The functions of smartphones are constantly being reinvented, augmented and refreshed. In addition to their role as a conventional cellphone, apps for personal organizers, Internet browsers, GPS navigation, online gaming, instant messaging, e-payments, digital photography and audio recording are just some of the capabilities crammed into the average smartphone. While these apps make life convenient, they can also be exploited by malign actors.
For example, criminals could use smartphones to obtain illegal information, monitor a person through GPS, encrypt data to hide it from authorities, access online gambling sites, transmit data through instant messaging, or trade narcotics with e-payment services or a cryptocurrency such as bitcoin to evade police detection.
In such cases, obtaining and decrypting access to a suspect’s mobile phone has become essential to solving crimes.
As people become more aware of the importance of data security, smartphone manufacturers have developed novel ways to keep users’ data confidential. This includes the implementation of graphical passwords, biometric authentication such as Apple’s Touch ID fingerprint reader or Face ID facial recognition, dual-boot operating systems, and multi-biometric voice-fingerprint authentication. Research is even under way into using the unique amino acid profiles found in skin secretions and heartbeat patterns as methods of authentication.
However, there has always been a trade-off between protecting confidential information and user convenience, and it is often difficult for manufacturers to strike the perfect balance between the two.
One of the problems of modern crime detection facing law enforcement officers is the way in which criminals quickly adapt their methods to exploit new technology and equipment that is not yet addressed under the law. Digital tools allow criminals to cover their tracks and wipe evidence, and make reverse tracing difficult.
When law enforcement agencies need to unlock a smartphone, they must expend a significant amount of time performing system calculation simulations and analyzing the database structure of a device to break through its encryption. Many cases go unsolved because the password of a suspect’s device could not be obtained in the early stages of an investigation.
Coast guard officials say that their job is made much harder if a suspect smashes their cellphone or drops it into the sea before being arrested, uses a less common instant messaging app, or uses a so-called cryptophone produced by one of several niche foreign manufacturers.
Such devices were discovered as part of operations “Venetic” and “Eternal,” led by the British National Crime Agency and the London Metropolitan Police respectively, when members of organized crime rings used cellphones running an operating system designed to automatically “burn” the device — meaning to wipe its data — after several attempts to unlock it.
In such a situation, if investigators are unable to quickly obtain access to information on seized phones, the investigation hits a serious roadblock.
Another difficultly is that different smartphone brands use different types of encryption, while models are also constantly being updated. This means that law enforcement agencies must expend a considerable amount of resources on password analysis.
For this reason, criminals often arrange to wipe incriminating evidence from their digital devices if there has been no communication with their counterpart after a set time.
If legislators reviewing the draft technology investigations bill have any worries about its content, they should pause to reflect on how they should go about resolving all the investigative difficulties facing law enforcement.
As the system stands, during an investigation that hinges on access to a mobile phone, if there is no way to immediately analyze or extract data from it and the suspect has set up the device to destroy its data or can remotely delete data from it, authorities would hit a major obstacle in pursuing the government’s drug policy of chasing upstream suppliers, and criminals would be able to continue to hide in the shadows.
According to article 205-2 of the Code of Criminal Procedure (刑事訴訟法), investigators can “for the purpose of investigating the circumstances of an offense and collecting evidence” gather fingerprints, handprints, footprints, height data and take pictures of an arrested suspect.
If the targeted device is equipped with facial recognition or fingerprint authentication and one or both of these functions has been enabled, then, based on the wording of the act, it should in theory be possible for law enforcement authorities to request that the suspect cooperate in unlocking the device using their face or fingerprint.
However, the law does not specify this procedure and, as such, it could be deemed illegal by a judge.
These types of dilemmas are common throughout the world. In addition to pulling out all the stops to try to find a technical solution, it is becoming increasingly vital to amend legislation to allow investigators to do their jobs.
On Oct. 1, 2018, the Customs and Excise Act went into effect in New Zealand, permitting customs officials at airports to search the electronic devices of an individual if there are grounds for reasonable suspicion. This includes mobile phones, iPads, Android tablets, hard drives, notebook computers and digital cameras.
The law also gives New Zealand customs officials the power to request that an individual under examination provide limited access to their electronic devices or other assistance, including codes, passwords, encryption key or any other information required to gain access when there are reasonable grounds to do so.
If the person under investigation does not have reasonable grounds to refuse to cooperate, they can be fined up to NZ$5,000 (US$3,343).
Although the law is limited in its scope to border-related crimes, it provides a useful reference for Taiwanese policymakers. Similar powers, could be applied to serious crimes or emergency cases, so that a defendant or suspect is obliged to hand over passwords or provide other assistance to law enforcement officials to access digital devices in their possession.
If the individual in question refuses to cooperate, the law could permit officials to use other means to decrypt mobile phones to obtain important criminal information. Decisionmakers must strike a balance between technology and the rule of law to improve the accuracy of criminal investigations.
Tzeng Chun-chiao is an associate professor in the Taiwan Police College’s Department of Technology Crime Investigation.
Translated by Edward Jones
Trying to force a partnership between Taiwan Semiconductor Manufacturing Co (TSMC) and Intel Corp would be a wildly complex ordeal. Already, the reported request from the Trump administration for TSMC to take a controlling stake in Intel’s US factories is facing valid questions about feasibility from all sides. Washington would likely not support a foreign company operating Intel’s domestic factories, Reuters reported — just look at how that is going over in the steel sector. Meanwhile, many in Taiwan are concerned about the company being forced to transfer its bleeding-edge tech capabilities and give up its strategic advantage. This is especially
US President Donald Trump’s second administration has gotten off to a fast start with a blizzard of initiatives focused on domestic commitments made during his campaign. His tariff-based approach to re-ordering global trade in a manner more favorable to the United States appears to be in its infancy, but the significant scale and scope are undeniable. That said, while China looms largest on the list of national security challenges, to date we have heard little from the administration, bar the 10 percent tariffs directed at China, on specific priorities vis-a-vis China. The Congressional hearings for President Trump’s cabinet have, so far,
For years, the use of insecure smart home appliances and other Internet-connected devices has resulted in personal data leaks. Many smart devices require users’ location, contact details or access to cameras and microphones to set up, which expose people’s personal information, but are unnecessary to use the product. As a result, data breaches and security incidents continue to emerge worldwide through smartphone apps, smart speakers, TVs, air fryers and robot vacuums. Last week, another major data breach was added to the list: Mars Hydro, a Chinese company that makes Internet of Things (IoT) devices such as LED grow lights and the
The US Department of State has removed the phrase “we do not support Taiwan independence” in its updated Taiwan-US relations fact sheet, which instead iterates that “we expect cross-strait differences to be resolved by peaceful means, free from coercion, in a manner acceptable to the people on both sides of the Strait.” This shows a tougher stance rejecting China’s false claims of sovereignty over Taiwan. Since switching formal diplomatic recognition from the Republic of China to the People’s Republic of China in 1979, the US government has continually indicated that it “does not support Taiwan independence.” The phrase was removed in 2022
RSS