A new (in)security narrative for technology?
In July 2019, the EU’s law enforcement agency Europol published a report entitled “Do criminals dream of electric sheep? How technology shapes the future of crime and law enforcement”. The title is a paraphrase of the 1968 novel by the American science fiction writer Philip K. Dick. The book’s main character, a bounty hunter, is tasked with chasing a number of human-like robots or androids gone rogue. The appearance and behaviour of the androids is so advanced that it allows them to blend in among humans, making their detection as robots more difficult with each new update. Dick’s novel explores how technology is transforming society. This theme is what the Europol report explores in relation to crime and law enforcement.
The Europol report centres on two aspects. The first concerns how technology is transforming the criminal landscape through the emergence of new crimes and new modi operandi by criminals. Among the developments discussed in the report is ransomware, the software encrypting computer files and demanding users to pay a sum of money otherwise their data will be destroyed. Another development includes so-called deep fakes, the graphic manipulation of human faces in videos – often of figures of authority – with the aim of defrauding organizations or discrediting individuals. Then there are cryptocurrencies, which facilitate new digital markets for illicit goods and services. End-to-end encryption protocols in communication devices makes it harder for law enforcement to intercept the communication of criminals.
The second aspect covered by the Europol report concerns how law enforcement might benefit from technological advances. Artificial intelligence (AI) is particularly viewed as a promising field. Crunching vast amounts of data on the basis of algorithms can offer new possibilities in terms of analyzing, detecting and even anticipating crimes. This latter aspect is known as predictive policing, something that is becoming increasingly prominent in police work. (On a side note: in 1956 Philip K. Dick wrote a short story entitled The Minority Report on precisely this topic, the anticipation of crime or ‘precrime’.)
Technology as empowering both criminals and law enforcement is captured by Europol with the term ‘disruptive technologies’. The term originated in business studies during the 1990s to understand how a new technology would disrupt existing markets by creating new ones, thereby displacing established firms and companies, and providing new firms using the latest technologies with a competitive edge. With disruptive technologies Europol points to this technological game of cat and mouse. The report aims to raise awareness of the (likely) substantial impact of a new generation of technologies – from growing digital connectivity and encryption, but also 3D printing, drones and quantum computing – on crime and the impact on law enforcement.
But the report also touches upon several issues that merit further scrutiny in a context beyond that of law enforcement. As an illustration, one of these issues, the conduct of lawful interception of communications, is discussed here. The introduction of 5G and the broad application of end-to-end encryption in communication devices might make lawful interception of communications considerably more difficult, according to Europol. Because of this, the European police agency calls for close involvement of law enforcement with telecommunication providers to ensure ‘that lawful interception by design becomes (and stays) part of that evolution’. While not dismissing the importance of operational considerations for law enforcement in accessing and analysing encrypted data, there is more at stake when it comes to interception by design.
After a deadly shooting in San Bernardino, in the United States in December 2015, a fierce and highly publicized exchange occurred between the FBI and Apple over whether the company should provide the government access to the encrypted contents of the perpetrator’s iPhone. Apple refused and cited privacy violations and company reputation as reasons why it could not comply with the FBI request. Apple feared weakening the phone’s security settings in order to facilitate legal interception would make the device more susceptible to hacking which would negatively affect the privacy of all iPhone users. The FBI eventually succeeded in accessing the phone and stopped legal proceedings against Apple. The case was understood as indicative of future conflicts over the strength of encryption in publicly available communication devices. While the debate as such was not new – it is, in fact, decades old – the more widespread availability and more intense use of such devices for communication by the general public gives the encryption debate new relevance.
Besides potential trade-offs between interception and encryption, a related issue concerns data processing, analysis and interpretation by law enforcement, especially where it comes to large quantities of data. An interesting example is the data retrieved in the so-called Ennetcom case. Ennetcom was a Dutch firm which provided encrypted phone services using the PGP-protocol (PGP means Pretty Good Privacy). In 2016, the Dutch police discovered that PGP-phones were popular with criminals and it succeeded in obtaining legal access to the data stored on a server based in Canada. After successfully decrypting the data, the Dutch police and the Public Prosecutor’s Office gained access to some 3.6 million messages with explicit content involving drug trafficking and even, allegedly, orders of assassination. For police and the prosecution the issue was how to filter out the most relevant ones amongst the millions of messages. But this process of filtration was equally relevant to judges and defence lawyers alike. What search strategies and processes of selection did the police use in filtering the data? How was the list of key words used for searching established? Is exculpatory data included in the searches or not?
The Europol report outlines the importance of technology in relation to crime and law enforcement. Technological advances not only impact crime and law enforcement operations, but in doing so affect a much larger set of questions of what and when something is a crime, and, what, when and how law enforcement can or should respond. As such, technology and our interaction with it impacts larger societal debates relating to encryption, lawful interception, access to justice, and evidentiary standards. These are not settled matters, but instead require continuous scrutiny and attention because they impact us all.