Back in the early-1990s, when Arizona Attorney General Mark Brnovich started his legal career, the internet barely existed, no one knew what a “web page” was, phones were not smart, and people could not commit many crimes using a computer keyboard.
Times have changed. And now, as Arizona AG and chairman of the Conference of Western Attorneys General (CWAG), Brnovich is in a perfect position to analyze and comment upon the many ways in which technology has impacted the job of Attorneys General everywhere. Among Brnovich’s top concerns these days is figuring out how to combat the escalating scourge of cybercrime while also respecting people’s right to privacy in the digital realm. As AG, Brnovich is also mindful that government overreach can stifle business innovation, so he tries to use his office to create a level playing field for all.
“I start off with a broad philosophy that the government shouldn’t be in the business of second-guessing business decisions,” says Brnovich. “My role as AG is to enforce the rule of law and make sure everyone is playing by the same rules.” To those who don’t want to play by the rules, his message is stern: “I tell people in the business community, we’re not going to second-guess your decisions, but if you are doing something illegal or inconsistent with state law, we’re going to come down very, very hard on you.”
Checks & Balances
A passionate student of legal history, Brnovich grounds his law-enforcement philosophy in a nuanced understanding of how the Founding Fathers envisioned the American system of checks and balances, particularly the relationship between state and federal governments. “Justice Brandeis used to talk about states being the laboratories of democracy,” says Brnovich. “Clearly, the framers envisioned a limited federal government, and they understood that not all states are the same. What’s going on Arizona may not be the same as what’s going on in California.”
That said, Brnovich also warns that one of the unintended consequences of technology is a significant shift in power from the states to the feds, due in part to national security threats that are increasingly technological in nature. One thing the Founding Fathers could not anticipate, for example, is the need for cybersecurity and data privacy in a world increasingly dependent on, and vulnerable to, ever-more-sophisticated forms of technology. One of Brnovich’s concerns is that the federal government may overreach in an attempt to regulate and control cyberspace, and that the impulse to protect citizens could put the United States as a whole at a competitive disadvantage with the rest of the world.
“I think it’s good to have some tension between the state and federal governments about how things should be regulated. At the same time, when it comes to developing technology and the internet, we don’t want to create a system where we’re hampering technological development…”
“I think it’s good to have some tension between the state and federal governments about how things should be regulated,” says Brnovich. “At the same time, when it comes to developing technology and the internet, we don’t want to create a system where we’re hampering technological development” by forcing all states to adhere to rules developed in, say, California, that then become the “national standard.”
Enforcing the Law
As a law-enforcement officer, however, Brnovich is concerned about the growing sophistication of cybercriminals and the government’s ability (or lack thereof) to catch them. One of the reasons cybercrime is so attractive, after all, is that the risk of getting caught is very low. Thousands of businesses are hacked every day, but only a small handful of the individuals involved are ever caught because most competent hackers know how to cover their tracks. People who commit cyber-fraud against seniors or organize phishing scams are usually less sophisticated, but jurisdictional issues and meeting the burden of proof in cybercrime cases can make prosecuting them extremely difficult. Also, in the technological arms race between criminals and government officials, the government tends to have difficulty keeping up.
“One of the things I really wish we had is more agents who are tech-savvy,” says Brnovich. “I have a basic understanding of technology, but we need more young people with a technological skillset — people who understand these issues intuitively, because they’re part of the technology generation — to work in the public sector.”
Still, AGs are not powerless in the face of techno-crime. Recently, Brnovich joined many other AGs around the country in pushing for legislation that would require companies to notify customers of data breaches within three days. “It seems so obvious to me,” Brnovich says of the legislation. “There are a lot of preventative measures people can take to protect themselves if their information has been stolen, but they have to know about it first.”
Alerting the Public
Indeed, that’s why enforcing the law isn’t the only responsibility of his office that Brnovich takes seriously. He is also a strong believer in the power and necessity of public awareness. “One of the thing about being AG is that you really have an opportunity to educate the public,” Brnovich says. Toward that end, his office has a community outreach department that does presentations all over the state on internet privacy, security, cyberbullying, fraud and scams, particularly those aimed at older people. “Educating the public is the first line of defense,” says Brnovich. “By the time our office gets it, it’s too late — someone has already robbed somebody, stolen their bank account, or defrauded them.”
In addition to strict enforcement and improved education, Brnovich would also like to see more tech-savvy agents and lawyers in the public sector. “Getting everyone up to speed on understanding technology and having agents and other people that understand those issues is, I think, the most crucial first step for AGs,” says Brnovich.
Technology is not going away, after all, and more people than ever are trying to break the rules from the comfort and anonymity of their computer keyboard. “In the old days, if you wanted to rob or assault someone, you had to put on a ski mask and grab a gun and go rob a bank or a sandwich shop, or whatever. Nowadays, you can do that with a pen and a phone,” Brnovich says.
Stopping them is every AGs responsibility, but he knows it’s an uphill battle. “Things in the tech industry are evolving and developing so quickly that the industry can’t even keep up with itself. What chance does a government, or an Attorney General have in trying to keep up?” Brnovich laments.
And yet, that’s the job — one that’s now more important than ever.