By Terry Sult, Chief of Police, Hampton, Virginia, Police Division
he threat to critical police data in today’s world is real and growing at an exponential rate as agencies become more dependent upon digital technology for day-to-day operations. In addition, cybercrime is no longer isolated to financial institutions. Today’s burglars are using social media and the Internet to fence stolen goods. They use smartphone technology to help evade detection by police, while simultaneously creating digital evidence of their crimes. Incriminating information that used to be found in a written format is now digitized on microchips. Police agencies are historically very slow to develop the operational capabilities to meet new demands, and now technology changes those demands almost daily.
With many agencies facing economic cutbacks, just keeping officers on the street can be a struggle. Thus many agencies simply choose to ignore the ever-evolving world of digital evidence and cyber-related crime except in very narrow circumstances such as high-profile cases where external agency relationships can be leveraged for assistance. The routine cases are most often left to traditional analog investigative methods, which are quickly becoming outdated.
Basic evidence identification, collection, and analysis are core components of almost every investigation. The increase in the development of new digital technologies has complicated what was once the analog investigative world. Now evidence takes many digital forms and is contained in an infinite number of devices that are becoming smaller or even stored in the virtual world of the “cloud.” Just recognizing where digital evidence may be located now requires special training, and additional expertise is required to properly collect, analyze, and store digital evidence once it has been identified.
The training required to appropriately recognize, collect, and forensically analyze digital evidence is complex, very time consuming, and expensive. The constant development of new technology requires frequent equipment updates, which adds to the expense of equipping an agency for digital forensic examinations. Officers are trained, only to be lost to the private sector for higher salaries or promoted and transferred within the agency to where their expensively developed skills are no longer utilized. Typically, police agencies are in a constant struggle to develop and then maintain internal expertise to meet the challenges of the digital evidence world.
Social media also has complicated the investigative environment and must be considered as another potential source of digital-based evidence. Communication in today’s digital world takes varied forms. Landline phones, pagers, and even cellular phones are either obsolete or quickly becoming so. Now data mining digital evidence takes on a new level of complexity.
Gangs are using social media to communicate, stolen goods are now being sold through social media, witnesses are “tweeting” in real time at crime scenes, and frequently, actual crimes are recorded live and posted to social websites. Social circles that used to take weeks of investigative time can be quickly identified now, but are no longer restricted by geography, thus requiring more time to validate. The sheer volume of data available through the digital world creates its own challenges. Therefore, agencies now must consider how to institutionalize social media analytical skill sets in addition to digital evidence identification, collection, and investigative analysis.
Cybersecurity: Protecting Law Enforcement Information
Today’s records management systems, including those used by law enforcement, are nearly all computer-based digital files. The Next Generation 9-1-1 Systems are Internet Protocol based and allow for text messaging and the sharing of photographs, and video from citizens to call centers. Computer-aided dispatch systems are also a type of digital technology. In this ever-changing world, securing law enforcement information requires much more than just physical security. Police executives must begin to take cybersecurity very seriously and recognize the potential threat to public safety service delivery.
By now most police executives have heard the stories of agencies being targeted by computer hackers. In some cases, sensitive information about law enforcement operations, officers’ personal information, and even detailed information on officers’ families have been stolen from the police agencies’ digital files and then released to the public. As serious as these incidents are, just imagine if an agency’s computer systems were hacked and individual criminal records were edited, added, or deleted. The agency’s ability to depend upon their computer records being accurate for the purposes of developing reasonable suspicion or probable cause would become nonexistent.
Today many chiefs believe the threat of a cyber attack is quite serious; however, just as many admit that current policies, practices, and technology are not sufficient to minimize their agencies’ risk.1 Historically, the greatest threat to an agency’s computerized systems were disgruntled employees; however, in today’s cyberworld, one controversial arrest or incident can bring the attention of local, national, and international hackers to the jurisdiction with the shared mission to breech confidential files and exploit them as a form of punishment.
Police executives are encouraged to educate themselves as to how secure their departments are from cyber attacks. The following questions should be considered when evaluating a department’s cybersecurity:
- Who has access to computer systems to include email, confidential information, report management systems, informant files, and investigative files?
- Is it known exactly who has administrative rights to the computer systems?
- Is someone specifically tasked to remove computer access rights given to previous employees?
- Have vendors been granted access to an agency’s systems by administrators for the purpose of implementing new software or to troubleshoot existing software?
- Was that access removed when the contract work was completed?
- Does the organization utilize legacy operating systems that are no longer supported with security updates?
- Have all computer system security patches been kept up to date?
- Do secondary vendors have access to the system, and if so, have their computer systems security been vetted?
- Does the agency conduct independent cybersecurity audits of the agency’s computer systems that contain the agency’s most sensitive files?
- Does the agency have a digital data security policy, and are the guidelines tested?
Partnering with the Private Sector to Meet Cyber Challenges
The future will likely require law enforcement at all levels to establish value-added partnerships in both the private and public sectors to meet the challenges presented by digital evidence and cybersecurity. This is particularly true for smaller agencies without adequate resources to address the investigative and data security needs they face. Partnerships are a means to create the operational capacity required to address the digital-based evidence problems facing law enforcement today and into the future.
In October 2001, the U.S. Secret Service was mandated under H.R. 3162, the USA Patriot Act, to establish a nationwide network of Electronic Crimes Task Forces (ECTFs). Though the ECTF network is focused upon attacks to the nation’s financial and critical infrastructures, the task force model includes partnerships with prosecutors, private industry, and academia.2 It is through such partnerships that local law enforcement might learn. ECTFs, as well as other federal cyber-focused task force operations, are currently assisting local law enforcement on high-profile cases or those cases that meet federal thresholds, but still leave an operational gap for cases of less priority.
Embracing the potential of public-private partnerships (PPP) through contractual relationships can be a cost-effective method of providing consistent quality service delivery. The PPP model has proven vastly successful in Sandy Springs, Georgia, where everything but the police and fire department services are outsourced. This includes the 9-1-1 communications center and the courts.3 Local law enforcement has an opportunity to create PPPs to enhance their capacity to combat the digital evidence and cybersecurity challenges.
There are a number of companies that exist to evaluate cybersecurity threats, secure digital systems, and investigate digital-based crimes. Often these companies are the very competitors of local law enforcement that hire trained and experienced officers, leaving the local agency without their expertise. As such, many companies employ competent investigators with courtroom experience.
The private sector has the ability and resources to hire high-quality people, keep pace with ever-evolving technology, and institutionalize their expertise. The private sector can provide a higher technical skill level than many local agencies can ever reasonably expect to consistently maintain. Law enforcement agencies need only to quantify their investigative and cybersecurity needs so the service cost can be projected. Then services can easily be evaluated as to their viability for outsourcing through the PPP model. The combination of the exponential evolution of technology, the high cost of complex cyber training, and the lack of ability to retain personnel in the wake of private-sector competition will soon force new approaches to old methods of investigation in the new digital evidence-based world of crime and law enforcement. ♦
1 International Association of Chiefs of Police & Canadian Association of Chiefs of Police, “Law Enforcement Perceptions of Cyber Security,” LEIM 2013 (Scottsdale, Arizona: Academia Group, 2013): 7–8.
2 United States Secret Service, “Electronic Crimes Task Force,” http://www.secretservice.gov/ectf.shtml (accessed December 30, 2013).
3 David Segal, “A Georgia Town Takes the People’s Business Private,” Business Day, The New York Times, June 23, 2012, http://www.nytimes.com/2012/06/24/business/a-georgia-town-takes-the-peoples-business-private.html?pagewanted=all&_r=0 (accessed December 31, 2013).
Please cite as:
Terry Sult, “Facing the New World of Digital Evidence & Cybersecurity,” The Police Chief 81 (February 2014): 50–51.