From lawful intercept to accessing stored data to regulation of encryption technology, governments worldwide are focusing more and more attention on surveillance issues. Domestic and international regulatory frameworks continue to come under pressure as technological and other developments overtake policy choices made, and legal language devised, decades ago. In the short run, some of these issues will be dealt with through reform of national laws, such as the FISA Amendments Act (FAA) and the Electronic Communications Privacy Act (ECPA), and various international treaties and agreements. But technological changes will outrun legal reforms, and gaps and political pressure for change will remain until more durable solutions are found. Culper can assist with these issues at the technical, tactical, and strategic levels. For example, it can advise on the differences in the surveillance regimes of different countries (at the theoretical and practical levels) and the trends in the evolution of those regimes; challenges to surveillance paradigms from emerging technology; the issues likely to arise in upcoming legislative and policy debates; and ways for companies to position themselves on those issues consistent with their business models. An example of the firm’s expertise in this area, including specific predictions about legal changes that may result in connection with renewal of the FAA at the end of 2017, are available in David Kris, Trends and Predictions in Foreign Intelligence Surveillance (February 2016).
As technology transforms all sectors of the economy, businesses increasingly depend on the security of digital information and the trust of their customers and partners. As cloud services proliferate and as new tools are developed based on big data, machine learning, and the Internet of Things, continual efforts will be necessary to maintain and enhance that trust. New political pressures to control online content, as well as more familiar but evolving issues such as privacy, threats to information security, online fraud, and cyber piracy, will demand sophisticated and far-sighted approaches in everything from business practices to public policy. Culper has experience on the front line of these issues in both government and the private sector. An example of the firm’s expertise in this area, including specific predictions about legal changes that may result over the long term, are available in David Kris, Digital Divergence (May 2017).
Culper has deep experience managing multi-dimensional crises and other ongoing challenges that require strategic integration of responses that involve responses to law enforcement and regulatory inquiries, internal investigations, Congressional affairs, media interest, civil litigation, and public policy. We also have experience devising and implementing systems and policies to ensure compliance with legal and other requirements, and can perform oversight and monitoring of implementation (including, for example, programs pursuant to deferred prosecution agreements, consent decrees, and other arrangements with regulators). With increasing regulatory scrutiny of cyber security, surveillance and data privacy, Culper is particularly well positioned to assist in compliance programs focused on these areas, based on its expertise in those subject-matters as well as in compliance more generally. David Kris was the Chief Ethics and Compliance Officer for Time Warner, and was responsible for negotiating and implementing a deferred prosecution agreement with the Department of Justice and a corresponding arrangement with the SEC, and for developing and maintaining the company’s legal compliance program worldwide, including with respect to the Foreign Corrupt Practices Act (FCPA) and information security. Nate Jones led Microsoft’s efforts in responding to the crisis of confidence in cloud offerings in the wake of the disclosures by Edward Snowden, developing and overseeing a comprehensive strategy that included robust communications, public policy, and strategic litigation that was designed to reassure customers without alienating regulators and government agencies.
Economic transactions that result in foreign control of a U.S. businesses are subject to review by the inter-agency Committee on Foreign Investment in the United States (CFIUS), and may ultimately be unwound, blocked or approved subject to specified conditions. The CFIUS process has become increasingly complex and important since the controversy over the Dubai Ports transaction in 2006. Culper understands—from the inside—the forces that drive the government’s approach to CFIUS and related processes, and the strategies for effectively navigating them. As head of the Justice Department’s National Security Division, and as a member of the National Security Council staff, David Kris and Nate Jones played key roles in the CFIUS process, including reviews of threat vectors and risks associated with proposed transactions, and mitigation strategies. They have the government experience to understand the concerns that lead to resistance in the CFIUS process, and they have the private-sector experience to know how to address and assuage those concerns without compromising business priorities. Culper also has the sophistication to anticipate and mitigate sub-legal, political pressures that could be brought to bear even where a transaction does not technically satisfy the criteria for CFIUS review.