaining public trust
since there is a significant reliance on public generosity and support.
Where the occurrence and prosecution of fraud committed against the
non-profit organization are not made known to the public, this may
lead a prospective fraudster to believe that punishment will be slight
and possibly attract other fraudsters seeking to deceive the non-profit
organization (Ulmer and Noe 159). Subsequent admission of a fraud
cover-up may result in even more damaging consequences than
had the act been handled openly from the beginning (Ulmer and
Noe 159). Earlier studies in 2003 demonstrated that internal fraud
committed by employees posed a greater immediate risk than external
fraud for non-profit organizations. Risk factors identified specifically
to non-profits include: heightened trust, excessive control by manage-
As internal fraud can occur in the form of asset misappropriation or

fraudulent financial reporting, the known risk factors, whether predictable or not, pivot on the control environment and management
oversight. Weak internal controls and ineffective oversight are often
cited as the most significant predictors of internal fraud. Within the
culture of trust without oversight, non-profit organizations need
appropriate internal controls and effective financial oversight to proactively prevent opportunities for internal fraud (Ulmer and Noe 162).
The primary goal of a strong internal control system is to reduce
opportunities for fraudulent activity. These internal controls should
incorporate background checks on all employees, separation of duties,
proper authorizations, and moderate reliance on or trust in one individual to preclude opportunities for asset misappropriation (Gallagher and Radcliffe 321). Background checks should be completed for
all potential employees, especially those who will have access to cash
and other liquid assets (Greenlee et al. 690). As a pre-employment
requirement and form of due diligence, a comprehensive background
check may reveal a criminal record or other questionable activity that
should be treated as possible warning signs. This information should
be considered relative to the responsibilities of the potential employee
and his/her possible access to organization assets. Background checks
may even be warranted for certain volunteers who will have direct
access to valuable or otherwise susceptible assets. Non-profit organizations should also consider investing in insurance or surety bonds for
65
these same employees, as well as volunteers, who have access to cash

and similar assets (Greenlee et al. 691). New employees and volunteers should also receive orientation and training encouraging awareness and accountability.
resources. As an internal supervisory body, an audit committee can

be an effective vehicle for preventing fraud, embezzlement, and mismanagement of assets (Gallagher and Radcliffe 322). These prevention efforts should include conducting a periodic review of internal
controls, facilitating means for confidential reporting of fraud and
abuse, and educating employees about the full impact of fraud to the
non-profit organization (Greenlee et al. 691). The audit committee
should also oversee the internal audit function, if applicable, as well as
the completion of any independent external audits. Diverse members
and members with financial expertise are also beneficial to both the
Board of Directors and the audit committee.
The separation of duties involves the assignment of authorization, custody, and record-keeping functions to separate individuals (Gallagher
and Radcliffe 322). This fundamental principle of internal controls
simply requires different individuals to complete different steps of an
accounting process. As a result, the likelihood of theft [asset misappropriation] or error going unnoticed is greatly reduced (Gallagher
and Radcliffe 322). If one person completes all steps of the process,
the offender is also able to conceal his/her fraud.
Lastly, a fraud response plan should be established before fraud occurs.

This plan should include the non-profit organizations fraud policy,
who to contact when fraud is suspected or detected, steps to take
if fraud is detected, and how to handle related inquiries (Gallagher
and Radcliffe 323). With an established fraud response plan, the
non-profit organization is prepared to handle fraud incidents proactively, thus minimizing the negative impact. A strong management
response to alleged or suspected fraud is also important in deterring
future incidents (Greenlee et al. 689).
Proper authorizations should only be given by someone who is at an

appropriate level and understands the transaction to be approved, the
reason for the transaction, and the impact of the transaction. Clear
lines of authority and proper procedures for authorization of transactions should be established and enforced (Greenlee et al. 689). Proper
authorizations can also require requests to be made in writing and
multiple approvals, e.g. dual signatures. The lack of proper authorizations compromises both the monitoring and supervision functions.
As stated before, membership diversity may also be a benefit to the

oversight boards of non-profit organizations. A 2013 study examined the composition and compensation of the Board of Directors as
predictors of fraud. In the world of public companies and for-profit
entities, the Board of Directors serves to ensure profitability maximization and oversight of ethical behavior and the quality of financial
statements (Kim et al. 142). Regulators and investors are aware of
aggressive goals and lucrative incentives that can and have resulted in
fraudulent financial reporting. Recent high-profile accounting frauds
have resulted in a loss of investor confidence and a crisis of trust
(Kim et al. 142). Any type of fraud can be detrimental to even the
largest non-profit organizations and agencies. Relative to the composition of the Board of Directors, this particular study considered
the gender, independence, financial expertise, tenure, and segregation
of positions of board members. Fraud firms (firms with reported
SEC violations) had significantly fewer female board members, fewer
independent board members, and board members with longer tenure.
Fifty-three percent of these fraud firms also had CEOs serving dual
roles as both CEO and Chairman of the Board, indicating that fraud
is more likely when these two positions are combined. Here, fraud
is more likely [to occur] when an entrenched board compromises
the oversight function of the Board of Directors. Including more
women, finance and accounting professionals, and independent directors to the board can further reduce entrenchment (Kim et al. 149).
Similarly, the audit committees of these fraud firms were reported to
have fewer female members and members with longer tenure. Relative to the compensation factors, this study found that compensation
in the form of stock and stock options was positively associated with
fraud (reported as SEC violations) when compared to firms with
Moderate reliance on or trust in one individual actually limits the

authority of one person to establish, implement, monitor, and
enforce any single function of an organization (Gallagher and Radcliffe 322). This reinforces the separation of duties so that one person
does not have excessive authority without proper supervision.
As non-profit organizations may also be inclined to fraudulent
financial reporting, effective management oversight can inhibit this
type of internal fraud by providing additional supervision. Aspects
of effective management oversight should include an informed and
conscientious Board of Directors, the formation and/or existence of
an audit committee, and a fraud response plan (Gallagher and Radcliffe 321). As the Board of Directors is responsible for governing the
non-profit organization, this includes addressing legal requirements,
managing financial risks, and setting expectations. In this oversight
role, the board should set the tone regarding ethical behavior in its
response to risks and opportunities. This includes establishing the
control environment, being aware of operating characteristics and
industry conditions, and empower[ing] employees in a positive
workplace environment (Greenlee et al. 689). Board members and
directors should also be independent. Based on the Sarbanes-Oxley
Act that regulates public companies, recommendations also include
prohibiting personal loans to non-profit board members and executive directors and prohibiting the appointment of any individuals who
have been barred from serving as board members or directors by the
Securities and Exchange Commission (SEC) (Greenlee et al. 689).
An audit committee is helpful for minimizing potential financial
losses and ensuring compliance for the receipt and use of specific
66
FORENSICS JOURNAL
board members who only received cash compensation. This established that cash-based compensation [was] not associated with an
increased risk of fraud (Kim et al. 148).
doubtful accounts, inventory, total assets, debt, and earnings before

interest and taxes. The following financial ratios were noted: accounts
receivable/sales; accounts receivable/total assets; inventory/sales; net
property, plant, and equipment/total assets; debt/equity; sales/total
assets (Fanning and Cogger 34). Additional testing revealed lower
sales growth, higher accounts receivable to sales ratios, and higher
debt to equity ratios for companies with fraudulent financial statements. These results indicate that these companies may be experiencing slower growth, accounts receivable manipulation, additional debt,
and even manipulation of underlying trend variables (Fanning and
Cogger 37). Applied to non-profit organizations, fewer donations,
distinct changes in accounts receivable, unexpected debt, and unusual
trends may indicate financial distress and the existence of fraud within
the financial statements. Even as non-profit organizations may be
more familiar with adverse operating conditions and regular financial
distress, these indicators should still be treated as financial statement
fraud predictors. Awareness and assessment remain a necessity in the
monitoring and review of financial statements and unusual accounting
transactions. Many non-profit organizations experience the pressures
of maintaining or increasing revenue/donations, meeting forecasts,
achieving favorable budget variances, and the reality of overutilization
(doing more with less). Preserving donor approval and substantial
related resources could lead to questionable accounting maneuvers
resulting in fraudulent financial statements.
This study also makes policy suggestions to reduce the likelihood of

fraud based on these findings, some of which reinforce previously
discussed recommendations. Realistic goals and incentive structures
should be developed, so managers are not tempted to commit fraud
in order to meet high earnings expectations. Organizations should
increase board diversity, as board behavior appears to improve with
the presence of women and other diverse directors; organizations
should also consider term limits as this can address the issue of possible board entrenchment (Kim et al. 152). By applying these findings and extending these policies to non-profit organizations, directors
can attempt to reduce the likelihood of internal fraud. Applying these
policies may also prove to be a cost effective way for these organizations to reduce fraud. With a greater number of females than males
working in the non-profit sector and higher-dollar fraud losses associated with male managers and/or executives non-profit organizations
should consider increasing their number of female board members
(Greenlee at al. 683),. For more independent board members, some
non-profit organizations may need to move beyond the obvious or
readily available sources, i.e. organization founders and significant
contributors. The same should apply in seeking out board members
with financial expertise, preferably in the nonprofit arena. While the
organization founders and significant donors may be extremely loyal
and even trustworthy, this does not mean these individuals have the
relevant experience needed to fulfill this oversight role effectively.
Concerning compensation, non-profit organizations should also be
careful to limit and monitor the use of non-cash perquisite benefits
provided to board members.
A study published in 2007 incorporated non-financial information

in the form of a fraud questionnaire to assess fraud in certain servicebased enterprises. Contrary to most studies, the use of financial
information and standard ratios may not provide the most appropriate
measure for these types of enterprises. This study used a questionnaire
to evaluate various risks - management, industry, earnings, and operating - with a more subjective approach. Sample firms responded to
questions based on individual characteristics, specific conditions, and
actual experiences, not just numbers in the form of financial results
and ratios. An Excel spreadsheet function was then used to assign
appropriate fraud variable values based on the questionnaire and
scoring logic for the questionnaire responses. Combined with a fuzzy
logic model, the results produced a 76.7% overall accuracy rate in
predicting whether these service-based firms issued fraudulent financial statements (Lenard et al. 135). These results also indicated that
an industry-specific model could be more useful than a general fraud
detection model to external interested parties (Lenard et al. 136).
Non-profit organizations and other interested parties can experience
greater benefit from fraud detection models developed explicitly for
non-profit organizations. These organizations can assess their most
relevant aspects of fraud risk factors and interested parties can be more
confident in their review of and/or reliance on the financial statements
of these non-profit organizations.
With the examination of financial statements as a means to highlight

fraud predictors, several studies have identified and tested specific
variables to measure the likelihood of financial statement fraud. A
study published in 1998 tested corporate governance and financial
statement accounts and ratios, accounting choices, operating results,
and trend analysis, among other variables based on public information, as possible indicators of financial statement fraud. These familiar
corporate governance variables were associated with fraudulent financial statements: a smaller Board of Directors (fewer board members),
a lower percentage of outsiders on the Board of Directors, absence
of an audit committee, absence of a compensation committee, and
the dual-role position of CEO and board chairperson (Fanning and
Cogger 32). Supplemental multi-variable testing suggested additional
outside directors may provide additional oversight that helps prevent
[fraudulent financial statements] (Fanning and Cogger 36). Accounting choices such as inventory valuation and depreciation methods
were not found to be significant variables, but individual accounts and
specific financial ratios were found to be statistically significant factors.
These individual accounts included accounts receivable, allowance for
External fraud usually occurs in the form of consumer or recipient

fraud. For this context, recipient fraud includes service applicants or
67
program participants who receive benefits or other assistance based on

their submission of falsified information. In essence, these recipients
make fraudulent claims to qualify for payments or services for which
they would not qualify otherwise. This type of fraud is harmful not
only to non-profit organizations, but also to legitimate applicants
who may be rejected because fraudulent recipients have usurped the
designated resources. Since this will always be a risk to non-profit
organizations, understanding related predictors becomes a strategic
tool in identifying and denying fraudulent claims. Predicting external
fraud can also be particularly difficult when any number of variables,
or combination thereof, may be considered key indicators or red
flags that a claim may be fraudulent and requires additional inquiry
or analysis to determine its validity. The central purpose for these
predictors is for non-profit organizations to increase internal confidence of identifying fraudulent claims before assistance or benefits are
expended in error. This can be accomplished through the application
of fraud detection models utilizing data mining, where this analytical
approach to fraud detection uses historical data to identify possible
predictors of fraud associated with known fraudsters and their actions
in the past (Nisbet et al. 350). Generally speaking, this methodology
utilizes pattern analysis in the creation and application of rules, general principles, red flags, and alerts to generate a decision that recommends acceptance, rejection, or review; or a score or profile indicating
the likelihood of possible fraud. Predictive analytics and link analysis
may be more common end-user terms for some of these fraud detection models. Fraud detection systems are also available commercially
as fraud detection software. The most common application for these
fraud detection models are credit card fraud, check fraud, application
fraud, claim fraud, and healthcare fraud all forms of external fraud.
Again, the most prominent example of external fraud against a nonprofit organization is healthcare fraud. The Federal Bureau of Investigation estimates $80 billion in annual healthcare fraud costs, and
close to $700 million annually when fraud and improper payments
are combined (Worth). The Centers for Medicare and Medicaid
Services (CMS) is a prime target for fraudulent claims. Processing
more than 4.8 million claims per day, CMS is the most well-known
healthcare entity using analytics (Worth). The 2010 Small Business
Jobs Act authorizes the use of predictive modeling and other analytics technologies to identify improper claims for reimbursement and
to prevent the payment of such claims under the Medicare fee-forservice program (Roehrenbeck). This predictive modeling program
is intended to capture and provide a comprehensive view of provider
and beneficiary activities across all regions with the goal of detecting
patterns and networks that represent a high risk of fraud (Roehrenbeck). This modeling program can also be used to identify other
improper payments not related to fraud.
The analytics are divided into four categories: normal rules of healthcare and how these rules may be violated; anomalies; predictive
modeling using patterns based on cases of fraud; and social networking that analyzes the financial ties of a fraudster-provider (Worth).
This fourth category is a form of link analysis, which is a data analysis
technique that examines the relationships among claims, people,
and transactions (Schreiber). With the natural evolution of fraud
schemes and interrelated factors, the inherent intelligence in the predictive analytic system learns from the new rule patterns and builds
increasingly more sophisticated models, adapting for new types of
fraud as new rules are developed (Schreiber). Predictive analytics
and link analysis relate a greater number of highly arbitrary, and even
unexpected, variables to detect and prevent fraud. This is significant
as external fraud can be more elusive and less discernible when compared to the typical predictors of internal fraud.
Due to the nature of healthcare needs and associated costs, the rate of
external fraud against non-profit healthcare organizations is probably
one of the highest. A 2004 article notes that the National Health
Care Anti-Fraud Association estimates 3% to 10% of every dollar
spent on healthcare in the U.S. is lost to fraud, totaling $39 billion
to $150 billion a year (Mantone). With increasing healthcare costs,
one would only expect these fraud losses to increase. To mitigate this
risk of external fraud, non-profit healthcare organizations currently
use fraud detection software and predictive modeling in a continuous effort to detect fraudulent claims before making payments. The
Government Employees Hospital Association uses a Fair Isaac Corporation (FICO) software product that assigns a fraud-risk score for
each billing transaction. According to the Associations data analysis
manager, the software also increases productivity as employees can
focus more on the fewer number of flagged claims instead of attempting to review all claims as possible fraudulent cases (Mantone).
Overall, the Association is better equipped to reduce fraud and related
costs, as well as improve employee productivity and positively impact
customer service.
While the use of data mining, predictive analytics, and link analysis
may be useful for external fraud prevention efforts of larger nonprofit organizations, prospective detection may still prove difficult for
smaller non-profit organizations. These entities can purchase more
modest versions of fraud detection software or build their own internal databases and create rules to flag suspicious applications or claims
for benefits or services. Key factors to consider may include timing
and frequency of applications, referral sources, application inconsistencies, and other observable characteristics. These fraud detection
and prevention efforts could also become the impetus for larger multiorganizational databases managed by federal or local government
agencies or other related support agencies. The availability and use
of this type of information can be key for non-profit organizations to
conduct risk self-assessments, reduce exposure to external fraud, and
enhance their ability to manage and mitigate that risk.
68
FORENSICS JOURNAL
Nonprofit organizations are by no means immune to fraud losses

(Greenlee at al. 691). Considering their operating characteristics
and industry conditions, these organizations are more vulnerable to
fraud than their for-profit counterparts. Non-profit organizations are
susceptible to both internal and external fraud, namely in the form of
asset misappropriation, fraudulent financial statements, and recipient
fraud. As part of their fiduciary responsibility, these organizations
should conduct fraud risk self-assessments to gain a better understanding of their general and specific exposure in various functions
and processes, namely internal controls and management oversight.
By developing and maintaining strong internal controls and effective
management oversight, non-profit organizations can safeguard assets
and ensure financial statement integrity. Some of the simplest best
practices can minimize fraud opportunities and improve fraud detection and prevention. Non-profit organizations should also consider
red flags and other proven fraud predictors in the fight against
fraud. These organizations may benefit from the use of analytical
methods, commercial software, and other analytical applications that
can detect prospective fraud and avoid the unnecessary related losses.
Even in an atmosphere of trust, non-profit organizations can be more
aggressive in their fiduciary responsibility as they establish and implement best practices, conduct regular fraud self-assessments, seek out
effective fraud detection tools and applications, and consider alternative approaches and resources to actively reduce fraud by limiting the
frequency and amount of related losses.
Kim, Joung Yeon, Dianne Roden, and Steven Cox. The Composition
and Compensation of the Board of Directors as Predictors of
Corporate Fraud. Accounting and Finance Research. 2.3 (2013): 142154. Directory of Open Access Journals. Web. 28. Aug. 2013.
Lenard, Mary Jane, Ann Watkins, and Pervaiz Alam. Effective Use
of Integrated Decision Making: An Advanced Technology Model for
Evaluating Fraud in Service-Based Computer and Technology Firms.
Journal of Emerging Technologies in Accounting. 4 (2007): 123-137. Web.
Mantone, Joseph. Like a locomotive. Modern Healthcare. 34.26 (28
Jun. 2004): 28-30. Business Source Complete. Web. 14. Sep. 2013.\
Nisbet, Robert, John Melder, and Gary Miner. Handbook of Statistical
Analysis & Data Mining Applications. Oxford: Elsevier, 2009. Print.
Nonprofits Not Immune to Fraud. EisnerAmper Accountants and
Advisors. EisnerAmper, 22 Apr. 2010. Web. 26 Feb. 2014. http://
www.eisneramper.com/non-profits-fraud-0410.aspx
Keller & Owens, LLC. Preventing and Detecting Fraud in Not-forProfit Organizations. Digital file.
Association of Certified Fraud Examiners. Report to the Nations on
Occupational Fraud and Abuse. Austin: ACFE, 2010. Digital file.
Roehrenbeck, Cybil. Predictive Modeling: The New Frontier in
Medicare Claims Review. ABA Health eSource. 8.8 (Apr 2012). Web.
8 Sep. 2013.
REFERENCES
Schreiber, Russ. Fighting fraud with predictive analytics and link

analysis. Healthcare Finance News. 2012. Web. 8 Sep. 2013.
Fanning, Kurt M., and Kenneth O. Cogger. Neural Network

Detection of Management Fraud Using Published Financial Data.
International Journal of Intelligent Systems in Accounting, Finance &
Management. 7 (1998): 21-41. Web. 24 Sep.2013.
Ulmer, Jin, and Kelly Noe. Embezzlement in the Library. Journal of

Business Case Studies. 9.2 (Mar/Apr 2013): 157-163. Business Source
Complete. Web. 24 Sept. 2013.
Gallagher, Mark, and Vaughn Radcliffe. Internal Controls in

Nonprofit Organizations: The Case of the American Cancer Society,
Ohio Division. Nonprofit Management & Leadership. 12.3 (Spring
2002): 313-325. Web. 27 Sept. 2013.
Worth, Tammy. Fraud prevention through prediction. Healthcare

Finance News. 2013. Web. 8 Sep. 2013.
Greenlee, Janet, Mary Fischer, Teresa Gordon, and Elizabeth Keating.

An Investigation of Fraud in Nonprofit Organizations: Occurrences
and Deterrents. Nonprofit and Voluntary Sector Quarterly. 36.4 (Dec
2007): 676-694. ILLiad Interlibrary Loan Electronic Delivery. 7 Oct.
2013.
RENITA E. DANDRIDGE-SHOATS is
a graduate student in the Forensic Studies
program at Stevenson University. She
received her B.S. degree in Accounting from
Morgan State University (Baltimore, MD).
She is a Certified Public Accountant and has
worked in the private accounting sector for
several public and private companies.
Grice, Sr., John Stephen. Fraud Detection in Audits of Not-ForProfit Organizations. National Public Accountant. 46.1 (Feb/Mar
2001): 10-15. Business Source Complete. Web. 14 Sept. 2013.
Holtfreter, Kristy. Determinants of Fraud Losses in Nonprofit Organizations. Non Profit Management & Leadership. 19.1 (Fall 2008):
45-63. Business Source Complete. Web. 13 Sept. 2013.
69

Forensics Journal Stevenson University 2014

Încărcat de

Informații document

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Forensics Journal Stevenson University 2014

Încărcat de

Drepturi de autor:

Formate disponibile

FORENSICS JOURNAL

Carolyn Hess Johnson, Esquire

INTERVIEW WITH SCOTT DECKER, PH.D

PRINT TECHNOLOGY AND

U.S. CITIZENSHIP AND IMMIGRATION

HOW FORENSIC SCIENCE HAS INFLUENCED

WHAT ARE THE BEST PRACTICES FOR

IS FAIR VALUE ACCOUNTING

SOCIAL MEDIA PUBLIC OUTREACH:

Interview with Scott Decker

SCOTT DECKER, BIOGRAPHY

WHAT IS THE RESPONSIBILITY OF THE HAZARDOUS

WHAT ARE YOUR CURRENT RESPONSIBILITIES AT

HOW DID THE FBI HAZARDOUS MATERIALS RESPONSE

I currently act as Director of Security at AIBioTech. I oversee a range

COULD YOU EXPLAIN SOME OF THE ADVANCEMENTS IN

Following the 9/11 attacks we set up a command post at ground zero,

Lasers were setup to measure the movement of these buildings. If a

Terrorism is an act of violence or disruption to change government

AS A SPECIAL AGENT AND SUPERVISORY SPECIAL AGENT,

GETTING BACK TO THE ANTHRAX ATTACKS, WHAT WERE

Anthrax is the disease caused by the bacteria; Bacillus anthracis. When

REGARDING THE ANTHRAX ATTACKS IN 2001, HOW DID

The first victim, located in southern Florida, was admitted to the

ONCE THE STRAIN OF THE ANTHRAX WAS DETERMINED,

YOU MENTION THAT THIS WAS AN ACT OF TERRORISM.

Senator Leahy with identical handwriting, return address, and postage

Once we obtained these Ames samples, we compared them against

HOW DID THE CASE RESOLVE?

IN THE TERMS OF BIOLOGICAL TERRORISM ATTACKS,

The second important breakthrough was finding the Senator Patrick

A Biosafety level 3 laboratory was built in a vacant warehouse where

COULD YOU EXPLAIN WHAT THE LABORATORY

STEPHANIE WITT completed her Undergraduate studies in 2008 at the University

The Laboratory Response Network was established in January 1999.

Print Technology and Forensics

Although 3D technology made its first appearance in the 1950s on

Computer print technology has been in existence for quite some

WHAT IS 3D PRINT TECHNOLOGY?

WHAT IS 2D PRINT TECHNOLOGY?

The method used in replicating real object designs is referred to as an

Lower on the printing spectrum is 2D print technology which

ribbon and transfers the image of the character to paper. Nonimpact

(How 3D Printing Is Changing). The medical industry has also

Computer forensics is a field where various specialty software tools

3D print technology has already made an impact on the automotive

collected in accordance with various ethical procedures. These ethical

information from a printer can identify the device by its Uniform

Unfortunately, printer technology has vulnerabilities and limitations

There is a more commonly known technique for identifying the

Numerous limitations within both the computer and printer forensic

In forensics, it is essential that examiners adhere to strict rules. These

not currently have a dedicated set of tools to recover information.

Previously listed vulnerabilities and limitations are common for 2D

A second vulnerability is that 3D printers have their own specialty

Metadata is not the only significant information. The material type

The most significant vulnerability and limitation within the forensics

WHATS IN STORE FOR THE FUTURE?

The future holds endless possibilities for 3D print technology. It

technology that will significantly impact the forensic field. Expansion

3D print technology will change the manufacturing business. The

The key to a computer forensic investigation is to figure out the facts:

It is obvious that the ability to print an item on a whim means fast

Tools will need to be produced which allow an examiner to examine