The boom in personal electronic devices recording literally every persons’ step introduced a new type of forensic evidence: the digital evidence. In this day and age, significantly more forensic evidence is available in digital form compared to physical evidence of yesteryear. Are law enforcement and intelligence agencies ready to handle the abundance of digital evidence? And more importantly, do frontline officers have the skills and technical expertise required to handle and preserve this wealth of information?
Digital forensic evidence is a major challenge today, and will become even more of a challenge tomorrow. Crypto currencies and the dark net created an effective shield for criminals committing online fraud and extorting ransom, trafficking drugs and human beings, supporting and financing international terrorism.
Digital evidence that lands on end user devices is also well shielded from investigation efforts. The unilateral push for hardware-backed secure encryption by major vendors of mobile operating systems (Google and Apple) covers criminals with almost unbreakable protection, building a wall around digital evidence that could be vital for investigations.
At the same time, Apple, Google and Microsoft are pushing cloud services, moving more and more evidence into their respective cloud services. Digital evidence stored in the cloud is also securely encrypted, but the three companies retain decryption keys allowing unrestricted access to the majority of information.
Apple is slowly adopting an extra encryption layer, protecting parts of their customers’ data with an additional encryption key computed from information only known by the user (their screen lock password or system password). At this time, only Health, stored passwords and iCloud messages are protected with this extra encryption, yet there are no technological obstacles to prevent Apple from encrypting more of the data using the same tech. The iCloud Keychain was first to make use of the tech back in 2013. It was not until late 2018 when Apple expanded the coverage to Health and Messages. While Apple is moving at a slow pace, we can see steady progress on stronger encryption to further shield criminals from law enforcement efforts.
The battle between privacy and law enforcement is not going away any time soon. Does the person’s right to be protected against the prying eye of oppressive governments outweigh the ability of a law enforcement officer to effectively investigate real crime? We still don’t have technologies that could be only used against criminal offenders while effectively protecting the innocent citizen.
Balancing the right for individual privacy with the others’ rights to remain safe and protected is no easy task. There is little official word from major vendors about the balance, and there is still a significant grey area around everything digital.
Each country’s laws are different, and digital evidence is no exception. Law enforcement agencies in the United States can compel third-party companies such as mobile carriers or cloud services to turn over the suspect’s data. There are multiple legal ways to request this information, each requiring meticulous attention to detail. Companies such as Apple, Google and Microsoft have published guidelines for the law enforcement detailing which legal avenues can be used to request information, what information they will and will not provide, and how their customers are protected against unlawful data requests. For example, Apple has published its legal-process guidelines for law enforcement, a sample request form, as well as the detailed Privacy – Government Information Requests document. In addition, Apple publishes annual Transparency Records, disclosing the number of LE requests they received during the calendar year.
In some countries, governments disrespect the person’s right for individual privacy, putting much higher value to effective law enforcement. In China, a police officer has authority to sign the required paperwork for requesting information from Apple. The Chinese government has pushed Apple to keep their customers’ data on servers that are physically located in China. As a result, Chinese users’ data is now stored in China on servers that belong to state-run telecom. While this had caused legitimate concern among privacy advocates, one has to remember that Apple still keeps all relevant encryption keys in their local facility in Cupertino while only storing encrypted data (without the keys) on Chinese servers.
The volume and variety of digital evidence, the strong protection of said evidence and the technologically advanced countermeasures developed by various companies (and, specifically, by Apple) are an ongoing challenge. Investigating crime becomes increasingly complex, demanding full involvement and effective collaboration between everyone involved on every stage of the investigation. There cost of countering technological protection measures grows exponentially, while the probability of successfully gaining access to digital access stored in physical devices is rapidly declining.
In our view, the growing difficulty of preserving information and accessing digital evidence stored in personal electronic devices will make investigation efforts prohibitively complex and/or prohibitively expensive in the next few years. This will make cloud forensics even more important than it is now. The law enforcement, police and intelligence officers must be constantly learning about the challenges of digital forensics. Frontline officers must be trained regularly to use up to date methods of seizing and transporting personal electronic devices and preserving digital evidence.
Our goal is to help law enforcement keep everyone safe. We strive to help law enforcement gaining lawful access to digital evidence. Our role in the “keeping up” debate is not limited to providing the necessary tools for accessing digital evidence. We do our best to educate experts on up to date situation in the digital realm. We are training officers to handle personal electronic devices and preserve digital evidence, explaining the right approach and teaching the latest methods and techniques to extract evidence.