You have to start looking for your next job, which i was. Financebackground in and i am a cpa and so i said i would be a perfect commercial litigator, so i thought. I was interviewing with the chicago law firms, the large ones. The largest law firms then had 230 partners in them in the chicago area, to show you how things have changed. Wrung my hands on whether or not i wanted to give that much but here i am 30 years later. It has gone by very quickly. I have enjoyed it immensely and would not have traded it for any other opportunities in the world professionally, showing how little i know, which leads me to a Public Service announcement within my Public Service consulnt which is of the fbi, we have 194 oforneys in three branches National Security, cyber law, and the investigative Administrative Law branch. They deal with a large number of issues, just like any corporation would. Have 15 vacancies. There is a rigorous process with a polygraph and a background check. It cant be that hard because i passed it. We are always looking part smart, ambitious attorneys looking for an exciting career. You will not find a better mission in any institution in the United States for protecting the people of the United States and upholding the constitution. It greets our employees every day walking into the building. The fbi has been in the news occasionally lately. Will try some topics i and discuss. Talk onecent is a judge found that revised procedures we submitted were not appropriate. They were inconsistent with requirement to keep records of each u. S. Person. In the queryuate justifications and there were 7020sistent with section 702e. Recordsretain querying in a matter that differentiates between u. S. Persons and others, a written justification for a u. S. Person query before the agent or the employees reviews the content retrieved by the query. We are in the process of making technical changes to the system and the training we provide to our agents. I would like to talk a little bit about some things involving our query procedures and the opinions that are not in the opinion. The opinion was team was compliance started to evaluate how we can improve our query procedures. The fbi takes very seriously its responsibilities and we took this as a proactive step, separate from our decision to appeal because of our commitment to compliance. Frequently saw, dozens of times, we need to do the right thing the right way. And that was all in his records that. Important foris congress and the American Public in our confidence procedures and compliance rate. As i said, the judge approved the modified procedures with new requirements which means we are now consistent. The Compliance Team will continue its work and evaluate whether additional steps beyond the new compliance can lead us to address further concerns. Opinion discussed the fbi policy on queries because it is routine in and and encouraged process in furtherance intelligence of Law Enforcement activities. The judge recognized there was attention created between encouraging fbi personnel to routinely query the collection and honor to proactively identify threat information in the collection and the need for those personnel to comply with query standards. Fbi personnel attempted to proactively identify threats the bureau was unaware of. One of the compliance incidents involved queries of individuals who were in a position to exploit what the bureau believed was a vulnerability. Other incidents involved proactively venting specific individuals in order to determine threats posed by disclosing classified Sensitive Information to them. Those incidents involved humanial Confidential Sources or potential recipients of classified pfizer orders fisa orders. The policy of encouraging queries of our collection is out of Lessons Learned from 9 11 and the fort would attack. Hood 11 commission fort attack. The 9 11 commission and the Fort Hood Commission talked about encouraging the bureau to develop a federated search capability to facilitate the identification of threat information queries. Beenrically, the view has that the more queries the bureau ones the greater the likelihood it will identify threat information. But we recognize it is important that everyone of those queries has to be consistent with our procedures. The fbi had to strive to stay within that middle ground, where we are aggressively looking for threats to the American Public in our 702 collections without buying the query standard. If they are not aggressive enough, the American Public is at risk. If we are too aggressive, we will have complaints incidents erode the confidence we so need from the congress and American Public. That is why the middleground is so important and we are committed to stay within it. To change policy, it could impact our ability to notify threat information. It also identified applications in applying this query standards and suggested that Bureau Personnel we not necessarily understand the likely to retrieve standard which is a query has to be reasonably information ofn a crime performed intelligence information. Intensive which means the application can be challenging and reasonable minds can disagree. The most obvious way to address that concern is to additional training which has been one of our focuses for some time. For more than a year, the department of justice have been giving training on the query standard to fbi personnel and various field offices. The fbi rolled out new mandatory fisa training that will focus on the query standard. Which is to enhance understanding of the query standard and have them differentiate the Compliance Review Team will continue to evaluate whether additional after we gocessary live. Expires in december and has three primary authorities section 215 Business Records, roving wiretaps and a provision that applies to numa nonu. S. Persons of International Terrorism with no requirement to show connection to a foreign government. I will go into more detail on those. They are expiring and it is critical to what we have available for our security investigations. The bureau has a solid yearslong record of successfully using both the Business Records provision and the roving wiretaps provision. These provisions are integral to our investigations here they provide the Building Blocks in many cases and the ability to keep pace with the threat and to avoid missing critical intelligence. Provisionss record deals primarily with trans actual events. That is electronic communications, transactional records, visits records, such as hotel receipt, Storage Facility receipts and flight records. These types of records are collected in virtually every single criminal case. The fisa Business Record requests are court reviewed. They must find reasonable ground to believe the records are relevant to an authorized investigation. In almost every respect, these requests are similar to a grand jury subpoena that does not undergo court supervision. Likewise, the roving wiretaps are subject to Court Approval and supervision. The fbi has to show its specific target of a fisa investigation order engages actively in activity that is thwarting our surveillance. If the fbi makes such a showing, the fisc can authorize surveillance that will allow the target, even if you take steps to avoid that surveillance, such as burner phones. Authority isving substantially the same of that which is used in a title iii wiretap. Provision is very limitedbut its applicability does not does diminish its utility. Lone wolf can be used for surveillance only of nonus person. It allows the bureau to obtain a fisa order targeting nonus person engaging in International Terrorism or the preparation thereof, even if the bureau cannot show the target is doing that on behalf of a foreign power, and that is its Real Advantage for us. We all know that self radicalization is on the rise. We are seeing more and more homegrown loan actors. These extremists can be inspired to act on behalf of a foreign power, such as a terrorist group , but rather than being directed to do so, this increases the likelihood that the fbi will need to rely on the lone wolf provision in the future. Now i would like to move to cyber just a little bit. Me whatrequently ask has changed in the law and the 37 years i have been a lawyer. I have very easy answer. There are two things. Evidence and just the digital footprint that affects us all instead of at one time talking about evidence as a number of boxes. Now we talk about gigabytes and terabytes. The other aspect that i wont address today but certainly is part of your program is the international effect. Back in the mid1980s, when we mlab, and now, it seems as though every investigation revolves involves some type of evidenceon of foreign. Explain what that is. Is a a treaty which somewhat cumbersome process that allows us to receive evidence from a foreign nation. Time. Es a great deal of is part of the interest of the cloud act and we are hoping as we move forward that it will solve some of those problems of foreign evidence easier. So cyber and encryption isllenges the challenge Cyber Technology is enabling criminals and foreign adversaries. There are new venues of attack, greater attack surface from any location near or far from our target. There is a low cost barrier to entry, it is easier to mask or hide the attribution, and the tools are cheaply and widely available. Mercenaries who are for higher. This affects everyone, even those who may never own a computer or a cell phone because the attacks are on the power ,rid, Critical Infrastructure thirdparty protection of pii. Health records and financial records. Against as occurs background that has many tools for cybersecurity. Technical tools of an chrisman, of encryption, firewalls, vulnerability patching, cyber Threat Hunting and air gapping, legal restrictions, bands, sanctions, supply chain requirements, regulations, and contractual agreements. Policy and process, social media, and the terms of use policies, Incident Response ,lan, identity and management dual approval requirements and restrictive assets access. The training that all of us do in all of our entities, information sharing that we have on these threats, but a lot of focus today is on the issue of legal access and i will echo some of attorney general barrs and director raise recent statements. Ts recentr wra statements. T provides privacy benefits most secure communications, networks, data storage, online transaction protects personal encryption also enables terrorists, criminals, and foreign adversaries. It allows the Sexual Exploitation and abusing toldren and those conspiring commit crimes for terrorist attacks, radicalization, stealing intellectual property and undermining our Democratic Values and institutions. Encryption leaves Service Providers unable to produce readable content in response to requests,rt ordered wiretaps or search warrant based on probable cause. I will repeat that. They cannot respond to court orders for readable content. It impacts communications in transit stored in digital data. It creates a law free zone for committal behavior. Said, attorney general making our Virtual World more secure, no one argues with that. But making our Virtual World more secure cannot come at the expense of making us more vulnerable in the real world. Barely a week those by that the fbi does not get confronted with an investigation impacted by encryption. , realare real concerns problems. The state and local Law Enforcement authorities are hurt worse because they have less tools to address it. These problems concern mexican cartels, who use whatsapp for encrypted communication to coordinate drugs and the murder of police officers. Garland,attacks in texas, where two islamic anremists carried out attack, one terrorist exchange 100 instant messages with an overseas terrorist using apps. End encryption thetill cannot determine messages come which could have been helpful. The fifth deadliest shooting in u. S. History at the time, even with more advanced commercial tools, 600 plus days later, the drill is still not able to crack the cold to access the gunmans code. With todays capabilities, it could take years to unlock the device. Gang activity and murders use encrypted apps to greenlight assassinations. This is not theoretical problem. But there is a positive engagement we have two improve public safety. With access to such communications and with the cooperation with Communication Services and their platforms, we have achieved great success. Attorney general barr and others have commanded facebook in the letter to the ceo, noting that facebook made 6. 8 million reports to the United States senate of missing and exploited children. More than 90 of the 18. 4 ,illion total reports that year facebook acted against 27 million pieces of terrorist 2017 andetween october march 2019. More than 99 of the content facebook took action against, both for child Sexual Exploitation and terrorism, as identified by its system rather than users reports. Facebook implements its end and communication as planned and to end communication, 12 million reports globally would be lost. Forward . He way some suggested the government could use metadata. I can tell you from personal experience as an investigator and a prosecutor, metadata is not equal to content and is not equal the value of content. Some suggest we could use Artificial Intelligence to advance our use of metadata. That simply over simple phis the oversimplifies the problem and does not solve the problem. Metadata cannot go indepth. No one in Law Enforcement believes metadata can replace content. In the metrics dont speak for themselves. There is no barometer that can measure the value of cybersecurity against the value of preventing child abuse, mass shootings, and terror attacks. Legislation, we look to the Technology Providers to help and accesslic safety to information needed in criminal and National Security investigations. American technology has the skill and the ability to determine how to best design products that will allow for lawful access when needed. Said,orney general barr whatcom to civil society. We regularly expect and often mandate if necessary that our Companies Take steps to ensure products and services do not impose negative externality on the public. The department of defense does this when it implements its requirements for cybersecurity standards on all of its contractors. The standards only describe cybersecurity goals. They dont prescribe the tools or processes. Each can be designed in its own approach. Must be an analysis of the relative cost and benefits to society. It is not reasonable to incur massive further costs to move slightly closer to a perfect cybersecurity at the cost of a massive degrading of public safety. The fbi has started to hear from crypto experts and there are solutions that can account for some cybersecurity and the need for lawful access. Vulnerability even with encryption. The residual risk of honor ability resulting from incorporating a lawful mechanism has not been shown to be materially greater than those that are already in an unmodified process. At 12 44. On time i hope during the rest of your conference, because there were some things i didnt get to, specifically i mentioned economic espionage and maligned foreign influence on elections. Two issues that we are dealing with every day at the bureau, as our our friends in the intelligence community. Thank you. [applause] in the interest of time, we are not going to take questions because we have to clear the table. 1 00. Xt will take lace at i would be happy to take a question. I may not answer, but i would be happy to take it. Any questions . Glenn, you dont have a question . Thank you, glenn. Dunlop, can we make it synced and to the point succinct and toce s the point . What about companies who choose to market encrypted devices . If the encrypted device is found in connection with a criminal act terrorist act, by effective there is a statutory presumption which used to facilitate the crime creating abilities and companies can build that into the cost of their device . It is a legislative issue. As it stands right now, have not heard that as a proposal. It may be as a legislative proposal. What strikes me is it would be very difficult to put the proper guardrails on. That would be interesting to see such a proposal. Nt want someone who we dont want to stifle it too much. I would like to see the details of it, but i am having a hard time imagining it. Will present you with the famous coin that gets you out of jail and also a refreshment. Thank you. [applause] [indistinct conversations] [captioning performed by the national captioning institute, which is responsible for its caption content and accuracy. Visit ncicap. Org] live picture from concord, new hampshire. Former Vice President joe biden is set to hold a Campaign Rally with voters and supporters which is expected to start in 10 minutes. We will have a live here for you on cspan. From the American Bar Association discussion on National Security, more now. We are going to run this like a fireside chat. We do not have a fire or wingback chairs, but i want you to use your imagination. We will have more of a dialogue. If you have questions, you should engage for the last 30 minutes. John, is it anything on the cutting floor of 60 minutes that you would like to replies reprise for this group . I think it went well good i will leave it the way it was edited. It was the second case on 60 minutes in the last year, both having to do with espionage. One chinese and one russian. A good indication of the kind of activity we are seeing these days stateside also the level of interest in media, which is very different from the last time i was in the National Security division when this was a counterterrorism job. It was 95 counterterrorism, post 9 11 al qaeda focused responsibility. That is a big shift over the last 10 to 12 years in the work of the division. One of the questions we all the nsg has been active in the china prosecution issues. You have done the china initiatives. What do you see as the goal of consider success as you go forward . Ways to are a lot of measure success in this space. Let me step back for those who are not familiar with what we have been doing their. It is something doing there. It was something that was done to focus on chinese espionage and particularly economic espionage and it to and intellectual property for their Economic Development and plan. It was a result of intel we were seeing in the morning briefing from the intelligence communities and wanted to do something about what we were seeing in terms of chinese activity. Ishink the success ultimately we will continue pursuing these cases as long as they continue pursuing their bad behavior. Success ultimately will be a change in behavior. That is a very long road and is not something that will be done alone by the justice department. It will take other agencies of the commerce, treasury, state, all focused on the issue of chinese intellectual property theft from u. S. Companies. Sense, then a micro number of cases we are bringing in any given time period have increased significantly. Think withely i any prosecution, what youre trying to do is change behavior and that will be ultimately how we measure success in this area. One of the issues raised for people in private practice is the Risk Management and supply chain. When there is penetration and how they can share information without fear of being victimized and a second way when they share the information. What is the philosophy you are bringing to bear on those issues . One of the goals of this initiative is meant to increase outreach to the private sector. My predecessor did a lot of this when he was in this job. We are very sensitive to the concerns the private sector has about coming forward. Understand, having been on the other side of this equation and figuring out when you involve the government and something an employee has done when you are the Victim Company and when not to do that in some of the different considerations that go into it. I often use i will start generally and use one example. Tentatively atas as sensitively as we can when Companies Come forward. One is, do i really want the fbi rooting around in all of my files . The answer is no in general, but we can work with companies. You never know what you will find. With companies and we dont want to burden them with having to spend a lot of resources in our investigations. We want to ensure them we are not there to root around looking generally for other criminal activity but we are focusing on that investigation. The biggest concern is will i be identified . That is something we really work on. We can and have charged any number of cases without identifying the target company. If the case goes to trial, at a certain point you do have to identify. That is something we cant keep forever but we can keep it for many steps along the way. Over the years, companies have gotten more comfortable being identified. Part of it is, there was a time i remember way back with one of the first data breaches, i think it was t. J. Maxx, and people would say, i am never going to shop at t. J. Maxx before. But if you didnt shop at every store that had a cyber breach, you would be buying your close at a used store down the street. The breaches are all over the place. There is not the same fear about having your self identified as having been breached, although there is still some sensitivity for sure. The best thing to do is the one who can show that we are not shut the door after the horse has escaped, but help you prevent future harm. An example of that is a case of macron, in this area, a memory ubiquitousthat makes memory chip. Import all of theirs and they dont have a domestic producer. A few years ago they set a goal to have domestic production. They invested 6 billion to set up a company to manufacture the dram. They set up the company and one problem was they didnt have the intellectual property to produce the chips. The way they were going to get this is they were going to steal it. They stole it by encroaching employees of a taiwan subsidiary of macron to come over and enter pass the information to the company and they were going to do a joint venture. Macron noticed what happened. They went immediately to the fbi and federal government. They cooperated extensively. They have been very vocal about that cooperation. The result of that was not only were the individuals charged here in the u. S. And taiwan by the government there, the , theny itself was charged Chinese Company, and most significantly is that the Chinese Company was placed by the Commerce Company on the banned list. The results of which was they couldnt import the tool they needed to import the parts. That 5 billion Chinese Investment is empty and macron isnt facing a chinese competitor who has stolen their are pretty in order to compete with them. When you can tell those stories, and they dont always happy and they do require companies to come forward early. When you have the stories, and you are on the other side, the Company Government can help prevent some harm that can result from theft. That is the persuasive thing for companies. Timing and judgment, work at boeing and you left. One issue is Understanding Technology and we have the general counsel of the fbi here for you. One of the issues he was talking about is trying to figure out what happened with the pfizer that isd the fisc coming. What is your department saying about why that is an important tool in basing nsd, what tools are critical and what tools do you want . Do you think you have enough tools to achieve your goals for the department . That is a question we constantly ask ourselves. First office i laid out. The thinking about that office was you cant have operational people responsible for policy because the policy never gets done because of the demands of the operation. You need to set aside an office of folks who can just pick about that. That is a constant question for us. , 215, a. S. Freedom act Business Records provision of fisa, anything you can get with on the fisa and side you have to get a court order, on the grand jury side, you just have to get a prosecutor to sign a subpoena. Authority so people are swapping out cell phones and evading surveillance and you can continue without going to the court ahead of time, and then lone wolf, a provision we have andsed and i equate lone wolf means we cannot tie them to a terrorist organization i think of that as the fire extinguisher in my kitchen. I am never used but i am darned glad i have it there in case i need it. Those are the three that are up for renewal. Those three provisions are just the most basic and noncontroversial provisions you could use. They have clearly analyzed all of them on the criminal side. Those provisions, one has never been used and the other two have not been the subject of abuse or misuse. Thecontroversial piece of freedom act which is what grew out and is the authority that we used in the past to get all metadata records. The administration is asking for that authority to be renewed and though it is not being used right now. Renewed isr it to be that the National Security landscape is an everchanging one and we dont want to be caught without authority if the need for that authority arises in the future. Inse are all pending congress right now. There was a Senate Judiciary hearing yesterday. It was a closed briefing today. The discussions keep going with different a difficult legislative climate. We have Young Lawyers in the audience and you have seen the ark of technology during your career. Is the requirement for Young Lawyers coming into the National Security arena . What technological background do you think you are looking for when you are hiring now at nsd . What is amazing about this space is how much has changed in 20 years. I went to law school and when you went, there was a lot of National Security as an organized field of study. Today, everyone has a jd and this program and that program and they are much more knowledgeable and sophisticated about National Security law. The lesson for me and all of this i didnt think i was going to law school to be a National Security lawyer and most of us in the room probably didnt, although some may have. Has. Ess it was 9 11 that change the world for so many of us professionally and personally. Being open to all of that. All to takeneed you out your phones just like this. Open the messaging app on the sign they are holding. Nh 2303300, text to 30330. The only way we can win is if we knock on doors and talk to every single person
comparemela.com © 2020. All Rights Reserved.