BLNW – DIGITAL PRIVACY VS. PUBLIC SAFETY
Toronto Police Det. Paul Krawczyk is posing as a pedophile in an online chat forum where anonymous men are sharing some of the most troubling thoughts the mind can fathom – from luring young children for sex to feeding them rape drugs.
“This person has told me… they’re interested sexually in three-year-olds to nine-year-olds,” says Krawczyk, a senior child exploitation investigator, reading a message sent on a “boy love” chat forum.
The online posters trade technical tips on how to hide their identities from police throughout.
“He’s saying to use a particular chatting program that is known for its encryption.”
A joint Toronto Star/Scripps News investigation has detailed how post-Snowden privacy measures – including highly advanced encryption and added search-warrant requirements – have allowed child molesters, drug dealers and organized crime members to hide their crimes from police.
While stronger privacy measures have addressed concerns about authorities snooping into our lives, police say they have had unintended consequences: the likelihood that criminals can evade justice because evidence is unattainable.
It raises an unanswered question of the digital age: how do we balance protecting personal privacy with the ability of police to investigate crime?
On the one hand, police warn that crimes can now unfold before them as they stand by handcuffed by time-consuming judicial bureaucracy or unbreakable encryption. On the other, privacy advocates say we are all better protected from criminal threats posed by everything from tyrannical governments to sophisticated criminals.
“Is the public ready to accept that there is a wall too high and a moat too deep. for law enforcement and security agencies in Canada to access information that is a security concern to all of us?” asks Scott Tod, Ontario Provincial Police deputy commissioner.
“The Microsofts, the Googles, the Amazons, the large digital giants in the world, in my opinion, are setting the pace for that privacy discussion. But what about the security aspect? That’s a discussion that’s not happening.”
The OPP can only now access about 20 per cent of the digital communications it collects with search warrants because of uncrackable encryption, Tod says.
And encrypted devices containing vital evidence are increasingly beyond the technical reach of police.
In a first look inside the “evidence vault” at OPP headquarters in Orillia, officers escorted a Star reporter through shelves holding about 1,000 electronic devices – cellphones, computer hard drives, tablets and memory cards – seized with warrants as part of active investigations.
A typical case now requires the analysis of three or four devices, say detectives. A big case could require the analysis of as many as 50.
The OPP has only just started tracking how many devices investigators are unable to access. But anecdotally, they say a growing number are unbreakable – a trend heading swiftly in one direction.
“(This cellphone) may as well be a brick,” says Toronto police’s Krawcyzk about a phone recently seized in a child exploitation case. “Finding that information is more difficult. Therefore, finding the offender is more difficult. . There are definitely child predators that get away.”
In New York, the Manhattan District Attorney’s Office says that in fewer than 12 months “roughly 111 iPhones were inaccessible.”
Examples of investigations that hit brick walls because evidence was beyond reach, provided by police in Canada and the United States, include: A computer hard drive seized in Toronto that contains what police believe is a vast collection of child pornography that could provide evidence and help rescue victims; an encrypted cellphone containing communications that could assist in solving a murder case in the U.S.; and cases in which police couldn’t intervene quickly enough because required warrants couldn’t be obtained.
The RCMP points to a case in which they attempted to intercept encrypted emails among high-level drug traffickers.
“With judicial authorization in hand, the RCMP dedicated thousands of hours to this effort, but was ultimately not successful because of various technical and jurisdictional challenges,” RCMP Sgt. Harold Pfleiderer wrote in an email.
Privacy advocates, including U.S. tech giants, have made clear in public statements and by political lobbying that loosening privacy to assist police is a non-starter.
Calls for a “back door” that would allow police access to encrypted devices have been dismissed because technology experts say it would be exploited by hackers, organized crime and hostile foreign governments.
“With a probable cause search warrant it would be great if they could have access to a child molester’s text messages,” says Nate Cardozo, an attorney with the Electronic Frontier Foundation that advocates for secure privacy.
“The problem is . you can’t make a back door in a house that only law enforcement can enter. It’s just not possible.”
Even most within law enforcement acknowledge the damage caused by mass surveillance conducted by the American National Security Administration that was exposed in the Snowden leaks. And most agree that privacy concerns are legitimate and a backdoor encryption hole for police is problematic.
They also concede that they have failed to make their case to the public. Repeated requests produced little actual data on U.S. or Canadian investigations undermined by emerging privacy restrictions. In addition to the OPP, several agencies said they have just begun documenting the problem.
“I think we haven’t done a good enough job in the past of really having the discussion publicly among the American public to say this is what we’re trying to do,” said Amy Hess, executive assistant director of the FBI’s Science and Technology Branch.
The Spencer Decision:
The number of children rescued by Toronto police has been cut in half since last year and even though the number of child exploitation investigations are rising, there has been a decline in arrests and charges, says Det. Sgt. Kim Gross, the head of the Toronto unit.
The reason, she says, is a requirement imposed by the Supreme Court last year in the Spencer decision that found Canadians have a reasonable expectation of online privacy in their “basic subscriber information,” including their name, address and IP address.
Police are now required to obtain judicial orders to access those basics on a suspect – a process that can take up to a month – rather than the previous informal arrangement in which service providers handed it over within hours.
“We work that much harder and our results are not as good,” Gross says. “Between the Spencer decision and encryption, it’s a deadly combination.”
The effects have been felt across Canadian law enforcement.
Since the decision, the number of production orders filed by OPP child exploitation investigators have doubled while charges against alleged offenders have been cut in half, says OPP Insp. Lisa Taylor, who heads the unit.
“You’ve got a toddler being victimized and you may have an IP address,” she says. “Now you have to write a production order. You’re looking at delays in that. It’s not acceptable. Do we wait to find a child is abused in that time period?”
OPP officers liken it to stopping someone driving erratically and having to file a formal judicial request to obtain their name and address weeks later when the person has long since disappeared and any evidence has been lost.
Toronto police are even turning away tips about alleged child exploitation cases, says Gross.
“You can’t triage tips because you can’t get the information fast enough,” she says. “The people who really suffer are children and families of these children. We’re not going to suffer like those kids will suffer.”
In August, the Canadian Association of Chiefs of Police passed a resolution that cited the Spencer decision as the reason some criminal investigations – sexual exploitation and abuse, fraud and “suspected extremism” – were not pursued. It called on the federal government to create a “reasonable law” and provided these options:
Option 1: Create an administrative protocol (not requiring search warrants) for accessing basic subscriber information from telecommunications firms;
Option 2: Create a judicial order for basic subscriber information;
Option 3: A combined approach of specific production orders for personal information that has a greater expectation of privacy and a faster, nonjudicial protocol for accessing less sensitive information.
The unbreakable Apple:
The latest Apple iPhone is perhaps the most ergonomically designed symbol of modern police frustration.
For police, the new operating system, which boasts unbreakable encryption, has transformed the cellphone into an expensive paperweight.
Even Apple says it can’t crack the encryption, which means that police search warrants demanding the company’s assistance aren’t worth the paper they are printed on.
Case in point: Apple received a search warrant earlier this year requesting help to access content locked inside a cellphone belonging to Brittney Mills, a 29-year-old pregnant woman who was murdered in Baton Rouge, LA., in April. In September, Apple’s privacy and law enforcement compliance team wrote to Baton Rouge police that since the device was running iOS Version 8 or later, the “extraction could not be completed.”
Apple declined repeated interview requests.
Hillar Moore, the district attorney handling the case, says that response amounts to a dead stop.
“We have been thwarted,” Moore said in an interview. “Right now, a murderer is walking the street and this is not only one murder, it’s two.”
In Canada, it’s the same story.
With previous versions of the iPhone, OPP deputy commissioner Scott Tod says his officers could get a warrant from a justice of the peace, fly to Apple’s offices in California and get a seized phone opened. No more.
“We await a technical solution that would be . provided to law enforcement in Canada . to get by the pass code, again, with warrant,” says Tod. “That’s the discussion that needs to take place.”
Search Warrant Challenges:
The computer hard drives of U.S.-based tech giants such as Google, Microsoft and Twitter contain crucial evidence in criminal cases. But when police serve search warrants for emails, texts and images held in the companies’ massive hard drives, co-operation can sometimes be slow to come.
In a 2013, U.S. officials investigating a murder needed three judicial orders to compel Google to produce one customer’s records. Delays and incomplete responses resulted in Google failing to meet warrant deadlines that extended from April to June of 2013. The delay meant some records sought by investigators were purged from Google’s system two days after the first missed deadline passed.
The U.S. Attorney’s Office filed suit against Google that June. In court documents from June 2014, Google admits to “significant delays” with its law enforcement compliance team due to the loss of several experienced employees and a computer “tool failure” glitch when retrieving the information.
The company says it has added employees to respond to a backlog of law enforcement requests and created a dedicated email address to expedite the handling of pending warrants.
But David Matthews, chair of the technology and digital evidence committee for the Association of State Criminal Investigative Agencies in the U.S., says technology firms that fail to comply with search warrants should face recourse.
“Not all district attorneys have the time to . engage with Google to call them to task,” he says. “I do think there needs to be some basic legal realities in place if they aren’t complying with subpoenas.”
(Blue Line News Week Published on Fri. Nov 06, 2015)