(Photo: deepadesigns/Shutterstock.com)

As private companies grapple with the implications of collecting consumer data, and experience increasing government scrutiny over the national security concerns related to these practices, a niche practice area has emerged and grown in popularity among Big Law firms.

Rushing to fill that need and help clients navigate the complex issues emerging in the space, several large firms have brought on lawyers with national security backgrounds and related expertise from federal government agencies, including the White House and the U.S. Department of Justice.

In addition to the traditional Big Law employers in the Capitol, a few firms based elsewhere, including O'Melveny & Myers, Gibson, Dunn & Crutcher, and Morrison & Foerster, have also been competing to recruit talent with a national security focus, especially lawyers with expertise in government enforcement and fluency in the ever-evolving issues surrounding cybersecurity and data privacy.

"The government, in general, has become more concerned in the last couple of years about the data [companies are collecting] and data usage. And so those national security concerns are coming to the fore," said John Dermody, a former official with the National Security Council and U.S. Department of Homeland Security who just joined O'Melveny & Myers' Washington, D.C., office in September as counsel.

"As artificial intelligence develops, there is increasingly the ability to analyze large and disparate data sets that have lots of unstructured data," Dermody said, explaining that the advancements in technology have created more tools that allow the state-sponsored actors to exploit the data collected by the companies.

"With government becoming increasingly concerned with data security, there's a real possibility of the Balkanization of the world's data regimes, and that's going to put companies in a challenging position," Dermody said. "I think companies are going to have to be strategic in how they approach their collection, use and monetization of data."

In other words, it is important for lawyers who are advising their clients on these issues to develop the expertise and stay up-to-date on new regulations and technologies, which continue to change over time, Dermody said.

New Regimes, New Expertise 

The complexity of issues is often challenging for practitioners both within and outside the government. According to Dermody, "there are a lot of new authorities out there" that require the attorneys to have up-to-date knowledge about how each functions.

Among the group of regulators is the Committee on Foreign Investment in the United States, which is a part of the U.S. Department of the Treasury that reviews the potential national security effects of foreign investment in U.S. companies.

Most recently, the interagency committee said it has opened a national security investigation into ByteDance, TikTok's Chinese parent company, over concerns that the app could pose a threat to U.S. citizens.

Beijing-based ByteDance acquired U.S. social media app Musical.ly for $1 billion in 2017. If the national security review uncovers practices that are directly or indirectly harmful to U.S. national security, ByteDance might be forced to sell its U.S. business to a non-Chinese company, the way Grindr's parent company was asked to sell the app because it had too much sensitive data.

"One of the challenges of the space is that the laws that are being applied are either very outdated, or they're very new and are drafted in a potentially very broad way," Dermody said. "So, the scope of their potential coverage is just enormous, and the only way to really understand how they're going to be applied is to be closely following the enforcement actions, the statements, the various concerns that are being articulated by the government."

Dermody said he was interested in returning to private practice in part because "a lot of these issues are playing out in the private sector."

Competing for Talent  

Alexander Southwell, a former federal prosecutor and co-chairman of Gibson Dunn's privacy, cybersecurity and consumer protection practice group, said there is no substitute for government experience, especially when one has responsibility over national security investigations.

"It means that you have connections with national security regulators and criminal investigative authorities and you have experience with these issues, which can be highly technical and can be complicated," Southwell said.

Southwell served as an assistant U.S. attorney in the Southern District of New York for six years before joining Gibson Dunn in 2007. Firmwide, Gibson Dunn said it has more than 50 lawyers who used to be Justice Department leaders or assistant U.S. attorneys. However, Southwell pointed out, only a few of them have expertise in data security issues specifically.

"To be frank, I think it would be very hard to replicate that kind of experience anywhere else other than the government," he added.

John Carlin, a former assistant attorney general for the U.S. Department of Justice's National Security Division, was one of the first government officials hired by Morrison & Foerster in 2017 as the firm sought to build out its capabilities in the nation's capital.

Since the beginning of 2017, the firm has added several former top government officials who navigated CFIUS matters from their perches at Main Justice, the intelligence community, the Treasury Department, and now the Department of Defense. The latest is Joseph Benkert, former U.S. assistant secretary of defense for global security affairs, who joined the firm last week from The Cohen Group, a consulting firm run by former Secretary of Defense William Cohen.

Morrison & Foerster now has approximately 20 attorneys in its national security group. It is also preparing to close its Northern Virginia office, which will merge with its Washington, D.C., location when the firm relocates that office next year.

Carlin has been observing the same trends while working for the government. He said he, too, has seen companies increasingly interacting with the government over national security concerns.

"They need help understanding who the different government agencies are and how they might think about an issue," Carlin said. In order to help clients think "like the government" to mitigate national security risks without interfering with the business purposes, lawyers may require support in other areas, such as data privacy and security, he added.

"The drive toward the national security-related concerns about emerging technology has been one of the few areas of continuity and not change between the Obama and Trump administrations," Carlin said. He predicted this trend will only continue going forward, requiring companies to engage in "rigorous" national security review when it comes to foreign investment inside the United States.