Robert Litt has confronted cybersecurity and encryption issues for two presidential administrations. With Russian interference in the 2016 election as a backdrop, Litt, an ABA Journal Legal Rebels Trailblazer, says the U.S. has been facing online threats essentially since the internet's creation.
“It’s been a decadeslong problem,” he says, “and it’s a good thing now that within the last year or two it’s finally getting the attention that it deserves.”
Currently, Litt is of counsel at Morrison & Foerster in Washington, D.C. Having spent about half of his career in government, he was general counsel to the Office of the Director of National Intelligence from 2009 to 2017 and served in the Department of Justice as a deputy assistant attorney general in the Criminal Division and the principal associate deputy attorney general between 1994 and 1999.
Today, he says there are a “wide range of actors” to be concerned about online, including state-sponsored actors, hacktivists and those looking to extort money from victims.
“We should be worried,” he warns. “The offense is way ahead of the defense and, in likelihood, always will be.”
However, Litt is not a cynic when it comes to balancing risks and maintaining a safe internet. He says the internet should be thought of like a highway: There are significant benefits to the infrastructure, but it comes with costs and dangers.
“The question is: Can we manage the risks and the damage?” he asks.
Litt thinks people can learn to manage their online risk by using the best security techniques and having plans in place to ameliorate the damage of an attack.
One way people are protecting themselves online is through a more robust use of encryption. However, as Litt notes, the increased use of encrypted communication and data storage—as in the case of the San Bernardino shooter’s cellphone in 2015—has confounded law enforcement investigations.
Although the federal government has long been a proponent of strong encryption, he says, “the concern is that there is an increasing spread of the use of encryption that the government can’t” unravel, even if the government agency has a valid warrant for the information on the encrypted device.
Challenging, novel issues like this have defined Litt’s career in government service. He has advised on what is lawful and not, but also provided broader perspective beyond his legal duties.
Cribbing from one of his deputies, he says, “You want to be able to tell your client that what you’re doing is lawful, but awful.”
This philosophy came to a head during the Edward Snowden disclosures, when Litt advised then-National Intelligence Director James Clapper that the members of the intelligence community needed to be more transparent, even if they had the legal authority to be less so.
“This was met with some resistance from the intelligence agencies,” Litt says, “because it was contrary to their way of doing business.” But this push, he argues, ultimately helped intelligence agencies disclose more to the public.
He says that balancing both the law and looming public policy concerns “benefited both the intelligence agencies themselves but, more importantly, the public. I think the public has a much better knowledge of intelligence activities now than it did before.”