February 25, 2025 • 47 mins
What are the biggest security risks facing companies in the US and around the world? What can companies do to prepare against cyberattacks? How should they balance the benefits and risks of AI? How should companies navigate operating in China? How should they approach policy shifts from one presidential administration to the next? On the latest edition of the Votes and Verdicts podcast, former FBI Chief of Staff and current Fenwick & West partner Jon Lenzner joins BI analysts Elliott Stein and Nathan Dean to discuss these issues and more.
See omnystudio.com/listener for privacy information.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:15):
Hello, and welcome to the Votes and Verdicts podcast, hosted
by the litigation and policy team at Bloomberg Intelligence, the
investment research platform of Bloomberg LP. Bloomberg Intelligence has five
hundred analysts and strategists working across the globe and focused
on all major markets. Our coverage includes over two thousand
equities and credits, and we have outlooks on more than
(00:38):
ninety industries and one hundred market indices, currencies and commodities.
This podcast series examines the intersection of business policy and law.
We're recording this episode on February twelfth, twenty twenty five.
I'm Elliot Stein, an analyst with Bloomberg Intelligence covering financials litigation.
Speaker 2 (00:57):
And my name is Nathan Dean, and I'm an analyst
with Bloomberg Intelligence hovering financials policy.
Speaker 1 (01:01):
So we're delighted today to have someone who I think
will be one of the most interesting guests that we've
had to talk about some of the biggest risks that
companies in the US and around the world face. That
guest is John Lensner. John recently joined the law firm
of Fenwick and West as a partner, and before that
he was the FBI chief of staff to FBI Director
(01:24):
Chris Ray. For three years. At the FBI, John played
a key role in some of the most high profile
and consequential matters, including working with the intelligence community on
national security and cyber issues, and partnering with US companies
developing emerging technologies, giving him unique insight into the opportunities
and challenges that businesses encounter. Prior to the FBI, John
(01:48):
served as the Acting United States Attorney for the District
of Maryland. Earlier in his career, he was in Ausa,
and he began his prosecutorial career as an assisted District
attorney in Manhattan. In more than fourteen years as a prosecutor,
John led major investigations into financial fraud, healthcare fraud, public corruption,
(02:10):
and many other complex matters. And in addition to his
public service, John was the CEO of a leading corporate
investigations and risk advisory firm. And perhaps most importantly before
all that, John was a year ahead of me in
law school and was my legal writing ta and he
was also the executive editor of the law journal that
(02:33):
I was on, And he was always someone I looked
up to as a role model, both back in law
school but also in the subsequent years. So with all that,
it really does give me great pleasure to introduce John Lensner.
Thank you John for coming on the Votes and Verdicts podcast.
Speaker 3 (02:48):
Thank you Elliott, and thank you Nathan for having me. Elliott,
that was great. I really appreciate your very kind introduction.
I remember, finally our time together in law school.
Speaker 1 (03:00):
I do too, I do too, so John.
Speaker 2 (03:03):
The first question we always ask our guest is about
the work history. I mean, Elliott just mentioned the highlights
of your official bio and it's obviously very impressive, but we
would love to know how you got where you are.
You know, what made you go into public service, what
made you want to be a prosecutor, how'd you wind
up as the FBI chief of staff? Maybe tell us
a little bit more about that role, but what does
the chief of staff do?
Speaker 3 (03:23):
And also tell us about your practice at.
Speaker 2 (03:25):
Fenwick and what are you doing today?
Speaker 3 (03:27):
Thanks Nathan. I I guess I'll start at the beginning,
which was I grew up in a household with parents
who were in public service. My parents actually met in
the theogen Civil Rights Division in the nineteen sixties. My
father was a prosecutor who prosecuted civil rights violence don
(03:48):
in Alabama in Mississippi in the late sixties, and so
I'd always understood and believed that public service was and
continues to be a very noble and important and I
had worked after college on Capitol Hill as a press
secretary for a congressman and for a congressional committee. But
(04:09):
it was really when I went to law school and
had an internship at the District Attorney's office and tried
my first case, and I fell in love with trying
cases and representing the people of New York at that
time in criminal cases. And from there I was hooked.
(04:29):
Became an assistant US Attorney in Maryland, and then after
five years in the private sector, I was excited to
return to the US Attorney's Office, where I had served
as a prosecutor before lead that office, and after a
few years as what's called the first Assistant US Attorney,
(04:49):
which is essentially the deputy US Attorney, had nearly a
year as the Acting US Attorney in twenty twenty one,
which was an amazing opportunity to lead the offic this
and a great district and did things like started the
office's first civil rights unit and also helped launch their
national Security and Cyber Grounding Section, and from there after
(05:12):
I stepped down. I had a brief but very exciting
and impactful time at the DEA, serving the DEA Administrator
Anne Milgrim as a senior advisor on otioansitions and had
a chance to work with the division at the DEA
that oversees their regulatory function. And then in twenty twenty
(05:33):
two I joined the FBI as the chief of Staff
to Director Ray, which I served in that role for
nearly three years, stepping down at the end of twenty
twenty four. But asked about what that role is and
serving as the FBI chief of Staff is essentially part
of the senior leadership team. There's the Director, there's the
(05:54):
deputy director, the chief of staff, and the chief of
staff essentially helps the director run the agency. It's a
thirty eight thousand person global law enforcement and intelligence agency,
and the chief of staff as the only person who
always speaks for the director. The chief of staff represents
(06:16):
the agency, represents the director not only with the employees,
but with the Department of Justice, with other executive agencies,
with Congress, with the media, with foreign partners, foreign law
enforcement and intelligence agencies, and with the private sector. Part
(06:36):
of the job also involved overseeing the intersection of legal
issues with policy matters with Congress and legislative issues, and
the media, and some of the more challenging and fast
developing issues that would arise, sometimes implicating all four of
those different areas would fall under portfolio of the chief
(07:01):
of Staff, who is in a position as the person
who speaks to the Director to oversee entire playing field,
so to speak, and see how all those different pieces
fit together. Part of the job also involved essentially prices management,
making sure that the bureau, which receives a lot of scrutiny,
some of which is fair, some of which is not fair,
(07:23):
making sure that we can handle that incoming, so to speak,
in a manner that we're being responsive and transparent, whether
that's with Congress, the Inspector General, and also making sure
that we can keep our strategic objectives on track, because
part of the job as the chief of Staff is
to work with the Director to set his priorities and
(07:48):
implement them over the thirty plus divisions of the FBI,
and also part of that job was working with the
private sector. Director Ray was very forward leaning in developing
strong relationships with the private sector, and in particular with
companies and with venture capital who are investing in and
(08:12):
developing impactful technologies that are having an impact on our nation.
And we would look to work with companies where we
could scale what we're doing in conjunction with what those
companies are developing to better protect our country.
Speaker 1 (08:32):
So what kind of companies are you talking about when
you say that in terms of this partnership.
Speaker 3 (08:36):
Yeah, so it was companies that would work in areas
such as artificial intelligence and machine learning, companies that were
developing new cyber tools, Companies that were working with drones
and what we call counter uas or counter on mandal systems.
We were first trying to make sure that we could
(08:58):
understand the threats that were facing our country and American businesses.
Our mission of the FBI is to protect all Americans
and uphold the Constitution, and to do that, we had
to understand how new and emerging technologies could be used
to harm Americans and American companies. Though in order to
(09:20):
do that we would work closely with companies that were
that were developing these new technologies. We also thought it
was part of our mission, which it was to protect
American innovation. American technology. Our mission includes protecting American companies
and their technology, and there are bad actors, both nation
(09:42):
state and criminal groups who are trying to steal that
technology from American companies, and so the FBI works closely
with companies to protect their IP and their innovation. And
then the third, kind of distant, third reason was to
make sure that we the fa but also the broader
intelligence and law enforcement communities could work with these technologies
(10:07):
in a responsible way to help accomplish our missions.
Speaker 1 (10:12):
And we're going to dig into some of these things
that you mentioned, you know, including cyber ai, drones, things
like that. Do you want to just mention briefly why
your practice at Senwich is going to focus on sure you.
Speaker 3 (10:24):
Know it's funny. In large part because of the work
that I was doing at the Bureau and with Director
Ran to develop those relationships with the private sector, I
saw a close how impactful many of these new technologies
are not only with national security and defense, but also
(10:46):
with healthcare, economic security, and so I wanted to make
sure that in my next role, I had an opportunity
to work with companies who are continuing to develop these
impactful technologies. And so Fendwork focuses on working with tech
and life sciences clients who are on the forefront of
(11:10):
leading the way really with these new technologies. And I
saw also Infenwork partners who bring real technical expertise to
their practices and really dig into or clients operations or
clients challenges and goals. And that's that's how I operated too.
So I was drawn to Fenwork because of their clients
(11:31):
and because of the partners dand and so my practice
will essentially focus on government and enforcement, government investigating students,
but also congressional investigations and testimony because so much of
what Washington and I use that term broadly it's looking
(11:51):
at these days is the tech industry. Also internal investigations.
That's something that I've done on both sides and the table,
so to speak, as a prosecutor and as an US attorney,
and then also in my private time in private sector,
helping companies understand the facts and report those facts, whether
(12:11):
it's to the board, to a regulator, and then finally
crisis management and helping find and see the entire playing
field which is constantly evolving nowadays. There are so many
different variables at play. We have new technologies that are
developing rapidly. We now have a new administration who's going
to have new heads of agencies. It's new how people
(12:34):
consume their information. You know, we're no longer working to
traditional landscape. People are now getting news and information were
a variety of different sources right there on the phones.
And also the geopolitical picture and early twenty twenty five
looks very different from what it was four years ago.
So all of this means uncertainty. Most businesses don't like uncertainty.
(12:57):
And so as a business that's trying to navigate the
regular Tory lands, getting assessing risks, trying to figure out
what they're going to counter on the involvement playing fields,
it's important to have a lawyer who is experience and
working with all those different nasal firms. That's what I
have bought my clients before. That's what I did for
the lot.
Speaker 2 (13:15):
So let's you know, you mentioned cybersecurity, you mentioned geopolitical questions.
That's a good segue here, and so let's talk a
little bit about cybersecurity threats into the threats to our
you know, infrastructure in the United States, it seems like
every month or even every week at this point, we
hear a company being hacked and personal information being compromised,
and or and or enforcement actions from the regulators towards
(13:36):
companies about these hacks, and it seems almost to go
to every industry we cover, from healthcare to energy, telecoms,
and just last year, you know, FDI, you know for uh,
you know, director of Chris Ray said that you know,
China has made it clear that you know, it considers
every sector that makes our society run a fair game
to potentially you go forth with cybersecurity attacks. So do
(14:00):
you think companies are doing enough to ptect against these threats?
What should they be doing more of? And is there
a specific type of cyber attack that worries you the most.
Speaker 3 (14:14):
Well, I will tell you that there are companies that
do a good job. What I do worry about is
the sharp increase that we have seen in recent years
with cyber attacks, and in particular with ransomware. Ransomware attacks
on our nation's companies and critical infrastructure have increased dramatically
(14:38):
just in the last two years, and it's one of
the more persistent threats that's been evolving. And what we've
seen is not only ransomware attacks on companies daily, but
also on our critical infrastructure. Fourteen of sixteen critical sectors
have been hit by major ransomware attacks in recent years.
(15:02):
Ransomware is so pervasive that we assume that every company
at some point will be a victim to it. Take
you to one scene that would play out every morning
at the FBI, and we would have confidential Threats perlivision,
where the head of each division would brief us on
(15:23):
the most important threats of the day. So we'd be
in a secure facility of skiff and around a huge
horseshoe shaped table, the head of each of the thirty
divisions would brief us, and so, you know, the counter
Terrorism Division would brief about ISIS inspired terrorists who were
tracking in some state counter intelligence. We'd talk about spies
(15:48):
from Russia or ran PRC they're trying to disrupt and
so on. The Cyber Division, which is probably one of
the fastest growing and busiest divisions in the FBI, always
have the longest and most robust breathing and that's because
(16:08):
there are so many cyber attacks hitting our country.
Speaker 1 (16:12):
And what I mean you said, there are some companies
that are doing well to protect against these, but what
kind of things should companies be doing more of? What
is it that they do? Well? You know how you
know if every day there's some sort of hack like this,
I mean, what's the solution.
Speaker 3 (16:31):
Well, I think first and foremost understanding your infrastructure in
your system. I know that sounds obvious, but you'd be
surprised at how many organizations, and this is not a
criticism I've been there, don't fully understand the state of
their of their systems today. Because not only do we
try to fortify our defenses, essentially put up stronger walls,
(16:54):
stronger doors, put new locks on the door, see what's
happening inside, because many times, as we seen from the
Bureau's perspective, that companies didn't know that someone had committed
an intrusion. And we've been inside in from a long period.
In so, mitigating that risk and the damage from that
intrusion requires not only fortifying your defenses, but also periodically
(17:19):
looking back inside, taking time to conduct that kind of
screening of their systems. Training, as simple as it sounds,
is important. My understanding is that the leading cause of
a cyber hack is from some kind of social engineering
where the bad actors trick the sub employee to give
(17:42):
them access by clicking on a link. Business email compromise
schemes are one of the fastest growing frauds in our country.
That's where bad actors will trick somebody in the company
to provide them information that can allow for a large fraud.
We had an example recently that was facilitated by artificial
(18:02):
intelligence where bad actors in a different country used AI
to trip an accountant in the company to wired millions
of dollars of the company's funds to an account overseas
by impersonating the CEO. I think about how challenging that
must be to impersonate your own CEO get you to
wire and morning tune accounts that you didn't recognize. But
(18:25):
those are the kinds of threats we're dealing with, and
so that's why training is such an important function. But finally,
I will say, you know, and I've left the FBI,
but I sincerely believe that having a strong relationship with
the Bureau or another agency that focuses on cyber threat
is important. Going back to that morning briefing that I
(18:46):
described a few minutes ago, when the Cyber Division would
tell us about the recent attacks, almost always the examples
or the case studies that would result in really bad
results like tons of damage to the company were where
there was not a pre existing relationship between the company
(19:09):
and the bureau. Conversely, the stories that had the veterans
where the Bureau was able to help the company prevent
the attack or mitigate the damage was where there was
an existing relationship. And that's because the FBI's cyber division
has invested so much time in becoming more victim centric
(19:31):
and forward leaning that they want companies to call them
not only when there was an attack, but long before
there was an attack to forge that relationship. There's an
example where the cyberdivision of a foreign ally contacted the
FBI to say, we see Iran about to launch an
attack on a company in the US. Because the FBI
(19:55):
field office in the state where that company was located
knew the many a cheap information security officer by his
first name and had his cell phone number, they were
able to get word to that company to take it
off line, all within an hour of when the foreign
government first contacted the bureau. The whole thing took an hour,
(20:17):
and they're able to invent the attack.
Speaker 1 (20:20):
That's a really powerful example. Good anecdote so you mentioned
AI and you gave that example of a deep fake
being used to basically trick someone to why millions of dollars.
You know, we hear about AI every day. We hear
about all the efficiencies that it's going to bring, and
certainly there are a lot, but you know, like the
(20:42):
example you just gave, there's obviously a lot of nefarious uses.
Speaker 3 (20:45):
For it too.
Speaker 1 (20:46):
How do you balance how do you think about this
balance between you know, the benefits that AI can bring
versus these very dangerous risks.
Speaker 3 (20:58):
Well, certainly we see the amazing advance things in artificial intelligence,
everything from healthcare, pharma, and manufacturing to robotics and engineering.
AI enables businesses and governments to automate and save time,
but it also allows the bad actors to automate and
(21:20):
save time. At the Bureau, we are able to use AI,
and we're very transparent about our use to do things
with like facial recognition technology, how we triage the large
amounts of information that the Bureau would take in on
any given day, and also with things like translation and biometrics.
(21:42):
Bad actors can use AI to save time, to be
more efficient with their labor, to commit more effective fraud
and also to help them obfuscate when they commit their crimes.
And so we look at AI as both having tremendous
promise for society, but also, like many things, it also
(22:04):
brings peril. And advances in technology have expanded the attack
service that the government has to defend. So before protecting
a power plant was all about having a tall fence
and armed guards, but now today you have adversaries who
are attacking electrical grids through the Internet and using artificial
(22:26):
intelligence to get around the cyber defenses that have been
put up. We've seen AI used in a variety of
different ways with bad actors, not only nation state actors
but also criminal groups. We've seen terrorists using AI to
build detor bombs. We've seen cyber hackers using AI to
(22:48):
get around cyber security defenses, not only identifying the vultabilities
but then writing malicious code to exploit them. We've seen
mild predators using AI to victimize kids, usually through sextortion,
which is one of the fastest growing ways that bad
actors are victimizing kids. And we're seeing fraudsters using AI
(23:14):
to impersonate relatives to trick a victim, usually a grandparent Unfortunately,
it's just sending them thousands of dollars. You know, back
in the day, you have a bad actor overseas struggling
to write an email in English to trick somebody to
wire the money. But nowadays bad actors are using AI
(23:35):
to write beautifully written emails like the one that tricked
that accountant at that company. Invention a feman instagrat. I
would also note that when a nation state steals the
company's AI technology, which is happened, they can then use
that technology that they've stolen tomorrowing the trows of data
(23:56):
that they've already stolen. So I am talking about people's
republic in China who have spent a lot of time
in the rese sources stealing intellectual property and data from
American companies and then have been using AI as a
tool to mind that data so that they can leverage
(24:18):
it for other purposes.
Speaker 2 (24:22):
Well, you know, to continue on the AI front. I mean,
we just saw a Deep Seek a couple of weeks
ago and you know, come out and really changed the
AI game, you know, and it's possible, it's impossible to
talk about that without China. So I did want to
ask a question about China.
Speaker 3 (24:37):
You know a lot.
Speaker 2 (24:38):
Obviously, a lot of companies do business with China, would
like to operate in China. But the Chinese government is
a different entity than the United States government, and it
has its own challenges and opportunities. And indeed, we spoke
about cybersecurity earlier, you know, So what are the challenges
and opportunities for companies that are wanting to operate in China,
(24:58):
are currently operating in China.
Speaker 3 (25:00):
Know the way that I look at China now and
also when I was at the bureau, it's chime. It
represents opportunities in a variety of the ways. It's a
strong market with customers. It's got employees, some highly trained employings.
You have potential partners, join venor venture partners. There are
(25:23):
investors who some companies look to when they're developing their companies.
So I would never tell a business. I would rarely
tell a business, look, you can't do business in each other.
I just don't think that's a realistic approach to take
right off the glad. I do think though, it is
(25:44):
critical to understand the races, to go in with your
eyes wide oping and understand that some people you hire
might actually have affiliations with the PRC that could be
exploited to your disadvantage, or understanding that there might be
(26:05):
challenges with the supply chain down the road that you're
not seeing today, and so doing your due diligence on
the supply chaining, on your employees, on your partners is critical.
Understanding the risks from a technological perspective in terms of
how your communications and your data can be accessed in
(26:27):
a way that you don't want it to be. We've
seen situations where American companies have looked to work with
joint ventures or with investors from other countries in the
Far East and not knowing that partners of those investors
(26:47):
or joint ventures are actually in China in a way
that the US company was not aware. So there's a
lot to be wary of. There's reasons to go when
was your eyes wide open to conduct an extensive due
diligence and to understand that it's a balance that there
(27:08):
might be a terrific business opportunity that a company wants
to take advantage of, but they just need to balance
that opportunity with those risks. And I would recommend having
a risk based approach to taking on new employees, you know,
new partners, new investors.
Speaker 1 (27:29):
Speaking of China, I want to ask you about TikTok.
So you know, I have three teenage daughters who you know,
spend a lot of time on TikTok, much more than
I would like to see. But such as life, and
you know, I think in twenty twenty two, Director Ray
said TikTok is a national security concern. I think that's
(27:51):
probably what led one of the things that led to
Congress passing the law with overwhelming bipartisan support, that was
supposed to ban TikTok in the US or force ByteDance,
a TikTok's Chinese owner to sell it. TikTok sued challenge
of the law in court. The law was upheld by
the Supreme Court in January. But the law, you know,
(28:16):
it's not it's not really been enforced, and so as
it stands now, I actually I confirm as of yesterday
because my daughters were on it, you can still use
TikTok if it's on your phone. I believe you can still.
It's not available on the app stores, but I but
it is still being hosted, so it is still available.
If you were able to download it before before the
(28:39):
band took was supposed to take effect on January nineteenth.
You know, can you sort of just give us your
sense of what the national security concerns are around it?
How concerned should I be as a parent, and what
can I tell my kids to get them off that app.
Speaker 3 (28:58):
Oh, Elliott, I am certainly no actually on TikTok. I've
never been on it, and as far as I know,
my kids have not been on it. But maybe I
don't know for sure. Look, I think Director Ray, you're right,
was very adamant and ahead of the curve zone to
speed on his concerns, and I believe the Bureau's concerns
(29:20):
and the ICs concerns with TikTok. I think even before
you get to the technology itself, understanding that in China,
to do business in child, a business has to have
certain relationships with the PRC such that PRC can demand
(29:41):
two see their code, to see their data. Whether the
company shares or not, that's a whole other question. And
there is an expectation that's supported by authority that companies
will share certain information that here in the US we
don't expect from our companies. I think there's also a
(30:02):
risk that the algorithm can be misused and manipulated to
spread disinformation. Some people say to me disinformation like that's harmless,
but actually it's really not. I can tell you that
from the FBI's perspective, over the last year, we saw
(30:23):
a tremendous amount of disinformation coming into our country, not
only from China, but from Russia, Iran and other countries.
And that information can be very effective in undermining confidence
in our institutions, in getting Americans to believe things that
are just not true. And so disinformation is dangerous and
(30:46):
it's a growing problem. But also if you have people
on an app where you are able to access the data,
you can use that data in various ways, some of
which are not about dangerous, really more competitive intelligence, but
some of them can be dangerous. So people have said,
(31:09):
to me, who cares if my kid is sharing his
or her data with the PRC. What two things I
would say to that. First, the can may not care,
but the kid's parents my king. And if that kid's
parent is in a significant position within the government or
within his company, there're gonna be information being shared on
(31:33):
TikTok about that parent, where they are, where they live,
What they're doing that that parent would not want out there.
Certainly not for the public to suit, but definitely not
for Chinese government. Also, I would tell the kid, just
as a side at leat, that you may not care now,
(31:53):
but when you're applying to college, or when you are
applying for your job, thing for office, or traveling to
China for recreation or business, you may not want to
have had that information being collected by the PRC. Elevins
in year. Finally, another thread I think is if you
(32:13):
download the app onto your phone, I guess there is
a risk that you could be downloading some kind of
malicious dollar onto your phone. I'm sure there are other
national security threats I'm not mentioning here, some of which
are better communicated in a secure facility, But those are
just some of the ones that come to mind.
Speaker 1 (32:36):
I'll definitely make sure my daughter's listened to this episode,
and then maybe I'll send them to a skiff with
you to get more information later.
Speaker 3 (32:43):
Sounds good.
Speaker 2 (32:43):
I was going to make a bad joke about the
Bloomberg you know, votes in Verdicts being a secure forum,
but that, yeah, but you know, so let's pivot a
little bit. Let's talk about crypto, you know in the
United States. You know, my view is is that the
digital assets sector is about to see a more friendly
regulatory regime, whether it's in Congress or the Securities in
Exchange Commission. And there's certainly a lot of opportunities for
(33:04):
that sector in terms of innovation. There's also a lot
of criticism that digital assets are used by criminals for
money laundering and other crimes, including drug and human trafficking.
So how do you think about crypto And I know
your firm, Fenwick is a sizeable blockchain and crypto practice.
You know, what are the types of crypto's rules and
regulations would you like to see promulgated and pushed forth
(33:25):
by the Trump administration.
Speaker 3 (33:27):
When I was at the Bureau and at DOJ, people
in the industry sometimes would be surprised to hear that
the government doesn't target any particular industric doesn't target any
particular modality. The FBI actually has a good relationship with
many companies in the cryptocurrency industry. The FBI stood up
(33:47):
the virtual assets in you there that works with other
parts of the government but also with the private sector
on trying to prevent those threats that you just mentioned
and so some of the challenges that we saw and
then we still continue to see. You know, the speed
at which transactions move can make it harder to recover
(34:10):
where it's stolen funds. While blockchain as a general matter
should make it easier to trace funds, it's not always
the case when funds are transmitted over seas, in particular
to jurisdiction where we don't have favorable anti money laundering laws.
Also seeing I think in twenty twenty three, there was
(34:31):
something like seventy thousand fraud complaints that the FBI took
in and involved in cryptocurrency. Most of them were related
to investments for all, but ten percent of all fraud
complaints involved cryptocurrency. That ten percent, that just that ten
(34:52):
percent represented about half all losses from fraud complaints. And
so what you're seeing is is bad actors using cryptocurrency
to commit fraud at a greater scale and at a
faster speed. Now, certainly cryptocurrency plays a productive role in
(35:14):
different ways, not only in the US but in other countries.
And from my perspective, formally from the Bureau and DOJ
now the cliving sector, it's important for us to try
to help the companies that are working in that space
for legitimate purposes, to help them continue to grow and survive,
(35:36):
to help consumers, prevent that technology being from being used
to victimizes. But to do that, we have to be
clear that there are bad actors who are leveraging the
technology and platforms commit fraud and also nation states using
it to steal assets. You know, ransom were attacks that
(36:01):
those funds are quickly transferred into cryptocurrency and sent overseas
and makes them much much harder for us to recover
those funds. So the way I look at it is
that there are companies who I want to work with
who are in the forefront of their technology that are
having an impact in a positive way, and to help them,
(36:24):
want to make sure that we are trying to weed
out the bad actors who are trying to weaponize that technology.
You know, one thing that people are always surprised by
is the Bureau actually brought a case in late twenty
twenty four where they went undercover with a fake crypto token.
(36:46):
You know, when you're working in a new industry and
you don't have years and years of experience and sources
built up, you have to find creative ways to get
at the criminal conduct. The Boston Field office CRADD a company,
graded a token, graded a website. It essentially went undercover
(37:07):
targeting a specific area of misconduct with certain companies. It's
not a not a phishing expedition. They were. They were
actually they had have predication to do this, and they
ultimately charged eighteen defendants, putting some market nagers in a
couple of financial services Fords were essentially conducting market manipulation
(37:30):
in that industry. And so it's interesting there were companies
who were very excited to hear that the Bureau did
because they share that perspective that hey, this is a
growing industry, but we got to keep the bad actors.
Speaker 1 (37:44):
I want to ask who about another sort of new technology,
and that that's drones. You know, I live in New Jersey,
so you know, I guess it was a couple of
months ago. You know, you couldn't go on minute without
you know, someone posting about drones overhead, you know. And
(38:05):
it's funny because I mean it eventually made it to
National News and was on CNN, but it was like
in my Facebook feed, you know, like a month before that,
and I thought these people were you know, conspiracy theorists,
but maybe they were, but you know, it became national news,
I think. But you know, both the Biden and Trump administrations,
you know, said that it's you know, nothing that people
(38:26):
should worry about. But I'm just curious to get your thoughts.
I'm sure a lot of it is classified information, but
you know, whatever you can share with us about your
thoughts about drones and drone technology and what you're watching
for in that space.
Speaker 3 (38:41):
Sure, I think drones and counter drone technology counter U
as one of the more interesting and potentially impactful technologies
that's being developed, and it's being developed at a great
pace for parts of lord, aren't sure. I had to
the pleasure when I was at the Bureau meeting with
(39:02):
a number of different companies, startups we're working in this space,
to see their technology. It's fascinating and their companies doing
amazing things. I think one of the challenges for our
country and for these companies of our extension is need
some clarity as to the legal authorities for operating drones
(39:24):
and then operating encounter drone technology. There are examples, as
you noted, where there have been sightings of drones, and
you're right, much of what I know is from the
classified setting, But bottom line is how the government approaches
the counter drone issue right now. Could use more clarity
(39:50):
in terms of the legal authorities, and also could use
more funding, given candid as to whether that goes to
the Bureau or to the Department and Homeland Security and
then down to state and local law enforcement. But there's
no question that there are significant threats that come with thrones.
(40:12):
You know, drones are being used every day legally for
legitimate purposes and are making different parts of our society
and one more efficiently. But there's also threats. We've seen
it with terrorist attacks here or we're overseas. We had
a terrible attack on the US base with the drone.
(40:33):
We saw it on October seventh when hamas and use
drones to attack his rule. We've seen it with bad
actors using drones to cross the border the southern border.
We've seen dangs using drones to drop contraband cell phones
in the prison yards. So it's important to recognize that
(40:55):
as great as this technology is, our country needs to
make sure that we have not only an illegal structure,
but also the funding and the motivation for companies to
continue to develop these technologies so that drones can be
used for good purposes. And you know, the counter UAS
sector is fascinating all the different ways that we can
(41:18):
try to take out a drone or there's challenges with it.
I've sat in meetings with the FBI's team that handles
counter you ass to talk about some of the challenges,
whether it's in a crowded city where there's all overwhelmed with
different radio frequencies and those civilians all over the place
that can get hit by a falling drone fee the
(41:38):
challenges doing it in the bounds or in the desert,
and so it's one of the more fascinating areas and
one that I hope to continue to work in.
Speaker 1 (41:47):
I'd never heard about the example of dropping phones into
prison life, but yeah, I'm sure there's a lot of
different use cases that I haven't thought of for drones
and all these other techno geez we've talked about. Just
one final substantive question for you before Nathan will ask
you one of our fun grab bag questions that we
(42:09):
always ask guests to end our episodes. But you know,
with the new administration, I guess with any new administration,
there are policy shifts that you see across different agencies,
but you know, particularly doj you know, I think just
in the last couple of days, the Trump administration said
that it wanted to sort of reduce enforcement of the FCPA,
(42:33):
the Foreign Corrupt Practices Act, which you know bars bribes
of foreign officials to get business overseas. You know, just
generally speaking, how you know, how do you have any
thoughts on how businesses should have approach these policy shifts
that you know invariably happen from one administration to the next, Like,
(42:55):
how do you maintain sort of continuity as priorities shift
in the government?
Speaker 3 (43:01):
Yeah, that's a great question. I mean, as a as
a lawyer practicing and see, everything's fine to altificate and
speculate about what's going to happen and where the priority
is going to go. As a business running a business,
it's obvious food it's more important. It's some clarity so
you can figure out how much to invest in different
compliances and whatnot. Different administrations change priorities over the four
(43:27):
years or eight years. But also if you're working, if
you're operating around the world, there are other countries like
the United Kingdom that have statues that impact their operations.
And so even if the US were to swear off
any particular statue, which I think is unlikely, that that
(43:50):
would last for a long time in our country where
the case, you have to, you know, navigate the different
statues in other countries. And it's also not just the
Department of Justice stead it was a player. You have
other revenstory seats. You have state AG's offices, many of
which have kind of over the years, tried to fill
(44:14):
the void when the federal government receives in certain places.
But also it's also just good business two make sure
that you're not paying brides in certain countries. You never
know what will develop in five years. You know, some
(44:36):
statutes have a five year statute of limitations, but some
administrations have before you stablished limitations. So I think it's
better to try to follow your principles and values. And
you know, certainly in the first year of administration, I
wouldn't make massive changes to a compliance program simply because
(44:57):
of a memo that came out of many one. I
try to be thought all about it and work with
your business team to see what makes sense for them,
because over the long term, you know, it can be
disruptive to a company to drastically change your compliance programs.
Going back and.
Speaker 2 (45:15):
Forth, Well, I think I want to take the question
from compliance to something a little bit more fun than
compliance and apologize to the compliance folks that that are
listening right now. We do love you. But the last
question that I have is something that we ask all
of our guests, and that is, if you were stuck
on a stranded island, desert island, what are the three
pieces of music that you would bring with you. We
(45:36):
asked this to evolve our guests. Albums, you know, musicians,
you know, songs, whatever you want to bring, it's you,
it's your your your choice. What are the three pieces
that you're going to bring.
Speaker 3 (45:49):
I need to get my work out in every day,
so I need guns in the roads is appetite for
destruction from my workhouse. Since I'm on a desert island,
I'm almost guaranteed to beach and so I need a
fun album by someone like Chapel Rome for the fun
beach days and then at night I'm trying to fall
asleep one of the stars. I need some soft classical
(46:11):
music like a violin and claring and.
Speaker 1 (46:14):
Something that's quite the array of choices g n R
to Chapel Rowne the classical. I like it. I like it.
Speaker 3 (46:28):
It's important in any environment to try to, you know,
continue to go with what works for you.
Speaker 1 (46:34):
Agreed, all right, I think with that though, we do
have to wrap up this episode of Votes and Verdicts.
John Lensner, thank you so much for coming on. It's
great to catch up with you and get all your insights.
We really appreciate you coming on this episode. And as
a reminder for all of our listeners, all of our
(46:54):
Bloomberg Intelligence research is available on the Bloomberg terminal at
b I go and with SAD. Thank you for listening,
and have a great day.
Hello, and welcome to the Votes and Verdicts podcast, hosted
by the litigation and policy team at Bloomberg Intelligence, the
investment research platform of Bloomberg LP. Bloomberg Intelligence has five
hundred analysts and strategists working across the globe and focused
on all major markets. Our coverage includes over two thousand
equities and credits, and we have outlooks on more than
(00:38):
ninety industries and one hundred market indices, currencies and commodities.
This podcast series examines the intersection of business policy and law.
We're recording this episode on February twelfth, twenty twenty five.
I'm Elliot Stein, an analyst with Bloomberg Intelligence covering financials litigation.
Speaker 2 (00:57):
And my name is Nathan Dean, and I'm an analyst
with Bloomberg Intelligence hovering financials policy.
Speaker 1 (01:01):
So we're delighted today to have someone who I think
will be one of the most interesting guests that we've
had to talk about some of the biggest risks that
companies in the US and around the world face. That
guest is John Lensner. John recently joined the law firm
of Fenwick and West as a partner, and before that
he was the FBI chief of staff to FBI Director
(01:24):
Chris Ray. For three years. At the FBI, John played
a key role in some of the most high profile
and consequential matters, including working with the intelligence community on
national security and cyber issues, and partnering with US companies
developing emerging technologies, giving him unique insight into the opportunities
and challenges that businesses encounter. Prior to the FBI, John
(01:48):
served as the Acting United States Attorney for the District
of Maryland. Earlier in his career, he was in Ausa,
and he began his prosecutorial career as an assisted District
attorney in Manhattan. In more than fourteen years as a prosecutor,
John led major investigations into financial fraud, healthcare fraud, public corruption,
(02:10):
and many other complex matters. And in addition to his
public service, John was the CEO of a leading corporate
investigations and risk advisory firm. And perhaps most importantly before
all that, John was a year ahead of me in
law school and was my legal writing ta and he
was also the executive editor of the law journal that
(02:33):
I was on, And he was always someone I looked
up to as a role model, both back in law
school but also in the subsequent years. So with all that,
it really does give me great pleasure to introduce John Lensner.
Thank you John for coming on the Votes and Verdicts podcast.
Speaker 3 (02:48):
Thank you Elliott, and thank you Nathan for having me. Elliott,
that was great. I really appreciate your very kind introduction.
I remember, finally our time together in law school.
Speaker 1 (03:00):
I do too, I do too, so John.
Speaker 2 (03:03):
The first question we always ask our guest is about
the work history. I mean, Elliott just mentioned the highlights
of your official bio and it's obviously very impressive, but we
would love to know how you got where you are.
You know, what made you go into public service, what
made you want to be a prosecutor, how'd you wind
up as the FBI chief of staff? Maybe tell us
a little bit more about that role, but what does
the chief of staff do?
Speaker 3 (03:23):
And also tell us about your practice at.
Speaker 2 (03:25):
Fenwick and what are you doing today?
Speaker 3 (03:27):
Thanks Nathan. I I guess I'll start at the beginning,
which was I grew up in a household with parents
who were in public service. My parents actually met in
the theogen Civil Rights Division in the nineteen sixties. My
father was a prosecutor who prosecuted civil rights violence don
(03:48):
in Alabama in Mississippi in the late sixties, and so
I'd always understood and believed that public service was and
continues to be a very noble and important and I
had worked after college on Capitol Hill as a press
secretary for a congressman and for a congressional committee. But
(04:09):
it was really when I went to law school and
had an internship at the District Attorney's office and tried
my first case, and I fell in love with trying
cases and representing the people of New York at that
time in criminal cases. And from there I was hooked.
(04:29):
Became an assistant US Attorney in Maryland, and then after
five years in the private sector, I was excited to
return to the US Attorney's Office, where I had served
as a prosecutor before lead that office, and after a
few years as what's called the first Assistant US Attorney,
(04:49):
which is essentially the deputy US Attorney, had nearly a
year as the Acting US Attorney in twenty twenty one,
which was an amazing opportunity to lead the offic this
and a great district and did things like started the
office's first civil rights unit and also helped launch their
national Security and Cyber Grounding Section, and from there after
(05:12):
I stepped down. I had a brief but very exciting
and impactful time at the DEA, serving the DEA Administrator
Anne Milgrim as a senior advisor on otioansitions and had
a chance to work with the division at the DEA
that oversees their regulatory function. And then in twenty twenty
(05:33):
two I joined the FBI as the chief of Staff
to Director Ray, which I served in that role for
nearly three years, stepping down at the end of twenty
twenty four. But asked about what that role is and
serving as the FBI chief of Staff is essentially part
of the senior leadership team. There's the Director, there's the
(05:54):
deputy director, the chief of staff, and the chief of
staff essentially helps the director run the agency. It's a
thirty eight thousand person global law enforcement and intelligence agency,
and the chief of staff as the only person who
always speaks for the director. The chief of staff represents
(06:16):
the agency, represents the director not only with the employees,
but with the Department of Justice, with other executive agencies,
with Congress, with the media, with foreign partners, foreign law
enforcement and intelligence agencies, and with the private sector. Part
(06:36):
of the job also involved overseeing the intersection of legal
issues with policy matters with Congress and legislative issues, and
the media, and some of the more challenging and fast
developing issues that would arise, sometimes implicating all four of
those different areas would fall under portfolio of the chief
(07:01):
of Staff, who is in a position as the person
who speaks to the Director to oversee entire playing field,
so to speak, and see how all those different pieces
fit together. Part of the job also involved essentially prices management,
making sure that the bureau, which receives a lot of scrutiny,
some of which is fair, some of which is not fair,
(07:23):
making sure that we can handle that incoming, so to speak,
in a manner that we're being responsive and transparent, whether
that's with Congress, the Inspector General, and also making sure
that we can keep our strategic objectives on track, because
part of the job as the chief of Staff is
to work with the Director to set his priorities and
(07:48):
implement them over the thirty plus divisions of the FBI,
and also part of that job was working with the
private sector. Director Ray was very forward leaning in developing
strong relationships with the private sector, and in particular with
companies and with venture capital who are investing in and
(08:12):
developing impactful technologies that are having an impact on our nation.
And we would look to work with companies where we
could scale what we're doing in conjunction with what those
companies are developing to better protect our country.
Speaker 1 (08:32):
So what kind of companies are you talking about when
you say that in terms of this partnership.
Speaker 3 (08:36):
Yeah, so it was companies that would work in areas
such as artificial intelligence and machine learning, companies that were
developing new cyber tools, Companies that were working with drones
and what we call counter uas or counter on mandal systems.
We were first trying to make sure that we could
(08:58):
understand the threats that were facing our country and American businesses.
Our mission of the FBI is to protect all Americans
and uphold the Constitution, and to do that, we had
to understand how new and emerging technologies could be used
to harm Americans and American companies. Though in order to
(09:20):
do that we would work closely with companies that were
that were developing these new technologies. We also thought it
was part of our mission, which it was to protect
American innovation. American technology. Our mission includes protecting American companies
and their technology, and there are bad actors, both nation
(09:42):
state and criminal groups who are trying to steal that
technology from American companies, and so the FBI works closely
with companies to protect their IP and their innovation. And
then the third, kind of distant, third reason was to
make sure that we the fa but also the broader
intelligence and law enforcement communities could work with these technologies
(10:07):
in a responsible way to help accomplish our missions.
Speaker 1 (10:12):
And we're going to dig into some of these things
that you mentioned, you know, including cyber ai, drones, things
like that. Do you want to just mention briefly why
your practice at Senwich is going to focus on sure you.
Speaker 3 (10:24):
Know it's funny. In large part because of the work
that I was doing at the Bureau and with Director
Ran to develop those relationships with the private sector, I
saw a close how impactful many of these new technologies
are not only with national security and defense, but also
(10:46):
with healthcare, economic security, and so I wanted to make
sure that in my next role, I had an opportunity
to work with companies who are continuing to develop these
impactful technologies. And so Fendwork focuses on working with tech
and life sciences clients who are on the forefront of
(11:10):
leading the way really with these new technologies. And I
saw also Infenwork partners who bring real technical expertise to
their practices and really dig into or clients operations or
clients challenges and goals. And that's that's how I operated too.
So I was drawn to Fenwork because of their clients
(11:31):
and because of the partners dand and so my practice
will essentially focus on government and enforcement, government investigating students,
but also congressional investigations and testimony because so much of
what Washington and I use that term broadly it's looking
(11:51):
at these days is the tech industry. Also internal investigations.
That's something that I've done on both sides and the table,
so to speak, as a prosecutor and as an US attorney,
and then also in my private time in private sector,
helping companies understand the facts and report those facts, whether
(12:11):
it's to the board, to a regulator, and then finally
crisis management and helping find and see the entire playing
field which is constantly evolving nowadays. There are so many
different variables at play. We have new technologies that are
developing rapidly. We now have a new administration who's going
to have new heads of agencies. It's new how people
(12:34):
consume their information. You know, we're no longer working to
traditional landscape. People are now getting news and information were
a variety of different sources right there on the phones.
And also the geopolitical picture and early twenty twenty five
looks very different from what it was four years ago.
So all of this means uncertainty. Most businesses don't like uncertainty.
(12:57):
And so as a business that's trying to navigate the
regular Tory lands, getting assessing risks, trying to figure out
what they're going to counter on the involvement playing fields,
it's important to have a lawyer who is experience and
working with all those different nasal firms. That's what I
have bought my clients before. That's what I did for
the lot.
Speaker 2 (13:15):
So let's you know, you mentioned cybersecurity, you mentioned geopolitical questions.
That's a good segue here, and so let's talk a
little bit about cybersecurity threats into the threats to our
you know, infrastructure in the United States, it seems like
every month or even every week at this point, we
hear a company being hacked and personal information being compromised,
and or and or enforcement actions from the regulators towards
(13:36):
companies about these hacks, and it seems almost to go
to every industry we cover, from healthcare to energy, telecoms,
and just last year, you know, FDI, you know for uh,
you know, director of Chris Ray said that you know,
China has made it clear that you know, it considers
every sector that makes our society run a fair game
to potentially you go forth with cybersecurity attacks. So do
(14:00):
you think companies are doing enough to ptect against these threats?
What should they be doing more of? And is there
a specific type of cyber attack that worries you the most.
Speaker 3 (14:14):
Well, I will tell you that there are companies that
do a good job. What I do worry about is
the sharp increase that we have seen in recent years
with cyber attacks, and in particular with ransomware. Ransomware attacks
on our nation's companies and critical infrastructure have increased dramatically
(14:38):
just in the last two years, and it's one of
the more persistent threats that's been evolving. And what we've
seen is not only ransomware attacks on companies daily, but
also on our critical infrastructure. Fourteen of sixteen critical sectors
have been hit by major ransomware attacks in recent years.
(15:02):
Ransomware is so pervasive that we assume that every company
at some point will be a victim to it. Take
you to one scene that would play out every morning
at the FBI, and we would have confidential Threats perlivision,
where the head of each division would brief us on
(15:23):
the most important threats of the day. So we'd be
in a secure facility of skiff and around a huge
horseshoe shaped table, the head of each of the thirty
divisions would brief us, and so, you know, the counter
Terrorism Division would brief about ISIS inspired terrorists who were
tracking in some state counter intelligence. We'd talk about spies
(15:48):
from Russia or ran PRC they're trying to disrupt and
so on. The Cyber Division, which is probably one of
the fastest growing and busiest divisions in the FBI, always
have the longest and most robust breathing and that's because
(16:08):
there are so many cyber attacks hitting our country.
Speaker 1 (16:12):
And what I mean you said, there are some companies
that are doing well to protect against these, but what
kind of things should companies be doing more of? What
is it that they do? Well? You know how you
know if every day there's some sort of hack like this,
I mean, what's the solution.
Speaker 3 (16:31):
Well, I think first and foremost understanding your infrastructure in
your system. I know that sounds obvious, but you'd be
surprised at how many organizations, and this is not a
criticism I've been there, don't fully understand the state of
their of their systems today. Because not only do we
try to fortify our defenses, essentially put up stronger walls,
(16:54):
stronger doors, put new locks on the door, see what's
happening inside, because many times, as we seen from the
Bureau's perspective, that companies didn't know that someone had committed
an intrusion. And we've been inside in from a long period.
In so, mitigating that risk and the damage from that
intrusion requires not only fortifying your defenses, but also periodically
(17:19):
looking back inside, taking time to conduct that kind of
screening of their systems. Training, as simple as it sounds,
is important. My understanding is that the leading cause of
a cyber hack is from some kind of social engineering
where the bad actors trick the sub employee to give
(17:42):
them access by clicking on a link. Business email compromise
schemes are one of the fastest growing frauds in our country.
That's where bad actors will trick somebody in the company
to provide them information that can allow for a large fraud.
We had an example recently that was facilitated by artificial
(18:02):
intelligence where bad actors in a different country used AI
to trip an accountant in the company to wired millions
of dollars of the company's funds to an account overseas
by impersonating the CEO. I think about how challenging that
must be to impersonate your own CEO get you to
wire and morning tune accounts that you didn't recognize. But
(18:25):
those are the kinds of threats we're dealing with, and
so that's why training is such an important function. But finally,
I will say, you know, and I've left the FBI,
but I sincerely believe that having a strong relationship with
the Bureau or another agency that focuses on cyber threat
is important. Going back to that morning briefing that I
(18:46):
described a few minutes ago, when the Cyber Division would
tell us about the recent attacks, almost always the examples
or the case studies that would result in really bad
results like tons of damage to the company were where
there was not a pre existing relationship between the company
(19:09):
and the bureau. Conversely, the stories that had the veterans
where the Bureau was able to help the company prevent
the attack or mitigate the damage was where there was
an existing relationship. And that's because the FBI's cyber division
has invested so much time in becoming more victim centric
(19:31):
and forward leaning that they want companies to call them
not only when there was an attack, but long before
there was an attack to forge that relationship. There's an
example where the cyberdivision of a foreign ally contacted the
FBI to say, we see Iran about to launch an
attack on a company in the US. Because the FBI
(19:55):
field office in the state where that company was located
knew the many a cheap information security officer by his
first name and had his cell phone number, they were
able to get word to that company to take it
off line, all within an hour of when the foreign
government first contacted the bureau. The whole thing took an hour,
(20:17):
and they're able to invent the attack.
Speaker 1 (20:20):
That's a really powerful example. Good anecdote so you mentioned
AI and you gave that example of a deep fake
being used to basically trick someone to why millions of dollars.
You know, we hear about AI every day. We hear
about all the efficiencies that it's going to bring, and
certainly there are a lot, but you know, like the
(20:42):
example you just gave, there's obviously a lot of nefarious uses.
Speaker 3 (20:45):
For it too.
Speaker 1 (20:46):
How do you balance how do you think about this
balance between you know, the benefits that AI can bring
versus these very dangerous risks.
Speaker 3 (20:58):
Well, certainly we see the amazing advance things in artificial intelligence,
everything from healthcare, pharma, and manufacturing to robotics and engineering.
AI enables businesses and governments to automate and save time,
but it also allows the bad actors to automate and
(21:20):
save time. At the Bureau, we are able to use AI,
and we're very transparent about our use to do things
with like facial recognition technology, how we triage the large
amounts of information that the Bureau would take in on
any given day, and also with things like translation and biometrics.
(21:42):
Bad actors can use AI to save time, to be
more efficient with their labor, to commit more effective fraud
and also to help them obfuscate when they commit their crimes.
And so we look at AI as both having tremendous
promise for society, but also, like many things, it also
(22:04):
brings peril. And advances in technology have expanded the attack
service that the government has to defend. So before protecting
a power plant was all about having a tall fence
and armed guards, but now today you have adversaries who
are attacking electrical grids through the Internet and using artificial
(22:26):
intelligence to get around the cyber defenses that have been
put up. We've seen AI used in a variety of
different ways with bad actors, not only nation state actors
but also criminal groups. We've seen terrorists using AI to
build detor bombs. We've seen cyber hackers using AI to
(22:48):
get around cyber security defenses, not only identifying the vultabilities
but then writing malicious code to exploit them. We've seen
mild predators using AI to victimize kids, usually through sextortion,
which is one of the fastest growing ways that bad
actors are victimizing kids. And we're seeing fraudsters using AI
(23:14):
to impersonate relatives to trick a victim, usually a grandparent Unfortunately,
it's just sending them thousands of dollars. You know, back
in the day, you have a bad actor overseas struggling
to write an email in English to trick somebody to
wire the money. But nowadays bad actors are using AI
(23:35):
to write beautifully written emails like the one that tricked
that accountant at that company. Invention a feman instagrat. I
would also note that when a nation state steals the
company's AI technology, which is happened, they can then use
that technology that they've stolen tomorrowing the trows of data
(23:56):
that they've already stolen. So I am talking about people's
republic in China who have spent a lot of time
in the rese sources stealing intellectual property and data from
American companies and then have been using AI as a
tool to mind that data so that they can leverage
(24:18):
it for other purposes.
Speaker 2 (24:22):
Well, you know, to continue on the AI front. I mean,
we just saw a Deep Seek a couple of weeks
ago and you know, come out and really changed the
AI game, you know, and it's possible, it's impossible to
talk about that without China. So I did want to
ask a question about China.
Speaker 3 (24:37):
You know a lot.
Speaker 2 (24:38):
Obviously, a lot of companies do business with China, would
like to operate in China. But the Chinese government is
a different entity than the United States government, and it
has its own challenges and opportunities. And indeed, we spoke
about cybersecurity earlier, you know, So what are the challenges
and opportunities for companies that are wanting to operate in China,
(24:58):
are currently operating in China.
Speaker 3 (25:00):
Know the way that I look at China now and
also when I was at the bureau, it's chime. It
represents opportunities in a variety of the ways. It's a
strong market with customers. It's got employees, some highly trained employings.
You have potential partners, join venor venture partners. There are
(25:23):
investors who some companies look to when they're developing their companies.
So I would never tell a business. I would rarely
tell a business, look, you can't do business in each other.
I just don't think that's a realistic approach to take
right off the glad. I do think though, it is
(25:44):
critical to understand the races, to go in with your
eyes wide oping and understand that some people you hire
might actually have affiliations with the PRC that could be
exploited to your disadvantage, or understanding that there might be
(26:05):
challenges with the supply chain down the road that you're
not seeing today, and so doing your due diligence on
the supply chaining, on your employees, on your partners is critical.
Understanding the risks from a technological perspective in terms of
how your communications and your data can be accessed in
(26:27):
a way that you don't want it to be. We've
seen situations where American companies have looked to work with
joint ventures or with investors from other countries in the
Far East and not knowing that partners of those investors
(26:47):
or joint ventures are actually in China in a way
that the US company was not aware. So there's a
lot to be wary of. There's reasons to go when
was your eyes wide open to conduct an extensive due
diligence and to understand that it's a balance that there
(27:08):
might be a terrific business opportunity that a company wants
to take advantage of, but they just need to balance
that opportunity with those risks. And I would recommend having
a risk based approach to taking on new employees, you know,
new partners, new investors.
Speaker 1 (27:29):
Speaking of China, I want to ask you about TikTok.
So you know, I have three teenage daughters who you know,
spend a lot of time on TikTok, much more than
I would like to see. But such as life, and
you know, I think in twenty twenty two, Director Ray
said TikTok is a national security concern. I think that's
(27:51):
probably what led one of the things that led to
Congress passing the law with overwhelming bipartisan support, that was
supposed to ban TikTok in the US or force ByteDance,
a TikTok's Chinese owner to sell it. TikTok sued challenge
of the law in court. The law was upheld by
the Supreme Court in January. But the law, you know,
(28:16):
it's not it's not really been enforced, and so as
it stands now, I actually I confirm as of yesterday
because my daughters were on it, you can still use
TikTok if it's on your phone. I believe you can still.
It's not available on the app stores, but I but
it is still being hosted, so it is still available.
If you were able to download it before before the
(28:39):
band took was supposed to take effect on January nineteenth.
You know, can you sort of just give us your
sense of what the national security concerns are around it?
How concerned should I be as a parent, and what
can I tell my kids to get them off that app.
Speaker 3 (28:58):
Oh, Elliott, I am certainly no actually on TikTok. I've
never been on it, and as far as I know,
my kids have not been on it. But maybe I
don't know for sure. Look, I think Director Ray, you're right,
was very adamant and ahead of the curve zone to
speed on his concerns, and I believe the Bureau's concerns
(29:20):
and the ICs concerns with TikTok. I think even before
you get to the technology itself, understanding that in China,
to do business in child, a business has to have
certain relationships with the PRC such that PRC can demand
(29:41):
two see their code, to see their data. Whether the
company shares or not, that's a whole other question. And
there is an expectation that's supported by authority that companies
will share certain information that here in the US we
don't expect from our companies. I think there's also a
(30:02):
risk that the algorithm can be misused and manipulated to
spread disinformation. Some people say to me disinformation like that's harmless,
but actually it's really not. I can tell you that
from the FBI's perspective, over the last year, we saw
(30:23):
a tremendous amount of disinformation coming into our country, not
only from China, but from Russia, Iran and other countries.
And that information can be very effective in undermining confidence
in our institutions, in getting Americans to believe things that
are just not true. And so disinformation is dangerous and
(30:46):
it's a growing problem. But also if you have people
on an app where you are able to access the data,
you can use that data in various ways, some of
which are not about dangerous, really more competitive intelligence, but
some of them can be dangerous. So people have said,
(31:09):
to me, who cares if my kid is sharing his
or her data with the PRC. What two things I
would say to that. First, the can may not care,
but the kid's parents my king. And if that kid's
parent is in a significant position within the government or
within his company, there're gonna be information being shared on
(31:33):
TikTok about that parent, where they are, where they live,
What they're doing that that parent would not want out there.
Certainly not for the public to suit, but definitely not
for Chinese government. Also, I would tell the kid, just
as a side at leat, that you may not care now,
(31:53):
but when you're applying to college, or when you are
applying for your job, thing for office, or traveling to
China for recreation or business, you may not want to
have had that information being collected by the PRC. Elevins
in year. Finally, another thread I think is if you
(32:13):
download the app onto your phone, I guess there is
a risk that you could be downloading some kind of
malicious dollar onto your phone. I'm sure there are other
national security threats I'm not mentioning here, some of which
are better communicated in a secure facility, But those are
just some of the ones that come to mind.
Speaker 1 (32:36):
I'll definitely make sure my daughter's listened to this episode,
and then maybe I'll send them to a skiff with
you to get more information later.
Speaker 3 (32:43):
Sounds good.
Speaker 2 (32:43):
I was going to make a bad joke about the
Bloomberg you know, votes in Verdicts being a secure forum,
but that, yeah, but you know, so let's pivot a
little bit. Let's talk about crypto, you know in the
United States. You know, my view is is that the
digital assets sector is about to see a more friendly
regulatory regime, whether it's in Congress or the Securities in
Exchange Commission. And there's certainly a lot of opportunities for
(33:04):
that sector in terms of innovation. There's also a lot
of criticism that digital assets are used by criminals for
money laundering and other crimes, including drug and human trafficking.
So how do you think about crypto And I know
your firm, Fenwick is a sizeable blockchain and crypto practice.
You know, what are the types of crypto's rules and
regulations would you like to see promulgated and pushed forth
(33:25):
by the Trump administration.
Speaker 3 (33:27):
When I was at the Bureau and at DOJ, people
in the industry sometimes would be surprised to hear that
the government doesn't target any particular industric doesn't target any
particular modality. The FBI actually has a good relationship with
many companies in the cryptocurrency industry. The FBI stood up
(33:47):
the virtual assets in you there that works with other
parts of the government but also with the private sector
on trying to prevent those threats that you just mentioned
and so some of the challenges that we saw and
then we still continue to see. You know, the speed
at which transactions move can make it harder to recover
(34:10):
where it's stolen funds. While blockchain as a general matter
should make it easier to trace funds, it's not always
the case when funds are transmitted over seas, in particular
to jurisdiction where we don't have favorable anti money laundering laws.
Also seeing I think in twenty twenty three, there was
(34:31):
something like seventy thousand fraud complaints that the FBI took
in and involved in cryptocurrency. Most of them were related
to investments for all, but ten percent of all fraud
complaints involved cryptocurrency. That ten percent, that just that ten
(34:52):
percent represented about half all losses from fraud complaints. And
so what you're seeing is is bad actors using cryptocurrency
to commit fraud at a greater scale and at a
faster speed. Now, certainly cryptocurrency plays a productive role in
(35:14):
different ways, not only in the US but in other countries.
And from my perspective, formally from the Bureau and DOJ
now the cliving sector, it's important for us to try
to help the companies that are working in that space
for legitimate purposes, to help them continue to grow and survive,
(35:36):
to help consumers, prevent that technology being from being used
to victimizes. But to do that, we have to be
clear that there are bad actors who are leveraging the
technology and platforms commit fraud and also nation states using
it to steal assets. You know, ransom were attacks that
(36:01):
those funds are quickly transferred into cryptocurrency and sent overseas
and makes them much much harder for us to recover
those funds. So the way I look at it is
that there are companies who I want to work with
who are in the forefront of their technology that are
having an impact in a positive way, and to help them,
(36:24):
want to make sure that we are trying to weed
out the bad actors who are trying to weaponize that technology.
You know, one thing that people are always surprised by
is the Bureau actually brought a case in late twenty
twenty four where they went undercover with a fake crypto token.
(36:46):
You know, when you're working in a new industry and
you don't have years and years of experience and sources
built up, you have to find creative ways to get
at the criminal conduct. The Boston Field office CRADD a company,
graded a token, graded a website. It essentially went undercover
(37:07):
targeting a specific area of misconduct with certain companies. It's
not a not a phishing expedition. They were. They were
actually they had have predication to do this, and they
ultimately charged eighteen defendants, putting some market nagers in a
couple of financial services Fords were essentially conducting market manipulation
(37:30):
in that industry. And so it's interesting there were companies
who were very excited to hear that the Bureau did
because they share that perspective that hey, this is a
growing industry, but we got to keep the bad actors.
Speaker 1 (37:44):
I want to ask who about another sort of new technology,
and that that's drones. You know, I live in New Jersey,
so you know, I guess it was a couple of
months ago. You know, you couldn't go on minute without
you know, someone posting about drones overhead, you know. And
(38:05):
it's funny because I mean it eventually made it to
National News and was on CNN, but it was like
in my Facebook feed, you know, like a month before that,
and I thought these people were you know, conspiracy theorists,
but maybe they were, but you know, it became national news,
I think. But you know, both the Biden and Trump administrations,
you know, said that it's you know, nothing that people
(38:26):
should worry about. But I'm just curious to get your thoughts.
I'm sure a lot of it is classified information, but
you know, whatever you can share with us about your
thoughts about drones and drone technology and what you're watching
for in that space.
Speaker 3 (38:41):
Sure, I think drones and counter drone technology counter U
as one of the more interesting and potentially impactful technologies
that's being developed, and it's being developed at a great
pace for parts of lord, aren't sure. I had to
the pleasure when I was at the Bureau meeting with
(39:02):
a number of different companies, startups we're working in this space,
to see their technology. It's fascinating and their companies doing
amazing things. I think one of the challenges for our
country and for these companies of our extension is need
some clarity as to the legal authorities for operating drones
(39:24):
and then operating encounter drone technology. There are examples, as
you noted, where there have been sightings of drones, and
you're right, much of what I know is from the
classified setting, But bottom line is how the government approaches
the counter drone issue right now. Could use more clarity
(39:50):
in terms of the legal authorities, and also could use
more funding, given candid as to whether that goes to
the Bureau or to the Department and Homeland Security and
then down to state and local law enforcement. But there's
no question that there are significant threats that come with thrones.
(40:12):
You know, drones are being used every day legally for
legitimate purposes and are making different parts of our society
and one more efficiently. But there's also threats. We've seen
it with terrorist attacks here or we're overseas. We had
a terrible attack on the US base with the drone.
(40:33):
We saw it on October seventh when hamas and use
drones to attack his rule. We've seen it with bad
actors using drones to cross the border the southern border.
We've seen dangs using drones to drop contraband cell phones
in the prison yards. So it's important to recognize that
(40:55):
as great as this technology is, our country needs to
make sure that we have not only an illegal structure,
but also the funding and the motivation for companies to
continue to develop these technologies so that drones can be
used for good purposes. And you know, the counter UAS
sector is fascinating all the different ways that we can
(41:18):
try to take out a drone or there's challenges with it.
I've sat in meetings with the FBI's team that handles
counter you ass to talk about some of the challenges,
whether it's in a crowded city where there's all overwhelmed with
different radio frequencies and those civilians all over the place
that can get hit by a falling drone fee the
(41:38):
challenges doing it in the bounds or in the desert,
and so it's one of the more fascinating areas and
one that I hope to continue to work in.
Speaker 1 (41:47):
I'd never heard about the example of dropping phones into
prison life, but yeah, I'm sure there's a lot of
different use cases that I haven't thought of for drones
and all these other techno geez we've talked about. Just
one final substantive question for you before Nathan will ask
you one of our fun grab bag questions that we
(42:09):
always ask guests to end our episodes. But you know,
with the new administration, I guess with any new administration,
there are policy shifts that you see across different agencies,
but you know, particularly doj you know, I think just
in the last couple of days, the Trump administration said
that it wanted to sort of reduce enforcement of the FCPA,
(42:33):
the Foreign Corrupt Practices Act, which you know bars bribes
of foreign officials to get business overseas. You know, just
generally speaking, how you know, how do you have any
thoughts on how businesses should have approach these policy shifts
that you know invariably happen from one administration to the next, Like,
(42:55):
how do you maintain sort of continuity as priorities shift
in the government?
Speaker 3 (43:01):
Yeah, that's a great question. I mean, as a as
a lawyer practicing and see, everything's fine to altificate and
speculate about what's going to happen and where the priority
is going to go. As a business running a business,
it's obvious food it's more important. It's some clarity so
you can figure out how much to invest in different
compliances and whatnot. Different administrations change priorities over the four
(43:27):
years or eight years. But also if you're working, if
you're operating around the world, there are other countries like
the United Kingdom that have statues that impact their operations.
And so even if the US were to swear off
any particular statue, which I think is unlikely, that that
(43:50):
would last for a long time in our country where
the case, you have to, you know, navigate the different
statues in other countries. And it's also not just the
Department of Justice stead it was a player. You have
other revenstory seats. You have state AG's offices, many of
which have kind of over the years, tried to fill
(44:14):
the void when the federal government receives in certain places.
But also it's also just good business two make sure
that you're not paying brides in certain countries. You never
know what will develop in five years. You know, some
(44:36):
statutes have a five year statute of limitations, but some
administrations have before you stablished limitations. So I think it's
better to try to follow your principles and values. And
you know, certainly in the first year of administration, I
wouldn't make massive changes to a compliance program simply because
(44:57):
of a memo that came out of many one. I
try to be thought all about it and work with
your business team to see what makes sense for them,
because over the long term, you know, it can be
disruptive to a company to drastically change your compliance programs.
Going back and.
Speaker 2 (45:15):
Forth, Well, I think I want to take the question
from compliance to something a little bit more fun than
compliance and apologize to the compliance folks that that are
listening right now. We do love you. But the last
question that I have is something that we ask all
of our guests, and that is, if you were stuck
on a stranded island, desert island, what are the three
pieces of music that you would bring with you. We
(45:36):
asked this to evolve our guests. Albums, you know, musicians,
you know, songs, whatever you want to bring, it's you,
it's your your your choice. What are the three pieces
that you're going to bring.
Speaker 3 (45:49):
I need to get my work out in every day,
so I need guns in the roads is appetite for
destruction from my workhouse. Since I'm on a desert island,
I'm almost guaranteed to beach and so I need a
fun album by someone like Chapel Rome for the fun
beach days and then at night I'm trying to fall
asleep one of the stars. I need some soft classical
(46:11):
music like a violin and claring and.
Speaker 1 (46:14):
Something that's quite the array of choices g n R
to Chapel Rowne the classical. I like it. I like it.
Speaker 3 (46:28):
It's important in any environment to try to, you know,
continue to go with what works for you.
Speaker 1 (46:34):
Agreed, all right, I think with that though, we do
have to wrap up this episode of Votes and Verdicts.
John Lensner, thank you so much for coming on. It's
great to catch up with you and get all your insights.
We really appreciate you coming on this episode. And as
a reminder for all of our listeners, all of our
(46:54):
Bloomberg Intelligence research is available on the Bloomberg terminal at
b I go and with SAD. Thank you for listening,
and have a great day.
Host
Elliott Stein
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
The Breakfast Club
The World's Most Dangerous Morning Show, The Breakfast Club, With DJ Envy And Charlamagne Tha God!
The Joe Rogan Experience
The official podcast of comedian Joe Rogan.