Hunton & Williams’s global privacy and data security group—which the firm launched in 2000 before finding itself caught up in notable hacking scandal two years ago—brought on a top lawyer in the increasingly active practice area this week.
Paul Tiao, a former senior cybersecurity adviser with the FBI, joined the agency four years ago on detail from the U.S. attorney’s office in Maryland, where he served as an assistant U.S. attorney. He began work as a partner in Hunton’s Washington, D.C., office on Wednesday—two weeks after leaving the FBI.
Tiao joins roughly 30 other lawyers in Hunton’s privacy and data security group, which is led in the United States by partners Lisa Sotto and Aaron Simpson and whose expertise has lately been getting plenty of attention within the ranks of The Am Law 100 and beyond.
Prior to delivering his State of the Union speech in February, President Barack Obama signed an executive order vowing to strengthen the country’s cyber defenses by increasing the level of cooperation between the federal government and private businesses.
Hunton was one of a number of firms that responded to the president’s move by rolling out client communiques on the cybersecurity initiative’s potential implications. Other Am Law 100 firms like Fish & Richardson, Gibson, Dunn & Crutcher, Hogan Lovells, Skadden, Arps, Slate, Meagher & Flom, Venable, and Wilmer Cutler Pickering Hale and Dorr have issued directives of their own. Tiao’s take on the topic?
"This is the most serious national security concern facing the country," says the new Hunton partner, who served as senior counsel to FBI Director Robert Mueller III on cybersecurity, electronic surveillance, criminal IP, digital forensics, and national security issues. "Hackers have become more brazen and bolder than ever."
The National Security Agency has made cybersecurity a major priority, particularly with regard to the nation’s financial, energy, and water infrastructure, says Tiao, who graduated from the Massachusetts Institute of Technology, earned a master’s degree in public affairs from Princeton, and completed Columbia Law School before deciding early on in his career to "marry" his twin interests of technology and the law.
"Most lawyers aren’t really interested in technology," says Tiao, whose interest in the field grew when he joined the U.S. Department of Justice following a stint as a litigation associate at Wilmer predecessor firm Wilmer, Cutler & Pickering.
Tiao’s move to the private sector comes some three years after the Obama administration nominated him to serve as the U.S. Department of Labor’s inspector general in 2010. He dropped his candidacy the following year amid mounting Republican opposition over his perceived ties to organized labor.
Noting that the nomination process is fraught with pitfalls, Tiao brushes aside the imbroglio and says he was happy to add to his duties at the FBI. The increased responsibilities came on the heels of an event that helped push computer hacking and cybersecurity to the fore: the dissemination—in partnership with a trio of major news organizations—of 92,000 classified military documents about the war in Afghanistan in 2010 by the organization known as WikiLeaks.
The rise of WikiLeaks ultimately had an impact, albeit an indirect one, on Hunton.
In 2011, hackers aligned with the self-styled, whistle-blowing group obtained more than 70,000 emails from private data security firm HBGary Federal, which was pitching its services to Bank of America and the U.S. Chamber of Commerce. Among the materials to emerge in the ensuring data dump were PowerPoint presentations and other memos featuring the names of several Hunton partners and two other data security firms.
Emails released by the pro-WikiLeaks hackers showed Hunton internal investigations partner John Woods Jr., litigation cochair Richard Wyatt Jr., litigation partners David Lashway and Robert Quackenboss, and HBGary executives discussing how they might assist BoA and land a $2 million contract with the Chamber of Commerce by undermining the credibility of groups like WikiLeaks. While the emails generated some negative publicity, the firm ultimately emerged from the incident unscathed.
The National Law Journal, a sibling publication, reported in further detail on the hacked emails, which frequent Chamber of Commerce foe Stop the Chamber used as the basis of an ethics complaint filed against the Hunton partners with the D.C. Bar. The status of that complaint was unclear as of Thursday. (Woods and Lashway have since moved to Baker & McKenzie along with former Hunton partner Jonathan Wilan.)
Congressional Democrats later called for an investigation into contacts between the security companies and various branches of government, and former HBGary CEO Aaron Barr resigned from the company in March 2011. That same month hackers struck again by targeting the RSA Security division of EMC Corporation, a Hopkinton, Massachusetts–based data storage giant. The FBI later made several arrests with regard to the cybersecurity breaches.
Asked about the attacks, Tiao—whose move to Hunton was brokered by Nancy Newkirk, a former Perkins Coie partner and current managing director with legal recruiting firm Major, Lindsey & Africa in Washington, D.C.—says they are a sign of both his new firm’s significance in the field and how seriously such threats must be taken.
"If you’re one of the top players in the field like Hunton is, you’re going to be targeted. It’s a mark of [Hunton's] success," Tiao says. "Everybody in the country should be concerned about this, because if RSA and HBGary can go down, no one is safe."
Hunton certainly isn’t the only firm to see its internal missives exposed by hackers.
Last year Willkie Farr & Gallagher and Jackson Walker saw details of deals they handled for corporate clients spill out in emails pilfered from Austin-based think tank and intelligence shop Strategic Forecasting, according to our previous reports. (The so-called Stratfor emails were obtained and published by WikiLeaks, whose founder, Julian Assange, remains confined to the Ecuadorian embassy London, where he sought refuge last summer to avoid extradition to Sweden and a potential indictment by the Justice Department.)
As for the Washington, D.C.–based Tiao, he will remain focused on the public policy implications of the nation’s new cybersecurity laws. One of those laws, the Cyber Intelligence Sharing and Protection Act (CISPA), was passed by the House of Representatives this month and is now before the U.S. Senate, according to the NLJ, where the controversial bill appeared to falter late Thursday on privacy concerns. (Sibling publication Corporate Counsel recently examined the largest pro-CISPA corporate contributions.)
And as the Obama administration presses companies and their in-house counsel to bolster their cybersecurity defenses, attorneys with firms such as Gibson Dunn, Orrick, Herrington & Sutcliffe, and Richards Kibbe & Orbe are pumping out client warnings, op-eds, and outlook reports on the subject. Other Am Law 100 firms, meanwhile, are seeking to beef up in the practice area. Morrison & Foerster, for instance, picked up a data privacy team in San Diego this month from Foley & Lardner.