What jurisdiction does the FBI have in Sony PSN breach, especially since Sony is not a US company?

Answer

Andrew S. Baker (ASB) (Information Security & IT Operations Consultant, BrainWave Consulting Company, LLC)
Brielle,

This was a very good question that was raised. In attempting to research an answer, I came across some very interesting data points.

-- The FBI falls under the umbrella of the Department of Justice, and it is the DOJ's responsibility to investigate and prosecute cyber-crimes. The FBI is the agency which the DOJ primarily uses to achieve these ends. See the excerpt below, taken from: http://newsroom-magazine.com/tag/fbi-cyber-division/

*** 'Prosecuting cybercriminals and identity thieves: One of the Department of Justice’s core missions is protecting the privacy of Americans and prosecuting criminals who violate that privacy.' ***

-- Since 9/11, the FBI has put much more emphasis on investigating and prosecuting cyber-crime in addition to other duties.

-- Sony reached out to the FBI when they learned of the breach, probably because they understood its role in such an investigation, and possibly because of the overall involvement of Anonymous in the DDoS portion of the attacks.

-- There are a number of different government agencies looking into this Sony matter, beyond just the DoJ and FBI. Quite a bit of European data was accessed, which might put Sony on the wrong side of a number of government groups with strong(er) privacy laws.

See the following for some more details:

http://www.gamespot.com/news/6310487/sony-enlists-fbi-as-us-canadian-authorities-look-into-psn-breach

http://www.vg247.com/2011/04/29/homeland-security-lends-a-hand-in-psn-data-breach-investigation-sony-changes-faq/

http://www.dispatch.com/live/content/business/stories/2011/05/09/fbi-probing-consumer-data-breach-at-sony.html?sid=101


Wikipedia also has a very nice article on the mandate of the FBI, which provides insight into its role. As the breach was executed against US-based information technology assets, and involves the possible theft of data belong to US citizens/residents, it falls nicely within the FBI's jurisdiction.



2 Additional Answers
Robin Goodchild (Owner, Antarctic Technologies)
I guess it is down to several factors:

* Whether the criminals were in the US
* Whether the attack was committed via US networks/hosts
* Whether Sony data was stored in the US
* Whether the Sony data traversed the US
* Whether US citizen's data was involved

I think that covers the scenarios. Depending on what it is, then their interest in the hack will differ.
Dave Roberts (Vice President, Strategy, ServiceMesh, Inc.)
The service is implemented in the USA, so the FBI would have jurisdiction in this case. Sony as a holding company is Japanese, but Sony USA or whatever the US subsidiary is named, is actually running the service.
About -  Privacy -  AskEraser  -  Careers -  Ask Blog -  Mobile -  Help -  Feedback © 2014 Ask.com