When a smart toaster can become an alibi
Prof. Freiling und Dr. Maras about cybercrime and cybercops
Digital blackmail, identity theft, infection with computer viruses, data theft – the list of crimes goes on and on, and evidence for crimes is increasingly to be found in the digital world. Whom can victims turn to? Normal police work often runs up against its limits when investigating digital crimes. The research training group ‘Cybercrime and forensic computing’ at FAU brings together experts from the areas of computer science and of law to systematically explore and research the topic of criminal investigation of cybercrime. In this interview, Prof. Dr. Felix Freiling, Chair of Computer Science 1 (IT Security Infrastructures) at FAU, and Dr. Marie-Helen Maras, associate professor at John Jay College of Criminal Justice in New York, talk to us about cybercrime, the job of a police officer and how this is set to change in the future.
What exactly is a cybercop?
Maras: Cybercop is a colourful term which calls science fiction and cyborgs to mind. Basically, however, cybercops are simply police officers whose investigations focus mainly on the internet.
Freiling: In Bavaria, certain police officers are informally known as cybercops, as they are fully trained police officers who have completed special training in IT forensics. It is often the case that IT forensic specialists are simply technical service providers, not your typical gun-bearing police officer. For a while, authorities in Bavaria trialled a fast track one-year training programme aimed at making IT forensic specialists fully trained police officers. It met with varying degrees of success, however, as well-trained IT forensic experts are thin on the ground.
What are the challenges when it comes to training cybercops?
Maras: The technical side of the training is very demanding. Members of the police force who investigate cybercrime must have a technical background and be able to use digital forensic tools. Investigative police work is largely based on insights from the social sciences and psychology. Combining this with technology is no mean feat. Another problem I see is the issue of money. It is very difficult for the government to compete with the private sector, which pays considerable amounts for the same work.
Freiling: Experts agree that digital forensics must be incorporated into the normal police training programme. This is not easy, however, as police work – at least in Germany – is still perceived as being a rather traditional occupation. There is the ideal of the universal police officer or police inspector, who is an all-rounder and can turn their hand to anything. In the German police force, for example, there is a rule that officers should change departments on a regular basis in order to remain up to speed in all areas. The problem with that is that the technical aspects of cybercrime are so demanding that you can only start to be really productive after one or two years on the job. It is clearly counter-productive if these people are transferred to another position after a short period of time.
Maras: The situation in the USA is similar. However, in our case the people leave the police altogether once they realise how much their skills are worth outside the police force. By failing to provide training in technical skills, there is a lack of people with these technical abilities in the investigative authorities.
What are the differences in cyber forensic training in the US and Germany?
Freiling: Police training in Germany takes a very practical approach. Prospective police officers take courses and are trained using tools without taking an in-depth look at the methodological background. Training is very much focused on bringing prospective police officers up to speed in using the tools in their daily business. In addition, formal qualifications are very important in Germany. You could almost say that the actual skills people have are less important than the qualifications they have obtained. That is a typical problem across the board in the public service in Germany. Skills are vital, however. IT experts investigating IT related crimes and writing forensic reports should ideally be active in their area of expertise, carrying out research and publishing their findings. When that is the case, you immediately notice a jump in the quality of the work, which is particularly important as far as digital forensics are concerned.
Maras: We have various regional and international law enforcement agencies which offer cyber training. Europol invites law enforcement officers to attend training courses on, for example, darknet investigations. We have UNO, which brings specialists to regions lacking personnel and financial backing to train the instructors. And of course we have Interpol, which offers a similar service. We also have federal authorities which go into various states and offer cyber training, allowing police officers to share their experiences and improve their basic knowledge.
We don’t require any particular qualifications. Normally, everyone is employed in the first instance as a police officer before then transferring to a special unit. After studying for two years, it is possible to enter law enforcement, but that is not common. However, there are no strict rules governing required qualifications, as there are people who may have studied a social sciences discipline but who are true computer geniuses. Unfortunately, talented digital experts do not tend to stay long with the police, as private agencies are very keen to employ them.
In the research training group, you deal with topics surrounding ‘Cybercrime and forensic computing’. What contribution can your research training group make to furthering knowledge in this field?
Freiling: One of the aims of our research training group is to learn from international police work. In the USA, for example, there are Schools of Criminal Justice. Here you can learn investigative techniques and technical skills at university level. There is no such option available in Germany. Another thing we can learn from the USA is that there are very specific standards for digital evidence and these have to be strictly adhered to. Here in Germany, the judge can decide whether or not to accept something as evidence. As there has not yet been much experience with digital evidence, it is often treated incorrectly. As it is fairly easy to manipulate data on a hard drive, it is all the more important to verify the integrity of such evidence, yet hardly anyone ever does. Establishing basic standards for digital evidence could prove extremely helpful and would be a great success.
Maras: One way of raising awareness of cybercrime among judges would be to offer training courses demonstrating how technology can be used to compromise evidence, and just how easy that is to do. It is also important to inspire students to consider setting out on a career in this field.
Why is it so complicated to combine traditional police work with the technical aspect?
Maras: We often come up against the argument that people are only good at doing one thing. If someone has a sound knowledge of more than one area, then they are not seen as a specialist in that area. In addition, technical things have the reputation of being difficult. These are two assumptions which are simply not true.
Freiling: I also think that splitting sciences into various areas of specialisation leads to a disciplinary way of thinking. People tend to only think about their own discipline. That makes it difficult to have an open mind. Our experience in this research group in the area where computer science and law overlap has shown that it is easy if you find the right people from both areas. We are learning a lot, opening new horizons and showing that interdisciplinary thinking is not difficult and is, in fact, extremely rewarding.
Maras: It is important to keep stressing how important and helpful technical knowledge is for police work today. When a team of police officers arrive at the scene of a crime, they must look around to see if there is a watch or a camera, and whether the toaster is internet-enabled, as if so it could prove useful as an alibi. The team has to be aware of what evidence can be found at the scene of the crime and what role they may have when investigating the crime.
What do you think the future has to hold in terms of changes to the job of the police force and training?
Maras: I hope the technological aspect is integrated into the curriculum for police training, as that is necessary. I also hope that the police do away with the special task forces for cybercrime. If there are only a few people who analyse cybercrime, we will never be able to make up the deficit in national capacities. We need to move away from our habit of having experts. We do need cyber task forces, but what about if the traditional units and the cyber forensic specialists worked together to solve a crime? For example, if digital technology is used for drug trading, the teams responsible for the investigation have to have skills in both areas and have to be able to analyse the evidence themselves without having to send it all to a special unit based in a different location.
Freiling: On the one hand, I think that cybercrime finally has to be treated as a normal crime, not as something special. It should become incorporated into normal police work. On the other hand, we need a higher level of specialisation for those who have to deal with the details. However, at the current time we cannot tell what those special areas will be. It depends on which digital evidence and clues will prove to be the most significant, but that is not clear just now either. The discovery of DNA transformed investigative and police work entirely. I suspect that there is something which could be seen as a type of ‘digital DNA’. It is still completely unclear what exactly this will be like, however.
More information on the DFG research training group Cybercrime and forensic computing
Further information:
Prof. Dr. Felix Freiling
Phone: + 49 9131 85 69900
felix.freiling@fau.de