Gridlock on cyber laws likely to persist
- By Sean D. Carberry
- Dec 08, 2016
Botnets, ransomware, child pornography and other cyber crimes continue to proliferate. And the Department of Justice says despite some progress, existing laws and tools aren't up to the growing task.
Speaking at a panel discussion at the Center for Strategic and International Studies in Washington, Leslie Caldwell, assistant attorney general in the DOJ's Criminal Division, said that nearly all crime today relies on smartphones and online communications.
"Whether it's the drug dealer in Baltimore, the cartel leader in Mexico, the cyber criminal in Russia -- they're all using internet technology, and that's where our evidence comes from," she said.
"The problem we're seeing, is for various reasons those materials are increasingly unavailable to us, even when we have a warrant to get them," she added. "Companies are increasingly offering products with built-in technologies that preclude access to data even when we have a warrant."
Caldwell added that service providers are even advertising themselves as unavailable to comply with warrants.
In addition, she said there is the growing gray area of U.S. companies storing their data in other countries and often keeping that data in motion. Despite the growth of mutual legal assistance treaties with foreign countries, Caldwell said that existing U.S. law does not allow for access to the data of American suspects of cyber crime if that data is outside the U.S.
Caldwell said Congress must come up with a legislative fix to that problem, and find a resolution to the ongoing privacy versus encryption debate.
The panelist who followed her, however, expressed significant doubt that Congress is likely to make headway on cyber crime legislation anytime soon.
Carter Burwell, deputy chief counsel for Sen. John Cornyn (R-Texas), said that just on a practical level, the Senate will be busy next year with confirmation hearings and immigration reform.
However, he also said there are structural changes taking place on the Hill that will affect action, or inaction, on cyber crime legislation. Burwell said that Sen. Diane Feinstein (D-Calif.) taking over as ranking member of the Senate Judiciary Committee could shift the bias in the encryption-privacy debate towards law enforcement -- though he noted the House has a pro-privacy tilt.
Burwell added that "some law enforcement-minded [Senate] Democrats, I think, are starting to retrench from that middle ground because of the fear and uncertainty with the next administration," and the concerns about ceding a President Trump too much law enforcement power.
Panelist Amie Stepanovich, U.S. policy manager for Access Now, said that sentiment is not a function of Trump being a Republican. "A lot of that worry comes from statements he has made on the record," Stepanovich said, "on Twitter, in speeches, that are incredibly hostile towards human rights towards civil rights, towards the Constitution."
She said Congress also needs to take action to review and codify the amendments to Rule 41, which went into effect on Dec. 1 and allow the DOJ more leeway in applying for warrants to track hackers and botnets.
Panelists also stated that the Electronic Communications Privacy Act (ECPA), originally passed in 1986, needs substantial updating. Privacy advocates argue the law doesn't provide enough protections and judicial review to seek access to data, and law enforcement proponents say the act needs to be amended to provide access to overseas data.
"There is no greater area of gridlock than tech policy," said David O'Neil, former acting assistant attorney general for the DOJ's Criminal Division and now in private practice. "At the same time, deals tend to happen when both sides are very unhappy," and he argued both sides are unhappy with ECPA.
James Andrew Lewis, senior vice president and director of the Strategic Technologies Program at CSIS, voiced concerns that lawmakers might not appreciate the urgency of the situation. "We shouldn't delude ourselves into thinking that risk isn't increasing," he as said, "and these debates are useful even if they don't come to fruition because it helps us think through the problem, because the big fear is that there will be some crisis and then we'll overreact and do something crazy."
"The pieces are there and I think the challenge is whether or not Congress will deal with this in a thoughtful, reasonable fashion or if there will need to be a precipitating event," agreed Burwell.
Sean Carberry is a former FCW staff writer who focused on defense, cybersecurity and intelligence.