Public Trust Goes Hand In Hand with Modern Tech
May 17, 2023
The Long Arm of the Law 3.0
More than ever, the FBI is pursuing criminals in cyberspace.
In an emergency, one requiring intervention by law enforcement or public safety organizations, accessibility to critical data often determines outcomes. At times, availability of actionable information even saves lives. The challenge for public safety and law enforcement groups charged with averting tragedy and keeping the peace is to consistently get the right data at the right time. In a complex digital world, that’s not always easy to do.
Law enforcement and public safety personnel are familiar with scenarios in which they “can prove that evidence is just behind a gate, and if [they] can get it [they] can save lives, but that’s tricky,” said Robert Brown, Executive Assistant Director of the Science and Technology Branch at the Federal Bureau of Investigation (FBI). “Not only do you have to be right, it’s got to look right. That’s a very high standard. It’s difficult.”
Brown, who joined the FBI in 2002 as a Special Agent tasked with investigating organized crime, delivered the opening keynote address at AFCEA Bethesda’s annual Law Enforcement and Public Safety (LEAPS) Technology Forum at the National Press Club in May.
“Most of the time we’re working against the odds and against the clock to save lives,” said Brown, who oversees the Bureau’s Operational Technology Division, Laboratory Division, Criminal Justice Information Services Division, Next Generation Technology and Lawful Access program, and Science and Technology Intelligence program. He also represents the U.S. Department of Justice on the FirstNet Authority board.
In addition to managing process and public perception, the IT challenges encountered by law enforcement and public safety organizations include the rapid pace of technological advancement, budgets, cultural acceptance, rules of engagement, and adversaries’ access to advanced tech.
“The speed at which technology advances is very difficult,” Brown said at the conference. His remarks covered “emerging technologies across all the disciplines,” including end-to-end encryption, Pegasus spyware, protected 5G, rapid DNA, state-sponsored cyber threats, ransomware, biometrics, cybersecurity exploits, AI data manipulation, and iCloud, among others.
Pegasus Spyware
Developed by the NSO Group, an Israeli company, Pegasus enables remote, zero-click surveillance of smartphones. The FBI concluded that Pegasus failed the three-prong test for using new technology, which must be legal, technically feasible, and perceptually acceptable. “We did not operationally use Pegasus, but we did test it,” Brown said.
Cyber Exploits
The emergence of tools developed to exploit cyber defenses raises questions about the propriety of their use by organizations dedicated to enforcing the law. “You need to think about the motivations that put law enforcement in that position,” Brown said. “Should law enforcement be in a position where it is hoarding exploits to use them as a tool?”
Cloud Security
The recent release by Apple of Advanced Data Protection enables end-to-end encryption for shared content among participants using ADP. “It will be problematic,” Brown said. “Every law enforcement agency in the country relies on [access to iCloud backups] to solve crimes. It’s going to be a challenge.”
Nation States
In the realm of cyberspace, China and other adversaries are formidable foes. “The scale of the China cyber threat is unparalleled,” Brown said. The day before his keynote address, the U.S. government announced that it had disabled “Snake” malware, a sophisticated cyber espionage tool developed by the Russian government to steal sensitive data. The Justice Department used a court order to install a tool developed by the FBI to overwrite and disable the malware. “These hostile nation states will continue to present a serious challenge in years to come,” Brown said.
Rapid DNA
Rapid genetic testing enables law enforcement to determine a suspect’s DNA profile in an hour or two and compare it to a watch list of high-interest crimes. The automated process is fully rolled out in Louisiana.
Face Morphing
Digitally blending two or more faces into a single image enables criminals to elude facial recognition controls for verifying travelers, matching suspects to watch lists, and securing fraudulent passports. There is “confusion around facial recognition and how we do or do not use it,” Brown said.
Deep Fakes
A type of synthetic media, deep fakes rely on artificial intelligence (AI) and machine learning (ML) to create realistic images and audio. Powerful online tools have made it easy to produce deep fakes that have been used to manipulate victims and commit fraud. It’s unclear whether law enforcement should use deep fakes against criminals.
An emerging concern is that people suspected of or charged with crimes will claim that they’ve been “deep faked,” that digital evidence against them has been altered to give the appearance of guilt. Brown cited the case of Elon Musk, whose lawyers used the tactic to cast doubt on statements Musk made about the safety of self-driving cars. The judge didn’t buy the deep-fake defense, noting that the strategy “is deeply troubling to the court.”
Brown concluded his remarks by encouraging the audience of IT professionals to meet the challenges posed by new tech. By working for government agencies and the private-sector companies that support them, professionals working in the LEAPS space perform a critical public service, Brown said.
