Law Enforcement Efforts Across National Borders Panel 2

Transcription

1 Law Enforcement Efforts Across National Borders Panel 2 Panel Chair Shawn Henry, Cybersecurity Professional, Executive Assistant Director, Federal Bureau of Investigations (retired) Panelists Adrian Ciprian Miron, Home Affairs Attaché (Police Liaison), Embassy of Romania Zahid Jamil, Barrister-at-Law, Jamil & Jamil, Pakistan Judge Stein Schjolberg, Court of Appeals Judge in Norway, Co-Chair of the East-West Institute Cybercrime Legal Working Group Noboru Nakatani, Director of INTERPOL s Complex for Innovation (Singapore)(effective April 2, 2012), Chief Superintendent for Japan s National Policy Agency 10 April 2012 Lohrfink Auditorium Georgetown University Washington, D.C. Moderator Dr. Catherine Lotrionte, Director, Institute for Law, Science & Global Security, Georgetown University [189]

2 LAW ENFORCEMENT EFFORTS ACROSS NATIONAL BORDERS DR. CATHERINE LOTRION- TE: So our second panel for today is on law enforcement efforts that span national borders. The moderator of this panel is Shawn Henry, a good friend and somebody who puts up with my constant annoyances and nagging and someone who has been part of this conference for the second year. So he keeps coming back. But today Shawn has a secret and he really hasn t given me any hint on the answers. So some of you may actually be able to get it from him. After 24 years of service in the FBI, Shawn Henry has retired as the Executive Assistant Director from the FBI in March of just last month, While he was there he had the responsibility of all FBI criminal and cyber programs and investigations worldwide. So, as I just said, he has yet to disclose where he is going, but supposedly he is going to tell folks soon. During his career as a special agent, Mr. Henry served in three FBI field offices and at FBI Headquarters where he held a wide range of operational and leadership positions, including Assistant Director in charge of the Washington Field Office. Mr. Henry has been the Bureau s outspoken top agent on cybersecurity issues and is credited with boosting the FBI s computer crime and cybersecurity investigative capabilities over the last couple of years. Thank you, Shawn, for leading this panel and, as always, being one of the great leaders for the country. SHAWN HENRY: Thanks, Catherine. Excellent. Thank you very much. I really appreciate the opportunity to be here. I had the pleasure of being here last year and recognizing the challenges that we face and you ve heard from a number of esteemed colleagues of mine and people I ve worked with in this space over the years who have talked about the challenges that we face and the threat and how significant that it is. I would like to say that I have had my head behind the curtain and I have seen what those threats are from both an unclassified and a classified perspective. And I have to concur with my colleagues about that threat. I heard a lot of folks talk this morning about some of the policies and the practices and some of the preventive techniques that are being utilized. We have talked about arms control and norms of behavior and many of the things that need to be done or can be done, can be implemented going forward to help make us more secure at the international level. But regardless of those practices that are put in place, regardless of the controls or the norms of behavior, we really recognize that we are not going to stop determined adversaries from breaching networks, which is going to require then that there be some type of a response, whether it be from a national security agency or an intelligence agency or, in many cases, a law enforcement agency, for them to get involved. And certainly the breadth and scope of this threat requires us to cross national borders because, in this space, there are no borders. So what we are going to talk about today and I have got just a tremendous level of expertise here across so many different areas, but we are going to talk about international law enforcement issues surrounding cybercrime. It is an incredibly complex issue and it is [190] Georgetown Journal of International Affairs

3 PANEL 2 International Engagement on Cyber 2012 certainly a worldwide problem. When I started in the FBI more than 24 years ago and there was somebody who physically walked in and robbed a bank, the pool of suspects for that bank robbery was limited to the small number of people that happen to be in the vicinity of the bank at that particular exact time the bank was robbed. So it is a relatively small pool of potential suspects. Fast forward over 20 years and, electronically, banks are being robbed very single day. And the pool of suspects for these electronic bank robberies is limited only by the number of people on the planet earth with a computing device and an internet connection. And that is about 2.3 billion people, according to most recent studies. So the pool is somewhat larger and it gives a whole new name to canvassing the neighborhood, which is what we used to do after a physical bank robbery, right, go around and knock on doors. In the FBI, we recognize the need to station our agents overseas to build these collaborative relationships with our international partners and we were able to put representatives into Romania and into Estonia, into Ukraine, into The Netherlands, into the national police agencies of these organizations as well as some other organizations around the world. What we are going to do here today is look at this response at the international level from a law enforcement perspective, talking about the investigative needs and capabilities, some of the legal issues, and the framework surrounding these international law enforcement responses. Then we will talk about the judicial perspective and what that might mean and some of the things that we might be able to do globally. And then we will look from an INTERPOL s perspective how all these things kind of wrap together. So I ve got just a tremendous group of folks here. Our first speaker, from Romania, Adrian Ciprian Miron, who is the Police Liaison at the Embassy or Romania here in Washington, D.C. He s held multiple positions within the Romanian National Police since He has been involved with the Romanian Cybercrime Initiative. And I will start with Adrian and then I will introduce the other panel members as we move along. At the conclusion of our final speaker, it is really important for us to get a dialogue from the audience. You all have a unique perspective. You have different ideas and thoughts and in order to take full advantage of the expertise we have up here this afternoon in front of you, it is really important to have that dialogue. So let me turn it over to Chip, and then we will proceed. ADRIAN CIPRIAN MIRON: Thank you very much. Thank you very much, Shawn, for your introduction. I would like to stand because I want to follow my presentation. As Shawn said, I am working as a Police Liaison, more like a Home Affairs Attaché for the Romanian Embassy in Washington, D.C., and I represent the Ministry of Administration and Interior. Inside the Ministry we have the General Inspectorate of Romanian Police. One of the structures of the Romanian Police is the General Directorate for Combatting Organized Crime and inside that is the Cyber Crime Division. [191]

4 LAW ENFORCEMENT EFFORTS ACROSS NATIONAL BORDERS Our Cyber Crime Division was created in 2003 because we need new strategies for preventing and combatting cybercrime, and the way we started, the way we saw the first cybercrime complaints were registered in Romania in early 2000 with a classic scam, offer high-end electronics or other goods for sale or auction, take the order, confirm the shipment, and simply vanish the moment the customer has wired payment. Soon this kind of crime began to extend to a national level and we needed to investigate the whole country. So that is why our management decided to create the Cyber Crime Division. Next slide, please. As you can see which slowly they are shipping members all over the world. Today, almost every cyber criminal is a part of a specialized group, and they commit from scamming bank or wire fraud to hacking and hacktivist. International cooperation appeared to be even from the beginning. We must have, especially because these kinds of crimes, as Shawn already mentioned, are cross-border crimes and the investigations are hard to finalize without exchanging information. Through the MLAT process MLAT process is the Mutual Legal Assistance Treaty requests that we have between U.S. and Romania, for example, we were able to prosecute the criminals Today, almost every cyber criminal is part of a specialized group. here, the Cyber Crime Division has two offices and at the national level we have 15 brigades for combatting organized crime. Every brigade has an officer who works for cybercrime investigations, and also we have another 27 offices for combatting organized crime, the 41 counties that we have in Romania. Even with this structure, I think we don t have more than 200 police officers specialized in investigating cybercrime. Next slide, please. Well, about the evolution of cybercrime in Romania, as I mentioned earlier the first cybercrime cases began to appear in the early 2000s and, since then, every year the number of complaints has grown, although at that moment criminals acted by themselves using a very simple way to earn easy money and without ever thinking they will be caught. These days they are organizing big criminal groups in Romania and the U.S. authorities helped us in interviewing the victims. Next slide, please. The next one. The main factors behind the reorientation of gangs to cyber offices, like I mentioned, they made huge amounts of money in a relatively short time. They realized they can obtain this money with a low risk and, in fact, those who lead the criminal groups are not those who participate in the front line in committing the crimes. We call those arrows because the criminals send others to pick up the money sent to them by the victims using Western Union or MoneyGram. Services and the arrows only get a small percentage of the amounts. Recently, they chose not to pick up the money from Romania, for example, because we have Western Union and MoneyGram offices also in my country. But they travel around the world and [192] Georgetown Journal of International Affairs

5 PANEL 2 International Engagement on Cyber 2012 access the services from other countries, making the tracking more difficult. In fact, if law enforcement is complicated by the transnational nature of cybercrimes, the cooperation across national borders to solve and prosecute crimes is necessary, but at the same time it is very complex and sometimes could be slow. Cyber criminals can defy the conventional jurisdictional realms of sovereign nations, originating an attack from almost any computer in the world, passing it across multinational boundaries, or designing attacks that appear to be originating from several sources. Such techniques increase both the technical and legal complexity of investigation and prosecuting cybercrimes. Next slide, please. Well, about 80 percent of the computer fraud and phishing attacks committed in Romania have U.S. citizens as targets and, from our perspective, it is pretty easy. Sorry, Shawn, for that. From our perspective yeah. From our perspective, it s pretty easy because U.S. has a really developed online market, banking online, and commerce online. So, for our criminals, it is very easy to commit these crimes here. The most active areas in Romania, they are the counties that are mentioned here. And about the Internet child pornography, I can mention that it exists in Romania, but it is not a huge, big deal. Actually, we cannot talk about the phenomenon. Next slide, please. We have the legislation in Romania developed since 2003 and, actually, Shawn just revealed the fact that he was present in Romania in 2003 when my government tried to punish these crimes. And computer fraud, it is punished with imprisonment from 3 to 12 years, but if you are organizing a criminal group and the prosecutors and the Romanian police officers can actually prove that you re a part of a criminal group the prison is up to 15 years. Next slide, please. To date, Romanian cyber criminals are known to be actively involved in, as you see, unauthorized access, computer fraud, credit card fraud, and hactivism, which is pretty recent. Next, please. These are some examples. The next three slides are examples for the escrow scams that we faced in Romania and these are, for example, fake announcements of selling cars posted on Mobile.de. That is a site in Germany, very, very well-known and famous for selling new and used cars So they offered, for example, this E Class for 30,000 euros as almost a brandnew car. Next, please. These are examples for apartment rental scams that run in Spain, France, Germany, and Belgium. The next one, please These are the fake docs that a criminal will use to gain the trust of the victims and you can see here even a Missouri insurance card, all kinds of diplomas, all kinds of IDs, passports, and they use those to travel abroad and just to cash the money using the Western Union and MoneyGram, as I said, but from the foreign countries, not from Romania. Next one, please. Which are the risks for us? Well, the phenomenon has a negative impact upon Romania s image and perceptions abroad. We already face a lot of problems with other issues in other countries, especially in Europe, but cybercrimes makes everybody to just [193]

6 LAW ENFORCEMENT EFFORTS ACROSS NATIONAL BORDERS be afraid of Romania and the investments in Romania, they are not very, very huge in this field. That s one of our biggest problems, I think, and we always try to fight against this image that we have. And I think in the partnership that we have with the other law enforcement, even in Europe and in the USA, we try to prove that we actually can fight against this phenomenon. Next slide, please. These are some of the statistics from 2011 and how it works for us, it s from January to December. So it is for the whole year. We had 2,344 criminal cases registered in Romania, and we succeed to solve 1,091. 1,174 criminal cases were sent to trial with 1,512 crimes committed. We had 278 people who were previously arrested and then, from the investigation, we succeed to send to trial and to prosecute 558 criminals. If you think, like I said and like I mentioned the first time, that we only have 200 officers who are specialized in investigating cybercrimes, I think these results show that we really want to do the job as best as we can. The next slide, please. Well, this is an example of the international cooperation and I think Shawn remembers because this was one of our biggest cases in Romania. It was in July 2011, last year. We cooperated with many law enforcement agencies from the U.S. and we targeted a big organization group with many arrests and searches that took place in Romania. Next one, please. More than 100 individuals who have been arrested and charged in Romania and judicial districts in the United States, and you can see here the police unit who acted together and worked together, sharing information and finalizing this action. We have all the Romanian important structures to fight against organized crime. And from the U.S., it was FBI, Secret Service, the Computer Crime and Intellectual Property Section, and the U.S. Attorneys Offices from around U.S. Thank you very much. I will be answering your questions after my colleagues will finish. Thank you very much. SHAWN HENRY: Excellent. Thanks, Adrian. Our next speaker is Zahid Jamil, who is a barrister from the United Kingdom, practicing in Pakistan on cybercrime and counterterrorism areas. He wrote Pakistan s IT legislation and e-payments legislation and, with the Department of Justice and the Council of Europe, conducts training of law enforcement and prosecutors, currently working as a legal advisor to the Board of the Commonwealth Cybercrime Initiative, and he is going to discuss some of the things we can do internationally as it relates to the Commonwealth Cybercrime Initiative. ZAHID JAMIL: Thank you, Shawn, and thank you to the organizers. It is a great opportunity and a privilege to be here today. I am speaking in my personal capacity, although I am the legal advisor to the Commonwealth Cybercrime Initiative, and I would like to sort of express certain aspects of that initiative as well. But let me preface by starting off with sort of addressing some of the things, how we saw what the problem was and how we went on to address it within the [194] Georgetown Journal of International Affairs

7 PANEL 2 International Engagement on Cyber 2012 context of the Commonwealth. Obviously, whether you are a hacker or a terrorist and you think in the jurisdiction you are living, it is not illegal, one, that what you are doing, if you are launching an attack, or the fact that there is no international mechanism that reaches into your country; therefore, you feel there is complete immunity. So what do you need in this, the way we looked it, you need three basic things. You need interoperable legislation within that country, wherever these people are. Two, you need international cooperation, like MLAT, the Mutual Legal Assistance, to be able to have that international reach and cooperation between law enforcement across national boundaries, and the most important aspect of that is that the law enforcement in one country should have the right to be able to ask for information, not just on an ad hoc basis but on a legal basis. There should be a document, a treaty, an instrument on some legal basis so requests can actually go forth and a response has to come forth. So where do we look at this? And by the way, this was the biggest issue when I was training law enforcement. We asked a request to X country to give us information from Y corporation. We don t get a response. So what is the solution to this? The solution only is if you have an international treaty. There is one. Obviously, everybody has talked about the Budapest Convention today. This is the only treaty that actually encompasses all of these areas. And even when we talk about network speed, you know, maybe it s not network speed but 24/7 contact points and other mechanisms to really try to address this problem. Unfortunately, it seemed to many people in my part of the world and other parts that there was very little coordinated global diplomacy, if you will, on trying to get this instrument sort of advocated and lobbied. On a side bar, for instance, the U.S. Embassy could play a very important role with its legats and econ sections trying to make this one of the core principles of one of The only solution is if you have an international treaty. Unfortunately...there was very little coordinated global diplomacy. the policies it advocates in any country, for instance. But anyway, in this space of vacuum, what we saw was being formed, certain IGOs and certain member states of countries were basically starting to advocate against this treaty. Not only that, but there were certain myths that were forming. So you had certain things like, you know, it goes against sovereignty, it doesn t cover VOIP, it doesn t go far enough, all these sort of different criticisms, but when you actually have discussions with law enforcement within those countries say, Let s read the text, the response was, Oh, it does cover it. Oh, so it does address my problem. Oh, it actually gets me cooperation. And those are the sort of [195]

8 LAW ENFORCEMENT EFFORTS ACROSS NATIONAL BORDERS myth-busting exercises which are very limited and don t happen too much. So, anyway, having seen this and seeing that there was this sort of division that was created within developing countries, G77 countries on the one hand, Russia, China, et cetera, and then the ones who were sort of lobbying around the COE, et cetera, the Commonwealth said, Where do we go with this? How do we contribute to basically the cybersecurity and cybercrime realm? So one of the ideas that I posed to the Commonwealth in a governance forum was you have something that s very valuable within the Commonwealth context. You have a shared legal tradition. You have common law, which is the basis for many of the countries that you cooperate within the Commonwealth. And guess what? You have a model legislation, the Commonwealth model law, and that model law is based upon the Budapest Convention, the Council of Europe Convention on Cybercrime. So, without speaking too much about anything else, without getting into the politics, one of the things that could be done is have the Commonwealth go and lobby its own document, its own model law, and use its own reputation with these countries and try to get these countries moving. Because what was happening was that whenever you went into any country, the question was, well, Which model do I follow? Do I follow anything? At the moment you put the Budapest Convention in front of them, the answer would be, Oh, no. We don t want to use that. So what are you going to use? So there is literally a status quo in trying to move legislation and even international cooperation on these countries. So one of the things we did was and while I am saying this, the recent White House International Strategy and also getting the U.K. to actually ratify the Budapest Convention are fantastic recent efforts to try and move around that path. So what is the Commonwealth Initiative and what does it do? In 52 countries that share legal tradition, coming around basically the first doc which is the model law, saying we would like to bring to these countries an understanding of why the model law, which is based on the COE Convention, is good for you. And by the way, the language that is used in this model law is very similar to the language that you use in your jurisdictions, not just in the in your national legislations, but also your judges and the persons to understand when they are creating case law. So around that, one of the things that we tried to do was not try to get partisan. You have the Council of Europe Convention on Cybercrime as a member and partner to this initiative, yet you also have the ITU and the UNODC partnering and working on projects, which are going into different countries. This, at least from what I know, is a first, because these organizations don t necessarily work very well together sometimes. What, in addition, could we do apart from just having model legislation? Is a national law sufficient? No. You need to have cooperation across countries in law enforcement. So the Commonwealth has a scheme. It is called the Harare Scheme. The Harare Scheme is basically sort of a mutual legal assistance compact. It is not a treaty, so it s [196] Georgetown Journal of International Affairs

9 PANEL 2 International Engagement on Cyber 2012 not exactly like the convention, but what it does is give a model basis for countries to adopt certain provisions that allow them to do mutual legal assistance. So that would be the second aspect. And basically, when you have these two and most experts agree with this if you have the model legislation on the Commonwealth and you have the Harare Scheme in the national legislation, you are really getting countries very close to being ready to be able to come on board if they choose, because they re a sovereign nation and they have to make that political decision, but as far as a substance of what s in their country national law is concerned, they have come close to being able to say, Yes, we can ratify that treaty and come on board. So that was one of the main reasons we thought that this would be very helpful. Now, the Commonwealth brings us Q-DAS and acceptance within those different political and legal regimes and it creates compatibility with the kind of model law that it has within those regions. So the idea is to cut through the myths, bust those myths about the convention, about various language within it, and try to get the countries to have a more informed approach as to what it is that they would need if they were to follow this. And what does the initiative do in the different areas? One, it will provide assistance to those who ask on policy. It will provide assistance on legislation, drafting, actually sending in experts. Law enforcement cooperation, working with law enforcement on trying to train them. We are not just talking about forensic experts, investigators, but we are also talking about prosecutors and the judiciary. And very important, the private sector. The answer is not just to work with the government, but it is also to work within the private sectors within those different jurisdictions. So, for instance, currently ICANN and the cctlds, the assistants that ICANN will provide in trying to provide technical assistance to those cctlds in Commonwealth countries is one of the examples of what is just about to start there. So getting them ready for ratification, what is happening right now? We have three different projects that we are trying to look at; one, Ghana. Ghana wanted some assistance on legislative and cybersecurity policy. We have gone in. We have actually had discussions there and, basically, we are formulating an actual implementation plan as to how to deal with what we are going to do in Ghana. Also, the Pacific Islands have asked for some assistance and so has Trinidad. So, basically, stay tuned. Next year, we will have more information about how this initiative that has just started, which only in October got heads of government approval within the Commonwealth, how the implementation process moves out through the next year. And just a plug for everybody, I mean, I think that the London Cyber Conference was a fantastic event last year and we all in the Commonwealth are really looking forward to seeing what happens in Hungary, in Budapest later on in October of this year. Thank you very much. SHAWN HENRY: Excellent. [197]

10 LAW ENFORCEMENT EFFORTS ACROSS NATIONAL BORDERS Thank you, Zahid. Our next guest speaker, Judge Stein Schjolberg, who is from the Court of Appeals, Judge in Norway, and co-chairs the East-West Institute on Cybercrime Legal Working Group. He is an international expert on cybercrime and one of the founders of the Global Harmonization of Computer Crime Legislation. He has published widely on computer crime and cybercrime legislation and will talk to us today about some of the judicial aspects as it relates to this international issue and international tribunal in cyberspace. Judge? JUDGE STEIN SCHJOLBERG: Thank you, Shawn. I am going to speak today on, title, Potential New Global Legal Mechanisms Against Cyber Attacks and Other Cyber Crimes. Can I have the next slide, please? I would like to open with my presentation today with a quotation from Benjamin B. Ferencz, one of the most famous U.S. prosecutors. I quote, There can be no peace without justice, no justice without law, and no meaningful law without a court to decide what is just and lawful under any given circumstances. The most serious global cyber attacks in the recent years, such as massive and coordinated attacks against critical information infrastructures, have revealed that almost nobody is investigated, prosecuted, or sentenced. Such acts need to be included in a global treaty or a set of treaties and investigated and prosecuted before an international criminal court or tribunal. This is a proposal for an international criminal tribunal for cyberspace. A tribunal should have the power to prosecute persons responsible for the most serious cybercrimes of global concern in accordance with provisions in a statute. The potential tribunal may be necessary for future law enforcement efforts across national borders. Next slide, please. Today, there is no international court or tribunal for serious criminal acts committed in cyberspace. Is there a need for one? In my opinion, yes. Next slide, please. The most obvious alternative should be a separate international criminal tribunal for cyberspace based on a United Nations Security Council decision. An international criminal tribunal may be seated in The Hague. The tribunal may prosecute anyone who commits any of the cybercrimes included in international cybercrime law. It will be a signal for the United Nations and the global community that cyber attacks are no longer tolerated. INTERPOL will also in the future coordinate law enforcement across national borders. The INTER- POL Global Complex will be established and operational in Singapore in 2014, including enhancing preparedness to effectively counter cybercrime. Singapore may thus be an alternative seat for an international criminal tribunal for cyberspace. It would open up the possibility of assistance and cooperation with an outstanding investigation institution, thus enabling the global justice to promote the rule of law and ensure that the gravest international cybercrimes do not go unpunished. The existing UN-based tribunals have proven that efficient and transparent international justice is possible [198] Georgetown Journal of International Affairs

11 PANEL 2 International Engagement on Cyber 2012 and they have been setting important precedents for future international law enforcement. Next slide, please. Global cyber attacks against critical civil and military communication and information infrastructures should be included in a draft treaty for a global statute since it had not yet been regulated by international law or in regard to which the law has not yet been sufficiently developed in the practices of states. The most important article should include massive and coordinated global cyber attacks against civil and military communications and information infrastructures. Next slide, please. And here, you should see a proposal for a text. I will not go through it, because I have a time limit. So I ask for the next slide, please. The prosecutor s office in the tribunal should be responsible for investigation and prosecution of persons committing the most serious cybercrimes of global concern. The current law enforcement requests across national borders may often be very slow and complicated, especially for requests including social networks in cyberspace. In a serious murder case in Norway, the response by Facebook took almost a year and was sent to the prosecutor one day before the court trial opened. And in the world s most serious murder case in 2011, where 68 young people were brutally murdered one by one in addition to the destruction of three government buildings and death of an additional nine people, it is already obvious that all the responses from Facebook will not be available before the court trial opens in Oslo next week. The requests were sent several months ago. The prosecutor s office must also have the power to seek assistance in investigations by a global virtual task force. A task force may be established by key stakeholders, including private The prosecutor s office must also have the power to seek assistance in investigations by a global virtual task force. industry, nongovernmental organizations, and the global enforcement through INTERPOL. Working in partnership with global virtual task force may be necessary for effectively combatting global cybercrimes, especially for delivering real-time responses to cyber attacks. The Metropolitan Police Central E-Crime Unit in partnership with a task force in the United Kingdom and the National Cyber Investigative Joint Task Force chaired by FBI in the United States may be used as models for a global virtual task force. Next slide, please. The International Telecommunications Union, ITU, in Geneva launched in 2007 the Global Cyber Crime Agenda for a framework where the international response to growing challenges on cybersecurity could be coordinated. In order to assist the ITU in developing strategic proposals a global higher level expert group, [199]

12 LAW ENFORCEMENT EFFORTS ACROSS NATIONAL BORDERS HLEG, was established. This group of almost 100 persons from around the world delivered the chairman s report and the global strategic report in 2008 with a recommendation on cybersecurity and cybercrime legislation. I was the chairman for this group. After the four main working groups have since been established in order to make recommendations for new international legal responses to cybercrime, we have them for a comparative study on cybercrime, was adopted by the United Nations General Solution in its Resolution This study framework includes the topic, I quote, with a view to examining options to strengthen existing and propose new national and international legal or other responses to cybercrime, end of quote. The East-West Institute has on June 27, 2010, established a Cybercrime Legal Working Group in order to advance consideration of a treaty or a set of treaties on cybersecurity and cybercrime. The members are independent, nonpolitical, nonpartisan, global experts on cybersecurity and cybercrime. The working group is a follow-up of the HLEG work in Geneva and shall develop recommendations for potential new legal mechanisms on combating cybercrime and cyber attacks and develop a consensus building set of proposals related to international law. The United States and European Union have also established a working group in cybersecurity and cybercrime. Among the efforts, I quote, advancing the Council of Europe Convention on Cybercrime, including a program to expand a session by all EU member states in collaboration to assist states outside the region in meeting its standards and become parties, end of quote. And the fourth working group is a British Commonwealth working group established in 2011, and we will see what all these four working groups will deliver. Next slide, please. The proposal for an international criminal tribunal for cyberspace is ambitious. It may take some time, but whatever the outcome, something must be done. I started with a quotation and would like to end my presentation with a quotation. Another one, I quote, Those who fail to anticipate the future are in for a rude shock when it arrives, from Peter Grabosky of Australia. Thank you very much for your attention. SHAWN HENRY: Excellent. Thank you, Judge. Our final speaker here on our panel here this morning, Mr. Noboru Nakatani, Executive Director of INTER- POL s Complex for Innovation in Singapore, effective here in April. Yes. He previously held the post of Director of Information Systems and Technology at INTERPOL s General Secretary at Headquarters, was a Special Advisor to the Commissioner General of Japan s National Police Agency, and while at the NPA also served as a Senior Assistant Director for Cybercrime as well as Executive Officer to the Minister of State and the Chairperson of the National Public Safety Commission. He will be talking about INTERPOL and how it assists its members in the cyber domain, on the heels of talking about our investigators, some of our legal issues, and then some of the judi- [200] Georgetown Journal of International Affairs

13 PANEL 2 International Engagement on Cyber 2012 cial issues. Sir? NOBORU NAKATANI: Shawn, thank you so much for your introduction. Good morning, ladies and gentlemen. Let me start my talk by speaking about what INTERPOL is, as I assume that some of you are not familiar with INTERPOL. Then I will talk about what INTERPOL has done to connect police for a safer world, and, lastly, I would like to talk about what INTERPOL will do for a safer cyberspace. Next slide, please. What we can do? As our vision is connecting the police for a safe world, INTERPOL facilitates international cooperation, police cooperation by developing and then delivering a high-tech information services. Some people may see INTERPOL as the organization who has some sort of international special agent who carries a gun and then travels across the world to chase the criminals. That is not the reality of the INTERPOL. That type of INTERPOL will probably exist in the Hollywood movies only. In reality, INTERPOL is not the investigative organization who has authority to open the case and then arrest the criminals. What we ensure is that the police community worldwide has access to the unique global databases of criminal and police information. Let me show you one of the unique databases we have provided member countries, including the United States, of course, and how it works for a safer world. Next, please. INTERPOL maintains the only global repository of stolen and lost travel docs. This database is populated by our 119 member countries and used mainly for immigration process at the airport and the seaport. And just remember the number of the record, 24 million records in 2010 and 31 million records at the end of Next, please. Just to take a look at the number of searches conducted by member countries, in 2010 our member countries searched this database almost a half-billion times recording more than 42,000 positive matches. What is important is that oh, by the way, most frequent user in 2010 was the United Kingdom. By 2011, that is the United States. In 2012 so far, the United States is most frequent user. What is important is that this has turned out to be very much effective tools to combat transnational organized crime. What if in the coming years, as a consequence of tighter security of the physical borders, thanks to the INTERPOL SLTD travel document database, more criminals would go to voucher borders. That is our concern. Next, please. Cybersecurity. In fact, the use of the Internet has changed the nature of the policing and national security as well. It is obvious that organized crime groups use the internet in various ways to make profit. Organized crime groups actually buy in cyber exports when needed; for instance, to mask their crime. I can say that we have realized that internet is vulnerable. It is very easy to attack. It is very difficult to secure. I even could say that it was not designed to be secure. Cyber criminals are fully taking advantage of the vulnerabilities of the Internet and evading law enforcement investigations. I presume that most of you here are aware of it. Cybersecurity is a global problem and transnational problem. No nation can ignore it, but at the same time, no [201]

14 LAW ENFORCEMENT EFFORTS ACROSS NATIONAL BORDERS nation can solve the problems of cybersecurity on its own. Global problems need global solutions. Next, please. Then what are we supposed to do in this matter? We at INTERPOL don t want to see cyberspace become more secure but less free as a result of tackling challenges of the cybersecurity. So this is a truly challenging issue. To respond to it INTERPOL decided to establish the INTERPOL Global Complex for Innovation, so as to better provide our member countries with cutting-edge tools to fight against 21st century crime, such as cybercrime five key activity areas, as shown here. All areas can be more effective together than alone. In particular, international investigation support must be attained with the combination of other four areas. The challenges we are facing in cybercrime investigations are mainly attribution and consequences. It is very difficult to track back the computers used for crime and the very person behind click of mouse. It is very challenging. So in order for law enforcement to better bring cyber criminal into justice, it would be great if we would have internationally accepted or There are no borders in cyberspace... [yet] the governments will have to be accountable somehow. and digital crime. So this complex is now under construction in Singapore. The actual site of this complex is just across the U.S. Embassy in Singapore, just for your information. It is pretty much prime location. This complex will be fully operational in early Next, please. Complementing the General Secretary in France, this complex is focusing on the following four functions. You can see number one, number two, number three. So through these four functions, it is envisaged that police worldwide will be able to provide their citizens with the same level of safety on the street and on the internet as well. This is our vision. Next, please. Concerning the need expressed by our member countries, we envisioned the work of INTERPOL Global Complex to be grouped into agreed cooperation which enforced the nations to be responsible for their residents as well as the cyberspace in their territory. Perhaps in this context, we may want to realize the notion, there are no borders in cyberspace, and that nations have only minimal law could be wrong. So the governments will have to be accountable somehow for these things. Next, please. In this context of the ICC initiative, we will take the multidisciplinary approach with the key word of innovation for secure-free cyberspace, the three piers. We will mention the third one, harmonizing global effort to fight against cybercrime. We don t need to invent the wheel. We just tried to harmonize existing, ongoing effort taken by various countries, various regional and international organi- [202] Georgetown Journal of International Affairs

15 PANEL 2 International Engagement on Cyber 2012 zations. We know that this is a very challenging job, but we should be very much optimistic to make it happen. Thank you. SHAWN HENRY: All right. Great conversation here with some folks who clearly have expertise in this particular area. I think what I would like to do now, we have got a few minutes here to open it up to the audience and, again, I encourage you to take advantage of our experts here, subject-matter experts, to ask the questions as it relates to either the investigative issues, some of the legislative issues, judicial issues, or INTERPOL generally. And I will start with my friend right here on the left. ATTENDEE: [Inaudible] from Chun Micro. I have a question about electronic forfeiture. In your investigations and in your efforts to go after hackers as a whole and all of the monies that they trade and they move out of systems, is there no effort to regulate the alternative payment channels or to create legislation that would allow for the electronic forfeiture of the assets that are held by hackers and hacker communities? SHAWN HENRY: Who is your question to? ATTENDEE: Anyone that wants to answer it. [Laughter.] ZAHID JAMIL: I can speak for my country, for instance, and I can say in some of the Commonwealth countries, you have the similar provision. When I wrote legislation on electronic payments, we took some of the EU legislation and also the EFD Act here in the U.S. and sort of married them in a sense. And there are provisions specifically. There are criminal provisions there that actually allow us to go after people, and it is actually an electronic fraud and forgery provision there, and, therefore, any processes of that crime basically can be seized and forfeited. So I can speak to my country; yes, I ve made sure that s there. ATTENDEE: So the electronic assets themselves can be forfeited? ZAHID JAMIL: Digital. It actually says electronic and digital. It doesn t have to be paper. It doesn t have to be money. It doesn t have to be checked. We define it as electronic digital payments. ATTENDEE: And then my followup would be, has there been any effort to go after the alternative payment channels or money services businesses that have been complacent in enabling the laundering of the funds associated with cyber? ZAHID JAMIL: Well, that surely resonates with one of the cases I was partially advising on with our law enforcement, where there was a money changer, not one, but the biggest money changer in the country, and there was an acquisition of terrorist financing. And not only was the regulatory aspect and the licensing that was shut down, but there was actual search, seizure, an operation that was conducted. And they [203]

16 LAW ENFORCEMENT EFFORTS ACROSS NATIONAL BORDERS found there was an parallel system that was running on the back of this license where it was electronic. It was all done through the Internet, and all the evidence was electronic. A lot of people lost money because of that because it just went up in the air, but, eventually, they tracked and traced money down. Those people have been convicted and there are parts of that case that are still ongoing. ATTENDEE: Thank you. SHAWN HENRY: That s a great question. When you talk about threat mitigation and some of the things that we are talking about today, not necessarily the prevention side, but how do you mitigate the threat, impacting the infrastructure is critical and so in the physical world we look at money transfers and how do we impact the adversary by attacking the infrastructure. In financial world or in the cyber world, rather, you see the exact same thing. In a similar related issue with the FBI, we actually seized domain names and were able to take over command and control servers for botnets and were actually able to impact the threat via seizure, search and seizure in that regard, where we targeted the infrastructure in particular. So a good question. Thank you very much. Another question from the audience? All right. We can only do one at a time now. Please don t rush to the microphones. [Laughter.] SHAWN HENRY: Let me ask a question then, if I could, to Adrian. Chip. One of the challenges that I see regularly in the cyber environment and a couple of speakers today have alluded to, and that s attribution. We see oftentimes we are able to identify a particular computer that is involved in some type of a cybercrime or a cyber network attack, but actually identifying the individuals behind that computer is a challenge. I am wondering from the Romanian perspective some of the efforts you have taken in trying to determine attribution against particular actors. ADRIAN CIPRIAN MIRON: Well, as I said, one of the reasons why cybercrime division was created, it needed to create a good partnership between the public and private sector, and this is a partnership that was built since 2000 with Internet service providers. So I think we can identify in real time or real time, I am not sure what means real time in this matter but anyway, we can identify people who try to hide behind an Internet IP address very, very quickly. In our efforts, we always try to find the best way and to learn from our international partners And I think in Europe things are working pretty well, and we always try to develop our relationship with the U.S. authorities. And we still have many things to do, I guess, in combatting the cybercrimes. We are pretty effective, but in preventing them, not quite, and I am not sure if we can actually prevent something at this level, but I am confident that in the near future we will try to find the best tool to fight this and to prevent it if possible. SHAWN HENRY: Good. Thank [204] Georgetown Journal of International Affairs

17 PANEL 2 International Engagement on Cyber 2012 you. We have a question from the audience. ATTENDEE: Thank you. Jason Healey from the Atlantic Council. I have never worked law enforcement myself and so it s a question as an outsider. And maybe this is to you, Shawn or Nakatani-san. Being an outsider, it seems like, for the authorities or energy to get involved on Internet policy and MPAA and RIAA kinds of takedowns, I see headlines on that all of the time and have been for 10 or 15 years, very much more so compared to the energy authorizes or takedowns that we see for cybersecurity. Is that a valid opinion, or am I just not seeing some things? So, to summarize the question, are you as law enforcement able to do more if there are movie downloads or music or fake goods than you are for cybersecurity? If that is true, do you think that s right, and how can we try and achieve some of the success that we do for piracy? Thank you. SHAWN HENRY: Well, I see them as two separate issues with an overlap and some similarities. Certainly, when you are talking about cyber intrusions, we are talking about, in many casesm the theft of intellectual property. As it relates to Internet piracy and people that are hosting movies and the like, from an investigator perspective, it wasn t our top priority. We were looking at the people who were targeting. We were looking at the actual actors, the organized crime groups, the individuals that were targeting the infrastructure. If as a result part of that was piracy, certainly we would pursue that, but from our perspective or from the FBI s perspective I guess I can t say our anymore; that s sad, it s only been 10 days. The top priority within the FBI was always critical infrastructure as the most significant in our clear defense contractors, those that were contributing to the national security of the country and actually the world, and I think our partners were similar. So movies and the like are certainly something that s important and we ve looked at. But in a priority perspective, critical infrastructure has always been a much more significant priority. Please. NOBORU NAKATANI: In terms of the taking down the site, the internet site where it sits from, as you know, the IPR on the internet is simply pathetic. And now the point is simply location of actually where the internet providers are, because now cloud computing is everywhere. We don t know where the data is. So we need to find out who physically owns it and has it. Then in terms of the cloud computing, at the end of the day, it depends on the physical things, the routers... et cetera, and then all of these things are located in the physical world. And then those things are owned by somebody, and the somebody is subject to the sovereignty of a specific government and the nation. So I would say unless nations are, in a way, responsible for something in their territory, taking down something or protecting something would be very much difficult. That is my view. Thank you. SHAWN HENRY: Zahid? [205]