Department of Justice Issues First Report of Cyber-Digital Task Force

Last week, the Department of Justice (DOJ) issued the first report of its Cyber-Digital Task Force. The Task Force, which is comprised of several long-time DOJ officials, was tasked with distilling how the DOJ responds to cyber threats, and how it can more effectively accomplish its mission in this rapidly evolving area. This initial report addresses current DOJ policies and priorities and sets the stage for forward-looking recommendations.

The report was designed to serve two functions – to stimulate an outward public discussion of cyber threats and protective measures, and an inward DOJ analysis of how it will adapt to this dynamic mission. The report reiterates DOJ’s mission to enforce the law, to ensure public safety, and to seek just punishment, and recognizes that other stakeholders, like the Department of Homeland Security and the private sector, have complementary cybersecurity missions.

The full report, found here, contains important insights for industry and legal practitioners. The report signals where DOJ resources will be spent, what its priorities will be, and what enforcement and regulatory initiatives may impact existing business models. Most significantly, we should expect more resources and initiatives devoted to detecting, disrupting and deterring cybercrime, and additional outreach efforts designed to identify strategic vulnerabilities and to improve information sharing. Looking forward, this additional scrutiny and engagement, and particularly the notification and information sharing expectations with the private sector, may bring additional business and legal challenges.

In addition to being a useful education resource on cybercrime and cyber-investigation, the report includes new details in the following areas: 

• The report discusses the threat of malign foreign influence operations on U.S. elections and describes steps that the government is taking to prevent interference, notably for the upcoming 2018 elections.
• It explains that DOJ will actively use all of its tools to combat foreign interference attempts, including law enforcement, sanctions, diplomatic and intelligence efforts, information-sharing with state and local officials and political organizations, and its growing strategic relationships with social media providers, among others.
• It places a new emphasis on public awareness campaigns and messaging related to cyber-vulnerabilities and cyber-targeting.
• It articulates the new DOJ policy to investigate, disrupt and prosecute foreign influence operations, and to disclose such attempts, where feasible.
• It lays out DOJ’s expectations for handling cryptocurrency when it is involved in cyber-extortion, money laundering, tax evasion or other criminal operations.
• The report explains DOJ’s intention to build on cross-border law enforcement cooperation from third party internet service providers and law enforcement, particularly in light of the CLOUD Act and challenges arising from the European Union’s General Data Protection Regulation (GDPR).
• It explains that DOJ, including specifically the FBI, will enhance its relationships with important private sector entities, such as the computer security research community, social media providers, healthcare and energy sector companies, and other critical infrastructure operators. The report reiterates DOJ’s encouragement to report cyber-incidents and explains how the DOJ can assist. 
• It signals that DOJ is especially concerned with cyber-related vulnerability with foreign investment and supply chains. This could translate to increased Foreign Corrupt Practices Act (FCPA) and Committee on Foreign Investment in the United States (CFIUS) scrutiny in the context of business partner cybersecurity.
• It makes a renewed push for DOJ to work with the private sector to find a solution to the “going dark” problem — that is, the inability for law enforcement to get technical access to certain data because of strong end-to-end encryption.

At least one future report is expected to address the forward-looking initiatives.