We use multiple layers of defense with built-in redundancies to verify law enforcement agents and...
Why Kodex is on a Mission to Modernize Law Enforcement Response for Business
Today, most crimes involve some element of technology - whether that’s using online platforms to communicate with others to plan a terrorist attack or an abuser luring children through private messages. This means most law enforcement investigations will involve following some kind of digital footprint to gather the necessary facts and evidence. Even the nature of crime itself is evolving – drug dealers can avoid potential physical harm involved with selling on the street when they can sell it on an app, receive an online payment, and deliver their product through the mail. Unfortunately, while criminals appear to understand and embrace the power of technology to reach their goals, law enforcement and corporate legal teams, historically, have not.
I saw this first hand while doing counterterrorism intelligence for the FBI. It was my childhood dream to be in the FBI or CIA, and at age 25 I found myself in Quantico at the FBI Academy. I was thrilled to be there, and there was a lot about the job that lived up to the hype in the movies -- the hotel room meets with sources, the envelopes full of cash, and the burner phones all felt surreal.
Yet, it was also disillusioning to see how things really worked in the “back office.” In particular, I was shocked by the “seemingly simple” process of issuing subpoenas and getting data back to move our investigations forward. The first time I was told to fax a subpoena to a telecom provider in Southern California…I thought they were hazing the “new guy." Unfortunately, they were serious.
I remember thinking, this is the FBI and you’re sending faxes? And then waiting until they…fax you back? Or worse, snail mail you the response to the request?
Not only was this wasting valuable time, it was a highly insecure way to submit a data request. Even as email became more common, it was fraught with security risks and delays. Imagine the most sensitive information you can imagine to go through a Gmail or an Outlook account with no idea who was bcc’d or what was forwarded.
I knew there had to be a better way. Actually, pre-FBI, I naively thought there was a standardized and secure way for the public and private sectors to engage when it comes to requesting and transferring sensitive information. I was shocked there wasn’t. And that’s why I started Kodex.
Taking on a multi-dimensional and mission-critical challenge
When I left the Bureau, I had no idea what starting a company entailed. But I understood the problem from the inside out - and I also knew it was about more than making things more efficient. It also had to address security risks and the privacy concerns of businesses and their customers. I joined the FBI because, as corny as it sounds, I grew up wanting to catch bad guys, and I started Kodex for the same reasons – technology and communication failure in this process has real human consequences.
A big misconception is that government data requests are just a big tech problem; in reality it affects businesses across the spectrum of industry - beyond headliners like Facebook and Google. It also impacts the entire range of law enforcement, not just the FBI and the CIA. In fact, the scope and volume of legal data requests is huge and growing all the time.
The problem is also global, so I knew Kodex had to be, too. (We are currently in 120 countries.) Today, companies receive subpoenas, warrants, or other legal requests for information from all over the world - each one unique, each delivered in a different way, and some with extreme urgency where lives are literally at stake. Unfortunately, it’s still hard for companies to assess the validity of a legal request, especially when it comes from outside their home country. This doesn’t make the human impact any less significant, but it makes the timeliness of response a lot more difficult.
Meanwhile law enforcement, while historically reliant on human intel to investigate, has seen an exponential increase in the need for data to put the pieces of the puzzle together. However, it often isn't clear where to submit a request or what information is truly necessary from individual companies to move an investigation forward. And with more and more crimes moving across platforms and channels - from social media to cell phones - today agencies often have to make multiple requests of many companies in several industries, all for a single investigation. The process is manual, error prone, and a drain on public resources, which would be better used solving the actual crime. The harder it is for law enforcement to understand how to engage with Company A vs Company B, the more error prone the requests are – it’s a vicious cycle that needs to be fixed.
We built Kodex to streamline and scale both sides of the equation. By having companies on our portal, government entities can submit their requests using customized specifications that each business sets up within Kodex, including the required legal process. No more second-guessing what is required or having to bird dog an email address to submit to (and hoping it's the right one when you push send.) As more and more companies adopt Kodex, the more centralized the process is for government agencies.
Kodex customers are businesses, including large enterprises. In addition to managing the volume of requests they receive, there is also the problem of trust and security. I personally experienced a time-sensitive subpoena being ignored by a large tech company because they assumed the request wasn’t authentic. And who could blame them? Government email credentials are often compromised and sold, and sometimes fake credentials are created. That’s why we included a robust multi-step verification process for law enforcement accounts on Kodex which combines signals intelligence with technical controls commonly used by fraud detection, account security, and threat intelligence teams.
Finally, it was important for me to build our portal and our company to help ease confusion and concern over people’s rights when it comes to government access to their data. I know corporations and consumers are (rightly) sensitive to this issue. That’s why we have businesses customize their intake process so they can let law enforcement know exactly what data they do (and don’t) have, and the laws they're subject to that define a valid legal request. This prevents legal overreach by ensuring requests are targeted and accompanied by the required legal documentation. Companies can also use Kodex to document compliance with global data protection and privacy laws as they intersect with law enforcement requests.
From Quantico to Kodex: An Amazing Journey is Underway
I’m often asked why I would leave the FBI to launch a startup. (Some didn’t even ask - they just called me crazy).
My answer? Like most founders, I saw a problem and I had a solution to fix it. Only in my case, I knew that in doing so, I could help prevent harm and even save lives. It’s a mission I believe in. I'm honored that so many others believe in it, too, including our investors, and our dedicated team of experts in public safety, privacy and engineering. We are actively hiring to fill a variety of roles, so if you’d like to join us, follow us here on LinkedIn for updates and job postings.
And just so you know, our office most definitely does not have a fax machine.