Cybersecurity

Gridlock on cyber laws likely to persist

Shutterstock image. Copyright  enzozo. 

Botnets, ransomware, child pornography and other cyber crimes continue to proliferate. And the Department of Justice says despite some progress, existing laws and tools aren't up to the growing task.

Speaking at a panel discussion at the Center for Strategic and International Studies in Washington, Leslie Caldwell, assistant attorney general in the DOJ's Criminal Division, said that nearly all crime today relies on smartphones and online communications.

"Whether it's the drug dealer in Baltimore, the cartel leader in Mexico, the cyber criminal in Russia -- they're all using internet technology, and that's where our evidence comes from," she said.

"The problem we're seeing, is for various reasons those materials are increasingly unavailable to us, even when we have a warrant to get them," she added. "Companies are increasingly offering products with built-in technologies that preclude access to data even when we have a warrant."

Caldwell added that service providers are even advertising themselves as unavailable to comply with warrants.

In addition, she said there is the growing gray area of U.S. companies storing their data in other countries and often keeping that data in motion. Despite the growth of mutual legal assistance treaties with foreign countries, Caldwell said that existing U.S. law does not allow for access to the data of American suspects of cyber crime if that data is outside the U.S.

Caldwell said Congress must come up with a legislative fix to that problem, and find a resolution to the ongoing privacy versus encryption debate.

The panelist who followed her, however, expressed significant doubt that Congress is likely to make headway on cyber crime legislation anytime soon.

Carter Burwell, deputy chief counsel for Sen. John Cornyn (R-Texas), said that just on a practical level, the Senate will be busy next year with confirmation hearings and immigration reform.

However, he also said there are structural changes taking place on the Hill that will affect action, or inaction, on cyber crime legislation. Burwell said that Sen. Diane Feinstein (D-Calif.) taking over as ranking member of the Senate Judiciary Committee could shift the bias in the encryption-privacy debate towards law enforcement -- though he noted the House has a pro-privacy tilt.

Burwell added that "some law enforcement-minded [Senate] Democrats, I think, are starting to retrench from that middle ground because of the fear and uncertainty with the next administration," and the concerns about ceding a President Trump too much law enforcement power.

Panelist Amie Stepanovich, U.S. policy manager for Access Now, said that sentiment is not a function of Trump being a Republican. "A lot of that worry comes from statements he has made on the record," Stepanovich said, "on Twitter, in speeches, that are incredibly hostile towards human rights towards civil rights, towards the Constitution."

She said Congress also needs to take action to review and codify the amendments to Rule 41, which went into effect on Dec. 1 and allow the DOJ more leeway in applying for warrants to track hackers and botnets.

Panelists also stated that the Electronic Communications Privacy Act (ECPA), originally passed in 1986, needs substantial updating. Privacy advocates argue the law doesn't provide enough protections and judicial review to seek access to data, and law enforcement proponents say the act needs to be amended to provide access to overseas data.

"There is no greater area of gridlock than tech policy," said David O'Neil, former acting assistant attorney general for the DOJ's Criminal Division and now in private practice. "At the same time, deals tend to happen when both sides are very unhappy," and he argued both sides are unhappy with ECPA.

James Andrew Lewis, senior vice president and director of the Strategic Technologies Program at CSIS, voiced concerns that lawmakers might not appreciate the urgency of the situation. "We shouldn't delude ourselves into thinking that risk isn't increasing," he as said, "and these debates are useful even if they don't come to fruition because it helps us think through the problem, because the big fear is that there will be some crisis and then we'll overreact and do something crazy."

"The pieces are there and I think the challenge is whether or not Congress will deal with this in a thoughtful, reasonable fashion or if there will need to be a precipitating event," agreed Burwell.

About the Author

Sean Carberry is a former FCW staff writer who focused on defense, cybersecurity and intelligence.


Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.