Re-imagining policing for the digital age
By Adam Belsher
Our digitally connected world has created enormous benefits for our business and personal lives. That being said, the advancements in technology have not been wholly positive. The development of technologies such as encryption, the dark web and cryptocurrencies have created a situation where criminals who are abusing children, trafficking human beings, committing fraud online or enabling terrorism almost have an unlimited right to digital privacy, shielding them from investigation and prosecution through technological means.
By Adam Belsher
This reality has been extended to other areas of criminal activity such as domestic disputes, cyber bullying and drug trafficking where the critical evidence is often found in digital formats. Our police agencies are not provided the resources they need to keep up with the digital evidence they are facing. The most concerning part of this reality is the velocity at which technology is growing and evolving and the vast volume of data that needs to be analyzed.
Police agencies are struggling to keep pace with the explosion of digital evidence since every crime leaves a digital footprint. Even when they can technically recover the critical data from devices and “apps,” current approaches create a mountain of evidence to review.
In a recent survey conducted by Magnet Forensics, over half the agencies surveyed reported a case backlog of three to six months before they had the capacity to review the digital evidence. Many of them also reported that only digital evidence related to major crimes receives the attention of the digital forensics lab. Delays in the investigative process will only continue to grow with all the new devices and apps coming on the market.
The volume of digital evidence, the variety of that evidence coming into our police agencies and the velocity at which it is evolving is an ongoing challenge. The Supreme Court’s Jordan ruling is exacerbating these challenges, placing strict time limits on the length between charges and a trial. Jordan, coupled with the digital evidence challenges, will be another serious test of the public’s trust in our agencies’ ability to uphold the rule of law.
This is an existential challenge for our sector. It will require us to re-imagine how our agencies recruit, train, partner, procure, investigate and inter-relate with the broader justice sector. It will also require us to take a more activist approach to public policy in the years ahead.
Re-imagining policing for the digital age
The London (U.K.) Metropolitan Police recently released their Digital Policing Strategy. Their vision outlines the need for transformative change, “responding to crime that is increasingly complex and costly to investigate.” They have seen a decrease in some traditional areas of crime but report a significant rise of more complex crime types, “including terrorist offences, sexual offences and online crime.”
These are not unique trends to London or the U.K. Much of the advanced industrialized world is experiencing the same trends and should take note of their robust response to the challenge.
First, they have committed to wrestling the backlogs in their digital forensics labs into a more manageable position where they can accept evidence for any investigation and turn it around to an investigator in a timely fashion.
They have recognized that digital forensics talent is highly expensive and difficult to come by. These individuals have coveted skills and designations. They often command salaries that the public sector cannot compete with.
The Metropolitan Police have begun to tackle these challenges in the forensics lab first by harnessing technology. Having highly trained and expensive digital forensic experts conduct routine tasks such as cataloging, acquiring and processing digital evidence is not a good use of resources. They have deployed simple and intuitive tools, including digital case management and automation software, and utilized less costly personnel, including civilians, to handle the routine parts of the workflow.
They are also beginning to utilize artificial intelligence technology to triage evidence, focusing their investigators on the most relevant evidence in their cases. They have even considered outsourcing the technical components of non-major crime investigations. Finally, they have considered moving to Cloud-based storage for their digital forensic evidence to increase their processing power and improve their security while reducing their long-term data storage costs.
While the improvements in the lab are an important first step, the digital evidence challenge is growing at a pace that will require a larger, agency-wide, digital transformation. Empowering more parts of the agency to handle digital evidence is a fundamental principle to addressing the challenge.
Other agencies in Europe have begun to leverage technology to enable greater collaboration between digital forensic experts and non-technical investigators who understand the context of the case they are working on. These solutions provide simple and intuitive reports that allow investigators to review the digital evidence in an easy-to-search manner, which also allows them to visualize and analyze evidence and make notes — all while preserving the forensic integrity of the data. The digital evidence can be transmitted electronically in a secure fashion, as opposed to physically exchanging digital media, like USB drives. This is the common current practice that is onerous, lacks security controls and is also costly.
Other agencies around the world, such as the Singapore Police Force, have also extended the principle to frontline law enforcement personnel. They realize that many of their new officers are digital natives and want to be part of the technological transformation in their agency. Such forward leaning agencies are considering cost-effective solutions and training that allow for their frontline officers to acquire digital evidence in the field and triage it in cases where there are numerous devices in question.
In some case types, forward leaning agencies are considering allowing personnel in the field to review the evidence for certain crime types, such as domestic disputes and cyber bullying. Others are considering using such technologies to address cases with a high-volume of digital evidence from witnesses, such as a nightclub incident.
These agencies have realized that they would not likely get authorization from witnesses if the witnesses’ devices were confiscated for days to be analyzed at the forensics lab but witnesses are willing to co-operate if the specific data can be extracted on-scene. This approach could be transformational for policing, as it would alleviate the burdens on digital forensics labs, while ensuring all digital evidence gets reviewed in a timely manner.
Agencies like the Metropolitan Police and the Singapore Police Force know they can’t develop these technology solutions in-house. Software development isn’t among their core competencies. That isn’t to say they aren’t integral to the development process: Understanding law enforcement’s existing technology investments, workflow, personnel traits, their jurisdiction’s unique legal requirements and other knowledge is fundamental to building the right solutions at a reasonable cost. That’s why they are utilizing a co-development approach with technology partners who have the capabilities and share in their mission.
If progressive agencies are able to address their current digital evidence backlog challenges, there is also great opportunity to turn this lawfully acquired data into a valuable asset to improve investigations and reduce crime. If such agencies move to storing their digital forensic evidence in the Cloud they will have the ability to develop consolidated search and other analysis functions, such as geolocation and suspect connection identification, across cases. Further, they will be able to leverage artificial intelligence technology to surface commonalities between cases, giving investigators better starting points.
Ultimately, police agencies have the ability to shift the data they collect in investigations from a liability to an asset. But to achieve this vision, along with developing new technology, law enforcement leaders must consider privacy considerations at every step of the way or they risk losing the public’s trust and the lawful authorities to use such solutions at any given time.
Public policy advocacy – Re-shaping the ‘security versus privacy’ narrative
Privacy advocates and the large technology platform companies have latched onto recent public opinion that police and national security agencies can’t be trusted when it comes to monitoring citizens’ private digital communications.
This has caused serious challenges to our court systems. Judges, who often lack technical understanding, are creating precedence for what circumstances devices should be unlocked in criminal investigations. Even with a court order, if a suspect is unable or unwilling to comply, the device manufacturers have plausible deniability to servicing the court’s will.
Some digital forensics firms, who find exploits in operating systems to unlock devices, have profited in the short-term amidst this disorder. They are charging exorbitated prices to unlock phones, while providing a limited line of sight into their techniques. This has put our police agencies in a precarious position, having to decide when to use such unlocking services and leaving them unable to explain the techniques, should they be raised by defense counsel in court.
This is not a sustainable approach on any side of the privacy and security debate. It’s important to consider that we’re still early in the digital age. As more and more citizens learn about or become affected by crimes with digital evidence associated to it, public opinion will shift, and all parties will be forced to re-think their positions.
Fundamentally, democratic societies cede reasonable amounts of citizen privacy in exchange for societal security. The right balance is highly dependent on the current state of affairs. Without meaningful dialogue had in earnest, as opposed to the hyperbole of media, between all vested interests, we will never begin to find that balance. This cannot be a one-time dialogue. It will require frequency and trust to be built by all parties. And it will require the parties to work collaboratively with lawmakers to re-shape the legislation surrounding evidence so that they can reflect matters such as encryption and other technologies enabling criminals (such as the dark web and cryptocurrencies that were not conceived of when these laws were originally drafted).
Digital forensics firms, which share a commitment to upholding the rule of law and seeking justice, have an important role in these dialogues alongside police agencies, privacy advocates and the large technology platform companies. They can work alongside the technology platform companies to develop the next generation of solutions used by law enforcement to recover critical evidence, when they have appropriate authorities, while preserving citizen privacy under the majority of other circumstances.
Technological innovation at its best improves citizens’ lives while preserving societies’ fundamental values. If we are to truly come out of the dark, the digital transformation of law enforcement agencies is a meaningful step. But to sustain it, creating the fora in which all vested interests contribute to technological and public policy development in the realm of digital evidence is equally important.
Adam Belsher is the CEO of Magnet Forensics, a Canadian digital forensics firm that develops tools and services to assist over 4000 police, national security and other agencies with investigative authorities in 93 countries in the recovery, analysis and reporting of digital evidence from smartphones, computers, IoT devices and cloud services.