Case for the cloud

There is no doubt that policing today is significantly different from 20 years ago. Today, lack of public support, reduced staffing and increased scrutiny of use-of-force incidents have slowed the investigation process.

Simultaneously, criminal suspects are embracing advances in technology to commit and hide their illicit acts, making it much harder for law enforcement to gather evidence.

Many agencies did not even have a website when I started law enforcement in 2001. Our mobile data terminals looked like the monochrome mainframes of decades past, and our biometric capabilities consisted of rolled, ink fingerprints. Today’s technological advances in law enforcement provide roadside fingerprint identity verification, rapid DNA identification and city-wide gunshot detecting sensor grids.

While procedures in policing have advanced regarding the management of physical evidence, initiating Standard Operating Procedures (SOPs) for managing digital evidence varies widely among agencies, even though evidence lawfully collected from digital sources has become a driving force in almost every investigation. Law enforcement agencies need innovative solutions to keep up with tech-savvy criminals, but the world around them is not making it easy for them to do this.

There are three key components to this current reality affecting law enforcement’s ability to serve its community effectively and efficiently. Here is how they break down:

1. Increased case backlogs

Staffing shortages and budget cuts have made it difficult for law enforcement to stay on top of investigations. The pandemic has also affected staffing with many detectives being reassigned to back-fill vacant patrol positions. This leaves the few remaining investigators faced with the unenviable choice of which cases to investigate and which to close. This lack of manpower has led to massive case backlogs and a frustrated public. But the issue in case backlogs does not stop at the detective level. Digital forensic units are also feeling the squeeze.

Caseloads for digital forensic units vary depending on the proportion of digital evidence per case, device size and dataset to sift through. But it is safe to say that this proportion is only going one way – and that is up. Once all the data is acquired and analysed, digital forensic units will painstakingly put the digital evidence onto a storage device and place it into physical evidence.

Therefore, before the investigators can even start their analysis, many must drive to the point of examination, retrieve the digital and physical evidence, drive back to the office, create a working copy, and then submit proof of storage. This five-step physical retrieval process for digital evidence in today’s digitally advanced world is unnecessarily inefficient and risks compromising the digital chain of evidence.

2. Outdated retention and operational policies

While technology and the laws surrounding it are changing rapidly, these advancements in technology are rarely updated in policy. Outdated policies can leave investigators open to chain-of-custody claims by defence lawyers or lead to possible civil rules-of-evidence violations against the police department. Nothing we did in the investigation matters if the evidence is deemed inadmissible.

Digital evidence retention is no different than its physical evidence counterpart. Suppose digital evidence is used to prosecute a serious felony, homicide, or sexual assault. In that case, that evidence may need to be held for decades, but storage devices, such as CDs, DVDs and thumb drives, cannot physically guarantee safe storage and accessibility of evidence for this long. Devices can become corrupted, unreadable, or break, and many manufacturers specify untenable maintenance to keep the stored data accessible. We must understand that digital evidence is now as equally important as murder weapons.

3. Police work is teamwork

Because criminal activity transcends political boundaries, many will commit crimes in multiple jurisdictions. As a result, it is now common to see multiple agencies working together on the same case or as a multi-jurisdictional task force.

Even within a single agency, investigators work with many divisions, including other investigative units, patrol, crime labs, crime scene technicians, evidence and prosecutors.

Timely and efficient collaboration is key to a successful criminal investigation.

An unsustainable situation

Combining these three trends to form the bigger picture makes the conclusion undeniable.

Continuing with business as usual is not an option. Law enforcement leaders know that the future of efficient and effective policing relies heavily on inter- and intra-agency collaboration. The only way to do this successfully is to take a page out of the private sector’s playbook and, in doing so, start utilising cloud-based solutions.

Private sector innovation leads the way for public sector success

Many private sector companies have mastered collaboration and project management out of necessity because their employees, vendors and clients are worldwide.

Law enforcement can use the best practices and tools from the private sector to become more effective within their investigative workflow. SaaS (software as a service)-based solutions provide the quickest and easiest ways to collaborate and manage projects, regardless of location.

There is no crime today that does not include some type of digital evidence

Advances in computer networking, more reliable storage and faster processing have made cloud-based solutions the preferred method for companies and many government agencies. A SaaS-based solution for managing your investigations means evidence can be accessed securely anywhere, anytime, and on any computer. The vendor is the one to push out updates, maintain the software and keep the systems secure so that the agency can focus on what matters – criminal investigations.

Investigative DEMS (digital evidence management systems) span the entire investigation but are rare in our industry. They enable strong collaboration by streamlining investigator and lab processes from the beginning of the investigative workflow, and allow evidence to be submitted, assigned, tracked and reviewed all from a browser. The lead investigative agency can upload and analyse the digital evidence, then instantly share it with those involved in the investigation with just a few clicks of a mouse. These efficiencies ultimately help reduce investigator case backlogs and increase case resolution.

Addressing command staff’s concerns

Cloud-based solutions are now widely accepted as the safest and most secure ways to store data – especially when you consider the risks of the current physical storage methods – and this is why many agencies are switching.

The vendor handles the security patches and penetration testing to monitor weaknesses and potential threats. Many vendors even have dedicated network and security operators who perform continuous testing.

Choosing a provider

Security is paramount for those seeking cloud-based solutions, which is why it is critical to identify industry-leading providers with a proven track record in the law enforcement arena.

You will undoubtedly look for solutions that utilise data encryption and multi-factor authentication to ensure evidentiary integrity. Compliance frameworks, including ISO 27001 and SOC2, help ensure a particular solution (and its vendor) have proven their mettle.

Looking deeper, be sure your provider understands the threat landscape and is equipped to respond and manage security incidents. Ask questions about ‘tenant’ segregation, isolation and web security monitoring capabilities.

Finally, determine where your data is stored, any regulatory implications concerning that location, and how you can retrieve it totally if necessary.

While doing so, remember that all cloud hosting is not the same. Amazon Web Services (AWS), for example, offers GovCloud for added security and adherence to compliance frameworks for both private and public sectors.

Conclusion

The amount of digital evidence is increasing, technology will continue to advance, and retention policies are getting stricter and more extended. Furthermore, there is no crime today that does not include some type of digital evidence.

Police agency leaders need to act now. Using outdated technology such as USBs or CDs to store digital evidence in a physical way, instead of digitally in the cloud, can only put your agency at risk.

Ryan Parthemore joined Cellebrite as a SaaS ‘evangelist’ following his extended tenure within law enforcement. A veteran in the industry, he has more than 20 years’ experience as a patrol officer, detective and technical lead in a government digital forensics laboratory. During his time in law enforcement, he completed 559 hours of training in digital forensics, performed thousands of digital forensics examinations, represented his unit through ANAB ISO 17025 accreditation, and testified as an expert witness in state and federal court. He moved to Cellebrite to utilise his expertise to help others in law enforcement find more effective ways to resolve cases.