Major Drug Case Drives City of London to Invest in Digital Intelligence to Increase Investigation Speed and Efficiency
The Greater London area is a sprawling metropolis, with a population of more than 14 million. But the City of London itself is just 1.12 square miles with about 8,000 residents. Known as the “Square Mile,” the City sits alongside the River Thames. It is London’s primary central business district and a major financial center that’s home to the Bank of England and the London Stock Exchange.
Protecting the City’s residents, visitors, workers, and businesses is the City of London Police territorial police force whose jurisdiction includes London Bridge. The agency has seen its share of high-profile criminal acts since it was established in the 1830s. That includes the notorious Jack the Ripper murders in the late 19th century, the Irish Republican Army’s bombings in the City throughout the 30 years of civil unrest known as the “Troubles”, and the 7/7 Islamist suicide attacks in 2005.
Today, the City of London Police has more than 1,000 law enforcement officers and staff. It’s separate from the massive Metropolitan Police, aka Scotland Yard, which handles law enforcement in 32 London boroughs and protects the Palace of Westminster, Heathrow Airport, and much more. The City of London and the Metropolitan Police collaborate often, however, including on anti-knife crime and counterterrorism initiatives.
“You can imagine the significance of the Square Mile to those who wish to commit high-profile crimes against the United Kingdom as a nation,” says Paul Dainty, Forensic Manager for the City of London Police. “Our agency, alongside the Metropolitan Police, have a heightened level of security around counterterrorism and we’re briefed regularly by security and intelligence services MI5 and MI6 about the status of threat levels.”
The need to work faster and more efficiently to help protect and save lives and accelerate justice motivates the City of London Police in its ongoing efforts to transform digitally, according to Paul.
Paul says another ongoing focus for the City of London Police is the “high rate of general volume crime” that occurs within the Square Mile due largely to its many visitors — and the criminals who target them. The agency also leads nationally in investigating fraud and economic crime. For example, it works closely with the National Fraud Intelligence Bureau (NFIB) to run Action Fraud, the U.K.’s national reporting center for fraud and cybercrime.
The agency also operates a dedicated Police Intellectual Property Crime Unit (PIPCU), which works with brands and companies around the world to investigate and deter the counterfeit goods trade. PIPCU helps combat the digital piracy of streaming content, too. “The Motion Picture Association of America funds two members of staff who work within our team, and we work alongside them,” says Paul.
“I can say wholeheartedly that a digital strategy is key to a successful investigation.”
So, while the City of London Police may be small compared to Scotland Yard, its responsibilities are great, and given the types of serious crimes it investigates — including many that require the collection and preservation of data from an array of digital sources — the agency can’t afford to be slowed down by manually intensive processes and outdated technology tools.
Pressure to Move Fast, Be Present, and Manage Expectations
The department has long used Cellebrite tools to lawfully access and collect data from devices. But as the number of devices per investigation has increased, and with many devices now featuring sophisticated encryption, investigators’ need for advanced tools has grown exponentially, says Paul. This is why its Forensic Services Department recently adopted Cellebrite Premium — a solution that helps investigators access and collect Digital Intelligence faster from all iOS and high-end Android devices. With their standard toolset, they can complete an investigation in about 28 days. Overcoming access challenges sometimes requires support from external resources like Cellebrite Advanced Services (CAS).
“We have finite resources, and every request is urgent,” says Paul. “Quite a lot of my day is spent fielding inquiries about what we can and can’t do — and whether people should even submit casework to us — because we don’t have the time or capabilities.”
“Cellebrite Premium is a massive advance in capabilities for the department.”
Paul joined the City of London Police in 2010 as Head of Fingerprints and was promoted to his current role in 2015. As Forensic Manager, Paul reports to the Director of Forensic Services. The Forensic Services Department is comprised of five disciplines: Paul manages the Fingerprint Enhancement Laboratory, the Fingerprint Bureau, and the High-Tech Crime Unit (Digital Forensics Unit), and another manager oversees Crime Scene Investigation (CSI) and Collision Investigation.
Paul is a firm believer that law enforcement agencies need a digital investigation strategy. “I can say wholeheartedly that a digital strategy is key to a successful investigation,” he says. “About 99% of the time, the investigations that our High-Tech Crime Unit ends up with that are a mess, or that don’t go according to plan, end up that way because the digital strategy at the outset was poorly conceived.”
An additional pressure for the High-Tech Crime Unit, Paul says, is frequent requests for team members to go to crime scenes. “I would say that every week, we’re getting requests to provide on-scene assistance,” he explains. “I’m often taking phone calls from officers who’ve turned up at a crime scene with no digital strategy who suddenly found they were confronted with technology they don’t know what to do with. So, they call us.”
Paul adds, “However, consider that my team has only 11 digital forensic examiners right now to support a nationwide network, while also trying to execute warrants and do everything in-house. So, it’s a struggle to meet demands.”
A Lucky Turn That Could Easily Have Been a Miss
One of those urgent calls from the field actually helped to accelerate the decision by the City of London Police to find a way to equip its High-Tech Crime Unit with more advanced technology to access devices. The case involved a large cannabis farm operated by an organized crime group. Investigators executed a warrant to search the property but didn’t have a detailed digital investigation strategy going in — and that proved to be problematic, Paul says.
“When they entered the building, they found routers galore, cables running through ceilings, and digital devices here, there, and everywhere — many of them encrypted,” says Paul. “That’s when someone said, ‘Who has the number for the High-Tech Crime Unit?’”
The investigators applied Cellebrite access solutions to the only unencrypted mobile device found on the scene and, luckily, collected ample digital evidence to advance the investigation. “That unencrypted device we accessed was massively key, particularly in terms of messaging between suspects and timelines and identifying the chain of command,” says Paul.
He continues, “With Cellebrite, we were able to access the device and collect digital evidence from it quickly. While investigators were still examining the scene, we had already sent the report back to the investigative team for review. That quick intelligence let them say to the suspects, who weren’t cooperating, ‘Hey, we know Person A is the big boss.’”
Paul says the digital evidence collected by his team helped to send all but one suspect to prison, and those who are incarcerated are now serving multi-year sentences. But while this case had a positive outcome, Paul says the experience helped to underscore a significant gap in the investigation capabilities of the City of London Police. The agency lacked the ability to access encrypted Android devices quickly and efficiently — and without luck being on investigators’ side, the drug farm investigation could have stalled or fallen apart.
“With Cellebrite, we were able to access the device and collect digital evidence from it quickly. While investigators were still examining the scene, we had already sent the report back to the investigative team for review.”
The City of London Police had already been weighing options for helping the High-Tech Crime Unit improve its data collection and preservation methods. The core question was whether it would be more cost-effective over the long term to insource or outsource these capabilities. Paul says it became increasingly clear that enhancing in-house capabilities was the way to go if the High-Tech Crime Unit was going to address the ever-growing backlog of everyday cases that deserve investigation — but were deprioritized due to the team’s resource constraints.
Paul explains, “We have a lot of low-value or low-level crime that would benefit from digital evidence being collected, but we couldn’t justify the expense for investigating that type of crime. And that meant we were disproportionately failing to investigate or recover evidence for these cases because it just wasn’t financially viable.”
The City of London Police recognized this situation was worsening — and undermining the agency’s work to help protect and save lives. Paul says his team knew Cellebrite Premium was the solution they needed to have, not only because of their positive experience working with other Cellebrite tools but also from observing their counterparts in the Metropolitan Police using the advanced access solution. “We knew it would be effective for us, too,” says Paul.
An Opportunity To Use Illicit Gains for Good
To support the addition of Cellebrite Premium to its technology toolkit, the City of London Police secured funds under the Proceeds of Crime Act 2002 (POCA). The Act of U.K. Parliament allows departments to request the use of illicit gains from crimes to be reinvested in policing. Paul led the work on the POCA application, which took about a year to complete and navigate through approvals.
“Ultimately, I was able to justify the investment in Cellebrite Premium by demonstrating that the solution would represent a significant return in terms of value for money, as well as a massive increase in the capability for City of London policing,” he says.
“That unencrypted device we accessed was massively key, particularly in terms of messaging between suspects and timelines and identifying the chain of command.”
As of April 2021, the High-Tech Crime Unit was just starting to work with Cellebrite Premium — but Paul says they’re anticipating big changes now that the solution is in place. “We’re expecting a 75-100% increase in mobile phone submissions to the unit because it’s literally been a 100% suppressed demand,” he says. “Cellebrite Premium is a massive advance in capabilities for the department.”
The adoption of Cellebrite Premium will also help the Forensic Services Department to further its own digital transformation efforts. “We spent the last year conducting a massive, detailed design review for all of forensics — one strand of which is ‘digital investigation,’” says Paul, who leads discussions about digital strategy for the department. “We identified several significant changes we need to make to service the types of crimes we investigate. The ability to deal with Android and iOS decryption is part of that model. So, implementing Cellebrite Premium is the start of that journey for us.”
According to Paul, an “e-discovery platform” for ingesting data collected from devices in investigations is also on the longer-term road map for the department. This platform would be accessible to investigators, prosecutors, and others working on cases. “This isn’t about accessing artifacts,” says Paul. “It’s about logging into the platform and seeing what you can discover about your case.”
Paul would also like to have “digital managers” sitting in on briefings, pre-execution discussions. and other critical meetings to help influence digital strategy for the City of London Police. “If you’re looking to become cloud-based in the future, you need this type of staff member coordinating digital investigations tools, tactics, and activity by liaising with the investigating officer about their requirements and then informing the CSIs on what they need to do,” Paul explains. “Someone should be able to coordinate both the wet and digital forensics on investigations.”
Moving forward, Paul says he expects the City of London Police will keep expanding its relationships with Cellebrite and other technology vendors to keep pace with digital change. “There’s always a lag between what the criminals are capable of doing with technology before we’re capable of dealing with it,” says Paul. “There are plenty of sources who can tell us what’s coming — like the Cellebrite community, forensic websites, industry conferences, and blogs. We just need to stay aware.”