Prosecuting Cyber Crimes
On Wednesday, November 2, the Strauss Center hosted former federal prosecutor Norman Barbosa as he discussed prosecuting cyber crimes. America’s computer networks are under attack. Hackers steal trade secrets, personal data, and government records. Ransomware has paralyzed schools, hospitals, oil pipelines, and government agencies. Mr. Barbosa discussed the variety of cyber crimes that can be charged under federal law, how the Justice Department investigates and prosecutes these cases, and how prosecution fits into the U.S. government’s broader cybersecurity strategy.
Mr. Barbosa spoke of his background and how he found his way into law enforcement. He noted that the most prominent cases in his early career were counter terrorism, not cyber security. The first large-scale cas that shifted the scales was the Conficker botnet case, which involved Eastern European adversaries and posed a major threat. He said the case highlighted two key challenges, given the nature of the case: (1) long investigations followed by sealed indictments and waits for an arrest and (2) issues with extradition. Mr. Barbosa also spoke of another credit-card hacking case after Conficker that involved a Russian computer hacker in 2011.
Finally, he spoke of the FIN7 case, and pointed to the fact that this case is still very active despite arrests that led to the loss of key leaders. This last case demonstrated the limits of using arrests and prosecutions to handle cybersecurity crimes. Mr. Barbosa claimed that “bringing people to justice” is not an effective strategy for combating cyber crimes. He also noted that his firm is shifting their focus on disrupting criminal infrastructure. He concluded his presentation by encouraging the audience to enable multi-factor authentication, as he stated it has proven to be the best tool thus far for preventing cyber attacks. For more information on this event, contact Susan Crane at scrane@austin.utexas.edu.
Biography
Norman Barbosa currently serves as Associate General Counsel for Law Enforcement, National Security and Telecom at Microsoft. He leads Microsoft’s global law enforcement, national security and telecommunications public policy and compliance efforts. He is responsible for developing and implementing Microsoft’s policies to promote the privacy and security interests of its customers by modernizing surveillance laws and encryption policies around the world.
Mr. Barbosa is also responsible for coordinating Microsoft’s lawful access policies with the company’s cybersecurity, digital safety, and cybercrime efforts. This includes balancing Microsoft’s efforts to combat abuse of Microsoft’s services by criminals and malign nation state actors by advocating for clearly defined polices on the appropriate scope and purpose of government access to data.
Prior to joining Microsoft, Mr. Barbosa was an Assistant United States Attorney in the Western District of Washington where he led the Computer Hacking and Intellectual Property Crimes unit and National Security Cyber investigations. Mr. Barbosa graduated from California State University Sacramento with degrees in History and Russian and earned his J.D. at the University of Washington.