Federal Law Enforcement Highlights Cyber Threat at Seattle Conference

SEATTLE—The head of the Justice Department’s National Security Division reiterated to an audience in Seattle Thursday that threats posed through cyberspace are expected—in the not too distant future—to become the number one threat to our nation’s security. Assistant Attorney General Lisa Monaco presented the keynote address at the 2012 Cybercrime Conference hosted by U.S. Attorney Jenny A. Durkan and the U.S. Attorney’s Office for the Western District of Washington.

“Cyber threats are rapidly evolving. They impact our daily lives, our economy, and our personal and national security. We will use every means to detect, disrupt, and defend against this growing problem,” said U.S. Attorney Jenny A. Durkan. “Fortunately, we are bringing the right people with better tools to the fight. To confront the cyber threats, we need to ensure that law enforcement, private industry, and our international partners are sharing information, working together, and coordinating responses.”

In the lead-off panel, titled “Cyberthreats and National Security: A Convergence,” Assistant Attorney General Monaco described how the Internet is being used not only to facilitate bomb plots and other terrorist operations targeting the United States, but it is also being used for espionage and cyber intrusions aimed at obtaining American economic, commercial, or trade secrets.

Both Hugh Dunleavy, Deputy Assistant Director of the U.S. Secret Service, and James Burrell, Deputy Assistant Director of the FBI’s Cyber Division, described how “hackers for hire” can be used by nation states to attack the U.S. and American industries. “They don’t care who hires them; they just care about the money,” Deputy Assistant Director Burrell said. Deputy Assistant Director Dunleavy said most of the data breaches occur via servers and more than two-thirds of the breaches are traced to hackers in Europe. All the members of the panel agreed it is critical to have international relations in place to be able to investigate and prosecute cyber criminals.

“There is no such thing as a local cybercrime,” Assistant Attorney General Monaco said. “The hacker has probably touched three continents before he skims your bank account.”

U.S. Attorney Jenny A. Durkan is chair of a DOJ committee on Cybercrime and Intellectual Property Enforcement. The Cybercrime Conference is an annual event bringing together leaders in technology from the private sector, government, and law enforcement.

The conference, attended by more than 200 people, touched on a variety of issues. Some of the panel discussions are summarized here:

In “Privacy Under Attack: Government or Industry, and the Need for a Privacy Bill of Rights,” five experienced panelists from the FTC, DOJ, Center for Democracy and Technology, and industry discussed the changing landscape of privacy rights and protections in an age dominated by social media and mobile devices filled with apps that collect users’ personal information. While the panelists all agreed that big data is a modern reality, they debated how to best maximize its beneficial uses while minimizing intrusions on personal privacy. The debate included a robust discussion of how and when consumers should be notified that their information is being gathered, and how their consent should be obtained to use that information.

In “Computer Searches in the New Millennium: The Collision between the Fourth Amendment and Computer Forensics,” the panel reviewed the Ninth Circuit’s landmark decision in United States v. Comprehensive Drug Testing and debated the need for special rules governing the execution of search warrants on computers and whether such rules are required under the Fourth Amendment. The panel also discussed the efficacy and practicality of such rules in the context of computer forensics.

In “Getting Ahead: Joint Cooperation in Response to and Prevention of Cyberthreats,” panelists discussed implementing better methods of sharing information between researchers, law enforcement, and industry in an effort to assist in identifying threats, mitigating the harm caused by cyberattacks, and bringing the wrongdoers to justice, with a special focus on several of the practical and legal limitations on such information sharing.