We live in an exciting time, where new technologies are providing us with fascinating capabilities that have never been possible.

We’ve previously talked about how some of these technologies can be used by criminals to help commit crimes or to make it more difficult for us to find them. If you haven’t read these previous posts, we’ve discussed the darknets, the Internet of Things, the risk from unsecured Wi-Fi, and cosmos computing.

I also talked about the need for a new vision in the world of investigations. It seems that the models we’re using aren’t making progress fast enough. Instead of gradual, incremental change, we need to evolve into the professions that will be needed for the future.

But today, instead of talking about how technology is making it easier for the techno-criminals, I want to talk about how we might leverage technologies that could potentially revolutionize investigations and our legal systems.

Two of these technologies are augmented reality and virtual reality.

Augmented reality will basically add layers of information on top of the real world that we see (I recommend starting this YouTube video at about the 27-minute mark, and you can watch as long as you’re interested). This may be in the form of some type of headset or specially-designed glasses that will work like a “heads up display.” It might be using the camera of your mobile device with artificial intelligence to provide more details about what you see. So this technology will augment, or add to, our perception of the world.

Virtual reality can also amplify the real world, but it can go even deeper to provide more immersive experiences. Companies are already designing virtual worlds where you can live, work, and play. In these worlds you can be anything or anyone you want to be.

You may think that virtual reality will only be like enhanced video games, but let me assure you that it will be much more sophisticated than that. Many of the virtual worlds will create entirely new environments that will be limited only by your imagination.

Who wouldn’t want to visit or live in a virtual world that could provide an experience that isn’t possible in the real world? In these worlds, if you could feel beautiful/handsome, stronger, more intelligent, or have super powers, would you at least be curious to give it a try?

The positive psychological and emotional feedback that these experiences can provide is why these worlds have the potential to be very attractive and massively addictive.

I’ve read many articles that use the term “metaverse” for these various new layers of reality that will soon be available to everyone.

With this technology you’ll be able to choose how many layers you use, and the deeper you want to go, the more immersive the experience can be. Some experts are afraid that these virtual worlds will be so addictive that some people may prefer to stay in those worlds and not function at all in our physical real world.

It’s interesting to think about the possibilities of having multiple personas in different virtual worlds, and how that could change our lives, but that’s not the focus of this post.

I want to think about how these technologies could be used to help us with some of the challenges that we’re facing with the future of investigations.

We’re already falling farther and farther behind the techno-criminals. We have limitations they don’t have, and we have to play by rules they aren’t bound by.

This situation can get much worse if we don’t start thinking about new and innovative ways to take advantage of technologies to give us faster progress.

There are predictions that by 2021 there will be 3.5 million openings for cyber security professionals that we won’t be able to fill.

Most law enforcement professionals will certainly agree that today we can’t hire enough digital forensics professionals. Most agencies with any type of digital forensics capability are overwhelmed with the demand for those services, and are either severely backlogged or are limited to providing digital forensics analysis for only high-priority cases.

This doesn’t include the significant demand for digital forensics experts in the private sector as well. Will the public sector be able to recruit and maintain the digital forensics professionals needed, while competing with the higher salaries and benefits that the private sector can offer?

In addition to these problems, as technology becomes more sophisticated, professionals in both security and digital forensics will be forced to specialize. It will critical to make sure they have the training, experience and the tools for their areas of technical specialization.

That could mean that for many cases involving technology and electronic evidence, you’ll need to assemble a team of these expert specialists to conduct your investigations.

If this assumption is valid, the person, agency, or company with the responsibility of conducting an investigation will need to know who these specialists are, how to contact them to determine if their expertise is what is needed for the case, and then find out whether they’re available to help.

I’ve called this the “Hollywood model of investigations” because it is similar to the process used to create a feature film. The producers choose a director, and then work together to identify the various specialists they want to work on the film, to include casting, video, special effects, costumes, set design, editing, and more. These specialists come together to work on the project, and when the film is completed they move onto the next job.

This may very well be the type of model that we’ll need for future investigations involving technology, because we can’t expect any single company or agency to have this wide range of specialized technical investigations expertise on staff.

So what possible solutions can we develop to help solve some of these challenges?

Could we use augmented reality or virtual reality to overcome some of the limitations we face?

Both of these technologies plus artificial intelligence could be used to develop training programs for digital forensics practitioners, demonstrating how to collect and preserve digital information from multiple devices. Step-by-step guidance through an established investigative strategy using best practices could also make sure that nothing is missed or completed out of order.

From a training perspective, being able to put investigators through simulated situations that appear to be more real will help them to learn and remember the information compared to traditional classroom teaching methods.

As more and more of our applications and data migrate to the cloud, will the physical presence of an investigator be required at a crime scene more…or less?

Consider the possibility of using virtual reality to give a tour of a crime scene by the best expert in the world investigating a specific type of crime. Could this be a more efficient use of their expertise, or would we lose the “sixth sense” perception from them being physically present?

We’ve already talked about how we will need more specialized technical investigators. Can these technologies allow investigative specialists from other countries to help from anywhere they happen to be, without the need for travel time and costs?

What about data collection and preservation from a cloud environment? Could augmented/virtual reality technology help to minimize the time and costs of this data acquisition?

Using augmented or virtual technologies will make authenticating the integrity of digital evidence even more critical, since there may be cases where a person from the investigative team never actually touches a device containing digital evidence.

This scenario could also create a need for universal expert specialist investigative certifications that would be recognized and accepted all over the world.

Could we also see a transformation to digital courts, where most or even all the participants are present virtually, but not physically?

There are already organizations virtually transporting jurors to crime scenes.

Think about the possibility of virtual courts. Could virtual reality testimony be more efficient? Or once again, do we lose a critical dynamic in a court setting when all of the participants are physically present?

Could this environment overcome the limitations of geographically based legal jurisdictions?

Technology continues to evolve.

The techno-criminals are already taking advantage of advancing technology. Why can’t we?

We should start thinking about how we can evolve…before we are left behind.

Introduction

Are you tired of hearing about yet another significant data breach? As I was reading about the most recent breach of Marriott and how the attackers were probably inside the Marriott system for four years (or longer), I got mad.

You should be mad too.

There’s no reason we should accept a lack of security from organizations (both corporate and government) that have collected our personal information. Many of these breaches were due to either pure negligence or management deciding to not spend the money to upgrade their network security to an acceptable level.

It’s frustrating that we’re still talking about many of the same problems with computer security that have existed for decades, even as the volume of data has exploded.

These attitudes about digital security are no longer acceptable.

It’s time for us to hold these people and organizations accountable. When I say “accountable,” I mean both criminally and civilly.

Instead of the United States continuing to be almost the only developed country without federal protection for personal data, we need to pass new legislation requiring this protection. The law should make the penalties and punishments severe enough to make organizations think seriously about their efforts and the resources to provide for security.

The problem won’t go away unless the probable consequences of failure to protect this data are real and substantial.

Senior executives and boards of directors who were aware of security problems (or should have been) and took no action to protect our data should face the risk of criminal prosecution as well as individual civil liability.

Situations like this have historically been considered to be “white collar” crime and have not been a high priority in our legal system.

This needs to change.

There’s too much fraud and other crimes involving digital technologies.

Yet there still doesn’t seem to be much interest in protecting people’s financial and personal information.

Too many organizations still consider the risk of a data breach as a “cost of doing business.”

After the Marriott breach was made public, several people have suggested that these breaches will not go away unless someone is prosecuted criminally and goes to prison.

https://gizmodo.com/only-jail-time-and-stiff-fines-will-stop-this-say-sena-1830779327

http://www.govtech.com/security/Senators-Call-for-Stricter-Data-Protections-Post-Marriott-Hack.html

I agree.

It’s time to change the mindset and to force responsibility and accountability. If we don’t change the approach to security as technology continues to grow exponentially, we’ll see more techno-crimes of all types.

Let’s send a message that we won’t accept this attitude anymore.

In the meantime, what can you do?

The first thing I would recommend is to freeze your credit reports.

I understand that this is not convenient for every person, but think about the convenience compared to the risks of your personal information, financial data, and medical records being stolen in a data breach.

You’ll need to make that decision depending on your individual circumstances, but that’s what I strongly recommend.

For more detailed information about freezing your credit report:

Equifax
Experian
TransUnion
Innovis

Another aspect of this problem is to check to see if the children in your family have a credit history. For a child under 16, in most cases there is no reason for a credit record to exist. But if a child’s identity has been stolen, the theft might not be discovered for many years. That could make the problem much harder to clean up years later when it comes to light. It can be a bit more difficult to check a child’s credit history, but it can certainly be done.

For more information:

Credicards.com

Consumer Financial Protection Bureau

Final thoughts:

We need more security and digital investigations professionals.

Did you know that some projections say that by 2021 there will be over 3 million cyber security positions that we won’t be able to fill?

3.5 million!

This number doesn’t even include digital forensics investigators who will also be needed to investigate the exploding number of techno-crimes.

We’ll need more of these experts to provide better security for our data, and to investigate crimes that will still occur.

Finally, there are too many organizations — both public and government based– that are collecting an ever-increasing amount of data about every person.

It’s time to hold them all accountable, and to demand that they take action to secure our data…or pay the consequences.

The days of ignoring security and facilitating the theft of our data need to end.

Perhaps the only solution will be when those responsible have an individual or corporate price to pay for their negligence or lack of responsibility.

Enough is enough.

Introduction

In our previous post, we described a hypothetical network where your digital evidence will be anonymous and encrypted.

All of the data on this network is shredded into fragments, with each piece individually encrypted using a different code.

Several copies of all fragments are dispersed to be stored on different land-based devices or satellites.

I call this “Cosmos Computing,” and believe it could be the next version of the Internet.

If you read the entire post, near the end I told you that networks like this already exist or are under development.

If you missed the other post, feel free to read it at https://technocrime.com/will-evidence-located-cosmos-computing/.

Now let me give you some examples.

The SAFE Network

The first example is called The Safe Network (Safe Access For Everyone) and is being created by MaidSafe, a Scottish company. For more information, you can go to their website at https://www.maidsafe.net).

The SAFE Network is designed to work exactly like the hypothetical network described in our earlier post (but currently without satellites).

As you read about the SAFE Network and how it is being designed, think about how this technology will affect your search for digital evidence.

The following are quotes from “The SAFE Network Primer” to give you an idea about the philosophy behind the project (the entire document is available on their website):

“For all its glories, the Internet is broken. It has strayed from its original vision. It is now a machine for censorship, propaganda, and central control that feeds on our personal data. It could and should have been much better than this.

MaidSafe’s solution is to create a secure, autonomous, data-centric, peer-to-peer network as an alternative to the current server-centric model. Rather than residing on a central server or data center, individual files are split up into pieces, encrypted and spread out over the network. Individuals retain full control of the data they create. It is resistant to DDoS, malware, and hacking and it cannot be centrally co-opted and controlled by monopolistic corporate and government interests. As a platform, such a network could usher in whole new business models, just as the original Internet did at the turn of the century.”

“The Internet giants of today would no longer be able to harvest our data without our say so, nor could government spooks eavesdrop over their shoulders. There would be a rebalancing of power from the data haves to the data have-nots. Censorship would be impossible, and data could be not be erased.”

Volunteers can choose to dedicate part of their computer’s hardware and data storage for use by the SAFE Network. In return, these owners are compensated for the use of their machines in a digital currency called “Safecoin.”

Safecoin will be convertible to many other types of digital currencies, such as Bitcoin.

People could also use the network’s custom browser to securely navigate the Internet, store their data files, or create websites.

Users who want to store data on the SAFE Network will pay Safecoin to the network for the service, and these funds are used to pay the volunteers hosting the data and the company managing the network.

Data stored on the volunteer network nodes will be secured inside an encrypted “vault,” and even the machine’s owner will not have access to it.

If anyone could break into the vault, he would only see scattered encrypted fragments of data that would not be readable. Only the original user who generated the data can recall and reconstruct it.

The network makes sure that no complete file is ever stored in a single vault.

When a volunteer host machine is shut down, the network software first makes multiple copies of all data fragments stored in that vault and disperses them to other working nodes on the network.

This means that your evidence may be stored on a different physical device in another location from one day to the next.

The SAFE Network never sees a user’s password. The only place the password is used is when the person logs onto the network to retrieve data he previously stored there.

The decryption keys are never transmitted on the network.

When a SAFE Network user logs out and shuts down the software, all traces of her activity are wiped from the host device.

We already discussed some of the potential benefits, but should we review them again?

• A user’s personal data would be secure, and the user would control every aspect of how that data was shared with another party.
• The data breach problem might be solved since there would be no single point of attack to steal proprietary or personal information.
• Hackers wouldn’t be able to access any useful data, as it would all be encrypted and stored on multiple devices.
• Distributed Denial of Service (DDoS) attacks will no longer work. The network would re-route the traffic around any targeted servers.
• The impact of malware would be limited due to the fragmentation and encryption of the data stored and transmitted on the network.
• Ransomware attacks and crypto-jacking would be almost impossible.

The SAFE Network is still in test mode, but imagine how this technology will change your investigations when it goes live!

Freenet

Freenet is a self-contained distributed network that was designed to provide “censorship-resistant communication.” The Freenet Project’s primary goal is to protect freedom of speech without censorship.

“Distributed networks” or “peer-to-peer networks” merely mean that there are no centralized servers, and that every computer that joins the network becomes one of the nodes on the net.

As with the SAFE Network, users contribute some of their bandwidth and even a portion of their hard drive for data storage for other users of the network.

Freenet provides websites, forums, chat sites, and file storage.

All communication is encrypted and routed through multiple nodes.

Only websites and resources created and stored on Freenet can be accessed on the network. Regular Internet sites such as https://technocrime.com are not a part of this network.

The network now has a “darknet” mode that communicates only with people that are trusted by the user.

Storj

Storj Labs is developing a commercial version of this type of network for data storage only.

As with the other examples, computer owners can join the network to allow their machines to be used, and are paid based on the amount of storage and bandwidth used by the network.

Users can provide part of their data storage and be paid with Storj token, which works the same as other cryptocurrencies like Bitcoin.

Files are shredded and encrypted, and every data fragment is stored in a different location across the network on at least three redundant nodes.

Users maintain the encryption keys for their data, and every file is encrypted with a different key.

Storj is a for-profit company, and currently charges users the following rates:

• $0.015 per gigabyte for data stored per month
• $0.05 per gigabyte of data downloaded from the network

Conclusion

These are only three examples to give you an idea of how this technology is developing.

Now imagine that the suspects in your investigation use several of these networks for their communication, websites, or data storage.

Because of the explosion of new technologies being developed, we are going to need specialist investigators who know how they work, what evidence may exist, and the best methods to obtain it.

We also need to start thinking about new ways to identify these specialists, and how to find them when they’re needed.

You now know about three examples, but there are others…

Are you ready for Cosmos Computing?

Introduction

Imagine working a case where your digital evidence is all anonymous and encrypted.

Plus any data — files, documents, email, and all evidence of Internet use — is shredded into several pieces, with each piece individually encrypted using a different key.

To complicate matters even further, each piece of the encrypted and shredded data is then stored on different devices scattered all over the world.

What if we expand all of this to include data storage on satellites in space?

This scenario is what I call “Cosmos Computing,” and it could be the next version of the Internet.

What impact would this have on your investigations?

Let me explain one way this could happen…

Is It Even Possible?

Most of you are already familiar with cloud computing, where any type of data can be stored on a server in the Internet “cloud.”

Cloud computing has already created some big challenges for investigators. Before cloud technology existed, we could go to the IT department to obtain data from the network or collect data directly from user devices.

Now the data we need could be stored in several places, and we might not even know where the data is physically located or who controls access.

In this post, we won’t talk about the complexities related to cloud computing, such as managing security, malware, legal holds, and digital forensics data collection and preservation.

We’ll save those for another day.

What I want to describe for you is what I believe the Internet of the future might look like, and point out some issues that we need to be thinking about now.

“Cosmos”: The Next Step Beyond The Cloud…

There are several companies actively working on systems to provide broadband Internet signals from satellite networks or (believe it or not) balloons.

These include Google, OneWeb, and SpaceX.

The goal is to provide Internet access to everyone in the world, especially the people who currently have no way to connect.

One expert estimates that in the next six years, four billion new users will be connected to the Internet.

New earth-based 5G wireless networks will be 10-100 times faster than those we have today.
With all these new connections and the additional billions of Internet of Things devices that will be added, these new technologies will change the world in ways we can’t even imagine.

If we are going to have Internet signals from satellites in space, how much harder could it be to also have solar-powered satellites that store data?

Think about the possibilities of multiple networks of low, intermediate, and higher-altitude orbiting satellites, giving every individual on earth multiple sources of Internet connections…and new places to store their data.

Now Add Distributed and Decentralized Computing

With all this additional traffic, along with growing concerns related to privacy and security, I believe we might see a completely different and more sophisticated type of Internet.

Here’s one idea.

• Imagine a network where every device is capable of connecting directly to every other device. Remember, we must now think in terms of devices…not just computers. Tablets, smart phones, and connected Internet of Things devices can also be part of these networks.
• This network will need no centralized servers. Whoever owns any device they want to connect to our network can share part of that device’s processing power and data storage with other users of the network.
• When someone offers to share some of a device’s resources, first they’ll download special software to connect the device to the network.
• This software will create an encrypted “vault” on their device for use by others.
• For their contribution, the device owners are paid with an untraceable digital currency, depending on the amount of resources shared.
• For example, someone who shares 50 gigabytes of their data storage would be paid more than a person only sharing 25 gigabytes.
• Any user who wants to store data on the network will first download different software to connect.
• Users are charged a small fee, also paid with the same untraceable digital currency, but only for the amount of data storage or service they actually need.
• Data stored or transmitted on this network will always be secure, because everything will be encrypted.
• But we’ll go even further. Before it is sent, every file or other type of data will be broken into small pieces that are individually encrypted.
• Then, each piece of data will be encrypted again, just to add even more security.
• The network’s software will then make several copies of each piece of data for backup and redundancy.
• When the data is sent for storage to the network, each of our encrypted data pieces (including the copies) are sent to be stored on different devices all over the world.
• The network will be designed so that owners of those devices won’t have access to the data other users have stored with them.

To give you a physical analogy, let’s use an example of a one-page printed document that we want to save, but secure it so nobody else can ever see it.

• First, you’ll encrypt the document with a code that only you know.
• Then, you cut the page into 50 pieces.
• You make five copies of each piece of data, for a total of 250.
• Next, you seal each of the 250 pieces in 250 tamper-proof containers that require yet another code to open that only you know.
• Each of the 250 sealed containers is sent to a different trusted person to store until you need it back.
• Those 250 people can’t open the container. Even if they could they would see only one of the 50 coded pieces of the original document, and they wouldn’t be able to read any content.

Some Possible Results of This Network…

• A user’s medical records, financial records, and personal data would be secure, and the user would control every aspect of how that data were shared with another party.
• We might solve the data breach problem, since there would be no single point of attack to steal proprietary or personal information.
• Hackers wouldn’t be able to access any useful data, as it would all be encrypted.
• Distributed Denial of Service (DDoS) attacks will no longer work (if you want to learn more about DDOS attacks, here is a good place to start). The network would simply re-route the traffic around any targeted devices.
• The impact of malware would be limited due to the fragmentation and encryption of the data stored and transmitted on the network.
• Ransomware attacks and crypto-jacking would be almost impossible.

What Does This Mean For Investigators?

Since the network is completely decentralized, there is no central point of management that would have access to any of the data transmitted by or stored on the network.

No single device will store any of the encryption/decryption keys used on the network.

Court orders or subpoenas would not be effective, since no single entity or group could provide any useful data related to the activities of the network users.

The device where encrypted pieces of your evidence are stored today may be in a different location tomorrow and a different one the day after that.

In many ways, these types of networks could bring tremendous improvements to security and privacy compared to systems we all use today.

Do you still think the investigative scenario described in the introduction is impossible?

I think it’s much closer than you realize, and it raises many new questions:

• Where will your digital evidence be when these types of networks are deployed?
• How will legal jurisdiction be determined?
• Will we need new international laws?
• How will you collect and preserve digital data related to your investigation?
• What new types of technical expertise will be needed to investigate techno-crimes in this environment?

Conclusions

I think we’ve reached a point where our dependence on technology is so great that we need to make a choice.

We can choose to design new networks and systems that focus on security and privacy on the one side, but make it harder for law enforcement and/or intelligence agencies.

Or we can choose networks and devices that may not be as secure and private, but still allow access to evidence.

I’m not sure that you can have both, but that is a very complicated debate that we can have another time.

Finally…I have a confession to make.

Companies are already working on the “fictional” network I described above. I’ll tell you who they are in my next post.

Are you ready for Cosmos Computing?

 

If you are interested in being part of our mailing list to find out more information about techno-crimes and investigations, it’s easy to sign at the bottom of this page.

 

Consider these scenarios…

A kidnapper takes remote control of the self-driving car that just picked your CEO at her hotel. The car is now driving her to a remote location where the criminals will meet her.

Your new smart home controller (think Amazon Echo, Google Home, Apple HomePod) has been hacked, and is now always listening to anything said within range of the microphone.

A terrorist group takes wireless control of several connected cars on major freeways and cause major pileups that kill or injure over 500 people.

A hacker sends a wireless command to the cardio-verter defibrillator implanted in a politician’s chest, causing the device to send a jolt of 750 volts to the politician’s heart.

A drone with a mounted silenced weapon assassinates the president of a country.

Your daughter received a “talking” teddy bear for her birthday. You don’t realize that the voice now talking to her is the convicted sex offender who lives several houses away.

All of the above examples are possible today, or will be in the near future.

Introduction

Welcome to the Internet of Things (IoT), an exploding technology where almost anything is or will be connected to the Internet.

Lots of these items have cameras, microphones or sensors that track data about a user or any other person in range.

Many of the devices are “smart”, which means they have some type of built-in data processing capability.

Some can talk to other connected devices, and almost all of them will be communicating data to at least one cloud-based server (if not more).

Voice-aware personal and home assistants can already act on your voice commands to do everything from play music to make bank transfers, and are being given more capabilities daily.

Self-driving cars that will be able to talk to each other and also to a central traffic control server will arrive within a few years.

Many medical devices are already connected in healthcare provider offices and hospitals, and new medical implants will monitor your vital signs and any other body or brain function (while communicating this data wirelessly to a connected mobile device and/or to a cloud server).

We now have smart homes, offices and even smart cities, where technology is becoming even more intelligent and interconnected.

Lots of devices that you might not think about are now being made with network connectivity (these are all real products):

• Clothing
• Light bulbs
• Smoke alarms
• Thermostats
• Fitness trackers
• Kitchen appliances
• Industrial sensors
• Toys
• Trash cans
• Hairbrushes
• Luggage
• Forks
• Whiskey decanters
• Mirrors
• Cardiac pacemakers and defibrillators

Now combine these billions of new devices with an exploding number of satellite, drone, and surveillance cameras, microphones, and biometric and facial recognition technology. Can you imagine the possible new types of data these IoT devices could produce for investigators…or criminals?

How big can it be?

Many people don’t realize how the number of connected devices will explode in the coming years.

The estimated number of devices connected to the Internet today is over 10 billion, which is already greater than the population of the earth.

The Gartner Group projects that by 2020 the number of connected devices could double to over 20 billion.

One company predicts that Internet of Things devices will generate over 600 zettabytes of data by 2020.

Now to put that in perspective, one zettabyte of data storage is the equivalent of:

• 34 trillion 3-minute digital songs
• 250 billion DVDs, or
• 36,000 years of high-definition videos.

The Information Security Institute estimates that there will soon be over 100 devices that contain Wi-Fi chips in every home.

John Chambers, former CEO of Cisco Systems, predicted that the impact of the Internet of Things could be 5 – 10 times greater than the impact of the Internet itself.

How IoT will change your life

The Internet of Things technology will give us fantastic benefits that aren’t even possible today.

You won’t use a keyboard to interact with the network anymore. Devices will either be voice-activated, or capable of direct communication via a brain computer interface (BCI).

Yes, this means that the network will be able to know and react to your thoughts.

With so much data being collected about you, the network will know everything about your financial transactions, your health and medical history, and your food and drink preferences. It will also know everywhere you go and most of what you do throughout the day.

Medical IoT devices and new implants will provide continuous monitoring and personalized medical treatments that aren’t possible today. Imagine a medical implant that can monitor your blood chemistry and glucose levels, and can administer only the amount of medication needed at that precise moment.

Your medical insurance rates will adjust automatically throughout the day depending on your behavior. On days when you exercise, get plenty of sleep, and eat well, your premiums go down. If you overeat, drink too much, and experience high stress, the premiums increase.

Holographic and virtual reality technologies will give you the capability of appearing to be anywhere you want to be in the real or virtual worlds, and developing “haptic” technologies will allow you to see, touch, hear and smell the environment where your representative avatar is.

All this technology will lead to increased productivity and convenience. The network will be able to anticipate your needs and desires. Facial and biometric recognition will provide you with personalized experiences and services that you can’t even imagine.

Robotics technology (of course they will also be wirelessly connected) will create entirely new possibilities in multiple industries. For example, in the service industry robots have already replaced human employees to check in guests at hotels, deliver room service, and help to care for elderly or disabled patients.

The possibilities seem endless to improve our lives and increase efficiency.

Unintended side effects?

But what unintended consequences could this technology cause?

First of all, can you imagine the impact it will have on your personal privacy?

If the exploding number of IoT devices are always watching and listening, will privacy still be possible?

What impact could this have on our world, if a person can no longer do anything, say anything, or think anything without that data being collected and analyzed?

Would this change your behavior?

Surveillance is the business model of the Internet.
You are the product.

And with the Internet of Things, this will be even more certain.

Many governments and companies already collect massive amounts of data about all of us. But with the IoT, the volume of collected data will skyrocket.

But there will be some logistical problems with accumulating this quantity of data.

• How much will it cost to develop the data storage to hold it all?
• Where will the data be stored (which may be impacted by existing or future privacy laws that differ from country to country)?
• Will we need new international laws related to IoT technology?
• How will investigators know which company has collected what data, and how to obtain it?
• If every IoT device collects data in a different format, how will an investigator be able to combine all the data related to an investigation to provide useful information?
• As with most mass surveillance or data collection, the size of the data makes it more difficult to extract useful information and interpret it.

Consider the analogy of finding a needle in a haystack. If the haystack you are searching suddenly doubles in size, how much longer will it take for you to find the needle?

What if it grows by one hundred times?

Remember, the success of almost all investigations relies on either time or money.

If the technology makes it harder for investigators to find relevant data, will IoT help you be successful, or will the sheer volume of data overwhelm you and keep you from finding the evidence you need?

What about security?

What about the security of Internet of Things devices?

Right now, security doesn’t seem to be a priority for companies manufacturing these devices.

There are few, if any, laws of regulations addressing the security of IoT devices.

Most devices have no security at all, and many don’t have the capability for the device’s firmware or software to be updated.

If a security flaw in one of these devices is discovered, your only option may be to destroy the device and get a new one that “might” have been updated to eliminate the flaw.

But what are your options when a different defect is found?

Most IoT devices communicate wirelessly, but very few of them currently use encryption to protect the data.

If any wireless signal is not secured, it can potentially be intercepted.

This could give anyone access to the data being transmitted by the IoT device.

Unsecured IoT devices communicating via Wi-Fi or Bluetooth signals on your home or office network could also give a criminal access to your network.

And access to the data stored on every device connected to the network.

For example, many smart televisions have microphones and cameras.

Some smart televisions even create their own Wi-Fi hotspot, and with no security.

A hacker who could intercept this Wi-Fi signal might be able to see or hear anything within range of the camera and microphone.

If the television is connected to your home of office Wi-Fi, the attacker could potentially gain access to your network.

In one study by Hewlett Packard, 70% of IoT devices analyzed were vulnerable, and each device contained an average of 25 security flaws.

A Symantec study of health/fitness tracking apps showed the average device sent the collected data to between 5 and 14 different Internet domains.

According to a recent survey of IT professionals on the ISACA IT Risk/Reward Barometer, three-quarters of the respondents believed that a security breach caused by an insecure IoT device is likely.

Almost every IoT device that has been tested by security researchers has been successfully hacked.

Connected cars, medical devices in hospitals, implantable cardioverter-defibrillators (and pacemakers) have been hacked.

Video conferencing systems, wireless copiers and printers, and other office devices have been remotely accessed.

Kitchen appliances, connected thermostats, and wireless home security systems have been hacked.

Could the IoT fundamentally change crime and investigations?

This may seem to be a strange question, but consider the following:

• We already have a staggering number of surface, satellite, mobile device, and drone cameras that will only continue to grow.
• Add a dramatic expansion of facial and biometric recognition with much better quality than we have today.
• All the devices that operate via voice control will always be listening and will alter behavior, even behind closed doors.
• IoT devices will mostly communicate via wireless protocols, many of which have already been hacked.
• Self-driving and fully autonomous vehicles will provide much more information about individual movements than has ever existed.

Since new IoT vehicles will have cameras and biometric recognition, and will be tracked with GPS, will auto theft and hijacking go away? Or will we have new types of high-tech thefts when the technology is hacked?

Does IoT technology have the potential to reduce person-on-person violent crime?

Could medical implants that constantly monitor blood components help to reduce illegal drug use?

We may have new risks when facial recognition or other biometric data is stolen.

• If a criminal steals an identity or financial records, the victim can probably recover by creating new accounts, obtain new identification, and eventually resolve any fraud that was committed.
• But if a crook steals biometric data, that can’t be recovered or replaced.

We may even see new types of crime created by these technologies that never existed before.

The Internet of Things may also change how we investigate crime.

We will need new types of investigative and forensic specialists who will have the knowledge and expertise to deal with this technology.

We might need to re-think how we organize law enforcement agencies and private investigations firms.

The old models where an agency or company has all the expertise needed “in house” may no longer be possible.

Teams of investigative specialists may be needed for each criminal case or civil engagement.

Sophisticated artificial intelligence capable of reviewing the massive amount of video and other data that will be collected from millions of sources might be required.

Conclusions

Are you sure that the Internet of Things will create more benefits than risks?

Even if the technology benefits outweigh the risks, are you ready to deal with the security and investigative challenges that will come with it?

We can help you understand some of the risks from your smart homes and mobile devices, and hopefully help you improve your security.

In our Free Content Library you can find our “Smart Home and Mobile Device Security Checklist.”

This checklist doesn’t address all of the issues we’ll face with the Internet of Things, but at least it might give you a good place to start.