Zarine Kharazian, Author at IELR Blog

International Cyber Operation Dismantles Andromeda Botnet

December 4, 2017 by Zarine Kharazian Leave a Comment

On Monday, Europol announced that, the Federal Bureau of Investigation (FBI), in cooperation with several European government and private sector partners, had dismantled the Andromeda botnet, the longest-running botnet in existence.

What is a botnet?

The term “botnet” is a portmanteau of the words “robot” and “network.” A botnet is a network of connected computers infected with malware. Botnets allow malicious actors to remotely control a large network of infected computers. Whoever is in control of the botnet can remotely direct the infected computers to send spam emails and viruses, mine Bitcoins, and record sensitive information by downloading keyloggers.

Botnets are also often employed by cybercriminals to launch denial of service (DoS) attacks. DoS attacks result in an interruption in the target’s services, and the owner of the targeted website must often pay the attackers a fee, or comply with some other demand, to regain control of their site.

The Andromeda Malware

According to the Europol press release, the Andromeda malware was detected or blocked on an average of over one million machines each month. Discovered in 2011, this malware is modular and dynamic. It does not have one particular use, but rather, can be modified for many uses through freely-available modules that function as keyloggers, form grabbers, rootkits, etc. The malware is often used to remotely direct computers on the botnet to install additional malicious software. There are many different versions of Andromeda, and they use a variety of infection methods, among them illegal downloads, phishing campaigns, and malicious attachments.

Connection to the Avalanche Platform

Andromeda was infamously used in the Avalanche network, an international criminal infrastructure platform that was dismantled by an international cyber operation in November 2016. Avalanche was used to launch massive malware attacks across the globe, and caused an estimated EUR 6 million in damages to the online banking system in Germany alone. In addition, experts estimate the malware attacks conducted via Avalanche cost hundreds of millions of euros worldwide.

In the end, taking down Avalanche for good demanded close cooperation from the prosecutorial and investigative arms of 30 national governments. The collaborators used a method called sinkholing to ultimately disable the platform. Sinkholing involves redirecting traffic between infected computers to servers controlled by law enforcement authorities or a security company, usually by assuming the domains used by the criminals.

Information obtained during the Avalanche investigation was shared with the appropriate authorities via Europol during the Andromeda case. Andromeda was subject to 48 hours of sinkholing, during which authorities collected approximately 2 million unique victim IP addresses from 233 countries.

Law enforcement authorities have arrested a suspect in Belarus, but have yet to reveal the suspect’s identity.

The Ties That Bind: Paradise Papers Reveal More Connections between Trump Officials and the Kremlin

November 6, 2017 by Zarine Kharazian 1 Comment

On Sunday, the International Consortium of Investigative Journalists (ICIJ), along with 95 media partners, among them the New York Times and the Guardian, leaked 13.4 million documents revealing information about the offshore tax investments of more than 120,000 high-profile individuals and companies to the public.

The project, called the “Paradise Papers,” included the names of Trump administration officials involved with offshore accounts linked to the Kremlin:

Commerce Secretary Wilbur Ross maintained a stake in a shipping company, Navigator Holdings, which includes among its clients the Kremlin-connected Russian petrochemical company Sibur.
Russian investor Yuri Milner, whose investments include a real estate company partly owned by Trump advisor and son-in-law Jared Kushner, used Kremlin-backed funds to invest heavily in U.S. social media companies, such as Facebook and Twitter.

While offshore investments are not illegal in and of themselves, Ross’s and Kushner’s financial ties to Russia are worth particular scrutiny against the backdrop of Mueller’s investigation, as well as revelations about the sheer scope of the systematic Russian propaganda operation mounted on U.S. social media platforms during the 2016 election.

To explore the full extent of over a dozen Trump advisers’ and backers’ offshore connections, visit the ICIJ’s “The Influencers” project page.

ICC Chief Prosecutor Requests Judicial Authorization to Investigate Possible War Crimes in Afghanistan

November 3, 2017 by Zarine Kharazian 2 Comments

On Friday, the International Criminal Court’s (ICC) chief prosecutor, Fatou Bensouda, announced that her office would be seeking authorization to launch an investigation into possible war crimes committed during the U.S. intervention in Afghanistan. Bensouda, a Gambian lawyer, said in a statement:

For decades, the people of Afghanistan have endured the scourge of armed conflict. Following a meticulous preliminary examination of the situation, I have come to the conclusion that all legal criteria required under the Rome Statute to commence an investigation have been met.” In due course, I will file my request for judicial authorisation to open an investigation, submitting that there is a reasonable basis to believe that war crimes and crimes against humanity have been committed in connection with the armed conflict in Afghanistan.

The ICC made public its preliminary examination into the situation in Afghanistan in 2007. In a 2016 report, the Office of the Prosecutor concluded that “there is a reasonable basis” to believe that the following crimes were committed:

Crimes against humanity and war crimes by the Taliban and the Haqqani Network;
Torture and “ill-treatment” by Afghan government forces, including national intelligence and law enforcement agencies;
War crimes of torture and “related ill-treatment” by U.S. military forces deployed in Afghanistan, as well as by the Central Intelligence Agency (CIA) in various detention facilities from 2003-2004, and possibly up to 2014.

Afghanistan ratified the Rome Statute, the treaty from which the ICC derives its jurisdiction, in February 2003. The Office argues that the ICC thus has jurisdiction over Rome Statute crimes committed in the country, including those committed by U.S. military and intelligence officials, from May 2003 onwards. The U.S. government, however, may protest the ICC’s claim to jurisdiction over Americans operating in Afghanistan by countering that the U.S. has never ratified the Rome Statute, and thus has not delegated to the international court criminal jurisdiction over U.S. nationals.

The ICC has faced fierce criticism from various governments, especially from African nations, for its perceived pro-Western bias. Since the court’s founding, nine out of the ten cases (the exception of Georgia) that have advanced to the full investigation stage have involved countries located in Africa. As far as individuals, the court has only investigated Africans leaders thus far.

The perception that the ICC is biased against Africans and in favor of the West has fueled a crisis of legitimacy regarding the international court, with several countries, among them Sudan, Gambia, South Africa, and Burundi, announcing their intent to withdraw from the Rome Statute in the near future. Just last week, Burundi became the first country to officially leave the court.

Bensouda’s decision to push ahead with the Afghanistan investigation, especially if her office delves into American military and intelligence officials’ possible culpability in the conflict, has the potential to revive non-Western countries’ faith in the ICC, which would in turn help bolster the court’s legitimacy.

Neither the CIA nor the Trump administration has commented on Bensouda’s decision thus far. If the investigation is approved by the judges, Bensouda may take several months to decide whether to bring charges, and if so, against whom.

Spanish Prosecutor Requests European Arrest Warrant for Deposed Catalan President

November 2, 2017 by Zarine Kharazian 1 Comment

Image result for puigdemont

Spain’s state prosecutor has requested that a national high court issue a European arrest warrant for deposed Catalan president Carlos Puigdemont for his failure to return to Madrid to testify before the national court, the Guardian reported this morning.

Spain’s national court had summoned Carlos Puigdemont to testify with regards to the Catalan parliament’s declaration of independence from Spain last Friday. Puigdemont and 13 members of his administration face possible charges of rebellion, sedition, and misuse of public funds.

On Monday, just hours after Spanish officials announced that they intended to prosecute leaders of the Catalan separatist movement on rebellion charges, the Spanish press reported that Puigdemont, along with several other Catalan ministers, had arrived in Belgium. Speculation ensued that Puigdemont intended to seek political asylum from Brussels. The ousted president refuted the claims at a Tuesday press conference.

As several senior members of his administration, among them the speaker of the Catalan parliament, Carme Forcadell, and five other deputies arrived in Madrid to testify at a Thursday morning hearing, Puigdemont remained in Belgium. His attorney, Paul Bekaert, emphasized that his client would cooperate with Spanish and Belgian authorities if asked.

The Belgian government has extended no overtures to Puigdemont thus far. “He will be treated like any other European citizen,” Belgian Prime Minister Charles Michel stressed in a statement. “He has the same rights and duties… no more, no less.” EU citizens can apply for political asylum in Belgium, but such cases are rare. Only 49 such applications were filed last year, according to the Financial Times.

Does the EAW Apply to Political Crimes?

The Council Framework Decision of June 13, 2002, the document establishing the legal basis of the European arrest warrant, states that EU Member States have an obligation to execute an EAW issued by a fellow Member State “on the basis of the principle of mutual recognition.”

The Framework Decision also notes grounds for exceptions to this obligation, however. In particular, the decision explicitly states that it does not prohibit Member States from refusing to surrender a person “for whom a European arrest warrant has been issued when there are reasons to believe, on the basis of objective elements, that the said arrest warrant has been issued for the purpose of prosecuting or punishing a person on the grounds of his or her sex, race, religion, ethnic origin, nationality, language, political opinions or sexual orientation, or that that person’s position may be prejudiced for any of these reasons.”

Puigdemont faces an uphill legal battle to demonstrate to Brussels that he would not be guaranteed a fair trial or subject to discrimination in Spain. While discrimination on the basis of political opinion may be grounds for non-execution of the EAW, serious criminal charges of a political nature, such as rebellion and sedition, are usually extraditable offenses.

Burundi Becomes First Nation to Withdraw From the International Criminal Court

October 27, 2017 by Zarine Kharazian 5 Comments

Burundi President Pierre Nkurunziza |Source: CNN

On Friday, Burundi officially withdrew from the International Criminal Court (ICC), an ICC spokesperson has confirmed. Last October, Burundian President Pierre Nkurunziza signed a decree to withdraw the country from the Rome Statute, the treaty that established the International Criminal Court’s (ICC) structure and jurisdiction. That withdrawal takes effect today. The small east African nation is the first country to ever withdraw from the court, which was established in 1998 to try high-level war crimes and other crimes against humanity, such as genocide.

2015 Political Violence Triggers ICC Investigation into Nkurunziza’s Administration

President Nkurunziza’s decision comes amidst increased scrutiny of his administration from the court following a period of political violence in Burundi. The violence began in April 2015, after Nkurunziza announced his decision to run for a third presidential term. His announcement triggered a failed military coup, widespread protests, and a fierce and violent crackdown on the opposition that has left more than 430 people dead. According to the U.N. Refugee Agency, more than 300,000 Burundians have fled the country since the protests began. Most have sought refuge in neighboring Tanzania and Rwanda.

In April 2016, the ICC’s chief prosecutor, Fatou Bensouda, announced that she was launching a preliminary investigation into the situation in Burundi. “My Office has reviewed a number of communications and reports detailing acts of killing, imprisonment, torture, rape and other forms of sexual violence, as well as cases of enforced disappearances,” Bensouda stated. “All these acts appear to fall within the jurisdiction of the ICC.”

Will Other States Follow Suit?

Burundi is accusing the ICC of being biased against African states. This allegation is not novel; in February 2017, the African Union made headlines by passing a non-binding resolution calling for the withdrawal of its member states from the ICC. The resolution cited the “systemic disadvantage” that African nations face before the court as grounds for the withdrawal. To date, four out of ten of the court’s preliminary examinations and nine out of ten of the cases that advanced to the full investigation stage have involved African states. In addition, all of the individuals brought to trial before the ICC have been African. Bensouda has previously pointed out, however, that in six of the nine Africa-based cases under full investigation, the court intervened at the request of the country involved.

The African Union’s resolution, however, proved unsuccessful. Of the 55 member states, only Burundi, South Africa, and Gambia announced an intention to withdraw from the ICC, and Sudan and Gambia later retracted their pledges.

It remains to be seen whether Burundi’s withdrawal will inspire other African states under international scrutiny to do the same. The African continent’s attitude towards the ICC is by no means monolithic – several African countries, among them Nigeria, Senegal, and Botswana, either rejected the African Union’s “collective withdrawal” resolution outright or later expressed regret at their fellow member states’ decisions to withdraw.

Nonetheless, the perception held by many that the ICC disproportionately targets Africans and undermines African states’ sovereignty undercuts the court’s legitimacy. As an international body, the court lacks an enforcement mechanism; instead, it relies on its member states to execute warrants of arrest. If African states perceive bias against them in the court’s investigations, they will be less likely to fulfill their “duty to cooperate” per the Rome Statute. In short, the ICC has an image problem – and that problem in turn impairs the international court’s ability to dispense justice.

U.S. Lifts Visa Ban on Magnitsky Activist Bill Browder

October 25, 2017 by Zarine Kharazian Leave a Comment

Bill Browder, a billionaire hedge fund manager known for his full-throated criticism of the Kremlin’s human rights abuses, has had his U.S. visa restored after an initial ban triggered as a result of an INTERPOL red notice issued against him.

Browder, who traded his American citizenship for British citizenship to avoid paying US taxes on foreign investments, rose to prominence in 2008 when his Russian tax attorney and friend, Sergei Magnitsky, died under mysterious circumstances in a Russian prison just days after his scheduled release. In 2008, Magnitsky had uncovered and publicized a $230 million tax fraud scheme implicating the Russian government, and had been investigated and imprisoned by Russian authorities as a result. Following Magnitsky’s death, Browder initiated a campaign calling for the international community to punish Russian government officials linked to Magnitsky’s death.

Browder’s campaign proved largely successful. In 2012, Congress passed the Magnitsky Act, which imposed sanctions and asset freezes on at least 18 individuals implicated in Sergei Magnitsky’s death, as well as other human rights abuses. Russia responded to the legislation by banning U.S. adoptions of Russian children.

Interest in the Magnitisky Act resurfaced in recent weeks following revelations in July 2017 that Donald Trump Jr. met with a Russian attorney, Natalia Veselnitskaya, during the elder Trump’s campaign. Trump Jr. has claimed that the meeting primarily concerned discussion of the Magnitsky Act, which Veselnitskaya had lobbied against in 2012.

In an interview with Newsweek, Browder said that he learned of the ban when the U.S. Department of Homeland security denied his application for an Electronic System Travel Authorization. According to statistics released by DHS, over 99% of all ESTA applications are approved within 5 seconds. Browser took to Twitter to voice his frustration on Saturday:

Not only did Putin add me to the Interpol list, but the US simultaneously revoked my visa. @jaynordlinger explains https://t.co/d8KskJ5CTK

— Bill Browder (@Billbrowder) October 22, 2017

Browder believes that the ban was triggered by an INTERPOL Red Notice issued against him at Russia’s request. INTERPOL’s infamous red notice “is the closest instrument to an international arrest warrant in use today,” according to the Department of Justice’s U.S. Attorneys’ Manual. The Kremlin has attempted to use the international police agency’s red notice system to punish Browder four times before, but all prior attempts had been rejected by INTERPOL’s internal oversight body on the grounds that they were politically motivated.

The International Enforcement Law Reporter has covered the abuse of INTERPOL’s notice system in recent issues. For more analysis of the phenomenon, see “INTERPOL Red Notice Abuse: Which Member Countries are the Primary Offenders?” and “Mass Prosecutions and INTERPOL Red Notice Abuse,” both by Yuriy Nemets, in the International Enforcement Law Reporter.

Justice Department and Microsoft Set to Square Off Before Supreme Court In Landmark Data Privacy Case

October 18, 2017 by Zarine Kharazian 2 Comments

Yesterday, the Supreme Court granted the Department of Justice’s petition for a writ of certiorari in its dispute with Microsoft over access to private emails stored at Microsoft’s Dublin, Ireland data center. At issue is whether the warrant provisions of the Stored Communications Act (SCA) apply extraterritorially, such that they compel Microsoft, an electronic service provider to produce private electronic communications stored on servers in Ireland for the United States government.

Background

In December 2013, the Justice Department served a warrant to Microsoft, compelling the company to disclose information pertaining to a user’s email account. The government asserted that it had probable cause to believe that the account was being used to facilitate criminal drug activity.

The Stored Communications Act (SCA) – which is part of the broader Electronic Communications Privacy Act (ECPA) of 1986 – allows the government to require that an electronic communications provider disclose information about a particular communication upon being served a probable-cause-based warrant. A federal magistrate judge issued such a warrant in this case.

In response to the warrant, Microsoft turned over the information pertaining to the account stored on its U.S. servers, such as the user’s address book. The company refused, however, to turn over the information stored in Dublin. Microsoft assigns accounts to particular data centers based on their proximity to users’ country of residence. The account in question had been assigned to Microsoft’s Dublin center, and thus all of the account’s email content – the subject lines as well as content of emails – was stored solely in Dublin, not in the United States.

Microsoft argued that the U.S. government could not invoke the Stored Communications Act to compel the production of data stored in a foreign country. Instead, the company stated that the U.S. government had to obtain the consent of the Irish government first, by utilizing an alternate channel established for obtaining such communications: the United States’ Mutual Legal Assistance Treaty (MLAT) with Ireland.

A district court, however, affirmed the magistrate judge’s ruling on de novo review, and held Microsoft in contempt for failing to comply with the warrant.

The case then came before the Second Circuit Court of Appeals. In a unanimous decision, the Second Circuit reversed the district court’s ruling, reasoning that the lower court “lacked authority to enforce the Warrant against Microsoft,” on the grounds that “[n]either explicitly nor explicitly does the statue envision the application of its warrant provisions overseas.”

Now, the case is set to go before the Supreme Court during its 2017-2018 term.
Modernizing Data Privacy Protections: The Role of Congress or the Courts?

In a blog post posted on October 16, 2017, Microsoft’s President and Chief Legal Officer, Brad Smith, argued data privacy laws in the United States should be modernized. “The current law, ECPA, was enacted in 1986 when the World Wide Web was still a few years away from being invented and no one conceived of conducting most work and personal business online,” Smith writes. “A world connected by cloud services simply didn’t exist. The ways in which we communicate have radically changed over the past three decades — but the laws governing those communications haven’t. Current laws don’t adequately support the needs of law enforcement anywhere in the world or protect our rights.”

Smith stresses, however, that it is Congress, not the courts, who should take the helm in this effort. “We believe that rather than arguing over an old law in court, it is time for Congress to act by passing new legislation, such as the International Communications Privacy Act (ICPA) of 2017.”

Smith’s argument here – that data privacy laws should be modernized by passing new legislation in Congress, rather than by challenging existing statutes in the courts – echoes the argument put forth in Microsoft’s opposition brief. “Congress alone has the authority and the institutional competence to craft a new legislative scheme for a world not anticipated in 1986,” Microsoft’s counsel writes. “And it has remedial options simply not available to this Court.” Microsoft argues that the courts, in interpreting the Stored Communications Act, have traditionally employed an “all-or-nothing” approach with regards to the question of extraterritoriality–either law enforcement may compel production of all communications stored abroad, or it may demand none of it. This approach thus risks disrupting “the ‘harmony’ between nations that is ‘particularly needed in today’s highly interdependent commercial world.’”

Interestingly, the digital privacy groups that submitted a joint amicus curiae brief in support of Microsoft’s petition before the Second Circuit veered away from Microsoft’s choice-of-forum argument. Rather than supporting Microsoft’s assertion that it is the job of Congress, not the Court, to modernize the SCA, the privacy groups – namely, the Brennan Center for Justice, the American Civil Liberties Union, the Constitution Project, and the Electronic Frontier Foundation – make a different argument altogether. They state in their brief:

Modern technology has dramatically expanded the reach of the doctrine far beyond records of bank transactions and telephone calls. The Supreme Court recognized this problem in Riley, reasoning that Fourth Amendment privacy protection must account for this new technological reality. There, in holding that cell phones may not be searched under the search-incident-to -arrest warrant exception, the court noted that modern cell phones—just like cloud-based email—are capable of storing a vast amount of personal information and thus deserve the highest privacy protections.

Here, the amici curiae apply a Fourth Amendment analysis – an amendment that Microsoft does not even mention in its brief — to the question of whether the SCA applies extraterritorially. It remains to be seen whether the Supreme Court will be sympathetic to Microsoft’s and the supporting amici curiae’s arguments. Whether or not the Justices side with Microsoft, the line of reasoning they choose to privilege in their opinions –either the choice-of-forum or the Fourth Amendment analysis – will have implications for how similar legal quandaries are framed in the future.

Take a look at the case filings here.

Leaked Video Implicates Venezuelan President in Odebrecht Bribery Scheme

October 16, 2017 by Zarine Kharazian 1 Comment

President Nicolàs Maduro of Venezuela has become the latest Latin American leader implicated in the Odebrecht bribery scheme, the New York Times reported last Thursday.

In a leaked video published on the blog of Luisa Ortega, Venezuela’s ousted attorney general, Euzenando Prazeres de Azevedo a manager of Odebrecht’s Venuzela arm, says that a representative of Maduro asked him for “a large sum” during Maduro’s 2013 presidential campaign. “He asked for 50, I accepted to pay him 35 million,” Azevedo admits in the video, which was filmed by Brazilian prosecutors last December.

Two days after releasing the initial video, Ortega posted a second video on her blog in which Azevedo claims that, from 2004 to 2013, Odebrecht contributed extensively to Venezuelan political campaigns at the federal, state, and municipal levels. “We were always looking to contribute to these campaigns, and we contributed to many of them, specifically in those states and the municipalities where we had projects,” Azevedo says in the video.

Ortega released the second video on the eve of Venezuela’s gubernatorial elections. Despite polls predicting an opposition victory, Maduro’s Socialist Party won 17 governorships, while the rival Democratic Unity coalition captured only five. Maduro’s alleged involvement in the Odebrecht bribery scheme has thus far gone unreported in the Venezuelan state media.

Ireland’s High Court Refers Schrems II to Europe’s Highest Court: Implications for E.U.-U.S. Relations

October 11, 2017 by Zarine Kharazian Leave a Comment

Austrian privacy activist Max Schrems | Photograph: Christian Bruna/AFP/Getty Images

Ireland’s High Court has asked the European Court of Justice to rule on the legality of Facebook and other U.S.-based technology companies’ transfer of EU citizens’ data to the United States. The case, called The Data Protection Commissioner v Facebook Ireland Limited and Maximillian Schrems, has huge implications for data privacy and E.U.-U.S. relations.

Background

Schrems I – Safe Harbor

In June 2003, Austrian law student Max Schrems filed a formal complaint against “Facebook Ireland LTD,” Facebook’s Ireland subsidiary, before Ireland’s national data protection authority. Schrems, a Facebook user, alleged that Facebook Ireland LTD was violating the Irish Data Protect Act by outsourcing the processing of his data to “Facebook Inc.,” the social media giant’s U.S. headquarters. Section 11 of the Irish DPA states:

The transfer of personal data by a data controller to a country or territory outside the European Economic Area may not take place unless that country or territory ensures an adequate level of protection for the privacy and the fundamental rights and freedoms of data subjects in relation to the processing of personal data.

Schrems argued that, following the Snowden revelations that identified “Facebook Inc.” as a voluntary participant in the NSA’s PRISM mass surveillance program, the Ireland DPC could not guarantee that Schrems’s data was subject to “an adequate level of protection” upon transfer to the United States.

Initially, the DPC declined to take Schrems’s case, citing the 2000 Safe Harbor Decision, under which the European Commission determined that companies participating in the U.S.-E.U. Safe Harbor Framework provided “an adequate level of protection” with regards to data privacy. But an appeal from Schrems eventually brought the case before the High Court, which in 2014 agreed to refer several questions to the CJEU. In a landmark ruling, the CJEU invalidated the U.S.-E.U. Safe Harbor Agreement, finding that the framework did not adequately guard against “interference, founded on national security and public interest requirements or on domestic legislation of the United States, with the fundamental rights of the persons whose personal data is or could be transferred from the European Union to the United States.”

Schrems II—Standard Contractual Clauses

The case made its way back to the Irish High Court, which in turn remitted the complaint back to the DPC. The DPC started an investigation into the case, and invited Schrems to reformulate his complaint in light of the ECJ ruling on the Safe Harbor Agreement.

For his reformulated complaint, Schrems contacted Facebook, requesting that the company identify all of the legal bases upon which it relies to transfer user data to the United States. Facebook referred to a data transfer and processing agreement dated November 2015, which relied on the European Commission’s standard contractual clauses decision of 2010. Standard Contractual Clauses (SCCs, also called “Model Clauses” or “Model Contracts”) are sets of clauses issued by the Commission in order to provide adequate data privacy safeguards during the transfer of personal data from the E.U. to third countries who do not guarantee “adequate” protection per E.U. standards. Companies based in third countries, including the United States, can employ the clauses verbatim to ensure timely approval of their data transfer protocols.

In his reformulated complaint, Schrems attacks the legitimacy and binding status of the SCCs. In particular, he argues that the DPC is not bound to respect Facebook’s cited SCC because U.S. surveillance programs, namely PRISM, violate Article 7 and 47 of the Charter of Fundamental Rights of the European Union as well as the Irish Constitution, and, further, that all SCCs, including the cited SCC, provide an “emergency clause” that “takes account of a situation where national laws of a third country override these clauses and allows [data protection authorities] to suspend data flows in the situation.”

In May 2016, the Irish DPC’s office announced that, after conducting its investigation into the matter, it did not find that SCCs could adequately address the data protection deficiencies of U.S. law. Since the SCCs were established by the European Commission, however, the DPC acknowledged that it did not have the authority to unilaterally declare them invalid. It thus brought the case back before the Irish High Court, seeking a referral to the CJEU. Last Tuesday, the High Court agreed to refer the case to Europe’s highest court.

So What?

Implications for U.S.-EU Trade

The E.U.-U.S. trade relationship is the most robust trade relationship in the world, accounting for 30-40% of global trade in goods and services. The transatlantic flow of data underpins and sustains this relationship. Multinational companies in the U.S. and E.U. regularly send data to and receive data from their subsidiaries across the Atlantic for communications, human resources, and research and development purposes. Furthermore, many goods and services, such as online banking, telecommunications, and advertising are now primarily delivered over the Internet. According to a Brooking Institution report, these “digitally-deliverable services” constitute over 60 percent of exports for the U.S. and over 55 percent of exports for the European Union.

Cases such as Schrems I and Schrems II risk disrupting the free flow of data between the United States and the European Union. By creating legal and regulatory uncertainty about proper data transfer protocol, these cases raise the costs and risks to U.S. companies of doing business in Europe. These increased costs and risks in turn discourage U.S. companies from engaging with European businesses and consumers. Legal and regulatory barriers to transatlantic data flows prove particularly costly for small businesses, which often lack both the financial and human capital required to navigate cumbersome regulations.

Implications for Transatlantic Law Enforcement and Intelligence Cooperation

While the potential implications of the E.U.’s fervent data protectionism on trade and the global economy have been extensively discussed, the potential effects on another area of strong E.U.-U.S. cooperation – law enforcement and intelligence sharing – have thus far been largely neglected.

U.S. intelligence capabilities, especially with regards to signals intelligence (SIGINT), dwarf those of E.U. member states, and the E.U. has heavily relied on U.S. intelligence for decades. Washington and London have had a long-standing intelligence sharing pact called the UKUSA Agreement since 1946. Both are key members of the Anglo-American intelligence sharing group known as Five Eyes, alongside Canada, Australia, and New Zealand. Furthermore, documents leaked by Edward Snowden reveal several tiers of intelligence-sharing alliances that count both the United States and several European countries as members, among them Denmark, Germany, Italy, Sweden, Spain, and Switzerland. Following the November 13, 2015 terror attacks in France, Washington also agreed to boost its sharing of raw operational and military intelligence with Paris.

In short, if Brussels continues to erect barriers to data flows to and from Washington, many E.U. member states may have to forfeit some of their VIP access to American intelligence as well.

The Master of Arts in Financial Integrity-Case Western Reserve University

September 29, 2017 by Zarine Kharazian Leave a Comment

The Master of Arts in Financial Integrity – Case Western Reserve University

The course of study is intended for professionals who design and implement anti-money laundering, counter-terrorism, counter-proliferation financing policies and related integrity initiatives. Taught by leading academics and practitioners from around the world, the MAFI program is the first of its kind offered by a major research university.

To obtain the MAFI degree, students must successfully complete eight courses for a total of 32 credits. The 2017-2018 MAFI tuition rate is $2,106 per credit hour. Scholarship aid is available.

Program Format

Courses are conducted for 16 months through a series of intensive, weekend sessions held on Friday, Saturday, and Sunday. Students may participate via video conferencing. The next cohort, beginning October 20, 2017, will be taught in Washington, D.C., USA.

Required Courses

Electives

Admissions Requirements

Applicants should have a BA or equivalent degree and professional experience in financial integrity or a related field.

The application deadline is October 16, 2017.

Frequently Asked Questions

What about remote attendance?
Courses are available remotely through live video conferencing. However, students are urged to attend as many classes as possible to ensure both in depth learning and professional networking.
What time are classes held?
The classes are held one weekend a month from 9 a.m. – 5 p.m. Friday, Saturday, and Sunday.
Is financial assistance available?
Yes! We have financing to provide merit scholarships. Other types of aid may include government loans and financial assistance through employers.
How long does it take to complete the degree?
October 2017 to December 2018, or 16 months.
What are the admissions requirements?
BA or professional experience in financial integrity or a related field.

Complete information on course content and our internationally recognized stellar faculty can be found at http://www.law.case.edu/Academics/Degrees/Master-of-Arts-in-Financial-Integrity

For more information contact MAFI@case.edu.