Could Blockchain Technology Enhance Communications in Major Law Enforcement Actions?

Complex Cases Present Complex Challenges

On December 2, 2015, a married couple opened fire at a holiday party in San Bernardino, California killing 14 people and injuring 22 others. Both attackers were killed in a gun battle with police. A massive investigation conducted by numerous local, state, and federal agencies found that the attackers were planning a terror attack before the tragedy.

On October 1, 2017, a shooter opened fire on a crowd of concertgoers at the Harvest Music Festival on the Las Vegas strip killing 58 people and leaving 851 injured. The 10 minutes of shooting is now known as the deadliest mass shooting in United States history. A multitude of local, state, and federal authorities participated in the subsequent investigation.

On November 13, 2015, at least seven simultaneous terrorist attacks took place throughout Paris killing 129 people, including 89 in the Bataclan concert hall. More than 350 people were injured as well. At least 7 terrorists were involved in these organized multifaceted attacks which included mass shootings, hostage takings, and suicide attacks. The subsequent investigation involved national and international intelligence and law enforcement agencies.

We also see more and more cases where multiple local, state, and federal law enforcement agencies band together to investigate violent gang members, human traffickers, serial killers, and child abductions, for prosecution in state and federal jurisdictions.

First Responders in Major Events

The initial response to tragic events will involve multiple local, state and federal government agencies guided by unique regulations and procedures. Many cases result in long and complicated investigations and trials where the evidence collected is fiercely challenged in judicial proceedings. Even when the perpetrators do not survive the attacks, the public will demand a full investigation to unravel the evidence, determine motives of the attackers, identify and prosecute co-conspirators, and prevent occurrences in the future.

Case Management Systems

Many investigative agencies and prosecuting authorities have developed their own record keeping procedures to satisfy rules and regulations for the respective agencies. Others may make use of high quality case management software to manage the flow of information. Nothing is wrong or incorrect with the wide variety of systems, but the systems are not necessarily compatible with each other. Some of the compatibility limitations can be identified and addressed through training and practice for major catastrophes.

Can Blockchain Shared Ledger Technology Assist in the Process?

Without being involved in large scale operations, it may be hard to grasp the complexity of gathering, managing, and distributing the enormous amounts of data collected in these matters. Even criminal investigations of lesser magnitudes can result in thousands of pieces of data collected by different investigative agencies. Managing the data is critically important to comply with existing rules, regulations, and laws governing the proper collection of evidence and the resulting admissibility of evidence. Government authorities are also responsible for disclosing evidence to opposing counsel prior to trial, to include evidence that could benefit defendants. Failure of compliance can result in evidence being excluded, mistrials, and overturned convictions. Judicial authorities often have to referee disputes between government and defense counsel over the admissibility or concealment of evidence. Improper management of the data can also fuel unfounded conspiracy theories that survive long after a case is concluded.

Can Blockchain shared ledger technology knit together the roles of investigators and prosecutors while maintaining the separation of responsibilities?

Present time, multiple-agency investigations are the norm in significant government investigations. There is nothing inherently wrong with different agencies using their own procedures to document their work, and this should not be changed. In the United States, we have never had, nor should we have, only one police force to serve the public. Also, to ensure a proper balance of duties, the investigative agencies report the result of the investigations and prosecuting authorities make decisions about persons charged or not charged with crimes. However, investigators need the input of prosecutors as the case unfolds, and prosecutors need the input of investigators for charging and trial considerations. All are responsible for the proper collection and disclosure of evidence to defendants and their attorneys.

During multiple agency investigations, we see that the investigative results can be siloed inside each agency until communication procedures are developed with the other participants in the investigation. Eventually, the job of gathering and forwarding information to prosecuting authorities gets done, but is there a better way?

Enter Blockchain technology and the permissioned shared ledger system. We know that the Blockchain system with Bitcoin and other cryptocurrencies is designed for participants who do not know or have to trust each other. In this un-permissioned system, anyone can be a participant and anyone can view the Blockchain ledger. This model would not work for multi-jurisdictional responses to events as described above.

A Shared Ledger System

In a closed and permissioned Blockchain system, the participants share the same ledger and collectively approve of new additions to the ledger. So each addition of data will be seen by all participants as the Blockchain ledger is being built. At the end, all participants will have an immutable, time-stamped, and un-hackable ledger of all data points in the case. Logically, the participants would be representative(s) from each agency and prosecuting authority. The approved participants could then monitor the investigation as events are unfolding.

If a shared ledger system is implemented, it would be incumbent on each participant to develop reliable procedures to transfer information from their respective investigation to the Blockchain shared ledger in a timely manner. There should be no need for the participating agencies to peer into the entire files of their counterparts. The various agencies may be reluctant to share their entire files that may contain non-pertinent and agency-specific information.

The resulting agreed-upon shared ledger would show the origin and disposition of information gathered by each participant, to include evidence gathered, chain of custody, email and text communications, computer and smart phone analyses, photographs, interview results, other leads generated, etc., all in an unalterable and time-stamped chronology.

A shared ledger system would not solve all communication and evidentiary problems such as non-cooperation between participants or the unauthorized disclosure of information, i.e., leaks. Those issues are left to the professionalism of the people involved.

Challenge to Blockchain Developers and Users

So here are some challenges that Blockchain developers and potential users may want to consider:

Can a closed and permissioned Blockchain system be designed for use by law enforcement agencies and prosecuting authorities?

Can a shared ledger system satisfy judicial requirements for the collection and disclosure of evidence?

Can robust shared ledger software and hardware be developed in a cost effective manner?

Can a shared ledger be beta-tested for efficiency and effectiveness?

Would shared ledger technology be compatible with existing record management systems of the participants?

Can it be demonstrated that Blockchain technology will improve collaboration between existing data management systems within various agencies?

Can Blockchain technology prevent identity theft schemes that may be used to impersonate participants?

Can Blockchain technology prevent the unintentional or intentional spillage of classified information into the shared ledger?

Are Federal grants available to assist with the testing and adoption of new technology for data management?

Conclusion: It seems that emerging Blockchain technology may offer improvement to data management challenges as seen in major law enforcement actions. But could this be done in a cost effective manner and adapted to systems already in place? If not, the technology will face an uncertain future if the costs exceed limited governmental budgets. Blockchain technology will have to demonstrate its worth as a cost effective improvement in a very demanding environment.

Cryptocurrencies, Blockchain and Fraud, Uncategorized

Synthetic Identity Theft – What Blockchain Users Need to Know

Main Points for Consideration:

  • Traditional Identity Theft schemes steal the identity of a known person to impersonate the victim.
  • Synthetic Identity Theft uses a Social Security Number for form a new, but fake person.
  • Synthetic identities can satisfy known loan underwriting procedures.
  • Synthetic identities create additional risk factors for Blockchain systems.
  • Synthetic identities can be formed before being included into a Blockchain system.
  • Synthetic identities may be used to impersonate known participants.

Advances in Blockchain technology can develop platforms to protect individuals’ identities from theft and also help businesses authenticate participants. But how can Blockchain provide assurances that the identities are valid in the first place? Answers may be found by understanding the threats of Synthetic Identity Theft, and how to mitigate those threats.

In a more traditional identity theft scheme, a perpetrator will steal Personally Identifiable Information (PII) to impersonate the victim. But Identity Theft has evolved into a hybrid form known as Synthetic Identity Theft where a perpetrator is not trying to impersonate the victim. Instead of stealing and impersonating the identity of actual persons, a new persona is invented by the perpetrator. This is accomplished by using a Social Security number to create a completely fictitious personal profile.

Synthetic Identity Theft – How It’s Done

Identity thieves obtain Social Security numbers using familiar techniques like Phishing schemes; forming phony websites to collect PII from victims; using corrupt internal employees who have access to PII; and even buying stolen SSANS obtained from data breaches. The fraudster will add a name, date of birth, and address to create new PII for a fictitious person. The new identity is then used establish records in public databases, credit files, phone and utility records, and social media profiles, etc. Afterwards, the perpetrators can monitor the payment history, credit score and public persona of the fake person. The new accounts established by the fraudster can be immediately used for financial fraud schemes, or, used as sleeper accounts that lay dormant for long periods of time. The dormant accounts can be sold on the black market to other criminals.

Synthetic Identity Theft Schemes – Where Are They Found?

Fictitious synthetic identities are often used to attack internet-based business transactions. As an example, the automobile industry uses internet-based sales for purchasing vehicles without face-to-face interactions with a sales person. Some dealerships have been victimized by perpetrators forming fake identities used to satisfy standard loan underwriting requirements. Financing arrangements were completed with fake personas and vehicles were delivered to other locations where the vehicles were used in other criminal activity.

These schemes have impacted government operations including Veterans’ benefits, Social Security benefits, Medicare and Medicaid programs, Health Care systems, and private medical insurance systems. For example, synthetic identities have been used to obtain health insurance policies from private insurance companies. Also concerning is the potential use of fake synthetic identities by terrorist groups to launder money through established government financial systems and/or cryptocurrencies. The laundered money can fund terrorists for living expenses, safe houses, renting cars, international travel, and purchasing restricted goods.

Fraudulent identity profiles have also been found in the mortgage process, auto insurance claims, staged accident schemes, schemes involving the IRS, Small Business Administration, FEMA, and other government entities. Within the health care industry, the government is encouraging the digitalization of medical records, and these records are based on the PII of patient. This creates more opportunities for the theft of PII.

Anyone’s Social Security number can be stolen, but certain demographic groups are specifically targeted. SSANs of minors are more likely to be stolen because the younger a child is, the longer the fraudulent identity can be used. The SSANs of elderly people, college students, and indigent people are also targeted. The fraudsters have been known to solicit financially destitute people to buy their identity.

Synthetic Identity Fraud is a Worldwide Problem

In 2017, the World Bank released a study concluding that more than 1.1 billion people in the world lack access to vital government services because they are unable to prove their identity. The World Bank Group’s Identification for Development (ID4D) initiative launched a High Level Advisory Council to advance the realization of robust, inclusive and responsible digital identification systems as a sustainable development priority.

The United States Federal Deposit Insurance Corporation (FDIC) recently estimates there are 10 million unbanked or underbanked households in the country. The FDIC defines unbanked as those adults without an account at a bank or other financial institution and are considered to be outside the mainstream for one reason or another. Many people are squeezed out of normal banking systems because of poor credit. Others choose not to participate in government systems to avoid regulation, oversight, and excessive fees.

Why is This a Concern for Blockchain Technology?

The World Bank ID4D recommends efforts to provide reliable digital identities to 1.1 billion people who want to participate in the economy, but lack provable identities. Similarly, unbanked people choosing to use alternative financial instruments, think cryptocurrencies, also desire a safe and reliable system to conduct financial transactions.

Blockchain technology is envisioned as the record keeping system for new digital identities and/or established identities. And it may be safe to assume that the immutable Blockchain distributed ledger can make it more difficult to use a stolen identity. But vexing questions continue to appear: Prior to the adoption of a Blockchain ecosystem, could a criminal or terrorist form a fake Synthetic identity only to be added to the Blockchain ledger? If so, the Blockchain may then become a hiding place for persons intent on doing harm.

Also, once a permissioned Blockchain system is formed with approved participants, could a synthetic identity be formed to impersonate a participant? If so, could a fake participant cause harm to the information being added to the Blockchain?

These possibilities may not be surprising to persons who use ledgers for normal accounting and business purposes. The ledgers can accurately record numbers and information. As accountants and auditors will certainly attest, ledgers can also accurately record falsified information. The ledger system cannot guarantee the integrity of the information before entries are made, and neither can Blockchain. Only people can determine the integrity of other people.

Mitigating Synthetic Identity Theft:

Synthetic Identity Theft schemes can defeat known preventative measures such as credit checks, locking down credit, changing passwords, two-factor authentication because the schemes do not necessarily involve obtaining credit. The fight against Synthetic Identity Theft will be waged by combining known preventative measures with improved Artificial Intelligence (AI) to study behavior, and Biometric verification, such as voice, face, fingerprints, and DNA to verify the identity of actual persons. As such, maintaining a balance between Security and Privacy will always present challenges.

Conclusion: The intention of raising these issues Synthetic Identity theft is not to discredit the Blockchain infrastructure. Instead, and just like any other new technology, it is imperative to understand risk factors as the technology is developed and implemented. Identifying and understanding risk factors should result in strong measures to mitigate the risks. Blockchain developers and end users will certainly need to develop and improve counter-measures to mitigate Synthetic Identity Theft threat vectors.