IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Un-Retiring Reno

Janet Reno reveals her thoughts on the fight against Internet crime and the need for law enforcement to just work it out.

[Ed. Note: This interview was conducted before the terrorist attacks last month.]

Janet Reno was the first woman to hold the office of Attorney General of the United States of America. She was nominated to the post by President Bill Clinton in 1993 and was reappointed in 1997. She earned a degree in chemistry at Cornell University in Ithaca, N.Y., and enrolled at Harvard Law School in 1960, one of only 16 women in a class of more than 500 students. In 1971, Reno was named staff director of the Judiciary Committee of the Florida House of Representatives and helped revise Floridas court system. In 1973 she accepted a position as assistant state attorney of the Dade County, Fla., States Attorneys Office, and, in 1978, was appointed state attorney of Dade County, becoming the states first female state attorney. She was elected to that office in November 1978, and ultimately won re-election four more times.

Government Technology caught up with Janet Reno to get her perspective on Internet crime, crackers and what law enforcement needs to do to apprehend those who use computers to break the law.


Government Technology: What do you think it will take in the future for law enforcement to be able to track down Internet criminals?

Reno: It is imperative that we develop experts at the federal, state and local levels that have law enforcement experience, as well as proficiency in cyber technology sufficient to match wits with these hackers. Thats going to require some specialized training of police officers and agents whove exhibited aptitudes in this area, and it will require recruiting new officers and agents who have an aptitude in cyber technology but need to be trained in policing practices.

I dont think were going to be able to have the expertise we need at all levels of government. Its going to require that there be a sharing system across the country where each jurisdiction doesnt have to bring its own special expert at great cost, and probably with unrealistic expectations that they could hire a sufficient number of people. The governments will have to share expertise as well as equipment -- equipment that may not be necessary on a daily basis but could be key in tracking hackers and others who attack Web sites or commit any number of other types of crimes using cyber technology.

To that end, we should start, as the FBI and others started in San Diego, developing joint facilities whereby these matters can be pursued and the forensic steps taken to search computers when they are used as part of a criminal activity. Its going to require a sharing and a real push by government to be prepared in this area.

Finally, government and industry are going to have to work together in a very careful way to recognize that they cant be at odds on this issue. Theyve got to be able to work together with appropriate consideration for security and privacy in order to maintain security and privacy in the long run. The gulf that has sometimes existed between industry and the law enforcement community has got to be put to rest.

Before I left, we had a conference with law enforcement and industry at Stanfords law school and at Hernan in Virginia, and again and again, industry told us that they didnt know where to go; they didnt know which agency would handle crimes like these; they didnt know what to expect; and they were worried that matters concerning the company would be leaked.

These are age-old problems that law enforcement is going to have to address and address quickly.

GT: Do you think that same gulf exists between local governments and federal law enforcement?

Reno: In some instances, it does. When I came to Washington, I had always felt that there was a one-way street with the feds coming to town saying what they wanted but not giving too much in return. I resolved to try to create partnerships between federal, state and local law enforcement agencies -- at least those within the Justice Department.

In most jurisdictions, I think we succeeded, but there are some where a gulf exists.

GT: I ask that question because Im looking at your remarks from the Stanford conference pertaining to the gulf that exists and the hesitancy of some companies to report when Internet attacks happen. Im just wondering if you think that same hesitancy exists on the part of government agencies to report when they get attacked.

Reno: I think that most people know, and any government agency that thinks that they can keep that information from being made available somehow or another is probably unrealistic. Most government agencies would report it.

GT: One of the comments that I got from the crackers with whom I spoke recently was that they werent all that scared of local law enforcement, but they are worried about federal law enforcement. How does a town that gets attacked balance the jurisdictional issues between allowing their local police to take action and letting federal agents take action when they need to?

Reno: It depends on the capability of the local police to deal with the issue. In some instances, you have a crusty old sergeant who has a natural aptitude in this area; gets interested in computers watching his grandchildren work on them; starts getting really competent himself; understands the issues; has tremendous law enforcement experience; and is the spark which ignites a real initiative in that community.

In other areas, you dont have that. The capacity of local law enforcement varies across the country. Sometimes they can handle it with great efficiency; in other instances, they would have to call in the bureau, and the bureau would have to respond. But the bureau has much to do in terms of building up its capacity as well.

GT: Technology evolves so quickly that its hard for anybody to keep up.

Reno: When I came into office, I was concerned because I didnt think enough was being done to ensure that law enforcement maintain a capacity to deal with these issues, including issues that had a direct and immediate effect on national security.

We can learn from the military, and vice versa. We can learn from the private sector, and its imperative, considering the interconnectivity of the Internet, that the private sector and the public sector come together and churn out some plans.

For the person who goes into the local police, and the local police dont know anything about how to investigate these cases so the person doesnt know what to do next and thinks government is inept, weve got to come together with local law enforcement and let the private sector know, "This is who you go [to] in this jurisdiction. This is how it will be handled. These are the contact points."

GT: Is it necessary to set up a strategy for communicating to the right people?

Reno: To the right people, but, clearly, trying to get the right people is the most necessary thing of all; and the right equipment.

GT: Does local law enforcement need to lobby more at the federal level to get the funding, or is it pretty much understood that local law enforcement needs funding?

Reno: No. Generally speaking, for day-to-day permanency, local law enforcement has got to fund its needs. The purpose of federal funding is to show that a program works and convince a community that its worth taking over. Community policing and 100,000 cops is an example of how the federal government jump-started it and the communities carried through with it.

In this instance, the federal government could jump-start some really productive partnerships with joint computer-forensic laboratories and joint initiatives that would permit federal, state and local government to work together. Its important that we focus on the issue of terrorism.

We think of terrorism as being the product of weapons of mass destruction, but you could have a field day, in terms of terrorist acts, just on a computer. Weve got to be prepared for it, and, oftentimes, its going to be local law enforcement thats first on the front line.

GT: During your time at the Justice Department, did you see a gradual erosion of turf issues between levels of law enforcement?

Reno: I saw, in many instances, erosion of turf issues; some maintained themselves despite my best efforts.

As I left, I was urging the bureau to provide Congress with a road map of where the bureau wanted to go in terms of developing the expertise and the capacity to be prepared and to share with state and local governments in a way that would really provide an effective link.

GT: I saw a story out of Broward County, Fla., where they were thinking of testing a new electronic voting system. Officials had entertained the idea of inviting some local high-school hackers to have a run at the system to see if they could break into it. I thought it was a clever idea, but it didnt seem to go over well with the County Council. Is that the kind of thing that local governments need to do to safeguard systems they want to try out? Or do you think thats not the right step to take?

Reno: I didnt hear about that story. But, somehow, weve got to test these systems. When you look at the identity theft thats occurring and some of the other inappropriate uses of the Net, its mind-boggling that people dont realize how vulnerable it is in terms of privacy and security.

Again, industrys got to realize that when its hurt and hurt bad, its going to need law enforcement. Law enforcement has got to realize it needs industry.

GT: Is it necessary to understand what motivates Internet crackers to catch them? Or is it just necessary to catch them and lower the boom on them?

Reno: Its always helpful to know why people commit crimes to see what you can do to prevent crimes. But if you cant prevent it, youve got to have a fair, firm punishment to fit the crime.

GT: I notice that one new initiative from the current U.S. Attorney General, John Ashcroft, is the Computer Hacking and Intellectual Property Units -- the regional computer teams. Is a smaller, leaner fighting force the way to pursue Internet crime?

Reno: It depends on the jurisdiction. You just have to build on what youve got and make sure that you have the expertise; that you have the contacts around the world; that you have the capacity 24/7 to immediately identify the hack and take steps to trace it.

It requires the cooperation of foreign law enforcement, which is going to require the federal government to work with state and locals to ensure access to these foreign law enforcement agencies and to ensure that cyber criminals know that theres no safe place to hide.ments and federal law enforcement?

Reno: In some instances, it does. When I came to Washington, I had always felt that there was a one-way street with the feds coming to town saying what they wanted but not giving too much in return. I resolved to try to create partnerships between federal, state and local law enforcement agencies -- at least those within the Justice Department.

In most jurisdictions, I think we succeeded, but there are some where a gulf exists.

GT: I ask that question because Im looking at your remarks from the Stanford conference pertaining to the gulf that exists and the hesitancy of some companies to report when Internet attacks happen. Im just wondering if you think that same hesitancy exists on the part of government agencies to report when they get attacked.

Reno: I think that most people know, and any government agency that thinks that they can keep that information from being made available somehow or another is probably unrealistic. Most government agencies would report it.

GT: One of the comments that I got from the crackers with whom I spoke recently was that they werent all that scared of local law enforcement, but they are worried about federal law enforcement. How does a town that gets attacked balance the jurisdictional issues between allowing their local police to take action and letting federal agents take action when they need to?

Reno: It depends on the capability of the local police to deal with the issue. In some instances, you have a crusty old sergeant who has a natural aptitude in this area; gets interested in computers watching his grandchildren work on them; starts getting really competent himself; understands the issues; has tremendous law enforcement experience; and is the spark which ignites a real initiative in that community.

In other areas, you dont have that. The capacity of local law enforcement varies across the country. Sometimes they can handle it with great efficiency; in other instances, they would have to call in the bureau, and the bureau would have to respond. But the bureau has much to do in terms of building up its capacity as well.

GT: Technology evolves so quickly that its hard for anybody to keep up.

Reno: When I came into office, I was concerned because I didnt think enough was being done to ensure that law enforcement maintain a capacity to deal with these issues, including issues that had a direct and immediate effect on national security.

We can learn from the military, and vice versa. We can learn from the private sector, and its imperative, considering the interconnectivity of the Internet, that the private sector and the public sector come together and churn out some plans.

For the person who goes into the local police, and the local police dont know anything about how to investigate these cases so the person doesnt know what to do next and thinks government is inept, weve got to come together with local law enforcement and let the private sector know, "This is who you go [to] in this jurisdiction. This is how it will be handled. These are the contact points."

GT: Is it necessary to set up a strategy for communicating to the right people?

Reno: To the right people, but, clearly, trying to get the right people is the most necessary thing of all; and the right equipment.

GT: Does local law enforcement need to lobby more at the federal level to get the funding, or is it pretty much understood that local law enforcement needs funding?

Reno: No. Generally speaking, for day-to-day permanency, local law enforcement has got to fund its needs. The purpose of federal funding is to show that a program works and convince a community that its worth taking over. Community policing and 100,000 cops is an example of how the federal government jump-started it and the communities carried through with it.

In this instance, the federal government could jump-start some really productive partnerships with joint computer-forensic laboratories and joint initiatives that would permit federal, state and local government to work together. Its important that we focus on the issue of terrorism.

We think of terrorism as being the product of weapons of mass destruction, but you could have a field day, in terms of terrorist acts, just on a computer. Weve got to be prepared for it, and, oftentimes, its going to be local law enforcement thats first on the front line.

GT: During your time at the Justice Department, did you see a gradual erosion of turf issues between levels of law enforcement?

Reno: I saw, in many instances, erosion of turf issues; some maintained themselves despite my best efforts.

As I left, I was urging the bureau to provide Congress with a road map of where the bureau wanted to go in terms of developing the expertise and the capacity to be prepared and to share with state and local governments in a way that would really provide an effective link.

GT: I saw a story out of Broward County, Fla., where they were thinking of testing a new electronic voting system. Officials had entertained the idea of inviting some local high-school hackers to have a run at the system to see if they could break into it. I thought it was a clever idea, but it didnt seem to go over well with the County Council. Is that the kind of thing that local governments need to do to safeguard systems they want to try out? Or do you think thats not the right step to take?

Reno: I didnt hear about that story. But, somehow, weve got to test these systems. When you look at the identity theft thats occurring and some of the other inappropriate uses of the Net, its mind-boggling that people dont realize how vulnerable it is in terms of privacy and security.

Again, industrys got to realize that when its hurt and hurt bad, its going to need law enforcement. Law enforcement has got to realize it needs industry.

GT: Is it necessary to understand what motivates Internet crackers to catch them? Or is it just necessary to catch them and lower the boom on them?

Reno: Its always helpful to know why people commit crimes to see what you can do to prevent crimes. But if you cant prevent it, youve got to have a fair, firm punishment to fit the crime.

GT: I notice that one new initiative from the current U.S. Attorney General, John Ashcroft, is the Computer Hacking and Intellectual Property Units -- the regional computer teams. Is a smaller, leaner fighting force the way to pursue Internet crime?

Reno: It depends on the jurisdiction. You just have to build on what youve got and make sure that you have the expertise; that you have the contacts around the world; that you have the capacity 24/7 to immediately identify the hack and take steps to trace it.

It requires the cooperation of foreign law enforcement, which is going to require the federal government to work with state and locals to ensure access to these foreign law enforcement agencies and to ensure that cyber criminals know that theres no safe place to hide.

GT: Do you have any speculation as to whether state and local governments are going to increasingly become victims of Internet crackers?

Reno: I think we will all increasingly become victims of Internet hackers.

GT: Why do you say that?

Reno: As the use of the Net increases; as people continue to ignore security and privacy safeguards, theyre going to be vulnerable to hackers and others. It is imperative that we do everything we can to prevent it; including training our young people on what you can and cant do, or should or shouldnt do, on the Internet. [It is imperative] that we take steps to immediately intervene and let people know what we have seen in Arizona and other places is not acceptable.

We want this to be the extraordinary tool that it is for commerce, education, communication and fun.

GT: Its always good to have fun; theres no doubt about that.

Reno: I was reminded of that the night that I appeared on Saturday Night Live. Its very good to laugh at yourself and with others -- good for the soul.

GT: I dont know if youve been following the efforts of the German Minister of the Interior to come over to the United States and talk to U.S. officials about the hate sites that are based in the United States that people set up for German citizens to access. How do you sort out those types of issues? Where German law prohibits one thing but our laws permit that same thing?

Reno: That is one of the very difficult issues that we worked on. It requires close communication and understanding and an appreciation of why they feel like they do, but a further understanding of how important it is that our constitutional protections be afforded to all Americans.

GT: Some of the crackers I talked to said they compromised a server in some other country that they used to attack Clearwater, Floridas Web site.

Reno: Its fascinating to see how they try to mask their trail.

GT: Is that the most difficult thing in catching them?

Reno: Its one of the most difficult things.

GT: Is there one thing thats the most difficult?

Reno: I couldnt answer that question because I havent been there at the investigative stages.

GT: A gentleman I talked to at the SANS Institute said that he kind of admired the crackers because it seemed to him that they had all the knowledge to create time travel, but they went back in time to pick up the winning numbers for a $100 lottery ticket. He was amazed at what great lengths they took to accomplish what seemed to be little things. Is that fair? Was that your experience, too?

Reno: Some of them can do it in an instant, it seems to me, and others take time. But one of the things that we have to do is provide more education in terms of young peoples exposure to cyber technology and the use of it and teach them what you can and cant do.

As one computer expert told me, "I understand my daughter would never go into her brothers room and go through his stuff. She certainly wouldnt read his mail, but she doesnt know that shes not supposed to read other peoples e-mail."

I would like to develop training programs that gave young people an opportunity to feel more at home on the computer and less traumatized.