Deputy Attorney General Rod J. Rosenstein Delivers Remarks To The Interpol 2017 General Assembly

It is an honor to join you for the 86th INTERPOL General Assembly. I would like to thank China for hosting this conference. I also want to thank President Meng and Secretary General Stock for inviting me to speak with you. Given the complex threats we face, INTERPOL’s support for law enforcement is more important than ever.

Criminals increasingly operate transnationally, with no respect for borders. Gang violence in one country causes trouble in a neighboring country. Drugs manufactured on one continent produce overdose deaths in another continent. Cyber hackers in one location wreak havoc on information systems in many distant locations.

We must not allow criminals to use our borders to shield their illegal activities. To combat transnational crime, we must forge cross-border partnerships. By bridging geographic and political divides, INTERPOL helps law enforcement agencies build partnerships around common, crime-fighting priorities.  But to fully succeed, these partnerships must go beyond our law enforcement agencies.  In this regard, let me turn first to the interagency partnerships we need to fight terrorism.

Preventing foreign terrorist fighters from turning our homelands into battlefields is a priority we all share. As ISIS loses ground in Syria and Iraq, foreign fighters may return to their home countries or migrate to new ones. Terrorists bring with them their hate-filled ideologies. Just one terrorist, armed with a knife, a gun, or even a car, can turn our public squares, commercial centers, and places of worship into blood-stained crime scenes.

How can we best confront the challenge? The answer is found in three core principles: collect, contribute, and compare.

The first principle is to collect relevant information. Each member nation should collect biographic and biometric information to identify persons who enter its borders. And we need to periodically update that information to ensure that it remains accurate.

How we organize this information is as important as its collection. It is vital that information be organized so that it can be effectively analyzed and shared, as appropriate. Within each country, we must break down compartmentalized barriers that restrict the free flow of data. Law enforcement and border security components of each nation must have access to the puzzle pieces necessary to detect the next threat. It took the catastrophic events of September 11, 2001 to help my country eliminate walls that hindered effective information sharing between the law enforcement and intelligence communities. We must all learn from the mistakes of our past.

The second principle is to contribute information by sharing it with foreign partners that share our common goals. To fight transnational threats, it is not enough to collect and share information internally; we must also share it with other nations. INTERPOL has platforms that enable robust information sharing, which fuels multinational cooperation. The platforms allow nations to routinely contribute new data and records on everything from terrorist identities to lost or stolen travel documents. The platforms also permit nations to issue notices requesting assistance and to share information. That allows us to work together and identify threats from bad actors, including from foreign terrorist fighters. The better we collaborate, the more successful our terrorism prevention efforts will be.

The third goal is to compare information and make sure that it is available for operational needs. Data is only helpful if it is used. To start, it is imperative that each INTERPOL member develop a robust screening and vetting system for persons entering its borders. In the United States, government agencies are working to improve our immigration screening and vetting capacities.  Our goal is to ensure that we welcome law-abiding visitors, but keep out those who seek to harm us.

We must know the true identities of persons who enter our countries, so that we can determine whether they pose a danger to our citizens. We need to identify visitors and verify them with foreign nations that know them.  We need the ability to verify travelers through databases that include biographic and biometric data submitted through INTERPOL platforms.

Recurrent vetting is critical, because databases such as INTERPOL’s are constantly updated with additional information. Increased contributions from all member countries will enhance the security of all of our citizens.

Finally, with the authority to collect and share data about travelers comes the responsibility to use that data in a manner that respects privacy and civil liberties.  We must also design our border security policies and systems so as not to impose undue burdens on legitimate travel and commerce that is so critical to the global economy.  Reconciling these competing objectives is not always easy, but it is important that we do so in order to promote not only the security of our peoples but also their fundamental freedoms and prosperity.

The potential benefits of the collect, contribute, and compare model are well illustrated through information-sharing from the military to law enforcement regarding terrorist identities. When coalition forces operate in conflict zones, they obtain valuable data about foreign terrorist fighters. The United States National Central Bureau is already obtaining, and sharing, this data via INTERPOL to law enforcement officers around the world.  We are helping them to identify terrorists and improve border security. Collectively, these projects provide a broad arsenal of tools to combat transnational threats to the national security of INTERPOL members.

One example from the United States is a collaborative effort between the United States military, the Federal Bureau of Investigation, and the United States National Central Bureau. Through it, latent fingerprints collected from improvised explosive devices in Iraq and Afghanistan have been shared with law enforcement partners through over 1,500 INTERPOL Blue Notices. This exchange enabled our partners to identify terrorist bomb makers inside Europe. These efforts can save many lives.

Another collaborative initiative between the same U.S. agencies involves declassifying and sharing captured enemy materials obtained during military operations against terrorist groups in Syria and Iraq. Identity information for more than 4,000 terrorist fighters and associates has been integrated into INTERPOL’s databases.

In addition, Project VENNLIG, the original model for military-to-law-enforcement information exchange, has provided nations with documentation and data about foreign terrorist fighters. The project has already contributed to several dozen successful investigations in Europe and Africa. Because of this, the United States launched a new project, VENNLIG II, to take information collected by counter-ISIL forces and dispense the information through INTERPOL to police and border authorities. That information will help thwart travel or entry by foreign terrorist fighters, including fighters who pose as refugees.

These projects underscore the potential for expanding the sources of information upon which we can draw to protect our borders and our citizens. But we can do more.

Today, I call on each of our members to encourage the leadership of your nation to fully integrate your INTERPOL National Central Bureaus with your law enforcement, border security, and immigration authorities.  That will enable you to create a comprehensive information-sharing system.

Incorporating access to INTERPOL’s global investigative indices into your national law enforcement and border screening platforms will enhance your ability to detect and stop international travel by criminals and terrorists.  It also will produce actionable intelligence about the identities, movements, and associations of transnational criminals and terrorists.

We also can use INTERPOL notices to disseminate identity and biometric information, about suspected foreign terrorist fighters and associates, including fingerprints and photographs. By sharing that information with other nations, we can create a safer world for our citizens.

Each of us must make safety from transnational threats a top priority. There can be no safe haven for persons who want to harm our homelands. Some of our partner nations do not fully engage in the collect, contribute, and compare model. I encourage you to review your practices and ensure that safety is not being compromised. We must know who is entering and leaving our borders, and whether they intend to cause harm.

Privacy protections are important and should be respected. The right and need of each nation to police its own borders can be done in a privacy-protective manner, as INTERPOL demonstrates every day.

Our partnerships must also extend outside government, and  in a way that protects individual rights.  Law enforcement authorities have dual obligations. They are responsible for protecting public safety and for protecting the civil liberties – including privacy rights -- of citizens. Fulfilling those responsibilities is a continuing challenge.

An established rule-of-law system is vital for adjudicating competing interests between protecting the privacy of personal data and obtaining access to that data for law enforcement purposes. A respected rule-of-law system is essential when interacting with technology providers, and other holders of personal data.

In our interconnected world, electronically stored evidence is increasingly critical in law enforcement investigations. Without it, criminals frequently cannot be identified, much less prosecuted. Relevant information often resides in the control of private companies. The question is how to obtain the information.

It would not be wise for law enforcement agencies to attempt to unilaterally force private industry to do their bidding without independent review. If law enforcement could obtain what it wants, when it wants it, that would come at an unacceptable cost to individual liberty. Without adequate checks to prevent government overreach, the privacy of citizens would not be protected.

The better approach – used in the United States and many other countries -- is to rely on the rule of law and an independent judiciary to balance the needs of law enforcement with the privacy rights of individuals. In many cases, our Constitution or our laws require us to obtain judicial approval before we can gain access to private information.  Our law enforcement agencies do not always get exactly what they want. Through a fair and transparent rule-of-law system, courts can protect the privacy of individuals while providing law enforcement agencies access to the information they need.

Since its founding, the United States has turned to the rule of law to balance the competing interests in security and privacy.

The United States Constitution is our foundational charter. Last weekend, we celebrated the 230th anniversary of the date that our Constitution was written at Independence Hall in Philadelphia, Pennsylvania. The Constitution was adopted by our people in order to form a more perfect union, establish justice, insure domestic tranquility, provide for the common defense, promote the general welfare, and secure the blessings of liberty. It established a democratic republic designed to protect the rights of our people.

The United States Constitution is a framework that has served us well and served as a model for many other nations.

The rights protected by our Constitution include a requirement that the government act reasonably when seizing evidence, and a prohibition on infringing the right of our people to speak freely without fear of governmental retaliation.

The Constitution establishes three separate branches of government. Each has a unique role, allowing it to serve in part as a check on the others. The legislature passes laws. The executive enforces them. And the independent judiciary interprets them.

Our laws include provisions that regulate government access to electronic communications and records held by third-party communication providers. The laws require the government to provide greater justification when it seeks more sensitive categories of information. Courts oversee the execution of these laws. Impartial judges decide whether the government satisfies the evidentiary thresholds required to obtain access to the information.

Our rule-of-law system for accessing data held by third parties functions well because of an independent judiciary that balances the need for public safety with a customer’s legitimate expectation of privacy. It enables law enforcement to access critical data that is used to catch criminals and prevent crime.

As a result of technological developments, this system now faces challenges, with growing implications for our ability to protect our citizens and to hold criminal and terrorists accountable.

The first challenge is locating the data.   Increasingly, technology providers may store data in overseas locations. This presents the issue of cross-border access to data, an issue that is being discussed both in multilateral fora, and in the legislatures and courts of many countries.

Even when all the data is stored in a single jurisdiction, technology providers sometimes may be slow to respond to court orders. Such delays impede investigations, making it harder to solve crimes and prevent future crimes. Law enforcement can seek court assistance to require technology providers to comply, but such motions take time and resources  and relief may not always be granted.

End-to-end encryption, sometimes known as “Going Dark,” is another challenge.  Encryption serves important privacy and security interests.  But it is also critical that law enforcement, with independent judicial oversight and authorization, have access to data for law enforcement purposes. In recent years, technology providers have increasingly shifted to a business model that prevents law enforcement agencies from accessing data even with a court order. As a result, technology providers, not courts or policymakers, in effect are deciding whether law enforcement agencies can access evidence critical to investigations.

We all share many of these challenges. We should work together to find solutions.

First and foremost, we should resolve to address problems through a transparent rule-of-law system that respects individual rights and gives appropriate weight to legitimate law enforcement needs.

I have spoken about how my country operates. We do not all need to adopt the same approach. What works best for one nation may not work best for another. But I encourage each country to commit to safeguarding individual liberty, without denying law enforcement access to the information needed to solve crimes. That requires involvement by a neutral official who gives appropriate consideration to privacy interests.

Where technological business models hinder transnational investigations, we must cooperate across borders to obtain necessary evidence.

If we lose evidence to encryption, we should work together to compensate for it through other means. For example, if a suspect has encrypted incriminating text messages about Brazilian financial dealings by a German citizen, we may not be able to obtain the communications. However, we can work with German authorities to interview the suspect and with Brazilian law enforcement to obtain financial records. Through such steps, we can keep investigations moving forward, despite technological barriers.

This stopgap approach, however, is not a substitute for a long-term answer. To obtain support for a workable solution, we should keep our citizens and policymakers informed about the consequences of denying law enforcement access to critical evidence.

We also should take steps to prevent technology providers from circumventing the rule of law and foreclosing access to relevant evidence. We must ensure that electronically stored evidence remains available to law enforcement, through voluntary cooperation whenever possible, and through legislation and litigation otherwise.

When evidence is stored in multiple countries, we must share that evidence through law-enforcement-to-law-enforcement channels, whenever possible. When court orders are required, we must timely seek such orders, consistent with mutual legal assistance treaties. All nations should devote appropriate resources to process legal assistance requests in a timely manner.

Because many technology providers are headquartered in the United States, we receive a substantial number of requests for assistance. To address these requests, we recently increased the staffing at our Office of International Affairs – our central authority -- and streamlined our review processes. As a result, we granted five times as many foreign assistance requests in 2016 as in 2013.

We must all devote more resources to the task, because an increasing volume of Internet-related crime means there is a need for access to an increasing volume of electronically stored evidence.

Justice delayed is justice denied. Each nation must ensure that its central authority is adequately staffed with experienced professionals. And those central authorities must be empowered to act. The safety of our countries depends on fast and effective cooperation.

In cases where private companies resist valid requests for assistance, we must enforce those requests when consistent with the rule of law. Respect for the rule of law requires obedience to court orders.

We must all ensure that our countries are availing themselves of existing multilateral instruments and mechanisms to fight cybercrime.  I call on all nations that have not already done so to consider joining the Budapest Convention on Cybercrime.  It is a highly effective convention that ensures that cybercrime is subject to effective criminal sanctions in each country and that a mutual legal assistance relationship exists among all member countries.  In addition, I urge countries to join the 24/7 High Tech Network, which ensures that critical cyber evidence can be preserved for use in investigations and prosecutions. Experts in the United States Department of Justice would be pleased to discuss with you the importance and value of the Budapest Convention and the 24/7 High Tech Network.

Finally, allow me to address a matter of immediate concern to many of us.  The INTERPOL model of law enforcement cooperation works because each INTERPOL member focuses solely on combatting transnational crime. 

Other international bodies should address the controversial political issues that arise in international affairs.  INTERPOL must remain resolutely non-political. We must focus, without distraction, on fighting transnational threats through law enforcement partnerships. I urge all member nations not to make this organization a political body where we argue about which regions deserve recognition as nations.  At the very least, a vote on the admission of new members should occur only after all current members have sufficient time to study the new criteria and apply them carefully. And the criteria, consistent with INTERPOL’s mission, must include the authority to control defined borders, and the authority to enter into relationships with other states.

Allow me to conclude with a reminder about the importance of international collaboration, and a commitment from the United States. Transnational threats affect us all. Forging partnerships across interagency lines, and across borders is critical to our common success.  That is why I am pleased to be with you today. INTERPOL is a model of how we can work together, to protect our citizens and our civil liberties.

The United States stands ready to work with every country that is committed to those goals. Thank you for your partnership and your attention.