The Problem with Smartphones: White Collar Crime in a Deep Blue World

0

The pace of change in the digital world, characterised by innovation and entrepreneurial spirit, has not always matched the often slow and cumbersome process of the legal world, steeped as it is in centuries of tradition. But change has been ongoing.  

 

An overview of technology

In the white collar crime and regulatory arena that characterises part of the broad church of Fraud Law, the changes that have occurred have been especially interesting. Many elements, which until only a few years ago, constituted blue sky dreaming are now standard aspects of a lawyer’s life. For example, the utilisation of the cloud for the electronic filing of documents with the court has become widespread in the civil courts; juries in long and paper heavy criminal trials are often provided with iPads to relieve the excessive paper burden; and artificial intelligence has also been harnessed to ease the burden of disclosure review in complex fraud investigations such as Rolls Royce[1]. Process servers will sometimes have standard issue pen cameras and law enforcement in the US has utilised USB keyloggers (which covertly record keystrokes on the victim computer) to surveil and bring down criminal conspiracies[2]. Indeed, gadgets that were once the domain of science fiction are more widespread.

The future of encryption, in particular, is highly relevant to the practice of white collar crime specifically where these tools promote secrecy and security of data and communications.

 

Operation Tabernula

Operation Tabernula, the biggest insider dealing investigation in UK history which culminated in a trial at Southwark Crown Court in 2016, contained a number of these elements. The Prosecution used sharp trial graphics to present their case and made heavy play of the covert recordings from the bug placed in one of the defendant’s offices, producing conversations about trading. Several of the defendants utilised ‘pay as you go’ phones for communication and Ironkeys which the Prosecution argued was for added secrecy.

They were a disparate group, some conferring shorthand nicknames on others with several of them remaining strangers until they were all charged at Westminster Magistrates Court in 2012. The Ironkeys, seized in dawn raids from a couple of the defendants, allowed data to be securely held. The particular features of Ironkeys were that they would only allow a certain number of ‘guesses’ of a password upon which they would essentially self-destruct.

Investigators were able to trawl through emails before discovering, experimenting and hitting upon success with an Ironkey[3]. Dots were connected and a picture of allocation of trading profits was identified. This, the Prosecution argued, coupled with the use of pay as you go phones indicated that secrecy was being deployed in order to hide criminal activity, though the defendants denied this and the conclusion of the jury is not clear cut. They convicted two of the defendants, but acquitted three.

 

The benefit of assured privacy of data and confidential communication is obvious and obviously not always indicative of criminality. But technology has moved on substantially in recent years. In terms of communications, WhatsApp and Telegram on the ubiquitous smart phone are extremely popular. WhatsApp utilises encryption in sending messages meaning that they are stored in plain text only on the end devices and do not generally leave a readable digital record of the message between devices, unlike text messages on phones where a copy may be held on multiple servers for some time before deletion. Telegram is similar but its default method of authentication for users operates through a one-time password which is texted to a mobile phone. This has received criticism for its vulnerability to interception[4].

 

The smartphone

The smartphone now has the capacity to hold a huge volume of disparate data. It can be intercepted, whether by law enforcement or otherwise, but most are now protected by passcodes or, more recently fingerprints or facial recognition. The Regulation of Investigatory Powers Act 2000 in the UK provides for investigators to seek notices requiring disclosure of a passcode or similar but if a suspect refuses to play ball or is simply unable to assist, what can be done?

In the US, controversy surrounded FBI officers seeking to compel Apple to provide it with new software that would let investigators bypass the security systems and access the phones of individuals, since deceased, who had orchestrated a terrorist attack in San Bernadino, California. The assistance demanded would have enabled investigators to more efficiently ‘brute force’ the attempts at password combinations to access the phone’s data.

The more recent iPhones have increased the potential issues for law enforcement. Rather than the software throwing barriers in the way of decryption, the most recent iPhones now have a secure chip that stores the decryption key for the main memory of the phone; it effects an automatic time out of passcode attempts which makes ‘brute force’ attempts at log ins unfeasibly long, something the manufacturer cannot override.[5].

While law enforcement has pushed for smart phone makers to ensure that devices have back doors for their investigative purposes, in reality, the more pressing vulnerability is likely to come from aspects such as auto syncing of personal data to the cloud[6] or message routing through a hosting company’s network.

 

Cryptocurrency

What of the division of the spoils then? AML legislation and regulation has been a focus of successive governments and European cooperation making it increasingly difficult for conspirators. Large and unusual deposits into bank accounts may be met by Unexplained Wealth Orders. It will be interesting to see if cryptocurrency is utilised for this purpose. Cryptocurrencies are generated through the application of a computer’s processing power in a method known as mining. It certainly has been the subject of fraud in both nefarious imitations effecting fraud through Ponzi schemes seeking investment from naïve individuals and cybercrime with hackers attaching malware to victim computers in order to effect mining of bitcoin for themselves.

Cryptocurrency like bitcoin is held in virtual wallets and can be used to buy and sell certain goods and services just like other currencies. Bitcoins can also be changed into hard currency such as pounds or dollars through exchanges such as Mt Gox[7] (the victim of an infamous attack in recent years resulting in the compromising of several bitcoin wallets).

Transactions effected through bitcoin are logged publicly on a distributed ledger through a process known as blockchain. The data recorded includes the payee and payer wallet identifiers, the amount, the time[8].  But, importantly, there is no central record of wallet holders, no need, as with a bank account, to establish who you are and where you live, you can create a wallet with no personal information. And this means of course there will be no third party to assist law enforcement with any kind of freezing order, albeit the exchanges may be key in tracking the conversion to hard currency and identifying individuals. It remains to be seen how useful criminal property in the form of bitcoin could be and it is of course subject to the whims of the market. If others don’t want your bitcoin as payment, will it always be fungible enough to exchange for cash? And will that exchange be tracked?

We are at the vanguard of technological change and tech savvy lawyers may be among those in lockstep with the pace of change. The present is digital, what is the future to be?

 

Catherine Robinson

Solicitor

Byrne and Partners

www.byrneandpartners.com

 

Catherine is a solicitor, with a background in corporate regulation and investigations. Catherine graduated from La Trobe University in Melbourne Australia in 2007 and was admitted to practice in the state of Victoria in March 2009. Catherine worked in the Enforcement Directorate of the Australian Securities and Investments Commission assisting in and managing corporate criminal investigations. Catherine joined Byrne and Partners LLP in September 2012 after relocating to London and was admitted to practice as a solicitor of England and Wales after completion of the Qualified Lawyers Transfer Scheme in May 2014. Catherine has assisted clients in several criminal and regulatory matters, with a particular focus on market offences. Particular highlights have included:

 

  • Successfully defending Benjamin Anderson in the UK’s biggest insider dealing prosecution (Operation Tabernula);
  • Successfully defending Bruno Iksil in FCA disciplinary proceedings.

[1] Madhumita Murgia, “SFO Expected to promote Ravn’s crime solving AI robot” FT.com

[2] Violet Blue, “Keyloggers: Beware this hidden threat”, https://www.pcworld.com/article/3199020/security/keyloggers-what-you-need-to-know-about-this-hidden-threat.html

[3]https://www.bloomberg.com/features/2016-operation-tabernula/

[4]https://www.reuters.com/article/us-iran-cyber-telegram-exclusive/exclusive-hackers-accessed-telegram-messaging-accounts-in-iran-researchers-idUSKCN10D1AM

[5] https://www.apple.com/business/docs/iOS_Security_Guide.pdf

[6] Eric Pulaski “Five Key Strategies for Maintaining Centralized Control of Your Files” https://www.smartvault.com/resource/think-before-you-file-sync/

[7] Ben McLannahan “Bitcoin exchange Mt Gox files for bankruptcy protection” FT.com

[8] Investopedia, “Blockchain” Investopedia.com/terms

Leave A Reply

Your email address will not be published.