Skip to main content

tv   FBI General Counsel Dana Boentes Remarks on National Security Law  CSPAN  November 27, 2019 5:25pm-5:55pm EST

5:25 pm
information on guiding you through the process of making a documentary. c-span will award $100,000 in total cash prizes including a $500,000 grand prize. all eligible entries must be uploaded and received by midnight on january 2020. >> the best advice i can give to fill am makers and student participants is not to be afraid to take your issues seriously. you're never too young to have an opinion so let your voice be heard now. for more information go to studentcam.org. next, speeches from a recent conference on national security. first, the fbi's general counsel followed by assistant attorney general john demmers, the american bar association hosted the event. >> thank you for that kind introduction, and it's wonderful to see so many friends here and
5:26 pm
some of whom i haven't seen in a year or two, it seems, but there is a little bit more to my background than what harvey said, and i want to recall it for some of the law students or younger attorneys here because it's kind of integral to my life in public service. in 1982, i'm sure we have people who weren't born then, i was a law clerk, and it's a law clerk and you immediately have to start looking for your next job, which i was, and i had a background in finance and i'm a cpa, and i thought well, i would be a perfect commercial litigator, so i thought, and i was interviewing with the chicago law firms and to date myself further, the largest law firms then had about 230 partners in the chicago area to show you how things have changed, but i needed litigation experience, i thought and so i
5:27 pm
applied for the attorney general's honors program, and lo and behold they wanted a four-year commitment. when you're 27 years old, four years seems like a lifetime and i very much run my hands over that decision if i wanted to give four years of my life to public service, and so here i am, approximately 36 years later, but i guess what i want to say is it's gone by fairly quickly and i have enjoyed it immensely and would not have traded it for any other opportunities in the world professionally, showing how little i know which leads me to a public service announcement, within my public service announcement, which is the office of general counsel at the fbi. we have 194 attorneys in three
5:28 pm
branches, litigation, national security, cyber law and the investigative administrative law branch. they deal with the large number of issues, just like any corporation would. we have 37,000 employees and 18,000 contractors. we normally have about 15 vacancies, there is a vigorous process and a polygraph and background check. it can't be that hard because i bypassed it, but we're always looking for smart, ambitious attorneys looking for an exciting career, and you will not find a better mission at any company or institution in the united states protecting the american people and upholding the constitution of the united states that greets our employees every day when they walk into the building, the hoover building. the fbi has been in the news on occasion lately, and there are
5:29 pm
some topics i will try and discuss, and i'll try not to run out the clock so harvey does not have to give me perhaps the hook sign, but i want to talk about the fisk opinion given the current procedure, the freedom act and cyber if we have a chance to get that far into my remarks. so the recent court opinions on fbi minimization and query procedures, judge roseberg, whoi think you're going to hear from tomorrow and he gets rebuttal time found that our revise prod seed you ares that we submitted were not appropriate. the procedures were inconsistent with the requirements to keep records of each u.s. person query term and there was inadequate in our query justifications and they were
5:30 pm
inconsistent with section 702e and the fourth amendment. so the amended procedures which have now been approved by the court retain -- we will retain query records in a manner that differentiates between u.s. person queries and all others, a written justification for a u.s. person query before the agent or the employee reviews the content retrieved by the query and we're in the process of making technical changes to the systems and the training that we provide to our agents, but i would like to talk a little bit about some things involving our query procedures and the opinions that are not in the opinion. so right after the fisk issued its person, director wray ordered the creation of a compliance review team to review judge voss brg's opinion and evaluate how we can improve our
5:31 pm
query and procedures. the point is the fbi takes very seriously its responsibilities and we took this as a proactive step separate from our decision to appeal the fisk ruling because of our commitment to compliance. the director frequently says and i've heard him say dozens of times we need to do the right thing the right way, and that was all in his efforts to do that. we believe it's important for the fisk, congress and the american public to have confidence in our procedures and our compliance rate. as i said, judge roseberg has approved the modified procedures with new requirements which means we're now consistent with the fourth amendment and fisa. nevertheless, the compliance team will continue its work and evaluate whether additional steps beyond our new compliance
5:32 pm
can lead us to address further concerns. the judge's opinion, and it is ruts een in a practice for the bureau to query the section 702 collection in furtherance of authorized intelligence and law enforcement activities, and judge vosberg recognized that there was attention created between encouraging fbi personnel to routinely query the collection in order to proactively identify threat information in the collection and the need for those personnel to comply with the query standard, but most of the compliance incidents cited in the fisk opinion involve efforts by the bureau to be proactive and identify threat information that we are holding in our
5:33 pm
collection. some of those compliance incidents involve what we would call threat identification queries where fbi personnel attempted to proactively identify threats that the bureau was unaware of. one of the compliance incidents involved queries of identifiers associated with individuals who were in a position to exploit what the bureau believed was a vulnerability. other incidents involved proactively vetting specific individuals in order to determine threats posed by disclosing classified and sensitive information to them. those incidents involve potential confidential human sources and potential recipients of classified fisa orders. it's important to remember that the fbi's policy of encouraging queries of our collection is born out of lessons learned from 9/11 and the fort hood attack.
5:34 pm
the 9/11 commission and the fort hood commission both talked about the the importance of identifying threat information in the fbi systems and encourage the bureau to develop a federated search capability to facilitate the oifgsz of threat information queries. historically, the view has been that the more kwrys the bureau runs, the greater the likelihood it will identify threat information, but we recognize that it's important that every one of those queries has to be consistent with our procedures. the fbi has to strive to stay within that middle ground where we are aggressively looking for threats to the american public in our 702 collection without violating the query standard. if we're not aggressive enough the american public is at risk.
5:35 pm
if we're too aggressive we will have compliance incidents in the competence that we so need from the fisk congress and the american public and that is why the middle ground is so important and we're committed to staying within it. as i noted, the compliance review team will continue to carefully consider the concerns about our query policy while being mindful that to change that policy potentially could impact our ability to identify threat information. the fisk identified in complications in applying the query standard and suggested that the bureau of personnel may not necessarily understand the reasonably likely to retrieve standard. that is a query has to be reasonably leakly to retrieve information of a crime or foreign intelligence information. that standard is fact intensive
5:36 pm
which means the application of the standard can be challenging and reasonable minds can disagree. the most obvious way to address that children is through additional training which has been one of our focuses for some time. for more than a year, the department of justice and fbi attorneys have been giving in-person training on the query standard to fbi personnel at various field offices. the fbi also rolled out new mandatory fisa training that will focus on the query standard. that query is designed to enhance personnel's understanding of the query standard and help them differentiate. the compliance review team will continue to evaluate whether additional steps are necessary after our new program goes fully live in december. a couple of words about the usa freedom act. it expires in december which i
5:37 pm
assume most people know and it has three primary authorities as concerns to the fbi. section 215 business records, roving wiretaps, the lone wolf provision which applies to non-u.s. persons and international terrorism with no requirement to show a connection to a foreign government and i'll go a little bit more detail in all three of those. as i said, they're all expiring and the tools are critical to what we have available to our national security investigations. the bureau has a solid year's long record of successfully using the business records provision and the roving wiretap provision. these from viprovisions are into the investigations and they provide the building blocks in many cases and the ability to
5:38 pm
keep pace with the threat and to avoid missing critical intelligence. the business record provision deals primarily with transactional events. that is, electronic communication, transactional records, business records such as hotel receipts, storage facility receipts and flight records. these types of records are collected in virtually every single criminal case. the fisa business record request are court reviewed. in all cases, the fisk must find there are reasonable grounds to believe the records are relevant to an authorized investigation. in almost every respect these requests are similar to a grand jury subpoena that does not undergo court supervision. likewise, the roving wiretaps
5:39 pm
are subject to court approval and supervision. the fbi has to show a specific target of a fisa investigation order that engages actively in activity that is thwarting our surveillance. if the fbi makes such a showing the fisk can authorize surveillance that can allow the target even if he takes a step to avoid that surveillance such as burner phones. again, the roving authority is substantially the same as that which is used in a title 3 wiretap. the lone wolf provision as i indicated is very narrow, but it's limited applicablity does not diminish its possible utility. lone wolf can be used for the surveillance of non-u.s. persons
5:40 pm
and targeting a person or the preparation there of and it cannot show it is doing on behalf of a foreign power and that's the advantage for us. we all know that self-raed calization is on the rise and we're seeing more and more homegrown lone actors and these extremists can be inspired to act on behalf of a foreign power such as a terrorist group, but rather than being directed to do so, this increases the likelihood that the fbi will have to rely upon the lone wolf provision in the future. now i'd like to move to cyber just a little bit. people frequently ask me what has changed in the practice of law in the 37 years that i've been a lawyer, and that's always been a very easy answer for me.
5:41 pm
there are two things, one is digital evidence and just the digital footprint that affects us all instead of one time talking about evidence as a number of boxes and 30 boxes is a big case and now we talk about gigabytes and terabytes. the other aspect that i'm not going to address today, but certainly is part of your program is the international effect and back in the mid-'80s, when we had an mlab that was a big deal and that was something else when you had an m-lab and now it seems as almost every investigation whether national security or otherwise involves speculation of evidence. >> okay. well, an mlab is a mutual legal assistance treaty which is, in
5:42 pm
my view, a somewhat cumbersome process that allows us to receive evidence from a foreign nation ask it takes a great deal of time and in fact, that is part of what was the impetus for the cloud act which we're hoping and we'll see the devil's always in the details, as we move forward with the cloud act if it solved some of those problems and makes the acquisition of foreign evidence easier which is our hope. so cyber and encryption challenges. cyber, the challenge is cyber and technology are enabling criminals and foreign adversaries. there are new venues of attack. greater attack surface from any location near or far from our target. as a low-cost barrier to entry, it's easier to mask or hide the
5:43 pm
attribution and the tools are cheaply and widely available and there are mercenaries who will hack for hire. this affects everyone even those who may never own a computer or a cell phone because the attacks are on the power grid, our critical infrastructure and third-party prosection of pii, the opm as an example, health records and financial records. all of this occurs against a background which has many tools for cybersecurity. the technical tools of encryption, antivirus, fire walls and multifactor authentication and vulnerability patching, cyber threat hunting and air gapping, the legal restrictions of nda bans, sanctions, cfius, supply chain
5:44 pm
requirements, regulations and contractual agreements, policy and process, social media and the terms of use policies and the incident response plans and the identity authentication, identity management and dual approval requirements and restricted access. the training that all of us do each and every year in all of our entities, information sharing that we have on these threats, but a lot of focus today is on the issue of legal access and i will echo some of attorney general barr's and director wray's recent statements. encryption impacts policy, cybersecurity and real world security. encryption provides privacy and cybersecurity benefits more secure communications, networks,
5:45 pm
data storage and online transactions protects personal information, but encryption also enables terrorists, criminals and foreign adversaries. it allows the sexual exploitation and abusing of children. those conspireing to commit crimes are planning terrorist attacks and radicalization and recruiting, stealing intellectu intellectual property and undermining institutions. provides readable content in response to lawful, court-ordered requests, wiretaps or search warrants based on probable cause. i'll repeat that. they cannot respond to court orders for readable content. it impacts in communications in
5:46 pm
transit and stored in electronic data. it degrades the ability to detect and prevent, to arrest and prosecute. it creates a law-free zone for criminal behavior. as the attorney general said, making our virtual world more secure, no one argues with that, but making our virtual world more secure should not come at the expense of making us more vulnerable in the real world barely a week goes by that's not confronted by the investigation impacted by the obstacle of encryption and these are real concern, real problems. the state and local law enforcement authorities are hurt worse because they have less tools or resources to address it. but these problems concern mexican cartels who use whatsapp
5:47 pm
for encryptioned communications to coordinate their drug shipments in the murder of police officers, terrorist, the 2019 attacks in garland, texas, where two islamist extremists carried out an isis-claimed attack. one terrorist had 100 instant messages using an end to end encrypted app. today the bureau has still not been able to determine the content of the messages which could provide useful intelligence. >> gun violence, the 2017 church shooting in southern springs texas where a gunman killed 26 people and injured 20 more. the fifth deadliest shooting in u.s. history at that time, even with more advanced commercial tools, 600-plus days later the bureau is still not able to crack the code to access the gunman's phone with today's tools and capability, it still
5:48 pm
could take years to unlock the device. gang activity and murders. they use encrypted apps to green light assassinations. this is not a theoretical problem. but there is positive engagement we have to have for safety and with access, and with our partnership with communication services and their platforms we have achieved great success. a general attorney barr and others have committed facebook in his letter to his ceo, noting that facebook made 6.8 million reports to the united states center for missing and exploited children. more than 90% of the 18.4 million total reports that
5:49 pm
year facebook acted on terrorist content between october 2017 and march between the 19. more than 99% of the content of -- of the content facebook took action against both through child sexual exploitation and terrorism was identified by its systems rather than users of reports. however, if facebook implements this end to end encryption as planned, nick mick estimates it will lose 70% of the reporting and 12 million reports globally would be lost. what is is the way forward? well, some have suggested that the government can use meta data. i can tell you from personal experience as an investigator and prosecutor, meta data does not equal the value of content.
5:50 pm
some suggest that we could use artificial intelligence to increasingly advance our use of meta data. that simply oversimplifies the s not address the problem. metadata cannot provide the same kind of intelligence content, no one in law enforcement, use thinks, maggot that how can replace contents. they don't speak for themselves. there is no barometer that can capture the value of this against the value of the use of mass shootings and terrorism acts. >> we look at the technology to help provide public safety, and access to information needed in
5:51 pm
criminal endo national investigations american technology, has the skill and the ability to have the best design product to allow lawful access when needed. as attorney general barr said welcome to the civil society, we expect an awful mandate necessary, that our companies take step to ensure that this does not impose negative things on the public interests. the defense does this want to implement its requirement for cybersecurity standards, and for the contracts, in the standard, it only described cybersecurity cause it, is not describe the rules and processes, each can be designed by its own approach. but there must be an
5:52 pm
analysis. it's not result for the cost tool of .. a massive degrading of public safety and the need we saw half vulnerability. those residual risk coming from, incorporating a lawful access and mechanism has not been shown, to be materially greater, than those that are already in product. >> i am just on time at 12:44 so, i hope that i answered your
5:53 pm
questions there are a couple of things i do not get to economic espionage and malign influence on our elections to issues that we are dealing with every day, as our friends in the intelligence community, alcoholics. thank. you >> (applause) >> we have to, so, please stay in place and then we will take questions. >> i want to take one question. >> i'd be happy to take. question >> i may not answer it but i will take. one >> (laughs) >> remember, you know any questions. >> you don't have a question?
5:54 pm
>> thank you glen >> okay there's a question at the back of course, make it something come to the point. >> thank you mister general counsel. >> what about civil liability for those, market, encrypted devices in other words, encrypted devices if there connected with criminal acts, there is a presumption that the crime, creating liability, there is a cost of the device? >> i mean it's a legislative issue. we don't have anything about that, i have not heard anything, a proposal, maybe a
5:55 pm
legislative proposal although, it strikes me as if, it would be very very difficult to put a guardrails on it, such a proposal, because, we don't, when someone, we don't want to stifle congress too much, and of this strikes me as, i guess i would have to see the details, i am having a hard time .. >> if so let us present you this coin what it does, not only a get out of jail but also get a fresh hand, if you need one of us. >> thank you so. much >> (applause)

16 Views

info Stream Only

Uploaded by TV Archive on