Beginning in late 2014, FBI and DOJ officials have sounded alarms about encryption, saying law enforcement agencies are increasingly “going dark” in criminal and terrorism investigations because subjects’ data unavailable, even after a court-issued warrant. Apple and Google both announced new end-to-end encryption services on their mobile operating systems, in part as a response to leaks about massive surveillance programs at the National Security Agency.
One recent criminal defendant described end-to-end encryption as “another gift from God,” Deputy Attorney General Sally Quillian Yates said during a speech last month. “But we all know this is no gift—it is a risk to public safety,” she said then.
Several encryption and security experts, as well as digital rights groups, have criticized the DOJ and FBI calls for encryption workarounds. “If it’s easier for the FBI to break in, then it’s easier for Chinese hackers to break in,” Senator Ron Wyden, an Oregon Democrat, said last month. “It’s not possible to give the FBI special access to Americans’ technology without making security weaker for everyone.”
So, I think I’ve made clear that we want your help. But we also want to help you. Last December, at the Legal Symposium on cybercrime on this campus, I announced that the department was taking the fight against cybercrime in a new direction. I announced the Criminal Division’s plan to work more closely with the private sector and federal agencies to address cybersecurity challenges. We created a hub for the Division’s cybersecurity work, which is the new Cybersecurity Unit in CCIPS.
Our reasons for creating the Cybersecurity Unit were simple. First, cybercrime and cybersecurity have always been linked. Vulnerabilities in hardware and software and inadequate implementation of security protocols are what facilitate cybercrime. The tradecraft used by cybercriminals tells us something about the state of cybersecurity.
In creating the Unit, we hope to use the lessons that CCIPS has learned and the skills that its prosecutors have gained from investigating and disrupting cybercrime to create actionable guidance and to support public- and private-sector cybersecurity efforts. Furthermore, by creating a dedicated Cybersecurity Unit we can better ensure that cybersecurity receives the consistent, dedicated attention that it requires.
CCIPS is well-suited to this task. Its expertise regarding the relevant laws is exceptional. They are the department’s experts in laws directly affecting cybersecurity, including:
The Computer Fraud and Abuse Act, which is often referred to as the “hacking statute;”
Statutes which regulate electronic surveillance and are implicated in all varieties of cybersecurity monitoring and intrusions detection technologies, such as the Electronic Communications Privacy Act, the Wiretap Act and the Pen Trap statute; and
The evolving constitutional, statutory and jurisprudential framework broadly relating to the collection and use of electronic evidence.
Moreover, CCIPS has extensive existing expertise in cybersecurity. For years, CCIPS has been providing other government agencies with legal advice on how to lawfully implement their cybersecurity programs.
CCIPS, along with others in the department, also frequently represents the Department of Justice in priority interagency efforts, often led by the National Security Council, on cutting-edge issues at the intersection of technology and criminal law, such as encryption. In addition, CCIPS provides guidance to federal prosecutors around the country on how technological trends – from the latest app to new social media – may impact investigations.
The US government seems to have a number of highly disparate cyber security efforts taking place simultaneously, and none of these tasks appear to be coordinated in any way, shape, or form. This is not good news.
As ACLU’s Jameel Jaffer pointed out, one of the IG report’s main conclusions is that FBI “did not identify any major case developments that resulted from use of the records obtained in response to Section 215 orders.”
Meanwhile, today Attorney General Loretta Lynch weighed in on the debate in Congress, claiming the exact opposite. She was quoted by CBS News as saying that if Patriot Act Section 215 expires: “[W]e lose important tools. I think that we lose the ability to intercept these communications, which have proven very important in cases that we have built in the past.” (emphasis mine)
Color my unsurprised there is a contradiction in reporting between the Inspector General and the Attorney General. Politics drives what the AG states whereas facts back up what the IG states.
Personally, I find it hard to believe the Patriot Act has ever had any direct correlation to a major conviction of any form of terrorism. It seems the FBI is using the Patriot Act for standard criminal cases rather than terrorism prevention, as it was originally designed by Congress.