Remarks as Prepared for 10th Annual Financial Crimes and Cybersecurity Symposium
Thank you, Yoon, for that warm introduction, and to you and your entire staff for hosting us today. Thank you for all you do every day to secure the capital markets in New York.
Welcome to our 10th annual Financial Crimes and Cybersecurity Symposium. Whether it’s your first or 10th time attending this event, thank you for being here.
Today, in this room, we have 350 senior leaders from the financial, cyber, regulatory, technology, and law enforcement communities. You represent more than 175 organizations, and have joined us from nine countries – the U.K., France, Australia, Canada, Denmark, Dominican Republic, Israel, New Zealand, and Singapore.
We truly have a lineup of the world’s preeminent government, law enforcement, and private sector leaders in the fight against terror, cyber, and financial crimes with us.
Thank you to our keynote speakers – Microsoft President Brad Smith and U.S. Assistant Attorney General John C. Demers – for sharing your valuable time and insights. We’re also grateful to City of London Police Commissioner Ian Dyson, City of London Police Commander Karen Baxter, and Paris Prosecutor Rémy Heitz for joining us.
And thank you New York City Police Deputy Commissioner for Intelligence and Counter-Terrorism John Miller, whom we’re privileged to hear from later this morning.
They’re all here today, as are you, to share insights and best practices, to develop new partnerships, and to assess our collective efforts as we confront pervasive threats from cybercrime, financial fraud, and terrorism to our residents and institutions around the world.
In today’s audience, I see familiar faces who were here for our very first symposium, held in this same building back in 2010.
That initial symposium arose from my desire, as a new District Attorney, to find ways to work more closely with the financial services industry and regulatory agencies to detect, investigate, and prevent financial crime.
Over the ensuing decade, we’ve zeroed in on this original mission while also expanding our focus to emerging cybersecurity and terrorism threats. And, over this same time span, this symposium has grown from a domestic-only gathering in year one to an event that has subsequently welcomed leaders from all corners of the globe.
Today’s panels on international perspectives on counter terrorism, cyber protection of critical infrastructure, and cryptocurrency will highlight threats that either didn’t exist – or weren’t considered as urgent – at the turn of this decade.
- The rise of white nationalist violence.
- The scale and volume of cyberattacks against municipal governments, such as Baltimore and Atlanta, and a NYC plan to prepare for the inevitable attack on our city. These attacks, which in some instances have crippled cities from functioning, speak to why my Office publicly announced this year the formation of the NYC Cyber Critical Services & Infrastructure, or CCSI, with the NYPD, Global Cyber Alliance and New York City Cyber Command.
- The emergence of cryptocurrency, which was in its nascent stages when we held our first symposium. Now it’s used to sell everything from counterfeit pills on the dark web to the stolen music of international superstars – two cases in which we brought forth criminal charges this year, partnering with federal and international law enforcement.
- The continued challenges to law enforcement and victims of crime arising from encryption.
Confronting the threat of terrorism in 2019 requires us to eliminate any preconceived notions of what a terrorist looks like, the ideology they espouse, the native tongue in which they speak, and the native land that they call home.
Faisal Shahzad, the Pakistani-American Taliban member, who attempted to detonate a car bomb in Times Square in 2010, is a terrorist. So were the members of ISIS who killed more than a hundred people in the 2015 Paris attacks. And so, too, is James Harris Jackson, the white supremacist who became radicalized on the internet and traveled from Baltimore to Manhattan in 2017 to hunt and kill black men, and who did, in fact, execute Timothy Caughman in New York City in hopes of inciting a race war.
Earlier this year, my Office secured New York’s first conviction of murder as a crime of terrorism against Jackson. He will spend the rest of his days behind bars. For this, we owe a debt of gratitude to NYPD investigators.
Jackson’s crime demonstrates the unpredictable danger white nationalist violence presents to New Yorkers, particularly New Yorkers of color. This danger is not limited, however, to one group of people nor one city, state, or nation. Just this summer, a Texas man drove several hours to the border town of El Paso to murder immigrants – and the result was 22 people shot dead. Months before, a lone gunman slaughtered more than 50 people in two mosques in Christchurch, New Zealand.
It is vitally important for the American law enforcement community – as well as our international law enforcement colleagues – to devote the resources necessary to confront the growing and increasingly deadly transnational threat of white nationalist violence. And to label mass violence motivated by race, gender, or sexual orientation for what it is: Terrorism.
Three weeks ago, on the 18th anniversary of the 9/11 attacks, the NYPD’s Ravi Satkalmi and John Miller did just that in a New York Times op-ed explaining what they’ve learned about terrorism.
Their two main takeaways:
- We should rethink the use of the terms ‘foreign’ and ‘domestic’ to describe today’s terrorist threat, and federal legislation should reflect today’s realities.
- We also need to eliminate any legal or moral differentiation between equally violent ideologies in drafting and applying our terrorism laws.
The sooner American law enforcement and Congress accepts this – and responds accordingly – the safer we will all be.
Mass shootings, in general, are a uniquely American tragedy and crisis. Our nation’s lax gun laws remain of particular concern when we consider violence committed by men with racist beliefs – violence that can destroy dozens of lives in a matter of minutes.
The time is long overdue in America for:
- The U.S. Senate to pass universal background checks on all gun sales; and
- Ban assault weapons used to commit gun massacres
Anything less is unacceptable in the face of America’s unprecedented, ongoing gun violence crisis.
Terrorism is, of course, not the only serious threat we must contend with as we look toward a new decade. The Internet, as I’ve said numerous times over the past decade, is the crime scene of the 21st century.
One need only look at the multi-million-dollar costs associated with ransomware attacks on the municipal governments of Atlanta in 2018 and Baltimore this year – or the Russian cyber interference into the 2016 U.S. presidential election – to see the devastating capabilities of cyberattacks.
As with terrorism, New York City is a major target for would-be cyber attackers, and it behooves my Office to proactively respond to this threat with the seriousness it deserves.
I will quickly highlight our two keystone initiatives on the cybersecurity front – the NYC Cyber Critical Services and Infrastructure, or CCSI, and the Global Cyber Alliance.
Earlier this year, my Office publicly announced the launch of the NYC Cyber Critical Services and Infrastructure Task Force, or CCSI – a formal partnership between us, the NYPD, the New York Cyber Command and the Global Cyber Alliance. Here I want to acknowledge not only the efforts of the NYPD, but also GCA’s Phil Reitinger and the N.Y. Cyber Command’s Geoff Brown, who you will hear from this afternoon.
To date, CCSI consists of 51 organizations across 17 sectors.
We are building a ring of steel around the city’s critical services and infrastructure through increased communication about cyber risks and have developed a formal response mechanism should a major attack hit any of the city’s infrastructure systems.
This summer, New York authorities conducted a “digital fire drill” with leaders across 17 sectors at IBM’s training facility in Boston. The purpose of this tabletop exercise: To see how leaders from law enforcement, telecommunications, energy, and numerous other sectors would hold up during a security breach.
Because when people’s lives are at stake, it is critical for us to know we are doing everything in our power to guard against, and prepare for, cyberattacks.
Our cybersecurity efforts don’t end at the borders of the island of Manhattan, because in today’s world, our defensive perimeter is now in places like London, Central Europe, and Singapore.
So, in 2015, I joined with the City of London Police and Center for Internet Security to form the Global Cyber Alliance, a multi-sector, non-profit coalition of organizations focused on addressing worldwide cyber threats. The chair of the Board of this organization, Brad, happens to be Scott Charney, a senior executive and colleague of yours at Microsoft.
Today, GCA includes more than 265 partners from 32 countries and more than 18 sectors of industry and practice, including government, technology, and finance, among many others.
My Office’s $25 million investment in seed capital produced the development of a suite of free email and Internet protection tools that help organizations of any size adopt effective defensive protocols against common cyber threats.
Just this year, GCA teamed with Mastercard to release a free Cybersecurity Toolkit for small and medium-sized businesses. This toolkit provides companies immediate, concrete steps to protect businesses and customers against crippling cyberattacks.
GCA is an example of the public and private sectors working together to combat the most pervasive digital threats we face. I remain convinced that shared sense of purpose can be applied to the problem of smartphone encryption in criminal investigations. But if it can’t, we need a federal law to fill in the gap.
Today, my Office is releasing the fifth installment of our Report on Smartphone Encryption and Public Safety, and with it, updated statistics and fresh takeaways on the changing landscape regarding encryption in the courts, private business, and government. We encourage you to pick up a copy at today’s symposium.
The percentage of encrypted Apple devices arriving at our office has increased substantially over the past five years, from just under 60 percent in 2014 to more than 82 percent this year. These phones contain evidence of crimes that run the gamut from identity theft to child sexual assault, all the way up to murder and crimes of terrorism – evidence that we are too often unable to access quickly enough, or sometimes, not at all.
Our latest report outlines three major developments:
- The U.S. Congress is going to have to solve this problem. It has failed to take legislative action on encryption while other nations are moving forward by issuing guidance, promulgating regulations, and passing legislation.
- Leading tech corporations are being forced to respond to legislative and public demands for greater governmental and public oversight
- Courts are increasingly split on complex issues of lawful access and privacy concerns across range of tech developments.
Above all, we believe that any smartphone sold in America should have to comply with a search warrant signed by a judge. It’s clear that won’t happen unless legislation is passed by Congress mandating it.
This is a complex and divisive time. But, as President Kennedy said, “our problems are man-made, therefore, they can be solved by man. No problem of human destiny is beyond human beings.” I’m sure that Brad will touch on this in his discussion today.
This afternoon’s final panel will focus on the threats and opportunities posed by cryptocurrency – something my Office is intimately familiar with.
Earlier this year, my Office partnered with federal law enforcement to take down a major dark web drug ring that sold and shipped hundreds of thousands of counterfeit Xanax tablets and other controlled substances to buyers in 43 states. The suspects laundered more than 2 million dollars in cryptocurrency by using preloaded debit cards and withdrawing cash at ATMs in Manhattan and New Jersey.
And in recent weeks, my Office and the city of London Police announced the arrest of a 19-year-old on suspicion of stealing music from international music superstars and selling it for cryptocurrency.
These are just two examples of cybercrimes involving cryptocurrency that my Office investigated and prosecuted, and I am sure they won’t be the last. This type of collaboration will become the norm for major city prosecution to address the intensifying borderless nature of crime in this century. The potential for bad actors to utilize this currency to do harm is vast.
What I’m certain of is that the people in this room will lead the fight to protect public safety, government infrastructure, and capital markets against new threats in our high-speed world in the years to come.
Successful outcomes over this next decade will require teamwork, great leadership, and a clear understanding of “the promise and the peril of the digital age,” and for these reasons we are happy to welcome Microsoft President Brad Smith this morning.
Brad leads a team of more than 1,400 business, legal, and corporate affairs professionals in 56 countries. He is also Microsoft’s chief legal officer and spearheads work on a wide range of issues involving the intersection between technology and society, including but not limited to cybersecurity, privacy, and human rights.
His testimony before the U.S. Congress and other governments on key policy issues has prompted the New York Times to describe him as “a de facto ambassador for the technology industry at large.”
And when he’s not leading his team at Microsoft or serving as a tech industry ambassador, you can find Brad on the New York Times best-seller list. His new book, Tools and Weapons: The Promise and the Peril of the Digital Age, was published last month to widespread acclaim.
It’s a fantastic book, and we’re excited to learn more from him about these tools and weapons today.
Beyond Brad’s extraordinary professional accomplishments, he is also making a tremendous personal contribution to the world.
Since as early as 2008, he has recognized the tragic consequences that can flow from our country’s immigration policies and laws. Brad chairs the nonprofit Kids in Need of Defense, or KIND, which he co-founded with actress Angelina Jolie in 2008. KIND provides pro bono legal support for unaccompanied immigrant children who are facing deportation. It is funded by Microsoft and many lawyers who devote their time for free to address this crisis. Brad, in his work and in his personal commitment to help the least powerful and most helpless, is one of those people changing the world.
Please join me in welcoming Microsoft President Brad Smith.