Today is International Data Privacy Day (Data Protection Day in Europe). This day was initiated in 2007 to raise awareness and promote best practices for preserving privacy and protecting data.

As law enforcement agencies continue to evolve amidst the rapidly changing digital landscape, many agencies are transforming the way they work and employing far more robust platforms to handle data management across the investigation workflow.

Digital Intelligence (DI) is the data collected and preserved from digital sources (smartphones, computers, the cloud, etc.) and the process by which agencies collect, review, analyze, manage and obtain insights from this data to more efficiently run their investigations. DI has now become the driving force behind modern digital policing investigative efforts.

Using Best Practices In Data Management & Security To Gain Public Trust

In utilizing high-tech solutions, however, law enforcement has opened the door to criticism from citizens. The lack of understanding by the general public regarding how critical data is used to keep their communities safe has led to individuals wondering if their privacy is being infringed upon.

Setting standards that clearly outline how technology is used in the context of investigations and making citizens aware that these safeguards are in place to protect their privacy, allows law enforcement to do their job more effectively and efficiently.  There are two ways agencies can begin to solve these problems. The first step is recognizing where the disconnect with the public is happening.

Step 1: Facing The Privacy Challenge

As Policing 2025, a recent white paper published by IDC and Cellebrite makes very clear, “As technology development continues to outpace the regulatory environment — artificial intelligence and facial recognition are good examples of this phenomenon — there are urgent calls from technology providers, privacy advocates, and police agencies alike to frame the appropriate legal, policy, and ethical environments to proactively and thoughtfully guide technology deployment.”

Techlash. Many view the advances in digital technology with great skepticism. To many, AI is a technological boogeyman—a black box destined to reveal everything about them to everyone. Machine learning is likewise seen as a tool that by using algorithms to advance decision-making, may be inherently biased.

The IACP summit report titled “Going Dark,” paints a vivid picture of this problem. “New technologies and strategies developed to advance network security, however, can also prevent law enforcement and justice agencies from executing lawful court orders to investigate criminal or terrorist incidents, or to secure electronic evidence.

Due to nearly universal support for efforts to use strong encryption and other technologies to secure cell phones, email, text messages, and other online communications and transactions, recent initiatives by industry to develop and deploy encryption and sophisticated tools to protect the privacy of their customers have created barriers to complying with lawful court orders to provide access to digital evidence.”

These issues raise important questions about the ethical and lawful use of Digital Intelligence and technology that must be answered.

To overcome these objections and restore community trust, law enforcement agencies need to have a rigid set of standard operating procedures in place that outline exactly how these advanced digital solutions are to be used during investigations. How is the data to be collected, managed, stored? Most importantly, how will it remain secure so that personal privacy can be absolutely ensured?

Step 2: Setting Standards For Data Privacy And Security In Digital Policing

A recent article from F5 Labs summarizes why setting standards for Confidentiality, Integrity, and Availability (CIA) is key to keeping investigations within legal boundaries while also providing a roadmap to ensuring personal privacy. Here’s how these best practices work.

Confidentiality

Promoting confidentiality is all about keeping data private. Just as credit card information is kept secret in the business world, data relating to investigations must also be sacrosanct. Law enforcement agencies can ensure this by only allowing authorized individuals to access specific data so that the right people see the right information at the right time during an investigation.

Anyone who is unauthorized should be prohibited from accessing the data. Confidentiality can be compromised, of course, either illicitly through cyberattacks aimed at gaining access or even accidentally through human error. Therefore it is paramount for agencies to have strict countermeasures in place (stringent access controls, multi-word authentication protocols, and adequate training for all staff members involved in the digital investigative process) to ensure data is protected.

Integrity

In the world of Digital Policing, “integrity” refers to data that has been lawfully collected, managed, and analyzed in such a way that the integrity of the data is always maintained. Protecting the digital chain of custody is of absolute necessity lest valuable data (evidence) be rendered inadmissible in court. This is why it is vital for law enforcement organizations to have strict protocols in place that document how the data was collected, who collected the data, where and how it was stored, and who had access to it. 

All of this points to having SOPs like digital logs and e-signatures in place throughout the investigation’s workflow so that every step in the digital chain of custody can be audited.

Availability

Having systems up and running that allow authorized team members to have access to the right data when they need it is what “availability” is all about. Many things, including system failures due to power outages, software failures, cyberattacks, and malware can make availability impossible. Therefore preventive measures like backup systems and recovery solutions are so important.

Transparency is key. To regain public trust, citizens must be able to clearly understand that the use of digital solutions to solve crimes is following a strict set of guidelines and that agencies are being held to the highest ethical standards to ensure that the safety of communities is being protected without infringing on personal privacy.

Step 3: Establishing Privacy Guidelines

The Policing 2025 paper suggests that to guarantee privacy, policing solutions and workflow should be:

  • Fair: Algorithmically fair using unbiased data

  • Explainable: To many stakeholders

  • Robust: Safe, secure, and private, with a human in the loop

  • Traceable: Understand the provenance of training data sets and metadata

  • Transparent: Reporting in action, communication of results, and auditable

Step 4: Partnering For The Future

While getting standards in place to ensure data privacy is paramount, agency managers also need to take a hard look at their workflows and evaluate where their strengths and weaknesses are. Careful evaluation will help to formulate a game plan that takes existing infrastructure and previous investments into consideration while shoring up data security measures.

As the worldwide leader in Digital Intelligence solutions, Cellebrite experts can help agencies evaluate their systems at hand and recommend solutions that either supplement existing infrastructure or begin building toward a total solution for the future—all while keeping the highest ethical standards for privacy protection at the foundation of forward progress.

Cellebrite platforms provide agency managers with a complete end-to-end solution that allows those participating in the investigation workflow to collect, manage, review, and analyze data in a forensically sound manner that maximizes efficiency while ensuring data privacy and integrity is totally secure.

Yes, law enforcement stands at a crossroads, but there is a way forward by putting standards in place that guarantee privacy while adopting more efficient platforms, technologies, and workflows that allow agencies to continue to keep communities safe.

Learn more about how Cellebrite solutions can help your organization protect data privacy, here.

About the Author: Leeor Ben-Peretz leads Cellebrite’s strategy & corporate business development functions. He brings over 20 years of experience in the forensic, telecom, and software security markets, having served in key business development and product management-related positions at industry-leading companies such as Aladdin Knowledge Systems (NASDAQ: ALDN), Pelephone Communications, Comverse (NASDAQ: CMVT) and InfoGin.

During his 11-year tenure with Cellebrite, Leeor has been instrumental in driving the evolution of the company’s offering from a single product to a rich portfolio of innovative products, solutions, and services. Mr. Ben-Peretz holds an Executive MBA degree from the Hebrew University of Jerusalem and a BA degree in business and economics from the Academic College of Tel-Aviv.

Share this post