John Stark is special counsel for Internet projects at the Securities and Exchange Commission. An eight-year commission veteran, Stark heads the Internet program, which includes prosecution, surveillance, self-policing, liaison work with law enforcement agencies and investor education.

Jay Perlman is branch chief in the SEC's office of the chief counsel and has been with the commission for about eight years.

(The views expressed here are those of Stark and Perlman and don't necessarily reflect the views of the SEC or their colleagues on the staff of the commission.)

What exactly does your job entail?

Stark: More than anything, it's to direct the Internet program. There are investigations that pertain to the Internet going on all over the country--field offices and headquarters. My capacity leading the program is to set the direction of those cases, filter out a lot of the leads and work on them, and bring some of my own [cases].

What are the various components of the Internet program?

Stark: The first component is prosecution. And generally, [the Internet division] is going to be doing our own cases, but we also work with all of the SEC staff and do other cases.

The second is surveillance. We have this [SEC staff] group called the cyberforce. I sent an E-mail to enforcement staff and asked if anyone was interested in surfing the Internet, conducting some surveillance and helping to train the staff to conduct Internet investigations. About 83 people volunteered for that. We have people looking at the Internet every day including Jay and I.

Then there's the self-policing [component]. We set up the Enforcement Complaint Center [for investors] on our Web page, and it now gets at least 120 complaints a day. Between Jay and I, we review every single one of them. They're really good leads. They help us keep our ear to the ground. And most of that is because of this culture of vigilance on the Internet.

The next component is the liaison function. I believe the Internet has spawned a new spirit of cooperation amongst law enforcement. You can see it anytime you go to [industry] conferences. We had one last week with people from the FTC on the board. You've got people from NASAA, the state agencies. You have the CFTC and the FBI, the Department of Justice, the banking regulators. I work with every single one of those.

And finally, with every type of initiative we have, there's always an educational component. I worked on an investor alert [on the Web page] on cyberspace--the telltale signs of fraud. Also, Jay and I for the last year or so, whenever we suspend trading on a company or we have information [on the company], we try to use the Web proactively. For instance, we'll find a discussion forum that covers that company and we'll post the trading suspension, the court order, as well as our press release about it. Another thing we do is set up a special Web page on a case where investors can get information on it.

We want to be consistent, centralized. We work a lot of investigations, and we try to bring as many cases as we can. We're now up to about 30 cases total.

Are those all fraud cases?

Stark: Every case we've brought in the Internet area is a fraud case, including 17(b)--a basic statute that says if you're an investment newsletter or anyone talking about a company and promoting it, you have to disclose if you're receiving compensation from an issue you're promoting, and the nature and amount of the compensation.

Basically, you monitor the Internet through the cyberforce and you and Jay surfing the Net every day?

Stark: We also have other people looking at the Internet in the office of market surveillance. I never talk about the numbers of people looking because I literally have no idea. Everyone [at the SEC] has the Internet at their desk. Staff are encouraged to try to find leads on their own.

Anyone on staff can set off an investigation?

Stark: Yes. If I pick up the phone, or if I go to the library, or I view something, it's an investigation. We have different levels--informal inquiries, formal inquiries, and then after we've brought an action we have litigation. We don't have any criminal authority; we just bring civil actions.

But you could refer someone for criminal prosecution?

Stark: Yes. We have very often, and we typically work on the criminal ones. Because we have the expertise in the area of securities, what happens is somebody gets--we say deputized. Jay and I have both done this--where you become what's called a special assistant U.S. attorney. You can appear before the grand jury, and you are deputized by the U.S. attorney's office to work the criminal investigation for them.

How effective is self-policing?

Stark: I think that's the most effective component in the whole program. When we bring a case, the majority of those [leads] come from the complaint center. I wrote an article in Insights magazine in which I talked about the new cybersleuth. The cybersleuth is this person on the Internet who will take a spam, for instance. And you know what the headers look like on a spam--it's a bunch of gobbledygook. You really have to be an expert to dissect it and figure out exactly where it came from. There are people who will do that--who write to us about the securities laws they think are being violated. People identify themselves typically, also. We rarely get anonymous complaints. We get the person's name, phone number, everything: "Call me, I'll help you with anything you want."

In addition to you and Jay, does anyone else review E-mail complaints?

Stark: Yes. We have an investor assistance unit upstairs. There are three staff members there who get copies of every E-mail I get. If there's a consumer assistance component to it, like they think the broker's ripping them off, and the broker's also not returning their calls, the consumer assistance people are very good at doing that kind of work.

How do you decide which complaints to investigate further or to prosecute?

Perlman: I would say a lot of the complaints--35%--relate to existing investigations. So we'll give them to the applicable people at the SEC.

Stark: We'll review the E-mail, and then we'll look at our database to see if there's any investigation pertaining to it. We can E-mail the complaint directly to that staff member [on the investigation].

Perlman: We also have a decent amount--I'd say 10% to 20%, maybe as high as 25%--that may not have enforcement concerns. So we send it to other divisions that may be involved--market reg, investment management, office of compliance, inspections and exams.

Stark: It's really just old-fashioned prosecutorial discretion, and we both did criminal prosecutions. Jay did street crimes in Virginia, and I did street crimes in D.C. It's like, the police officers walk around and decide--is this something we should investigate, or is this something we should leave alone?

The most important thing is not to make these decisions unilaterally. For instance, someone writes in and says the spreads are too large for a particular stock, and they think the market makers are misbehaving. In that instance, we would [consult] the expert in the office of market regulation.

Typically, the reason we don't investigate something is based on resources. We can't investigate every one.

What types of fraud are you seeing on the Internet, and is it different from fraud that's perpetrated through other media?

Perlman: To quote John, I don't think the schemes or the types of fraud we're seeing are any different from the types of fraud we've seen in the past; it's a difference in the medium. What we're concentrating on now, microcap, is a big area, but it's no different than it was in the early '80s. It was just called penny stock fraud then. We still see plenty of plain-vanilla offering fraud. Maybe the word to use is they've gotten more sophisticated in the sense that you see this nice glitzy Web page, and it looks pretty good.

Stark: The frauds are the same as they always were. What's different is that the scam artist can now, from his or her own living room, reach millions of people instantly, efficiently and at no cost.

Perlman: It's a lot more efficient now. You used to have 10 or 15 years ago, a broker in a boiler room going through the White Pages. Now, there are mining and extraction software programs with which you can pull out the E-mail addresses of people who visited a [particular] chat forum.

Do you think investors are more vulnerable to fraud on the Internet?

Perlman: I've heard people ask me, "Why do you think people fall for this stuff?" I think there's a couple of reasons. First, when you see these things on the Internet, they look legitimate. How I distinguish this from a cold call, is when you're eating dinner and the phone rings, that was not your decision. This person is, in a sense, invading your privacy. When you get on the Internet, you have made the decision to do something--to turn on your computer, to go and look for something. So I don't think you're automatically, for lack of a better term, "on the defensive."

What would you tell brokers in advising clients on how to spot a scam?

Stark: I would say first of all, the old adage, if it sounds too good to be true, it probably is. Any other words like guaranteed, risk-free, safe as a CD, government-backed, government sponsored--those are the kinds of things you should ask questions about.

What would you advise brokers about sending E-mails to their clients?

Stark: I'm not sure what steps [brokerage firm] supervisors should take with respect to monitoring their employees because it's a case-by-case type of thing. There are some rules at the NASD and the New York Stock Exchange--rules they have to follow. But generally, the supervisor has to understand and can't claim ignorance that a broker could be using the Internet in a variety of ways including use of E-mail to contact customers from home and work, use of their own Web page to provide information to customers, or using chat rooms and discussion forums to communicate information about companies they follow. I'm not saying that any of that is wrong. But I'm saying supervisors need to be aware of it and have policies in place to deal with it.

Are you seeing problems with brokers participating in chat rooms or bulletin boards?

Stark: If you go to any of these bulletin board areas and you read the messages, there are a lot of professionals who participate. I'm not saying that there's anything wrong with them doing it. I would hope that for the professionals who do [participate], their companies have guidelines because when you're reading something on the Internet, there's a problem of both credibility and authenticity, and integrity. Integrity in the sense that you don't know where the message is coming from. Credibility--you don't know if they're a promoter, if they're a short seller, if they make a market in this, if they're a specialist, if they're someone who owns a lot of the stock, if they're part of the company or if they're an underwriter. If you don't know those things, you can't make your decision. There are a lot of people participating without disclosing what their interest in the participation is. Unfortunately, there's this culture of trust and benevolence on the Internet.

Our director said once, if somebody leaves you one of those leaflets on your car, and after work, you go out to your car--the leaflet says invest $100 in this company, it's a great buy, you'll make 20% in a week. And the guy comes by to collect it, are you going to give him your money? Of course not. But it's really not very different from some of the things on the Internet because it's anonymous.

Despite the fact that a fraudster can appear anonymous, you have methods of tracking them down.

Stark: A typical method is old-fashioned detective work. The investment scam artist faces a double-edged sword: They want to hide from us, but they want to find victims. Typically, most people will at least need an address or a name or a phone number before they're going to send their money. If there's some sort of money trail, we can do all sorts of things to find out who those people are. Ultimately, we can use our subpoena authority to subpoena an access provider to find out who's behind the particular E-mail address. We've done that routinely. I don't know what the future holds, but in terms of our day-to-day investigations, we've generally been able to find people.

The only difficulty is if they're offshore because at that point, we have all these terrific treaties and memorandums of understanding, but the investigation does slow down a bit because we have to work through the international community.

I would imagine there's a lot of international fraud going on.

Stark: I think that's probably going to be our biggest future concern because Internet access is spreading across the globe [which is] bringing new areas in terms of offerings, financial services. I've seen an increase of complaints relating to international scams. Hopefully with education, the investor will understand that when they invest in something abroad, it's a lot more difficult for us to conduct the standard investigation.

In addition to investor alerts, what are you doing in terms of investor education?

Stark: We use our Web site whenever we can. We have this giant Facts on Saving and Investing campaign that was a state-by-state and country-by-country hemispheric effort--a massive week of town meetings and big forums. And part of that was the Internet. For instance, we had a press conference where we talked about Internet fraud.

My dad--I've just introduced him to the Internet over the last two years. He says anyone who would invest in this stuff is crazy. So there are plenty of people out there who know this stuff is crazy. But, if you look at Systems of Excellence, there were more than 30,000 people who posted about this company that never sold a product. And it was a total out-and-out scam of which the primary parties involved are now all in jail, if not in jail, waiting to go to jail or just having gotten out of jail.

We've always talked about this--how do we get the message out? You have a feverish investor community who is making more than 30% on their S&P investment, so they're looking for more. They look for some of these untapped markets where the risk is much, much higher. With these microcap stocks, you're talking about very thinly traded securities, not much in terms of proven operations, and most importantly, a company that doesn't file any periodic reporting statements with the SEC.

Perlman: The whole source of information is what's being disseminated by the company or talked about in these chat rooms or possibly being discussed by these people who are touting or who are brokers. There's not a lot of independent information, or even information that has come under our scrutiny, out there.

Stark: Historically, there wasn't a way to find information about these companies. Again, I'm not disparaging all OTC companies; there are plenty of good ones. But now there's a whole new medium to very inexpensively, efficiently and quickly get the word out.

And people are trusting, so they believe what's out there.

Stark: Yes, but hopefully they'll be skeptical. You do see the skepticism--people when they send us their complaints [write], "This thing sounds like a total scam; here's why." But there are plenty of people out there who are trusting, too. If you watch "Dateline" or any of these news magazines, they put these poor victims up there, and there are a lot of elderly, for instance, who use the Internet.

Perlman: You have a lot of elderly people who have a lot of time. That's one of the biggest issues--the trust and benevolence issue. You get these people on the Internet, and they get an E-mail. These spams are unbelievable--they all look personalized--"We've chosen you to get involved in this once in a lifetime investment opportunity." Or sometimes they send spams--"Hey, there's this great deal going on, I'll seeyou at dinner tonight." You think you've received this thing in error. The reality is that you've been targeted.

[But] there are just as many elderly people saying, "This is bull. There's something wrong with this."

A healthy dose of skepticism.

Perlman: Exactly.

That's all we had for you. Thank you both for your time.