Assistant Attorney General Leslie R. Caldwell Speaks at Duke University School of Law

Good afternoon, and thank you, for that kind introduction.  I returned to the Justice Department five months ago after 10 years away and am very pleased to be back.  I have been fortunate in my career to work on diverse and exciting legal issues both for the government and in private practice.  But, there is no place like the Justice Department, which provides the unique opportunity to focus on cutting edge legal issues with dedicated professionals who believe in the mission of pursuing justice. 

As the Assistant Attorney General for the Justice Department’s Criminal Division, I lead a team of nearly 600 lawyers who enforce the nation’s federal criminal laws.

The Criminal Division handles a wide variety of federal criminal matters, including fraud, public corruption, cybercrime, child exploitation, transnational organized crime, international drug trafficking, human rights issues, and criminal appeals.  We also work on capacity building in the justice sector in countries throughout the world.

While the 94 U.S. Attorneys’ Offices around the country target the crime and criminals affecting their regional geographic districts, at the Criminal Division, we focus our efforts – often in partnership with Assistant U.S. Attorneys around the country – on issues that affect the nation as a whole.  As a result of this national focus, we find that we are increasingly drawn into international investigations, sometimes involving many different countries.

Today, I would like to talk with you about the enforcement of our nation’s federal criminal laws in the 21^st Century, and how the Justice Department constantly is adapting its approach to new challenges presented by the global economy and expansion of crime beyond national borders

When I first worked in the Justice Department in Brooklyn, the idea of “foreign” was New Jersey or, even more exotic, Washington, D.C.  The Criminal Division now has prosecutors stationed in at least 45 countries around the globe.  We also have cases stemming from criminal conduct on every populated continent.

This increasingly global reach is driven by a variety of factors.  Two primary causes are, first, the global expansion of U.S. companies and growing interdependency of our economy and those of nations around the world and, second, the worldwide use of the Internet. 

As U.S. businesses expand beyond our borders, so must the Justice Department, or a growing portion of our economy will be left exposed to the potential for fraud, corruption, and abuse.  Likewise, the rise of the Internet has allowed foreign criminals easy access to domestic victims without ever having to enter the United States. 

All facets of the criminal underworld now rely on the Internet, for crimes ranging from computer hacking and data theft, to extortion, to online child exploitation.  The Internet has turned what were once localized criminal elements into global criminal enterprises.     

Since nearly all criminal cases have international implications, investigating these cases requires the Justice Department to embrace technology, cooperate with foreign partners, and understand and navigate foreign laws, many of which are very different from our own.  I would like to illustrate these themes, and the Justice Department’s ability to adapt to this changing landscape with a few recent cases and initiatives.

There is perhaps no better example of the global nature of the criminal threat we face than the area of cybercrime.  Cybercriminals use increased computing power, the global availability of high-speed Internet, the spread of virtual currencies, and technologies such as encryption and anonymizing software to steal financial information, personal health data, and other things that we all expect would remain private. 

Rather than rob a single bank, with all the risk of violence and capture, a hacker sitting in his basement can rob the equivalent of thousands of banks in a few minutes, with a keystroke rather than a gun. 

And cybercrime is increasingly international.  Hackers steal personal information located in one country; they remove the data to servers in another country; and they count their profits in a third.  And the evidence needed to identify and apprehend these criminals is located around the world. 

Just as sophisticated cybercriminals take advantage of weaknesses in companies’ network security, they also knowingly take advantage of international borders and differences in legal systems, hoping – often with very good reason – that our investigators will not be able to identify them, or to obtain evidence from abroad, or that their home countries will never extradite them to face justice in the United States. 

Because transnational criminals act across borders, we must coordinate and reach across our borders as well.  To fight transnational crime, we must be innovative, move quickly, and work together.  

One successful example of cross-border cooperation is our combat against the cyber-threat posed by “botnets.”  Botnets are networks of compromised computers that are controlled by criminals.  They are commonly used to steal banking credentials, credit card numbers, and other financial information; to send spam email messages for criminal purposes; and to unleash distributed denial-of-service attacks, deluging an Internet site with junk data and knocking it offline.

Earlier this year, we struck a significant blow in the fight against botnets.  Together with law enforcement from Canada, France, Italy, Japan, Luxembourg, Germany, New Zealand, the Netherlands, Ukraine, and the United Kingdom, the FBI and prosecutors from the Justice Department took down the botnet named Gameover Zeus, which was widely regarded as the most sophisticated criminal botnet in existence. 

Gameover Zeus infected victim computers with malware including keylogging software.  Victims trying to access their online banking websites were tricked into entering login credentials and other personal information, which the botnet then intercepted and sent to the criminals. 

With the click of a mouse, the botmasters used this stolen information to rob small businesses, hospitals, and other victims, transferring funds from victim accounts to their own accounts.  In the two years before we shut it down in May, Gameover Zeus infected between 500,000 and one million computers, and caused more than $100 million in financial losses, and those are just the losses we have identified so far.

Gameover Zeus was also used to install Cryptolocker – a type of malware known as “ransomware” – on infected computers.  Cryptolocker enabled cybercriminals to encrypt files on the infected computers.  Victims then saw a splash screen on their computer monitors, telling them that their files were encrypted and that they had three days to pay a ransom if they wanted to receive the decryption key. 

The victims found themselves confronted with the loss of critical data, such as essential business records or family photographs.  In the short period between its emergence in mid-to-late 2013 and our disruption action in May 2014, Cryptolocker infected more than 250,000 computers worldwide.  Many victims – including an American police department – simply paid the ransom.  Other businesses refused to pay and lost their data.

Thanks to carefully choreographed international law enforcement coordination, we were able to dismantle both schemes.  The FBI and its foreign counterparts, assisted by private sector partners, worked from joint command posts in the United States and at the new European Cybercrime Centre in The Hague.  We applied to a court for a civil injunction against ongoing fraud, and also for authority to establish a server that re-directed commands from the criminals’ computers to a server under the FBI’s control.  Over the course of the next several days, the FBI and other cybercrime experts literally engaged in the cyber equivalent of hand-to-hand combat with the operators of the botnet. 

Ultimately, this international investigation and operation crippled the botnet and stopped the ransomware from functioning.  And we charged the operators of the botnet with a series of federal crimes.  The FBI also was able to identify victims and, again working with foreign governments and private-sector partners, facilitate the removal of malware from many victim computers.

The Gameover Zeus case illustrates the state of criminal law enforcement today:  cooperation between law enforcement authorities around the globe against a sophisticated criminal organization affecting victims worldwide, and use of cutting edge technology to stay one step ahead of the criminals. 

Despite this success story, we are encountering obstacles with emerging encryption and anonymization software, and even some erected by the private partners with whom we often work to combat cyber-threats. 

On the encryption and anonymization front, Tor (formerly an acronym for The Onion Router) is becoming increasingly popular amongst criminals of all stripes that are trying to hide their criminal activity from law enforcement.  Without going into the technical details, Tor enables users to encrypt and route their incoming and outgoing Internet traffic through a random set of servers that may be located anywhere in the world, making it difficult or impossible to determine where the users are located. 

Like many technologies, Tor was originally created for good – enabling freedom of speech in places ruled by oppressive regimes – but it is an increasingly popular tool in the criminal underworld.  As law enforcement and others work to peel apart the onion, we are finding a wide range of criminal activity, including botnets, illegal drug and gun trafficking marketplaces, murder for hire solicitations, and child exploitation, just to name a few.

One emerging trend that is causing concern in law enforcement circles is the increase in encryption and anonymization.  That is of course true with networks like Tor.

But you also may have read about Apple and Google’s recent announcements that they will encrypt their newest iPhones and Androids by default in a manner which may in certain circumstances make the data on the phones inaccessible to law enforcement, even with a court-authorized search warrant.  Just as the criminals have taken advantage of Tor’s encryption and anonymization technology to shroud their illegal activity on the Internet, the same criminals will no doubt take advantage of this accessible encryption technology to evade law enforcement.   

The recent decisions by Apple and Google highlight the need for careful thought and debate on these issues.  We need to ensure that law enforcement, armed with a valid court order, has a means of continuing to access data that can be critical to solving many types of crimes.  And many of these crimes are everyday but serious matters like kidnapping, murder, child exploitation, and other crimes of violence.

I recently was reminded by an article written by my friend Andrew Weissmann, a national security law professor at NYU, that we have been here before. 

In the late 19^th century, the Supreme Court held in Boyd v. United States that there existed an unbreachable “zone of privacy”—including a person’s private papers and effects—that the government could not access, even with a valid search warrant.  

The trend we are seeing in data privacy is an attempt to re-create that impenetrable zone of privacy.  But we should take a lesson from Boyd.  It gradually lost its authority after it became clear over time that the zone of privacy was being used by many as a lawless zone, where they could engage in criminal and other illegal conduct, to the detriment of public safety.   

Another facet of transnational crime today is international corruption.  The Foreign Corrupt Practices Act, or FCPA, is a law that prohibits the paying of bribes to foreign government officials to assist in obtaining or retaining business. 

You may be asking yourself why the U.S. Justice Department is involved in the fight against corruption abroad.  In fact, there are people who claim that taking aim at foreign bribery puts U.S. companies at a competitive disadvantage in countries where bribery is just business as usual.

The threats posed to the United States by international corruption, however, cannot be overlooked.  Foremost, corrupt countries are less safe.  Corruption thwarts economic development, traps entire populations in poverty, and leaves countries without a credible justice system.  Corrupt officials who put their personal enrichment before the benefit of their citizenry create unstable countries.  And as we have seen time and again, unstable countries become the breeding grounds and safe havens for terrorist groups and other criminals who threaten the security of the United States.

International corruption also inhibits the ability of American companies to compete overseas on a level playing field.  Once bribery and corruption take hold, fair and competitive business practices are eliminated.  Nobody but the corrupt official benefits from bribery.  

For all of these reasons, fighting foreign corruption is not a service we provide to the global community, but rather a necessary enforcement action to protect our own national security interests and the ability of our U.S. companies to compete on a global scale.

And, it is not just the United States that is recognizing the importance of foreign bribery laws.  There is an ever growing chorus of countries voicing support for the fight against this type of corruption.  More and more countries are joining international bodies that provide uniform standards for the criminalization of bribery of foreign public officials in international business transactions.  This type of collaboration is critical if we are going to have a meaningful impact on international corruption.    

These themes apply equally to our Kleptocracy Asset Recovery Initiative launched by the Attorney General in 2010.  The initiative relies on the use of U.S. civil forfeiture actions to recover the proceeds of foreign official corruption that pass through the United States. 

More simply, it takes the monies and assets stolen by foreign despots and returns them to the people harmed.  This initiative protects the integrity of the U.S. financial system from use by corrupt officials, and denies corrupt officials the ability to enjoy luxuries purchased in the United States at the expense of the populations they purport to serve. 

As just one recent example of the initiative’s success, two weeks ago the sitting Second Vice President of the Republic of Equatorial Guinea, Teodoro Nguema Obiang Mangue Nguema, agreed to settle civil forfeiture actions the Justice Department brought against his assets in the United States. 

Although, according to court documents, the son of the longest serving head of state in the world received an official government salary of less than $100,000 during his more than 16 years in public office, he used his position and influence as a government minister to amass millions of dollars’ worth of assets through corruption and money laundering.  He then used this money to support his own lavish lifestyle, which included a Malibu mansion, a Ferrari, and hundreds of thousands of dollars in Michael Jackson memorabilia, including the famous glove.  This made for a unique case caption:  United States v. One White Crystal-Covered Bad Tour Glove.

Under the terms of the civil settlement, Nguema must forfeit his assets in the United States, including his $30 million Malibu mansion, Ferrari, and Michael Jackson memorabilia.  He must also forfeit $1 million to the United States, which represents the value of the glove and other assets he removed from the country.  These proceeds will largely be provided to a non-governmental organization that will use the money for the benefit of the people of Equatorial Guinea.

Our fight against corruption starts at home, however, by ensuring that our U.S. financial markets are not distorted by misconduct.  Protecting the U.S. financial markets from fraud has always been a top priority of the Justice Department. 

Today’s financial system is global.  Misconduct that occurs overseas can affect investors and consumers in this country.  The Criminal Division is on the forefront of handling sophisticated global financial investigations. 

For example, LIBOR, which stands for the London Interbank Offered Rate, is the primary benchmark for short-term interest rates all over the world.  It is used as a reference rate for many interest rate contracts, mortgages, credit cards, student loans and other consumer lending products used by Americans and by individuals and institutions around the world. 

LIBOR necessarily depends on the integrity of the rate setting process and the bankers who provide input into that process.  But, an investigation by the Criminal Division, Antitrust Division, and the FBI has shown that banks and individual employees were manipulating the banks’ LIBOR submissions to benefit their trading positions, at the expense of counterparties to the trades. 

To date, five global financial institutions have resolved their respective roles in the criminal manipulation of LIBOR with the Justice Department, and each of them admitted to their misconduct.  Collectively, they have paid over $4 billion to the Justice Department and regulators.  We have also charged 11 individuals, two of whom have pleaded guilty, and our investigation continues.  And as we do more and more often, the LIBOR matter is being handled not just by U.S. prosecutors and the FBI, but in coordination with U.S. regulators and regulators all over the globe.

Protecting the financial markets from fraud is not just a concern about the economy anymore.  Much like our concern with foreign bribery, corruption and violations of law in financial institutions can affect our national security interests.

Earlier this year, the Justice Department announced the guilty plea of the world’s fourth largest bank, BNP Paribas, for systematic violations of U.S. economic sanctions laws, known as the International Emergency Economic Powers Act and the Trading with the Enemy Act. 

In its guilty plea, BNPP admitted to processing over $8.8 billion through the U.S. financial system on behalf of Sudanese, Iranian, and Cuban entities.  Some of these entities were subject to U.S. sanctions for their association with terrorism or serious human rights violations.   

BNPP’s criminal conduct took place despite repeated warnings expressed by the bank’s own compliance officers and even its outside counsel about the dangers of this conduct.  One senior compliance officer wrote an email reminding other bank officials that certain Sudanese banks with which BNPP dealt “play a pivotal part in the support of the Sudanese government which . . . has hosted Osama Bin Laden and refuses the United Nations intervention in Darfur.” 

Another BNPP representative warned, “In a context where the International Community puts pressure to bring an end to the dramatic situation in Darfur, no one would understand why BNP Paribas persists [in Sudan] which could be interpreted as supporting the leaders in place.” 

The Justice Department’s national security interests in enforcing these statutes—and the interests of the global community as a whole—hardly need emphasis in addition to that stated in the BNPP employees’ own emails.  As a result of its misconduct, BNPP agreed to pay almost $9 billion in criminal penalties, a record by almost four-fold.

To successfully investigate and prosecute these global financial institution cases, we work closely with our foreign law enforcement counterparts and foreign regulators.  Cooperation and coordination with international authorities strengthens our collective ability to bring transnational criminals to justice, whether they are large, multinational corporations, or individuals behind a computer screen.

Another crime that is increasingly transnational is child exploitation.  With the rise of the Internet, the sexual abuse of children is often captured in pictures or videos, and that child pornography is distributed around the world.  Like most crimes now, child exploitation is no longer the localized issue it once was. 

I am proud to say that the Justice Department has a strong record of prosecuting child predators, even if they or their crimes were committed abroad.

The Justice Department obtained a sentence last year totaling 165 years in federal prison against a man from Michigan after he was convicted of sexually abusing more than 50 impoverished children in Haiti.  For 15 years, Matthew Carter, under the guise of serving as an international humanitarian, sexually abused the Haitian children he purported to help. 

From 1995 to 2011, Carter resided at and operated a residential facility that provided shelter, food, clothing and school tuition to Haitian children near Port-au-Prince.  The children who lived at the facility were from impoverished families that could not feed, educate or otherwise support their children.  Carter frequently traveled between the United States and Haiti to raise funds from churches and donors for the continued operation of the center, which he used to sexually exploit vulnerable children. 

Just last month, we hosted the second Global Alliance Against Child Sexual Abuse Online Conference, which brought together high-level government officials representing over 30 member countries with the aim of increasing international cooperation in the investigation of child exploitation cases.  The conference featured the horrific case against two residents of Queensland, Australia, who bought a child in Russia, trafficked that child to Australia, and raised him from infancy to be conditioned for sexual abuse.  In addition to subjecting the boy to sexual abuse in Australia over the course of several years, the two men frequently brought the boy to the United States and Europe to meet with other men from various countries, so that these men could sexually abuse the boy and record the abuse.  This case was only solved, and the victim rescued, by the joining of independent investigations initiated separately by U.S., Australian and New Zealand authorities.  

Our prosecutions are only one part of our efforts to combat global crime.  The Criminal Division’s Office of Overseas Prosecutorial Development, Assistance and Training, known as OPDAT, and the International Criminal Investigative Training Assistance Program, known as ICITAP, were created in response to the growing threat of international crime.  Their joint mission is to work with law enforcement, prosecutors, judicial personnel, and government officials in other countries that seek to develop and sustain effective criminal justice institutions. 

Both sections support legislative and justice reform in countries that are redrafting their criminal laws; conduct joint trainings with foreign prosecutors, investigators and judges; and promote the rule of law and regard for human rights.  These efforts bring about tangible results to the benefit of citizens both of those countries and the United States. 

Indeed, the capacity of foreign counterparts to enforce their laws is often our first and best line of defense.  You have doubtless heard in the news about the recent influx of unaccompanied alien children into the United States from our southern borders.  As part of our effort to confront this issue, we have engaged OPDAT and ICITAP to engage in joint capacity building with our foreign counterparts to address the violence – particularly the gang violence – that can serve to encourage migration. 

In Mexico, OPDAT and ICITAP are also supporting the landmark transition from an inquisitorial system to an accusatory one, and working with Mexico as it prepares its prosecutors, investigators, and forensic experts for this new system. 

Sustained capacity building strategies in Mexico and Central America help build partnerships that protect the citizens of all our countries, by thwarting transnational crime and related threats before these security threats can cross borders.  In other parts of the world, we are engaged in capacity building strategies in various countries to help stem the tide of foreign fighters joining ISIL in Syria and Iraq. 

Today’s Justice Department looks beyond our borders to prosecute the crimes that affect Americans and American institutions and to work with foreign law enforcement and regulators that request us to partner with them.  Significantly, these are not reforms we seek to impose on unwilling countries.  Rather, the countries where OPDAT and ICITAP do their work are ones that are seeking to meet international standards of law enforcement, whether in shaping legislation that meets the standards of the UN Crime Conventions, working to transform their police and prosecution services, or addressing new forms of transnational crime, such as cybercrime.

The Justice Department is committed to innovation and adapting to the challenges of the global economy and the reach of the Internet.  And our successful prosecutions and capacity building endeavors have demonstrated our success. 

Thank you for inviting me to speak with you all today.  For those law students in the audience, I wish you luck as you embark on your careers in the global legal world of the 21^st Century.