Sunday, July 24, 2022

Technology Trends - Challenges for Policing

 Technology Trends - Challenges for Policing


Article

Technology today is changing very fast. We have gone from landline to mobile phones, from self-driving cars to autonomous cars, from 2G to 5G technology and Internet and Social media portals have brought the world closer than we could have ever imagined. All these changes in technology have brought in different issues for citizens as well as law enforcement agencies. Whereas on the one hand privacy is very important for the dignity and liberty of any individual, on the other hand the tracing of evidence in this electronic age, its credible collection, production in the court of law and being able to convince the judiciary are things that the law enforcement is constantly being confronted with, looking at all the new technologies that are emerging so rapidly and impacting our lives like never before.

The law enforcement agencies today have to chase criminals who commit crime sitting anywhere on this planet, for whom geographical boundaries have become history and who commit crime in times less than nano- seconds. There are a number of technologies today, some looming on the horizon, which will pose tough questions for the law enforcement in times to come. The high standards of encryption being adopted by the industry today, the concept of machines talking to each other, the storage of data in cloud, 3D printing, artificial intelligence, block-chain, nanotechnology and dark net promise to pose serious questions for the law enforcement - starting from investigation to being able to convince the courts as per the law of the land. For successful prosecution the law enforcement will have to put all the pieces of electronic evidence together, collected from different sources and possibly different countries governed by different laws, produce it logically before the courts in a manner so that the law of the land is upheld and the guilty brought to the book – not an easy task by any standards.

This article is an attempt to understand the emerging technologies, its related trends and how they are impacting our lives every day. Some of these technologies as Artificial intelligence and Encryption have already made a big impact in our lives and the effects of these are being experienced by us each day. Artificial intelligence of Google scans our digital activities and sends us customer- specific advertisements. End-to-end encryption offered by WhatsApp has made this platform popular among people who want to talk privately and be away from the eyes and ears of law enforcement agencies. A huge impact of these new technologies has also been felt by the law enforcement agencies who are trying to understand the nuances of latest trends in the digital world. They are trying to understand the sequence of digital footprints left in cyberspace by these cutting edge technologies and how these can be collected by the investigating agencies and the wrong doer brought to the book. The battle does not end here. Many a times it becomes a tough job to make the judicial authorities understand the impact of these technologies and how these are being used by the criminals to compromise systems, steal data, extract ransom, stalk victims and sell illegal products on Net – to name a few of the digital crimes being committed these days. Through this article an attempt has been made to discuss some of these new technologies and trends today and how are they posing issues before the law enforcement agencies today – some tractable and some intractable. The current crop of investigators is also a mix of the old and the new generation. The new generation is able to understand technology, its nuances and the digital footprints and so is better placed to solve digital crimes. This article also highlights the lack of appropriate legislation today and how it has not kept pace with the challenges that technology is posing today. Since the Internet is an international playfield, it becomes difficult to have legislations having the same effect across all the countries of the globe. In times to come the law enforcement agencies will have to learn to cooperate and help out each other - formally and informally - if we are to lay our hands on the trans- global criminals and mafias who have spread their tentacles across a number of countries.  

I have hereinafter discussed some of the emerging trends and technologies and how they are impacting our lives and posing serious challenges to the law enforcement people in collecting evidence from different sources in different countries, putting them in the right sequence and finally try to convince the judiciary in a simple way that the criminal needs to be prosecuted as per the law of the land.  

 

Big data 

This term was coined in early 1990’s by John Mashey, working in Silicon Graphics, while referring to large sets of data which could not be managed or processed using traditional tools. Big data is what we are all confronted with after the proliferation of the Internet and the hugely popular Social media portals. 100 billion WhatsApp messages, 500 million Tweets, 350 million photos posted on Facebook, 95 million Instagram posts, 23 billion text messages and over 305 billion emails – this is the humongous data that we are all confronted with in ONE day. 

Big data is bound to reshape the way we live, work and think. Today almost all aspects of life are being turned into data. A complete datafication seems to be taking over all possible activities that we indulge in. Today companies and organisations are using all available data to make meaning out of it and help humanity understand and quantify the different aspects of our world. A large amount of information available is helping us today learn things that we could not comprehend or imagine earlier. All the emails, social media posts, tweets, phone numbers, age, sex, profession, place of work, number of friends etc can be studied to find patterns, correlations and causations for events and occurrences. The huge volumes of data spread across different platforms are being mined effectively by the corporates to send customer-specific advertisements. This data is also sold to desirous clients for a price, thereby compromising privacy of customers, as became well known in Cambridge Analytica case.  

The law enforcement authorities, have to virtually sweat it out to get the required juice from this huge data pile using keywords, strings, hash tags, geo-locations and user profiles to be able to shortlist on identity, occupation, modus- operandi etc of wanted persons. This kind of analysis does help the law enforcement agencies to deploy resources on crime/ areas for an effective utilisation of scarce resources. All this exercise is nowhere like trying to find a needle in a haystack but it is almost like trying to find a needle in an ocean. The amount of data that the law enforcement agencies collect in a routine manner are not collected by many other agencies. All this data if not analysed is of no value. With computing power increasing each day and storage becoming cheaper the law enforcement authorities are using advanced analytics and algorithms to search, aggregate and cross reference data so that meaningful information emerges. There are many email and social media platforms available for all to see which can be requested by law enforcement authorities through a court order for more information as metadata, which remains hidden from regular users. The law also authorises interception of communications over different platforms through a valid executive or a court order. With rise of technologies as IoT, Dark web, Blockchain, Virtual reality etc the challenges as well as opportunities available with law enforcement authorities have increased exponentially. The huge amounts of data produced by each technology, the near absence of tools and techniques available with the current day enforcement agencies to sort, sift and pinpoint the plausible alternative are challenges that exist. However data analytics as mapping, profiling or even predicting events are helping us appreciate the gravity of the dangers looming ahead and thereafter help us to prepare accordingly. The big data can be used meaningfully for predictive crime mapping and creating hotspots which would be based on type of crime, date/ month of occurrence, time of event, GPS locations, name of gang members etc. Data available publicly or obtained by court orders can also be analysed, churned and mined for patterns. All these help the law enforcement to utilise their scarce resources in a more efficient way by concentrating and supplementing their efforts in times/ locations/ seasons when the spike in crime is likely to take place rather than spread their resources evenly across all locations all the time. Machine learning algorithms used in conjunction with network analysis and data mining can help artificial intelligence throws up red flags and facilitate law enforcement agencies to come up with intelligent guesses to successfully shortlist and focus on crime and criminals.

 In this entire exercise privacy is a major area of concern as all kinds of data collection involves access to information of private individuals. To circumvent the reach of the authorities and to promote privacy a number of platforms have devised high grade end-to-end encryption and have even refused to accede to the demands of the government, as was exhibited in the San Bernardino incident relating to FBI and Apple. However most governments today insist on access to privately held information of individuals in the name of national security and sovereignty and wanting to detect crimes that affect society at large as can be seen in the number of suits filed by various governments against Google, Facebook, Microsoft etc relating to privacy and antitrust issues.

 

Dark web 

The origin of the word Dark Net can be traced to early 1970’s when such networks were planned in US for security purposes, as distinct from the ARPANET which later evolved into today’s Internet. This is that part of the Internet that is not accessible by normal search engines - is encrypted, anonymized and not indexed. It is because of these properties that the dark web has attracted a lot of illegal content and businesses too. However this platform has also proved to be a safe forum for whistle-blowers and political dissidents whose ideology and thinking is against the existing dispensation in a country. Access to dark web can be made by special browsers as Tor network or onion links. It operates on peer-to-peer principle and there is a network of sophisticated encryption and anonymization methods. The dark net is also a place where most of the illegal activities take place and stolen/ hacked / illegal data is sold for a price. The dark web gained notoriety in 2013 after the said perpetrator of Silk Road, who provided a platform for selling illegal drugs, was arrested in US after a long time. The dark web started using Bitcoins for its transactions as it was encrypted, made transactions pseudonymous and perfectly suited the beneficiaries who did not want to be identified and preferred systems which made things difficult to trace. The creators of dark net and bitcoin were certainly privacy minded but not ill intentioned. However their creations did not stop some from using this platform for illegal activities and also to get away from the prying eyes of law enforcement agencies. And it was all this anonymity and untracebility that made more companies like Silk road make forays in the dark web marketplace and take advantage of anonymity by providing a platform to deal in all things illegal – drugs, stolen credit cards, arms, ammunition, child pornography etc.

However the anonymity offered by Dark web works very well to the advantage of whistle- blowers and hacktivists also who use this platform to share information relating to inefficiencies of a government system, corruption in departments, scams and other acts which can possibly expose the wrong doings of a government. The dark web has been used by whistle- blowers like Julian Assange, Edward Snowden etc to expose the ill deeds of the government by sharing such information in the public domain. 

The law enforcement agencies find it very challenging to find vital information that is being exchanged in the dark web. All sites are encrypted, transmission and reception is through proxy servers, information is not indexed and each computer adds a layer of encryption to the message that only it can decrypt. However it is not uncommon for officers of different law enforcement agencies to be monitoring and investigating the dark web for not only keeping abreast of the latest trends in crime but also look for people peddling in stolen goods and selling illegal stuff. For the new generation of officers it is not too difficult a task to use this huge repository of information on crime and criminals for detecting scams, crimes which have higher gravity and which are difficult for the normal agencies to unearth. Since internet is inherently a trans-border issue, making legislation and regulations will always be challenging. There are some issues where all nations agree as pornography, child abuse etc but on a number of others as drugs, stolen credit cards, arms and ammunition etc there is not much agreement between different countries. The law enforcement agencies across different countries must therefore find ways to cooperate and evolve some basic agreeable tenets if they want to make effective use of the dark web because it is essentially a double edged weapon. It provides challenges and it also provides clues for all law enforcement to not only trace the wrong-doers but also to hold them accountable as per the law of the land.

 

Artificial Intelligence 

This term was coined by John McCarthy in 1956 to show that machines could exhibit intelligent behaviour. The world took notice of AI when in 1997 IBM’s Deep Blue defeated world chess champion Garry Kasparov and then again in 2011 when Apple introduced virtual digital assistant Siri. AI basically implies intelligence that is demonstrated by machines. The machines are made to learn to reason, plan, perceive and process natural language by means of computer algorithms which organize vast amounts of data into meaningful results based on certain instructions and rules. Our knowledge and understanding of AI today is seen in machines that understand human speech, do filtering based on our directions, raise red flags in banks and financial institutions depending on past records and patterns, compete at the highest level in games as Chess and Go, cars that navigate autonomously and in everyday events as Alexa (Amazon), Siri (Apple) and e-commerce portals which personalise our choices and offer products, learning from our shopping experiences etc. This field of science is based on the premise that human intelligence can be so accurately described that a machine can be made to simulate it. The accuracy and correct interpretation by any machine is dependent on the quantity and quality of data, the computing power available and evolving newer ways to solve and understand problems. However AI presents umpteen number of challenges too. The transparency in evolving algorithms without any corporate, social, ethnic or technical bias is a must. Any algorithm will be only as good as the data being fed. There have been reports about algorithms operating with racially biased data which totally subverts the end results, as has been brought out in Coded Bias - a 2020 Hollywood film. Accountability for flawed and biased algorithms is also an issue – whether the programmers or the users are to be held liable. The French have however set an example by declaring that all the algorithms used by the government agencies will be publicly available. 

 The law enforcement agencies have been using AI for predictive policing for some time now. Detection of online threats, identifying indecent images on Net, detecting unhealthy trends on Social media, identifying stolen vehicles by cameras, recognising known criminals by facial recognition are only some of the examples. With the huge amount of data being generated through cameras, video, social media, internet etc it is only AI that can detect crimes that would otherwise go undetected in the ocean of data and this will ensure greater public safety and increased public confidence in the criminal justice system. A number of cities in India are using facial recognition in the huge network of CCTV cameras to identify and track down known criminals. The same technology is also being used in the body- worn cameras by connecting them to the database of criminals and suspects. Suspicious behaviour of persons in public places are also picked up by AI for a detailed scrutiny before a conclusion is drawn. Huge amounts of crime data available with police for many years is being used to identify hot spots of crime or study its fluctuations in time and place. Similarly traffic related accidents and death data, studied over a period of time, have clearly revealed patterns that are predictable over time, place and month of the year. All these patterns are red-flagged by the AI embedded in the systems so as to forewarn the agencies that resources as manpower and equipment can be utilised more productively if these trends are noticed and action taken well in time.   

However law enforcement departments will be confronted with investigation relating to AI and it is then that they will have to look at the transparency aspect of the algorithms, whether at all there is any bias embedded into it – by oversight or by design, whether the data forming the basis of the algorithms is reliable and credible, ethical aspects associated with algorithms and whether any safety or security aspects are involved. All this will mean that the investigation team must have computer experts, software programmers, psychologists, legal eagles and many more. 

 

Blockchain

This ingenious invention was first introduced in 2009 by a person or a group of persons by the pseudonym Satoshi Nakamoto. He introduced the first peer-to-peer cryptocurrency – Bitcoin – with no intermediaries or any central authority. Blockchain implies an electronic ledger that is shared across many users. Each of its transactions creates a record that is time stamped and cannot be altered and all these records are linked to their previous one. The validation of these transactions is free and there is no central authority. The three sterling properties of any blockchain are decentralisation, transparency and immutability. 

 There is total decentralisation in the system as there is no central authority and the information available is open for all to see. All information held on a blockchain is shared across all persons and this gets continuously updated on the entire database. This implies that everyone in the network owns all the information. There are no intermediaries and so the transaction costs are zero. Thus this technology threatens all well-known intermediaries today as Amazon, Uber, AirBnB, Banks and financial institutions – all of whom charge a certain processing fee for all transactions made on these platforms. Blockchain gives a user transparency as well as complete privacy. Although a person is identified by his public address yet his real identity is concealed by a complex cryptography architecture. Thus his real identity is secure yet everyone can identify the transactions done by him by his public address. The third good quality about this concept is immutability or the inability to tamper with records once they have been entered. This is seen as a great asset for banks and financial institutions to check on frauds and embezzlements. Each transaction generates a hash value which is a string of numbers and letters. The cryptographic hash algorithm gives a fixed length to an input string of any length and this makes the output standardised and secure. Even a small change made in the input is reflected in a big way in the hash function. This is called the Avalanche effect, as this small change affects each block and gets known to all users in the blockchain. All records in a blockchain are permanent, placed chronologically and these are available to all other nodes. Since the database in not stored in any single location, hence it becomes difficult for a hacker to corrupt or hack the entire database. Since the nodes are spread throughout the world so capturing the entire network by hacking becomes virtually impossible as this would require a computer with enormous computing power. 

Banks and financial houses are experimenting with blockchains for ensuring secure tamper proof transactions. Critical infrastructure management is also venturing in this domain to ensure that data comes from authentic sources only. Academic credentials and other kind of property related documents can be authenticated using blockchain and made tamper proof and credible. Stock trading can also become more reliable if the chain of ownership becomes authentic. Since government working involves a lot of paper- based processes they can incorporate blockchain to minimize fraud and increase accountability and credibility in the system. All human resource based agencies can use blockchain to ensure correct background checks, past postings and date of birth issues – all of which are amenable to frauds. Publishing, Music industry, Pension programmes, Medical industry, Transportation, Accounting, e-Commerce etc are other areas which have started using blockchain to usher in more transparency, accountability and credibility in their systems.

 The law enforcement will be confronted with each of the above mentioned sectors to detect cases of fraud and embezzlement. In the investigation process blockchain can provide that extra layer of security and integrity to preserve the chain of evidence which becomes so very critical for prosecution to prove its case in the courts. The law enforcement departments will also have to come up with solutions which will red-flag any violations noticed in public records that are using blockchain. The requirement will therefore be of systems and software experts who understand blockchain and its intricacies. 

 

Cloud computing 

This term was introduced by Eric Schmidt in 2006 at a search engine conference at San Jose, California. This concept makes available ubiquitous 24x7 access to a shared pool of resources with minimal interference from any intermediary. The cloud model comprises of on-demand service, network access, resources available and a measurable service. The services provided can also be of varied types – software as a service, platform as a service or the infrastructure as a service. Today most of the people are beginning to store their personal data in the cloud as different from storing it on their PC’s till some years back. This architecture offers a number of benefits as economies of scale, reliability, scalability and all time accessibility. Files in the cloud are constantly updated, moved to different locations and their back up kept at different locations. Cloud computing’s distributed architecture permits data to be stored, processed and distributed over several data centres and numerous machines – all of which could be spread across different geographical locations and jurisdictions across the globe. There is complete decentralization of data centres, data logs and the physical location. The cloud service provider usually never informs the client about the location of his data storage and so the person who owns data has no clue about the actual location of this data. The cloud customer is also not able to collect network logs because the cloud architecture works under the control of the service provider. The service providers try and host their servers in countries which offer cheap data storage and have strict regulations regarding security, disclosure and privacy. 

When the law enforcement is faced with investigation of data stored in the cloud, the different locations/ countries make it difficult for them to obtain data about crime/ criminal activities because of different laws in different countries. The physical access to the servers, where the data is stored, is also at times technically not possible due to the remote locations of the servers in different countries. All this is in addition to the different operating systems, varied file formats, ever growing data size and the humungous storage devices that each investigating agency is confronted with during such digital investigations. Criminals these days are storing all kinds of incriminating data in such cloud servers which are spread in different countries and have strict laws regarding privacy and disclosure. A search warrant issued by one country may not have the same validity in another country. Trying to get a valid legal authorisation from the courts for search or seizure in another country may give the suspects or criminals ample time to modify, corrupt or even destroy the incriminating data which takes a few seconds only.  The main issue before the law enforcement is to collect data from different locations, governed by different legislations, connect them in a credible chain of evidence, ensure their proper custody and then try to convince prosecution and judiciary about the case. The lax response of the service provider and at times his ability to change/ corrupt the data in connivance with the criminals, when both are under investigation, are also issues that the investigator will be confronted with. Thus timely data acquisition is the biggest issue. The soundness of evidence, chain of custody and the admissibility of available evidence in the court of law will always be important factors in any investigation. Though tedious, time taking and difficult, yet the data retrieved from cloud sources could virtually be a goldmine of possible evidence for modern day forensic investigators. Therefore some kind of a common understanding needs to emerge between the law enforcement agencies all over the world to make timely information available to the law enforcement agency on lines of Budapest Convention 2004, also known as the Convention on Cybercrime of the Council of Europe, which serves as a guideline for international cooperation between countries which are signatories to this treaty. Only such measures can ensure that neither certain service providers nor some geographical locations become safe havens for unscrupulous elements. 

 

3D printing 

This concept came into being when Charles Hull invented Stereolithography in 1984. Patent related issues, however came in the way and not many people were able to use or explore this technology for a long time. Once the patents expired, this technology became available to people and with the rapid expansion of Internet this technology has reached places, it was never imagined. This technology basically implies manufacturing identical products using digital designs using product- specific printers. 3D printing has simplified manufacturing and it has democratised production by letting anyone produce goods in a do-it-yourself manner. The entry barrier in any field seems to have been broken. It has cut short the supply and the distribution chain because people are now manufacturing products with the help of computer-aideddesigns which are openly available on the Internet- either for free or for a price. These products are also customised to suit the specific needs of the user. The rapid spread of internet and the availability of all kinds of sophisticated designs available in open source has given a boost to 3D printing which has found good use in design industry, healthcare, prosthetics, construction, weapons, automobiles etc. 

The law enforcement was forced to sit up and take notice when Cody Wilson of US made a functional plastic gun in 2013 using 3D printing and thereafter posted the blueprint on the internet which was downloaded over 1,00,000 times. People have now produced accessories to different firearms sitting in the cosy comfort of their homes. It should not be surprising if people start making guns and other firearms resembling everyday items using 3D technique to escape the eyes of the enforcement agencies and the law. Criminals have CT scanned different kinds of locks and thereafter produced master keys using this to gain access to secure and protected areas. In Europe some have produced fake ATM facades to clone the data from the card users and thereafter used it to defraud card owners. Availability of digital designs on the open internet or the Dark net has created the possibility of huge amounts of fake branded products in the market. Although counterfeit goods are available even today but the easy availability of 3D printers would mean the production of such counterfeit goods on a large scale is possible in a decentralised manner by regularly shifting the place pf production. In not too distant a future, we may even be confronted with 3D printed illegal drugs, human organs or even weapons of destruction. 

The law enforcement agencies are also using this technology to their advantage by reconstructing the scene of crime, producing robotic arms for bomb disposal etc. This technology can be used to re-construct the scene of crime and to logically and pictorially explain the sequence of events to the courts for better appreciation and understanding. 3D scans of mutilated and disfigured bodies can lead to a better understanding of how the crime could have been committed and to explain the bullet marks, bodily injuries and better understand the sequence of events. How the law enforcement can prevent crooked minds from making illegal weapons, counterfeit goods, illegal drugs etc is something only time will tell. IP infringement will be a major issue that will need to be tackled. Legislation as Undetectable Firearms Act of the US will have to be thought of. But even when such illegal acts are found out, the tough job will be to trace the origin of the crime, the creator of the design and how he made it available to other perpetrators - who may have either committed the crime or were into preparation or making an attempt at it. Tough questions will arise regarding accountability as who is to be held liable – owner of the 3D printer, manufacturer of the printer, person who supplied the raw material to make the product or the person who committed the crime. Accountability for crime will take a completely new dimension. Rather than supplying illegal weapons, narcotic drugs etc to fellow criminals the smart criminal will now merely supply the digital designs to fellow criminals who in the privacy of their homes will be able to produce illegal weapons/ drugs. The evidence will have to collected from the original and other related digital printers, relate it to the products developed, tag it to the crime planned/ attempted/ committed and thereafter by applying appropriate legislation produce them before the court as per the law of the land. However criminal minds will always challenge the enforcement agencies by coming up with softwares as Disarming Corruptor which can use algorithms to conceal blueprints and bypass filters when they are posted on the internet.

 

Internet of things 

This term was coined by Kevin Ashton in 1999 when he was working on a project and wanted his management to look into this exciting technology. This idea had existed since 1970s when it was referred to as embedded internet. However today IoT is referred to as a network of devices that are connected to each other, talk to each other and share data based on algorithms over Wi-Fi/ Internet. It is estimated that today over 26 billion devices are connected to each other all over the world. The main sectors where this technology can be seen are smart cities, industrial devices, health related wearables, security gadgets, home appliances etc. Today we are seeing an implosion of IoT devices like Fitbits, smart cars, smart watches, mobile phones, virtual assistants, smart home appliances, CCTV cameras etc. This technology is spreading very rapidly and is expected to see exponential growth once the Internet moves from 4G to 5G. With hundreds of devices connected to each other, the crime scene of tomorrow will virtually be the Internet of things. 

The challenge before the law enforcing departments will be to quickly gather all related digital data and find out the digital presence/ absence of suspects and their accomplices and thereafter link the crime to the criminal. As the digital footprints at any crime scene increases so does the ability to collect, interpret and filter information using sensors, cloud infrastructure, advanced analytics and different algorithms. However as the race to connect more and more devices goes up, the manufacturers could possibly become lax towards ensuring strict security protocols and this is when these devices will become targets for hackers who can gain access to different networks and then either corrupt, compromise, disable them or seek ransom amounts for making them normal once again. Privacy of data and the requirement of law enforcement authorities of the same set of data for investigation will be ticklish issues that will have to be sorted out by appropriate legislations.

The enforcement agencies in India are already familiar with this technology. The tracking of errant drivers on the road using smart cameras which after recognising the registration number of the car, compares it with the Vaahan database and thereafter sends the traffic challan to the centralised database as well as on the mobile number of the car owner using the Sarathi database. Body cameras transmit data to the central server to look for known criminals as well record transactional events for record. Drones and other surveillance devices also transmit data to a remote location where this data is collated, filtered and meaningful data retained for use. The challenge for law enforcement agency at any crime scene will now be to understand the number of devices that are connected to each other, the evidence present in each device, collect all such digital evidence, ensure correctness in the chain of evidence and finally produce it in the court of law. Thereafter the prosecution and the judiciary also needs to be convinced about the credibility of evidence collected and the veracity of the digital evidence collected from different devices before a criminal can be prosecuted. Remote access in this technology also enables devices from across the borders to talk to each other which might involve collecting evidence from a different country which will imply different laws, mutual treaties and international relations – an extremely time taking task. Tackling encrypted data across IoT devices can also pose issues during investigation. However using more and more digital footprints to track down the criminals can only help in understanding the trends in crime, save time and money for organisations, increase the confidence of public in enforcement agencies and finally assist the courts by producing incontrovertible digital evidence before the courts. Faster analytical and scientific responses from the investigative agencies will improve the reaction time and give quality output which can act as a deterrent for the wrong doers and tackle problems before they assume epidemic proportions. IoT is therefore a double edged sword – though it opens up many windows for the wrong doer to compromise systems, the opportunities available to the law enforcement departments also increase manifold and this clearly outweighs the downside that exists in this game.

 

Encryption 

This word has its origin in the Greek word kryptos meaning hidden and graphein means to write. This technology scrambles data in a manner so that it becomes unreadable to intermediaries and to all those for whom it is not intended. The objective of this technique is to jumble up data that is being sent so that it appears like garbage to one who is not authorised to see it. There are many technologies to encrypt data and these come in many forms with the key size and strength being the basic differences. Encryption is essentially of two types – Asymmetric and Symmetric. The Asymmetric encryption uses two different keys – public and private – to encrypt and decrypt data or message. RSA (Rivest- Shamir- Aldeman, names of scientists)  is the most popular example of this category. Symmetric encryption involves only one key called the secret key which is used to encrypt and decrypt data. Examples of this technique are Triple DES (Data Encryption Standard), Blowfish, Twofish, AES (Advanced Encryption Standard) – each of which differs from the other in terms of individual keys and bit length. These are known for their speed and overall effectiveness and are used by e-commerce and secure payment platforms. In fact AES is the algorithm most trusted by the US government. It is a very secure platform because it uses 128, 192 or 256 bit key for encryption and decryption. With even a 128 bit key the possible values come to 2128 which makes it virtually impossible for even the fastest supercomputer to crack the code in a foreseeable time domain. Since the computational requirements of this algorithm are low, AES is popularly used on all laptops and smartphones which support Android, iOS, Windows etc. This encryption can be seen on popular applications as WhatsApp, Signal, Telegram, WinZip etc. 

 With cyber-attacks becoming an everyday affair, security specialists are ever busy trying to evolve newer techniques to keep data safe. Whether it is email, stored data or chat, some kind of encryption is required to safeguard the integrity of data. Data of 533 million users of Facebook from over 100 countries was hacked and was available for sale in early April 2021. Similarly data of over 500 million users of LinkedIn was also up for sale in second week of April 2021. India does not have a very robust data-protection regime and the Personal Data Protection Bill 2019, presently under scrutiny of the Joint Parliamentary Committee is a step in the right direction. This Bill seeks to apply Data protection regime to both the government and private entities and emphasises data security and data privacy. Meanwhile the government of India has introduced Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 which has come into force on 26th May 2021. These rules mandate that the platforms and publishers will have to inform I&B Ministry about what they publish, nature of content and size of subscriber base within 30 days of notification of these Rules. Social media platforms will also have to reveal the first originator of a post in response to a court order or a request of law enforcement within 72 hours in the interests of sovereignty and integrity of country or other specified grave crimes apart from appointing a resident Compliance officer, Grievance officer and a nodal contact person.

 With the fast pace at which IoT is expanding the cybercriminals will get that many more ways to gain access to systems and data. Each not-too-secure device will provide a window for the unscrupulous elements to get into unsecured systems and compromise data. But, as can be seen from above examples, even the strategy to encrypt everything is not working. The idea should be to have maximum Integrity in the system. How to safeguard the encryption keys and the digital certificates is the key. Snowden compromised the credentials of his administrators at NSA who had access to encrypted data and he used this to gain access to highly classified data which he later revealed to the world. Similarly data of Lockheed Martin was also compromised, not because the encryption was cracked, but because the RSA SecurID tokens were stolen.   

Though privacy is a good thing for the common man, this technology is also being actively used by criminals, anti-national elements and nefarious people who want to secretly talk about their plans, conclude deals and set rendezvous points for delivery of illegal goods - all away from the prying eyes and ears of law enforcement agencies. The most common example today is the extensive use of WhatsApp with its end-to-end encryption which is almost impossible to crack. There are also a number of email services as Lavabit, Hushmail, Protonmail etc which are end-to-end encrypted which espouse the cause of civil liberty activists and promise complete digital privacy and zero access to email/ data of clients. Even those empowered under the law, are unable to decode them. These are causing serious problems for the law enforcement authorities today. Even ex President of US Barack Obama said “you can’t have 100% security, 100% privacy and zero inconvenience”.

 

Conclusion

With the pace at which India is galloping in the Digital age, it is imperative that the law enforcement agencies all over the country understand and appreciate the technology trends today, train their manpower to face the challenges, associate experts from various fields to understand the nuances of each technology and also educate the prosecution and the judicial system if some tangible results are to be seen, else it will be a case of the left hand not knowing what the right hand is doing. It is only when a synergy develops between the different systems that the people will develop confidence in the law enforcement agencies and they will be a step ahead of the criminals and bring them to the book diligently and professionally.  ( 5982 words )

***************



(Published in The Indian Police Journal - July- September 2021 issue)

Posted by at No comments:
Subscribe to: Posts (Atom)