Achieving data privacy in police investigations involving digital evidence
In an opinion article, Leeor Ben-Peretz, chief strategy officer at Cellebrite, discusses the importance of protecting the privacy of citizens while using technological policing solutions
Cybertech
| 03/02/2021
Leeor Ben-Peretz. Photo: Cellebrite
Thursday, January 28, was International Data Privacy Day (Data Protection Day in Europe). This day was initiated in 2007 to raise awareness and promote best practices for preserving privacy and protecting data. As law enforcement agencies continue to evolve amidst the rapidly changing digital landscape, many agencies are transforming the way they work and employing far more robust platforms to handle data management across the investigation workflow.
Digital Intelligence (DI) is the data collected and preserved from digital sources (smartphones, computers, the cloud, etc.) and the process by which agencies collect, review, analyze, manage and obtain insights from this data to more efficiently run their investigations. DI has now become the driving force behind modern digital policing investigative efforts.
In utilizing high-tech solutions, however, law enforcement has opened the door to criticism from citizens. The lack of understanding by the general public regarding how critical data is used to keep their communities safe has led to individuals wondering if their privacy is being infringed upon. Setting standards that clearly outline how technology is used in the context of investigations and making citizens aware that these safeguards are in place to protect their privacy, allows law enforcement to do their job more effectively and efficiently.
Facing The Privacy Challenge
As Policing 2025, a recent white paper published by IDC and Cellebrite makes very clear, “As technology development continues to outpace the regulatory environment — artificial intelligence and facial recognition are good examples of this phenomenon — there are urgent calls from technology providers, privacy advocates, and police agencies alike to frame the appropriate legal, policy, and ethical environments to proactively and thoughtfully guide technology deployment.”
Techlash. Many view the advances in digital technology with great skepticism. To many, AI is a technological boogeyman—a black box destined to reveal everything about them to everyone. Machine learning is likewise seen as a tool that by using algorithms to advance decision-making, may be inherently biased.
The IACP summit report titled “Going Dark,” paints a vivid picture of this problem. “New technologies and strategies developed to advance network security, however, can also prevent law enforcement and justice agencies from executing lawful court orders to investigate criminal or terrorist incidents, or to secure electronic evidence.
Due to nearly universal support for efforts to use strong encryption and other technologies to secure cell phones, email, text messages, and other online communications and transactions, recent initiatives by industry to develop and deploy encryption and sophisticated tools to protect the privacy of their customers have created barriers to complying with lawful court orders to provide access to digital evidence.”
These issues raise important questions about the ethical and lawful use of Digital Intelligence and technology that must be answered. To overcome these objections and restore community trust, law enforcement agencies need to have a rigid set of standard operating procedures in place that outline exactly how these advanced digital solutions are to be used during investigations. How is the data to be collected, managed, stored? Most importantly, how will it remain secure so that personal privacy can be absolutely ensured?
Privacy In Digital Policing
A recent article from F5 Labs summarizes why setting standards for Confidentiality, Integrity, and Availability (CIA) is key to keeping investigations within legal boundaries while also providing a roadmap to ensuring personal privacy. Here’s how these best practices work.
Confidentiality: Promoting confidentiality is all about keeping data private. Just as credit card information is kept secret in the business world, data relating to investigations must also be sacrosanct. Law enforcement agencies can ensure this by only allowing authorized individuals to access specific data so that the right people see the right information at the right time during an investigation.
Anyone who is unauthorized should be prohibited from accessing the data. Confidentiality can be compromised, of course, either illicitly through cyberattacks aimed at gaining access or even accidentally through human error. Therefore it is paramount for agencies to have strict countermeasures in place (stringent access controls, multi-word authentication protocols, and adequate training for all staff members involved in the digital investigative process) to ensure data is protected.
Integrity: In the world of Digital Policing, “integrity” refers to data that has been lawfully collected, managed, and analyzed in such a way that the integrity of the data is always maintained. Protecting the digital chain of custody is of absolute necessity lest valuable data (evidence) be rendered inadmissible in court. This is why it is vital for law enforcement organizations to have strict protocols in place that document how the data was collected, who collected the data, where and how it was stored, and who had access to it.
All of this points to having SOPs like digital logs and e-signatures in place throughout the investigation’s workflow so that every step in the digital chain of custody can be audited.
Availability: Having systems up and running that allow authorized team members to have access to the right data when they need it is what “availability” is all about. Many things, including system failures due to power outages, software failures, cyberattacks, and malware can make availability impossible. Therefore preventive measures like backup systems and recovery solutions are so important.
Transparency is key. To regain public trust, citizens must be able to clearly understand that the use of digital solutions to solve crimes is following a strict set of guidelines and that agencies are being held to the highest ethical standards to ensure that the safety of communities is being protected without infringing on personal privacy.
Establishing Privacy Guidelines
The Policing 2025 paper suggests that to guarantee privacy, policing solutions and workflow should be: fair — algorithmically fair using unbiased data; explainable — to many stakeholders; robust — safe, secure, and private, with a human in the loop; traceable — understand the provenance of training data sets and metadata; and transparent — reporting in action, communication of results, and auditable.
By Leeor Ben-Peretz, chief strategy officer at Cellebrite
In an opinion article, Leeor Ben-Peretz, chief strategy officer at Cellebrite, discusses the importance of protecting the privacy of citizens while using technological policing solutions
Leeor Ben-Peretz. Photo: Cellebrite
Thursday, January 28, was International Data Privacy Day (Data Protection Day in Europe). This day was initiated in 2007 to raise awareness and promote best practices for preserving privacy and protecting data. As law enforcement agencies continue to evolve amidst the rapidly changing digital landscape, many agencies are transforming the way they work and employing far more robust platforms to handle data management across the investigation workflow.
Digital Intelligence (DI) is the data collected and preserved from digital sources (smartphones, computers, the cloud, etc.) and the process by which agencies collect, review, analyze, manage and obtain insights from this data to more efficiently run their investigations. DI has now become the driving force behind modern digital policing investigative efforts.
In utilizing high-tech solutions, however, law enforcement has opened the door to criticism from citizens. The lack of understanding by the general public regarding how critical data is used to keep their communities safe has led to individuals wondering if their privacy is being infringed upon. Setting standards that clearly outline how technology is used in the context of investigations and making citizens aware that these safeguards are in place to protect their privacy, allows law enforcement to do their job more effectively and efficiently.
Facing The Privacy Challenge
As Policing 2025, a recent white paper published by IDC and Cellebrite makes very clear, “As technology development continues to outpace the regulatory environment — artificial intelligence and facial recognition are good examples of this phenomenon — there are urgent calls from technology providers, privacy advocates, and police agencies alike to frame the appropriate legal, policy, and ethical environments to proactively and thoughtfully guide technology deployment.”
Techlash. Many view the advances in digital technology with great skepticism. To many, AI is a technological boogeyman—a black box destined to reveal everything about them to everyone. Machine learning is likewise seen as a tool that by using algorithms to advance decision-making, may be inherently biased.
The IACP summit report titled “Going Dark,” paints a vivid picture of this problem. “New technologies and strategies developed to advance network security, however, can also prevent law enforcement and justice agencies from executing lawful court orders to investigate criminal or terrorist incidents, or to secure electronic evidence.
Due to nearly universal support for efforts to use strong encryption and other technologies to secure cell phones, email, text messages, and other online communications and transactions, recent initiatives by industry to develop and deploy encryption and sophisticated tools to protect the privacy of their customers have created barriers to complying with lawful court orders to provide access to digital evidence.”
These issues raise important questions about the ethical and lawful use of Digital Intelligence and technology that must be answered. To overcome these objections and restore community trust, law enforcement agencies need to have a rigid set of standard operating procedures in place that outline exactly how these advanced digital solutions are to be used during investigations. How is the data to be collected, managed, stored? Most importantly, how will it remain secure so that personal privacy can be absolutely ensured?
Privacy In Digital Policing
A recent article from F5 Labs summarizes why setting standards for Confidentiality, Integrity, and Availability (CIA) is key to keeping investigations within legal boundaries while also providing a roadmap to ensuring personal privacy. Here’s how these best practices work.
Confidentiality: Promoting confidentiality is all about keeping data private. Just as credit card information is kept secret in the business world, data relating to investigations must also be sacrosanct. Law enforcement agencies can ensure this by only allowing authorized individuals to access specific data so that the right people see the right information at the right time during an investigation.
Anyone who is unauthorized should be prohibited from accessing the data. Confidentiality can be compromised, of course, either illicitly through cyberattacks aimed at gaining access or even accidentally through human error. Therefore it is paramount for agencies to have strict countermeasures in place (stringent access controls, multi-word authentication protocols, and adequate training for all staff members involved in the digital investigative process) to ensure data is protected.
Integrity: In the world of Digital Policing, “integrity” refers to data that has been lawfully collected, managed, and analyzed in such a way that the integrity of the data is always maintained. Protecting the digital chain of custody is of absolute necessity lest valuable data (evidence) be rendered inadmissible in court. This is why it is vital for law enforcement organizations to have strict protocols in place that document how the data was collected, who collected the data, where and how it was stored, and who had access to it.
All of this points to having SOPs like digital logs and e-signatures in place throughout the investigation’s workflow so that every step in the digital chain of custody can be audited.
Availability: Having systems up and running that allow authorized team members to have access to the right data when they need it is what “availability” is all about. Many things, including system failures due to power outages, software failures, cyberattacks, and malware can make availability impossible. Therefore preventive measures like backup systems and recovery solutions are so important.
Transparency is key. To regain public trust, citizens must be able to clearly understand that the use of digital solutions to solve crimes is following a strict set of guidelines and that agencies are being held to the highest ethical standards to ensure that the safety of communities is being protected without infringing on personal privacy.
Establishing Privacy Guidelines
The Policing 2025 paper suggests that to guarantee privacy, policing solutions and workflow should be: fair — algorithmically fair using unbiased data; explainable — to many stakeholders; robust — safe, secure, and private, with a human in the loop; traceable — understand the provenance of training data sets and metadata; and transparent — reporting in action, communication of results, and auditable.
By Leeor Ben-Peretz, chief strategy officer at Cellebrite
