Technology Trends - Challenges for Policing
Article
Technology today is changing very fast. We have gone from
landline to mobile phones, from self-driving cars to autonomous cars, from 2G
to 5G technology and Internet and Social media portals have brought the world
closer than we could have ever imagined. All these changes in technology have
brought in different issues for citizens as well as law enforcement agencies.
Whereas on the one hand privacy is very important for the dignity and liberty
of any individual, on the other hand the tracing of evidence in this electronic
age, its credible collection, production in the court of law and being able to
convince the judiciary are things that the law enforcement is constantly being
confronted with, looking at all the new technologies that are emerging so
rapidly and impacting our lives like never before.
The law enforcement agencies today have to chase criminals
who commit crime sitting anywhere on this planet, for whom geographical
boundaries have become history and who commit crime in times less than nano-
seconds. There are a number of technologies today, some looming on the horizon,
which will pose tough questions for the law enforcement in times to come. The
high standards of encryption being adopted by the industry today, the concept
of machines talking to each other, the storage of data in cloud, 3D printing,
artificial intelligence, block-chain, nanotechnology and dark net promise to
pose serious questions for the law enforcement - starting from investigation to
being able to convince the courts as per the law of the land. For successful
prosecution the law enforcement will have to put all the pieces of electronic
evidence together, collected from different sources and possibly different
countries governed by different laws, produce it logically before the courts in
a manner so that the law of the land is upheld and the guilty brought to the
book – not an easy task by any standards.
This article is an attempt to understand the emerging
technologies, its related trends and how they are impacting our lives every
day. Some of these technologies as Artificial intelligence and Encryption have
already made a big impact in our lives and the effects of these are being
experienced by us each day. Artificial intelligence of Google scans our digital
activities and sends us customer- specific advertisements. End-to-end
encryption offered by WhatsApp has made this platform popular among people who
want to talk privately and be away from the eyes and ears of law enforcement
agencies. A huge impact of these new technologies has also been felt by the law
enforcement agencies who are trying to understand the nuances of latest trends
in the digital world. They are trying to understand the sequence of digital
footprints left in cyberspace by these cutting edge technologies and how these
can be collected by the investigating agencies and the wrong doer brought to
the book. The battle does not end here. Many a times it becomes a tough job to
make the judicial authorities understand the impact of these technologies and
how these are being used by the criminals to compromise systems, steal data,
extract ransom, stalk victims and sell illegal products on Net – to name a few
of the digital crimes being committed these days. Through this article an
attempt has been made to discuss some of these new technologies and trends
today and how are they posing issues before the law enforcement agencies today
– some tractable and some intractable. The current crop of investigators is
also a mix of the old and the new generation. The new generation is able to
understand technology, its nuances and the digital footprints and so is better
placed to solve digital crimes. This article also highlights the lack of
appropriate legislation today and how it has not kept pace with the challenges
that technology is posing today. Since the Internet is an international
playfield, it becomes difficult to have legislations having the same effect
across all the countries of the globe. In times to come the law enforcement
agencies will have to learn to cooperate and help out each other - formally and
informally - if we are to lay our hands on the trans- global criminals and
mafias who have spread their tentacles across a number of countries.
I have hereinafter discussed some of the emerging trends
and technologies and how they are impacting our lives and posing serious
challenges to the law enforcement people in collecting evidence from different
sources in different countries, putting them in the right sequence and finally
try to convince the judiciary in a simple way that the criminal needs to be
prosecuted as per the law of the land.
Big data
This term was coined in early 1990’s by John Mashey,
working in Silicon Graphics, while
referring to large sets of data which could not be managed or processed using
traditional tools. Big data is what we are all confronted with after the
proliferation of the Internet and the hugely popular Social media portals. 100
billion WhatsApp messages, 500 million Tweets, 350 million photos posted on
Facebook, 95 million Instagram posts, 23 billion text messages and over 305
billion emails – this is the humongous data that we are all confronted with in ONE
day.
Big data is bound to reshape the way we live, work and
think. Today almost all aspects of life are being turned into data. A complete datafication seems to be taking over all
possible activities that we indulge in. Today companies and organisations are
using all available data to make meaning out of it and help humanity understand
and quantify the different aspects of our world. A large amount of information
available is helping us today learn things that we could not comprehend or
imagine earlier. All the emails, social media posts, tweets, phone numbers,
age, sex, profession, place of work, number of friends etc can be studied to
find patterns, correlations and causations for events and occurrences. The huge
volumes of data spread across different platforms are being mined effectively
by the corporates to send customer-specific advertisements. This data is also
sold to desirous clients for a price, thereby compromising privacy of
customers, as became well known in Cambridge
Analytica case.
The law enforcement authorities, have to virtually sweat it
out to get the required juice from
this huge data pile using keywords, strings, hash tags, geo-locations and user
profiles to be able to shortlist on identity, occupation, modus- operandi etc
of wanted persons. This kind of analysis does help the law enforcement agencies
to deploy resources on crime/ areas for an effective utilisation of scarce
resources. All this exercise is nowhere like trying to find a needle in a
haystack but it is almost like trying to find a needle in an ocean. The amount of data that the law enforcement
agencies collect in a routine manner are not collected by many other agencies.
All this data if not analysed is of no value. With computing power increasing
each day and storage becoming cheaper the law enforcement authorities are using
advanced analytics and algorithms to search, aggregate and cross reference data
so that meaningful information emerges. There are many email and social media
platforms available for all to see which can be requested by law enforcement
authorities through a court order for more information as metadata, which
remains hidden from regular users. The law also authorises interception of
communications over different platforms through a valid executive or a court
order. With rise of technologies as IoT, Dark web, Blockchain, Virtual reality
etc the challenges as well as opportunities available with law enforcement
authorities have increased exponentially. The huge amounts of data produced by
each technology, the near absence of tools and techniques available with the
current day enforcement agencies to sort, sift and pinpoint the plausible
alternative are challenges that exist. However data analytics as mapping,
profiling or even predicting events are helping us appreciate the gravity of
the dangers looming ahead and thereafter help us to prepare accordingly. The
big data can be used meaningfully for predictive crime mapping and creating
hotspots which would be based on type of crime, date/ month of occurrence, time
of event, GPS locations, name of gang members etc. Data available publicly or
obtained by court orders can also be analysed, churned and mined for patterns.
All these help the law enforcement to utilise their scarce resources in a more
efficient way by concentrating and supplementing their efforts in times/
locations/ seasons when the spike in crime is likely to take place rather than
spread their resources evenly across all locations all the time. Machine
learning algorithms used in conjunction with network analysis and data mining
can help artificial intelligence throws up red flags and facilitate law
enforcement agencies to come up with intelligent guesses to successfully
shortlist and focus on crime and criminals.
In
this entire exercise privacy is a major area of concern as all kinds of data
collection involves access to information of private individuals. To circumvent
the reach of the authorities and to promote privacy a number of platforms have
devised high grade end-to-end encryption and have even refused to accede to the
demands of the government, as was exhibited in the San Bernardino incident relating to FBI and Apple. However most
governments today insist on access to privately held information of individuals
in the name of national security and sovereignty and wanting to detect crimes
that affect society at large as can be seen in the number of suits filed by
various governments against Google, Facebook, Microsoft etc relating to privacy
and antitrust issues.
Dark web
The origin of the word Dark Net can be traced to early
1970’s when such networks were planned in US for security purposes, as distinct
from the ARPANET which later evolved into today’s Internet. This is that part
of the Internet that is not
accessible by normal search engines - is encrypted, anonymized and not indexed.
It is because of these properties that the dark web has attracted a lot of
illegal content and businesses too. However this platform has also proved to be
a safe forum for whistle-blowers and political dissidents whose ideology and
thinking is against the existing
dispensation in a country. Access to dark web can be made by special browsers
as Tor network or onion links. It operates on peer-to-peer
principle and there is a network of sophisticated encryption and anonymization
methods. The dark net is also a place where most of the illegal activities take
place and stolen/ hacked / illegal data is sold for a price. The dark web
gained notoriety in 2013 after the said perpetrator of Silk Road, who provided a platform for selling illegal drugs, was
arrested in US after a long time. The dark web started using Bitcoins for its transactions as it was
encrypted, made transactions pseudonymous and perfectly suited the
beneficiaries who did not want to be identified and preferred systems which
made things difficult to trace. The creators of dark net and bitcoin were
certainly privacy minded but not ill intentioned. However their creations did
not stop some from using this platform for illegal activities and also to get
away from the prying eyes of law enforcement agencies. And it was all this
anonymity and untracebility that made more companies like Silk road make forays
in the dark web marketplace and take advantage of anonymity by providing a
platform to deal in all things illegal – drugs, stolen credit cards, arms,
ammunition, child pornography etc.
However the anonymity offered by Dark web works very well
to the advantage of whistle- blowers and hacktivists also who use this platform
to share information relating to inefficiencies of a government system,
corruption in departments, scams and other acts which can possibly expose the
wrong doings of a government. The dark web has been used by whistle- blowers
like Julian Assange, Edward Snowden etc to expose the ill deeds of the
government by sharing such information in the public domain.
The law enforcement agencies find it very challenging to
find vital information that is being exchanged in the dark web. All sites are
encrypted, transmission and reception is through proxy servers, information is
not indexed and each computer adds a layer of encryption to the message that
only it can decrypt. However it is not uncommon for officers of different law
enforcement agencies to be monitoring and investigating the dark web for not
only keeping abreast of the latest trends in crime but also look for people
peddling in stolen goods and selling illegal stuff. For the new generation of
officers it is not too difficult a task to use this huge repository of
information on crime and criminals for detecting scams, crimes which have
higher gravity and which are difficult for the normal agencies to unearth.
Since internet is inherently a trans-border issue, making legislation and
regulations will always be challenging. There are some issues where all nations
agree as pornography, child abuse etc but on a number of others as drugs,
stolen credit cards, arms and ammunition etc there is not much agreement
between different countries. The law enforcement agencies across different
countries must therefore find ways to cooperate and evolve some basic agreeable
tenets if they want to make effective use of the dark web because it is
essentially a double edged weapon. It provides challenges and it also provides
clues for all law enforcement to not only trace the wrong-doers but also to
hold them accountable as per the law of the land.
Artificial Intelligence
This term was
coined by John McCarthy in 1956 to show that machines could exhibit intelligent
behaviour. The world took notice of AI when in 1997 IBM’s Deep Blue defeated world chess champion Garry Kasparov and then
again in 2011 when Apple introduced virtual digital assistant Siri. AI basically implies intelligence
that is demonstrated by machines. The machines are made to learn to reason,
plan, perceive and process natural language by means of computer algorithms
which organize vast amounts of data into meaningful results based on certain
instructions and rules. Our knowledge and understanding of AI today is seen in
machines that understand human speech, do filtering based on our directions,
raise red flags in banks and financial institutions depending on past records
and patterns, compete at the highest level in games as Chess and Go, cars that
navigate autonomously and in everyday events as Alexa (Amazon), Siri (Apple)
and e-commerce portals which personalise our choices and offer products,
learning from our shopping experiences etc. This field of science is based on
the premise that human intelligence can be so accurately described that a
machine can be made to simulate it. The accuracy and correct interpretation by
any machine is dependent on the quantity and quality of data, the computing
power available and evolving newer ways to solve and understand problems.
However AI presents umpteen number of challenges too. The transparency in
evolving algorithms without any corporate, social, ethnic or technical bias is
a must. Any algorithm will be only as good as the data being fed. There have
been reports about algorithms operating with racially biased data which totally
subverts the end results, as has been brought out in Coded Bias - a 2020 Hollywood film. Accountability for flawed and
biased algorithms is also an issue – whether the programmers or the users are
to be held liable. The French have however set an example by declaring that all
the algorithms used by the government agencies will be publicly available.
The
law enforcement agencies have been using AI for predictive policing for some
time now. Detection of online threats, identifying indecent images on Net,
detecting unhealthy trends on Social media, identifying stolen vehicles by
cameras, recognising known criminals by facial recognition are only some of the
examples. With the huge amount of data being generated through cameras, video,
social media, internet etc it is only AI that can detect crimes that would
otherwise go undetected in the ocean of data and this will ensure greater
public safety and increased public confidence in the criminal justice system. A
number of cities in India are using facial recognition in the huge network of
CCTV cameras to identify and track down known criminals. The same technology is
also being used in the body- worn cameras by connecting them to the database of
criminals and suspects. Suspicious behaviour of persons in public places are
also picked up by AI for a detailed scrutiny before a conclusion is drawn. Huge
amounts of crime data available with police for many years is being used to
identify hot spots of crime or study its fluctuations in time and place.
Similarly traffic related accidents and death data, studied over a period of
time, have clearly revealed patterns that are predictable over time, place and
month of the year. All these patterns are red-flagged by the AI embedded in the
systems so as to forewarn the agencies that resources as manpower and equipment
can be utilised more productively if these trends are noticed and action taken
well in time.
However law enforcement departments will be confronted with
investigation relating to AI and it is then that they will have to look at the
transparency aspect of the algorithms, whether at all there is any bias
embedded into it – by oversight or by design, whether the data forming the
basis of the algorithms is reliable and credible, ethical aspects associated
with algorithms and whether any safety or security aspects are involved. All
this will mean that the investigation team must have computer experts, software
programmers, psychologists, legal eagles and many more.
Blockchain
This ingenious invention was first introduced in 2009 by a
person or a group of persons by the pseudonym Satoshi Nakamoto. He introduced
the first peer-to-peer cryptocurrency – Bitcoin – with no intermediaries or any
central authority. Blockchain implies an electronic ledger that is shared
across many users. Each of its transactions creates a record that is time
stamped and cannot be altered and all these records are linked to their
previous one. The validation of these transactions is free and there is no
central authority. The three sterling properties of any blockchain are decentralisation,
transparency and immutability.
There is total decentralisation in the system as there is no central authority and
the information available is open for all to see. All information held on a
blockchain is shared across all persons and this gets continuously updated on
the entire database. This implies that everyone in the network owns all the
information. There are no intermediaries and so the transaction costs are zero.
Thus this technology threatens all well-known intermediaries today as Amazon,
Uber, AirBnB, Banks and financial institutions – all of whom charge a certain
processing fee for all transactions made on these platforms. Blockchain gives a
user transparency as well as complete
privacy. Although a person is identified by his public address yet his real
identity is concealed by a complex cryptography architecture. Thus his real
identity is secure yet everyone can identify the transactions done by him by
his public address. The third good quality about this concept is immutability or the inability to tamper
with records once they have been entered. This is seen as a great asset for
banks and financial institutions to check on frauds and embezzlements. Each
transaction generates a hash value which is a string of numbers and letters.
The cryptographic hash algorithm gives a fixed length to an input string of any
length and this makes the output standardised and secure. Even a small change
made in the input is reflected in a big way in the hash function. This is
called the Avalanche effect, as this
small change affects each block and gets known to all users in the blockchain.
All records in a blockchain are permanent, placed chronologically and these are
available to all other nodes. Since the database in not stored in any single
location, hence it becomes difficult for a hacker to corrupt or hack the entire
database. Since the nodes are spread throughout the world so capturing the
entire network by hacking becomes virtually impossible as this would require a
computer with enormous computing power.
Banks and financial houses are experimenting with
blockchains for ensuring secure tamper proof transactions. Critical
infrastructure management is also venturing in this domain to ensure that data
comes from authentic sources only. Academic credentials and other kind of
property related documents can be authenticated using blockchain and made
tamper proof and credible. Stock trading can also become more reliable if the
chain of ownership becomes authentic. Since government working involves a lot
of paper- based processes they can incorporate blockchain to minimize fraud and
increase accountability and credibility in the system. All human resource based
agencies can use blockchain to ensure correct background checks, past postings
and date of birth issues – all of which are amenable to frauds. Publishing,
Music industry, Pension programmes, Medical industry, Transportation,
Accounting, e-Commerce etc are other areas which have started using blockchain
to usher in more transparency, accountability and credibility in their systems.
The
law enforcement will be confronted with each of the above mentioned sectors to
detect cases of fraud and embezzlement. In the investigation process blockchain
can provide that extra layer of security and integrity to preserve the chain of
evidence which becomes so very critical for prosecution to prove its case in
the courts. The law enforcement departments will also have to come up with
solutions which will red-flag any violations noticed in public records that are
using blockchain. The requirement will therefore be of systems and software
experts who understand blockchain and its intricacies.
Cloud computing
This term was introduced by Eric Schmidt in 2006 at a
search engine conference at San Jose, California. This concept makes
available ubiquitous 24x7 access to a
shared pool of resources with minimal interference from any intermediary. The
cloud model comprises of on-demand service, network access, resources available
and a measurable service. The services provided can also be of varied types –
software as a service, platform as a service or the infrastructure as a
service. Today most of the people are beginning to store their personal data in
the cloud as different from storing it on their PC’s till some years back. This
architecture offers a number of benefits as economies of scale, reliability,
scalability and all time accessibility. Files in the cloud are constantly
updated, moved to different locations and their back up kept at different
locations. Cloud computing’s distributed architecture permits data to be
stored, processed and distributed over several data centres and numerous
machines – all of which could be spread across different geographical locations
and jurisdictions across the globe. There is complete decentralization of data
centres, data logs and the physical location. The cloud service provider
usually never informs the client about the location of his data storage and so
the person who owns data has no clue about the actual location of this data. The
cloud customer is also not able to collect network logs because the cloud
architecture works under the control of the service provider. The service
providers try and host their servers in countries which offer cheap data
storage and have strict regulations regarding security, disclosure and
privacy.
When the law enforcement is faced with investigation of
data stored in the cloud, the different locations/ countries make it difficult
for them to obtain data about crime/ criminal activities because of different
laws in different countries. The physical access to the servers, where the data
is stored, is also at times technically not possible due to the remote
locations of the servers in different countries. All this is in addition to the
different operating systems, varied file formats, ever growing data size and
the humungous storage devices that each investigating agency is confronted with
during such digital investigations. Criminals these days are storing all kinds
of incriminating data in such cloud servers which are spread in different
countries and have strict laws regarding privacy and disclosure. A search
warrant issued by one country may not have the same validity in another
country. Trying to get a valid legal authorisation from the courts for search
or seizure in another country may give the suspects or criminals ample time to
modify, corrupt or even destroy the incriminating data which takes a few
seconds only. The main issue before the
law enforcement is to collect data from different locations, governed by
different legislations, connect them in a credible chain of evidence, ensure
their proper custody and then try to convince prosecution and judiciary about
the case. The lax response of the service provider and at times his ability to
change/ corrupt the data in connivance with the criminals, when both are under
investigation, are also issues that the investigator will be confronted with.
Thus timely data acquisition is the biggest issue. The soundness of evidence,
chain of custody and the admissibility of available evidence in the court of
law will always be important factors in any investigation. Though tedious, time
taking and difficult, yet the data retrieved from cloud sources could virtually
be a goldmine of possible evidence for modern day forensic investigators.
Therefore some kind of a common understanding needs to emerge between the law
enforcement agencies all over the world to make timely information available to
the law enforcement agency on lines of Budapest
Convention 2004, also known as the Convention
on Cybercrime of the Council of Europe, which serves as a guideline for
international cooperation between countries which are signatories to this
treaty. Only such measures can ensure that neither certain service providers
nor some geographical locations become safe havens for unscrupulous
elements.
3D printing
This concept came into being when Charles Hull invented Stereolithography in 1984. Patent
related issues, however came in the way and not many people were able to use or
explore this technology for a long time. Once the patents expired, this
technology became available to people and with the rapid expansion of Internet
this technology has reached places, it was never imagined. This technology
basically implies manufacturing identical products using digital designs using
product- specific printers. 3D printing has simplified manufacturing and it has
democratised production by letting anyone produce goods in a do-it-yourself
manner. The entry barrier in any field seems to have been broken. It has cut
short the supply and the distribution chain because people are now
manufacturing products with the help of computer-aideddesigns which are openly
available on the Internet- either for free or for a price. These products are
also customised to suit the specific needs of the user. The rapid spread of
internet and the availability of all kinds of sophisticated designs available
in open source has given a boost to 3D printing which has found good use in
design industry, healthcare, prosthetics, construction, weapons, automobiles
etc.
The law enforcement was forced to sit up and take notice
when Cody Wilson of US made a functional plastic gun in 2013 using 3D printing
and thereafter posted the blueprint on the internet which was downloaded over
1,00,000 times. People have now produced accessories to different firearms
sitting in the cosy comfort of their homes. It should not be surprising if
people start making guns and other firearms resembling everyday items using 3D
technique to escape the eyes of the enforcement agencies and the law. Criminals
have CT scanned different kinds of locks and thereafter produced master keys
using this to gain access to secure and protected areas. In Europe some have
produced fake ATM facades to clone the data from the card users and thereafter
used it to defraud card owners. Availability of digital designs on the open
internet or the Dark net has created the possibility of huge amounts of fake
branded products in the market. Although counterfeit goods are available even
today but the easy availability of 3D printers would mean the production of
such counterfeit goods on a large scale is possible in a decentralised manner
by regularly shifting the place pf production. In not too distant a future, we
may even be confronted with 3D printed illegal drugs, human organs or even
weapons of destruction.
The law enforcement agencies are also using this technology
to their advantage by reconstructing the scene of crime, producing robotic arms
for bomb disposal etc. This technology can be used to re-construct the scene of
crime and to logically and pictorially explain the sequence of events to the
courts for better appreciation and understanding. 3D scans of mutilated and
disfigured bodies can lead to a better understanding of how the crime could
have been committed and to explain the bullet marks, bodily injuries and better
understand the sequence of events. How the law enforcement can prevent crooked
minds from making illegal weapons, counterfeit goods, illegal drugs etc is
something only time will tell. IP infringement will be a major issue that will
need to be tackled. Legislation as Undetectable
Firearms Act of the US will have to be thought of. But even when such
illegal acts are found out, the tough job will be to trace the origin of the
crime, the creator of the design and how he made it available to other
perpetrators - who may have either committed the crime or were into preparation
or making an attempt at it. Tough questions will arise regarding accountability
as who is to be held liable – owner of the 3D printer, manufacturer of the
printer, person who supplied the raw material to make the product or the person
who committed the crime. Accountability for crime will take a completely new
dimension. Rather than supplying illegal weapons, narcotic drugs etc to fellow
criminals the smart criminal will now merely supply the digital designs to
fellow criminals who in the privacy of their homes will be able to produce
illegal weapons/ drugs. The evidence will have to collected from the original
and other related digital printers, relate it to the products developed, tag it
to the crime planned/ attempted/ committed and thereafter by applying
appropriate legislation produce them before the court as per the law of the
land. However criminal minds will always challenge the enforcement agencies by
coming up with softwares as Disarming
Corruptor which can use algorithms to conceal blueprints and bypass filters
when they are posted on the internet.
Internet of things
This term was coined by Kevin Ashton in 1999 when he was
working on a project and wanted his management to look into this exciting
technology. This idea had existed since 1970s when it was referred to as embedded internet. However today IoT is
referred to as a network of devices that are connected to each other, talk to
each other and share data based on algorithms over Wi-Fi/ Internet. It is
estimated that today over 26 billion devices are connected to each other all
over the world. The main sectors where this technology can be seen are smart
cities, industrial devices, health related wearables, security gadgets, home
appliances etc. Today we are seeing an implosion of IoT devices like Fitbits,
smart cars, smart watches, mobile phones, virtual assistants, smart home
appliances, CCTV cameras etc. This technology is spreading very rapidly and is
expected to see exponential growth once the Internet moves from 4G to 5G. With
hundreds of devices connected to each other, the crime scene of tomorrow will
virtually be the Internet of things.
The challenge before the law enforcing departments will be
to quickly gather all related digital data and find out the digital presence/
absence of suspects and their accomplices and thereafter link the crime to the
criminal. As the digital footprints at any crime scene increases so does the
ability to collect, interpret and filter information using sensors, cloud
infrastructure, advanced analytics and different algorithms. However as the
race to connect more and more devices goes up, the manufacturers could possibly
become lax towards ensuring strict security protocols and this is when these
devices will become targets for hackers who can gain access to different
networks and then either corrupt, compromise, disable them or seek ransom
amounts for making them normal once again. Privacy of data and the requirement
of law enforcement authorities of the same set of data for investigation will
be ticklish issues that will have to be sorted out by appropriate legislations.
The enforcement agencies in India are already familiar with
this technology. The tracking of errant drivers on the road using smart cameras
which after recognising the registration number of the car, compares it with
the Vaahan database and thereafter
sends the traffic challan to the centralised database as well as on the mobile
number of the car owner using the Sarathi
database. Body cameras transmit data to the central server to look for known
criminals as well record transactional events for record. Drones and other
surveillance devices also transmit data to a remote location where this data is
collated, filtered and meaningful data retained for use. The challenge for law
enforcement agency at any crime scene will now be to understand the number of
devices that are connected to each other, the evidence present in each device,
collect all such digital evidence, ensure correctness in the chain of evidence
and finally produce it in the court of law. Thereafter the prosecution and the
judiciary also needs to be convinced about the credibility of evidence
collected and the veracity of the digital evidence collected from different
devices before a criminal can be prosecuted. Remote access in this technology
also enables devices from across the borders to talk to each other which might
involve collecting evidence from a different country which will imply different
laws, mutual treaties and international relations – an extremely time taking
task. Tackling encrypted data across IoT devices can also pose issues during
investigation. However using more and more digital footprints to track down the
criminals can only help in understanding the trends in crime, save time and
money for organisations, increase the confidence of public in enforcement
agencies and finally assist the courts by producing incontrovertible digital
evidence before the courts. Faster analytical and scientific responses from the
investigative agencies will improve the reaction time and give quality output
which can act as a deterrent for the wrong doers and tackle problems before
they assume epidemic proportions. IoT is therefore a double edged sword –
though it opens up many windows for the wrong doer to compromise systems, the
opportunities available to the law enforcement departments also increase
manifold and this clearly outweighs the downside that exists in this game.
Encryption
This word has its origin in the Greek word kryptos meaning hidden and graphein means to write. This technology scrambles data in a
manner so that it becomes unreadable to intermediaries and to all those for
whom it is not intended. The objective of this technique is to jumble up data
that is being sent so that it appears like garbage to one who is not authorised
to see it. There are many technologies to encrypt data and these come in many
forms with the key size and strength being the basic differences. Encryption is
essentially of two types – Asymmetric and Symmetric. The Asymmetric encryption
uses two different keys – public and private – to encrypt and decrypt data or
message. RSA (Rivest- Shamir- Aldeman,
names of scientists) is the most
popular example of this category. Symmetric encryption involves only one key
called the secret key which is used to encrypt and decrypt data. Examples of
this technique are Triple DES (Data
Encryption Standard), Blowfish, Twofish, AES (Advanced Encryption Standard) – each of which differs from the
other in terms of individual keys and bit length. These are known for their
speed and overall effectiveness and are used by e-commerce and secure payment
platforms. In fact AES is the algorithm most trusted by the US government. It
is a very secure platform because it uses 128, 192 or 256 bit key for
encryption and decryption. With even a 128 bit key the possible values come to
2128 which makes it virtually impossible for even the fastest
supercomputer to crack the code in a foreseeable time domain. Since the
computational requirements of this algorithm are low, AES is popularly used on
all laptops and smartphones which support Android, iOS, Windows etc. This
encryption can be seen on popular applications as WhatsApp, Signal, Telegram,
WinZip etc.
With
cyber-attacks becoming an everyday affair, security specialists are ever busy
trying to evolve newer techniques to keep data safe. Whether it is email,
stored data or chat, some kind of encryption is required to safeguard the
integrity of data. Data of 533 million users of Facebook from over 100
countries was hacked and was available for sale in early April 2021. Similarly
data of over 500 million users of LinkedIn was also up for sale in second week
of April 2021. India does not have a very robust data-protection regime and the
Personal Data Protection Bill 2019,
presently under scrutiny of the Joint Parliamentary Committee is a step in the
right direction. This Bill seeks to apply Data protection regime to both the
government and private entities and emphasises data security and data privacy.
Meanwhile the government of India has introduced Information Technology (Intermediary Guidelines and Digital Media
Ethics Code) Rules, 2021 which has come into force on 26th May
2021. These rules mandate that the
platforms and publishers will have to inform I&B Ministry about what they
publish, nature of content and size of subscriber base within 30 days of
notification of these Rules. Social media platforms will also have to reveal
the first originator of a post in
response to a court order or a request of law enforcement within 72 hours in
the interests of sovereignty and integrity of country or other specified grave
crimes apart from appointing a resident Compliance officer, Grievance officer
and a nodal contact person.
With
the fast pace at which IoT is expanding the cybercriminals will get that many
more ways to gain access to systems and data. Each not-too-secure device will
provide a window for the unscrupulous elements to get into unsecured systems
and compromise data. But, as can be seen from above examples, even the strategy
to encrypt everything is not working.
The idea should be to have maximum Integrity
in the system. How to safeguard the encryption keys and the digital
certificates is the key. Snowden compromised the credentials of his
administrators at NSA who had access to encrypted data and he used this to gain
access to highly classified data which he later revealed to the world.
Similarly data of Lockheed Martin was also compromised, not because the
encryption was cracked, but because the RSA SecurID tokens were stolen.
Though privacy is a good thing for the common man, this
technology is also being actively used by criminals, anti-national elements and
nefarious people who want to secretly talk about their plans, conclude deals
and set rendezvous points for delivery of illegal goods - all away from the
prying eyes and ears of law enforcement agencies. The most common example today
is the extensive use of WhatsApp with its end-to-end encryption which is almost
impossible to crack. There are also a number of email services as Lavabit,
Hushmail, Protonmail etc which are end-to-end encrypted which espouse the cause
of civil liberty activists and promise complete digital privacy and zero access
to email/ data of clients. Even those empowered under the law, are unable to
decode them. These are causing serious problems for the law enforcement
authorities today. Even ex President of US Barack Obama said “you can’t have 100% security, 100% privacy
and zero inconvenience”.
Conclusion
With the pace at which India is galloping in the Digital
age, it is imperative that the law enforcement agencies all over the country
understand and appreciate the technology trends today, train their manpower to
face the challenges, associate experts from various fields to understand the
nuances of each technology and also educate the prosecution and the judicial
system if some tangible results are to be seen, else it will be a case of the
left hand not knowing what the right hand is doing. It is only when a synergy
develops between the different systems that the people will develop confidence
in the law enforcement agencies and they will be a step ahead of the criminals
and bring them to the book diligently and professionally. ( 5982 words )
***************
(Published in The Indian Police Journal - July- September 2021 issue)
No comments:
Post a Comment