The FBI has appealed to the IT industry, and specifically to the cyber security industry, to help it pursue cyber criminals across international borders, insisting US government investigations are “at the whims of ISPs”.
Just days after a US court ruled that all global cloud companies must hand over their data if it resides on US company-owned servers, Michael J Driscoll, assistant legal attaché at the FBI for the Embassy of the United States of America, told attendees at Infosec: “In 18 years, I’ve never seen a threat that requires greater involvement by the public than cyber issues.
“I can’t get out and conduct cyber investigations until you open the door for us. Folks out there in the information security world are the frontline in helping us identity the threat and eliminate it. We are at the whims of internet service providers to open the door for us.”
When asked about the recent ruling on international data access, which concerned Microsoft directly, Driscoll replied: “Anything we collect has to go through a series of steps, so even though Microsoft will allow us access to servers overseas, it’s an interpretation of the law.
“We still have to go through the process of getting a court approval to obtain that, so just as Microsoft says now they’ll let us access the data, we still have to come having gone through a court process.”
To clarify, Driscoll explained, “So that has been approved by a court, and Microsoft is now saying ‘Yes, you can access it’.
“The more intelligence we have, the better we are able to address these threats,” concluded Driscoll.
Driscoll did not mention Prism and allegations that the US government has been secretly tapping corporate communication networks, saving emails, and recording millions of phone calls over a period of several years.
While the director of the NSA, James Clapper, has been interpreted as admitting the existence of Prism and its use of legal “loopholes” to carry out its surveillance, attempts by various US organisations to take the government to court over the surveillance action have so far been ineffective.
Lee Miles, deputy head of the newly-formed UK National Cyber Crime Unit, backed up Driscoll’s pleas for support in global surveillance, saying: “Most of our evidence is sitting outside of our jurisdiction. We can’t seize the laptops or towers from criminals that have the evidence on them, as they’re all in the cloud.
“That brings huge amounts of challenges around the legal frameworks we’ve got to comply with. And one thing we have to do is comply with the law within the UK, but also within the jurisdictions we’re working with. Otherwise, the whole case would collapse.”
Miles also offered to recruit “special constables” from the Infosec audience of cyber security experts, explaining that his agency requires an “operational bruiser that can operate on the internet”.
Watch the video below for the latest in IT news from Computing.