4 Best Practices for Protecting Data Privacy
International Data Privacy Day (Data Protection Day in Europe) was launched in 2007 to heighten awareness of best practices for preserving privacy and protecting data. As we mark the occasion today, we’d like to raise awareness of just how law enforcement agencies continue to evolve amidst the rapidly changing digital landscape. In fact, many agencies are transforming the way they work, and are employing far more robust platforms to handle data management across the investigation workflow.
The key to the transformation of data management is Digital Intelligence (DI) – the data collected and preserved from digital sources (smartphones, computers, the Cloud, etc.) and the process by which agencies collect, review, analyze, manage, and obtain insights from this data to more efficiently run their investigations. Digital Intelligence has now become the driving force behind modern digital policing efforts.
Building Public Trust
The lack of understanding, however, regarding using critical data to keep communities safe has led to concerns about privacy infringement in some circles. By setting standards that clearly outline how technology is legally used in the context of investigations, and making citizens aware that safeguards are in place to protect privacy, law enforcement can do its job effectively and efficiently. The first step in gaining public trust is recognizing where the disconnect is happening.
1: Tackling The Privacy Challenge
As Policing 2025, a white paper from IDC and Cellebrite, makes clear, “As technology development continues to outpace the regulatory environment – artificial intelligence and facial recognition are good examples of this phenomenon – there are urgent calls from technology providers, privacy advocates, and police agencies alike to frame the appropriate legal, policy, and ethical environments to proactively and thoughtfully guide technology deployment.”
Techlash. Many view the advances in digital technology with great skepticism. To many, AI is a technological boogeyman – a black box destined to reveal everything to everyone. Machine learning is likewise seen as a tool that uses algorithms to advance decision-making which some feel may be inherently biased.
The IACP summit report titled “Going Dark,” paints a vivid picture of this problem: “New technologies and strategies developed to advance network security, however, can also prevent law enforcement and justice agencies from executing lawful court orders to investigate criminal or terrorist incidents, or to secure electronic evidence.
Due to nearly universal support for efforts to use strong encryption and other technologies to secure cell phones, email, text messages, and other online communications and transactions, recent initiatives by industry to develop and deploy encryption and sophisticated tools to protect the privacy of their customers have created impenetrable barriers to complying with lawful court orders to provide access to digital evidence.”
These issues raise important questions about the ethical and lawful use of Digital Intelligence and technology that must be answered.
To overcome these objections and restore community trust, law enforcement agencies need to have a rigid set of standard operating procedures in place that outline exactly how these advanced digital solutions are to be used during investigations. How is the data to be collected, managed, and stored? Most importantly, how will it remain secure so that personal privacy can be absolutely ensured?
2: Establishing Privacy Standards For Data
A recent article from F5 Labs summarizes why setting standards for Confidentiality, Integrity, and Availability (CIA) is key to keeping investigations within legal boundaries while also providing a roadmap for personal privacy. Here’s how these best practices work.
Promoting confidentiality is all about keeping data private. Just as credit card data is kept secret in the business world, data relating to investigations must also be sacrosanct. Law enforcement agencies can ensure this by only allowing authorized individuals to access specific data so that the right people see the right information at the right time during an investigation.
Anyone who is unauthorized should be prohibited from accessing the data. Confidentiality can be compromised, of course, either illicitly through cyberattacks aimed at gaining access or even accidentally through human error. This is why it is paramount for agencies to have strict countermeasures in place – such as stringent access controls, multi-word authentication protocols, and adequate training for all staff members involved in the digital investigative process – to ensure data is protected.
In the world of Digital Policing, “integrity” refers to data that has been lawfully collected, managed, and analyzed in such a way that the integrity of the data is always maintained. Protecting the digital chain of custody is of absolute necessity lest valuable data (evidence) be rendered inadmissible in court. It’s vital for law enforcement organizations to have strict protocols in place that document how the data was collected, who collected the data, where and how it was stored, and who had access to it.
All of this points to having SOPs like digital logs and e-signatures in place throughout the investigation’s workflow so that every step in the digital chain of custody can be audited.
Having systems up and running that allow authorized team members (that is, the right people) to have access to the right data when they need it is what “availability” is all about. Many issues, including system failures due to power outages, software failures, cyberattacks, and malware can make availability impossible. This is why preventive measures like backup systems and recovery solutions are so important.
Transparency is key. To regain public trust, citizens must be able to clearly understand that when law enforcement uses digital solutions to solve crimes, officers and investigators are following a strict set of guidelines and that agencies are being held to the highest ethical standards to ensure the safety of communities – without infringing on personal privacy.
3: Setting Privacy Guidelines
The Policing 2025 paper suggests that to guarantee privacy, policing solutions and workflow should be:
- Fair: Algorithmically fair using unbiased data
- Explainable: To many stakeholders
- Robust: Safe, secure, and private, with a human in the loop
- Traceable: Understand the provenance of training data sets and metadata
- Transparent: Reporting in action, communication of results, and auditable
Step 4: Partnering For The Future
While establishing standards to ensure data privacy is paramount, agency managers also need to look carefully at workflows and evaluate their strengths and weaknesses. Careful evaluation will help to formulate a game plan that takes existing infrastructure and previous investments into consideration while shoring up data security measures.
As a leader in Digital Intelligence solutions, Cellebrite experts can help agencies evaluate their systems at hand and recommend solutions that either supplement existing infrastructure or begin building toward a total solution for the future – all while maintaining the highest ethical standards for privacy protection.
Cellebrite’s platform provides agency managers with a complete end-to-end solution that allows those participating in the investigation workflow to collect, manage, review, and analyze data in a forensically sound manner that maximizes efficiency while ensuring data privacy and integrity is totally secure.
Law enforcement may be at a crossroads in terms of privacy and public trust. However, there is a way forward by putting standards in place that guarantee privacy while adopting more efficient platforms, technologies, and workflows that allow agencies to continue to keep communities safe.
To find out more about how Cellebrite solutions can help your organization protect data privacy, click here.
About the Author: Leeor Ben-Peretz leads Cellebrite’s strategy and corporate business development functions. He brings over 20 years of experience in the forensic, telecom, and software security markets, having served in key business development and product management-related positions at industry-leading companies such as Aladdin Knowledge Systems (NASDAQ: ALDN), Pelephone Communications, Comverse (NASDAQ: CMVT) and InfoGin. During his 12-year tenure with Cellebrite, Leeor has been instrumental in driving the evolution of the company’s offering from a single product to a rich portfolio of innovative products, solutions, and services. Mr. Ben-Peretz holds an Executive MBA degree from the Hebrew University of Jerusalem and a BA degree in business and economics from the Academic College of Tel-Aviv.