Monday, 14 July 2014

From Police Oracle with thanks

 Posted in Police Oracle

Date - 11th July 2014
By - Stuart Hyde

Operational policing challenges of digital evidence
One of the challenges to policing is securing evidence from digital devices.

So often simple demands for service require officers to have an understanding of technology including how to secure and access evidence or intelligence from digital devices. Likewise reference to social media has grown substantially to an extent that many incidents and calls for service now have a digital aspect. That can range from allegations of Facebook bullying, to recovering images of missing people, from identity fraud, to producing evidence of drug offences.

Now, evidence or information from digital devices or social media can be required in a large proportion of cases or calls for service. Reference to social media in incident logs has more than doubled in the last two years.

Backlogs, changing technology, access to support, the risk of damage or corruption of data, are just some of the barriers to effective policing. Officers investigating a criminal act often need to produce evidence, which has traditionally been located in fingerprints, DNA, witness information, suspect behaviour and other investigative techniques.

These days' investigators require much more information, intelligence and data from digital devices. Yet the process for securing that evidence is often subject to log jams and remotely located High Tech Crime Units.

What the investigator needs is direct access to the contents of the device, quickly and effectively to allow an informed and effective interrogation, and linking it to more traditional techniques.

Over the years the quantum of data that could potentially be considered has grown exponentially in relation to the availability of people to gather and analyse that data. Now, terabytes of data are the norm and much more difficult both to search and to analyse.

Identifying evidence that can show connection between fellow criminals, location of suspects at a particular moment in time, the ownership of images of child abuse, or logs demonstrating connectivity prior to a hack or an identity crime, are all valued in the investigative process.

Providing the investigator with the ability to examine and assess that data is of paramount importance. Keeping all digital work centralised, in remote locations where expensive journeys are essential to secure evidence, will not always reduce the current backlogs or help to develop the digital investigation skills of officers.

Police officers only want to serve their public and are often frustrated by the time it takes to secure evidence from a seized laptop, tablet phone or hard drive. The delay in securing this evidence and slowing up the investigation is as annoying to the investigator as it is to the public.

Waiting six months to view evidence from a seized computer is simply not good enough for the investigation or the public.

By using commercially available software or outsourcing, the backlog can be reduced. However, this is only part of the solution. Bringing officers into the investigation process and allowing them some engagement and ability to analyse will help to develop their professional digital skills.

Keeping officers isolated and remote, could discourage seizing digital devices or miss the opportunity to help them learn. A solution that matches upholding digital forensics standards, as well as allowing effective and efficient analysis of the digital recovery, will help officers to understand digital evidence and prepare them for the future.

I wrote this in my role as Director of Solutions Law Enforcement, CCL Group
Do you have an interesting news story? Contact the Police Oracle newsdesk on 0203 119 3360
or alternatively get in touch via the contact form.

Saturday, 29 March 2014

Principles of Reform for Govt Data and Internet Providers

Several key and transnational organisations have joined together to create a need for Governments to work together to improve their respective surveillance capabilities. With an element of common sense they have asked Governments to work together to create a single system that creates consistency and transparency.

It is hard to argue from a commercial basis with these principles. In fact many in law enforcement would love to have common systems operating across borders making it easier for them to tackle crime.

However at this stage these principles ignore the sanctity of Nation States and the complexity of politics and diplomacy required to make it work

That said they are nonetheless issues of great concern to people, particularly as the signatory organisations have "populations" that far exceed many States. In fact the finances of some would far exceed the collective wealth of many States. 

So whilst transnational organisations such as Interpol and The EU should strive for consistency the principles described should also reflect principles for industry. I have made some additional suggestions below

"The Global Government Surveillance Reform

The undersigned companies believe that it is time for the world’s governments to address the practices and laws regulating government surveillance of individuals and access to their information.

While the undersigned companies understand that governments need to take action to protect their citizens’ safety and security, we strongly believe that current laws and practices need to be reformed.

Consistent with established global norms of free expression and privacy and with the goals of ensuring that government law enforcement and intelligence efforts are rule-bound, narrowly tailored, transparent, and subject to oversight, we hereby call on governments to endorse the following principles and enact reforms that would put these principles into action."

The Principles

1 Limiting Governments’ Authority to Collect Users’ Information

Governments should codify sensible limitations on their ability to compel service providers to disclose user data that balance their need for the data in limited circumstances, users’ reasonable privacy interests, and the impact on trust in the Internet. In addition, governments should limit surveillance to specific, known users for lawful purposes, and should not undertake bulk data collection of Internet communications.
Industry should fully commit to working together regardless of commercial sensitivities to fight crime that occurs through or within their networks. Further they should commit to create a single access points that is joined up. So an investigation that covers both MS and Google for example there should be a One Stop Shop. Whilst industry expects nation states to work outside of territorial cultural and economic differences, so should they.

2 Oversight and Accountability

Intelligence agencies seeking to collect or compel the production of information should do so under a clear legal framework in which executive powers are subject to strong checks and balances. Reviewing courts should be independent and include an adversarial process, and governments should allow important rulings of law to be made public in a timely manner so that the courts are accountable to an informed citizenry.
Industry should agree a common application process that transcends all companies and helps to standardise requests for information. Equally in order to deliver the approach, once agreed, Industry should provide suitable training. Civil and criminal law rulings made concerning all industry members should be made public. 

3 Transparency About Government Demands

Transparency is essential to a debate over governments’ surveillance powers and the scope of programs that are administered under those powers. Governments should allow companies to publish the number and nature of government demands for user information. In addition, governments should also promptly disclose this data publicly.
Governments should disclose how much industry contributes to detecting and preventing crime or otherwise. Industry should work together to identify good practice amongst its members and ensure that all effort is made to reduce opportunities for crime.

4 Respecting the Free Flow of Information

The ability of data to flow or be accessed across borders is essential to a robust 21st century global economy. Governments should permit the transfer of data and should not inhibit access by companies or individuals to lawfully available information that is stored outside of the country. Governments should not require service providers to locate infrastructure within a country’s borders or operate locally.

Industry operating across national boundaries should identify the simplest and most effective method for law enforcement to access data and should create an agreed process to enable the crime to be effectively investigated. Where industry operates across borders, as all the signatories do, they should be committed to creating a single access point irrespective of country origin and agree a single method of request across industry.

5 Avoiding Conflicts Among Governments

In order to avoid conflicting laws, there should be a robust, principled, and transparent framework to govern lawful requests for data across jurisdictions, such as improved mutual legal assistance treaty — or “MLAT” — processes. Where the laws of one jurisdiction conflict with the laws of another, it is incumbent upon governments to work together to resolve the conflict.

MLAT can always be improved. Where industry identifies any inconsistency in it they also have an obligation to raise that concern and seek an effective method of resolution with the core objective of reducing and detecting crime.

The principles suggested are laudable and would be hard to challenge from a commercial basis working in isolation. However they do not reflect the historic, cultural, legal and economic differences between States. They are however principles and they should be based on a willingness to make the use of internet services safer and more reliable to the benefit of humanity in all it's guises. 

Expecting States to transform into one large Global unit is somewhat challenging to accept. However a joint commitment to work together for a common purpose will test the strength and reasoning of the barriers and confusion the principles seek to address. For that reason they are a good starting point. But they must be part of a two way process not a one way valve. Industry should use the strength of its power and influence to improve and work for a safer digital world. The commitment by much of industry is evident and it has shown the value of a safer digital world. 

Law Enforcement and Governments need to respond to these principles by reflecting how they can overcome unnecessary barriers but also create the effective dynamic relationships with industrial partners that will result in a safer digital world for all. Ambitious and possibly too egalitarian? but worth fighting for. I suspect that most front line cops and tax paying citizens would expect it.

Monday, 17 March 2014



 Fancy climbing a hill at night to take part in an amazing spectacle and raise money for a fantastic charity?
I ran a similar event last year which attracted six hundred participants who reported having an incredible, emotional and enjoyable experience they would never forget.
If you wish to submit a team and want further details, then please contact me as below. There are no restrictions on who participates.
The walk will take place in the early hours of Saturday 31ST May 2014, where teams will ascend every one of the 214 Wainwright peaks in order to light powerful lamps at 0400hrs.
This will obviously require an ascent in darkness, wrapped up with a headtorch, and thus teams must have the assistance of either experienced walkers, ex military personnel etc with experience of map reading/night navigation.
I have secured sponsorship through ‘Thwaites’ brewery and arranged a post walk party at Ambleside Rugby Club for the late afternoon/evening of Saturday 31st May

I guarantee it’s the most fun you’ll have in an anorak!

I guarantee it’s the most fun you’ll have in an anorak!

Popular Posts in last 7 Days