Law enforcement in general and the FBI in particular have been talking about the “going dark” problem caused by encryption on phones. Except, maybe, that isn’t the biggest problem that law enforcement is facing.
The Center for Strategic and International Studies earlier this year released a study based on interviews with law enforcement from across the country. What did they discover?
- A quarter of the people said that they had a lack of guidance from tech companies and convincing them to turn over data.
- Law enforcement officers said that they received barely any training in digital evidence. Local police received an average of 10 hours of training a year (about one day). State police received 13 hours and federal law enforcement received 16 hours a year. Only 16 percent of the cops said that they received training more than once a year. It seems to be a tad of a problem. If you ask people to deal with digital evidence and then you don’t train them, do you really think they will be able to do their job?
- 19 percent said that not being able to access data on a device was their biggest issue. That is only 1 out of 5 law enforcement professionals who think that is the biggest problem.
- 30 percent said their biggest issue what not knowing which company had the data that they needed for their investigation. Much of that data is not encrypted or the service providers have the encryption keys.
- The National Domestic Communications Assistance Center (NDCAC) is charged with assisting state and local law enforcement. They have a whopping $11 million budget. To cover the entire nation. For a whole year.
We saw that with the San Bernardino killer iPhone situation. The FBI went all crazy on Apple, but Apple said that they never reached out to them for help until the made enough mistakes that Apple couldn’t help them. Apple said that if they had contacted them sooner and if they had not shut down the WiFi in the killers’ apartment, they would have been able to retrieve the data.
That doesn’t mean that encryption doesn’t present problems, but if you only give cops 10 to 16 hours of training a year and only give the one organization that is supposed to help them a budget of $11 million you can’t really expect very good outcomes. And you don’t get them.
Try the simple stuff first. After that’s handled we can talk about inserting backdoors. IF we even need to.
Mitch Tanenbaum is partner and technical director at CyberCecurity, a full-service cyber risk consulting service provider. Read more CyberCecurity blogs here.
