John Carlin

Partner, Paul Weiss

John P. Carlin is co-head of Paul Weiss’s Cybersecurity & Data Protection practice and a deeply accomplished litigator who advises industry-leading organizations on matters involving privacy and cybersecurity, crisis management, Committee on Foreign Investment in the United States (CFIUS), sanctions and export control, white collar defense and internal investigations. He has served as a top-level official in both Republican and Democratic administrations, including as the Acting Deputy Attorney General of the United States, as the top national security official for the U.S. Department of Justice, as the Chief of Staff of the FBI and as an experienced Assistant United States Attorney. Mr. Carlin has been featured or cited as a leading authority on cyber and economic espionage matters by numerous major media outlets, including The New York Times, The Washington Post, The Wall Street Journal, The Los Angeles Times, USA Today, CBS’s 60 Minutes, NBC’s Meet the Press, PBS’s Newshour, ABC’s Nightline and Good Morning America, NPR, CNN and Vanity Fair, among others.

Appointed Acting Deputy Attorney General and then Principal Associate Deputy Attorney General to Deputy Attorney General Lisa Monaco (January 2021-July 2022), John occupied “one of the most powerful and under-the-radar posts in the Justice Department,” according to The New York Times, advising on major prosecutions, such as the January 6 investigation, and other top DOJ priorities, including FBI oversight, cryptocurrency theft and investigations of actors known to have helped Russia evade sanctions. He also played a pivotal role in instituting the DOJ’s current approach to cybersecurity, national security and corporate criminal enforcement.

John also has significant private practice experience advising companies responding to a variety of urgent global, national security and cyber threats. Prior to his time at the DOJ, John chaired an Am Law 100 firm’s global risk and crisis management group, where he advised clients across the technology, healthcare, energy, defense, finance, media, pharmaceutical and telecommunications industries on crisis management, company-crippling cyber incidents, regulatory strategy and CFIUS issues.

John’s private practice experience includes:

  • Breach and ransomware response – advising Fortune 50 and other global companies on ransomware policy and in response to major cyber incidents;
  • Internal investigations – conducting sensitive, complex internal investigations, enabling companies to take informed, strategic action to manage crises, avoid regulatory actions, and limit legal and reputational exposure;
  • Compliance and risk assessment – conducting compliance and risk assessments on behalf of global technology firms, and advising them on cybersecurity incidents and legislative issues;
  • Export controls – conducting investigations and advising on compliance policies and procedures;
  • Sanctions and trade – consulting on the impact of U.S. sanctions policy on major international corporations;
  • Crisis incident simulation – providing various crisis incident simulations and table-top exercises for members of executive teams of international companies;
  • CFIUS strategy – advising major foreign investment companies on their near- and long-term CFIUS strategy, including the implications of recently enacted reform legislation that will significantly affect the way CFIUS reviews are conducted;
  • Cybersecurity training – advising international consulting companies on privacy and data security issues, and providing onsite training exercises to board members and executives; and
  • FARA review – counseling organizations and individuals in sensitive and high-stakes matters relating to the Foreign Agents Registration Act (FARA) and offering extensive practical, risk-based guidance on the law’s applicability, as well as conducting domestic and cross-border FARA investigations.

John has deep experience leading high-profile national security and criminal enforcement matters. He previously served as Assistant Attorney General for the DOJ’s National Security Division, making him the Department’s highest-ranking national security lawyer. In this role, he supervised 400 employees responsible for protecting the nation against terrorism, espionage, cyber and other national security threats. During his tenure, he oversaw the prosecution of the Boston Marathon bomber, the indictment of five Chinese military members on economic espionage charges, and the DOJ’s foreign investment review program, which includes the review of foreign acquisitions through CFIUS, Federal Communications Commission (FCC) reviews and other emerging technology matters and related litigation.

During his most recent tour at the DOJ, Mr. Carlin advised U.S. Attorney General Merrick Garland and Deputy Attorney General Lisa Monaco on the department’s most pressing—and visible—criminal prosecutions. Those included cases stemming from the January 6 assault on the U.S. Capitol, and the pursuit of oligarchs and others alleged to have enabled Russia to avoid sanctions.

Prior to that, John served as chief of staff and senior counsel to former FBI Director Robert Mueller, helping lead the FBI’s evolution to meet growing and changing national security threats, including cyber threats. He also served as national coordinator of DOJ’s Computer Hacking and Intellectual Property Program. John began his legal career as an Assistant United States Attorney for the District of Columbia, where he tried more than 40 cases to verdict.