Fifteen years ago, the TV series CSI: Crime Scene Investigation revolutionised our vision of police work. Now a further series, CSI: Cyber, introduces new ‘cyber-cops’ specialising in digital tracking. How realistic is it?
Fifteen years ago, the TV series CSI: Las Vegas, CSI: Miami and CSI: NY drastically altered our perception of police work. So successful were they that now everyone has heard of luminal, knows that a miniscule trace of DNA can be used to expose a guilty party and is aware to varying degrees of the ins and outs of forensic science. But viewers are often less aware of the fact that advances in the digital sector over the past fifteen years have generated a wave of technology-related crime and, in its wake, a new form of crime-fighting. Consequently, if investigators are to effectively combat these offences ranging from ‘simple’ bank card fraud to child pornography and money laundering, identity theft and all sorts of trafficking, they must now be completely at ease in the virtual world. Evidence for this development can be found in particular in the new TV series CSI: Cyber.
A recent addition to the schedules of Swiss TV channel RTS, this latest version of the CSI franchise follows the investigations of a team of FBI agents specialising in cybernetics in general and in researching and analysing digital traces in particular. But are the approaches, methods and techniques they use convincing? Are the excellent results obtained by these fictional police officers sleuthing around in cyberspace realistic? We decode and explain the series in the company of genuine experts David-Olivier Jaquet-Chiffelle, professor at UNIL School of Criminal Justice (ESC), where studies are now offered in ‘Digital Investigation and Identification’, and David Billard, who lectures in digital forensics at UNIL and who is in addition professor at HEG Geneva, where he is director of the digital forensics lab.
In CSI: Cyber, it just takes a few clicks and – hey presto! – the team led by cyber psychologist Avery Ryan knows exactly how a suspect spent his days (and nights) several weeks previously. Is this plausible? The answer is yes and no. For David-Olivier Jaquet-Chiffelle, it is potentially possible to reconstruct the facts and actions of almost everyone using digital tracking; and more specifically he says: “Computers, internet connections, mobile phones, CCTV street cameras, GPS or computers on board cars effectively register all sorts of elements. In the connected society in which we live, most of our activities generate virtual footprints and so lots of pieces of information can be found.” The professor continues: “In addition, the idea of being able to re-examine these traces where necessary means that some software is going down this route and Snowden’s revelations show us that there are programmes in existence which store vast quantities of data.” That said, Professor Jaquet-Chiffelle goes on to add that the theory then comes into conflict with the reality: “While it is true that the information is indeed hidden away there somewhere, you have to know where to go and look, you have to have the time to find it and, at the same time, you have to succeed in determining its relevance. This triple dimension does not seem to exist in fiction: the investigators find exactly the right information at the right moment and immediately pursue the right hypothesis. That particular aspect is not at all credible!”
Traces blur over time
On the basis of the fictional investigations by the FBI’s Cyber Division, we might believe that digital traces are indelible and simply waiting to be discovered. Both David-Olivier Jaquet-Chiffelle and David Billard take a more nuanced view: in real life, nothing is ever that simple! “Take a computer,” explains Professor Jaquet-Chiffelle, “if you put a file in the recycling bin, it stays on the hard drive and can for now be effectively retrieved…or not! It must be remembered that when a document or image is deleted, you’re telling the machine: I no longer need this, you can use this space. And that’s what it will do when it needs to. It is, roughly speaking, like a blackboard: there is space and you write on it. Then when everything is filled up, you rub out a small corner and write over it. In other words, the more time goes on and the more you use your computer, the greater the risk that the memory which had been made available has been reused; and the area which had been freed up is therefore damaged and the traces lost.”
As for the prints left by activities on a mobile, something that fictional experts prize highly, retrieving them is conceivable too, but the same reservations apply as with computers, since the limits on memory are equally valid. “As an expert, I have had to analyse a telephone seized six months after the event,” explains Professor Billard. “It was extremely difficult to find the specific data. It’s like a crime scene: the longer you wait, the more the prints get blurred and corrupted.”
Apple, Google and Yahoo not forced to cooperate with Swiss police
If we were to believe the cyber-cops created by Carol Mendelsohn, Ann Donahue and Anthony E. Zuiker, examining online chat, texts or WhatsApp and Facebook conversations enables those who are guilty to be exposed with frightening efficiency. In practice, this at first appears technically plausible: “A distinction has to be made between what is stored on computers, tablets and phones and what is put on the Cloud or on a server over which we have no control. Facebook, for example, retains data which has nonetheless disappeared from our hard drives,” notes David-Oliver Jaquet-Chiffelle.
Yet, despite having been saved, these potential sources of information are not freely accessible and obtaining them is rigorously regulated. In Switzerland, this type of information can be consulted only on the authorisation of a public prosecutor. The snag is that a fair number of potentially useful servers are owned by foreign companies and, as a result, are not governed by Swiss law. In other words, Apple, Google and Yahoo, which have their legal jurisdiction in the United States, are not obliged to handover information of whatever sort to an investigator here.
Cross-checking information is not simple
By cross-checking all kinds of seemingly disparate elements – medical records, bank files, old school reports, etc. – the cyber-cops on American television manage to draw up expert, reliable profiles of their suspects. But here too fiction conflicts with reality. “In addition to the legal obstacles mentioned, there are systemic complexities. In the United States, most people are identified by their social security number. This makes it easy to match up the data. This is absolutely not the case in Switzerland: we have an employee number, the Swiss national insurance number (AVS number), medical insurance number…in short nothing is joined up!” explains Professor Jaquet-Chiffelle. “Looking at it from the point of view of the series, we can say in theoretical and simplified terms that the information is indeed there. An element of fantasy is certainly involved in being able to rapidly collate a mass of information from all over the place and to understand what it relates to. That said, we are sometimes given access to protected data, like a medical record, but only in very specific instances, such as identifying disaster victims for example.”
Police have to abide by the law
Computer hackers, a great favourite of television series, often play an important role. Thus, in CSI: Cyber one of the members of the team is a hacker-turned-investigator who, if required, can wander (unintentionally of course) into not entirely official areas. Is this saying then that the end justifies the means? Is it saying that exploiting hacking or dark nets may be envisaged when it is a matter of unmasking a criminal? Professors Jaquet-Chiffelle and Billard adopt a more moderate line: “Everything must remain strictly legal,” they state with one voice. “If incriminating elements are found but have been obtained in an irregular and illegal way, they are inadmissible. To present evidence in court, it must be demonstrated that it has been acquired in a way that is legally permitted.”
Real-life investigations proceed more slowly than on television
In sticking to the usual television formats, the screenwriters of CSI: Cyber ensure that their agents solve their mysteries in 50 minutes flat. Such optimism amuses the experts. “What strikes me is the speed with which the investigators find and analyse their information,” says Professor Jaquet-Chiffelle with a smile. He continues: “Imagine a jigsaw puzzle of 10,000 pieces. If we’re shown where to place each respective piece then of course it’s very easy to put it together. But it doesn’t work like that in practice. In an investigation, everything is scattered. We don’t even know how many verified and relevant pieces we’re going to have to arrange and don’t even have the picture on the box to guide us. Suffice to say that it takes hours, days or weeks. That doesn’t come out at all in the series.” Professor Billard goes on to add: “In my experience, on TV they use techniques we are aware of and which we also exploit. In contrast, the response time does not tally at all. Analysing a slightly sophisticated or recalcitrant mobile phone takes at least a week’s work. And when we’re dealing with objects in poor condition which have spent time in water or have been damaged after an accident such as a plane crash, it is an even longer and more difficult process; whereas in the series, they plug in the device and out pops the information!”
We create our virtual identity
Possessing a particularly keen nose for the truth, the Cyber-experts sniff out where to direct their suspicions with unholy speed and acuity. This element leaves David-Olivier Jaquet-Chiffelle sceptical: “In a real investigation, all sorts of hypotheses present themselves. With them, this is never the case. It is as if they believe their first idea to be the right one, put forward a theory and then, seemingly by chance, everything heads in the right direction. This is science-lite! In a serious, rigorous piece of work, of the kind our students are trained in, the process is not so simplistic. All possibilities must be envisaged and then reduced by a process of elimination.”
Without becoming paranoid, it must be acknowledged that CSI: Cyber does shed light on the virtual mesh inside which today’s world evolves. Nevertheless, as David-Olivier Jaquet-Chiffelle points out, each individual is responsible for what he or she shares: “All information given about us, even the most insignificant, creates a virtual identity space.” David Billard goes further: “In the United States, the police perhaps have other ways of proceeding but one thing is certain: in Switzerland, investigators have significantly less data than many private companies! Thanks to the loyalty cards they offer, major retailers know far more about you than the authorities do. They know where you shop, when you shop, what type of products you buy, etc.” Professor Jaquet-Chiffelle points out that the big problem is losing control of that identity: “The fact of going on holiday to the Canaries or the Alps can modify our profile and make us a good or poor ‘risk’ for an insurance company or bank – it depends on how they do their calculations. An algorithm may easily make the wrong deductions on our account and consequently wrongly categorise us!” He then tells the story of a London lawyer who, several years ago, was refused a credit card despite her high salary. Annoyed, she set about investigating and finally understood why: some time previously, she and her husband had decided to rent a large plasma TV. After two to three months they were won over the TV, decided to buy it and so terminated the rental contract. It was precisely this action which earned the rejection by the bank: for the system, breaking a rental contract implied a problem with paying! And while this logic is not confirmed in 10% of cases, it is in 90% of them. So, in other words, to live happily we should live in hiding? Even that is not possible. “If you try, it will be noticed and you will immediately attract suspicion as falling outside the norm,” notes David Billard.
Small-screen experts never fail
As Professor Jaquet-Chiffelle and Professor Billard both observe, the FBI cyber-spies in the TV version, equipped with brand new computers and highly sophisticated programmes and software and enjoying the luxury of dealing with just one investigation at a time, appear infallible. How does this compare with the real world? Despite their advanced training which enables the Swiss experts to pick up digital traces, understand their provenance and analyse and cross-check them from a forensic science perspective, they still encounter failure. Of course, “a completely naïve and amateur cyber-criminal is quickly pinpointed,” notes David-Olivier Jaquet-Chiffelle. “But the higher his level of competence, the more effectively he can hide his real identity or leave false trails.” That said, cyber-criminals are not that imaginative: while they are perfecting their techniques, so are the investigators.