New Report on Police Digital Forensics Techniques

According to a new CSIS report, "going dark" is not the most pressing problem facing law enforcement in the age of digital data:

Over the past year, we conducted a series of interviews with federal, state, and local law enforcement officials, attorneys, service providers, and civil society groups. We also commissioned a survey of law enforcement officers from across the country to better understand the full range of difficulties they are facing in accessing and using digital evidence in their cases. Survey results indicate that accessing data from service providers -- much of which is not encrypted -- is the biggest problem that law enforcement currently faces in leveraging digital evidence.

This is a problem that has not received adequate attention or resources to date. An array of federal and state training centers, crime labs, and other efforts have arisen to help fill the gaps, but they are able to fill only a fraction of the need. And there is no central entity responsible for monitoring these efforts, taking stock of the demand, and providing the assistance needed. The key federal entity with an explicit mission to assist state and local law enforcement with their digital evidence needs­ -- the National Domestic Communications Assistance Center (NDCAC)­has a budget of $11.4 million, spread among several different programs designed to distribute knowledge about service providers' poli­cies and products, develop and share technical tools, and train law enforcement on new services and tech­nologies, among other initiatives.

From a news article:

In addition to bemoaning the lack of guidance and help from tech companies -- a quarter of survey respondents said their top issue was convincing companies to hand over suspects' data -- law enforcement officials also reported receiving barely any digital evidence training. Local police said they'd received only 10 hours of training in the past 12 months; state police received 13 and federal officials received 16. A plurality of respondents said they only received annual training. Only 16 percent said their organizations scheduled training sessions at least twice per year.

This is a point that Susan Landau has repeatedly made, and also one I make in my new book. The FBI needs technical expertise, not backdoors.

Here's the report.

Posted on July 27, 2018 at 12:10 PM • 30 Comments

Comments

justinacolmenaJuly 27, 2018 12:49 PM

"Going dark" is nothing but a Nazi white supremacist racial concern. Like the "white hats" vs. the "black hats."

Their main fear is that their skin will somehow darken if they shake hands with an African-American.

Matt from CTJuly 27, 2018 1:29 PM

I'd say most corporations can't manage the metadata they have properly for their own corporate purposes, never mind helping outside agencies do it.

echoJuly 27, 2018 1:52 PM

Going dark and lack of expertise? This is UK cops on women's issues. I remember when police used to write down in evidential documents "manual input device" instead of "mouse. It took a few years but even judges began to mutter the equivalent of "You are not helping" to the cops. The big thing now with the police, at least up to the political searchlight and media movied on, was intersectionality (a.k.a multiple factors), and better training to keep up with "more sophisticated criminals" and direct recruitment of graduates to senior ranks. Plus what everybody else said.

de la BoetieJuly 27, 2018 2:18 PM

In the UK, there have been some widely publicised cases during the last year where prosecutions have collapsed at the last minute due to failures in the prosecutor's disclosure of digital evidence to the defence (e.g. Liam Allen's case). Very troubling.

The issues - amongst other things - appears to be excessive case-load and difficulty in assessing the humongous amount of digital evidence there is (plus a reluctance to share all the data with the defence). Also likely that training is an issue.

What it is NOT is a dearth of digital evidence, the opposite. But this is always the problem with mass surveillance.

mrfoxJuly 27, 2018 2:31 PM

...survey respondents said their top issue was convincing companies to hand over suspects' data...

Good. This is supposed to be difficult!

vas pupJuly 27, 2018 2:42 PM

@mrfox: Right!
Data for criminal intelligence and for criminal prosecution are two different animals. Obtaining and usage is not the same.

justinacolmenaJuly 27, 2018 2:44 PM

Now don't mistake me for a "nigger-lover" or anything: I've been called much worse. No. It's just that we're downtown Baltimore with The Ravens and NSA at Fort Meade freaking out about "going dark." It's just not a nice situation. It's like some guy can't even talk on the phone with his girlfriend down there without a "friendly rival" employed by the NSA making eyes at her and intervening at the local courthouse.

vas pupJuly 27, 2018 3:13 PM

Google executive warns of face ID bias

https://www.bbc.com/news/technology-44977366

Facial recognition technology does not yet have "the diversity it needs” and has “inherent biases”, a top Google executive has warned.

The remarks, from the firm’s director of cloud computing, Diane Greene, came after rival Amazon’s software wrongly identified 28 members of Congress, disproportionately people of colour, as police suspects.

"Google’s image recognition software has been offensively inaccurate in the past. In 2015, it identified a black couple as being “gorillas”. The firm apologised.

Two members of Congress have written to Amazon chief executive Jeff Bezos to talk about the alleged issue with his company’s system.

Speaking of facial recognition more widely, the ACLU said: "Congress should enact a federal moratorium on law enforcement use of this technology until there can be a full debate on what - if any - uses should be permitted."

gordoJuly 27, 2018 3:22 PM

Given the size of intelligence agency budgets, reported failings, such as they are, and lack of resources and training like those called out in this thread's subject post, a reconsideration of budget priorities is not unreasonable.

---

Lawmakers renew call for end to 'black budget' secrecy
By Katie Bo Williams - 03/23/18

In 2013, the former NSA contractor Edward Snowden provided detailed figures on that year’s budget to The Washington Post, revealing a dominant $14.7 billion in CIA funding — an increase of over 50 percent between 2004 and 2013 — and $10.8 billion in NSA funding.

http://thehill.com/policy/national-security/379986-lawmakers-renew-call-for-end-to-black-budget-secrecy

https://fas.org/blogs/secrecy/2013/08/intelbud-wapo/

---

NSA Hasn’t Implemented Post-Snowden Security Fixes, Audit Finds
By Joseph Marks July 26, 2018
The spy agency also fell short on numerous information security requirements, according to its first public audit overview.

The nation’s cyber spy agency is suffering from substantial cyber vulnerabilities, according to a first-of-its-kind unclassified audit overview from the agency’s inspector general released Wednesday.


Those vulnerabilities include computer system security plans that are inaccurate or incomplete, removable media that aren’t properly scanned for viruses, and an inadequate process for tracking the job duties of National Security Agency cyber defenders to ensure they’re qualified for the highest-level work they do, according to the overview.

Perhaps most striking, the agency has not properly implemented “two-person access controls” on its data centers and equipment rooms.

https://www.nextgov.com/cybersecurity/2018/07/nsa-hasnt-implemented-post-snowden-security-fixes-audit-finds/150067/

Bob Dylan's Belly Button Lint July 27, 2018 3:39 PM

@Bruce writes, "The FBI needs technical expertise, not backdoors.'

This is a false dichotomy. It is entirely possible that the FBI needs BOTH while I am sure there are some on this forum who wish that the FBI had NEITHER.

The fundamental problems with expertise is that (a) it is expensive to create (b) it does not scale well. Ask anyone who has tried to recruit experts for trial testimony. So while there is a logical case that the FBI probably does need more expertise (really, which government agency doesn't?) it seems to me a fantasy of a certain kind of person to believe that an increase in expertise alone will ever satisfy the FBI either as a practical matter or as a matter of first philosophy.

justina.colmenaJuly 27, 2018 4:05 PM

@vas pup

Speaking of facial recognition more widely, the ACLU said: "Congress should enact a federal moratorium on law enforcement use of this technology until there can be a full debate on what - if any - uses should be permitted."

The software code is proprietary. The problem is that they just don't care what ACLU or Congress "mandates" that they should or shouldn't do.

Anyone can write software code to crawl and index the web, or private security camera footage. Some of that software code is going to perform facial recognition, and use the results for malicious purposes against certain targeted individuals.

The cat is out of the bag, and there is no going back. Brave New World, by Aldous Huxley. Even worse than 1984, especially because of the pernicious tendency of such technology to be used viciously in the service of a red-light district.

gordoJuly 27, 2018 4:39 PM

@ Bob Dylan's Belly Button Lint,

it seems to me a fantasy of a certain kind of person to believe that an increase in expertise alone will ever satisfy the FBI either as a practical matter or as a matter of first philosophy.

While I can't really disagree with that, are the FBI's policy makers technical experts? As well, a lack of technical expertise leads to other problems...

---

Most lawyers don’t understand cryptography. So why do they dominate tech policy debates?
By Henry Farrell March 15 2018

The bias toward lawyers reflects a more general problem in the U.S. government. Lawyers dominate debates over privacy and technology policy, and people who have a deep understanding of the technological questions surrounding complex questions, such as cryptography, are often shut out of the argument.

https://www.washingtonpost.com/news/monkey-cage/wp/2018/03/15/most-lawyers-dont-understand-cryptography-so-why-do-they-dominate-tech-policy-debates/

---

New Report Says The Feds' Focus On Device Encryption Is Holding Local Law Enforcement Back
from the get-what-you-can-instead-of-dreaming-about-an-all-access-pass dept
by Tim Cushing Jul 26th 2018

This lack of education and overall uncertainty is leading to unfortunate results -- both in terms of targeted citizens and the law enforcement agencies hoping to hold onto whatever evidence they may obtain. Overbroad warrants are routine and it's not always the result of a "collect it all" philosophy.

https://www.techdirt.com/articles/20180725/15464940310/new-report-says-feds-focus-device-encryption-is-holding-local-law-enforcement-back.shtml

65535July 27, 2018 5:34 PM

@ gordo

“Lawmakers renew call for end to 'black budget' secrecy”
“By Katie Bo Williams - 03/23/18”

I concur. There is probably a huge amount of waste in the NSA’s 55+ billion USD budget.

Clive RobinsonJuly 27, 2018 9:19 PM

@ Bruce,

The FBI needs technical expertise, not backdoors

Not so much as they do to ensure they are not throwing out traditional skill sets that are known to work.

There is some kind of cyber-myth developing that fighting crime can now be done exclusively whilst polishing an office chair with the seat of the trousers, not with shoe leather on pavements. But only if those pants polishers are also Cyber-geniuses...

Thus LEO's are in practice "de-skilling" in fear of the "C-word".

By far the majority of Cyber-Crime is "old wine in new bottles". That is criminals have taken existing "physical world" crimes and are now using them more or less "as is" in the "information world".

What does not appear to have got through to LEO's is that the old "physical world" methods of solving these crimes still applies. In quite a few cases more so than traditional crime --as many "cyber-criminals" are not realy criminals-- the perpetrators do not know how, not just to monetize the proceeds of their crime effectively but worse still have no idea how to hide the money/lifestyle changes when they do get some benifit from their crimes...

Thus to catch cyber-criminals you do not have to be smarter than them at their strengths, just smarter than them at their weaknesses. A point LEO's and those who hold their purse strings should get to understand.

Thus the real meaning of "going dark" is at best "going stupid" but most likely a made up bureaucratic way of sayin "Give me a bigger Empire"...

65535July 27, 2018 11:57 PM

@ gordo

“That figure certainly needs to be NIP'd in the bud.”

Yes.

I should have said the Intelligence Community black budget of 55 billion USD probably has a lot off waste.

Sure, not all of it goes to the NSA but I would guess the NSA does control a huge amount of that 55 billion dollars [they are at the top of the pyramid and feed information to all the other IC groups or even spy on said agencies].

Your cartoon is humorous. And, yes the NSA is entrenched so deeply in the IC area it will take a whole lot of nipping to reduce their control. It will not be easy to nip them in the bud. I say start with a budget reduction of 25 to 30 percent and go from there.

WeatherJuly 28, 2018 12:04 AM

@justina I would not call 419 intelligent, but I would call India or Pakistan, and isopse they are darker
Stop playing the race card, some people have internal thought,
yes you are trolling it doesn't add up

Denton ScratchJuly 28, 2018 3:05 AM

"A plurality of respondents said they only received annual training. "

Plurality: the fact or state of being plural (other definitions concern voting systems).

So we're talking about more than one respondent. Gosh. Also, "only annual training"? How often do these two respondents expect to be trained?

echoJuly 28, 2018 6:13 AM

@Clive

This is the state sector (and too many private organisations) all over. Without giving a page of backstory one item I wanted was to discuss some issues with a police criminologist. I never got this far through the scrum of uniformed meat and instititional stupidity. The issues I wanted to discuss is a bit technical and a few steps away from the kind of security discussed on this blog but basically I have my doubts about how some cases are pursued and feel that lack of technical understanding means a lot of professional/white collar crime, especially in the realm of gross medical negligence and fraud, doesn't get the attention it deserves.

I also have my doubts about how sell sex trafficking is being prosecuted. Too much focus is online and on trade controls and not enough focus is on investigating low level pressures and the mob. Too often this results in women being criminalised and, I know, from what I have been told misuse of police powers to get women to shut up or criminalise women's behaviour especially where mob activity is behind this or resistance to police abuse occurs.

gordoJuly 28, 2018 8:10 AM

@ 65535,

And, yes the NSA is entrenched so deeply in the IC area it will take a whole lot of nipping to reduce their control(s).

Not to mention an organization seemingly at cross-purposes[1], the problem also seems to be NSA's "non-compliance with applicable requirements"[2], indicating a lack of control(s) on their part.

[1]
https://www.schneier.com/blog/archives/2016/02/nsa_reorganizin.html

[2] https://www.oversight.gov/sites/default/files/oig-sa-reports/OIG%20UNCLASS%20SAR%20OCT-MAR%202018.pdf#page=4

gordoJuly 28, 2018 8:28 AM

@ 65535,

My apologies - I misquoted you above: You used the word *control* and I mistakenly typed *control(s)*.

vas pupJuly 28, 2018 11:10 AM

@all: Let me be devil advocate for LEOs:
- they are blood and flesh out of the society - they are not coming out of the UFO or/and Moon and they are mapping all problem in society as well: when violence is the first and often only solution for social problems inside the country and in foreign relations that culture propagate to LEOs as well;
- they are also human being with all emotional, mental and other problems as the other folks - meaning when they overreact the trigger should be very strong (unlawful violent behavior e.g. towards disable, children, elderly, LEO or police property);
- the culture within LEAs: blue wall, kind of Templar mentality (close society of initiated), like 'we' against 'them'(all others not only criminals).
CONCLUSION: they are product of on-duty daily combined experiments of Milgram (obedience to authority) and Zimbardo (role behavior). If you take different pickles in vinegar for a month, the all become the same.


JackJuly 29, 2018 4:02 AM

..convincing companies to hand over...."
Get a effing WARRANT, you despicable gestapo-goons !

HermanJuly 29, 2018 8:50 AM

Garbage in, garbage out.

Data and information is not the same thing.

Any two bit computer scientist knows this, but the FBI, CIA and NSA apparently don't.

Deckard CainJuly 29, 2018 12:23 PM

"Any two bit computer scientist knows this, but the FBI, CIA and NSA apparently don't."

What they know is that their mission mandate is to gather all and sift for useful info.

Not everything they collect is useful, that's true.

PeaceHeadJuly 31, 2018 11:17 AM

There is so much "white-collar" crime these days at every level of American life, and of course within and between other nations that it doesn't surprise me if those same criminal organizations aren't willing to share info with law enforcement.

And in addition to that, there are quasi-covert organizations that have their own cultures, languages, cities, businesses and territories (and possibly biologies). They are doing much of their own things and are also NOT UNANIMOUS and NOT MEGALITHIC.

I'm for giving the non-corrupt aspects of law enforcement whatever they need to save the maximum quantity of lives using the least disruptive means.

Damn traditionalism to hell if it's undermining our safety and chances for survival.

Don't even use the "b-word". It's a tool to sabotage meaningful conversation.
Stick to technical descriptions based upon functionality, and the infophobes/dataphobes and infosaboteurs/datasaboteurs won't have as much to cling to.

If any of you are in law enforcement, STAY SOBER!!!!!
Sobriety is freedom.
Keep in mind, that NAZI's were dabbling with manufacturing methamphetamines!!
Do we really need our entire civilization going braindead and stupid and unable to teach nor defend nor cure? HELL NO!!!

This is a good time of the century for vigilance.
I agree that law enforcement could benefit from increased education on both technical and non-lethal approaches to self-defense and apprehending criminals and suspects.

We don't need to turn into Israel.
And if you're from Israel, please do not be offended.
Police states have a tendency to never fully experience peacefulness.
So I am skeptical of police state mandatory civic militaries.
Shalom=Selam.

May Peacefulness Prevail Within All Realms of Existence.
Peaceful Coexistence is the Unalienable Entitlement of All Sentient Beings.

P.S.=I will probably only say this once in print: The Donald Trump Phenomenon is likely an outgrowth of a deep dark Black Operation.

Peace be to all Iranians who want peace.
Peace be to all Koreans who want peace.
Peace be to all Ukranians who want peace.
Peace be to all Russians who want peace.
Peace be to all Americans who want peace.

Peace flourishes where sanity is not outlawed.
And that is actually a security-related sociological issue.

Keep up The Dialogue.
Thanks for communication.
When communication itself dies, so does the world.
We need as many backchannels as possible, to prevent calamities.

Keep up cryptostego.
Keep up survivalism.
Keep up science and logic and reasoning.
Keep up safety systemologies.
Keep up whistleblowers.

Don't give up hope.
Hope is the fuel for accomplishments.
You are not forgotten.

user12066July 31, 2018 1:53 PM

Survey results indicate that accessing data from service providers -- much of which is not encrypted -- is the biggest problem that law enforcement currently faces in leveraging digital evidence

So law enforcement is having problems with the 4th amendment? This isn't new and is actually a feature, not a bug.

I'm pretty sure that back in the 1800s, law enforcement also had difficulty with safes. We didn't discard the 4th amendment then and we shouldn't do it now.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.