The case for cyber regulation.
Bob Anderson, former FBI Executive Assistant Director of the Criminal, Cyber, Response, and Services Branch, focused on the issue of encryption, explaining that the government needs to partner with the private sector to enforce the law while still ensuring the safety of citizens’ data. Anderson gave an outline of his long career in law enforcement and how his views on encryption have evolved since he moved into the private sector. When he first began working as a Delaware State Trooper in 1986, theft of information was much more simple, since an attacker generally had to physically steal something. If law enforcement subpoenaed information, organizations and individuals could produce that information.
During Anderson’s many years working for the FBI, however, this dynamic changed. One of Anderson’s last investigations for the FBI was the 2015 San Bernardino attack. At the time, the FBI thought other attacks were imminent, and Anderson participated in the heated conversations with Apple trying to get access to the encrypted contents of the shooter’s iPhone. When he moved into the private sector, however, Anderson said he realized the importance of a company’s responsibility to its customers to keep their data safe, and there needs to be a conversation between law enforcement and the private sector to find a balance.
He pointed out that there are more than 7,000 police forces in the US, 36 of which are in DC alone. Outside of federal agencies and police forces in major cities, he said, the cyber abilities of law enforcement are degraded. This can be remedied through training, education, updating infrastructure, and, perhaps most importantly, partnering with the private sector to find ways to get the information they need through another venue. For example, Anderson agreed with Schneck that attackers can utilize data aggregated from “a million different sources.” This data can also be used by law enforcement to solve crimes.