What could Blockchain mean for Law Enforcement?

Paul Marrinan
9 min readJan 24, 2018

--

Hint: It has nothing to do with cryptocurrencies.

Image Credit to: lego.wikia.com and gerealt@pixabay

Every week there seems to be a new story about how criminals are using Bitcoin, Ethereum, Monero or some other form of cryptocurrency (see Fig. 1) for their dark web dealings. This new form of ‘money’ is considered ideal for pseudonymity, laundering funds and evading the cops. This has led to some countries banning cryptocurrency outright. While the Law Enforcement and Criminal Intelligence sectors (for ease of reference referred to as “Law Enforcement” for the rest of the article) are trying to play catch up on all the latest cyber threats, the focus may be distracting the sector from the real prize on show: the transformative potential of Blockchain. The Blockchain technology that underpins cryptocurrency poses an incredible solution to many challenges faced by the law enforcement community as a whole. It is a solution that can:

Blockchain shared across law enforcement agencies can make current systems more effective, transparent and easy to control for the information holder. In cross-border investigations, it can also streamline Mutual Assistance applications or International Letters of Rogatory(Request) which tend to be tedious and extremely slow.

Fig. 1 Growing range of Cryptocurrency tokens. Image credit: Designwebjae, pixabay.com

Why Blockchain?

Blockchain is a Distributed Ledger Technology (DLT) which decentralizes the network and improves trust, ironically by having a group that doesn’t trust each other keeping checks on each other. The public key cryptography used in blockchain solutions, such as Bitcoin, makes it possible to keep data encrypted despite being widely shared across the network. Any tampering with data/evidence would be detected because it would result in a change to the hash value of the data, which could be flagged within the ledger by reconciling the data across nodes. This would lead to the tampered data being removed from, or disabled within, the network leaving only the secure genuine data. Furthermore, when data is transmitted, downloaded, or accessed, in any way that is suspicious, the transaction can be flagged with the data owner. If there are any data protection issues particular to a certain organization or jurisdiction, this can be built into the system. If there are any changes to this legislation, it can be updated centrally by ‘organizational nodes’. The difference between these types of transactions and the cryptocurrency model is that the original data controller would be able to retain ownership of the resource until ownership has been rescinded or the security level of the data is lowered for more widespread usage.

Why is this better than what is there at the moment?

In the United States, there are currently 11881 federal, state, and local law enforcement agencies* Sharing intelligence, evidence or general information across these agencies presents problems due to “…bureaucratic divisions that can isolate intelligence in “stovepipes” and lead to inconsistent standards, practices, and even terminology, which complicates interagency cooperation and confuses customers”, as identified by the Committee on Behavioral and Social Science Research to Improve Intelligence Analysis for National Security. As can be seen in Fig. 2, the structures of these organizations do not lend themselves to easy information sharing. In a world where trust in bureaucracy is diminished, the decentralization of power across the network may draw support from groups seeking to benefit from international partnership while also controlling access to their data through self-sovereign identifiers. For those mistrusting of the police in general, the built in immutability of data across the blockchain would provide assurance that evidence tampering is no longer undertaken by Law Enforcement, or at least make it very clear where the point of evidence tampering occurred and who was responsible.

Fig. 2. A small cross-section of US Law Enforcement agencies

In Europe, while data sharing is heavily regulated, there is a growing to push to share information across borders and agencies in order to fight the growing terror threat. This is actively being done through agencies such as SIRENE, EUROPOL, and INTERPOL. However even these world leaders in law enforcement best practice struggle to achieve buy-in from domestic agencies who are skeptical of what happens to their information once it leaves their jurisdiction. As outlined above, if Blockchain was built into systems that are already used across the region, such as SIENA (EUROPOL), SIS II (SIRENE) or I 24/7 (INTERPOL) the relevant data owner could control access to data from within their home organization while also helping to fight crime across borders. While this would reduce the level of control that is shared with these organizations, it could greatly improve their effectiveness from coordination perspective.

Fig. 3 International networks used heavily in Europe

In the case of criminal identification and tracking, every criminal could have a unique identifier once they came to the attention of the police in any country on the network(Fig. 4). That identifier is automatically shared across partner entities so that, if the individual comes to the attention of other law enforcement agencies, everyone is automatically aware. That unique identifier is verified across the network and enables the authorities to be confident about who they are dealing with, regardless of where they are geographically within the network. This identity becomes the starting point of the blockchain criminal history of the individual. Any fingerprints taken, photos obtained or DNA processed will be linked and help identify the individual. This information will confirm when the person may be using an alias or false identity. This personal identification material is due to be shared across Europe following the PRÜM decision via EIXM (the European Information Exchange Model). As all entities/organizations would be nodes on the network, they would ‘police the system’ to identify if any organization abuses its access. Strict governance rules, which are becoming intrinsic to management within Law Enforcement, would be applied and could be built into the code to make compliance mandatory.

Fig. 4 Simple version of a Criminal record chain

What about sensitive data that shouldn’t be widely seen?

DLT systems can be designed to lockdown sensitive data, making it scrambled and hidden from general view. For example, if you were to adapt the Monero Model, the system could be built in such a way that other users would not have access to any information held by an organization unless that organization wanted them to know that information. For Law Enforcement this functionality on the network would be important for maintaining a ‘need to know’ standard for sensitive information. The system will record each piece of data under a complex cryptographic hash, which will only be made available to certain individuals (much like a cryptocurrency transaction happens one to one but is ‘seen’ by the network in the form of hash values and metadata). The major advantage of this system is in relation to high-level intelligence where the secured information can be strictly limited to people that need to know across multiple jurisdictions at the same time. The intelligence can be held off-chain by the data controller, with only an encrypted link to the data published on the ledger. In many recent terror attacks, the suspects were already known to the authorities. While agencies have good reason for wanting to keep their data secret, Robert Steele of the Burundi exercise clearly pointed out that the value of data is in its utility and not its source. The proposed solution would make the sharing of vital information in relation terror suspects much more streamlined and efficient.

Why should law enforcement trust Distributed Ledger Technology(DLT)?

Fig 5. Blockchain builds trust into the network. Image Credit: 123RF.com

The hashing cryptography that is used to uniquely identify entities on a DLT is based on the same system used by law enforcement on a daily basis for the purpose of computer forensics. Law enforcement experts are perhaps better qualified to navigate the blockchain than most professionals in the financial sector due to their understanding of how hashing of data works. After all, it is a digital representation of the ideal chain of evidence. The checks and balances are built into the system, in much the same way that smart contracts work. The reliance on all nodes on the network to each other builds trust across the network and identifies possible gaps in the network more quickly than maintaining the status quo.

Does Blockchain really work that well?

Concerns over the scalability of Blockchain are that the large scale of data being shared across the network is demanding. According to the Bitcoin model, it is estimated that the miners would only be able to process 7 transactions per second(TPS), and even that is more than what is observed on the network. Ethereum is only slightly better at 13 TPS. While this has been increased with subsequent crypto-iterations, the public blockchain is still not comprehensively able to deal with the issue of large-scale data transfer which may be necessary across a variety of organizations and countries. However, as the solution would be more effectively a ‘private network’ this could be managed by the minimum requirements set by the network. The development of Hashgraph as a technology has also gone a long way towards solving this problem with the ability to process up 250,000 transactions per second. The question is whether or not this level of throughput is necessary for the amount of data that will be processed, considering that the bulk of the data would be held off chain.

Ok, good idea but who would coordinate it?

This will require close cooperation with the private sector to develop the required solution, but without these private sector entities retaining any access to the network. In Europe, the EU Commission already has EU-LISA which was designed for specifically that purpose. It is responsible for overseeing all large-scale EU tech projects. It is already in charge of the SIS II project. This can help to develop roots of the blockchain within member country networks. Once implemented on a large-scale integrated system it can be grown incrementally by integrating new regions or agencies on a project basis. The American Council for Technology and Industry Advisory Council may be in a position to pursue a similar project across the United States. Although it is more likely to be developed within a small group of Federal Organizations initially with the potential to grow it out if successful.

Conclusion

For many of the current data sharing and transparency challenges facing Law Enforcement at present, blockchain or more particularly DLT presents a worthwhile solution. While it is far from being the perfect system at present, DLT shows the potential to grow into a mature, reliable technology by the time the Law Enforcement community may be ready to fully embrace it. While this article does not go into detail of a technical solution or explanation of the author’s image of a Law Enforcement Blockchain, it does point to areas where solutions may be developed or created. For now, it is important for the Law Enforcement community to continue to work with private sector companies who are developing the technology, so that it may be fit for purpose once a decision to implement a DLT solution is pursued. In Europe, the framework is in place and there are systems in place that would be ideal for building upon, but DLT(either Blockchain, Hashgraph or others) needs to be shown to be secure and robust enough to ease skeptical minds. As a solution, it would be revolutionary but as with any revolution, it is bound to meet some stiff opposition. While not being a silver bullet, Blockchain is certainly a useful technology that can disrupt the Law Enforcement industry in a positive way.

The views and opinions expressed in this article are those of the author and do not represent the views of his organization or any organization mentioned in this article.

*This number decreased by 30 agencies in the time between the initial draft of this article and the finished publication.

--

--