Guest blog by Ian Kearns, Senior Associate Fellow, The Police Foundation
It is projected that by 2020, 31 billion devices will be connected to the internet worldwide, rising to more than 75 billion devices by 2025. Analysts predict that three sub-sectors will dominate this growth: smart cities (26 per cent), industrial devices (24 per cent) and connected health (20 per cent), but other sectors will also be impacted by the trend. It is thought smart homes technology will account for around 14 per cent of growth, connected cars seven per cent, smart utilities four per cent and wearable technology three per cent.
As a result of this massive expansion in numbers of connected devices, new data is increasingly being captured by, and is accessible via, many of them. From pacemakers and Fitbits, to smart cars, doorbells, watches, phones, coffee-makers and home or virtual assistants, connected devices are gathering vast quantities of data on our habits, movements and environments and sending it back to manufacturers who hope to either mine it or sell it for commercial advantage.
This historic trend, as Mike Barton, the Chief Constable of Durham Constabulary has commented, is likely to lead to a ‘crime harvest’ because in the rush to market, many manufacturers are failing to embed even basic security measures into their devices. Examples of cyber-attacks and crimes committed via the hacking of connected devices already exist. One such example was the Mirai Botnet Distributed Denial of Service (DDoS) attack on the Dyn Domain Name System (DNS) in October 2016. This took major internet brands like Twitter, Paypal, Netflix and Facebook temporarily offline. The attack was facilitated via the hacking of devices like CCTV security cameras and baby monitors with software that commanded them to attack and overwhelm Dyn’s servers. Dyn’s initial estimate of the size of the attack indicated that it had involved tens of millions of hijacked devices. The Mirai software scanned connected devices continuously and such is the weak level of security on many of them that it was able to use well-known factory default passwords to gain access.
Barton has been explicit, and right, to warn of the connection between this kind of cyber-attack and possible crimes against individuals: ‘”If your fridge is connected up to your local supermarket so that it can order things when they are needed, then it’s going to be connected to your bank account and it’s that, that is the worry. That all of these devices, none of which are seen as that threatening or that necessary to protect, become the open back door.”
There are even fears, expressed in a recent F-Secure report into the Internet of Things, that embedded medical devices such as pacemakers could be hijacked by criminals who could demand a ransom in return for not manipulating those devices in ways that might be life-threatening to those wearing them. If this seems far-fetched, it is as well to note that the former Vice President of the United States, Dick Cheney, confirmed in an interview with CBS in 2013 that his heart pacemaker had had its wireless function disconnected to prevent a possible assassination attempt by hackers.
Even evidence gathered by police as part of ongoing investigations may not be tamper proof, potentially causing havoc with both the building of cases and the execution of the judicial process. All of this is therefore raising new questions about the veracity of data and what constitutes valid evidence in criminal investigations. It is also requiring police officers to get up to speed with the data that connected devices hold, and with how that data can be accessed and preserved. Challenging though this may be, it is going to be a necessity. As the Head of the Digital Forensics Lab, Mark Stokes, told the Times newspaper in January 2017: ‘The crime scene of tomorrow is going to be the internet of things.’
Accessing it often means engaging with third party holders of data, some of whom may not even be in the UK. This means that the onset of the Internet of Things is going to create logistical and sometimes legal challenges, not to mention ethical ones, with regard to accessing data via devices linked to specific individuals, perhaps compromising their privacy.
The Internet of Things as an aid to crime prevention and detection
There is however, a potentially very significant upside. Despite the challenges and potential vulnerabilities just outlined, it is possible to point to the Internet of Things as a whole as a new use case with regard to crime prevention and detection. When police started using distributed gunshot detection sensors called ShotSpotter in Camden, New Jersey, for example, they found that 38 percent of gunshots in one neighbourhood were not being reported or detected at all. This enabled the police to focus more resource on that area than previously had been the case.
Moving forward, visions of the future smart city envisage connected devices managing traffic flows, public lighting and other systems. If these systems were integrated with sensors and cameras across the city-scape they could have huge crime detection potential. One idea is to integrate ShotSpotter with connected streetlight systems to help manage the response to firearms incidents. A recent commentary in Police Chief Magazine in the US painted the picture:
‘With a Safe Cities integrated technology approach, upon discharge of a firearm, the streetlights in the area (assuming it’s dark at the time) would immediately be brought to higher brightness. Video surveillance equipment in the area would be activated and turned in the direction of the gunfire and license plate readers would be activated to capture license plates in the area. The video would be captured and transmitted to the command and control facility and could then be relayed to the responding officers.’
More widely, the potential is that with enough connected devices deployed, law enforcement officers would be in a position to quickly know, in serious crime cases, where potential suspects were at the time of a crime, who they were with, and what they were doing. A Domain Awareness System already being used by the New York Police Department is already moving in this direction.
Cases are clearly now emerging where evidence gathered from internet connected devices is proving crucial in making arrests. In the UK, one case of multiple burglary was solved after BT wi-fi routers were examined in a row of four houses, each of which had been broken into in the middle of the day. The routers showed that the same mobile phone had connected to the free BT-FON service at each of the houses on the day the burglaries had taken place. The police were able to use that information to track down the perpetrator.
In the United States, a number of more serious cases have clearly demonstrated the crime detection potential of internet connected devices. As the Guardian recently reported, for example: ‘Richard Dabate claimed a would-be burglar beat him and shot his wife, Connie, in their home in Ellington, Connecticut, shortly before Christmas in December 2015. But she was wearing a Fitbit that showed her walking 1,217ft around the house well after the time her husband said she was shot. When detectives checked her phone they found a list titled: “Why I Want a Divorce”. Dabate’s murder trial is pending.’ ‘Ross Compton said he was sleeping when his house in Middletown, Ohio, caught fire in September 2016. He said he grabbed some possessions and jumped out a window. Investigators pulled data from his pacemaker which, according to a cardiologist, undermined Compton’s account. He has been charged with aggravated arson and insurance fraud.’
As with my recent piece on what blockchain technology might mean for policing and crime, the Internet of Things is a double-edged sword for law enforcement. The existence of a downside, however, just makes it all the more important that the opportunities of the Internet of Things are taken by the police.
Dr Ian Kearns is the lead for the Police Foundation’s project on data-driven policing. Public Value and Data Driven Policing, an investigation into what new technologies are delivering to the policing bottom line, will be published by the Police Foundation in January 2019.