Assistant Attorney General Leslie R. Caldwell Delivers Remarks at the 12th Annual State of the Net Conference
Washington, DC United States ~ Monday, January 25, 2016
Remarks as prepared for delivery
Good morning. The Attorney General apologizes for not being able to be here today. She was at the World Economic Forum in Switzerland – addressing cybercrime issues – and, unfortunately, unable to get back to D.C. in time for this because of the snowstorm.
Thank you, Tim [Lordan], for that warm welcome, and for your leadership of the Internet Education Foundation (IEF). I also want to thank the IEF for the invaluable services you have provided since your organization was founded nearly two decades ago – and that you continue to provide today. Through this conference series, you bring together industry leaders, dedicated experts and devoted public servants to explore how we can harness new technologies to build more empowered communities and a stronger nation.
As the Assistant Attorney General of the Criminal Division, my foremost task in the cyber area is the vigorous, fair and effective enforcement of our cyber laws. The Justice Department does that by finding ways to protect our networks against evolving threats, by thwarting bad actors online, and by ensuring that both our security and our liberties remain as strong in the digital age as they have been throughout our history.
Essentially, we are focused on a question that President Obama posed in his State of the Union address a few weeks ago: How do we make technology work for us, and not against us?
In our age of rapid change and constant disruption, that question is relevant to almost every aspect of our lives, including law enforcement and national security.
There is no doubt that technology has both expanded and complicated our capacity to detect, investigate and prosecute crimes. Today, by using new technologies, we can analyze some types of evidence with unprecedented speed and accuracy, and coordinate with partners around the world in real time.
But as law enforcers have become better equipped, so have the law breakers we’re working to disrupt. Digital technology has transformed how police and prosecutors do our jobs, but it has also transformed how wrongdoers commit their crimes. Our bank accounts and personal information now exist online, tempting thieves and fraudsters.
The greater anonymity of cyberspace gives cover to drug dealers and arms traffickers. Dark websites are used to circulate illicit content, like images of child sexual exploitation and stolen credit cards.
Communication is frequently by instant message and email, so there are no actual paper trails, but rather virtual ones in data stored on digital devices, hard drives and in the cloud. And it isn’t just criminals who exploit the Internet for nefarious purposes.
The web also hosts groups and individuals who seek to harm our core security interests – from state-sponsored hackers conducting economic espionage; to rogue militants and official cyber warfare units targeting our infrastructure; to terrorist groups plotting attacks, radicalizing recruits and spreading hateful ideologies.
These emerging threats require nimble, innovative and adaptive responses, and at the Department of Justice, we are committed to doing our part to ensure that law enforcement stays a step ahead of bad actors.
The FBI continues to investigate cyber intrusions and national security threats while monitoring individuals, organized groups and state actors who might attempt to steal sensitive data or inflict harm. We recently created a Cybersecurity Unit within our Criminal Division, staffed with experienced prosecutors fluent in the law, policy and practice of cybercrime prevention.
And the Bureau of Alcohol, Tobacco, Firearms and Explosives has established an Internet Investigations Center (known as IIC) where federal agents, legal counsel and investigators track and counter illegal online firearms trafficking. The IIC – which was highlighted in the president’s recent recommendations to curb gun violence – has already identified a number of significant traffickers operating over the Internet, and their work has led to prosecutions against individuals and groups using the “dark net” to traffic guns to criminals or attempting to buy firearms illegally online.
Of course, the Department of Justice’s work to combat cybercrime is enhanced through our collaboration with law enforcement partners in other agencies, such as the U.S. Secret Service and U.S. Postal Inspection Service. And we are working to enhance cybersecurity and information sharing through our work with the Department of Homeland Security.
These are important steps to protect our online information and to combat crime here at home – but with an entity as vast and complex as the Internet, we must also reach beyond our own borders to partner with other countries. And that’s exactly what we’ve done.
In the last fiscal year, the FBI’s Cyber Division embedded three permanent Cyber Assistant Legal Attachés in the United Kingdom, Canada and Australia to help facilitate information-sharing, improve cooperation on investigations and build even stronger relationships with our allies.
We recently placed a Criminal Division prosecutor with Eurojust in The Hague and one in Southeast Asia. These positions will help to facilitate information-sharing, improve cooperation on investigations and build even stronger relationships with our law enforcement partners in other countries.
We’ve also created a cyber unit in our Office of International Affairs (OIA) dedicated to responding to and executing requests for electronic evidence from foreign authorities – requests that have increased by 1,000 percent over the last decade.
To help manage that significant growth, we have been actively hiring additional attorneys and professional staff for OIA’s Mutual Legal Assistance Treaty Modernization Project, and we hope to continue expanding our ability to help our overseas counterparts. And we are providing critical, real-time assistance to foreign counterparts through the 24/7 Points of Contact Network established by the Group of Seven Nations and by the Budapest Cybercrime Convention – a convention that, I am pleased to note, continues to be joined by countries around the world committed to fighting cybercrime.
Partnerships like these don’t just cultivate closer connections with our friends and allies – they also get results. In 2012, we participated in a multinational sweep of child-pornography websites, ultimately dismantling more than 200 websites that sexually exploited children.
In November 2014, we joined more than 15 countries under the auspices of the European Cybercrime Centre – or EC3 – to launch Operation Onymous, which shuttered a number of so-called “dark market websites” peddling drugs, weapons, stolen credit card data, fake passports and computer-hacking tools.
And this past July, our joint effort with EC3 shut down the Darkode hacking forum – an underground site where hackers convened to buy, sell and trade malicious software, botnets, intrusion tools and stolen personal information. That operation involved a coalition of 20 nations, led by the U.S. Department of Justice and EC3, and allowed us to charge, arrest or search 70 Darkode members and associates around the world.
The Justice Department will continue to work with foreign law enforcement agencies to prevent and prosecute groups and individuals that illegally use the Internet for crime and exploitation. Of course, as we seek to ensure the safety and integrity of our devices, databases and networks, it is crucial that we work closely not only with other law enforcement officers, but also with the people who create and design these products themselves – the executives, entrepreneurs and engineers who make America’s tech sector the envy of the world.
Our collaboration has been instrumental in a range of important victories, including the takedown of the GameOver Zeus Botnet, an operation in which technology and data-security companies played an invaluable role. We are committed to building on those successes by maintaining strong partnerships with the private sector.
That’s why the department has placed a high priority on entities like the FBI’s National Cyber Investigative Joint Task Force, which enables collaboration across government to respond to computer intrusions and attacks, and the National Cyber-Forensics & Training Alliance, which brings together law enforcement, private partners and experts in academia to address the cyber threats we face together.
And it’s why the Attorney General and I have been meeting regularly with industry leaders to foster cooperation and discuss urgent issues – including last week at the World Economic Forum in Switzerland, where the Attorney General joined with industry leaders to endorse five recommendations for enhancing public/private partnerships to fight cybercrime. We will continue to reach out to representatives of the tech industry, and our door is always open to new ideas for combatting cybercrime and online extremism.
One area where cooperation between the government and the private sector is especially important is in addressing the growing problem of the government’s inability to obtain critical information in electronic form even when we have court authorization to do so. This is the problem known as “going dark.”
While investigations used to rely on physical evidence – like handwritten notes, or documents stored in filing cabinets – as you can imagine, in the 21st century that kind of evidence is growing scarce. Our ability to track and prosecute criminals now often depends on instant messages, emails and other forms of digital information. In fact, nearly every criminal investigation we undertake at the federal level relies on electronic evidence.
But as new ways of using encryption become an increasingly standard feature of personal electronic devices and messaging platforms, companies are losing the ability to respond to lawful processes. Those materials are increasingly inaccessible to law enforcement officers, even when we have a warrant to examine them. And we find ourselves facing obstacles which can stop our investigations and prosecutions in their tracks.
The security of our online information is critically important, and so is the legal process that protects our values and our safety. These are complementary, not competing priorities. After all, digital security is a vital tool, but it is not a cure-all – especially when it impedes our ability to protect ourselves and each other in the physical world.
The Department of Justice is completely committed to seeking and obtaining judicial authorization for electronic evidence collection in all appropriate circumstances. But once that authorization is obtained, we need to be able to act on it if we are to keep our communities safe and our country secure.
From gang activity to child abductions to national security threats, the ability to access electronic evidence in a timely manner is often essential to successfully conducting lawful investigations and preventing harm to potential victims.
As FBI Director [James] Comey recently said, in May, two terrorists attempted to kill a lot of people. One of the terrorists exchanged 109 messages with an overseas terrorist. We have no idea what he said because it was encrypted. That is a big problem. We have to grapple with it.
That’s why the Justice Department and organizations like the International Association of Chiefs of Police, the National District Attorneys Association and the Major Cities Chiefs Association feel strongly that there needs to be a way for law enforcement to retrieve critical information in cases where it’s necessary and authorized. We are committed to working with innovators, leaders and problem-solvers like you to figure out how we can best meet this public need together.
Of course, our interest in working together with you extends beyond this particular issue. The Internet has so fundamentally changed the way we live our lives that there are times when institutions like law enforcement must evolve. And as we seek to adapt to this new reality in a wide variety of ways, your creativity, your expertise and your leadership can help us ensure that the innovations we enjoy will benefit and protect the American people – and not those who would harm them or their liberties and rights.
We understand that this is no easy task. These are novel and difficult challenges. But what makes us confident about our ability to succeed is that, throughout our history, this country has always found a way to move forward while retaining the values that make us who we are. We are certain that we will do the same in the digital age. And together, we will build a brighter, safer and more prosperous future for all.
Thank you for your ongoing cooperation in that effort, and for your commitment to our shared goals. I look forward to all that we will accomplish – together – in the weeks and months ahead.