The Cybersecurity Law Report

Incisive intelligence on cybersecurity law and regulation

Articles By Topic

By Topic: FBI Enforcement

  • From Vol. 4 No.22 (Jul. 25, 2018)

    Implications of the Supreme Court’s Carpenter Decision on the Treatment of Cellphone Location Records

    According to the U.S. Supreme Court, historical cellphone records deserve more stringent protection than other customer information held by service providers. In Carpenter v. United States, the Court recently ruled that the collection of historical cell-site location information during a criminal investigation is subject to Fourth Amendment “search and seizure” protection and that the federal government generally needs a warrant to access such records. The decision may have been a victory for privacy advocates in theory, but what does it mean on the ground for government investigations and the companies that handle this and related data? This article analyzes the decision and its implications with insight from our experts. See also “How to Respond to Law Enforcement Demands for Geolocation Data and Data Stored Abroad” (Nov. 30, 2016).

    Read Full Article …
  • From Vol. 3 No.8 (Apr. 19, 2017)

    Goodbye to the Blame Game: Forging the Connection Between Companies and Law Enforcement in Incident Response

    Organizations can benefit from working with law enforcement after a breach. However, only 20 percent of organizations that have suffered a breach are reaching out to agencies like the FBI due, in part, to the fear of loss of control and concerns about attorney-client privilege, explained James Trainor, former lead of the FBI’s Cyber Division who joined Aon’s cyber solutions group as SVP in October 2016. The Cybersecurity Law Report interviewed Trainor at Skytop Strategies’ recent “Cyber Risk Governance” conference. He shared his experiences and opinions on the benefits and challenges of working with law enforcement in a breach situation, the Yahoo indictment and how to handle ransomware. See also “Law Enforcement on Cybersecurity Matters: Corporate Friend or Foe? (Part One of Two)” (Jun. 22, 2016); Part Two (Jul. 6, 2016).

    Read Full Article …
  • From Vol. 2 No.22 (Nov. 2, 2016)

    FBI Veteran Discusses Using Law Enforcement’s Cyber Resources to Improve Security and Obtain Board Buy-In

    One key to smooth relations with law enforcement after a breach is establishing a connection before there is any trouble, John Riggi, now a managing director at BDO and the former Chief of the FBI’s Cyber Division Outreach Section, told The Cybersecurity Law Report. One way to develop that relationship is to invite the FBI to give a threat brief to the board of directors, he said. Riggi is a 30-year FBI veteran who worked on the government’s partnerships with the private sector for the investigation and exchange of information related to national security and criminal cyber threats. In our interview, he addressed how the FBI views its relationship with the private sector, the various ways companies of different sizes can take advantage of the FBI’s resources, the concerns companies may have when working with the FBI and the government’s role in the Yahoo breach. See also “Law Enforcement on Cybersecurity Matters: Corporate Friend or Foe?” Part One (Jun. 22, 2016); Part Two (Jul. 6, 2016).

    Read Full Article …
  • From Vol. 2 No.14 (Jul. 6, 2016)

    Law Enforcement on Cybersecurity Matters: Corporate Friend or Foe? (Part Two of Two)

    With a mission to identify the perpetrator and to build a prosecutable case, law enforcement can help a company facing a cybersecurity incident. Working with law enforcement, however, often presents challenges for the company and its counsel. Preparation prior to the interaction can offer a smoother road. This second article in our two-part series provides expert insight on interacting with law enforcement when there has been a breach, including advice regarding the first call, the controls companies should have in place and the type of information law enforcement really needs. Part one covered concerns that arise when dealing with law enforcement officials, benefits of coordination and recommendations for when and how to establish a successful relationship with them. See also “Google, CVS and the FBI Share Advice on Interacting With Law Enforcement After a Breach” (May 11, 2016).

    Read Full Article …
  • From Vol. 2 No.6 (Mar. 16, 2016)

    CSIS’ James Lewis Discusses Balancing Law Enforcement and Privacy

    “Surveillance to keep me safe from crime and terrorism is bad, but surveillance to sell me deodorant is good?” James Lewis, director and senior fellow at the Center for Strategic and International Studies, and author of Securing Cyberspace for the 44th Presidency, posed this and other questions in a conversation with The Cybersecurity Law Report about the tension between law enforcement and privacy concerns. He also shared his candid and colorful views on, among other things, the ongoing dispute about law enforcement’s access to the San Bernardino shooter’s iPhone, and how the public and private sectors can coordinate cybersecurity efforts. See also “White House Lays Out Its Broad Cybersecurity Initiatives” (Feb. 17, 2016).

    Read Full Article …
  • From Vol. 2 No.5 (Mar. 2, 2016)

    Prosecuting Borderless Cyber Crime Through Proactive Law Enforcement and Private Sector Cooperation

    Identifying, locating and prosecuting cyber criminals is a complex operation that takes coordination efforts among various law enforcement agencies as well as the private sector. David Hickton, the U.S. Attorney for the Western District of Pennsylvania, spoke with The Cybersecurity Law Report in advance of the Financial Times Cyber Security Summit on March 16, 2016 in Washington, D.C., where he will participate as a panelist. An event discount code is available to CSLR readers inside the article. In our interview, Hickton addresses the challenges, changes, and private sector cooperation within cybersecurity law enforcement. See also our series featuring FBI Director James Comey’s discussion of the “‘Evil Layer Cake’ of Cybersecurity Threats” (Jun. 3, 2015); and “Cooperation Among Domestic and International Cybersecurity Law Enforcement Communities” (Jun. 17, 2015).

    Read Full Article …
  • From Vol. 1 No.8 (Jul. 15, 2015)

    How to Prevent and Manage Ransomware Attacks (Part One of Two)

    Ransomware attacks can cause substantial disruption and damage by tempting a single employee to click on a link or visit a malicious site.  “The threats are getting more and more sophisticated every day in terms of the malware itself and the delivery,” Judy Selby, a partner at BakerHostetler, said.  This article, the first part of a two-part series, explains the threat and suggests steps that companies can take to prevent ransomware attacks and mitigate the impact if one does occur.  The second article will address how to handle a ransomware attack and when and how to report and work with law enforcement.  See also “Weil Gotshal Attorneys Advise on Key Ways to Anticipate and Counter Cyber Threats,” The Cybersecurity Law Report, Vol. 1, No. 4 (May 20, 2015).

    Read Full Article …
  • From Vol. 1 No.8 (Jul. 15, 2015)

    Conflicting Views of Safety, Vulnerability and Privacy Fuel Encryption Debate

    FBI Director James Comey says end-to-end encryption hinders law enforcement – if authorities cannot access evidence on a phone or a laptop, “it will have ongoing, significant impacts on our ability to identify, stop, and prosecute” criminals, including terrorists, he told the Senate Judiciary Committee when he testified alongside Deputy Attorney General Sally Quillian Yates on July 8, 2015.  That was the day after a group of 14 security experts released a report warning that giving government special access to encrypted data will endanger critical infrastructure and make the public less safe.  We discuss the report and the Senate testimony, and the bitter encryption debate.  See also “In a Candid Conversation, FBI Director James Comey Discusses Cooperation among Domestic and International Cybersecurity Law Enforcement Communities (Part Two of Two),” The Cybersecurity Law Report, Vol. 1, No. 6 (Jun. 17, 2015).

    Read Full Article …
  • From Vol. 1 No.6 (Jun. 17, 2015)

    In a Candid Conversation, FBI Director James Comey Discusses Cooperation among Domestic and International Cybersecurity Law Enforcement Communities (Part Two of Two)

    The FBI’s understanding of cybersecurity has advanced from the youth league to college-level in the past decade, FBI Director James Comey told WilmerHale partner Ben Powell at the annual Georgetown Cybersecurity Law Institute.  Much of that improvement has to do with growing cooperation between governments, and within our own, along with increased efforts by the private sector.  But, he said, the FBI needs to get to World Cup play.  This article, the second part of the CSLR’s two-part series, covers Comey’s frank comments about: the role of the FBI in relation to other law enforcement agencies; international cybersecurity developments; international cooperation in a post-Snowden world; pending information-sharing legislation in Congress; misperceptions about the FBI that he hears from the private sector; and how the FBI competes with the private sector for talent.  The first article discussed how the FBI has adapted its techniques in the face of cyber threats; the FBI’s relationship with local law enforcement agencies and the private sector; his concerns about the encryption of data; and how the FBI has expanded its information-sharing programs with the private sector. 

    Read Full Article …
  • From Vol. 1 No.5 (Jun. 3, 2015)

    In a Candid Conversation, FBI Director James Comey Talks About the “Evil Layer Cake” of Cybersecurity Threats (Part One of Two)

    In a wide-ranging and frank conversation with WilmerHale partner Ben Powell at the annual Georgetown Cybersecurity Law Institute, FBI Director James Comey likened the cybersecurity dangers the country faces to an “evil layer cake” and called general counsels (including himself in his former role) “obstructionist weenies.”  This article, the first part of the CSLR’s two-part series, covers Comey’s remarks about: how the FBI has adapted its techniques in the face of cyber threats; the FBI’s relationship with local law enforcement agencies and the private sector; his concerns about the encryption of data; and how the FBI has expanded its information-sharing programs with the private sector.  In the second part, we will cover Comey’s views on: the role of the FBI in relation to other law enforcement agencies; international cybersecurity developments; international cooperation in a post-Snowden world; misperceptions about the FBI that he hears from the private sector; information-sharing legislation; and how the FBI competes with the private sector for talent.  See also “After a Cyber Breach, What Laws Are in Play and Who Is Enforcing Them?,” The Cybersecurity Law Report, Vol. 1, No. 4 (May 20, 2015).

    Read Full Article …