Category: Federal Bureau of Investigation FBI Crime News

Source: Federal Bureau of Investigation FBI Crime News

I. Introduction

Chairman Durbin, Ranking Member Graham, distinguished members of the Committee, thank you for the opportunity to speak to you about Section 702 of the Foreign Intelligence Surveillance Act (FISA), the vital intelligence authority which, along with other FISA provisions, will expire at the end of this year unless Congress renews it.

Section 702 authorizes the Intelligence Community to collect critical foreign intelligence information about foreign targets located outside the United States with the compelled assistance of U.S. communications service providers. In the fifteen years since its enactment, Section 702 has proven indispensable to U.S. national security. Every day it helps protect Americans from a host of new and emerging threats—such as terrorist plots, weapons of mass destruction, malicious cyber activity, and hostile state behavior from China and Russia.

As described below, Section 702 is an elegant solution to an operational challenge created by the advent of the Internet and changes in the technology supporting international communications. It authorizes the Intelligence Community to collect vital intelligence overseas while requiring the Intelligence Community to comply with rigorous safeguards that protect the rights of Americans. It is a cornerstone of our Intelligence Community’s efforts to identify and understand a broad range of challenges our country faces in an increasingly complex and dangerous world. And it remains a paradigmatic example of congressional leadership in national security. Without it, the United States and its allies and a partners would be less safe.

Presidents of both parties have strongly supported it and attested to Section 702’s importance to national security. Congress, recognizing Section 702’s critical value and stringent protections, has three times voted on a bipartisan basis to authorize it, first in 2008, and then in 2012 and again in 2018. If Congress allows this authority to lapse, or renews it in a diminished form, the United States will lose access to critical intelligence about strategic national priorities and threats around the world.

Section 702 is subject to robust privacy protections and oversight by all three branches of government. This structure enables the government to proactively identify, transparently disclose, and swiftly address compliance risks. For example, the Department of Justice (DOJ) and Federal Bureau of Investigation (FBI) recently imposed additional safeguards in response to compliance incidents related to procedures for accessing data lawfully collected through Section 702.

This Committee plays an important role in overseeing this critical surveillance authority, and we stand ready to provide you with the information you need regarding the use of Section 702. The executive branch is committed to working with the Committee and the rest of the Congress on reforms to further enhance privacy protections while fully preserving the efficacy of this vital national security tool.

Today we will illustrate the immense national security value of Section 702; describe its origin and legal structure; outline its compliance regime; and address concerns regarding privacy, particularly with respect to U.S. person queries of Section 702 data.

II. The Value of Section 702 Collection

Section 702 provides foreign intelligence information that is indispensable to protect the nation against national security threats. It has proved invaluable in protecting American lives and U.S. national security. There is no way to replicate Section 702’s speed, reliability, specificity, and insight. In many cases, Section 702 is the sole source of our information about foreign threats to the United States and its people.

Section 702 has been tremendously effective in combatting international terrorism, the dominant national security concern when Congress initially enacted the authority. In 2009, for example, Section 702 helped foil an active plot to bomb the New York City subway. National Security Agency (NSA) analysts relied on Section 702 to acquire the email communications of a suspected Al-Qa’ida courier in Pakistan and discovered a message sent by someone in the United States seeking advice about making explosives. The FBI identified that person as Najibullah Zazi and was able to disrupt his plot in time to save countless lives. Moreover, Section 702’s value to the government’s efforts to counter international terrorism continues to the present day. Just last year, in July 2022, Section 702 played an important role in the strike against Al-Qa’ida’s leader, Ayman al-Zawahiri. Section 702 collection contributed significantly to our knowledge that alZawahiri was living in a safe house in downtown Kabul.

Section 702’s utility extends well beyond counterterrorism. It provides critical insights on some of the most urgent threats to U.S. national security.

• Section 702 has been used to identify ransomware attacks on U.S. critical infrastructure, and multiple attacks have been identified and defended against because of Section 702 collection.
• For example, Section 702 played an important role in the U.S. Government’s response to the cyberattack on Colonial Pipeline attack in 2021. Using Section 702, the Intelligence Community acquired information that verified the identity of the hacker, as well as information that enabled U.S. Government efforts to recover the majority of the ransom.
• Section 702–acquired information related to sanctioned foreign adversaries was used in U.S. government efforts to stop components for weapons of mass destruction from reaching foreign actors.
• Section 702 information has identified key economic security risks, including strategic malign investment by foreign actors in certain U.S. companies.
• Section 702 collection has helped identify when hostile foreign intelligence services are trying to send their operatives into the United States to recruit spies here in the United States.
• Finally, Section 702–acquired information revealed:
  • insights that have informed the U.S. government’s understanding of the Chinese origins of a chemical used to synthesize fentanyl;
  • foreign actors’ illicit plans to smuggle methamphetamine across the U.S. border;
  • the quantities and potency of drugs, including fentanyl, destined for illegal transfer to the United States, as well as specific smuggling techniques used to avoid detection; and
  • a foreign narcotics trafficker’s purchase of a vast quantity of pills for transfer to the United States.

Today, Section 702 not only helps defend and protect the United States but also helps advance U.S. foreign policy priorities around the world. For example:

• Section 702 has helped uncover gruesome atrocities committed by Russia in Ukraine—including the murder of non-combatants, the forced relocation of children from Russian-occupied Ukraine to the Russian Federation, and the detention of refugees fleeing violence by Russian personnel. This and other information have helped the U.S. government to galvanize accountability efforts related to Ukraine by confidently and accurately speaking to the international community about Russia’s atrocities.
• Section 702 data helped expose efforts by foreign powers, including China, to coerce nations to oppose international responses to human rights violations. This reporting enabled U.S. diplomats to assist countries in shielding themselves from coercion and influence.
• In 2021, Section 702 data enabled U.S. diplomats to demarche a Middle Eastern country over its efforts to monitor and track dissidents abroad, as well as dissidents here in the United States.
• In 2022, Section 702 data was vital in warning the international community, the private sector, and the public about efforts by North Korea to deploy information technology workers to commit fraud against a global industry, including against US businesses, to generate revenue for its nuclear program.

Section 702 plays a key role in advancing the missions of each of our agencies.

• Central Intelligence Agency (CIA): At CIA, Section 702 collection enables missions against the full range of foreign intelligence priorities—including all adversarial nation states, counterproliferation, cyber, counterintelligence, counternarcotics, and counterterrorism—and is foundational to our analysis in support of policymakers. Section 702 collection illuminates actionable opportunities against foreign individuals and networks of intelligence concern more comprehensively than any other single data source; for example, Section 702 collection enabled over 70% of the successful weapons and counterproliferation disruptions supported by CIA from 2018 to2022. Section 702 has also been used in efforts to prevent U.S. technology being acquired by adversaries for their advanced weapons programs, and Section 702 supports CIA’s ability to run safe human intelligence operations abroad and gain invaluable insight into human assets, the individuals who have put their lives on the line to work for the United States.

  Moreover, every day CIA analysts produce dozens of products to inform the President, Congress, and other senior officials within our government, and a sizeable proportion of the intelligence that goes into these products comes from Section 702 collection. To take one example, the WIRe—or the World Intelligence Review—is one of CIA’s primary tools for disseminating intelligence electronically. CIA analysts cited at least one FISA Section 702 intelligence report in nearly 40% of WIRe products published over the past year. FISA Section 702–derived intelligence reports are published by several agencies, and they are most-often cited in WIRe products on some of our most critical intelligence targets.

• National Security Agency: Section 702 is essential to NSA’s foreign signals intelligence (SIGINT) mission: Approximately 20% of NSA reporting in 2022 contained Section 702 information, and 702 also plays a significant role in enabling SIGINT collection under other authorities. Intelligence obtained from Section 702 has protected U.S. and allied forces, stopped significant terrorist plots, and prevented cyber-attacks. Section 702 also regularly provides NSA with insights into the strategic intentions of China, Russia, Iran, and North Korea. Across all of NSA’s mission areas, this authority is an invaluable resource. 100% of the President’s intelligence priorities topics reported on by NSA were supported by the Section 702. With Section 702, NSA’s ability to provide intelligence on the most significant threats to our nation would be significantly diminished.
• Federal Bureau of Investigation: Section 702 collection is critical to the FBI’s ability to fulfill its unique role and responsibility in the Intelligence Community, which is focused on protecting the homeland, and Americans, from foreign threats. The FBI uses Section 702 across the entire range of its national security investigations: to go after foreign terrorist organizations seeking to conduct attacks within the U.S., counter foreign spies and proliferators, and get in front of increasingly sophisticated and prolific foreign cyber actors targeting Americans.

  Section 702 is a particularly, and increasingly, important tool in the FBI’s mission to protect the United States and its critical infrastructure from malicious foreign cyber activity. Its agility is especially important in a technology environment where those foreign cyber actors can move to new communication accounts and infrastructure in a matter of hours, if not minutes. Section 702 produces valuable insight the FBI uses to notify victims who often don’t know they’ve been compromised, warn targeted entities who are likely to be compromised next, and provide unclassified threat intelligence to help mitigate active or recent intrusions and prevent potential future incidents

Many of the most significant examples of the utility and importance of Section 702 remain classified by virtue of the need to protect intelligence sources and methods. While classified examples are available to this Committee, it is essential that the legislative and public discussion of these authorities be informed, to the extent possible, by concrete examples of its value. To that end, the Intelligence Community is working to declassify additional examples of the role Section 702 plays in defending the United States and its citizens.

III. Overview of Section 702

Origin of Section 702

When Congress first passed FISA in 1978, it primarily intended for the law to regulate surveillance activities inside the United States. The advent of the Internet and changes in the technology supporting international communications led to significant unintended consequences in the operation of FISA. As a result of these technological changes, terrorists, hackers, spies, and other foreign intelligence targets abroad used communications services based in the United States, including those provided by U.S.-based Internet service providers (ISPs).

Prior to the enactment of Section 702, when the Intelligence Community wanted to collect communications between, for example, two terrorism targets both located overseas who happened to be using a U.S.-based ISP, the government was required to obtain a court order under Title I or Title III of FISA (“traditional FISA”) from the Foreign Intelligence Surveillance Court (FISC). A traditional FISA order requires that the government demonstrate probable cause that the target is a foreign power or an agent of a foreign power and, in the case of Title I orders, that the target is using or about to use the targeted facility, such as a telephone number or an email account. Requiring individual court orders for intelligence collection aimed at non-U.S. persons abroad was both extraordinarily burdensome operationally and unnecessary legally, because the Supreme Court has held such individuals are not entitled to Fourth Amendment protections. Indeed, no other country is known to require individualized court orders to authorize intelligence activities targeting foreigners outside their borders.

Requiring traditional FISA orders became operationally unsustainable in the years following the 9/11 terrorist attacks because of the increasing terrorist threats emanating from overseas to the United States and our allies. In 2008, against this backdrop, Congress enacted Section 702 as part of the FISA Amendments Act (FAA).¹ As mentioned above, Section 702 authorizes the government, with the approval and oversight of the FISC on a programmatic basis, to compel the assistance of providers in the United States in obtaining communications of non-U.S. persons located outside the United States to acquire foreign intelligence information. It allows the government to target for collection only foreign targets located overseas that are reasonably assessed to have foreign intelligence information. 

The statute also provides for comprehensive oversight by all three branches of government. This ensures the information collected about non-U.S. persons overseas is used responsibly and protects the constitutional and privacy interests of Americans whose information may be incidentally acquired when collecting foreigners’ communications.

Legal Structure

Under Section 702, the FISC approves annual certifications submitted by the Attorney General and the Director of National Intelligence (DNI) that specify classified categories of foreign intelligence that the government is authorized to acquire pursuant to the authority. The certifications serve as the legal basis for targeting specific non-U.S. persons outside the United States. Based on the certifications, the Attorney General and the DNI can direct U.S. communications service providers to assist in collection against authorized Section 702 targets. The FISC also reviews and approves the agencies’ targeting, minimization, and querying procedures on an annual basis.

Multiple provisions ensure that targeting is properly aimed at non-U.S. persons located outside the United States who are likely to possess, receive, or communicate foreign intelligence information that falls within one of the specified categories. First, the law requires the Attorney General and the DNI to certify that a significant purpose of an acquisition is to obtain foreign intelligence information. Second, only non-U.S. persons may be targeted. Third, the government may not target any person known at the time of the acquisition to be located in the United States at that time, regardless of whether they are a U.S. person. Fourth, the government may not target someone outside the United States for the purpose of targeting a particular known U.S. person or anyone in this country (“reverse targeting”). Fifth, Section 702 protects domestic communications by prohibiting the intentional acquisition of “any communication as to which the sender and all intended recipients are known at the time of the acquisition” to be in the United States. Finally, of course, any collection must be consistent with the Fourth Amendment.

Targeting and Acquisition

An agency requesting authority under Section 702 must propose for court approval detailed procedures to ensure that it targets only non-U.S. persons outside the United States and also that it does not intentionally acquire domestic communications. The National Security Agency (NSA) initiates all Section 702 collection. NSA’s targeting procedures require that there be an appropriate foreign intelligence purpose for the acquisition and that a “selector” associated with a particular target—like a phone number or e-mail address—be used by a non-U.S. person reasonably believed to be located outside the United States. An analyst must conduct due diligence to identify information in the NSA’s possession that may bear on the location or citizenship status of the potential target. NSA’s basis for obtaining communications associated with a particular selector must be documented, and DOJ reviews the documentation for every selector.

Under Section 702, each target is approved for tasking based on an individualized determination. The Intelligence Community has reported that approximately 246,073 targets were authorized for collection under the Section 702 program in 2022.

FBI and CIA do not initiate Section 702 collection but may nominate selectors to NSA for collection.² FBI, CIA, and NCTC also do not receive all Section 702 collections, but only a small fraction relevant to their respective missions. For example, FBI may receive information only as to those Section 702 targets that the FBI determines are relevant to a full, predicated FBI national security investigation. As of 2022, that amounted to approximately 3.2% of all Section 702 targets.

Minimization, Querying, Dissemination, and Use

Under the statute, each agency must have its own minimization procedures. These impose strict controls with respect to all acquired data, regardless of the nationality of the individual to whom the data pertains. All personnel who are granted access to Section 702 information are required to receive training on the minimization procedures. The minimization procedures specify the duration of time for which data can be retained.³

Since 2018, the statute has required the government to have separate procedures governing queries, which had previously been addressed as part of minimization procedures. Queries do not result in any additional collection. Rather, they allow an agency to quickly and effectively locate foreign intelligence information within what the agency collected previously through the use of Section 702. The query procedures limit the ways in which personnel can query Section 702 data using a term that is associated with a U.S. person, such as a name or telephone number. As discussed further below, U.S. person queries of Section 702 collection help us detect and evaluate connections between lawfully targeted non-United States persons involved in terrorist plots, cyber attacks, and other national security threats and U.S. persons.

Queries are subject to a three-part standard. First, the query must have an authorized purpose: to obtain foreign intelligence information, or, only in the case of the FBI, to obtain evidence of a crime. Second, the query must be reasonably designed for that purpose. And third, there must be a specific factual basis to believe the query is reasonably likely to retrieve foreign intelligence information or evidence of a crime. As described below, the Intelligence Community and DOJ in recent years have taken steps to impose additional privacy safeguards surrounding querying of Section 702 data.

There are also additional controls on the dissemination and use of Section 702–acquired information. An agency is permitted to disseminate information identifying a U.S. person to other entities only under the limited exceptions in the minimization procedures, for example, when such information is foreign intelligence information, necessary to understand foreign intelligence information or assess its importance, or evidence of a crime. The statute dictates that all FISA-acquired information, including Section 702 information, may be used in a criminal proceeding only with the approval of the Attorney General. Additionally, the government must give notice to individuals if the government intends to use information against them that is either obtained or derived from Section 702. The statute also prohibits the use in a criminal proceeding of any communication to or from, or information about, a U.S. person acquired under Section 702, except for crimes involving national security or in a limited set of additional enumerated serious crimes.⁴

IV. Privacy Protections: Compliance, Oversight, and Transparency

The government is committed to ensuring that the Intelligence Community’s use of Section 702 is consistent with the law, complies with FISC orders, and protects the privacy and civil liberties of Americans. By approving the annual certifications, as well as the targeting, minimization, and querying procedures, the FISC plays a central role in ensuring that Section 702 activities are conducted lawfully—consistent with statutory and constitutional requirements. The FISC may require the government to provide additional filings and testimony at hearings to ensure that the court has a full understanding of the operation of the program. In addition, on multiple occasions, the FISC has appointed amici curiae to address Section 702–related legal questions. In the annual evaluation of whether a proposed certification meets all statutory and constitutional requirements, the FISC makes findings regarding the operation of the program and the government’s compliance record.

Internal components in each agency with access to Section 702 information, including Inspectors General, oversee activities conducted under the authority. All Section 702 targeting decisions made by NSA are reviewed at least three times—by the drafting analyst, the more senior analyst, and a specifically trained adjudicator—prior to tasking and are further reviewed by NSA compliance personnel and DOJ National Security Division (NSD) personnel after tasking. CIA and FBI require multiple layers of review before nominating selectors to NSA for tasking to Section 702. NSA, CIA, and FBI require that all personnel who nominate selectors for tasking under Section 702 or task selectors complete training on targeting, minimization, and querying procedures, as well as on other agency policies.⁵

DOJ personnel routinely review the agencies’ targeting, querying, minimization, and dissemination decisions. This oversight includes DOJ’s review of all tasking decisions by NSA and reviews at least once every two months at NSA, FBI, CIA, and NCTC to assess each agency’s compliance with its legal procedures. In addition, agencies conducting activities under Section 702 must report promptly to DOJ and to ODNI incidents of noncompliance with the targeting, querying, or minimization procedures. NSD attorneys investigate each potential instance of non-compliance and work with the agencies to remediate any such instances. NSD reports any incident of noncompliance with the statute, court orders, or the approved legal procedures to the FISC and to Congress.

As required by FISA, NSD submits reports regarding the government’s use of Section 702 to the congressional intelligence and judiciary committees at least every six months. These semiannual reports are also provided to the FISC and include a description of every identified Section 702 compliance incident in the reporting period. NSD and ODNI also prepare semiannual joint assessments focused on compliance incidents impacting U.S. persons, compliance trends, and remedial measures. The joint assessments are provided to both Congress and the FISC. The FISA statute also requires the government to provide Congress with any pleading, FISC opinion, or order that contains a significant interpretation of the law.

The Intelligence Community and DOJ work to be as transparent as possible with the public regarding the operation of the Section 702 program, consistent with the need to protect sources and methods. We have declassified and released FISC opinions regarding the authorization and operation of the Section 702 program. DOJ has provided to Congress every Section 702 opinion the FISC has issued to date. In addition, by statute, DOJ is required to produce to Congress any FISC opinion that includes a significant construction or interpretation of any provision of law or a novel application of any provision of FISA. Relatedly, the DNI, in consultation with the Attorney General, is required to publicly release such opinions containing a significant construction or interpretation of any provision of law.

V. Query Compliance and Remedial Measures

In recent years, a key oversight focus has been on queries of Section 702 information, in particular those involving U.S. person identifiers. As explained above, a query involves using a term to retrieve specific information from an agency’s database of previously collected information. In other words, queries do not return newly collected data but merely retrieve lawfully collected data that is already stored in agency computer systems. 

Queries using U.S. person identifiers, such as a name or e-mail address, are critical to protecting U.S. national security. These queries can identify links between foreign threats and those inside the United States, including those related to terrorism, malicious cyber threats, hostile nation state activity, or other threats to the American people. U.S. person queries are especially important at the early stages of a national security investigation. They can help the government learn critical information needed to protect U.S. victims of malicious foreign adversaries, and they can help the U.S. government learn more about significant threats by foreign surveillance targets in contact with U.S. persons.

This is particularly true for the FBI, which is responsible for protecting the homeland from national security threats emanating from overseas. In many cases, the FBI conducts U.S. person queries to identify U.S. person victims of foreign hacking or spying to enable the agency to warn and protect those individuals. These queries are vital to the ability to protect Americans from terrorism and from escalating cyber and espionage threats. To name but a few examples:

• The FBI U.S. person queries against Section 702-acquired information to identify the extent of a foreign government’s kidnapping and assassination plots. The timely identification of the foreign government’s plans and intentions in Section 702-acquired information contributed to the FBI’s disruption of the plots.
• Through U.S. person queries of Section 702-acquired information, FBI discovered that Iranian hackers had conducted extensive research on the former head of a Federal Department. FBI then notified that individual and the Department of the specific threat, so they could take action to protect them and help secure their accounts.

Just as this tool is critical to protecting the nation, it is vital that the government maintain the trust and confidence of Congress, the courts, and the American public in its use of Section 702 information. In recent years, oversight by DOJ and ODNI has identified serious compliance issues in the FBI’s queries of FISA collection for information about U.S. persons. These incidents were reported promptly to the FISC and Congress, and they are described in detail in court opinions that are now public.

The most recent such opinion, which was issued in spring of 2022 and declassified in May 2023, reflects a number of serious incidents of non-compliance, including improper queries of Americans involved in peaceful protests. These incidents are unacceptable. The FBI, the DOJ, and the entire Intelligence Community are committed to addressing them completely, including by implementing stronger safeguards and accountability mechanisms. All these incidents predated a set of significant reforms undertaken by the FBI beginning in the summer of 2021, which are discussed below and were designed to address the root causes of these incidents and prevent similar errors from occurring again.

In 2021 and 2022, FBI worked with DOJ and ODNI to institute remedial measures that have since significantly strengthened compliance. These measures include:

• Requiring FBI Personnel to “Opt-In” to Query Unminimized Section 702 Information: In June 2021, the FBI changed the default settings in the systems where it stores unminimized Section 702 information so that FBI personnel with access to unminimized FISA Section 702 information need to affirmatively “opt-in” to querying such information. This system change was designed to address the large number of inadvertent queries of unminimized Section 702 information DOJ had identified in its reviews, in which FBI personnel did not realize their queries would run against such collection. 
• Heightened Approvals on Large Batch Job FISA Queries: Also in June 2021, the FBI instituted a policy requiring FBI attorney approval prior to conducting a “batch job” that would result in 100 or more queries. The term “batch job” refers to a capability in one of the FBI’s systems that allows FBI personnel to more efficiently run queries involving multiple query terms. Attorney preapproval is aimed at providing additional review in situations where one incorrect decision could potentially have a greater privacy impact due to the large number of query terms.
• Supplemental Guidance and Mandatory Training on Query Requirements: In November 2021, DOJ, ODNI, and the FBI issued new comprehensive guidance to all FBI FISA users on the proper application of the query rules, and in December 2021, the FBI instituted new mandatory training on that guidance, which personnel were required to complete by the end of January 2022. The FBI expanded and updated this training at the end of 2022. On an annual basis, all FBI personnel with access to unminimized FISA information are required to complete the expanded and updated query training or lose access to FISA systems.
• Requirement for Case-Specific Justifications for U.S. Person Query Terms in FBI Systems: In the fall of 2021, at the direction of the FISC, the FBI modified its systems containing unminimized Section 702 information to require a case-specific justification for every query using a U.S. person query term before accessing any content retrieved by such a query from unminimized Section 702 information. Previously, personnel were permitted to use a pre-populated common justification, when applicable, for the query. These case-specific justifications are subject to review and audit by DOJ as part of its regular oversight reviews.
• New Restrictions and Oversight of Sensitive Queries: In March 2022, the FBI instituted a new policy requiring enhanced preapproval requirements for certain “sensitive” queries, such as those involving elected officials, members of the media, members of academia, or religious figures. Under the new policy, an FBI attorney must review these queries before they are conducted. The FBI’s Deputy Director must also personally approve certain queries before they can be conducted. This measure was designed to ensure that there is additional review at a leadership level of queries that reflect particular investigative sensitivities.

These initial remedial measures are already achieving significant compliance benefits and protecting privacy. For example, the number of U.S. person queries FBI conducted in 2022 was approximately 200,000, more than a 93% decrease from the previous year. Further, the FBI’s Office of Internal Auditing—established at the direction of former Attorney General Barr to audit the FBI’s use of its national security authorities—found an increase in the FBI’s rate of compliance with the FISA query standard from 82% before these measures were instituted to 96% after their implementation.

Implementation of robust privacy protections is not a one-time solution but rather an ongoing and iterative process involving repeated review and evaluation. DOJ and the FBI are continuing to develop additional measures to enhance privacy protections and ensure personnel comply with existing policies.

Compliance reviews conducted by DOJ and ODNI have found that deliberate misconduct with respect to Section 702 information is extremely rare. In those rare cases of intentional misconduct, the individuals involved are referred for investigation and appropriate action—up to and including suspension, revocation of security clearance, or termination. By contrast, the vast majority of the compliance issues that prompted DOJ and FBI’s remedial measures were the result of FBI personnel misunderstanding the rules governing U.S. person queries. For example, in some other instances, FBI personnel queried raw Section 702 information inadvertently, without realizing that the Section 702 dataset was included in the query as a default. However, DOJ and FBI are committed to addressing these unintentional errors, and the remedial measures described earlier are designed to do so; DOJ and FBI are also working to implement additional measures to ensure compliance.

VI. Potential Reforms to Section 702

The Administration is committed to working with Congress to address concerns regarding the use of Section702 and to identify reforms to enhance privacy and civil liberties protections while fully preserving Section 702’s efficacy.

As discussed above, the FBI has imposed a number of remedial measures, the codification of which could serve as the starting point for additional statutory reforms. This would entrench these policies into law, making them hard to undo. The Executive Branch is committed to working with this Committee and the Congress to explore potential additional changes to enhance the authority and its associated privacy, oversight, and transparency functions.

However, it is essential that we pursue reforms that do not impair the benefits of Section 702; doing otherwise would imperil U.S. national security. In particular, more sweeping proposals—such as prohibiting U.S. person queries, imposing a warrant requirement for all such queries, or barring the FBI from receiving Section 702 collection—would force the government to turn a blind eye to threat information that it had lawfully acquired, with potentially grave consequences to our nation’s security.

But there is no need to go down that path. Other reforms would meaningfully enhance Section 702 safeguards while also continuing to preserve its national security benefits. We look forward to continuing to work with this Committee and others in the Congress regarding such proposals.

VII. Conclusion

Section 702 is an indispensable foreign intelligence tool that allows our Intelligence Community to target non-U.S. persons located outside the United States to acquire information critical to our national security. Courts have repeatedly found that Section 702 is consistent with the Constitution and upholds the rights of Americans. Section 702 operates under stringent procedures and is subject to oversight from all three branches of government. In a world in which digital authoritarianism and technological repression are on the rise, Section 702 is a model for democratic countries to conduct intelligence activities consistent with the rule of law.

The government recognizes the enormous responsibility it has to use this tool responsibly, protect the privacy and civil liberties of U.S. persons, and uphold the trust and confidence placed in the law enforcement and intelligence community. We are committed to addressing mistakes, being transparent with you and the American people, and continually reinforcing a system and culture that protects Americans’ privacy and civil liberties. We look forward to working with this Committee on reauthorization of this critical tool that advances our shared goal of protecting the United States.

Source: Federal Bureau of Investigation FBI Crime News

Statement Before the U.S. House of Representatives Appropriations Committee, Subcommittee on Commerce, Justice, Science, and Related Agencies

Washington, D.C.

Source: Federal Bureau of Investigation FBI Crime News

Source: Federal Bureau of Investigation FBI Crime News

“The Safe Online Surfing program is a great way for teachers and families to prepare students for their journey through cyberspace,” said Ken Hoffman, who leads the FBI’s national community outreach program. “The interactive platform helps kids build a digital defense against predators and bullies while teaching them how to be responsible cyber citizens.” 

While taking the course, students guide a robot avatar through six thematic areas, answering true/false, multiple choice, and matching questions along the way. After completing all levels, students will take a final exam.  

Since the program’s launch in 2012, more than 1.6 million students have participated in the SOS challenge. 

The SOS website and its activities are open year-round, both at home and in the classroom. The challenge opens on September 1 and runs through May. Each month during this timeframe, the classes with the top exam scores nationwide will receive an FBI-SOS certificate and, when possible, receive a congratulatory visit from FBI personnel.  

To participate in the challenge, teachers must register their classes at sos.fbi.gov. Teachers manage their students’ participation in the program; the FBI does not collect or store any student information.

Learn more and register your class at sos.fbi.gov. 

Source: Federal Bureau of Investigation FBI Crime News

Moorer, who recently retired from the Navy and concluded his internship, encourages fellow wound warriors to apply, nothing that “I don’t think there’s a better program for you to go get on-the-job experience, exchange knowledge with other people who are very knowledgeable, and get an excellent job opportunity that could end up being the perfect career for you.

Eligibility 

The FBI Wounded Warrior Internship Program is part of the Defense Department’s Operation Warfighter program. This DOD initiative links wounded warriors with federal government internships so that they can gain work experience while recuperating from a wound, illness, or injury. 
 
The program is incredibly competitive, but at this time, there’s no limit on the number of qualified servicemembers who may be selected for internships each year, Keffer said. Thirteen FBI interns are expected to onboard by the end of fiscal year 2023, according to the program. 
 
As long as a field office or Headquarters division has an operational need—and if they believe an applicant is the right fit for the position—the FBI’s Human Resources Division will make the match.  
 
To qualify for the program, a servicemember must: 

• Be an active-duty servicemember, a mobilized reservist, or a member of the Army or Air National Guard
• Be a U.S. citizen
• Be assigned to a Wounded Warrior unit, detachment, or regiment
• Hold an active Top Secret security clearance
• Have at least six months remaining on their service commitment
• Have the ability to travel to and from their assigned worksite
• Meet FBI security and suitability requirements

Interested servicemembers can reach out to their Operation Warfighter coordinator to begin the application process.

Source: Federal Bureau of Investigation FBI Crime News

FBI Child Exploitation and Human Trafficking Task Forces across the country work throughout the year to locate victims and their traffickers. Often, victim specialists are embedded in operations. They serve as a liaison between the victims and FBI agents. They also help victims find services to rebuild their lives. The FBI’s Victim Services Division has a team of child and adolescent forensic interviewers, or CAFIs, who are specially trained interviewers skilled at gathering evidence without further traumatizing children and others with mental or emotional disabilities. These multi-disciplinary teams work with state and local partners to make resources available for victims, which might include counseling, medical services, housing, or job placement.  

“Our victim specialists, victim service coordinators, child and adolescent forensic interviewers, and other victim service professionals work collaboratively with special agents to ensure a trauma-informed, victim-centered approach is taken when engaging with victims,” said Regina Thompson, assistant director of the Victim Services Division. “This is especially important when engaging with victims of human trafficking as it is a very complex, traumatic crime.”  

Source: Federal Bureau of Investigation FBI Crime News

Source: Federal Bureau of Investigation FBI Crime News

Thank you, Cathy, for that kind introduction, and for the opportunity to be here with you all today.

As Cathy mentioned, our paths have crossed many times over the years, and I worked closely with her during my time at the Washington Field Office. I have incredible respect and admiration for Cathy – she’s extraordinary and the epitome of exceptional leadership. I am grateful to have worked with her and to call her a friend. Just recently in March, Cathy joined us at FBI Headquarters as a guest speaker for our celebration of Women’s History Month. We are grateful that she shared her story with people from across the Bureau. Each time I have the chance to see Cathy again, I am reminded of all that she did for this city as chief of the Metropolitan Police Department.

Cathy was always on-scene, leading from the front, visible, and constantly communicating with and reassuring the public during every incident and every major event. She was engaged, hands-on and everywhere all the time. In my mind, that’s what it takes to protect our communities. And all of the people in this room today know that well.

Protecting a gathering of thousands of people is a tall order on any day – but I would say, especially at a major event like a League game, with so many participants and spectators and so much at stake. So today, I’d like to talk briefly about what we’re up against – what we see as some of the most pressing threats to our national security — and how it all translates into security considerations for sporting event management and business operations. We’ve talked about these challenges before, but it’s more important than ever to stay focused and disciplined in our approach. I’ll touch on the growing cyber threat, the persistent threat of terrorist attacks, and, briefly, criminal threats to the integrity of sports.

I’ll start with the cyber threat. We’re increasingly concerned about the threat of cyber attacks against our country’s critical infrastructure, including the energy sector, emergency services, local government operations, and more. There’s a good reason for that. Over the past two years, the FBI has seen a wider-than-ever range of cyber actors threaten Americans’ safety, security, and confidence in this digitally connected world. Those cyber actors include cyber-criminal syndicates and nation states – and sometimes the two working in toxic combination. And they’re constantly developing new ways to compromise our networks and get the most reach and impact out of their nefarious operations.

We’re particularly focused on ransomware schemes. Not only have these schemes wreaked havoc on company operations and caused devastating financial losses, but they’ve targeted hospitals, 911 call centers, and even schools. And no one is immune from these attacks – including sports leagues, teams, and those of you who head up security for stadiums and teams around the country.

A cyber attack on this sector is an attack on our country’s economic security and on one of our favorite pastimes. And unfortunately, cyber actors have and continue to target sporting institutions and events. In 2018, six Russian nationals used malware called Olympic Destroyer to launch an attack against the opening ceremony of the 2018 PyeongChang Winter Olympics. They also used spear phishing campaigns and malicious mobile apps to target Olympic athletes, partners, and visitors – and International Olympic Committee officials. Those attacks were part of a larger campaign that included efforts to destabilize Ukraine and Georgia and interfere in France’s elections. Multiple FBI field offices were involved in the investigation, which culminated in indictments of six individuals in 2020. And earlier this year, we saw a professional sports team affected by ransomware. The same way we respond to all cyber incidents, we moved swiftly to provide indicators of compromise and helped mitigate the threat, all while working to safeguard the victim’s sensitive data.

We have the tools to investigate these malicious attacks, identify the perpetrators, and then impose risks and consequences on them. That’s part of our new cyber strategy, which you may have a sense of if you attended this conference last year and heard EAD Brian Turner speak. But it’s now such an integral part of how we operate that I want to give a bit more detail.

We’re using a full range of authorities as both an intelligence and a law enforcement agency, and working seamlessly with our domestic and international partners. Together, we’re working to defend networks, attribute malicious activity, sanction bad behavior, and take the fight to our adversaries overseas. The strategy centers on prevention and disruption – hitting hackers before they attack or before their intrusions can cause major harm. To dismantle them, we’re pursuing them on three fronts. First, we’re taking aim at the actors. Working with our partners, we identify who’s responsible for the most damaging schemes. And we take a broad view – everyone from administrators to affiliates to operators of services facilitating cybercrime. Second, we target their technical infrastructure. Seizing or disabling their servers, domains, botnets; disrupting their operations; raising their costs … all while gleaning valuable new intelligence on their activities. Third and finally, we’re going after their money. Knowing that virtual currencies are central to ransomware, we trace many transactions back to bad actors. Where we can, we’re also seizing the funds, or we’re shutting down illicit currency exchanges. We’re intent on making it harder and more painful for hackers to steal data and hold IT networks hostage. And while actors, infrastructure, and money are all important individually, we achieve the biggest impact when we disrupt all three together.

One of our most important resources in this fight is all of you – our partners in law enforcement and the private sector. We’re constantly looking to open new avenues to work together and ways to help if you do get hit with an attack. We’ve now set up Cyber Task Forces in all of our 56 FBI Field Offices across the nation – similar to the Joint Terrorism Task Forces you may be familiar with. So, if you reach out for help, you’re going to get a whole team with specialized expertise … and with jurisdiction to go after any cyber threat actor. That’s at every field office.

At the agency level, our Internet Crime Complaint Center established its Recovery Asset Team – which we just call “the RAT” – in 2018. Out of the top 50 U.S. banks by assets, the IC3 RAT has partnerships with 45, including all of the top 10 banks. Every year, the team culls through thousands of public complaints to help fraud victims recover hundreds of millions of dollars lost to cyber-crime. And more-and-more companies are coming to us for help. RAT addressed 32 percent more incidents in 2021 than 2020, with a solid record of being able to help. And between 2019 and 2021, the number of ransomware complaints reported to the FBI through the IC3 increased by 82 percent.

We’re also focused on sharing information through cybersecurity advisories. These advisories identify specific malware signatures; indicators of compromise; and tactics, techniques, and procedures. At the same time, we recommend that all of our partners take some steps to protect themselves.

First and foremost is to be extremely vigilant. You know your networks best, and chances are you’ll be the first to learn of a cyber attack conducted on your system. Second, we always recommend having a solid cyber incident response plan that includes instructions to call your local FBI field office if something happens. And third, we encourage you to review those cybersecurity advisories I mentioned, so that you’re working with the same information we have. Now more than ever, it’s critical that we keep our information flowing, fortify our networks, and stay on guard.

Next I want to talk about the threat with the potential to do the most physical, real-world damage, with potentially tragic consequences, and that’s terrorism. We’ve been briefing on the terrorist threat for the past 20 plus years, and there is no doubt we must remain vigilant on it. To be sure, by putting so much of our authority and resources behind the terrorism fight, we’ve made it really hard for international terrorist organizations to plan intricate, complex physical attacks. That doesn’t mean that kind of threat is gone. ISIS and al-Qaeda are still committed to attacking the U.S. and the West. They regularly put out calls for lone actor attacks. And the greatest terrorist threat we face is posed by those lone actors, or small, isolated cells.

We refer to those as homegrown violent extremists, and they typically radicalize online – inspired by some terrorist organization. But because they aren’t talking back and forth, coordinating with someone overseas, there’s no communications to intercept and no group to infiltrate. And as they’ve increasingly favored using guns, knives, and cars against soft targets, that limits the opportunities to see attacks coming. So, this is a really hard problem. And its scope is massive. We currently have about 1,000 homegrown violent extremist cases open, spanning all 50 states and all 56 FBI field offices. And then, separate from the homegrown violent extremists who are inspired by global jihad, we’re also concerned about what we call domestic violent extremists, who are motivated by issues happening at home.

Over the past few years, we’ve elevated two of the sub-groups within the domestic violent extremist category to be National Level Priorities – the same level as ISIS and Homegrown Violent Extremism. Those are the racially or ethnically motivated violent extremists – particularly those advocating for the superiority of the white race. And the anti-government anti-authority violent extremists, which includes militia violent extremists (anarchist violent extremists) and sovereign citizen violent extremists. The FBI currently has more than 2,700 domestic terrorism investigations ongoing. No matter which category the attackers fall into, they are eager to exploit security vulnerabilities in spaces with high attendance and a lot of media attention – like sporting events and music venues – to hurt as many people as possible. That’s where the attacks can have the greatest impact, in their view.

So, how do we address this? Just like with cyber, we at the FBI believe we have the best chance of thwarting these attacks when we effectively share intelligence and leverage our partnerships. We need a clear picture of what’s happening in communities across the country. And our partners, for example in the Joint Terrorism Task Forces, which some of you here may be part of – help us get there. The task force model allows us to share information quickly, surge resources where they’re most needed, and collaborate with our partners most effectively.

We’re also keeping companies and law enforcement agencies up to date with partner calls, situational reports, and intelligence products. On top of that, we’re working collaboratively with community groups to provide training on preventive measures. In so many cases, family members, peers, and associates are the best positioned to detect hints that someone they know may be considering violent action. So, a huge line of effort for the FBI is educating companies and the public on how to detect extremist conduct – in person and online. These are all avenues through which we share threat information and strategies to combat those threats.

Information is crucial, because when targets are unknown, soft targets are at highest risk. Of course, the information flow and coordination don’t stop at our borders: The FBI has 63 legal attaché offices around the world. So as the NFL holds more events overseas, we hope to partner with you there as well. In short, we firmly believe that each organization brings its unique abilities to the table, but it requires tremendous teamwork and cooperation to pull everything together into a unified whole.

I also want to briefly mention a program we’ve had in place for a number of years now, and that’s our Integrity in Sport and Gaming Initiative. You’ll hear about ISG from our Criminal Investigative Division later today, so I don’t want to steal the spotlight from that team. They’ll cover what the FBI is doing to combat threats of influence from organized crime groups and other criminal actors targeting leagues, athletes, coaches, referees, and others.

The main point I want to make right now is that behind this initiative, there’s a great deal of passion – not just for investigating sports crimes, but for the sports themselves. At the heart of our efforts is a recognition that sports hold a special place in our country and with the American people, and we’d hate to see the country’s most popular sport get undermined. So even though the ISG grew out of our Transnational Organized Crime program, one of the main tenets of the initiative is to preserve the integrity of our sporting institutions and to provide support. And we’re determined in our pursuit of those who prey on sport for profit.

Earlier I talked about the importance of intelligence, and I must say it’s great to see that our private sector partners like the NFL are on the same page with us about that. In fact, it looks like you’ll soon be hearing from Robert Gummer. Before he became the NFL’s director of intel operations, Rob was one of the FBI’s senior national intelligence officers. They make up sort of a brain trust at the Bureau. If there’s anyone who knows the importance of intelligence – that the common connection for countering these threats is understanding them, sharing information, and working with partners to disrupt threats before harm occurs – it’s Rob.

I do appreciate the opportunity to meet with you today, and I hope the partnership between the Bureau and the League will continue to be a strong one. With the NFL season schedule set to be released tomorrow, tens of thousands of Americans will start making plans to attend the games. Millions will be getting excited to watch on TV or online. So the stakes are high, as they’ve always been. And we all want the same thing – to make sure every game goes off without a hitch. To keep fans safe.

I want to thank you for choosing and devoting yourselves to the important work of protecting the American people. And I want to assure you that the FBI will continue to work ever more closely with you as the threats continue to evolve. It’s a privilege to join you here. Stay well and be safe. Thank you.

Source: Federal Bureau of Investigation FBI Crime News

Remarks prepared for delivery.

Introduction  

Thank you, Mark, for that introduction. Good afternoon, everyone. Glad to be back here in person speaking to all of you. Conferences like these give us a chance to step away from our day-to-day challenges and gain some perspective on the issues we’re all facing in law enforcement.

They also give us the opportunity to hear directly from you what you’re seeing and experiencing in your states, and what we at the FBI can do to help.

We also hope to find ways to make our partnerships even stronger. Today I’d like to talk about what we’re up against—what some of the most pressing threats are to our national security and to law enforcement.

That includes our priorities—the counterterrorist threat, threats through cyberspace, from foreign intelligence, and in the form of violent crime, including violence against law enforcement.

FBI Priorities

Our number one priority at the FBI remains preventing terrorist attacks.

We still face threats from al-Qaida and other foreign terrorist groups that want to carry out large-scale attacks in the U.S. and around the world, but today, the greatest terrorist threat we face is from lone actors. These include homegrown violent extremists, who are inspired by foreign terror groups and ideologies, and domestic violent extremists.

Far too often, we’re seeing people resort to violence to advance their ideological, political, or social goals.

That’s why the FBI has significantly surged resources to our increasing number of domestic terrorism investigations.

Another one of our top priorities is, of course, the cyber threat. It’s taking an ever-increasing amount of our attention and energy. Today’s cyber threats are more pervasive, hit a wider variety of victims, and carry the potential for greater damage than ever before, which is why the cyber threat will stay near the top of our list, as long as nation-states and cybercriminal syndicates keep innovating. 

They’re constantly developing new ways to compromise our networks and get the most reach and impact out of their operations. We’re laser-focused on ransomware schemes—particularly those targeting our nation’s critical infrastructure.

Not only have these schemes wreaked havoc on company operations and caused devastating financial losses, but they’ve also crippled hospital systems, targeted the energy sector, threatened emergency services, shut down local government operations, and more. 

Even law enforcement data isn’t immune from this threat, as we’ve seen ransomware attacks on police departments from California to Washington, D.C.

But that’s not all we’re up against.

We’re also facing persistent counterintelligence threats from formidable adversaries like North Korea, Russia, and Iran. 

However, the greatest long-term counterintel threat, not only to our information and intellectual property, but also to our economic vitality and, ultimately, our national security—comes from China. 

We’ve got around 2,000 active China CI cases across the Bureau, about a 1,300% increase over where we were a decade ago.

Violent Crime

So those are some of our top priorities at the FBI, but a topic that remains top of mind for us and all of you these days is of course violent crime.

In too many communities, we’re seeing a disturbing uptick in homicides and violent assaults. Our 2020 detailed crime data—which we released late last year—illustrates this.

Overall violent crime in the United States, which includes not only murder but also assault, robbery, and rape, rose by more than 5%. I want to put that in perspective, because it’s hard to visualize what 5% actually means.

It means in 2020, there were 67,000 more violent crime offenses than there were in 2019. And homicides jumped nearly 30% in 2020, the largest single-year increase in more than 50 years.

You all know what’s driving the violent crime in your states.

Whether it’s a community where a disproportionate amount of gun violence takes place or rival gangs wreaking havoc in a particular region or a handful of well-known trigger pullers who keep finding their way back to the streets, no matter how many times they’re arrested, at the FBI, we want to be your integral partner in the fight against violent crime.

This is why we’re sharing information, working strategically with our state, local, and tribal law enforcement partners, and prosecuting the right cases in federal court. Our primary model for fighting violent crime remains our task forces.

Throughout the U.S., we have more than 50 violent crimes task forces; 175 Safe Streets gang task forces, with nearly 2,000 TFOs; 22 Safe Trails Task Forces, which are working to reduce Indian Country crime; and more than 100 Transnational Organized Crime Task Forces, with 600 members.

For some of the cities hit hardest by the recent surge, we’re boosting those efforts by temporarily surging resources to our field offices. These investigative, analytical, and technical resources embed with FBI personnel and support existing initiatives with our law enforcement partners for an immediate, measurable impact against violent crime.

Depending on where they are, the teams might focus on helping to get violent gun offenders off the streets, targeting commercial robbery crews, or taking aim at drug-trafficking gangs and criminal enterprises.

To date we have surged resources to six offices—Buffalo, Milwaukee, Louisville, Memphis, San Juan, and a current deployment in San Francisco. And collectively, these deployments have yielded nearly 150 arrests and the seizure of over 70 firearms from violent criminals.

And we’re seeing promising trends. In Milwaukee, homicides went down 17%, and non-fatal shootings fell by 28% during the resource surge.

And in Buffalo, there was a 50% decrease in homicides during the deployment. Buffalo is a good example of what we can accomplish when we gather intelligence across jurisdictions, surge resources, and build large enterprise investigations.

Buffalo had approached all-time highs in shootings and homicides over the past several years. By taking a hard look at what was driving that increase, we identified a couple of local gangs that were responsible for a number of murders.

We worked with our partners to build the case, and last fall, the 13th member of that gang was sentenced to life in prison after he was convicted on two counts of murder in aid of racketeering.

We work shoulder-to-shoulder with our state and local partners in investigations like that across the country every day.

Just last year, our Safe Streets Task Forces made more than 20,000 arrests, seized more than 8,000 firearms, and dismantled over 200 gangs and criminal organizations.

These kinds of joint investigations we can all be proud of, agents and task force officers working with our partners to make communities safer.

I want to especially thank ASCIA’s member agencies for sending your best and brightest investigators and intel analysts to our task forces and for helping to ensure information flows both ways through fusion centers.

By doing this, you’re helping your local partners combat this ongoing wave of violence in so many areas of our country.

We’re going to continue surging resources, and we’ll keep assessing where our support will most help our partners to continue cracking down on violent criminals.

It means going after the most violent offenders, making good use of intelligence about what’s fueling crime, and working together across agencies and departments to drive results.

Our goal is to help make a lasting impact, so our communities are safer places to live and work.

Threats to Law Enforcement

We need those communities to not only be safer places for our citizens to live and work, but also for the men and women whose job it is to protect those citizens.

That brings me to a topic that’s of paramount importance to me, and I know it is to you, too, threats to law enforcement.

Last year, 73 law enforcement officers were feloniously killed on the job—the highest single-year number since 9/11.

And that doesn’t even count those we lost to COVID or in accidental deaths, those killed while they weren’t on duty, or the scores of officers who were injured but thankfully survived.

Especially troubling is that a record number of those officers killed—nearly half—had no engagement with their assailant before the attack.

They were ambushed while sitting in their vehicles, attacked while on patrol, or lured out into the open and killed.

And so far in 2022, 16 more officers have been murdered in the line of duty.

One of those was Officer Drew Barr, from Mark Keel’s home state of South Carolina. Officer Barr was shot and killed while responding to a domestic disturbance just over a week ago.

At a news conference later that day, Cayce Police Chief Chris Cowan said Officer Barr was “married to this profession. He cared about nothing else other than serving his community. He was shot and killed this morning for no reason….It was inexcusable.”

Like Officer Barr, each one of the officers we’ve lost got up one morning, picked up their badge, not knowing whether they’d make it home that night.

They did their jobs despite all the hardships they’ve faced in these especially difficult past few years because they were devoted to protecting their fellow Americans, both friends and strangers alike, devoted to serving their communities.

The loss of any agent or officer is heartbreaking for their families, for their agencies, and for the communities they serve. It’s why working together, to fight the scores of threats we collectively face, is so important.

Keeping our people safe is our highest priority, and I know you feel the same. Getting the most violent offenders off our streets will go a long way toward that, and so will making sure folks have the training and equipment they need to do the job safely.

Because law enforcement is dangerous enough; wearing a badge shouldn’t make someone a target.

We need good people to continue to answer the call to make law enforcement their career.

Of course, if we’re going to be able to recruit and retain the special kind of person willing to put his or her life on the line to protect others, we need to show them that we appreciate their sacrifices, that we have their backs.

I’ll keep doing my best to sound the alarm, and I’d ask for your help in raising awareness on the issue, too.

Data Collection Programs

To know how to effectively address violent crime or threats to law enforcement, we need to understand the trends. We need concrete information and transparency into what’s really going on in our communities—accurate, objective data. We need the facts.

The great news is now that we’ve transitioned to the National Incident-Based Reporting System, or NIBRS, the FBI can provide more detailed and comprehensive crime data.

NIBRS-only reporting has been up and running for over a year, and we’ve got nearly 12,000 law enforcement agencies (63%) reporting their data. I want to thank everyone who’s participating, but we can do better.

If you aren’t contributing NIBRS-certified data yet, I strongly encourage you to do so. We know it can be a challenge, but we’re here to help you.

The Bureau’s investing—and is going to continue investing—in training and tools to help you make the transition to NIBRS.

If you have questions or need help getting us your data, please contact our team at ucr@fbi.gov.

Without it, we can’t get an accurate nationwide picture of things like hate crimes or assaults on law enforcement officers

If you aren’t NIBRS-certified, you can’t contribute that kind of data. And we need your information so our agencies, and the public we serve, can understand the issues we’re facing and make the best possible decisions.

The same goes for our National Use-of-Force Data Collection, also a top priority for us, and I know it is for ASCIA as well.

Our goal there is not to offer insight into single incidents; it’s to provide a comprehensive view of the circumstances, subjects, and officers involved in use-of-force incidents nationwide.

I’m happy to report that we hit our participation threshold last month. We’ve now got over 60% of law enforcement agencies contributing data.

That means in the very near future, we’ll be able to release our first statistics on the use of force, things like the top types of force used and resistance encountered, as well as the overall percentages we’re seeing for different incidents and reasons for initial contact.

Once we get to the 80% mark, we’ll be able to share even more data and insight into use-of-force incidents. We can give the public the necessary facts, and, I believe, strengthen our nation’s confidence in law enforcement.

As we all know, if we don’t provide the data and the context, others out there might try to paint a very different picture, using their own information and their own context or spin.

It all depends on the data our law enforcement agencies provide. I know I’m speaking to the choir here; many of ASCIA’s member agencies are already submitting use-of-force data.

We’ve got to continue to encourage our local law enforcement partner, our city and county departments, to submit their use-of-force statistics.

Another program I want to tell you about today is a new one, and it’s one that’s hard to talk about. This year, we started collecting data on law enforcement suicides and attempted suicides. That includes not just the location of these tragedies and the manner of death, but also things like biographical information, employment history, and any triggers, issues, or out-of-the-ordinary behaviors or actions agencies might have seen.

You can access this data collection through the Law Enforcement Enterprise Portal, or LEEP.

We need to be able to take care of our people, and we can’t do that properly without greater insight into what’s really happening out there.

I firmly believe these data collections are going to be vital for all of us as we continue making the physical and mental health of our people a priority.

Conclusion

Those are just a few thoughts on our current priorities and challenges. Times like these call for both strong partnerships and innovation.

At the FBI, we’re committed to both, and I know ASCIA is, too. After all, your organization was founded more than 40 years ago to improve communication, share ideas, and build relationships among public safety agencies.

We need to stay tightly connected, now more than ever, so I hope you’ll continue to work with us, including on our many task forces.

And we want to continue to help you in whatever way we can.

Thank you for your service, for your support, and for your partnership with us, and thank you for giving me the opportunity to join you today.

Source: Federal Bureau of Investigation FBI Crime News

Counterintelligence Threats

First, I’d like to talk for a moment about the threats we’re facing today, and I’ll start with one that’s at the top of the Bureau’s list of concerns and should be at the top of every U.S. company’s list, too.

That’s the counterintelligence threat posed by China. When we tally up what we see in our cases, nothing presents a broader, more severe threat to our ideas, our innovation, and our economic security than the People’s Republic of China.

The PRC is leading a generational fight for China to surpass the U.S. as a global superpower, and it’s pursuing those goals with little regard for international norms and laws and certainly not through fair and lawful competition.

Instead, the Chinese government has shown its willingness to steal its way up the ladder. In fact, the scale of China’s theft of U.S. innovation is unprecedented. And as a result, U.S. companies are facing a greater, more complex danger than they’ve ever faced before.

Because stolen innovation is not just the theft of one idea—it means stolen jobs, stolen opportunities for American workers, stolen national power, and stolen leadership in the industries China seeks to dominate in the decades to come.

That’s why investigating and preventing economic espionage and illicit technology transfer to the Chinese state is a top priority for the FBI.

Let me give you some context for this threat. The FBI has 56 field offices across the country.

Every single one has cases on the Chinese government’s attempts to steal U.S.-based information and technology, and those investigations tell us a lot about the tools and tactics the Chinese government uses to steal what it wants from unwitting companies.

These tactics range from the use of intelligence officers, to hackers, to front companies, to seemingly benign joint ventures or research partnerships to recruiting employees who use their legitimate access to steal corporate secrets, what we all refer to as “insider threats.”

Now later today, you’ll hear from Rachel Rojas, who heads up the Bureau’s Insider Threat Office, and others from both the USIC and the private sector who work in this field, in what promises to be a great panel discussion about establishing and running an insider threat program within your own organizations.

But I’d be remiss if I didn’t take a couple minutes to highlight the significant role insiders play when it comes to the Chinese government’s theft of American information and innovation.

So, I want to tell you a little bit about the case of Shan Shi. He was sentenced to federal prison in 2020 for stealing trade secrets from a company in Texas regarding a technology called syntactic foam. It’s export-controlled because it’s got important military applications–it allows submarines to evade detection underwater.

In that way, it helps make up the foundation of our naval power–and it’s also part of a multibillion-dollar oil and gas industry. Most important, it’s a technology China’s government agencies and state-owned enterprises hadn’t been able to manufacture themselves.

So here’s what they did instead. They gave Shi three million dollars to incorporate a company in Houston and get what they needed to make syntactic foam in China. But first he needed the technology, so he targeted the American victim company’s employees on social media.

Shi used cash incentives and cushy job offers to entice two former employees, two former insiders, to help with this effort in exchange for the company’s trade secrets and technical data.

Once he had the information, Shi sent it to China, where they started manufacturing a key component of syntactic foam.

Now, and here’s one of the more galling and egregious aspects of the scheme. Shi and his co-conspirators actually patented in China the very manufacturing process they’d stolen from the American company, and the Chinese government actively helped them do it.

Then, Shi contacted the victim company and offered it a joint venture using its own stolen technology. His business plan?

Gain the company’s cooperation—and then put it out of business and take over the market. We’re talking about an American company that spent years and millions of dollars developing a technology.

The Chinese government couldn’t replicate it. So instead, it paid to have it stolen. Fortunately, this story has a happy ending.

Although the FBI’s investigation started after the trade secrets were stolen, we were able to move quickly and prevent more damage. Eager to secure his employees’ jobs and keep a critical technology out of the Chinese government’s hands, the victim company’s CEO fully cooperated with the Bureau.

Indictments and arrests soon followed, and we disrupted a planned purchase of millions of dollars’ worth of manufacturing equipment destined for China.

Ultimately, four defendants—including the two insiders—pleaded guilty. Shi was convicted at trial and the Chinese government’s attempts to dominate that particular industry were thwarted.

Cyber Threats

But of course, economic espionage isn’t the only threat American companies are facing. The broader cyber threat ranks right up there, too. And it’ll stay near the top of our list as long as nation-states and cybercriminal syndicates keep innovating.

They’re constantly developing new ways to compromise our networks and get the most reach and impact out of their operations. As a result, today’s cyber threats are more pervasive, hit a wider variety of victims, and carry the potential for greater damage than ever before.

At the Bureau, that translates to the literally hundreds of national security and criminal cyber threats we’re tracking and countering, around the clock. We’re most concerned about possible cyberattacks against our nation’s critical infrastructure that could wreak havoc in our everyday lives.

A big portion of critical infrastructure attacks today come from ransomware groups. Last year alone, we saw ransomware incidents against 14 of the 16 U.S. critical infrastructure sectors.

Not only have they wreaked havoc on company operations and caused devastating financial losses. But we’ve also seen them compromise networks for oil and gas pipelines, healthcare systems, grade schools, 9-1-1 call centers, and local governments.

They cause real-world harm, threatening our national security, economic vitality, and public health and safety. And the monetary losses associated with ransomware are striking.

In 2020, victims paid an estimated $350 million in ransom—an increase of more than 300% over 2019—with the average payment at more than $300,000. And those ransom amounts often pale in comparison to the massive costs associated with business disruption and remediation.   

In total, between 2019 and 2021, the number of ransomware complaints reported to the FBI increased by 82%.

As harmful as attacks are when conducted by criminal actors, though, targeting of vital networks is in some ways even more dangerous when it’s done by nation-states.

Their efforts may look the same as a criminal attack at first. For example, if they’re using ransomware, you see a notice that your data is encrypted. But when a nation-state is responsible, there may not be a decryption key available—at any price.

Last June, hackers sponsored by the Iranian government prepared to launch a ransomware attack against a U.S. children’s hospital. Let me repeat that: a children’s hospital.

And in 2017, the Russian military used purported ransomware called NotPetya to hit Ukrainian critical infrastructure.

It was supposed to look like a ransomware heist, but it was actually designed to destroy systems. They targeted Ukraine, but ended up also hitting systems here, throughout Europe, and elsewhere.

That attack ended up causing more than 10 billion dollars in damages—one of the most damaging in the history of cyberattacks—and went global before anyone knew to do anything.

Just last month, we disrupted a global botnet of thousands of infected network hardware devices under the control of Russian military intelligence hackers. With the ongoing conflict raging in Ukraine, we’re particularly focused on the destructive cyber threat posed by the Russian intelligence services and the cybercriminal groups they protect and support.

But we’ve also got to keep a close eye on other nations with a history of threatening us in cyberspace, which brings me back to China.

In March 2021, Microsoft—a valuable DSAC partner–and other U.S. tech and cybersecurity companies disclosed some previously unknown vulnerabilities targeting Microsoft Exchange Server software. They warned the public that cyber actors were exploiting those vulnerabilities to illegally access email servers.

The hackers were operating out of China. Through our private sector partnerships, we identified the vulnerable machines. And learned the hackers had implanted webshells, malicious code that created a backdoor and gave them continued remote access to the victims’ networks.

So we pushed out a joint advisory with CISA to give network defenders the technical information they needed to disrupt the threat and eliminate those backdoors. But some system owners weren’t able to remove the webshells themselves, which meant their networks remained vulnerable.

So we executed a surgical, court-authorized operation, copying and removing the harmful code from hundreds of vulnerable computers. Those backdoors the hackers had propped open?

We slammed them shut, so the cyber actors could no longer use them to access victim networks. Our work wouldn’t have been successful without the strong partnerships we have with the private sector.

And those partnerships also enabled the U.S. to join our allies last July in publicly attributing the Microsoft Exchange compromise to China’s Ministry of State Security. And that’s just one example, out of many, where we’ve shown the U.S. business community that when it comes to cyber investigations.

One, we’re here to help. Two, building relationships with us ahead of time can go a long way in protecting your information, technology, and innovation. And three, there’s actually quite a bit we can do even after the fact to recover what’s been stolen or to mitigate the damage—if you come to us early.

Bottom line, whether you’re in the midst of a cyber problem or you’re preparing for one, we’re here for you.

Importance of Partnerships

It’s clear we’re up against some awfully serious threats to our economic and national security. And it’s equally clear that if we’re to continue combating those threats successfully, we’ve got to maintain and strengthen our partnerships with you.

We know we need to keep a meaningful dialogue going, and continue building trust throughout the private sector.

One of our most important partnership efforts is this one—DSAC—and for 17 years, it has served an absolutely critical role in keeping Americans safe.

What started as a few CSOs meeting with the FBI and State Department.

Has grown into a powerful organization representing more than 600 U.S. companies and millions of employees, at least 50 unique industries and nearly every critical sector.

Today, through our DSAC portal, we’re sharing important security information, intelligence products, event notifications, and training resources.

And when a critical incident occurs or an emerging threat surfaces, we’re providing you with as much detail as we can—in the immediate aftermath and in the days and weeks that follow.

You, in turn, are sharing with us your insight, knowledge, and expertise about the threats affecting you.

Combining our intelligence with what you’re seeing, making all of us stronger.

I can’t overstate how proud I am of this organization’s success, nor how grateful I am to DHS, our partners in developing DSAC for the past 14 years, for helping to make it possible.

Still, that doesn’t mean there isn’t room for improvement. That’s why, this past December, our Office of Private Sector held a day-long strategy session with DSAC’s Expanded Executive Working Group.

It was a day of candid conversation about what we’re doing right that’s most helpful to you—and what we can do better, too.

The group provided a lot of valuable feedback on ways to improve our DSAC community, and we took that feedback to heart.

We’ve used it put together short- and long-term strategies to guide DSAC, emphasizing four strategic pillars: people, partnerships, capabilities, and innovation.

And before I close, I’d like to share a little about those pillars and why we believe they’re so important.

First among our four pillars is people. Sure, DSAC’s a success today, but to ensure that success tomorrow and into the future—well after we’ve all retired—we need to increase diversity among our members and leaders.

And by that I mean both diversity in terms of the sectors and industries DSAC represents, as well as in the demographics of our members.

That’s the only way we can make sure we’re bringing the right mix of perspectives to the table.

The second of our strategic pillars is partnerships. And I hope I’ve made clear today—and many times over the years—partnerships are this organization’s bedrock.

We all need each other, and we all have a lot to gain from a strong partnership. When we can combine what we see with what you see, when we work together.

Our two plus your two equals more than four—five, or six, or seven. So an important part of our strategy involves a focus on those partnerships.

On making sure you, as DSAC members, have the information and relationships you need for successful security collaboration.

Third among our pillars is capabilities. What we need to have so we can effectively do our jobs—keeping companies, and people, safe.

To inform our decision making, it’s important that we’re all making the best use of the analytic tools we’ve got. That we’re offering the best training and resources to keep our members at the top of their game.

And that we’re investing in DSAC’s working groups so we can continue improving the way all of us work together.

Our final pillar is innovation. In the private sector, you’re no strangers to the pressure of finding new ways to be more efficient, more agile, and more resilient. And in government, we’re always working to stay a step ahead, too.

DSAC should be no different. We need to be working constantly to update our technology, so we can communicate and share information more effectively. And we’ve got to find new ways to increase collaboration across the private sector.

So while we should be proud that we’ve come a long way since those days of informal meetings with a handful of CSOs, we definitely aren’t resting on our laurels, and we know we’ll continue to have our work cut out for us.

Conclusion

Today, I’ve described the pretty daunting threats we’re facing to our economic and national security.

But I hope I’ve also demonstrated that we’re depending on you, our private sector partners, to help us keep Americans safe, to help us keep U.S. businesses and jobs safe, and to help us keep American information, technology, and innovation safe.

Because while that responsibility may be a daunting one, our adversaries are no match for what we can accomplish when we work together.

So, thank you for the work you’ve done with us as members of DSAC. I look forward to our continued partnership

I know next you’re going to hear from Secret Service Director Murray, and I’m sure he’ll have some excellent thoughts on how to strengthen partnerships as well.