King & Spalding has recruited a former federal prosecutor to bolster its government investigations, cybersecurity and national security services.
Michael Galdo enters the private sector after more than 15 years as a federal prosecutor. During his tenure, he served as the Department of Justice’s Director of COVID-19 Fraud Enforcement in the Office of the Deputy Attorney General and was an assistant U.S. attorney in charge of cybercrime in the Western District of Texas.
A graduate of George Washington University Law School, Galdo said his practice will be primarily focused on complex investigations involving cyber, transnational or national security implications. He is based in Austin.
Galdo spoke with The Texas Lawbook about his decision to leave the U.S. Attorney’s Office for the Western District for King & Spalding. This interview has been edited for clarity and length.
Why did you leave the U.S. Attorney’s Office?
So I’ve had about 15 years of DOJ experience, more than 15 years being a prosecutor, and really enjoyed it, did a lot of different things, spent a lot of time working in different practice areas, and got to do some detail assignments to DC. Especially after the last detail assignment I had where I was director of COVID fraud enforcement for the country, it just was a good time to reflect about my career, how long I’d been a prosecutor, what other opportunities were out there, and then start talking with some other folks who had made the transition from DOJ to the private sector and that’s what led me to King & Spalding.
Going into private practice for the first time, why did you decide King & Spalding is best for your practice?
I’d say there’s kind of two buckets. One was the right fit. King and Spalding has a record of transitioning people from the Department of Justice to the private sector. There’s a lot of great DOJ alums at King and Spalding. Also, the firm culture that I encountered during the interview process and talking with people. A lot of people had active family lives, young kids. I have three young kids.
And then number two, with the type of practice I’m trying to build, I wanted to make sure it was a firm that had strong ties in Texas and Central Texas, where I want to build my practice, but also a national, international presence. For a lot of what I’m trying to do in the transnational cyber and national security space, that’s really important to be able to bring in clients and have connections all around the country.
After that year of leading COVID-19 fraud enforcement, what are your big takeaways, and where does the fight against that type of fraud stand now?
Some of the big takeaways are the importance of bringing together on the investigation side, if you’re the government, the Office of Inspector Generals that are out there, the real subject matter experts and government programs and your traditional law enforcement. And so I think we’re going to continue to see the importance of the OIGs in these programs, and the relationship between the OIG oversight role and investigation role.
I think another big takeaway is the rise of these kind of transnational cyber enabled fraud networks of people who can work together to commit all sorts of fraud, against the government, against private sector businesses. It really is just an unfortunately thriving network out there. They don’t care what the source of the money is, whether it’s a business who has things for sale or the government handing out money. So we saw an uprise in that.
The other is the government’s going to continue to use civil tools as well. So the criminal prosecutions were important and are ongoing. But I think one of the important takeaways for me, that I got intense education on, was the importance of the government’s affirmative civil tools, under the False Claims Act, especially when government money is at issue. I think we’re gonna continue to see robust FCA enforcement efforts by the Department of Justice, whether it’s government spending or their new Cybersecurity Initiative that they have rolled out, I think we’re going to see a really active civil practice from DOJ.
What kinds of cases is the DOJ seeing more whistleblowing in?
Well, I can’t speak for the department anymore, but I think if you just look at the different whistleblower complaints that have been publicized, we’ve seen the cyber-based complaints. There’s a lot of universities with research grants that have to certify they’re in compliance with cybersecurity standards. So there’s a whistleblower about that.
There’s always a steady drumbeat related to healthcare. In the COVID space, because there’s a lot of public data, there’s a lot of data analytics-based whistleblowers. They’re not necessarily an insider with the company that may have committed fraud or abuse the programs. Their information is based on public data that they’re adding their analysis to. So we’ve seen a real rise in kind of almost third party whistleblowers saying, ‘I took this public data, added it to some other analysis I did, and now I’m filing a whistleblower claim with the department.’ We’ve seen a lot of [Paycheck Protection Program] claims that way, because that PPP data was public. We’re seeing it in the healthcare space too. Some have made it to court and there have been payments made to those whistleblowers.
Do you feel like you accomplished your goals for leading COVID-19 fraud enforcement?
My primary goals were establishing strike forces around the country, which we did and they continue to have great successes in bringing cases, really improve the way that the department used data analytics and data to identify potential cases and bringing together the OIG community and the law enforcement community and prosecutors who work together. I think there is definitely some unfinished work that I expect to continue. One thing I assume is going to continue is kind of looking at those entities that facilitated some of the COVID fraud. So whether it’s financial institutions or others that may have civil liability that may be coming down the road. Obviously, I’m not there anymore. I can’t say, but I know that’s one thing we said we were going to focus on.
The other big piece of unfinished business that I think is really important is the extension of the statute of limitations. There was some extension of SBA programs, but there’s a number of other SBA programs that the statute of limitations wasn’t extended. The Unemployment Insurance Program, [for example]. I’m not sure where that’s at. I have turned off all my Google Alerts for COVID fraud to take a breather after three years, but I haven’t seen any movement on that front recently. So that’s some unfinished business that we were pushing.
Being in Texas, are there types of fraudulent activity prosecuted by AUSAs in Texas that are unique to Texas versus other states?
Some connections to the Mexico border can raise some specific issues. I think one of my larger cases early on was the Maverick County public corruption case. We prosecuted all the county commissioners in Maverick County for fraud, and a lot of that kind of started with cross-border activity from one of the commissioners connected to a cartel member and moving money back and forth. That’s a kind of unique thing that you would not encounter in other states. I think for Central Texas, there’s a really unique combination in the Austin, San Antonio area – we have to extend out now to Bastrop with the way SpaceX is growing like crazy – of technology companies. Houston has a really unique combination of energy companies and Dallas has tech, but also the amazing growth on the financial side. The overlapping part of that’s going to be cyber issues that are going to hit all of those companies, and especially Central Texas, with micro electronics and other sensitive technologies. That export control issue is going to be there.
What is your practice going to focus on at King and Spalding, and why did you choose those areas?
My practice is going to focus on complex cases that touch on cyber, national security and transnational issues, including export control. Obviously, that will not be all. I’m not going to say no to other work, but those are the areas I’m going to try to grow, frankly, because I’ve had a lot of experience on the prosecution side, working with the main justice components in Washington, DC, that cover those areas. I think those connections and background are really useful in understanding and working with those investigating agencies. And also, quite frankly, those areas interest me on a personal level. I think that helps a lot when you’re trying to build an expertise and a practice. If you look at my podcast list, you’d find, probably, way too many cyber law podcasts on there, as well as National Security Law podcasts. I think having just a passion for those areas of law and what’s going on on the business side of those spaces really helps you when you’re going to assess and help a new client or a new issue, because you have that background knowledge. So combining passion for it with kind of knowing how the government functions in those spaces, with working those cases from the investigation side, I think that kind of sets me up to be a real value add to clients.
What are some of your favorite podcasts?
Risky Business has been my main one. There are a lot of other ones. I’d be remiss if I didn’t say The National Security Law Podcast because it’s hosted by University of Texas School of Law professor Bobby Chesney and Steve Vladeck, who left Austin for Georgetown University Law Center this year.