This conversation is going to stay focused on the department of justices approach to data and technology policy. There Something Else going on . Deputy attorney rosenstein is going to stick to talking about those topics. With that i thought i would open with an issue that everyone in this room is talked about a lot and is familiar with on encryption. In a recent speech you talked about her support for encryption and the ability of government to access that information when needed. You also dont want the government to micromanage the engineering of technology. Can you maybe start us off by elaborating on striking the balance of privacy and Public Safety . Absolutely and i fully appreciate the perspective that so many have and from a Law Enforcement perspective as well maintaining confidentiality and electronic information is really important to us but the more we are able to secure information the less likely we are to have fraud cases and criminal referrals so encryption is really critical to data security. I also see Law Enforcement problems for example a sense of what i experience before he took this job i served as u. S. Attorney of maryland. We had a number of cases increasingly that arose during my tenure in 2005 to 2017 a witch data was inaccessible to Law Enforcement but was in some cases even representative criminal activity in and of itself so the point of the term we used for seeking responsible encryption is that yes the favor encryption but not encryption to the exclusion of Law Enforcement concerns. Its important for everybody involved to recognize if you have encrypted communications that are completely protected by Law Enforcement even with a legitimate Law Enforcement probable cause with a court order or warrant then you are going to be allowing criminal activity to occur without the ability of Law Enforcement response up on encryption protects information from being responsible in the sense that it remains available to log horsemen with a need ordered by a court. With the proliferation of interconnected devices some of said we are in a golden age of surveillance when it comes to what lott Law Enforcement has access to. We have more surveillance and we have been the past and will probably have more in the future as you describe people with cameras and Surveillance Systems and that sort of thing. Some people say they are so much Surveillance Technology that it overrides the need for Law Enforcement. I think those are two totally different issues. It is true that the availability of surveillance solves crimes and we might not have been able to solve previously so yes Surveillance Technology can be a valuable Law Enforcement tool but they are still going to be circumstances where must we are able to get access to encrypted devices we are not going to have evidence for crime. Take child pornography for example. They have surveillance at a particular place in a particular time that you dont have access to photographs are not going to have the evidence of the crime itself or imagine you are conducting an investigation of a violent criminal organization engaging an ongoing crimes of violence and you have a lawful court order to intercept communications and if you intercept them you might be able to save a life but you are not going to know about the planning and wont able to get there in time. Certainly chewed of Surveillance Technology enhances Law Enforcements ability to detect crimes but nonetheless its not a substitute for the ability to obtain access to devices that contain criminal activity. Will be your advice to protecting Consumer Privacy that also want, they dont want to distract Law Enforcement efforts. They are a tough spot. What do you think they should do . We are asking Technology Companies to consider the balance of not only the need for encryption which should be as secure as possible but consistent with a lawful court order. I fully appreciate the position of any Technology Company. It wasnt that long ago that responsible access was engineered into operating systems. They are still some in which it is. We think the Movement TowardLaw Enforcement proof encryption is actually going to be harmful to the longterm interests of Law Enforcement and citizens. I want to shift gears to one of the biggest things we are talking about pure crypto currency. The largest in the glow of Bitcoin Exchange was taken down by Law Enforcement last year. After that got 4 billion worth of bitcoin, most of it money laundered in some way, from ransomware tax or attack schemes. What is the biggest hurdle that Law Enforcement bases when it comes to the rise of crypto currency . Obviously it serves some general objectives but like most emerging technologies, criminals are often the first to jump on the bandwagon. They see this as an opportunity to move money. And without the ability to be detected. So criminals are essentially first and while there may be legitimate uses, there is something that many people who engage in transactions with electronic currencies. The challenge that we face is that the ability to follow the money is really critical to prevent a lot of crimes that are directed toward earning profits and so we have seen in these cases the one that you mentioned and others, people are using these crypto currency technologies to commit crimes. To extort money. The remains that will not be traceable. And then to launder the money so that they can shifted into account or places that they can take advantage of it. That is the big challenge with crypto currency. It is not going through National Institutions we are going to have difficulty tracking it and identify crimes. Also, it provides an opportunity for criminals to conceal income from taxation went of course is another challenge for us. I think were just really come to terms with this this is only a problem has emerged in the last few years in widespread use. It is something we will need to come to terms with. How the Justice Department tried to keep up with how fast the area is moving and the growth we have seen we have seen is surprising to all of us to request one is just keeping abreast of the technology. We do have experts in the fbi and department of justice, the Criminal Division as well as points of contact with each of the 94 us attorneys offices. Because we need people to keep up with the emerging technology. We did not learn these impossibly literal do not exist. And so really does require a focused effort by the Justice Department, fbi and other agencies to make sure they are hiring other people with the right expertise and finding the appropriate trainings so we are keeping up on emerging technologies and we have a sense of where the vulnerabilities are. Wanted to ask him a question before we open up to audience questions before we wrap up. Turning to data storage overseas into microsoft, Supreme Court which is pretty much by every Technology Company doing business around the world. And they will determine basically what Law Enforcement needs to do to retrieve digital evidence on foreign service. There is debate whether or not this is resolved in a court or by congress. How do you think we can finally get to a solution to this pretty complicated problem . I think as you know we are challenging initially, the decision and there are also proposals for legislative fixes this is actually where i believe to a large extent the interest of Law Enforcement and the Technology Sector are aligned. And Technology Companies have an interest in knowing what the rules are. What they can and cannot do with regards to the data and went to comply with subpoenas. I think this is an area where extent of the legislative solution, there really are opportunities for us to Work Together with the Technology Industry and make sure that we arrive at a solution that will be most efficient and will save everybody having to litigate this over and over again. Senator hatch has offered some legislation to this effect. Do you support that . Are there legislative vehicles after that you think would be Effective Solutions . There are proposals that we are considering within the department. I will not make any commitment to that but i do think that legislation is often an effective way to resolve these issues when there challenging technological developments. Really, they were considered this is one of the issues we raised regarding many of these judicial battles that we were applying statutes to novel technologies and new legislation that accounts for emerging technologies. It makes it much easier for us all. What would you say is the departments biggest challenge and what is the biggest threat when it comes to protecting the Digital Economy . Well, the biggest threat as you are recognized is the threat of cyber hacking and intrusions. You all have to deal with that on a daily basis. As you know, federal agencies are very much engaged. Working on their own and working in coordination with industry. To combat these threats. Some are from foreign state actors. Espionage efforts. Some of them are commercial hacking efforts. Some of them are criminals who are out to extract ransomware extort corporations. That is the biggest challenge we face. We need to continue to improve our cyber defenses so that we can help private sector protect themselves against these intrusions. But this is an ongoing battle and we will reach a point where you can say that we have solved it. There will always be criminals out there trying to find a way around. And that i think is the biggest challenge that we face in Law Enforcement but we are working cooperative with the private sector. Our goal is to make sure that we work with you to develop technologies and enable you to defend yourself so you will not need to call and ask after crimes have been committed and give separate intrusion. With that i want to show that we got to the questions. I remember that we are keeping the conversation remaining on the topic at hand. Go ahead. Hi. Ed black, ccia. You articulated very well the balance of encryption between security versus if you will, privacy and security. And whether there is a solution that is satisfying, i think the hard question to answer but hypothetically, if there was a solution that Law Enforcement pretty acceptable, who have a further battle, i think, International Context because riley have a great deal of process and procedural productions, the world is not in many regimes river us standard would be developed, would in fact be transferred globally and would have presumably whatever was the us, part of the protections is what would make it but that standard then becomes a de facto standard for the world and there are many regimes that would be grossly misusing that. I have two responses to that. The first is really challenge of major corporations are complying now. There are Companies Already that are making accommodations because they have to do it in order to do business in the countries that have different regulatory schemes than ours. But the second point i would make is that it is important to recognize this is an issue that gets lost in the rhetorical battle over responsible encryption. I am not calling for the government to possess the keys to use. I do not think the government should have the ability on its own to decrypt or break into encrypted devices. What we have in mind is a system in which the ability is retained by many factors. The keys are somewhere but they are emphatically not with the government. They would require a court order or appropriate process. With one third party or whether there with a provider. Those details need to be worked out. But the way we envision is working is not that the government would have the keys, they would not have the ability to break into devices. Im from the sunlight foundation. Thank you for your anticorruption work. We care about that a great deal. And a commitment to be more open and transparent with the public. One concern we have seems consistently in the groups we work with however, Public Access to Public Information. And legitimate diagnosis of vulnerabilities and Security Issues and web browsers or devices or hardware. We have seen unfortunately, prosecutors use the discussion they are granted on the computer part of abuse act in ways that concern is particularly with respect to the socalled white hats. People trying to diagnose find problems for the department of defense has had a very successful bug bounty that was put out. When they are encouraging the public to help them find issues. Would you support reforms in the act or offer guidance of the nation to Law Enforcement officials and make it clear that accessing Public Information and telling officials it is there is not a crime. And journalist document issues linked to them that they should also not be prosecuted for effectively telling the Public Servants that they have a problem to fix. Sounds very reasonable. And it is a loaded question. [laughter] i do not know what the hidden meaning is but generally i would say yes. [laughter] i think i have in fact talked about the dod model as being effective in encouraging people to come forward voluntarily and identified, that is how we find the. We want to find the before we are victimized. Generally, yes. There must be cases you have in mind where you thought there was a white hat hacker that was prosecuted. I would need to know the facts but as a general model yes, we do think that is a effective model. Encouraging people to come forward in a constructive way when they identify a flaw. Not trying to abuse or misuse it. In order to commit intrusions or infiltrations. Hi, amy, access now. I wanted to ask the flip side of eds question. Which is, not only will other countries essentially abuse any capability the us has but other countries are now using conversation happening in the eyes and this is been going on for the last few years. To justify implementing measures into their own laws where whether it is brazil, australia, the uk, china. That would limit the amount of security that Companies Offer their customers. And in my mind if theres anything worse than limiting the way users can be secure in the way it is living in different ways in different countries. Does the iso some International Obligation to the idea that hacking and corporate espionage and security is the biggest challenge that you are facing with the Digital Economy to try to make security better and not make it worse globally . Yes. [laughter] im not sure exactly what youre getting at but, yes. Thats what we talk about this in terms of balance. Absolutely, we are in favor of this encryption. There are experts who argue about whether or not what i have in mind is feasible. And i do not say that i am an engineer but there are experts say it is feasible. And it has systems. There is a symphony system for example used by some Financial Institutions in new york. We do have systems where you retain a high degree of competence and security of the system. But nonetheless, we preserve lawful access to regulatory and Law Enforcement purposes where there is a legitimate need. Attempted to more questions. David green with nbc universal. Mr. Deputy attorney general i wonder if you would speak about the priority of your department. With the issue of piracy content theft and whether that is an important issue for the department of justice. It is still an important as it was when you were there 25 years ago. One of my curly colleagues at the department of justice. We have not talked about the intellectual property but that is one of our top priorities. In fact recently, established intellectual property around the world announced identified ip coordinators that we set up with Detailed Department attorneys stationed in foreign locations to coordinate efforts in those areas. Because we recognize a lot of the threat comes from abroad. And intellectual property is critical to the success of american industry. Entrepreneurs deserve to know that we are going to do what we can to protect their intellectual property interests and so, yes we are concerned about piracy and our department Criminal Division does have experts who focus on ip and it continues to be a very high priority for us. One more. Kathy, attorney in private practice. My question going back to the Encryption Keys that you think would be a guess, retained by companies. How is a company to respond if they suffer a data breach and the only thing compromised is the key they have been holding onto . Well, obviously you try to prevent that. I am not an engineer. And so, certainly, i would acknowledge that having a cake with more risk than having no key. The question is, can you create or can you engineer a system that is sufficiently secure that there is adequate assurance that the keys will not be wrongfully access and if they were, somehow the provider or the third party lost control of them, we would have appropriate notice to prevent improper use of them. That is a challenge i think appropriate for engineers