• Law Enforcement Only

    Posted on March 14, 2009 by Lee Whitfield in Methodologies & Best Practices.

    Before I begin I want make it clear that I work as a subcontractor for several different police forces throughout England.  I work for several private/defence clients too.  I feel that this gives me good insight and a balanced point of view towards the two.  I know that this can be a somewhat emotive subject but, having said that, I am not one to stay quiet on subjects that I feel strongly about.  My colleagues know that, if they discuss it, that I will interject and verbally assault anyone that disagrees with me.

    As a contractor for the police we are tasked with providing forensic reports and statements based on computer or phone evidence. During our day to day work we encounter the same material to which the police themselves are exposed. We perform an investigation on the submitted evidence and then send the evidence, and the reports, back to the relevant constabulary while we retain copies for archiving purposes. We act on behalf of the prosecution in these cases.  We are, in essence, doing the job of a trained cop.

    As such it is my opinion that we should be permitted access to all the same training and software that are furnished for law enforcement officers.

    Earlier this year a conference was held with the subject matter based on mobile/cell phone forensics.  On average our company completes around 80 phone investigations for various forces per month.  With this in mind we decided it would be a good idea to send a couple of our phone invesigators along to learn about any new developments.  Upon contacting the organisers of the event we were told that we could not attend as we were not law enforcement. Factually this may be the case but in what way do we really differ from law enforcement officers? We do the same work, their work, and we’re even on the ‘same side’ so to speak, so what reason could there be to exclude us? No explanation was offered. Not even an irrational explanation.

    Excluding private and defence experts from such conferences is a strange practice.  Expert reports and statement that form part of a criminal case, along with the testimonies given, are made public record (obviously with some exclusions).  As a result any new investigation techniques discussed at closed conferences will seen become open knowledge anyway, so what is the point of restricting the flow of information in the first place?

    The chasm between law enforcement and non-LE personnel widens drastically when you look further afield.  Commercial software and training is offered to law enforcement at a significantly reduced rate.  Why is this?  Everyone that I have discussed this matter with has been unable to provide a concise answer.  Is it due to budgetary requirements?  Everyone has budgetary requirements to meet, in what ways do private companies and police forces differ in that regard?

    Software such as iLook, COFEE, and many others are released as forensic and/or indicent response tools for the use of law enforcement personnel only.  Once again, the question is ‘why’?  We work in an adversarial legal system where fairness and equality for both prosecution and defence should be central to each and every case.  The legal system should be fair. The evidence and tools used by the prosecution experts should be accessible to the defence, how else can the legal system claim to be fair? A defence expert may be left with no recourse if the prosecution presents evidence that has been found using one of these ‘LE only’ tools that has not, and can not, be indepently verified or the results challenged.  Should the court allow this? Of course not. But for some reason it is acceptable.

    The legal system is about fairness and equality. How can disqualifying forensic practitioners from events or software be in the best interest of the law or justice? Why should it matter whether or not they wear a badge and carry a gun?

    Something ironic to finish.  One of the organisers of the aforementioned conference (a police officer) recently contacted our company asking for some information relating to a case that we recently completed for a different force.  We do not do any work for his force in fact they do not outsource any of their work or permit the evidence out of their compound. We’ll gladly furnish him with the data but he’s not going to like our conditions or the cost.

    This subject is not going away.  We will be discussing this very topic on a future episode of Forensic 4cast.  If you want to appear on that episode to share your own point of view let me know.

7 Responsesso far.

  1. Mark says:

    I agree with quite a bit of what you say. What I don’t understand is what is the big secret. Not all of us are enemies, even if we work for the defense most of us just want the truth in each forensic matter. If someone is guilty then our examination should show that and we report it to our clients. Now there are probably some private examiners who are unethical and should not be allowed this information, but I am sure there are also LE’s that are unethical and should not be allowed this information as well (No I am not accusing anyone nor do I have first hand information, LE’s are human just like the rest of us and there are bad apples amongst LE’s as well as in the public sector). I have many friends in LE and I respect them and the job they do and they are interested in sharing information with me and I am with them. We do not let the Us vs Them mentality get in the way, all we want is the truth in each forensic matter to come out.

    Now no matter what tool is used the results should be reproducible, if the report is written correctly (which I have seen a lot of crappy reports from LE’s, and they should have to take some free classes for report writing, and I have also seen some crappy reports from private sector examiners as well) then it should not matter what tool is used. If the results are not reproducible and they used a specific tool available to “LE” only then we should have access to that tool to verify there results that we can not reproduce. The court should not allow this but it should be the examiner for the defense that challenges this and shows the court proof that the “LE” software shows something other software does not.

    Just my .02

  2. Ron says:

    Yes, I agree with you…

    Forensics is not some big secret that needs to be hidden from civilians.

    In fact, at least basic forensics and evidence collection should be made a part of the A+ or Microsoft certifications. I have worked for dozens of client’s in non-forensics roles. None have had a policy in place for simple things like “a tech finds CP on a company computer” or “a suspected employee locked his machine, what do we do now.”

    I think some of the reason is that the developers are former cops, so they want to keep some of the ‘game’ within the LE community. Also, they get to charge more for software if it has some cachet of being for LE use only.

    Where is next episode!!!!

  3. Marian says:

    I have the same experience. I am a former police officer and cofounder of ENFSI Forensic Information Technology Working Group (WG-FIT). After I left a police, they also stopped my participation in the activities of this group, although I believe that I can contribute and help in their work.
    I think that Digital Forensic science MUST be independent. It’s the forensic science, therefore, must be independent and objective. And it does not depend on for which part of lawsuit is used.
    After many similar experiences with the LE “separatizm” (I apologize for that term) I have reached the following conclusion: Everything what I do and what I share, is open to all, private and LE. If some LE bodies want to separate or distance, it’s their problem, not mine.
    After all, anyone who ever closed off in some way from the outside world, eventually suffered damage. And it’s a shame.
    (excuse me my halting English)

  4. Richard says:

    It seems to me that you are combining two separate subjects under one banner.

    With reference to the Law Enforcement only conference in relation to mobile phones it seems to me that the organizer’s wanted to keep some information in house and not share it with the wider community. I cannot speak for the organizer’s, but their approach might be as a result of persons in the private sector taking advantage of research and then gaining a commercial advantage from it by developing paid for software.

    It is not necessarily the case that the techniques discussed will become open knowledge. If I as Law Enforcement develop lets say, a parser that speeds up the decoding of something you are still able to decode manually and achieve the same results.

    Likewise free tools such as iLook only duplicate functionality available to you with paid for tools. What LE only tool are you alluding to that produces results that cannot be independently verified?

    With regard to reduced pricing for Law Enforcement you fail to acknowledge the most obvious difference. Law Enforcement agencies are public bodies with fixed budgets funded by taxation. During the course of a year it is not possible to raise more capital and most significantly (with limited exceptions) they do not charge their customers for the work carried out. Private companies are able to disburse their costs onto their customers. Software providers recognize this difference and from a marketing perspective reduce their prices accordingly. Additionally the sheer scale of Law Enforcement entitles them to a significant volume discount.

  5. I didn’t know iLook was free?? As far as I can tell, they’re now changing to cater to the private sector also, and they’re charging a pretty penny for their software too.

    Digital evidence is either there or it’s not. It’s irrelevant how the data was obtained, or what tools were used to illuminate it.

  6. Mark McKinnon says:

    Hi Richard,

    I guess I would have to disagree about the Law Enforcement have limited funds. As long as they know how to write they can potentially get grants to supplement quite a bit of things that they may want or need (at least in the US). A police Department that is not to far from where I live just received over 400,000 over a 2 year time period to start a forensic program and train officers. Now that is quite a bit of cash and I wish someone would hand that money to me and tell me I did not have to pay that back.

    Now about your statement about Law Enforcement developing something and the private sector stealing it and making a profit. where did they get the money to develop this? They are public employees getting paid by the public so I cannot see how your argument holds water. If it was not for the public funds that are paid then Law Enforcement would not have developed them. Now if they are afraid that someone will take it and sell it then do not provide source code for it just the program, that is what I do. You also have to remember it costs money to develop/produce/support and market software, even if someone has come up with the program. This means that it had better be a great product and expensive to get their monies out of it they have put in to launch it.

    Now for the statement about Free tools. iLook was free to Law Enforcement and if person using the product reports something but and we do not find it with our tool do you not think we (as private contractors) should have to opportunity to vet iLook and see if it is working correctly. Maybe it is not and we can then have the opportunity to help with a bug in the software. For other LEO only tools there is a version of Liveview the is LEO only and also what about Cofee.

    Now for the crack about fixed budgets, Law Enforcement agencies do not have to worry about Errors and Omission Insurance, Marketing, property taxes and other aspects a business owner has to deal with. Now for Law Enforcement to be entitled to anything is ridiculous, nobody should be entitled to anything.

    Just my .03 cents

  7. Tim says:

    @ Atlanta Private Investigator:

    Although you are, of course, correct about evidence either being present or not, from a defense angle (and I’ll admit I never do defense work so my opinion is conjecture) it would be hard to argue flaws in the software or false positives if you cannot test it for yourself.

Leave a Reply

Your email address will not be published. Required fields are marked *