Remarks as prepared for delivery
It is a privilege to join you at this 87th INTERPOL General Assembly. I am grateful to the United Arab Emirates for hosting our conference. Thank you President Kim Jong Yang for your exceptional leadership and for providing stability to INTERPOL.
Our theme this year is innovation. Many digital innovations affect law enforcement, from the rise of cybercrime, to the increasing importance of electronic evidence, to encryption and the dark net.
In addressing these innovations, we must respect the primary value that is constant in our work: the rule of law. Law provides the framework for civilized people to conduct their lives. At its best, law reflects moral choices; principled decisions that promote the best interests of society, and protect the fundamental rights of citizens.
The term “rule of law” describes the government’s obligation to follow neutral principles and fair processes. The ideal dates at least to the time of Greek philosopher Aristotle, who wrote, “It is more proper that law should govern than any one of the citizens: upon the same principle, if it is advantageous to place the supreme power in some particular persons, they should be appointed to be only guardians, and the servants of the law.”
The rule of law is indispensable to a thriving and vibrant society. It shields citizens from government overreach. It allows businesses to invest with confidence. It gives innovators protection for their discoveries. It keeps people safe from dangerous criminals. And it allows us to resolve differences peacefully through reason and logic.
When we follow the rule of law, it does not always yield the outcome that we prefer. In fact, one indicator that we are following the law is when we respect a result although we do not agree with it. We respect it because it is required by an objective analysis of the facts and a rational application of the rules.
The rule of law is not simply about words written on paper. The culture of a society and the character of the people who enforce the law determine whether the rule of law endures.
Since we met last year in Beijing, the news media has reported several prominent challenges to the rule of law, including the lawless attacks on Sergei and Yulia Skripal and Jamal Khashoggi. Last month, international attention focused on INTERPOL, as a result of the disappearance of President Meng Hongwei. Such events give rise to questions about whether our member countries abide by shared principles. In evaluating our actions at this General Assembly, observers may ask whether our votes reflect the values that we profess. We must stand for the rule of law.
INTERPOL exists to promote international police coordination and discourage departures from the law. We represent diverse forms of government. But if we serve with integrity, each of us functions as a trustee for our fellow citizens.
When our successors look back on how we dealt with the issues of our era, they will ask whether we honored our fiduciary duties.
First, did we develop the knowledge to understand our challenges?
Second, did we inculcate the wisdom to solve them?
Third, did we demonstrate the courage to defend our principles?
Fourth, did we maintain the resolve to achieve our goals?
I traveled here to speak about INTERPOL’s role in responding to the major innovation of our lives: the rise of a cyber-connected world.
The Internet holds immeasurable promise as a repository of ideas, and as a forum for speech and commerce. It connects citizens across cultures and countries. It is accessible to the rich and the poor, the powerful and the powerless. It creates efficiencies and innovations that immensely improve our lives.
But like every innovation that offers opportunities for good, the Internet also can be exploited by wrongdoers. Today, there is a growing divergence between the Internet as it is, and the Internet as it could be.
Malicious actors use the Internet for evil ends. Cyber criminals employ modern technologies to damage information systems, steal data, commit fraud, violate privacy, attack critical infrastructure, and sexually exploit children. They also launch misleading schemes to influence people’s opinions, seeking to foment division and disrupt democratic processes.
The Internet enables attacks on businesses, government agencies, and individual citizens that cause damage costing billions of dollars. And new technologies allow criminals to conceal themselves, which frustrates law enforcement’s efforts to keep honest citizens safe.
We must acknowledge the divergence between the Internet in theory and the Internet in practice. Closing that gap will ensure the viability of an open Internet governed by the rule of law.
Enforcing the law on the Internet requires rapid and accurate detection of criminal activity; cooperation among law enforcers from different nations; prosecution of accused criminals in judicial systems that provide due process of law; and just punishment of guilty offenders. It means not tolerating virtual online locations where crime is unchallenged. It means not condoning physical safe havens for cyber criminals.
Detecting, disrupting, deterring, and prosecuting malicious cyber activity are among our highest law enforcement priorities in the United States. The cyber threats we face are varied and evolving, and our resolve to keep our people safe must extend to every corner of the Internet.
My office recently issued a comprehensive report about our work to combat cybercrime. It describes the global challenges posed by cyber-enabled crime. It explains how hostile cyber actors damage computer systems, steal data, engage in cyber fraud, violate personal privacy, infiltrate critical infrastructure, and pursue malign foreign influence operations. The report also details our efforts to detect and disrupt those threats, and our commitment to inform citizens about the dangers.
The perceived anonymity of the Internet attracts many criminals, including terrorists and those trafficking in child pornography, illicit weapons, illegal and deadly drugs, murder-for-hire, malware, and stolen identities. The barriers to entry are low. Criminal opportunities are on offer for anyone with an Internet browser and an inclination to break the law.
Yet our police agencies repeatedly demonstrate that with the support of international partners, we can find and dismantle malign internet operations. We identify anonymous users who commit illegal activity, seize their infrastructure and proceeds, and pursue criminal charges against them. Criminals operating on the dark web should be on notice that our investigative tools allow us to expose them.
We must not allow cybercriminals to hide behind cryptocurrencies. Virtual currencies have some legitimate uses. But bad actors are using them to fund crimes and to hide illicit proceeds. For example, Bitcoin was the exclusive method of payment for the WannaCry ransomware attack that spread around the globe, causing billions of dollars in losses.
In addition, fraudsters use the lure of coin offerings and the promise of new currencies to bilk unsuspecting investors, promote scams, and engage in market manipulation. The challenges of regulating, seizing, and tracing virtual currencies demand a multinational response. We must work together to make clear that the rule of law can reach the entire blockchain.
To that end, last year, prosecutors in the United States announced the indictment of Alexander Vinnick and the virtual currency exchange he allegedly operated. That exchange received more than $4 billion of virtual currency. It was designed without any means to control money laundering, so predictably it served as a hub for international criminals seeking to hide and launder ill-gotten gains.
We filed criminal charges and assessed a $110 million civil penalty against the exchange for willfully violating our anti-money laundering laws, as well as a $12 million penalty against Vinnick.
To prevent virtual currency from being abused by criminals, terrorist financiers, or sanctions evaders, all of us must implement policies that mitigate the risks posed by the new technology. My country includes virtual currencies in our anti-money laundering regulations. And the Financial Action Task Force urges all nations to make clear that global anti-money laundering standards apply to virtual currency products and service providers. We must guard against abuses of digital currency.
We also need to protect against abuses of encrypted communications. Encryption can be useful in the fight against cybercrime. Encrypting data makes it more safe and secure. But the proliferation of warrant-proof encryption also poses a challenge to effective law enforcement.
Encryption technologies designed to be impervious to legal process impede our ability to access investigative data. In September, the chief law enforcement officials of the United States, the United Kingdom, Canada, Australia, and New Zealand joined together to issue a “Statement of Principles on Access to Evidence and Encryption.”
While acknowledging the benefits of encryption, they called for urgent, sustained attention and informed discussion about the increasing difficulty law enforcement agencies face in accessing evidence of criminal conduct.
We will continue to work closely with technology companies to establish responsible practices that consider both privacy concerns and public safety imperatives.
On the Internet, data is decentralized, information flows across continents, and online activities are dispersed across global networks. Cybercrime knows no borders. As a result, international cooperation is indispensable. INTERPOL is central to that cooperation.
We must ensure that appropriate criminal laws are enforced. Each of us must do our part to bring malicious actors to justice. We rely on international partners to locate, arrest, and extradite cybercriminals so that they may be held accountable. Cybercriminals should find no safe haven, either on the dark web or within national borders.
In the United States, we continue to faithfully discharge our responsibility to extradite fugitives. In the last five years, we extradited 95 Americans, honoring inquiries whenever the requesting state presents sufficient evidence of criminality.
For example, last year the United States sent Shawn Gregory Towner to Ireland. Towner was arrested in Ireland in 2006 after authorities found him watching images of child sexual abuse on his laptop in Dublin, but he fled to the United States after being released on bail. My country located Towner and sent him to Ireland to stand trial.
We process extraditions without regard to the nationality of the offender.
But that cooperation must be reciprocated.
International cooperation was essential to our successful dismantlement of the Kelihos botnet, a global network of tens of thousands of infected computers. Criminals used the network to harvest login credentials, distribute hundreds of millions of spam e-mails, and install ransomware and other malicious software.
In 2017, prosecutors obtained judicial orders authorizing law enforcement to neutralize the botnet by seizing control of malicious domains and redirecting traffic to servers we controlled.
Disabling the botnet was only part of the equation. The criminals responsible for creating and administering the botnet also should be held accountable. American prosecutors charged Peter Levashov of St. Petersburg, Russia for multiple offenses stemming from his control and operation of the Kelihos botnet. Levashov is a cybercriminal who operated multiple botnets with impunity for nearly two decades.
Spanish authorities arrested Levashov and extradited him to the United States. In September, Levashov was found guilty in a fair and public judicial proceeding.
Levashov’s extradition represented effective coordination with our foreign partners. Unfortunately, not every case is a success story. In some instances, nations shield their citizens from the rule of law with schemes that waste resources, cause needless delay, thwart investigative efforts, and undermine justice.
Consider the prosecution of accused hacker Aleksey Belan. Belan is a Russian national who was indicted in the United States for massive computer breaches on American companies. After the United States issued an arrest warrant, Belan was reportedly arrested in 2013. But he was permitted to return to Russia.
A second indictment alleges that in 2014, after Belan returned to Russia, Russian intelligence agents recruited him to carry out one of the largest data breaches in history, stealing information from more than 500 million individual email accounts of people around the world.
The rule of law suffers when cybercriminals are given safe havens. The United States will continue to promote the rule of law by identifying, exposing, and seeking to extradite perpetrators who harm innocent people. And we will continue to support legitimate investigations and prosecutions conducted by our INTERPOL partners.
At the same time, we will expose schemes to manipulate the extradition process. We will identify nations that routinely block the fair administration of justice and fail to act in good faith, with a sincere commitment to holding criminals accountable.
As cyber threats grow in scale and sophistication, we increasingly need to search throughout the world for evidence, witnesses, and defendants. Our responses must be as innovative as the criminal activity. We depend on expeditious international cooperation and coordination in dismantling malicious criminal operations.
Child exploitation cases provide a useful model for international coordination. INTERPOL’s International Child Sexual Exploitation image and video database uses image and video comparison software to identify and locate child sexual exploitation victims and their abusers. The database has led to the arrest of nearly 6,300 offenders. Recently, it helped authorities rescue five victims in Spain. That is a superb example of innovative law enforcement.
In my country, we play a leading role by identifying cases in which child exploitation materials are generated from or hosted in other countries. Then we disseminate the information to the appropriate INTERPOL member countries. Our partners often request follow-up information to assist in their own investigations. Last year, almost nine million investigative leads were distributed through this program, resulting in many arrests and prosecutions.
Children around the world are safer when our law enforcement agencies work together – quickly, and with methods like those pioneered by INTERPOL.
Finally, I am proud that the United States takes seriously our responsibility to help secure evidence that our international partners need for their investigations. We receive thousands of requests for mutual legal assistance each year, and we do all that we can to comply. We employ expert attorneys and staff dedicated to assisting with foreign requests for electronic evidence. We devote additional resources when necessary to meet your needs.
We call upon each of you to do the same. By devoting appropriate resources to international cooperation efforts, we can properly address the increasing threat of cybercrime.
My country recently enacted a new law to remove legal impediments to compliance with foreign court orders in cases that involve serious crimes. The legislation demonstrates our commitment to the vision of the Budapest Convention on Cybercrime, the primary treaty for harmonizing national interests and enhancing international cooperation against cybercrime. Sixty-one nations have fully ratified the treaty, agreeing that national laws should include authority to compel providers to disclose data they control, even when it is held elsewhere.
New cyber conventions are sometimes proposed that would limit the free flow of information between nations. But that would dangerously impede efforts to investigate cybercrime. It would protect criminals and allow cyber threats to proliferate and grow in scale and sophistication. That is untenable in a world in which criminals using computers shielded by layers of anonymity can harm innocent victims in any one of our nations, anywhere in the world. Such limitations would be a step backward, not an innovative law enforcement approach.
No nation should exempt itself from just and reasonable law enforcement cooperation. No nation will be more prosperous, more secure, or more respected because it supports cybercriminals.
My fellow delegates, there is a parable about three stonecutters asked to describe what they are doing. They answer in varying ways. The first stonecutter focuses on how the job benefits him. He says, “I am earning a living.” The second man narrowly describes his personal task: “I am cutting stone.” The third man has a very different perspective. Instead of focusing solely on his work, he explains what it means to others: “I am helping these stonecutters build a shrine.”
Similarly, each of us helps to construct a legacy. INTERPOL delegates should always support leaders and policies that promote international police coordination and preserve the rule of law – in practice, and not just in theory. We must uphold the rule of law, so it will be there for us when we need it.
When our successors speak of our time here, give them reason to say that we understood the challenges; we found the solutions; we defended our principles, and we stayed the course to support liberty and justice for all.
I am honored to work with you in advancing the INTERPOL mission and making the world safer and more prosperous for all law-abiding citizens. Shukran. Thank you very much.