Cspan. Your unfiltered view of government. Created by cable in 1979, brought to you today by your television divider. The communicators is at the state of the net conference in washington, d. C. We will show you some of the interviews we conducted with members of congress, government officials, and technology leaders. Now on the communicators, we want to introduce you to sujit raman, the associate Deputy Attorney general. Mr. Raman, what is in your portfolio in that position . Sujit i helped oversee the work we do on cyber issues at the department of justice, so it is a host of issues related to technology from Security Issues to supplychain issues to cryptocurrencies to encryption and access to data issues, crossborder data issues. What exactly do you do . Do you bring cases against people who have violated u. S. Law . Sujit thats right. As you know, at the department of justice, our job is to enforce federal and criminal law. Police bring criminal cases against people, organizations, foreign state actors who violate u. S. Federal law, results in a there is also a policy component of what i do which is help the attorney general formulate policies working with the congress, with our interagency to advance rule of law issues around the world. Peter is your position political or career . Sujit i serve in a political office. My role, im a career employee. A little bit of both. Im a career person who serves in a political office. How long have you been at the doj . Sujit i started my career 12 years ago as an assistant attorney for eight years in the district of maryland and three years ago, moved to maine justice where i currently enjoy a leadership role within the department. You mentioned encryption, and that has been in the news recently with the saudi terrorist in florida and the San Bernardino shooting several years ago. What is the current thinking when it comes to encryption and the doj . Sujit i appreciate the question. I should emphasize at the department of justice, we believe in strong encryption, we believe in making sure it is that data is secure. A major part of the mission is to prosecute cyber criminals who steal data and violate u. S. Federal law, so we believe in encryption, but what we are worried about is what we call warrantproof encryption. It is so strong, essentially only the user can access the content. Of data. That is problematic because when we go to a judge, a neutral judge and seek a warrant, which is what the constitution requires, increasingly we run into a situation where we cant execute those lawful orders. The saudi shooter in pensacola, he had two iphones, one of which he put a bullet into, which one would suggest there is information on the phone that he didnt want people have access to. We went to a federal judge, the judge authorized us to seek the contents of that phone. Because of the way the phone has been architected, engineered, we cant get past the passcode on those two phones. You can see the significant problem, where he received a court order, we need access to evidence to see if there are coconspirators, understand who the person was communicating with, and even though we have a lawful means of doing it, there is no technical means for us to get into those phones. So if you extrapolate that out broader society, the number of cases where people are getting engaging in child pornography, evidence on the phone, yet we cant access it. That is fundamentally the problem we have, where we have court authorization, weve gone through all requirements the Fourth Amendment demands of us but we are not in a position to access the evidence. What happened with the saudi shooters phone . Sujit that phone is currently being evaluated by the fbi. The fbis experts were able to put the phone back together. They said the shooter had shot one of the phones, the other was in pretty bad shape when it was recovered from his car, probably promptly the fbi tried to , search, get into the phone. The fbi took about a month, exhausted its internal options, spoke of foreign partners unfortunately, none of those partners were able to help us. Spoke with the thirdparty vendor community, third parties who deal with creating hacking tools. None of those have worked, so in early january, we reached out to apple and sought the companys assistance in trying to help us get past the security functions the company has put into the phones. I will say those fbi efforts continue. I will not get into specifics, but the fbi continues on its own, using its own tools, to try to gain access. Since they designed the products to help us figure out how to get in and execute this lawful court order. Can you compel apple to break into that phone, and is apple capable of doing that . Sujit there are certainly legal questions around that. In the San Bernardino case, a few years ago, similar circumstance, the Justice Department did take apple to court and essentially sue the company under a federal act. Federal writs act. That is the Legal Mechanism that forces a thirdparty to assist federal investigators in the execution of a court order, so that would be the Legal Framework under which any kind of litigation would pursue. Our goal is to avoid litigation. Our goal is to work with the company productively and in a voluntary way to ensure that all the cybersecurity aspects are protected, but that when investigators show up with a court order, they have the ability to execute that order. Peter is there a slippery peter is there a slippery slope . Towards the loss of privacy . I dont think so. Im glad you mentioned the privacy issue, because remember, the Fourth Amendment, which we have had for over 200 years, under our system, is what draws the line when it comes to privacy. There is no absolute privacy under u. S. Constitutional law. Right . There is inherently a balance between privacy and public safety, and the warrant draws the line. When a federal judge weighs pros and cons, and decides to award a warrant, he or she has checked all the boxes that constitution requires between balancing privacy in public safety, and draws the inference in favor of public safety. That is why i think there is no privacy issue here. When you seek a war and you have when you see a warrant you have satisfied the privacy issue. When it comes to a dead terrorist, i would say there is no privacy, that is in the legal system but nonetheless, the fbi, because it is a rule of law agency, went to a judge and sought the order. I dont think it is a bout privacy versus security. A court order would satisfy the privacy issues at stake. Peter is there a comparison to u. S. Mail or email to this case when it comes to phones . Sujit there is a comparison in that anytime we see content as a matter of policy, we seek warrants. If we wanted to search an american or another persons mail within the United States, we go through the Fourth Amendment analysis. We seek warrants before we search the contents of physical mail, email is the same aim. Same thing. As a matter of policy, we go to a federal judge, neutral arbiter, get a court order to search the content. It is the same concept when it comes to phones. Your phone has a lot of sensitive personal information about you on it, so when we search it, we make sure we first go to a judge and get that cant constitutional checklist ticked off. Im glad you asked the question, because there are analogs here. When we satisfy the Fourth Amendment requirement, we should have access and it is no different with a letter, no different with email, and should be no different with a physical electronic device. Peter what about endtoend encryption and how will that affect your work . Sujit endtoend encryption has Significant Impacts on Law Enforcement function. Weve spoken publicly, the attorney general and two of his foreign partners issued a public letter to facebook which came out in october of last year, where if facebook were to end to end encrypt all communications on its platform, which the company said it plans to do, that could have a very Significant ImpactChild Exploitation investigations in particular, because often people who are exploiting children, abusing children, will communicate, try to groom children using Facebook Messenger or communicate over facebook as a website or over instagram. Right now, facebook actually does a pretty good job in monitoring its own networks, so they can see if child pornography is being traded across its networks and when it sees that through the algorithm, it reports it to the center for missing and exploited children, which contact federal or state or local Law Enforcement. Millions of tips were provided to the National Center last year, 18 million tips from facebook. If facebook endtoend encrypts its platforms, the company itself will lose visibility into what is happening on its platforms, and the estimation is about 70 to 75 of those tips will go dark. Will never even learned out learn about them, and think of all the children who are being abused as we speak, who we wont be able to track down. That is a very concrete manifestation of what end to end encryption can do. Apple has already endtoend encrypted its imessage system, which is similar. If you compare the number of cyber tips facebook reported last year, which was around 18 million, and apple, which reported Something Like 100 or 120, i think, that is the difference. It is not that apple magically runs clean platforms where nobody is engaging in child pornography. No, its that apple has chosen to blind itself to what is happening through its communications networks, and is unable to produce these tips to the National Center for missing and exploited children. So that is a concrete manifestation of what end to end encryption can have on lawenforcement function. As i sit at the outset, said at the outset, we believe in encryption. We want to protect people from having their data stolen. It is particular implementations of encryption, the military grade, warrant proof encryption. That has significant Law Enforcement concerns. I will give you an example. Gmail. A lot of people use gmail. A very popular way of communicating. Gmail is encrypted from people sending the message, to google servers, to the recipient. It is a pretty secure means of communication and yet, there is a moment on google servers or where the information is decrypted. Why is that . Google wants to filter the material for malware, viruses, to make sure what is happening isnt compromised. Thats also the moment when google can execute a search warrant. So gmail is not warrant proof encrypted. It is very strongly encrypted, but it is not warrant proof encrypted. Thats all we are asking for. Implementation of encryption that keeps communication secure, and yet still allows the processing of lawful court that is the model that seems to work. That is all we are asking for. Peter how do other countries do it . Sujit great question. There are a couple ways to look at it. First you can go off the spectrum, authoritarian nations like china and russia. They have very intrusive cybersecurity laws on the books. If you look at them on paper, it requires companies to turn over all sorts of information. That is an open question. We dont know how Companies Like apple are complying or not complying with chinese law. We do know they have made a number of accommodations, particularly in the last year, in response to these quite authoritarian regimes. A very small example is when Chinese Government complained about taiwan emoji being available on apple iphones that are sold in china. The company buckled once the government said to get rid of this. Apple has made accommodations to authoritarian regimes. A bigger example, frankly a more important example is chinese cybersecurity law requires companies doing business in china to store data locally, and to essentially make access to that Data Available on any kind of government request. Apple did not push back. They formed a joint venture with a local chinese company, and as far as we know, is storing all chinese user data in china. So, our concern is that the company has already made a number of accommodations to authoritarian regimes which have no due process or rule of law values. Instead, here in america, we are a rule of law society. It is really troubling to us when they push back against us with a lawful order issued by the judge, and we have no insight into what is happening authoritarian regimes. The authoritarian country will move regardless of what we do at home but we have seen examples from the united kingdom, australia, other rule of law countries that have enacted legislation because they realize recognize you need to find a balance between privacy and public safety. The u. K. Passed the investigatory powers act, which allows their government access under circumstances. Australia last year enacted legislation which is a step in the right direction. We are seeing globally that rule of law countries are moving in ways that we support and authoritarian nations are moving in ways that give us considerable pause. Frankly, as a society in United States, we need to be a part of the broader international because we run the risk conversation, because this is such a pressing Public Policy issue. There needs to be an active debate in the United States and unfortunately, right now, it is essentially the Tech Companies that are making policy. It is their Technical Innovations that are setting the bar and that is not how it should be in a democratic society. It seems the two cases we talked about, San Bernardino and pensacola, apple phones. Does it make a difference if this were a korean Samsung Phone . Sujit it should not make a difference. Our legal authorities are company neutral, so from a legal perspective, it wouldnt make any difference which company we are talking about. Peter how much of your time is spent on Digital Currency . Sujit Digital Currencies are a significant part of what i do. Cryptocurrencies have the potential for great innovation. Our concern is it is also creates an opportunity for bad actors that arent in a regulated space to engage in money flows across borders. Our concern is that the dark web you see a lot of people transacting on the dark went through cryptocurrencies. Our goal is to make sure we have insight into what is happening when people are exchanging money, and it is certainly one of our priorities. Similar to the lawful act issue with encryption, when there is a court authorized means for Law Enforcement to get information or gain access, that we maintain the ability to gain access. Peter one of the secrets about bitcoin is nobody knows who owns it and where it is located, correct . Sujit bitcoin is an interesting example because you can actually track Bitcoin Transactions. It is a publicly available ledger. The way Block Chain Technology works, is you can track Bitcoin Transactions because they have to be logged in a publicly accessible ledger accessible to anyone engaging in the transactions. This is something we have spoken about publicly. Bitcoin itself is something we can track under appropriate circumstances. What is concerning to us is there are a number of cryptocurrencies which are more peertopeer. Similar to the Communications Issues we have talked about. There is no centralized ledger. That creates significant investigatory and policy issues for us, for the Money Laundering terrorist financing issues i , mentioned earlier. We have no interest in snooping on people. Our interest is when we have an authorized court order to be able to gain access or insight into what is happening and , increasingly with so many of these currency exchanges located abroad, they dont comply with u. S. Moneylaundering rules. We have considerable concern that a lot of the information is not accessible to us, even with court authorization. Peter where do you gain expertise on these crypto issues . Sujit i am very lucky. Ive got access to some of the smartest people in the government, and so when we try to inform policy on these issues, we talked to the experts, we talked to prosecutors in the field, our fbi agents, colleagues in the intel community. We try to gain insight and advocate for reasonable Public Policy. Peter what is the role of congress in developing regulations that we have been discussing . Sujit congress has an active role. In a democracy, the people rule , and it will be up to congress to come up with intelligible, reasonable rules in this area. There is an active conversation on capitol hill as we speak and we are trying to contribute to that as appropriate. Peter sujit raman is the associate Deputy Attorney general and has been our guest on the communicators. And joining us on the communicators is jim baker. Mr. Baker, how does one become the general counsel of the fbi . James what is the word about broadway . Practice . Ive worked in the department of justice for a long time and among other things in terms of gaining technical expertise, i also build a lot of relationships. One of those was with my boss when he was Deputy Attorney general, jim comey. Jim and i worked together at the doj and in the private sector and when he became director, he asked me to take on that job. Peter how long were you in that position . James four years. Peter what did the technical part of that job entail . James multiple things, really. You are the general counsel, s