Big Tech vs Law Enforcement

June 19, 2020

Ana-Maria Baloi



Why does this matter:


  • Open-source information and intelligence (OSINT) play a vital role in criminal investigations; intelligence agencies often use OSINT to make their cases and employ various software and hardware tools to gather the information automatically.
  • Since NSA whistle-blower Edward Snowden revealed the intelligence agencies part of “Five Eyes” capability to accesses private conversations on social media, Facebook, Apple and other technology giants pushed for end-to-end encryption, allowing only the sender and the receiver to access the content.
  • Encrypted messages impede security services from accessing sensitive and often crucial information for criminal investigations, such as the conversations of suspected terrorists, human and drug traffickers, paedophiles, etc.
  • While common ground has been found between Facebook’s privacy policy requirements and the needs of security services in the UK and US, Apple remains reluctant towards sharing its costumers’ conversations.



How is OSINT utilised by investigators?


OSINT for investigatory purposes can be critical in criminal investigations. Although the user is not likely to use their real name and provide their real contact details, intelligence can still be gathered from a social media profile. As one account gets shut down and another one pops up, investigators can use OSINT tools and techniques to follow the user from account to account. These accounts and their social network can then be monitored until enough information is gained to identify evidence of criminal activity, geolocation, the account holder and their criminal network.


According to the UK Metropolitan Police, the police do use open-source intelligence as an investigative tool. Admitting monitoring Twitter and other social media such as Facebook for public order and investigation. The police are also using several technological tools that allow it to monitor automatically. However, how it utilises these tools is still part of sources and methods it cannot disclose how exactly OSINT is used.



Facebook’s relationship with the intelligence services


In October 2019, the US and UK signed a treaty through which Facebook and its messaging tool WhatsApp will have to give UK police access to users’ encrypted messages. The treaty, which covers other US-based social media platforms as well, would require the sharing in regard to investigations of serious crimes, such as terrorism and paedophilia. The document states that the US and UK won’t investigate each other’s citizens, and information obtained from British firms can’t be used by the US in death penalty cases.


In December 2019, Australia passed legislation that forces tech companies to help law enforcement agencies access the encrypted communications of suspected criminals, the world’s first such legislation. It is likely that Australia’s move will determine other governments to adopt similar legislation, to ensure their security services’ access to criminal investigation-related information.


In June 2020, Facebook took the unprecedented step of helping the FBI hack a prolific child predator from California to gather evidence that led to his arrest and conviction. Facebook worked with a third-party company to develop the exploit and did not directly hand the exploit to the FBI; it is unclear whether the FBI even knew that Facebook was involved in developing the exploit. According to sources within the company, this is the first and only time Facebook has ever helped law enforcement hack a target.


Facebook routinely investigates suspected criminals on its platform, from run-of-the-mill cybercriminals to stalkers, extortionists, and people engaging in child exploitation. Several teams at Menlo Park and other company offices collect user reports and proactively hunt these criminals. These teams are composed of security specialists, some of whom used to work in the government, including the FBI and the New York Police Department.



Apple’s conflict with law enforcement agencies


US district courts often issue orders for Apple to offer law enforcement agencies access to encrypted messages, useful in charging suspected criminals. Apple objects and challenges the orders, outlining the importance of private communications. Some requests involve phones with more extensive security protections, which Apple has no current ability to break. These orders aim to compel Apple to write new software that would let the government bypass these devices’ security and unlock the phones.


In May 2020, Apple, Google, Microsoft, WhatsApp and others pushed back against a proposal by the UK intelligence agency GCHQ that offered a way for police to access private messages without breaking encryption. GCHQ suggested an approach in which service providers would “silently add a law enforcement participant to a group chat or call,” without notifying the other participants. The tech companies said this “ghost key” approach threatens cybersecurity and human rights.


In February 2016, the Federal Bureau of Investigation (FBI) in California wanted Apple to create and electronically sign new software that would enable the FBI to unlock a work-issued iPhone 5C it recovered from one of the shooters who, in a December 2015 terrorist attack in San Bernardino, California, killed 14 people and injured 22. The phone was locked with a four-digit password and was set to eliminate all its data after ten failed password attempts.


Apple declined to create the software, and a hearing was scheduled for March 22. However, a day before the hearing was supposed to happen, the government obtained a delay, saying they had found a third party able to assist in unlocking the iPhone and later on it announced that the FBI had unlocked the iPhone and withdrew its request.


In 2013, Edward Snowden revealed that the NSA and the GCHQ had access to the user data in iPhones, BlackBerry, and Android phones and could read almost all smartphone information, including SMS, location, emails, and notes. He also stated that Apple had been a part of the government’s surveillance program since 2012, however, Apple denied the allegation.


After Snowden’s mass surveillance disclosure, Apple developed new strong encryption methods for its iOS operating system so that the company could no longer comply with government warrants asking for customer information to be extracted from devices. Since then, prosecutors advocate for the U.S. government to be able to compel decryption of iPhone contents.


In May 2020, the FBI revealed that the Saudi military trainee Mohammed Alshamrani who killed three US sailors and wounded several others in a terror attack in 2019 on a military base in Pensacola, Florida, was a long-time associate of al Qaeda. Until May, the FBI struggled to obtain access to Alshamrani’s iPhone to establish the nature of his connection with the terrorist group. FBI Director Christopher Wray said that the FBI received no help from Apple in bypassing the phones and that third-party technology firms were also unable to help investigators.



Related Post