vimarsana.com

Cspan. Your unfiltered view of government. Created by cable in 1979, brought to you today by your television divider. The communicators is at the state of the net conference in washington, d. C. We will show you some of the interviews we conducted with members of congress, government officials, and technology leaders. Now on the communicators, we want to introduce you to sujit raman, the associate Deputy Attorney general. Mr. Raman, what is in your portfolio in that position . Sujit i helped oversee the work we do on cyber issues at the department of justice, so it is a host of issues related to technology from Security Issues to supplychain issues to cryptocurrencies to encryption and access to data issues, crossborder data issues. What exactly do you do . Do you bring cases against people who have violated u. S. Law . Sujit thats right. As you know, at the department of justice, our job is to enforce federal and criminal law. Police bring criminal cases against people, organizations, foreign state actors who violate u. S. Federal law, results in a there is also a policy component of what i do which is help the attorney general formulate policies working with the congress, with our interagency to advance rule of law issues around the world. Peter is your position political or career . Sujit i serve in a political office. My role, im a career employee. A little bit of both. Im a career person who serves in a political office. How long have you been at the doj . Sujit i started my career 12 years ago as an assistant attorney for eight years in the district of maryland and three years ago, moved to maine justice where i currently enjoy a leadership role within the department. You mentioned encryption, and that has been in the news recently with the saudi terrorist in florida and the San Bernardino shooting several years ago. What is the current thinking when it comes to encryption and the doj . Sujit i appreciate the question. I should emphasize at the department of justice, we believe in strong encryption, we believe in making sure it is that data is secure. A major part of the mission is to prosecute cyber criminals who steal data and violate u. S. Federal law, so we believe in encryption, but what we are worried about is what we call warrantproof encryption. It is so strong, essentially only the user can access the content. Of data. That is problematic because when we go to a judge, a neutral judge and seek a warrant, which is what the constitution requires, increasingly we run into a situation where we cant execute those lawful orders. The saudi shooter in pensacola, he had two iphones, one of which he put a bullet into, which one would suggest there is information on the phone that he didnt want people have access to. We went to a federal judge, the judge authorized us to seek the contents of that phone. Because of the way the phone has been architected, engineered, we cant get past the passcode on those two phones. You can see the significant problem, where he received a court order, we need access to evidence to see if there are coconspirators, understand who the person was communicating with, and even though we have a lawful means of doing it, there is no technical means for us to get into those phones. So if you extrapolate that out broader society, the number of cases where people are getting engaging in child pornography, evidence on the phone, yet we cant access it. That is fundamentally the problem we have, where we have court authorization, weve gone through all requirements the Fourth Amendment demands of us but we are not in a position to access the evidence. What happened with the saudi shooters phone . Sujit that phone is currently being evaluated by the fbi. The fbis experts were able to put the phone back together. They said the shooter had shot one of the phones, the other was in pretty bad shape when it was recovered from his car, probably promptly the fbi tried to , search, get into the phone. The fbi took about a month, exhausted its internal options, spoke of foreign partners unfortunately, none of those partners were able to help us. Spoke with the thirdparty vendor community, third parties who deal with creating hacking tools. None of those have worked, so in early january, we reached out to apple and sought the companys assistance in trying to help us get past the security functions the company has put into the phones. I will say those fbi efforts continue. I will not get into specifics, but the fbi continues on its own, using its own tools, to try to gain access. Since they designed the products to help us figure out how to get in and execute this lawful court order. Can you compel apple to break into that phone, and is apple capable of doing that . Sujit there are certainly legal questions around that. In the San Bernardino case, a few years ago, similar circumstance, the Justice Department did take apple to court and essentially sue the company under a federal act. Federal writs act. That is the Legal Mechanism that forces a thirdparty to assist federal investigators in the execution of a court order, so that would be the Legal Framework under which any kind of litigation would pursue. Our goal is to avoid litigation. Our goal is to work with the company productively and in a voluntary way to ensure that all the cybersecurity aspects are protected, but that when investigators show up with a court order, they have the ability to execute that order. Peter is there a slippery peter is there a slippery slope . Towards the loss of privacy . I dont think so. Im glad you mentioned the privacy issue, because remember, the Fourth Amendment, which we have had for over 200 years, under our system, is what draws the line when it comes to privacy. There is no absolute privacy under u. S. Constitutional law. Right . There is inherently a balance between privacy and public safety, and the warrant draws the line. When a federal judge weighs pros and cons, and decides to award a warrant, he or she has checked all the boxes that constitution requires between balancing privacy in public safety, and draws the inference in favor of public safety. That is why i think there is no privacy issue here. When you seek a war and you have when you see a warrant you have satisfied the privacy issue. When it comes to a dead terrorist, i would say there is no privacy, that is in the legal system but nonetheless, the fbi, because it is a rule of law agency, went to a judge and sought the order. I dont think it is a bout privacy versus security. A court order would satisfy the privacy issues at stake. Peter is there a comparison to u. S. Mail or email to this case when it comes to phones . Sujit there is a comparison in that anytime we see content as a matter of policy, we seek warrants. If we wanted to search an american or another persons mail within the United States, we go through the Fourth Amendment analysis. We seek warrants before we search the contents of physical mail, email is the same aim. Same thing. As a matter of policy, we go to a federal judge, neutral arbiter, get a court order to search the content. It is the same concept when it comes to phones. Your phone has a lot of sensitive personal information about you on it, so when we search it, we make sure we first go to a judge and get that cant constitutional checklist ticked off. Im glad you asked the question, because there are analogs here. When we satisfy the Fourth Amendment requirement, we should have access and it is no different with a letter, no different with email, and should be no different with a physical electronic device. Peter what about endtoend encryption and how will that affect your work . Sujit endtoend encryption has Significant Impacts on Law Enforcement function. Weve spoken publicly, the attorney general and two of his foreign partners issued a public letter to facebook which came out in october of last year, where if facebook were to end to end encrypt all communications on its platform, which the company said it plans to do, that could have a very Significant Impact Child Exploitation investigations in particular, because often people who are exploiting children, abusing children, will communicate, try to groom children using Facebook Messenger or communicate over facebook as a website or over instagram. Right now, facebook actually does a pretty good job in monitoring its own networks, so they can see if child pornography is being traded across its networks and when it sees that through the algorithm, it reports it to the center for missing and exploited children, which contact federal or state or local Law Enforcement. Millions of tips were provided to the National Center last year, 18 million tips from facebook. If facebook endtoend encrypts its platforms, the company itself will lose visibility into what is happening on its platforms, and the estimation is about 70 to 75 of those tips will go dark. Will never even learned out learn about them, and think of all the children who are being abused as we speak, who we wont be able to track down. That is a very concrete manifestation of what end to end encryption can do. Apple has already endtoend encrypted its imessage system, which is similar. If you compare the number of cyber tips facebook reported last year, which was around 18 million, and apple, which reported Something Like 100 or 120, i think, that is the difference. It is not that apple magically runs clean platforms where nobody is engaging in child pornography. No, its that apple has chosen to blind itself to what is happening through its communications networks, and is unable to produce these tips to the National Center for missing and exploited children. So that is a concrete manifestation of what end to end encryption can have on lawenforcement function. As i sit at the outset, said at the outset, we believe in encryption. We want to protect people from having their data stolen. It is particular implementations of encryption, the military grade, warrant proof encryption. That has significant Law Enforcement concerns. I will give you an example. Gmail. A lot of people use gmail. A very popular way of communicating. Gmail is encrypted from people sending the message, to google servers, to the recipient. It is a pretty secure means of communication and yet, there is a moment on google servers or where the information is decrypted. Why is that . Google wants to filter the material for malware, viruses, to make sure what is happening isnt compromised. Thats also the moment when google can execute a search warrant. So gmail is not warrant proof encrypted. It is very strongly encrypted, but it is not warrant proof encrypted. Thats all we are asking for. Implementation of encryption that keeps communication secure, and yet still allows the processing of lawful court that is the model that seems to work. That is all we are asking for. Peter how do other countries do it . Sujit great question. There are a couple ways to look at it. First you can go off the spectrum, authoritarian nations like china and russia. They have very intrusive cybersecurity laws on the books. If you look at them on paper, it requires companies to turn over all sorts of information. That is an open question. We dont know how Companies Like apple are complying or not complying with chinese law. We do know they have made a number of accommodations, particularly in the last year, in response to these quite authoritarian regimes. A very small example is when Chinese Government complained about taiwan emoji being available on apple iphones that are sold in china. The company buckled once the government said to get rid of this. Apple has made accommodations to authoritarian regimes. A bigger example, frankly a more important example is chinese cybersecurity law requires companies doing business in china to store data locally, and to essentially make access to that Data Available on any kind of government request. Apple did not push back. They formed a joint venture with a local chinese company, and as far as we know, is storing all chinese user data in china. So, our concern is that the company has already made a number of accommodations to authoritarian regimes which have no due process or rule of law values. Instead, here in america, we are a rule of law society. It is really troubling to us when they push back against us with a lawful order issued by the judge, and we have no insight into what is happening authoritarian regimes. The authoritarian country will move regardless of what we do at home but we have seen examples from the united kingdom, australia, other rule of law countries that have enacted legislation because they realize recognize you need to find a balance between privacy and public safety. The u. K. Passed the investigatory powers act, which allows their government access under circumstances. Australia last year enacted legislation which is a step in the right direction. We are seeing globally that rule of law countries are moving in ways that we support and authoritarian nations are moving in ways that give us considerable pause. Frankly, as a society in United States, we need to be a part of the broader international because we run the risk conversation, because this is such a pressing Public Policy issue. There needs to be an active debate in the United States and unfortunately, right now, it is essentially the Tech Companies that are making policy. It is their Technical Innovations that are setting the bar and that is not how it should be in a democratic society. It seems the two cases we talked about, San Bernardino and pensacola, apple phones. Does it make a difference if this were a korean Samsung Phone . Sujit it should not make a difference. Our legal authorities are company neutral, so from a legal perspective, it wouldnt make any difference which company we are talking about. Peter how much of your time is spent on Digital Currency . Sujit Digital Currencies are a significant part of what i do. Cryptocurrencies have the potential for great innovation. Our concern is it is also creates an opportunity for bad actors that arent in a regulated space to engage in money flows across borders. Our concern is that the dark web you see a lot of people transacting on the dark went through cryptocurrencies. Our goal is to make sure we have insight into what is happening when people are exchanging money, and it is certainly one of our priorities. Similar to the lawful act issue with encryption, when there is a court authorized means for Law Enforcement to get information or gain access, that we maintain the ability to gain access. Peter one of the secrets about bitcoin is nobody knows who owns it and where it is located, correct . Sujit bitcoin is an interesting example because you can actually track Bitcoin Transactions. It is a publicly available ledger. The way Block Chain Technology works, is you can track Bitcoin Transactions because they have to be logged in a publicly accessible ledger accessible to anyone engaging in the transactions. This is something we have spoken about publicly. Bitcoin itself is something we can track under appropriate circumstances. What is concerning to us is there are a number of cryptocurrencies which are more peertopeer. Similar to the Communications Issues we have talked about. There is no centralized ledger. That creates significant investigatory and policy issues for us, for the Money Laundering terrorist financing issues i , mentioned earlier. We have no interest in snooping on people. Our interest is when we have an authorized court order to be able to gain access or insight into what is happening and , increasingly with so many of these currency exchanges located abroad, they dont comply with u. S. Moneylaundering rules. We have considerable concern that a lot of the information is not accessible to us, even with court authorization. Peter where do you gain expertise on these crypto issues . Sujit i am very lucky. Ive got access to some of the smartest people in the government, and so when we try to inform policy on these issues, we talked to the experts, we talked to prosecutors in the field, our fbi agents, colleagues in the intel community. We try to gain insight and advocate for reasonable Public Policy. Peter what is the role of congress in developing regulations that we have been discussing . Sujit congress has an active role. In a democracy, the people rule , and it will be up to congress to come up with intelligible, reasonable rules in this area. There is an active conversation on capitol hill as we speak and we are trying to contribute to that as appropriate. Peter sujit raman is the associate Deputy Attorney general and has been our guest on the communicators. And joining us on the communicators is jim baker. Mr. Baker, how does one become the general counsel of the fbi . James what is the word about broadway . Practice . Ive worked in the department of justice for a long time and among other things in terms of gaining technical expertise, i also build a lot of relationships. One of those was with my boss when he was Deputy Attorney general, jim comey. Jim and i worked together at the doj and in the private sector and when he became director, he asked me to take on that job. Peter how long were you in that position . James four years. Peter what did the technical part of that job entail . James multiple things, really. You are the general counsel, so a lawyers job. You have to be a lawyer. So knowing enough about the important areas of the law that the fbi deals with in order to be able to spot issues, figure out whose help you need, how to answer questions from senior executives, how to bring in the right people. So, my goal was to make sure the bureau got the best answer there was. Sometimes that might not be me giving the answer, but usually involved other experts, either from within the bureau, department of justice, or other government agency. Peter in your fbi career, and especially as general counsel, did you find year after year, the increase in technical or Technology Cases increasing . James absolutely. Over the years. I worked at the department of justice in a variety of different roles from 1991 to 2018, and absolutely, technology became much more important, to the point that really today, i think lawyers are not competently representing their clients if they dont have a sufficient understanding of technology. This is something i preach frequently to the folks that worked with me in the office of general counsel and elsewhere in the fbi and doj. It doesnt matter what area of the law you work in today, you need to understand technology sufficiently better than you need sufficiently. That does not mean writing code, but you have got to spot the legal issues out there, address concerns that your clients have. The people of the fbi trying to do investigations or investigation support are using technology and need help, making sure they stay within the requirements of the law and to the extent the law needs to be changed, that the lawyers are involved in the process and understand what is going on to make appropriate changes. Peter why did you leave the fbi in 2018 . James i left the fbi in 2018 because as you heard, jim comey got fired and Christopher Wray became director. I stayed and worked for him a for chris for a. Of time. We worked together at the department of justice and it was logical at some point that chris wanted someone new and he asked if i would step aside and i said ok. Peter one of the issues you dealt with was the San Bernardino shooting. James yes. Peter remind us what that was and your role. James this was a terrorist attack in 2015, december, if i am not mistaken, and many people were killed and wounded, and the information we had was that it was conducted by an isisaffiliated person or persons who claimed to be affiliated with isis. So it was a terrorist attack on the United States, and we realized that the perpetrators had, among other things, an iphone. An iphone, given how people use technology today, anyones smartphone is likely to have a lot of information about that person activities, their networks, their contact. It seemed basic and logical that the fbi would want to get access to that persons iphone, so i led the fbis legal efforts with respect trying to do just that. Peter what was the outcome . James the outcome was that we, the fbi, through the department of justice, became involved in litigation with apple about that, because apple has a different view about whether it should be required to alter how its systems worked in order to be provide us with that access, so the doj agreed, we went to court. In the middle of the court process, a third party came forward and said they thought they had a solution that would enable the fbi to get into the phone without having the assistance of apple. They came forward, provided us with the solution, we tested it, and assessed that it worked for that particular iphone and therefore, as a legal matter, the case was moot. In other words, we didnt need anymore tots accomplish our objective, so the department of justice were required to withdraw the suit. Peter as a societal matter, do peter as a societal matter, do you still support the idea that we need to get into that phone . James well, i guess it depends on what you mean by that. Encryption of devices or other systems such as end and messaging applications, those pose real challenges for Law Enforcement. Law enforcement as a general matter does not have a way to reliably access the content of communications in those kinds of situations where the data or communications are encrypted. So there is a real need there. However, society also has other interests that are important to Law Enforcement and all of us, such as cybersecurity, making sure that our systems, our data, our information is secure from the bad guys, and there are many bad guys, many malicious cyber actors we need to protect against. And so society wants to make sure we are secure, Law Enforcement wants to make sure we are secure in a cyber way. We also want to protect privacy. We want to make sure that our data is kept private from government and from the bad guys. We also want to make sure as a society that our companies are competitive on the world stage, that they are innovative, that they are able to achieve great things and not be overregulated or required to design things to government specifications the minute they are created. Not saying that folks should not think about security, but its how heavyhanded the government needs to be with the development of these. And also i think its in the longterm interests of the United States to make sure we protect human rights around the world, and encrypted devices and systems help people protect, help people defend themselves against repressive, authoritarian regimes around the world. And so the key is, or the big question is, how do you do all of those things simultaneously, have a system that actually works in a secure and reliable way, yet provide Law Enforcement access when it has lawful process to do that . And we have been trying for literally decades now, and as a society, both Law Enforcement, lawmakers, policymakers, technologists, Civil Liberties organizations, we have not found a solution that simultaneously and adequately addresses all of those equities. Peter where are you landing today . When it comes to that. Where is the balance . James two things. One is congress has known about these problems a long time. When i was at the fbi, i made a lot of this issue. For a long time. Attorney general barr recently has reinvigorated the departments efforts in this regard. Congress knows Law Enforcement has an issue. Congress also knows there are these other equities out there and it has not acted. It has not passed a law to require the companies to change how they go about doing their business, or congress has not passed a law to ban encrypted devices or systems. Why . Because these systems provide lots and lots of benefits for society. As i said earlier, especially with respect to cybersecurity. Congress is really the entity in society that is best equipped to balance those equities, and so far it has not acted. So, that is reality. So, given that reality, and i am not sure even with the department of justices renewed efforts in this regard, i am not sure that congress is actually going to change the law. Given that and given the fact that Society Faces what i think of as an existential risk from malicious cyber actors, meaning that we are so dependent on these systems that are vulnerable, we are so dependent on them for so many important things that we do in society, we all know how integrated Digital Technology is into our lives, that if there were to be a catastrophic failure, it would represent an existential threat to the adequate functioning of society to protect the health, safety, and welfare of all americans and citizens in the countries of our allies around the world. And so i am quite worried about that. One of the ways that we have to protect ourselves is encryption. Encryption helps protect us against malicious cyber actors, especially including nationstates. And so my view is that Law Enforcement needs to rethink its approach to encryption in light of the fact that congress will not act, in light of the fact there are significant cyber threats, and actually embrace encryption instead of trying to find ways to socalled break it. That is not really what Law Enforcement is trying to do, but in other words, it needs to break encryption to enhance cybersecurity and therefore the security of all americans, and i think that is a better approach at this juncture. Peter but jim baker, we just had another shooting in pensacola and they tried to get into the saudi mans phone. Have cohorts down there, sleeper cells. We need protection from that as well . James absolutely, but there is no law that requires apple or any other company similarly situated to reengineer their systems in order to provide that access. If Congress Wants that, if congress thinks that is important, Congress Needs to pass a law to require apple and other companies to do that. Congress has not done so so far, in part i think because members of congress are reasonably hesitant to do something that will expose everybody to major cybersecurity risk. Peter why are you here at the state of the net . James i am here at the state of the net to continue to talk publicly about these issues because i have invested a substantial amount of my career in them. I think they are radically important to the security and Constitutional Rights of americans. And making sure there is a robust, informed public debate about them is critically important to me personally, and i hope that we can find a way forward collectively as a society, we can come together on these issues, because we all are significantly invested in them. And getting it right is critically important to the country, so whatever i can do to help make the debate more informed, more robust, i am happy to do that. With any group that will listen to me. Peter mr. Baker, another thing in the news is the Foreign Intelligence Surveillance Act court system. Is it working . James fisa, Foreign Intelligence Surveillance Act, is definitely in need of modifications and reform in a lot of different ways. There are two Different Things to think about. Theres the law and the process by which the government implements the law. And as the Inspector General report recently revealed, there were significant mistakes, omissions, errors, in particular that the fbi committed, that i am not going to defend, and are not acceptable. And so the Inspector General, the fisa court, the fbi, the Justice Department, are focused intently on that right now. I think that is a good thing, and if changes need to be made to the process, then so be it. That would be a good and helpful thing because the American People need to have confidence that that system works, because it is critical to protecting their privacy and security. Stepping back from that though, in the current digital era in which we live, i am quite concerned whether fisa as a whole, and im talking mainly about the statute now, adequately protects our security and our privacy. Things have changed so dramatically in the past 20, 25 years that i think it is time to take another look at whether the fundamental precept that underlie the structure of the fisa statutes still work in this environment. In particular, there is a lot, a lot flows from a determination that one of the people involved in the communication is a u. S. Person or someone located in the United States. Those two things are increasingly very hard to determine in real time. So as a result of that, we have seen over the past several years, mistakes are made by the government with respect to that or the government hesitates to collect certain communications, and so that just doesnt help anybody. If there is hesitancy or confusion with respect to obtaining, processing, analyzing, and protecting the communications of americans. So i think we need to rethink how we do that. I dont have an answer sitting here today for how to precisely do that, but i think its worth taking a look at. Peter how much of what we have talked about so far today stems from 9 11 . James well, 9 11 was a watershed event for the country, for the world, really, for the intelligence agencies, for Law Enforcement. It changed how lawenforcement thinks about all of these issues and it accelerated substantially the pace at which the fbi needed to operate. It coincided with the substantial evolution of internet communications. So that was sort of happening at the same time. So, the fbi and the fbi has been expected since 9 11 really to have zero errors, right . To make sure that there are no additional attacks of that scale on the United States. It has not been perfect. There have been obviously many smaller scale, even if you include boston, which was a major event for the city of boston and the nation. I just comparing it to 9 11. Am but the fbis responsibility is to basically be perfect, and that presents and puts on the fbi a tremendous amount of pressure, so that when you come to it situation like San Bernardino, like pensacola, the fbi logically is expected to make sure it has turned over every rock and followed every Investigative Lead to make sure there are no other plots afoot and any other perpetrators have been apprehended and disrupted. That is why i think the fbi is so adamant about trying to address this problem, and not trying to take to itself powers that it should not have, but to Tell Congress to make sure that it understands that this is a significant problem. And so, yeah, that is how i think about it. Peter what are you doing today . James today i was speaking here at this conference, and following events with respect to impeachment, because i am a cnn legal analyst and so im called upon on a regular basis to talk about those topics. So that is a fulltime job just keeping up with the impeachment process. Peter i apologize, what you do for a living . James oh, what you do for a living . I am the director for National Security at a nonpartisan, nonprofit think tank in washington, d. C. I am a cnn legal analyst. I also teach a Law School Course at harvard law school. Peter jim baker has been our guest. Thank you for your time. James thank you. Peter just a reminder that this Communicators Program and all others are available as podcasts. Announcer cspan, your unfiltered view of government. In 1979 andable brought to you today by your television provider. Announcer here are our live programs on monday. At about 10 15 we joint a forum on the future of the Persian Gulf Region in u. S. Policy there. Global p. M. At look at vaccination and immunization efforts on cspan 2 starting at 9 00 a forum on Election Security and efforts to prevent hacking. The senate meets at 3 00 p. M. When wisconsin senator Tammy Baldwin reads washingtons farewell address. Later the Senate Continues work on a judicial nomination. On cspan 3, a conference on Economic Policy in an Election Year held by the National Association of business is actives. That starts at 8 00 a. M. Eastern. Washington wednesday. From theal reporter post joining us from South Carolina via skype, now all the attention focusing on that

© 2025 Vimarsana

vimarsana.com © 2020. All Rights Reserved.