The Cybersecurity Law Report

Incisive intelligence on cybersecurity law and regulation

Articles By Topic

By Topic: FBI

  • From Vol. 3 No.8 (Apr. 19, 2017)

    Goodbye to the Blame Game: Forging the Connection Between Companies and Law Enforcement in Incident Response

    Organizations can benefit from working with law enforcement after a breach. However, only 20 percent of organizations that have suffered a breach are reaching out to agencies like the FBI due, in part, to the fear of loss of control and concerns about attorney-client privilege, explained James Trainor, former lead of the FBI’s Cyber Division who joined Aon’s cyber solutions group as SVP in October 2016. The Cybersecurity Law Report interviewed Trainor at Skytop Strategies’ recent “Cyber Risk Governance” conference. He shared his experiences and opinions on the benefits and challenges of working with law enforcement in a breach situation, the Yahoo indictment and how to handle ransomware. See also “Law Enforcement on Cybersecurity Matters: Corporate Friend or Foe? (Part One of Two)” (Jun. 22, 2016); Part Two (Jul. 6, 2016).

    Read Full Article …
  • From Vol. 2 No.22 (Nov. 2, 2016)

    FBI Veteran Discusses Using Law Enforcement’s Cyber Resources to Improve Security and Obtain Board Buy-In

    One key to smooth relations with law enforcement after a breach is establishing a connection before there is any trouble, John Riggi, now a managing director at BDO and the former Chief of the FBI’s Cyber Division Outreach Section, told The Cybersecurity Law Report. One way to develop that relationship is to invite the FBI to give a threat brief to the board of directors, he said. Riggi is a 30-year FBI veteran who worked on the government’s partnerships with the private sector for the investigation and exchange of information related to national security and criminal cyber threats. In our interview, he addressed how the FBI views its relationship with the private sector, the various ways companies of different sizes can take advantage of the FBI’s resources, the concerns companies may have when working with the FBI and the government’s role in the Yahoo breach. See also “Law Enforcement on Cybersecurity Matters: Corporate Friend or Foe?” Part One (Jun. 22, 2016); Part Two (Jul. 6, 2016).

    Read Full Article …
  • From Vol. 2 No.14 (Jul. 6, 2016)

    Law Enforcement on Cybersecurity Matters: Corporate Friend or Foe? (Part Two of Two)

    With a mission to identify the perpetrator and to build a prosecutable case, law enforcement can help a company facing a cybersecurity incident. Working with law enforcement, however, often presents challenges for the company and its counsel. Preparation prior to the interaction can offer a smoother road. This second article in our two-part series provides expert insight on interacting with law enforcement when there has been a breach, including advice regarding the first call, the controls companies should have in place and the type of information law enforcement really needs. Part one covered concerns that arise when dealing with law enforcement officials, benefits of coordination and recommendations for when and how to establish a successful relationship with them. See also “Google, CVS and the FBI Share Advice on Interacting With Law Enforcement After a Breach” (May 11, 2016).

    Read Full Article …
  • From Vol. 2 No.10 (May 11, 2016)

    Google, CVS and the FBI Share Advice on Interacting With Law Enforcement After a Breach

    Among the many decisions companies must make following a cyber incident are whether, when and how to engage with law enforcement. At the recent FT Cyber Security Summit USA, experts from Google, CVS Health, the FBI and the Center for Strategic and International Studies gave their advice on interacting with the government, and discussed the responsibilities and priorities of the compliance and legal teams in the wake of an attack. See also “Picking up the Pieces After a Cyber Attack and Understanding Sources of Liability” (Apr. 13, 2016).

    Read Full Article …
  • From Vol. 1 No.8 (Jul. 15, 2015)

    Conflicting Views of Safety, Vulnerability and Privacy Fuel Encryption Debate

    FBI Director James Comey says end-to-end encryption hinders law enforcement – if authorities cannot access evidence on a phone or a laptop, “it will have ongoing, significant impacts on our ability to identify, stop, and prosecute” criminals, including terrorists, he told the Senate Judiciary Committee when he testified alongside Deputy Attorney General Sally Quillian Yates on July 8, 2015.  That was the day after a group of 14 security experts released a report warning that giving government special access to encrypted data will endanger critical infrastructure and make the public less safe.  We discuss the report and the Senate testimony, and the bitter encryption debate.  See also “In a Candid Conversation, FBI Director James Comey Discusses Cooperation among Domestic and International Cybersecurity Law Enforcement Communities (Part Two of Two),” The Cybersecurity Law Report, Vol. 1, No. 6 (Jun. 17, 2015).

    Read Full Article …
  • From Vol. 1 No.6 (Jun. 17, 2015)

    In a Candid Conversation, FBI Director James Comey Discusses Cooperation among Domestic and International Cybersecurity Law Enforcement Communities (Part Two of Two)

    The FBI’s understanding of cybersecurity has advanced from the youth league to college-level in the past decade, FBI Director James Comey told WilmerHale partner Ben Powell at the annual Georgetown Cybersecurity Law Institute.  Much of that improvement has to do with growing cooperation between governments, and within our own, along with increased efforts by the private sector.  But, he said, the FBI needs to get to World Cup play.  This article, the second part of the CSLR’s two-part series, covers Comey’s frank comments about: the role of the FBI in relation to other law enforcement agencies; international cybersecurity developments; international cooperation in a post-Snowden world; pending information-sharing legislation in Congress; misperceptions about the FBI that he hears from the private sector; and how the FBI competes with the private sector for talent.  The first article discussed how the FBI has adapted its techniques in the face of cyber threats; the FBI’s relationship with local law enforcement agencies and the private sector; his concerns about the encryption of data; and how the FBI has expanded its information-sharing programs with the private sector. 

    Read Full Article …
  • From Vol. 1 No.5 (Jun. 3, 2015)

    In a Candid Conversation, FBI Director James Comey Talks About the “Evil Layer Cake” of Cybersecurity Threats (Part One of Two)

    In a wide-ranging and frank conversation with WilmerHale partner Ben Powell at the annual Georgetown Cybersecurity Law Institute, FBI Director James Comey likened the cybersecurity dangers the country faces to an “evil layer cake” and called general counsels (including himself in his former role) “obstructionist weenies.”  This article, the first part of the CSLR’s two-part series, covers Comey’s remarks about: how the FBI has adapted its techniques in the face of cyber threats; the FBI’s relationship with local law enforcement agencies and the private sector; his concerns about the encryption of data; and how the FBI has expanded its information-sharing programs with the private sector.  In the second part, we will cover Comey’s views on: the role of the FBI in relation to other law enforcement agencies; international cybersecurity developments; international cooperation in a post-Snowden world; misperceptions about the FBI that he hears from the private sector; information-sharing legislation; and how the FBI competes with the private sector for talent.  See also “After a Cyber Breach, What Laws Are in Play and Who Is Enforcing Them?,” The Cybersecurity Law Report, Vol. 1, No. 4 (May 20, 2015).

    Read Full Article …