Coming Out of the Dark

Picture a house on a street in a neighborhood. The person who owns that house has built a monstrosity of a wall that is virtually impossible to get through. The community knows that children in that house are being sexually abused. Society would not consider that wall to constitute a reasonable expectation of privacy, especially when it stands in the way of justice for the children. Society would empower the local law enforcement officials to find a way through, and the local agency would have the tools it needs to penetrate the wall in a lawful manner and to investigate those suspected to ensure those heinous crimes stopped and justice is served. Yet today, there is ambiguity within new online communities surfacing and the “walls” around them, in parallel to our traditional communities. 

The modern, digitally connected world has created enormous benefits for individual’s business and personal lives. People have the opportunity to connect for commercial and social reasons more easily than in other time in human history. However, the advancements in technology have not been wholly positive. The development of consumer encryption, both on mobile devices and data in transit from “apps”; the dark web; and cryptocurrencies, to name just a few technologies, have created a situation where sophisticated criminals who are abusing children, trafficking human beings, committing fraud, or enabling terrorism have a significant amount of digital privacy shielding them from investigation and prosecution through technological means.  

This reality has been extended to other areas of criminal activity such as domestic disputes, cyber bullying, drug trafficking, and murder where the critical evidence is often found in digital formats on mobile devices, buried in “app” data, or in other connected devices like fitness trackers, such as Fitbits, or voice-activated assistants like Google Home or the Amazon Echo. Law enforcement agencies and the broader criminal justice system are not provided the resources they need to keep up with the digital evidence they must be able to access and investigate.  

There are more than 2 billion smartphones in the world today, and they are the primary tool for accessing the online world. There are 2 billion more connected devices. There are more than 5 million apps in the Apple and Google app stores (up from 150,000 in 2008).1 And there are more than 1,300 different types of known cryptocurrencies, each with its own governance or lack thereof. Some of these cryptocurrencies were explicitly created to enable criminal activity.2  

Under this current reality, law enforcement agencies are struggling to keep pace with all the crimes with a digital evidence component, even when they can technically recover the critical evidence from devices and apps. In a survey conducted by Magnet Forensics, the majority of the 476 responding law enforcement agencies reported a backlog in their digital forensics labs, and 38 percent of them self-reported backlogs ranging from 3 months to over a year. Many of the agencies also reported that only the digital evidence related to major crimes, such as homicide and child sexual exploitation, receives the attention of their digital forensics lab.  

By 2020, research firm Gartner estimates there will be 20 billion connected devices in the world.3 Add to that the growth in the app market, and law enforcement’s area of virtual jurisdiction and the amount of technology they will have to understand will sprawl ever wider. As society becomes even more digitally connected and savvy, there will be an expectation from the public that law enforcement agencies will keep pace.  

The volume of digital evidence, the variety of that evidence coming in to law enforcement agencies, and the velocity at which it is evolving is an ongoing challenge. It will soon become another serious test of the public’s trust in these agencies’ ability to uphold the rule of law.  

This is an existential challenge for law enforcement; it is also one the leaders in law enforcement can and should tackle. It will require agencies to reimagine how they recruit, train, partner, procure, investigate, and interrelate with the broader criminal justice sector. It will also require taking a more activist approach to public policy in the years ahead. 

Reimagining Law Enforcement in the Digital Age 

The London Metropolitan Police in the United Kingdom recently released their Digital Policing Strategy. Their vision outlines the need for transformative change, “responding to crime that is increasingly complex and costly to investigate.”4 The Metropolitan Police have seen a decrease in some traditional areas of crime, but report a significant rise of more complex crime types “including terrorist offences, sexual offences, and online crime.”5 These trends are not unique to London or the United Kingdom. Much of the advanced industrialized world is experiencing the same trends and should take note of the Metropolitan Police’s robust response to the challenge. 

First, the organization has committed to wrestling the backlogs in their digital forensics labs to a more manageable position where they can accept evidence for any investigation, regardless of its magnitude, and turn it around to an investigator in a timely fashion.  

It has also recognized that digital forensics talent is highly expensive and difficult to come by. Digital forensic experts have coveted skills and designations and often command salaries in the private sector that the public sector cannot compete with. Further, the tenure of these investigators can be limited, given the amount of child sexual abuse materials many of them are exposed to over the life of their career and the post-traumatic stress many face as a result.  

The Metropolitan Police has begun to tackle these challenges in the lab first by harnessing technology. Having highly trained and expensive digital investigators conduct routine tasks such as cataloging, acquiring, and processing the digital evidence is not an efficient use of resources. The agency has deployed simple and intuitive digital case management and automation software tools and utilized less costly personnel, including civilians, to handle the routine parts of the process.  

The agency is also beginning to utilize artificial intelligence technology to triage evidence, focusing investigators on the most relevant evidence in their cases. The agency has even considered outsourcing non-major crime investigations where growth is occurring, like fraud. Finally, the Metropolitan Police has considered moving to cloud-based storage for its digital forensic evidence to increase processing power and improve security while reducing the agency’s long-term data storage costs.  

While the improvements in the lab are an important first step, the digital evidence challenge is growing at a pace that will require a larger, agency-wide, digital transformation. Today, digital forensics professionals make up roughly 1 percent of total sworn officers. Empowering more parts of the agency to handle digital evidence is fundamental to addressing the challenge.  

Other agencies in the United Kingdom have begun to leverage technology to enable greater collaboration between the digital forensics lab and non-technical investigators who understand the context of the case they are working on. These tools provide simple and intuitive reports about the digital evidence that can be transmitted electronically in a secure fashion, as opposed the more common physical transmission, which  is onerous, lacks security controls, and is costly.  

The technology-enabled approach allows a non-technical investigator to advance a case by giving him or her the ability to review the digital evidence in an easy-to-search manner that also allows them to visualize it, analyze it, and make notes—all while preserving the forensic integrity of the data. Should technical challenges arise, such as deleted data that are substantial to the case, the investigator can collaborate remotely with the digital forensics lab. This alleviates the burden on the lab and allows digital forensics staff to focus on the toughest technical challenges as opposed to having to learn the context of every case with a digital component. Agencies are beginning to extend this approach to prosecutors who also require the ability to understand the critical digital evidence in a timely fashion and need to collaborate with both the investigating officer and the technical specialist. 

Other agencies around the world, such as the Singapore Police, have also extended the principle to frontline law enforcement personnel. They realize that many of their new officers are “digital natives” and want to be part of the technological transformation in their agency. Such forward-leaning agencies are considering cost-effective tools and training modules that allow their frontline officers to acquire digital evidence in the field, as well as triage it in cases where there are numerous devices in question.  

In some case types, forward-leaning agencies are also considering allowing personnel in the field to review the evidence for certain crime types such as domestic disputes and child bullying. Others are considering using such technologies to address cases with a high volume of digital evidence from witnesses or victims, such as digital evidence generated during a nightclub shooting incident. These agencies have realized that they would not likely get authorization from the witnesses or the victims if the device was confiscated for weeks on end to go to the lab, but they could get cooperation if they could collect the evidence on scene.  

This approach could be transformational for policing as it would alleviate the burdens on digital forensics labs, while ensuring all digital evidence gets reviewed in a timely manner. However, to be successful, the tools that empower frontline officers to handle digital evidence will also require meaningful training and oversight to ensure appropriate use. 

Agencies like the Metropolitan Police and Singapore Police know they can’t develop these technology tools in-house. Software development isn’t within their core capabilities—or responsibilities, for that matter. That isn’t to say  the agencies aren’t integral to the development process. Understanding law enforcement’s existing technology investments, workflow, personnel traits, their jurisdiction’s unique legal requirements, and other knowledge is fundamental to building the right tools at a reasonable cost. That’s why these agencies are utilizing a co-development approach with technology partners who have the capabilities and who share in their mission to transform law enforcement for the digital age.  

If agencies can address their current digital evidence backlog challenges, there is also great opportunity to turn this lawfully acquired data into an asset to improve investigations and reduce crime. If such agencies move to storing their digital forensic evidence in the cloud, they will have the ability to develop consolidated search and other analysis functions, such as geolocation and suspect connection identification, across cases. Further, they will be able to leverage artificial intelligence technology to discover commonalities between cases, giving investigators better starting points.  

Ultimately, law enforcement has the ability to shift the data it collects in investigations from a liability to an asset. But to achieve this vision, along with all the technology agencies will develop to deal with digital evidence in the future, law enforcement leaders must also consider privacy considerations at every step of the way or they risk losing the public’s trust and the lawful authority to use such tools at any given time.  

Public Policy Advocacy: Reshaping the Dichotomy of Security versus Privacy  

Privacy advocates and the large technology platform companies have latched on to recent public opinion that has expressed concern that law enforcement and national security agencies can’t be trusted when it comes to monitoring individual’s private digital communications. They have used this sentiment and taken to the front page of newspapers to justify and defend end-to-end app encryption and what is presented as unbreakable device encryption in the new generation of technologies. 

This has caused serious challenges for the court systems. Judges, many of whom lack technical understanding, are creating precedence for the circumstances under which devices should be unlocked in criminal investigations. Even with a court order, if a suspect is unable or unwilling to comply, the device manufacturers have plausible deniability to servicing the court’s will.  

Some digital forensics firms who exploit weaknesses in operating systems to unlock devices have profited in the short term amid this disorder. They are charging exorbitant prices to unlock encrypted phones, while providing a limited line of sight into their techniques. This has put law enforcement in a precarious position of having to decide when to use such services and leaving them unable to explain the techniques should questions be raised by defense counsel in court.  

This is not a sustainable approach on any side of the privacy and security debate. It’s important to consider that it is still early in the digital age. As more and more people learn about or become affected by crimes with digital evidence associated, public opinion will shift, and all parties will be forced to rethink their positions.  

Fundamentally, democratic societies cede reasonable amounts of personal privacy in exchange for societal security. The right balance is highly dependent on the current state of affairs. Without meaningful dialogue between all vested interests, society will never begin to find that balance. This conversation cannot be a one-time dialogue; it will require frequent communication and trust to be built by all parties. In addition, it will require the parties to work collaboratively with lawmakers to reshape the legislation surrounding evidence so that that laws can reflect matters such as encryption and other technologies such as the dark web and cryptocurrencies that were not conceived of when such legislation was originally drafted. 

Digital forensics firms, who share a commitment to upholding the rule of law and seeking justice, have an important role in these dialogues alongside law enforcement, privacy advocates, and the large technology platform companies. They can work alongside the technology platform companies to develop the next generation of tools used by law enforcement to recover critical evidence, when they have appropriate authorities, while preserving user privacy under the majority of other circumstances.  

Technological innovation, at its best, improves people’s lives while preserving societies’ fundamental values. If law enforcement is to truly comes out of the dark, the digital transformation of law enforcement agencies is a meaningful step. However, in order to sustain these efforts, creating the opportunities in which all vested interests contribute to technological and public policy development in the realm of digital evidence is equally important in the long term.  


1Statista Inc., “Number of Apps Available in Leading App Stores as of March 2017.”

2Arjun Kharpal, “All you need to know about the top 5 cryptocurrencies,” CNBC, December 14, 2017.

3Gartner, “Gartner Says 8.4 Billion Connected ‘Things’ Will Be in Use in 2017, Up 31 Percent From 2016,” press release, February 7, 2017.

4Metropolitan Police, ONE MET: Digital Policing Strategy 20172020 (London, UK, 2017), 7.

5Metropolitan Police, ONE MET: Digital Policing Strategy, 7.