Justice Blogs

Thursday, April 16, 2015

Attorney General Eric Holder Welcomes New Federal Prosecutors Attorney General Holder and Acting Deputy Attorney General Yates today welcomed approximately 160 new Assistant U.S. Attorneys (AUSAs) from 89 of the 94 U.S. Attorneys’ offices across the country.  This class of AUSAs represents the nation’s best and brightest litigators who have chosen to serve the public interest. AUSAs ensure our laws are faithfully executed and represent the federal government in virtually all litigation involving the United States.                      

The Justice Department is proud of its talented and dynamic workforce and recognizes that its employees are its most important asset. The Department is stronger, more credible, and more effective when its workforce includes highly-qualified individuals whose backgrounds reflect our nation’s rich diversity.

The Office of Attorney Recruitment and Management leads the Department’s outreach and recruitment efforts, and opportunities are available for attorneys and law students in nearly every legal practice area.

The Department has four main hiring programs:

Information about these programs, including specific job opportunities, eligibility criteria, and application deadlines can be found on the Justice Legal Careers website at or the free mobile app DOJ Law Jobs. More information about the U.S. Attorneys’ offices can be found at http://www.justice.gov/usao.

U.S. Attorneys Present Panel Discussion

Topic(s):
U.S. Attorney's Office News
Tuesday, April 14, 2015

Courtesy of Vanita Gupta, Principal Deputy Assistant Attorney General for the Civil Rights Division

I will never forget earning my first paycheck.  The sense of pride and of paying your own way sticks with you. 

But today on Equal Pay Day, we are reminded us that far too many women are being paid much less than they are worth.  The statistic is well known but is worth repeating - women earn about 78 cents to a man’s dollar.  Because they earn less, a woman needs to work an extra four months until April 2015 to earn as much as a man did by in 2014.  Industry, geography, education and other factors limit the disparity but do not take it away.  And women of color face an even greater wage gap. 

Many times pregnancy causes women to lose their jobs or be paid less perhaps because employers value women less when they are caregivers or because our work places make it difficult to be a caregiver and a worker.  Given that the overwhelming majority of women will become mothers in their working years, this is a constant problem.

That is why the Supreme Court’s decision in Young v. UPS is good news on this Equal Pay Day.  The decision enhances our ability to fight for women and equal pay by putting teeth into the equal treatment provision of the Pregnancy Discrimination Act (PDA).  I am proud to say that the Department of Justice filed a brief in the case supporting Young’s claims.

The PDA requires that pregnant women be treated the same as other employees with similar ability or inability to work.  Young was a challenge to an unfortunately all too common employer policy: providing job modifications or light duty assignments to some workers but denying them to pregnant women. 

Young, a delivery driver for UPS, needed light duty or help with lifting packages because her pregnancy limited her ability to lift.  UPS refused to allow Young to keep working in light of the lifting restriction.  Young went on unpaid leave and eventually lost her health insurance.  UPS claimed that its policy was legal even though it routinely granted accommodations or found other work for three categories of employees who were eligible for accommodations under its policy.  UPS said that pregnant women were treated the same as workers who were unable to perform their jobs but who did not fall into the three categories covered by the policy. 

The court decided that in pregnancy cases, a woman can prove intentional discrimination by showing that an employer gave job modification to workers with similar restrictions, that the employer’s policy created a significant burden on pregnant women and that the reasons for that policy were not sufficiently strong to justify the burden.  The case will now return to the lower court to be judged under that standard. 

Interestingly, as the case wound its way to the Supreme Court, UPS voluntarily changed its policy to enable pregnant women to keep working, and some states passed new anti-discrimination laws that require such accommodations. 

Young, the new state laws, and policy changes at employers like UPS will allow a woman to stay on the job and keep receiving a pay check—something that will make an enormous difference in a woman’s ability to take care of herself and her family. 

In addition to high-profile cases like Young, the Civil Rights Division fights for equal pay in its day-to-day cases. This year, the division reached a settlement with Clark County, Nevada, after it found that the county paid its female Director of Diversity significantly less than white and male employees whose duties were similar. Additionally, the division filed a complaint against the Pennsylvania State Police for alleged use of a physical test that disproportionately screens out women and is not related to the job. Further, the division reached a settlement with the Queen Anne’s County Sheriff Department to revise personnel policies and procedures to prevent harassment and retaliation following the firing of a female deputy sheriff who was sexually assaulted by the Sheriff’s brother.

These cases – and the fact that a woman has to work four months longer than a man to earn the same amount– show that we still have a long way to go.  But these cases also show how far we can go.  The women in these cases are directors, police officers, firefighters, and sheriffs.   And this year, a truck driver won an important victory for women’s rights.  Remember that, and keep working with us to move Equal Pay Day back to December 31st where it belongs.   

Monday, April 13, 2015

Courtesy of Vanita Gupta, Acting Assistant Attorney General for the Civil Rights Division

In the past year, the Department of Justice has continued to achieve significant results in its fair lending enforcement efforts, including negotiating groundbreaking relief for victims of credit discrimination.  The Civil Rights Division’s Housing and Civil Enforcement Section and its Fair Lending Unit enforce the federal fair lending laws, including the Equal Credit Opportunity Act (ECOA), Fair Housing Act (FHA) and Servicemembers Civil Relief Act (SCRA).  On April 13, 2015, we submitted our annual report to Congress reporting on our work in 2014 to address credit discrimination all its forms.  In the five years since the Fair Lending Unit was established, the division has filed or resolved 37 lending matters under ECOA, FHA and SCRA.  This year’s enforcement actions bring the total amount for the settlements in these matters to over $1.2 billion in monetary relief for impacted communities and individual borrowers.

Highlights of that work include:

Addressing discrimination in automobile lending: Working with the state of North Carolina, we filed the federal government’s first-ever discrimination lawsuit involving “buy here, pay here” auto lending.  In our complaint against Auto Fare Inc., we alleged that the owners and operators of two “buy here, pay here” used car dealerships violated ECOA by engaging in a pattern or practice of reverse redlining – intentionally targeting African American customers for unfair and predatory credit practices – in the financing of used car purchases.  The state of North Carolina also alleged the defendants violated the state’s Unfair and Deceptive Trade Practices Act.  The 2015 consent order requires the defendants to establish a $225,000 settlement fund to compensate victims for their past discrimination and to make significant changes to the terms of their loans and their repossession practices.

Addressing discrimination in credit cards: Partnering with the Consumer Financial Protection Bureau, we filed and resolved the federal government’s largest credit card discrimination settlement in history.  In our complaint in United States v. Synchrony Bank, f/k/a GE Capital Retail Bank (D. Utah), we alleged that the bank engaged in a nationwide pattern or practice of discrimination in violation of ECOA on the basis of national origin by excluding Hispanic borrowers from two of its credit card debt-repayment programs if they had a mailing address in Puerto Rico or denoted Spanish as their preferred language for various communications.  As part of the settlement, the lender will pay at least $169 million to compensate more than 108,000 borrowers.

Addressing discrimination based on disability and receipt of public assistance: Based on a matter initially investigated by the Department of Housing and Urban Development and referred to the department, we filed a case against Fifth Third Mortgage Co. (M.D. Ga.) alleging that the lender and Cranbrook Mortgage Corporation engaged in a pattern or practice of discrimination by requiring credit applicants with disabilities to provide an official letter from their medical doctor to substantiate that their disability income would continue, but did not impose a documentation burden on applicants without disabilities to prove their income would continue.  As part of the settlement , the defendants must pay $1.52 million to compensate victims and implement other injunctive relief.

Enforcing the rights of members of the military: In 2014, the department filed its first ever lawsuit alleging discrimination against service members by servicers and owners of student loans in United States v. Sallie Mae, Inc., et al. (D. Del.).  The complaint alleges that the defendants violated Section 527 of the SCRA when they failed to reduce to six percent the interest rates on pre-service loans held by approximately 60,000 service members.  The consent order requires the defendants to pay $60 million to compensate aggrieved service members.  In addition, the defendants must streamline the process by which service members may obtain SCRA interest rate benefits.

We encourage you to read our ECOA report for a more detailed discussion of these and other achievements in the past year.

Thursday, April 9, 2015

The Department of Justice is pleased to announce the publication of its new, updated FOIA regulations which will become effective May 4, 2015.  FOIA regulations serve as a resource for both agency personnel and the public.  They provide procedural information for requesters, such as details about where and how to make a request.  They also set forth requirements for agencies, such as details about information that should be included in agency correspondence with requesters. 

The Department has updated its FOIA regulations and streamlined the language contained in them to make the regulations more user-friendly.  The updated regulations also reflect a range of practices embraced by the Department in support of the President's and Attorney General Holder's 2009 FOIA directives, particularly the Department’s policy encouraging discretionary releases. 

The new FOIA regulations were developed with public feedback and useful suggestions from requesters.  Many of the changes incorporate best practices from OIP's guidance that improve the FOIA process for both the Department and requesters.  For example, the new regulations include:

  • A focus on the role of the Department's FOIA Contacts and FOIA Public Liaisons to assist requesters both before and after a request is made
  • Proactive notification to requesters of which processing track their request falls in and an opportunity for requesters to narrow their requests to fit a faster track
  • Procedures on referrals, consultations and coordinations, which among other things require agencies to provide requesters the name and FOIA contact information of any agency where records are referred
  • An emphasis on good communication practices, which include the Department's commitment to communicate with requesters electronically whenever feasible, as well as other practices that ensure communications are made in the spirit of cooperation called for by the President and Attorney General Holder.

These are just a few examples of the new provisions in the Department's FOIA regulations.  The full text of the regulations can be found here.  Be sure to continue reading FOIA Post for the latest FOIA news from OIP.

Topic(s):
FOIA Post
Wednesday, April 8, 2015

In February, OIP held its last scheduled Best Practices Workshop in this new series of training.  The Best Practices Workshop series, designed as a part of the United States’ Second Open Government National Action Plan commitment to further modernize FOIA, aims to leverage effective strategies from across the government by highlighting and sharing successes achieved by agencies on a wide range of FOIA issues. OIP is currently in the process of developing its new schedule of workshops for 2015 and we invite both agencies and the public to give us suggestions for new topics. 

The February workshop featured an expert panel discussion on FOIA customer service and dispute resolution.  President Obama’s FOIA Memorandum and Attorney General Holder’s FOIA Guidelines direct agencies to work with requesters in a “spirit of cooperation,” and many agencies have implemented a range of good customer service practices as part of their FOIA administration.

The panelists for this Workshop included:  Carmen Mallon, Chief of Staff for the Office of Information Policy at the Department of Justice; Dennis Argall, Assistant Section Chief for the Record Information Dissemination Section at the Federal Bureau of Investigation; Paul Jacobsmeyer, Chief of the Freedom of Information Act Division of Washington Headquarters Services at the Department of Defense; and Carrie McGuire, Mediation Team Lead for the Office of Government Information Services at the National Archives and Records Administration.

Each panelist discussed best practices they have used and seen to promote good customer service.  Much of the discussion reemphasized the importance of several of the best practices highlighted in the October Workshop, which featured panelists from the requester community.  Some notable examples of the best practices discussed include:

  • Communicating with the requesters throughout the life of a request – Maintaining open communication with requesters is critical for providing good customer service. This can include promptly acknowledging receipt of a request, explaining the FOIA process to requesters who are unfamiliar with it, and ensuring that requesters can easily contact the agency to ask questions and inquire about the status of their requests.  Open communication also includes a range of actions, such as providing a sample of records responsive to a request to help the requester understand the type of material the agency has located and utilizing interim responses whenever possible to provide material on a rolling basis.
  • Proactively communicating with requesters – Several panelists found success in proactive efforts to communicate with requesters.  For example, reaching out to requesters who have (sometimes unknowingly) made broad or complex requests can help clarify questions the agency has while at the same time provide  requesters the opportunity to reformulate their requests so that records can be more readily located and processed more efficiently.  Proactive outreach to provide the status of a request can also be beneficial, particularly for requests that have been pending for any significant length of time.  By actively communicating with requesters in such situations, the agency not only is providing good customer service, but the communication itself can lead to further discussions about ways to help  requesters obtain  responsive records as efficiently as possible.
  • Memorializing discussions with the requester – Agencies should make it as easy as possible for requesters to clarify or reformulate their requests.  Documenting discussions with requesters, especially when the requester agrees to amend his or her request, is critical to ensure that the agency and the requester mutually understand what was discussed.  Agencies should promptly follow-up substantive phone discussions with an e-mail or letter that summarizes what was discussed and that includes contact information in case the requester has additional questions or concerns.
  • Using Multi-track processing to improve customer service – Multi-track processing can help agencies provide good customer service in two ways.  Utilization of a multi-track system provides a mechanism for the agency to process "simple" requests in a different queue from "complex" requests, which in turn can allow for improved timeliness for the "simple" track requests.  Additionally, by establishing multiple processing tracks, agencies can more readily offer requesters the option of tailoring their request so that it fits within the "simple" track and can be processed more quickly.

A list of all the best practices discussed during this series and related OIP guidance can be found on the Best Practices Workshop Series page of OIP's website. 

The Best Practices Workshop series will continue and OIP is currently developing the topics for the next slate of events in this series.  We invite you to suggest discussion topics for these upcoming events, and you can e-mail your suggestions for new workshop topics to DOJ.OIP.FOIA@usdoj.gov using the subject line "Agency Best Practices Workshop Suggestion." 

Topic(s):
FOIA Post, Open Government
Tuesday, April 7, 2015

Courtesy of U.S. Attorney Benjamin B. Wagner of the Eastern District of California

The enactment of the Matthew Shepard and James Byrd Jr. Hate Crimes Prevention Act in October 2009 marked a critical step forward in our battle against bias-motivated violence.  The act expanded the jurisdictional reach of federal investigators and prosecutors, provided resources to local authorities to assist them in the prosecution of hate crimes and, for the first time in federal law, established protections for persons targeted for violence on the basis of sexual orientation and gender identity.  The Department of Justice has made vigorous use of the law, convicting 49 defendants since early 2010 for a variety of violent acts motivated by bias.  In the Eastern District of California, for example, the U.S. Attorney’s Office and the Civil Rights Division recently concluded the prosecution of three white supremacists for an unprovoked attack on a white man and his African-American friend at a gas station in Yuba City, California.  Those three defendants are now serving significant federal prison terms.   

Combating hate crimes has been a priority of this administration.  Just last November, shortly after the fifth anniversary of the enactment of the Shepard Byrd Act, Attorney General Holder announced that the department would sponsor a series of pilot training programs around the country to commemorate the anniversary of the law, raise awareness with the public and with local jurisdictions about the importance of reporting hate crimes, build trust between law enforcement and impacted communities and educate our state and local law enforcement partners about federal hate crimes including the Shepard Byrd Act.  On April 2, the first of those pilot programs was held in Sacramento.

In the morning, the U.S. Attorney’s Office, the Civil Rights Division and the FBI provided a half-day training program for over 60 local law enforcement officers and investigators.  I opened the program together with Special Agent in Charge Monica Miller of the FBI Sacramento Field Office.  Substantive instruction was provided by an Assistant U.S. Attorney, an FBI Supervisory Special Agent, and Chiraag Bains—Senior Counsel to the Assistant Attorney General for the Civil Rights Division.  The most riveting part of the program, however, was the participation of Judy and Dennis Shepard, parents of Matthew Shepard, whose brutal murder in a hate crime in Wyoming in 1998 shocked the nation, and whose name is enshrined in the statute.

Since the tragic death of their son, Judy and Dennis, through the Matthew Shepard Foundation, have been tireless advocates for equality and tolerance.  Later in the day, they were the centerpiece of a community forum at California State University Sacramento, which brought together over 100 members of the community—people of all colors and ethnicities, gay and straight, Jewish and Muslim, elected officials students, and members of the media.  The forum addressed the Shepard-Byrd Act, the investigation of hate crimes, reporting, police-community relations and other issues.  Judy and Dennis speak softly but eloquently, with courage and conviction.  They both made passionate appeals for community members to engage with and educate members of law enforcement as well as to report hate crimes.  The event concluded with a standing ovation for our visitors from Wyoming.

While recent years have been a period of tremendous change for issues relating to LGBT equality, much work still needs to be done.  Too many instances of hate-motivated violence still occur and too many of those instances still go unreported.  It is my hope that regional events like the one recently held in Sacramento—soon to be replicated in Biloxi, Mississippi; Kansas City, Kansas; Salem, Oregon; and Miami, Florida—will help address those gaps.

Tuesday, March 31, 2015

Courtesy of the Environment and Natural Resources Division

On March 26, 2015, the Department of Justice approved a Prospective Purchaser Agreement (PPA) with Reichhold, LLC for the purchase of a chemical manufacturing business on 8.8 acres in Azusa, California.  The property is part of the San Gabriel Valley Area 2 Superfund Site, Baldwin Park, California, Operable Unit and is located in an environmental justice community, where approximately 79 percent of the population is Latino, 35 percent of the population lives below two times the federal poverty level and 25 percent of the population over the age of 25 has less than a high school education level. 

The property was part of the bankrupt estate of Reichhold Inc.  The purchaser, Reichhold, LLC, is paying $800,000 to the U.S. Environmental Protection Agency Site special account to fund future response actions.  Additionally, the sale will retain 22 jobs, prevent blight in an industrial area and prevent the abandonment of a facility containing substantial amounts of hazardous substances, which could fall into disrepair.

Friday, March 27, 2015

Courtesy of the Civil Division’s Consumer Protection Branch

For decades, the Department of Justice, led by the Civil Division’s Consumer Protection Branch, has protected the health, safety and economic security of the American consumer.  Indeed, since its creation more than 40 years ago, the Consumer Protection Branch has worked tirelessly to combat all types of consumer fraud.

But as two of our most recent cases show, fraudsters have become more sophisticated.  It used to be that fraud schemes depended on the willingness of unwitting consumers to hand over their hard-earned savings in person or through the mail.  Today, the interconnectedness of our electronic banking system means a crook just needs to find a way to acquire one piece of information—your bank account number.  Once he has it, and a means to access the banking system, your bank account—and your money—is in his hands.     

Thanks to banking rules designed to prevent money laundering and other illegal activity, American banks generally don’t do business with people who are trying to steal money from consumers.  But fraudsters figured out that they could gain access to the banking system indirectly, through a middleman called a third party payment processor, because they realized some banks would not look past the middleman to evaluate what the fraudster was doing.  And other banks, even if they did find out what the fraudster was doing, would choose to look the other way while they continued to collect fees in exchange for enabling the scheme.

But just as bad actors continuously adapt to modern technology, law enforcement must adapt to protect consumers.  Recognizing this new and serious consumer fraud problem, in 2012, career prosecutors at the department proposed a focused effort to disrupt these illegal third-party payment processor schemes.  The new approach was informally dubbed “Operation Chokepoint”—a recognition that choking off access to consumers’ bank accounts could stop numerous fraud schemes at one time and protect more people from being victimized.

Following up on specific evidence of suspected fraud schemes operating through the banking system, and responding to particular consumer complaints and referrals from other law enforcement agencies, DOJ prosecutors trained their resources on a small number of banks -- around 50 of the roughly 6,000  operating across the country -- that were (wittingly or unwittingly) involved in these schemes.  They used many of the typical tools that are part of fraud investigations, including issuing subpoenas in 2013 seeking information from selected banks.  Once these prosecutors saw the evidence banks provided, they opened multiple civil and criminal investigations into the perpetrators of egregious (and in many instances, ongoing) fraud schemes.  In many cases, they informed banks that they were not themselves subjects of our investigations.  In others, however, they found evidence that the bank itself was aware of the fraud and was permitting the fraudsters to continue their unlawful conduct.

Last week, the Consumer Protection Branch resolved two additional cases involving illegal third party payment processor schemes in which, we allege, the bank ignored glaring warning signs of fraud while permitting fraudsters to illegally withdraw millions of dollars from consumers’ bank accounts.  For example, we allege that CommerceWest Bank was told by other banks such as Wells Fargo and Bank of America that their customers were being defrauded by a CommerceWest accountholder—but that CommerceWest’s response was merely to cut off further charges to customers of the complaining banks while continuing to allow the fraudster unimpeded access to the accounts of other victims.  Similarly, we alleged that Plaza Bank received so many consumer complaints that it had to develop a generic email response that acknowledged the “questionable” transactions that were continuing to be processed through the bank.  Combined, these two banks consciously turned a blind eye to schemes where staggering amounts were being stolen from millions of consumers.     

As these cases demonstrate, the department’s efforts under Operation Chokepoint have proved highly successful in protecting consumers and rooting out widespread fraud that was allowing millions of dollars to be siphoned from consumer bank accounts every month.  Including an earlier case against Four Oaks Bank, the department has been able to disrupt multiple fraud schemes that–until the government stepped in—were actively stealing tens of millions of dollars out of the bank accounts of more than a million different consumers.  The department, the FTC, and state and local law enforcement agencies have brought enforcement cases against other perpetrators of these fraudulent schemes as well.

While our actions have focused solely and squarely on disrupting fraud schemes that gain access to the banking system through third-party payment processors, we are aware of claims that the department unfairly targeted businesses engaged in lawful activity.  Others have confused our efforts with separate, independent actions taken by financial regulators to warn banks about risks involved with conducting business for merchants in certain industries. 

As the department has stated on multiple occasions, the proposal to focus on schemes involving third-party payment processors was developed by career prosecutors following credible leads about fraud schemes being perpetrated using the banking system.  Each subpoena was designed to gather information of illegal conduct, and each investigation focused on specific evidence of unlawful conduct.  And in no case has the department targeted any lawful enterprise, such as gun or ammunition sellers. 

We have briefed Congress, met extensively with industry groups, and taken many other steps to explain the purpose of Operation Chokepoint—and we remain committed to explaining what we are and are not doing.  But the most effective way of showing the success of Operation Chokepoint comes from the results of the cases we have resolved so far, as well as the results that will come from our continued pursuit of the banks, processors and others responsible for the schemes we identified from our focused effort.  Although this effort has largely achieved its goals, the problem that gave rise to it has not completely gone away.  That is why the department expects to bring additional criminal and civil cases related to these third-party payment processor schemes, and why we will continue our work to protect consumers and fight fraud in all its forms.

Posted in:
Friday, March 20, 2015

In the last of our series on the need for limited updates to laws enhancing cybersecurity while protecting individual rights, this post will describe a proposal that is geared toward shutting down the international black market for Americans’ stolen financial information.  One of the most common motivations for hacking is the theft of financial information.  In recent years, organized, multinational criminal enterprises have arisen to steal large volumes of credit card numbers and other personally identifiable information.  Middlemen then sell the stolen data to the highest bidder, often using underground “carding” forums.  The amendments are aimed at making sure that these middlemen — those who profit from the sale of stolen financial data of Americans — can be brought to justice even if they are operating outside of the United States.

Here is the problem.  Current law makes it a crime to sell “access devices” such as credit card numbers.  The law allows the government to prosecute offenders located outside the United States if the credit card number involved in the offense was issued by an American company and meets a set of additional requirements.  In the increasingly international marketplace for stolen financial information, however, these requirements have proved increasingly  unworkable in practice.  The government has to prove either that an “article” used in committing the offense moved though the United States, or that the criminal is holding his illicit profits in an American bank.  But when you steal only digital data, it’s not clear what “article” could be involved.  And of course, foreign criminals generally move their money back to their home country.

The upshot is that these requirements unduly limit the Department of Justice’s ability to prosecute criminals residing outside of the United States who commit crimes that harm Americans.  Indeed, law enforcement agencies have identified foreign-based individuals holding for sale vast quantities of credit card numbers issued by American financial institutions where there is no evidence that the person selling the numbers is the one who stole them, and no evidence of “articles” in the United States.  The United States has a compelling interest in prosecuting such individuals because of the great harm they cause to U.S. financial institutions and citizens.

That’s why we’ve proposed an amendment that would strike the unnecessary language in the current statute.  It would permit the United States to prosecute anyone possessing or trafficking in credit card numbers with intent to defraud if the credit cards were issued by a United States financial institution, regardless of where the possession or trafficking takes place.  This kind of jurisdiction over conduct that occurs abroad is fully consistent with international norms and other criminal laws aimed at protecting Americans from economic harm.  Moreover, in an era of global cybercrime where criminals steal Americans’ financial information so that they can traffic it abroad, it is necessary to prevent criminals from victimizing our citizens with impunity.

Posted in:
Topic(s):
Cyber Crime
Friday, March 20, 2015

Over the course of Sunshine Week this week, agencies across the government began posting their 2015 Chief FOIA Officer Reports. Since the issuance of Attorney General Holder’s FOIA Guidelines in 2009, agency Chief FOIA Officers have reported to the Justice Department annually on their efforts towards improving the administration of the FOIA at their agencies. Over the last six years, these Chief FOIA Officer Reports have served as a valuable resource for agencies to detail their efforts in implementing the President’s and Attorney General’s FOIA Memoranda. On Monday, the Department of Justice released its 2015 Chief FOIA Officer Report and a compilation of success stories from other agency reports.

Each year, agency Chief FOIA Officer Reports illustrate the steps undertaken by agencies to improve their administration of the FOIA and to implement the five key areas of FOIA administration addressed in Attorney General Holder’s FOIA Guidelines. These five areas are:  applying the presumption of openness; ensuring that there are effective systems in place for responding to requests; increasing proactive disclosures; increasing the utilization of technology; and improving timeliness and reducing backlogs.

The Justice Department’s 2015 Report released this week details a range of initiatives for each of these areas, including:

  • Leading the efforts to further modernize FOIA through a number of commitments made in the United States' Second Open Government National Action Plan. These initiatives include working on a consolidated online FOIA service, developing common FOIA regulations and practices for federal agencies, improving internal agency FOIA processes across the government by leveraging best practices, improving FOIA training by making standard e-learning resources available for all federal employees, and participating in a FOIA Federal Advisory Committee.
  • The Department also continued to expand its robust FOIA training program in an effort to provide quality FOIA training and resources to all federal employees. OIP's FOIA instructors provided training on a range of topics to over a thousand federal employees across the government. OIP also released a new suite of four electronically available FOIA training tools designed for all levels of the federal workforce from the senior executive whose support is key, to agency program personnel, to the FOIA professionals who process records. This new collection of training tools helps ensure that all agencies have a ready set of targeted resources to make available to all their employees.
  • The Department proactively posted more information to its websites, and continued to post that information in ways that are most useful to the public. The Department's FOIA.gov website continues to be a central resource for all FOIA data and resources. With Fiscal Year 2014 Annual FOIA Report data now on the website, users can compare agencies' FOIA administration from this past fiscal year across agencies and over time. The other features on the site, such as videos about the FOIA and how it works, and FOIA contact information for all 100 agencies, continues to also serve as a valuable resource for the public.

As agencies post their 2015 Chief FOIA Officer Reports, we encourage you to review them to find out more about the various FOIA efforts undertaken by government agencies this past year.  OIP will once again provide a central link to these reports on our website as they become available.

As with last year’s Reports, OIP will begin its five-part series in the coming weeks here on FOIA Post to highlight agency achievements and initiatives in each of the five key areas addressed by the Attorney General’s FOIA Guidelines. Additionally, OIP will once again publish an assessment of agencies’ implementation of the President's and Attorney General's FOIA Memoranda based on agency Annual and Chief FOIA Officer Reports.  Be sure to continue reading FOIA Post for more information.

Topic(s):
FOIA Post, Open Government
Thursday, March 19, 2015

Courtesy of Acting Associate Attorney General Stuart F. Delery

Acting Associate Attorney General Stuart F. Delery announced the creation of the Department of Justice’s Servicemembers and Veterans Initiative in a video. You can watch the video here.

Acknowledging the Debt We Owe Servicemembers and Veterans Through a New Initiative

Attorney General Holder has said that, although we can never hope to repay the debt of gratitude our nation owes the heroes who serve or have served in the Armed Forces, we must never forget to acknowledge what we owe.  The Department of Justice is firmly committed to doing its part in acknowledging what we owe.  That’s why I am proud to announce the Attorney General’s creation of the Servicemembers and Veterans Initiative. This initiative will be led by three dedicated career Justice Department attorneys with strong ties to the military community. They will further the Department’s existing efforts by coordinating and expanding our enforcement, outreach, and training efforts on behalf of servicemembers, veterans, and their families. The initiative will address the unique challenges that servicemembers face while on active duty, that veterans face upon returning home, and that families face when a loved one is deployed.

The sacrifices of our nation’s servicemembers go beyond the courageous act of putting themselves in harm’s way to defend our way of life. The sad fact is, they also face obstacles to exercising their civil rights and maintaining their families’ financial security.  That is why the Justice Department prioritizes enforcing the statutes specifically created to protect the civilian employment rights, voting rights, and financial security of those serving in the Armed Forces.

The Department is already having success on this front and we intend to have more. We have developed resources to help prosecutors respond to illegal foreclosures of servicemembers’ homes while they are on active duty and to scams that threaten servicemembers’ savings as they try to get their financial affairs in order in preparation for a deployment.   In the past few months, the Department has recovered over $123 million for servicemembers who were the victims of illegal non-judicial foreclosures; secured almost $10 million of relief in a lawsuit against a company that illegally repossessed over 1,100 cars; and obtained relief for 138 National Guard dual-status technicians who were illegally required to leave their civilian positions prior to entering active duty service. In addition, the Department awards grants to support mentoring programs and services for youth with a parent in the military.

The unique challenges often do not stop when a person leaves the Armed Forces.  For example, some of our Nation’s more than 22 million veterans suffer from post-traumatic stress disorder, substance abuse, or other mental health problems connected to their experiences while serving.  That is why the Department supports Veterans’ Treatment Courts, which promote sobriety, recovery, and stability for veterans struggling with addiction or mental illness who have become involved in the criminal justice system.

The Servicemembers and Veterans Initiative will reinforce the importance of this critical work and also make it easier for the Department to use all available resources and legal authorities to protect the rights and interests of the brave men and women who serve or have served in our Armed Forces.  The Initiative’s initial focus will be on three areas:  enforcement, education, and access to justice.

  • Enforcement: We will extend the expertise and resources needed to enforce the civil and criminal statutes protecting the rights of servicemembers, veterans, and their families to lawyers and investigators throughout the Department, allowing us to expand and coordinate our enforcement efforts.We will also promote information sharing among federal, state, and local enforcement agencies, so that they too can use all of the tools at their disposal.

  • Education: We will make sure that servicemembers, veterans, and their families have access to information about their rights and who to contact to report abuse.We will achieve this by working with people who serve as the first points of contact for members of the military community at the Departments of Defense and Veterans Affairs, and the Judge Advocate General offices at military installations throughout the world; by maintaining an accessible website with vital information to direct servicemembers and veterans to the resources they need; and by reaching out to underserved populations with high representation in the military, such as American Indians and Alaska Natives.

  • Access to Justice: We will use grants and other resources to support the efforts of courts, law enforcement, and other organizations to respond appropriately to the specialized circumstances of servicemembers and veterans in the criminal and civil justice systems.And we will build on existing partnerships with public and private programs that benefit and protect servicemembers, veterans, and their families, including organizations that provide not-for-profit legal services.

If we do our jobs well, we will allow servicemembers to focus on their work protecting the country and help veterans take their rightful place in the country they have sacrificed so much to protect and defend. 

It is my hope that this Initiative will be a mainstay of the Department's work for many years to come.  And I encourage anyone interested in the Servicemembers and Veterans Initiative to get in touch with its new leaders:  Director Silas Darden (Major in the Air Force Reserve) and Assistant Directors Andrew Braniff (Uniformed Services Employment and Reemployment Rights Act Program Coordinator for the Department’s Civil Rights Division) and Spencer Fisher (Chief Warrant Officer 2 in the Marine Corps Reserve),  servicemembers@usdoj.gov

Wednesday, March 18, 2015

The threat from botnets — networks of victim computers surreptitiously infected with malicious software — has increased dramatically over the past several years.  In our second post in this series, we discussed a proposal to ensure that courts have the authority to disrupt them.  Another part of the department’s response to the threat of botnets has been to identify and bring to justice those who create and control them.  While we have had significant successes to date prosecuting these offenders, we’ve encountered shortcomings in the existing law.

Criminals have found more and more ways to illegally make money through botnets.  Law enforcement officers now frequently ascertain that creators and operators of botnets not only use botnets for their own illicit purposes, but also sell or even rent to other criminals access to the infected computers.  The criminals who purchase access to botnets then go on to use the infected computers for various crimes, including theft of personal or financial information, the dissemination of spam, for use as proxies to conceal other crimes, or in distributed denial of service (DDoS) attacks on computers or networks.  Think about it:  your computer may be hacked by one criminal, and that criminal may rent surreptitious access to your computer to another criminal.  Americans are suffering extensive, pervasive invasions of privacy and financial losses at the hands of these hackers.

Current criminal law prohibits the creation of a botnet because it prohibits hacking into computers without authorization.  It also prohibits the use of botnets to commit other crimes.  But it is not similarly clear that the law prohibits the sale or renting of a botnet.  In one case, for example, undercover officers discovered that a criminal was offering to sell a botnet consisting of thousands of victim computers.  The officers accordingly “bought” the botnet from the criminal and notified the victims that their computers were infected.  The operation, however, did not result in a prosecutable U.S. offense because there was no evidence that the seller had created the botnet in question, and accordingly the seller was free to continue his activity.  While trafficking in botnets is sometimes chargeable under other subsections of the Computer Fraud and Abuse Act, this problem has resulted in, and will increasingly result in, the inability to prosecute individuals selling access to thousands of infected computers.

We maintain that it should be illegal to sell or rent surreptitious control over infected computers to another person, just like it is already clearly illegal to sell or transfer computer passwords.  That’s why the Administration’s proposal recommends amending current law to prohibit the sale or transfer not only of “passwords and other information” (the wording of the existing statute) but also of “means of access,” which would include the ability to access computers in a botnet.  In addition, the proposal would replace the current requirement that the government prove that the offender had an “intent to defraud” with a requirement to prove that the offender not only knew his conduct is “wrongful,” but also that he knew or should have known that the means of access would be used to hack or damage a computer.  We propose this last change because, as noted above, criminals don’t only use botnets to commit fraud — they also use them to commit a variety of other crimes.

Some commentators have raised the concern that this proposal would chill the activities of legitimate security researchers, academics, and system administrators.  We take this concern seriously.  We have no interest in prosecuting such individuals, and our proposal would not prohibit such legitimate activity.  Indeed, that’s precisely why our proposal requires that the government would have the burden to prove, beyond a reasonable doubt, that the individual intentionally undertook an act (trafficking in a means of access) that he or she knew to be wrongful.  And the government would similarly have to prove that the individual knew or had reason to know that the means of access would be used to commit a crime by hacking someone else’s computer without authorization. 

We think that this approach makes clear that ordinary, lawful conduct by legitimate security researchers and others is not at risk of criminal prosecution.  But we’re also engaging with the security research community and other groups, and with Congress, to make sure any amendment prohibits the pernicious conduct we’ve described without chilling the activities of those who are trying to improve cybersecurity for all.

Up next:  how do we prosecute those who sell stolen credit cards overseas?

Posted in:
Topic(s):
Cyber Crime
Wednesday, March 18, 2015

Awardee at DOJ Sunshine Week Event

This past Monday, individuals from around the government and members of the public gathered in the Great Hall of the Robert F. Kennedy Building to celebrate the start of Sunshine Week 2015. The annual event, held in commemoration of the sixth anniversary of the issuance of Attorney General Holder’s FOIA Guidelines, recognized and celebrated the accomplishments of agency FOIA professionals.

Acting Associate Attorney General and Department of Justice Chief FOIA Officer Stuart Delery served as the keynote speaker at the event, and highlighted a number of FOIA initiatives undertaken at the Justice Department over the last year, including:

  • The FOIA Improvement Initiative - a comprehensive review of FOIA operations at the Department’s thirty-seven components designed to share best practices and identify areas for improvement,
  • FOIA Training Modernization – OIP’s recently released suite of electronic FOIA training resources, designed for members of the federal workforce at every level, and
  • Best Practices Workshop Series – the ongoing series aimed at gathering together FOIA professionals from around the government, as well as civil society, to share experiences, lessons learned, and strategies for success on a variety of topics.

In his remarks, Acting Associate Attorney General Delery stressed that “[t]hese steps to spread awareness and expertise across the government are vital to promoting FOIA’s objective of transparency and openness.”  The Acting Associate Attorney General provided the following message to FOIA professionals who continue to process ever-increasing numbers of requests:

“I commend all of you for the dedication you continue to demonstrate in performing a difficult and important job, and now I am pleased to have the chance to honor the recipients of this year’s awards for outstanding contributions to our FOIA work.”

Agencies and members of the public were asked to submit nominations for six award categories to OIP. Key achievements from these submissions were highlighted by OIP Director Melanie Ann Pustay when recognizing each award recipient. As nominated by their agencies, the following awards were presented by Acting Associate Attorney General Delery and Director Pustay:

  • Exceptional Service by a FOIA Professional: Martha Wagner Murphy (National Archives and Records Administration), Cynthia Floyd-Coleman (Environmental Protection Agency), and Manizheh Boehm (Federal Highway Administration)
  • Award for Exceptional FOIA Service by a Team of Agency Professionals: The Federal Highway Administration Headquarters Chief Counsel FOIA Team, the Department  of Agriculture FOIA Training Subcommittee, and the Office of Personnel Management FOIA Service Center team.
  • Lifetime Service Award: Debbie Verzi (Social Security Administration), and Brenda Dolan (Department of Commerce)
  • Excellence in Management: James Holzer (Department of Homeland Security), Michael Marquis (Department of Health and Human Services), and Kathy Ray (Department of Transportation)
  • Outstanding Contributions by a New Employee: Arnon Dayak (Food and Drug Administration), and Alexis Graves (Department of Agriculture)
  • Outstanding Customer Service: Roberta Parsons (Department of Commerce), Harriette Boyd (Department of Commerce), and Judith Lewis (Environmental Protection Agency)

OIP would like to again recognize and thank each of the awardees for their work and contributions towards the administration of the FOIA at their agencies.  Agency FOIA professionals are the heart of any successful FOIA administration and we commend their hard work and continued service.

Read the full remarks from Acting Associate Attorney General and Department of Justice Chief FOIA Officer Stuart Delery.

Topic(s):
FOIA Post, Open Government
Monday, March 16, 2015

Courtesy of Leslie R. Caldwell, Assistant Attorney General for the Criminal Division

In a series of recent posts, we’ve been discussing the need for the Administration’s current cybersecurity proposals and discussing how they have been drafted in a careful and targeted way to enable us to protect privacy and security without ensnaring harmless or legitimate conduct.  Reaching this balance is important in many parts of the criminal law, but it is particularly important in the law that protects the privacy and security of computer owners and users — the Computer Fraud and Abuse Act (CFAA).  This law applies both to the hackers who gain access to victim computers without authorization from halfway around the world, and to those who have some authorization to access a computer — like company employees entitled to access a sensitive database for specified work purposes — but who intentionally abuse that access.  Yet the CFAA needs to be updated to make sure that the statute continues to appropriately deter privacy and security violations.  The Administration has proposed an amendment that maintains the law’s key privacy-protecting function while ensuring that trivial violations of things like a website’s terms of service do not constitute federal crimes.

As noted, in addition to prohibiting unauthorized access to victim computers by outside hackers, the CFAA also covers the conduct of insiders who have a right to access a system but who abuse that right and access sensitive or valuable information for their own purposes.  This part of the CFAA is, for example, the tool that department prosecutors have used to charge police officers who took advantage of their access to confidential criminal records databases in order to look up sensitive information about a paramour, sell access to those records to others, or even provide confidential law enforcement information to a charged drug trafficker. We’ve also used this statute to prosecute an employee of a health insurer who used his access to the company’s sensitive databases to improperly obtain the names and Social Security numbers of hundreds of thousands of current and former employees (as well as information about how much his colleagues were being paid).

Unfortunately, recent judicial decisions have limited the government’s ability to prosecute such cases.  As a result of these decisions, insiders may be effectively immunized from punishment even where they intentionally exceed the bounds of their legitimate access to confidential information and cause significant harm to their employers and to the people — often everyday Americans — whose data is improperly accessed.

The restrictive judicial interpretation of the term “exceeds authorized access” in the CFAA stemmed from the concern that the statute potentially makes relatively trivial conduct a federal crime.  For example, a federal court feared that the statute could be construed to permit prosecution of a person who accesses the internet to check baseball scores at lunchtime in violation of her employer’s strict business-only internet use policy.  Or, similarly, where a member of the public accesses a dating website but lies about his physical fitness in violation of the site’s terms of service that require users to provide only accurate information.

We understand these concerns.  The Department of Justice has no interest in prosecuting harmless violations of use restrictions like these.  That’s why we’ve crafted proposed amendments to the CFAA to address these concerns — while still preserving the law’s application to those who commit serious thefts and privacy invasions. 

To accomplish this, the proposal does two things.  First, it addresses the recent judicial decisions that have prevented important prosecutions.  It does this by clarifying that the definition of “exceeds authorized access” includes the situation where the person accesses the computer for a purpose that he knows is not authorized by the computer owner.  This clarification is necessary to permit the prosecution of, for example, a law enforcement officer who is permitted access to criminal records databases, but only for official business purposes.  Second, at the same time, the proposal adds new requirements that the government must meet to make clear that trivial conduct does not constitute an offense.  In order to constitute a crime under the new wording, not only must an offender access a protected computer in excess of authorization and obtain information, but the information must be worth $5,000 or more, the access must be in furtherance of a separate felony offense, or the information must be stored on a government computer.  

These changes will empower the department to prosecute and deter significant threats to privacy and security, but make sure that the CFAA doesn’t inadvertently cover trivial conduct.

Next time:  how can we deter the harms caused by the proliferation of botnets?

Posted in:
Topic(s):
Cyber Crime
Monday, March 16, 2015

The Freedom of Information Act (FOIA) is commonly referred to as the law that allows citizens to know “what their government is up to.” In addition to publishing information in the Federal Register and processing requests made by individuals, the statute also contains proactive disclosure provisions which require agencies to make certain categories of non-exempt records available to the public without waiting for a FOIA request. Today, OIP has released new guidance designed to improve agency compliance with these provisions in line with the tenets of Attorney General Holder’s FOIA Guidelines.

The FOIA statute itself, in subsection (a)(2) outlines four categories of records that agencies are required to “make available for public inspection and copying” consisting of operational documents (final orders & opinions, policy statements, and staff manuals & instructions) and “frequently requested records.” Both the President and Attorney General Holder have directed agencies to “take affirmative steps to make information public” and to “readily and systematically post information online in advance of any public request.” As noted in this new guidance,

“When agencies make proactive disclosures they are enhancing transparency by ensuring that certain key information about the operations and activities of the government is readily and efficiently made available to all.”

In addition to providing an overview of the legal requirements of the FOIA to make various types of records available proactively, the guidance addresses ways in which agencies can take additional steps to improve transparency through proactive disclosures. A specific focus of the new guidance is of the requirement for agencies to post “FOIA-processed records on popular topics that the agency determines are, or are likely to be, the subject of multiple FOIA requests.”

OIP’s new guidance provides information on proactive disclosures to agencies on a variety of topics, including:

  • Methods of disclosures – where agencies post proactively disclosed records, specifically FOIA Libraries;
  • Strategies for identifying “Frequently Requested” records – steps that agencies can take to efficiently and effectively locate records requested multiple times or topics that could become the subject of multiple requests; and
  • Ensuring that posted information is useable – outlining how agencies can work to make information that is posted is in a user-friendly format.

Included with the guidance is also a checklist to serve as a reference and resource for agencies in the implementation of this guidance.

The full text of the guidance, along with all other guidance issued by OIP, is available on our guidance page. OIP encourages agencies to review their procedures for identifying and posting proactive disclosures to ensure they are efficiently and effectively carrying out their obligations for this important aspect of FOIA administration.

Topic(s):
FOIA Post, Open Government
Friday, March 13, 2015

Courtesy of Leslie R. Caldwell, Assistant Attorney General for the Criminal Division

The widespread use of computers and cellular phones has created a market for malicious software that allows perpetrators to surreptitiously intercept their victims’ communications.  For a small fee, people can purchase this software and download it onto a victim’s device.  Operating secretly in the background, the spyware allows perpetrators to read a victim’s email and text messages.  They can track a victim’s location and listen to their calls.  They can even turn on the microphone in a victim’s phone or computer and listen to conversations in the room.  They can do all of this from afar and without the victim knowing.

These privacy invasions have far-reaching implications.  Spyware can be used by abusive spouses to track, control, and terrorize former loved-ones.  Competitors can commit corporate espionage.  Criminals can electronically monitor their underlings.  Spyware can even be used to eavesdrop on law enforcement and national security personnel.  The market for this software has made these capabilities widely available to many who would not otherwise have access to them.  We need to do more to counter the increase in privacy invasions. 

It is already illegal to sell or advertise surreptitious interception devices of this type.  Indeed, the department recently successfully prosecuted the maker of the “StealthGenie” spyware, and the court fined the offender half-a-million dollars.  Yet the people who make and sell these products often reside outside of the United States, making it more difficult to bring them to justice.  And they are making millions of dollars of profit selling spyware inside the United States.  These same criminals try to conceal their ill-gotten gains and transfer them out of the reach of  law enforcement.  Because current law does not authorize the forfeiture of proceeds from the sale of spyware, U.S. law enforcement is unable to disgorge such criminals of the money that they amass. 

The Administration’s proposal would expand the statute that already provides for the forfeiture of surreptitious interception devices themselves to include forfeiture of proceeds from the sale of spyware and property used to facilitate the crime.  The proposed text includes standard language drawn from other areas of the criminal code regarding the rules and safeguards for civil and criminal forfeiture.

In addition, violators of the surreptitious interception device statute often engage in money laundering by transferring funds through multiple overseas accounts to conceal the profits of their criminal enterprise.  Because the spyware statute is not listed as a predicate offense in the money laundering statute, however, prosecutors are unable to charge defendants for money laundering activities related to the sale of spyware unless they can link it to some other crime, which will often be difficult or impossible.  The proposaltherefore adds violations of the spyware statue to the list of money laundering predicate offenses.

In our next post, we’ll look at another type of criminal privacy invasion — this time by corporate or government employees and contractors.

Posted in:
Topic(s):
Cyber Crime
Friday, March 13, 2015

Yesterday, OIP Director Melanie Ann Pustay announced the rollout of a new suite of FOIA training tools designed to ensure that all agencies have important FOIA resources available to them, reinforcing Attorney General Holder’s message that "FOIA is everyone's responsibility."

As President Obama declared on his first full day in office, "the [FOIA], which encourages accountability through transparency, is the most prominent expression of a profound national commitment to ensuring an open Government." The foundation of any successful FOIA operation is that all federal employees within the agency have a proper understanding of the law and their unique roles in its implementation.

OIP's new collection of training tools is designed to help ensure that all levels of the federal workforce have training tools available to them on the FOIA. The new training tools include:

  • An infographic that can serve as a resource on FOIA basics for all employees new to the federal workforce;
     
  • A brief video from Director Pustay aimed at senior government executives, providing a general overview of the FOIA and emphasizing the importance of their support to their agency’s FOIA program;
     
  • An e-Learning training module for all federal employees that provides a primer on the FOIA and highlights ways in which they can assist their agency in administering the law; and
     
  • An in-depth e-Learning training module specifically designed for FOIA professionals which addresses all the major procedural and substantive requirements of the law, as well as the importance of customer service.

Both the infographic and executive video can be found on the training page of OIP's website. Agencies can request a SCORM 1.2 LMS ready copy of the FOIA e-Learning courses on CD by contacting OIP's Training Coordinator at DOJ.OIP.FOIA@usdoj.gov with the subject line “Request for e-Learning Modules.” Agency e-Learning staff that would like to electronically receive the courses via an FTP server or other means should contact Andy Anderson at aca.anderson@usdoj.gov.

The new training tools were very well received yesterday by many representatives from across the federal government who joined us in the Great Hall of the Department of Justice's Robert F. Kennedy Building. You can read more about the event and this new resource in an article posted today by Federal News Radio. You can also listen to the interview with OIP Director Pustay in which she outlines the new training tools, describes the rewards and challenges of administering FOIA today, and looks forward to exciting new developments for 2015.

Topic(s):
FOIA Post, Open Government
Friday, March 13, 2015

On October 10, 2014, the Office on Violence Against Women and the Office of HIV/AIDS Housing announced our partnership to better address the housing needs of women living with HIV/AIDS who are victims of domestic violence, sexual assault, dating violence, or stalking.  The Violence Against Women Act (VAWA)/Housing Opportunities for Persons with AIDS (HOPWA) Project Demonstration is an innovative interagency collaboration between the U.S. Departments of Justice and Housing and Urban Development that leverages the expertise of the Office on Violence Against Women and the Office of HIV/AIDS Housing to fund organizations to provide safe and supportive housing for women living with HIV/AIDS who are experiencing domestic violence, sexual assault, dating violence or stalking.  On Wednesday, the U.S. Department of Housing and Urban Development announced the release of a notice of intent to conduct the VAWA/HOPWA Project and is soliciting public comment on the proposed project.  Information about the project and how to submit comments on the proposed project is available in the Federal Register. With this announcement we are one step closer to providing safe and supportive housing for this population.”

Wednesday, March 11, 2015

Courtesy of Leslie R. Caldwell, Assistant Attorney General for the Criminal Division

In our first post, we noted the dramatic growth over the past several years in the incidence of cybercrime that victimizes Americans.  One of the most striking examples of this trend is the threat from botnets — networks of victim computers surreptitiously infected with malicious software, or “malware.”  Once a computer is infected with the malware, it can be controlled remotely from another computer with a so-called “command and control” server.  Using that control, criminals can steal usernames, passwords, and other personal and financial information from the computer user, or hold computers and computer systems for ransom.  Criminals can also use armies of infected computers to commit other crimes, such as distributed denial of service (DDoS) attacks, or to conceal their identities and locations while perpetrating crimes ranging from drug dealing to online child sexual exploitation.  The scale and sophistication of the threat from botnets is increasing every day.  Individual hackers and organized criminal groups are using state-of-the-art techniques to infect hundreds of thousands — sometimes millions — of computers and cause massive financial losses, all while becoming increasingly difficult to detect.  If we want security to keep pace with technological innovations by criminals, we need to ensure that we have a variety of effective tools to combat evolving cyber threats like these.

One powerful tool that the department has used to disrupt botnets and free victim computers from criminal malware is the civil injunction process.  Current law gives federal courts the authority to issue injunctions to stop the ongoing commission of specified fraud crimes or illegal wiretapping, by authorizing actions that prevent a continuing and substantial injury.  This authority played a crucial role in the department’s successful disruption of the Coreflood botnet in 2011 and the Gameover Zeus botnet in 2014.  These botnets used keystroke logging or “man-in-the-middle” attacks to collect online financial account information, and they transferred stolen funds to accounts controlled by the criminals.  The Gameover Zeus botnet, which infected computers worldwide, was estimated to have inflicted over $100 million in losses on American victims alone, often on small and mid-sized businesses.  Because the criminals behind these particular botnets used them to commit fraud against banks and bank customers, existing law allowed the department to obtain court authority to disrupt the botnets by taking actions such as disabling communication between infected computers and the command and control servers.  Taking action to shut down botnets has been praised in the press and in Congress.

The problem is that current law only permits courts to consider injunctions for limited crimes, including certain frauds and illegal wiretapping.  Botnets, however, can be used for many different types of illegal activity.  They can be used to steal sensitive corporate information, to harvest email account addresses, to hack other computers, or to execute DDoS attacks against web sites or other computers.  Yet — depending on the facts of any given case — these crimes may not constitute fraud or illegal wiretapping.  In those cases, courts may lack the statutory authority to consider an application by prosecutors for an injunction to disrupt the botnets in the same way that injunctions were successfully used to incapacitate the Coreflood and Gameover Zeus botnets.

The Administration’s proposed amendment would add activities like the operation of a botnet to the list of offenses eligible for injunctive relief.  Specifically, the amendment would permit the department to seek an injunction to prevent ongoing hacking violations in cases where 100 or more victim computers have been hacked.  This numerical threshold focuses the injunctive authority on enjoining the creation, maintenance, operation, or use of a botnet, as well as other widespread attacks on computers using malicious software (such as “ransomware” ).

The same legal safeguards that currently apply to obtaining civil injunctions, and that applied to the injunctions obtained by the department in the Coreflood and Gameover Zeus cases, would also apply here.  Before an injunction is issued, the government must civilly sue the defendant and demonstrate to a court that it is likely to succeed on the merits of its lawsuit and that the public interest favors an injunction; the defendants and enjoined parties have the right to notice and to have a hearing before a permanent injunction is issued; and the defendants and enjoined parties may move to quash or modify any injunctions that the court issues.

In sum, this proposal would provide the government with an effective tool to shut down illegal botnets or certain widespread malicious software to better match the ways that criminals are using these technologies.  It assures that the legal mechanism that has proven effective to date will be available. 

In our next posting, we’ll take a look at another threat from malware that invades the privacy of Americans:  spyware.

Posted in:
Topic(s):
Cyber Crime
Monday, March 9, 2015

Courtesy of Leslie R. Caldwell, Assistant Attorney General for the Criminal Division

Our growing reliance on computer networks and electronic devices in almost every aspect of our lives has been accompanied by an increasing threat from individuals, organized criminal networks, and nation states who victimize American citizens and businesses.  Hackers can steal or hold for ransom our most valuable and personal information.  They can invade our homes by secretly activating webcams.  They can steal financial information to line their pockets while jeopardizing the credit and financial stability of everyday Americans.  A new generation of organized criminals is able to steal the personal information of millions of victims from a computer halfway around the world.  These developments also pose a widespread threat to American businesses and the economy.  Cyber criminals can orchestrate massive disruptions of businesses and can electronically spirit away millions of dollars worth of trade secrets in seconds.  Every individual has a stake in protecting computers and computer networks from intrusions and abuse.  One 2014 report found a 62% increase in the number of breaches over the previous year, resulting in over half a billion identies exposed – a 368% increase. The global cost of cybercrime is estimated to exceed $100 billion.

An essential part of the mission of the Department of Justice is to protect Americans from emerging criminal threats such as the ones described above and to deter, disrupt, and prosecute the criminals who are culpable.  The department’s prosecutors, along with agents from the Federal Bureau of Investigation, the U.S. Secret Service and other law enforcement agencies, are working diligently using the legal tools at our disposal to protect personal information and vindicate the privacy rights of citizens and businesses.  But just as our adversaries adapt to new technologies and global realities, so must we.

On Jan. 12, 2015, the President announced new legislative proposals designed to protect the online privacy and security of American citizens and businesses.  These proposals include a set of targeted updates to the criminal code to provide additional tools to prosecute offenders and deter and disrupt criminal conduct.  Some of the proposals will enable the department to address the growth of specific types of crime, such as the sale of illegal spyware or the use of botnets — networks of victim computers surreptitiously infected with malicious software, or “malware.”  Other proposals address shortcomings in existing statutory tools, such as the government’s ability to prosecute cases involving insiders, including government or corporate employees, who use their access to information systems to misappropriate sensitive and valuable data.  The proposals also respond to changes in the threats posed by cyber criminals, such as by adding provisions to enable the prosecution of hacking by organized crime groups and to give federal courts the authority to sentence the most significant cyber crimes in line with similar financial crimes.

As part of our effort to explain to the public why these proposals are important, and also how they have been drafted in a careful and targeted way, the Justice Department’s Criminal Division will outline several of the proposed changes and set forth how they will enable us to protect Americans’ privacy and security.  Our first post will focus on a proposed amendment to the statute that gives federal courts the authority to issue civil injunctions to stop ongoing cyber crimes.

Posted in:
Topic(s):
Cyber Crime
Friday, March 6, 2015

Courtesy of Assistant Attorney General Karol V. Mason

This week, the President’s Task Force on 21st Century Policing released its interim report recommending, among other things, that law enforcement agencies take steps to use technology in a way that strengthens relationships with the communities they serve.  Among the most promising tools available are body-worn cameras, which are being implemented or pilot tested in more than 3,000 departments across the country.  Evidence suggests that body-worn cameras can help de-escalate potentially violent encounters, and research shows that departments that deploy cameras receive fewer public complaints.

Last week, the White House and the Office of Justice Programs’ Bureau of Justice Assistance (BJA) brought together more than 100 experts to talk about the benefits and challenges related to the adoption of this technology and to begin developing an online toolkit that can serve as a one-stop shop of resources on body-worn camera usage.  For two days, leaders from small, medium, large, rural, and tribal law enforcement agencies – as well as researchers, prosecutors, public defenders, victim advocates, privacy advocates, and other stakeholders – discussed a wide range of topics, from procurement and maintenance to storage and training.  The panel dove deeply into policy and legal issues, particularly into questions surrounding privacy and the fair and transparent use of body-worn technology.

The meeting was in response to President Obama’s December 2014 announcement of a Body-Worn Camera Partnership Program.  The President has proposed substantial investments in the purchase of body-worn cameras and in training and technical assistance to ensure that they are used in a way that enhances public safety, protects civil liberties, and heightens trust.  Deploying this technology requires carefully designed policies and procedures, not to mention additional staff time and a close attention to legal considerations.  As the President has said, it must be “embedded in a broader change in culture and a legal framework that ensures that people's privacy is respected and that not only police officers but the community. . . feels comfortable with how technologies are being used.”  The work begun by the panel will help law enforcement agencies navigate this new terrain.

BJA, who is leading this work, plans to launch the Body-Worn Camera Toolkit later this spring and we will continue to update it as more information and evidence become available.  We encourage those who have ideas and new resources to share, to e-mail AskBWC@usdoj.gov.

Tuesday, March 3, 2015

The Office of Information Policy has developed new FOIA resources designed to train all levels of the federal workforce to understand their FOIA responsibilities. These new resources were developed as part of our commitments in the U.S. Second Open Government National Action Plan, as well as the Department’s Open Government Plan 3.0. We are pleased to invite you to a presentation on Thursday, March 12th marking the rollout of these important new tools. 

A proper understanding of the FOIA, including the correct application of the statute's provisions and the President's and Attorney General Holder's 2009 FOIA Memoranda, is the first step toward any successful FOIA operation. As a key part of fulfilling our responsibility to encourage government-wide compliance, every year OIP provides and participates in various FOIA training programs across the government. Embracing the importance of FOIA training, many agencies have also reported on their own robust FOIA training efforts in their Chief FOIA Officer Reports. While these training efforts often focus on agency FOIA professionals, it is important that all federal employees have access to resources that help them understand their FOIA responsibilities. As Attorney General Holder emphasized in his 2009 FOIA Guidelines, "FOIA is everyone's responsibility." 

OIP's new collection of training tools are designed to help ensure that these important resources are available for all federal employees -- from the senior executive, to the everyday employee whose records might become subject to the FOIA, to the FOIA professionals responsible for processing records for disclosure. The new training tools being released include:

  • A brief video from the Director of OIP aimed at senior government executives, providing a general overview of the FOIA and emphasizing the importance of their support to their agency’s FOIA program;
     
  • An in-depth e-Learning training module specifically designed for FOIA professionals which addresses all the major procedural and substantive requirements of the law, as well as the importance of customer service;
     
  • A separate e-Learning training module for the everyday federal employee that provides a primer on the FOIA and highlights ways in which they can assist their agency in administering the law; and
     
  • An infographic that can serve as a resource on FOIA basics for all employees new to the federal workforce.

We invite you to join us for a presentation on each of these new resources and how they will be made available to agencies.  The details of this event, which is open to all agency personnel and members of the public, are:

FOIA Training Resources Rollout
Robert F. Kennedy Building - Great Hall
10th and Constitution Ave NW
March 12, 2015, 10:00 - 11:00 am

You will need a picture ID to enter the building.

We hope that you can join us. If you are interested in attending this event, you can register by e-mailing your name and phone number to OIP’s Training Coordinator at DOJ.OIP.FOIA@usdoj.gov with the subject line “FOIA Training Resources Rollout.”  If you have any questions regarding this event, please contact our office at (202) 514-3642. 

Topic(s):
FOIA Post, Open Government
Monday, March 2, 2015

Do specialized sexual assault units in police agencies produce better investigations? What are American Indian women’s experiences when they report their victimization to police or talk with an advocate? How many more domestic violence victims make it out alive in jurisdictions where firearms surrender laws are consistently enforced against their abusers? What are some of the most cost-effective approaches to preventing and responding to domestic and sexual violence? How should colleges and universities handle sexual assaults on their campuses?

For police, advocates, prosecutors, judges, and others, answers to these types of questions have a direct impact on how they work with victims in their communities. They want to know which approaches or interventions save lives and make communities safer, and they need good research to rely on in shaping solutions and focusing their limited resources. For victims, the extent to which services they receive meet their needs affects their safety, recovery, and pursuit of justice.

Therefore, the Office on Violence Against Women's (OVW) 2015 funding announcements reflect a significant focus on ways of serving victims and holding offenders accountable that research has demonstrated are effective, as well as strategies that look promising and deserve a closer look. But to build our knowledge of what works, we need fresh and relevant research. I encourage you to review, and pass along to your colleagues, current funding announcements from the National Institute of Justice (NIJ). These solicitations are open to applicants proposing research and evaluation projects related to domestic violence, sexual assault, dating violence, and stalking:

NIJ FY15 Research and Evaluation on Firearms Violence Reduction 

NIJ seeks proposals for research and evaluation of programs, practices, and policies designed to reduce firearms violence. This solicitation aims to strengthen our knowledge base and improve public safety by supporting projects with a high potential for accurately measuring the effects of efforts to reduce firearms violence. Such firearms violence reduction efforts may take any of a variety of forms, including but not limited to, those that emphasize law enforcement, prosecution, prevention, public health, or public policy. (NIJ-2015-4052) Deadline: April 27, 2015

NIJ FY15 Research and Evaluation on Violence Against Women: Intimate Partner Violence and Sexual Violence

NIJ is seeking proposals for research and evaluation on violence against women, and specifically intimate partner and sexual violence. For example, NIJ is interested in proposals to examine the effectiveness of specialized police and court-based units, services, and methods related to intimate partner and sexual violence. NIJ is also interested in research on the development, adaptation, and testing of screening tools used for the identification of intimate partner violence in family court proceedings—specifically for cases involving child custody. Although specific areas of interest have been identified, other topics that offer important insights into violence against women will also be accepted for review. (NIJ-2015-4029) Deadline: April 7, 2015

NIJ FY15 Building and Enhancing Criminal Justice Researcher-Practitioner Partnerships

NIJ is seeking proposals for criminal justice research and evaluation that includes a researcher-practitioner partnership component. Through researcher-practitioner partnerships, criminal justice practitioners can gain new skills in assessing programs and measuring outcomes. Likewise, criminal justice researchers can better understand the goals and purposes criminal justice practitioners seek to achieve. Ultimately, these partnerships provide criminal justice practitioners with practice- and policy-relevant information while affording researchers the opportunity to contribute to the current body of knowledge. (NIJ-2015-3990) Deadline: April 20, 2015

NIJ FY 15 Research and Evaluation Examining Violence Against American Indian and Alaska Native Women: Domestic Violence, Homicide, Intimate Partner Violence, Sex Trafficking, Sexual Violence, Stalking, and Teen Dating Violence

NIJ is seeking proposals for research and evaluation that will examine violence and victimization experienced by American Indian (AI) and Alaska Native (AN) women living in Indian Country and Alaska Native villages to produce a deeper understanding of the issues faced by Native American women and help formulate public policies and prevention strategies to decrease the incidence of violent crimes committed against AI and AN women. NIJ is especially interested in research and evaluation related to violence against AI and AN women in the areas of domestic violence, homicide, intimate partner violence, sex trafficking, sexual violence, stalking, and teen dating violence. (NIJ-2015-3978) Deadline: April 15, 2015

NIJ FY15 Secondary Analysis of the 2010 National Intimate Partner and Sexual Violence Survey (NISVS) Data: General Population and American Indian and Alaska Native Samples

NIJ is seeking proposals for secondary data analysis of the 2010 National Intimate Partner and Sexual Violence Survey (NISVS) data. Noting a critical need for a national surveillance system that would produce frequent, consistent, and reliable data on the magnitude and nature of intimate partner violence, sexual violence, and stalking using consistent definitions and survey methods to evaluate trends over time, the CDC’s National Center for Injury Prevention and Control (NCICP), in collaboration with NIJ and the Department of Defense (DOD), developed NISVS. The collaborative effort among federal agencies was motivated by the need to improve our understanding of IPV, SV, and stalking in the civilian, military, and American Indian (AI) and Alaska Native (AN) populations. (NIJ-2015-3977) Deadline: April 9, 2015

NIJ FY15 Research and Evaluation on the Investigation and Adjudication of Campus Sexual Assault

NIJ is seeking proposals for research and evaluation related to the investigation and adjudication of sexual assaults on college and university campuses. The White House Task Force to Protect Students from Sexual Assault identified a need to improve understanding of current practices in campus investigation and judicial decisionmaking involving student-on-student sexual assault. In response, NIJ is seeking proposals to examine: current or new investigation practices and protocols used in the handling of campus sexual assault cases; and/or current or new adjudication practices and protocols used in the handling of campus sexual assault cases. (NIJ-2015-4028) Deadline: April 6, 2015

Additionally, the Bureau of Justice Assistance (BJA) is accepting applications to its Visiting Fellows Program:

BJA Visiting Fellows Program

Through the Visiting Fellows Program, BJA announces plans to invest in the field to advance priority national policy issues and offer cross developmental opportunities for DOJ staff and practitioners and researchers in the criminal justice field. Awards made under the BJA Visiting Fellows Program will fund fellowships for a total period of 12–18 months, including a residency period of at least 6–12 months onsite at BJA in Washington, D.C. The goal of the fellowship is to make important policy and programmatic contributions in a priority area of criminal justice practice. Fellows will work in collaboration with BJA and DOJ staff to help provide critical outreach, data, research, and subject-matter expertise to inform the development of new BJA strategies and programs to benefit the field. This program is likely to be funded under Economic High-Tech and Cyber Crime Prevention, Services for Trafficking Victims, Second Chance Act, Prison Rape Elimination Act, and Swift and Certain Sanctions/Replicating the Concepts Behind Project HOPE. Deadline: April 2, 2015

Monday, March 2, 2015

Courtesy of Vanita Gupta, Acting Assistant Attorney General for the Civil Rights Division

Ms. Whitley and Mr. Nelson, August 13, 2014.

Twenty-five years ago, our nation committed itself to the elimination of discrimination against people with disabilities—through the Americans with Disabilities Act (ADA).  The U.S. Department of Justice’s Civil Rights Division is proud to play a critical role in enforcing the ADA, working towards a future in which all the doors are open to equality of opportunity, full participation, independent living, integration and economic self-sufficiency for persons with disabilities.  In honor of the 25th anniversary of the ADA, each month the Department of Justice will spotlight efforts that are opening gateways to full participation and opportunity for people with disabilities.  This month, we spotlight the stories of Connie Whitley and Jim Nelson and accessible design in Rapid City, South Dakota.

The Black Hills Works Gala is a formal event that brings nearly 800 people from the Rapid City area together to honor people with disabilities.  For Connie Whitley and Jim Nelson, who use electric wheelchairs for mobility, the gala is a “can’t miss” event.  So when Kari Thompson, the couples’ driver from Black Hill Works, found a parking spot near the entrance to the Civic Center, they were relieved.  Unfortunately, though the spot was designated as accessible, it wasn’t.  It lacked the required “access aisle,” leaving Ms. Whitley and Mr. Nelson no room to get out of the car with their wheelchairs.  Eventually, Ms. Thompson found a different spot on the other side of the Civic Center.  The three then maneuvered through snow to get around the building.

The evening’s challenges didn’t end there.  When the couple tried to enter a side entrance at the Civic Center, they found that the size of their wheelchairs required both double doors to be held open – a difficult task with only one staff person.  They faced the same issue entering the Civic Center room where the gala was taking place.  Fortunately, an acquaintance came by in time to assist.  Ms. Whitley just laughed and called it, “another adventure.”  Barriers to accessibility mean that people like Ms. Whitley and Mr. Nelson will not be able to fully benefit from events in municipal buildings, including experiencing a “can’t miss” event like the Black Hills Work Gala.

Over the next three years, experiences like Ms. Whitley’s and Mr. Nelson’s will become a thing of the past.  Rapid City and the U.S. Department of Justice have reached an agreement under Project Civic Access (PCA), the department’s wide-ranging initiative to ensure that cities, towns and counties throughout the country comply with the ADA.  One of the hallmarks of the agreement is the requirement that Rapid City will ensure that the 11 parking areas surrounding the Civic Center will comply with the ADA’s 2010 Standards for Accessible Design.

Under the agreement, the Civic Center will have the required number of designated accessible parking spaces, including van-accessible spaces.  Each space will be the appropriate size, have an access aisle and accessible signage, and be on the shortest accessible route to an accessible entrance.

Over the past 15 years, nearly 220 communities have signed agreements with the Department of Justice to ensure that their citizens with disabilities enjoy the same services, programs and activities that all others enjoy.  For information on how jurisdictions can participate in PCA, visit www.ada.gov.

Monday, March 2, 2015

This post appears courtesy of Ron DavisPresident Barack Obama speaks to the press after a meeting with members of the President's Task Force on 21st Century Policing,

Earlier today, President Obama met with the Task Force on 21st Century Policing to discuss their recommendations to help communities and law enforcement agencies across the country to strengthen trust and collaboration, while continuing to reduce crime.

The Task Force was announced in December, and has been co-chaired by Philadelphia Police Commissioner Charles Ramsey and former Assistant Attorney General Laurie Robinson. Joining them on the Task Force is a diverse array of experts from the law enforcement community, academia, youth activists, as well as community and civil rights leaders. Their recommendations for helping to keep police officers and neighborhoods safe were released today, as called for by the Executive Order that established the Task Force.

Over the past few months, this Administration, with assistance from the Task Force, has helped to foster a national dialogue on 21st Century Policing. The President has hosted law enforcement, youth advocates, elected officials, and community leaders at the White House to hear from them directly, while Task Force members engaged with a variety of stakeholders and constituency groups, and Attorney General Eric Holder held roundtables with community leaders and law enforcement officials across the country. The Task Force also conducted public hearings in several locations across the country and received testimony from more than 100 witnesses.

As the Executive Director for the Task Force, I participated in many of these discussions. And while each community brings its own perspectives, a common theme we heard is that 21st Century Policing requires trust. Individuals are more likely to obey the law when they trust that those who enforce it will treat them equally with dignity and respect, regardless of what they look like, where they live, or whom they love. Individuals who trust law enforcement are also more likely to call for help when they need it, or to provide other critical information that helps to prevent and solve crimes.

When I served as Chief of Police for East Palo Alto, a city once dubbed the murder capital of the United States, we instituted a series of reforms that led to dramatically improved community relations. For example, we worked closely with the state department of corrections and local social service providers to launch a model reentry program, held regular neighborhood meetings, and established officer-led community fitness programs to regain use of the public parks and open spaces previously controlled by gangs. Over a six-year period, with the police and community working closely together, we achieved a 40 percent decrease in homicides and a 20 percent decrease in overall crime.

President Obama and Vice President Biden meet with rank-and-file law enforcement officials

President Barack Obama and Vice President Joe Biden meet with rank-and-file law enforcement officials from across the country in the Oval Office, Feb. 24, 2015. They discussed how communities and law enforcement can work together to build trust to ensure public safety and strengthen neighborhoods. Participants include: left to right, Officer Allan Gerking, Puyallup Tribal Police Department, Wash.; Sergeant Charli Goodman, Salt Lake City Police Department, Utah; Corporal Dorrell Savoy, Charles County Sheriff’s Office, Md.; Senior Advisor Valerie Jarrett; Neil Eggleston, Counsel to the President; and Ronald Davis, Director, DOJ Office of Community Oriented Policing Services; Officer Matthew Thomas, Indianapolis Metropolitan Police Department, Ind.; Officer Erik Oliver, Richmond Police Department, Calif.; and Officer Virginia Matias, Camden County Police Department, N.J. (Official White House Photo by Pete Souza)

Last week, I had the pleasure of sitting in the Oval Office with the President, Vice President, and six rank-and-file police officers from a diverse set of communities. The President wanted to hear about their first-hand experiences in building trust between law enforcement and communities. An officer from the Puyallup Tribal Police Department in Washington spoke about a gang-resistance camp he helped to establish that reaches out to youth before they get entangled with the justice system. Another officer from Camden County, New Jersey, described reading to kindergartners and building relationships with local business owners so that the only time individuals interact with a police officer isn’t after they make a mistake or bad decision.

Most of the recommendations contained in the Task Force’s report are directed at the approximately 18,000 state and local law enforcement agencies spread throughout the country. These include measures to promote officer wellness and safety, including measures to equip officers with individual tactical first-aid kits and anti-ballistic vests, and create a “Blue Alert” warning system to enlist the public’s help in locating suspects who have killed a law enforcement officer in the line of duty. 

Other recommendations call for law enforcement agencies to put in place programs designed to promote positive interactions between police and communities; to adopt and use new technologies to enhance public trust and public safety; to provide opportunities for additional training on a range of topics, including leadership, for police at all levels; and to have in place policies that prioritize de-escalation and avoid provocative tactics.

During today’s meeting, the President directed all federal law enforcement agencies to review the Task Force recommendations and to adopt those that can be implemented at the federal level to the extent practicable. He also asked the Department of Justice to explore public-private partnership opportunities and other potential steps, including considering prioritizing grant funding to law enforcement agencies meeting appropriate benchmarks, to help encourage the implementation of these proposals. 

As a former police executive, an African American, and father of a 17-year-old son, I am profoundly optimistic about the progress we are poised to make as a result of the Task Force’s recommendations and growing support from community leaders, law enforcement, state and local officials. Today’s report will help to ensure that our communities are safer places for current and future generations, where a culture of trust between police and the communities they are sworn to serve only grows over time.

To learn more about these recommendations, please visit www.cops.usdoj.gov.

Pages

Subscribe to Justice Blogs