Or perhaps they could prove that you’re lying, since they have medical records reflecting your cardiac rhythms during a specific timeframe? These are actual cases where police in the US traced minute details of people’s lives through their smart devices. In the former, a woman’s Fitbit proved her husband lied about her movements on the morning of her murder. In the latter, a man’s pacemaker gave him away in an arson investigation.
This is what evidence will increasingly look like as we move towards the world of 5G, where smart homes and cities become the norm. While 2G and 3G are still the most widely available networks in South Africa, cities are already changing. Since 2019, Rain, Vodacom and MTN have all launched 5G networks.
To see the drastic impact of 5G on government surveillance, it helps to take a step back.
The size of a briefcase
In 1979 in Japan, Nippon Telegraph and Telephone (NTT) introduced the world’s first commercial cellular phone network in Tokyo. This was the start: first-generation – or 1G – cellular phones. By 1984, the 1G car phone service was available throughout Japan. But it was a niche product for the wealthy. Signing up cost $2,000 (about $7,200 or R110,000 today). Then, you had to rent a phone for$300 a month (just over $1,080 or R16,000 today). On top of that, calls cost $1 a minute ($3.60 or R54 today). You could get one to carry around too: the size of a briefcase, it weighed about 10kg.
1G only allowed voice calls. With a radio scanner, a spy could tune into conversations as if they were radio programmes.
Since the birth of 1G, a new generation of mobile technology has emerged roughly every 10 years (hence the abbreviations 2G, 3G, 4G, and 5G). Starting with 2G in 1991, there was a major change that had a lasting impact on surveillance: communications became digitised. With that came encryption – a mechanism to scramble a communications signal so that the message is incomprehensible to an eavesdropper.
There was also a lot more to intercept. Along with better call quality came texting with Short Message Service (SMS) and audio- and video-sharing with Multimedia Messaging Service (MMS). In 2001, 3G brought internet connection to phones. Spies could now also get hold of emails and browsing habits.
With 4G, the use of smartphone apps became entrenched. Apps collect masses of data about their users. Consequently, government agencies have access to a new form of mass surveillance. For instance, they now buy location data harvested from apps we install on our smartphones. In November 2020, Vice reported that the US military was purchasing location data taken from several ordinary smartphone apps, including a Muslim prayer app downloaded by 98 million people.
But with 5G, the amount of data that authorities can intercept will vastly increase, simply because the new standard is capable of so much more.
A major change with 5G, is how fast data downloads from the internet. 4G can download at a maximum speed of around 150 megabits per second (Mbps). Download speeds for 5G range from one to 10 gigabits per second.
Another defining feature of 5G is latency, and it’s measured in milliseconds (ms). Roughly speaking, it’s how fast data is sent from your computer or smartphone to a destination device (like Facebook’s server), plus the time it takes for that device to process your data. For example, if you update your Facebook status, latency is the time taken from the moment you click “post” to when your post appears on your wall.
Whereas 4G’s latency is around 45ms, 5G latency could, in theory, be as low as 1ms. You don’t need 5G’s low latency for gaming or streaming movies. But when you need hundreds of machines in a megafactory to talk to each other and react instantaneously, you do. It’s also vital to applications like self-driving cars and remote robotic surgery.
Whereas previous generations were all about connecting people, 5G is all about connecting machines. Entire cities and homes are set to become dependent on 5G simply to function.
Billions of devices
But one change accompanying 5G expansion is expected to have major implications for surveillance: the proliferation of the Internet of Things (IoT). The term refers to everyday appliances with computing power that collect data (through sensors, microphones, or cameras) and send and receive data via the internet. They’re also known as smart devices. Smart TV’s, smartphones and smartwatches are common examples.
IoT devices aren’t new. In 2000, LG introduced the first internet-based smart refrigerator. You could use it to send emails, take photos, or order groceries online. But at $20,000 per fridge, the idea never took off.
Yet by 2018, according to Statista, there were 22 billion IoT devices connected globally.
With 5G the number of IoT devices will vastly increase, since 5G has a much greater capacity than preceding generations. The International Telecommunication Union predicts there could be as many as 50 billion devices connected to the internet come 2025, with the amount of data traffic estimated to increase between 10 and 100 times from 2020 to 2030.
With so much more data, these IoT devices will give governments a new surveillance resource. In fact, they’re already making use of it.
Intimate personal details
Take, for instance, a voice controller – a speaker with microphones that receive vocal commands. Prominent examples are Amazon Echo and Google Nest, and they’ve been around since the mid-2010s. Police investigators are increasingly approaching the two tech giants for customer data.
A voice controller (aka a smart speaker) collects intimate details. It recognises your voice, and it “listens” actively in case you command it to switch on the lights, lock the doors, or schedule reminders. You can synchronise it with your smartphone’s contacts and issue a voice command to initiate a hands-free call. Amazon’s new Echo Show 10 has a camera that “follows” you around.
Another example that’s been around since 2012 and is popular with police in the US, is the smart doorbell. Ring, a company owned by Amazon, offers a smart doorbell that connects to your home’s wifi network. It’s fitted with a video camera, and you can use your smartphone to see who is knocking at your door. It records video whenever its motion sensors are triggered, and sends alerts to your phone. Recorded footage is stored on Amazon’s servers. In 2019 The Washington Post reported that Ring joined forces with 400 US police agencies to engage customers in sharing footage to assist investigations (much to the chagrin of civil liberties organisations).
Then there are smart devices that police haven’t taken a fancy to (yet). But, if they did, a social robot for home entertainment captures a lot of intimate data. With sensors, an HD camera, microphones and speakers, it automatically navigates its way around your house, while it plays music and takes snapshots of your daily activities.
Information won’t just be generated in your home. If two driverless cars crashed, data collected by their sensors or cameras could reveal detailed information about the accident. Police could also give up blockades and simply pull smart cars over by taking control of them remotely. According to Professor Elizabeth Joh of the Davis School of Law at the University of California, “Autonomous cars are not yet commonplace, but soon they will be. Yet little attention has been paid to how autonomous cars will change policing. Vehicles equipped with artificial intelligence and connected both to the internet and one another may be subject to automated stops. The issue is already being discussed as a theoretical possibility and as a desirable policing tool.”
Burgeoning field
Along with increased data generation, the digital forensics field has burgeoned, according to a review paper from Interpol. The growth of smart technology and apps is a major factor driving this expansion. The global digital forensics market will be worth $9.68-billion come 2022, according to MarketsandMarkets. Behind the increase are tougher government regulations, escalating cyberattacks, and mass adoption of IoT devices.
Also trending upward: police’s reliance on smart devices as a source of evidence. There was a steady increase in police requests for Google Nest data from 2015 to 2018, but after that Google stopped issuing separate statistics for cops’ Nest data applications. Amazon doesn’t issue separate statistics for police requests of IoT data either, but 2020 saw the highest number of police applications yet – some 3,105 from January to June. That’s up 24% compared to the same period in 2019. Experts suggest that the increasing number of smart devices is contributing to this trend.
IoT devices have featured in some serious criminal cases. Fitbits, smart watches, and voice controllers have provided evidence in rape and murder investigations in Europe, Australia and the US. But how police use IoT devices to investigate brings “new challenges and risks”, says civil liberties group Privacy International. The organisation warns that laws are outdated, and people lack awareness of the data that IoT devices generate.
South Africa
That lack of awareness stems partly from the fact that data generated and transmitted by smart devices can be stored in a variety of formats and places. Formats include audio, video or any other data file depending on the device’s purpose. Data could be on the device itself, on company servers, or on the smartphone used to control the device.
That means if police in South Africa want data related to a smart device, they’ll need multiple subpoena laws.
To learn more about the local context,we spoke to digital forensic specialist Peter Fryer. He’s spent two decades in the field, working with the South African Police Service (SAPS) on cybercrime investigations, delivering expert testimony, and training police in the Southern African Development Community in digital forensics, evidence handling and first responder protocols.
Fryer said the SAPS hasn’t started making use of smart devices in investigations yet, since too few people use them. But if police wanted to get hold of smart device data stored on servers in the US by tech giants like Amazon, Google or Facebook, they’d use the mutual legal assistance treaty (MLAT) between SA and the US. It’s a legal framework through which two countries assist each other in criminal investigations.
These US tech companies distinguish between two data types: content and non-content. The former includes items like emails, WhatsApp messages, and social media posts (for instance, what you wrote on your Facebook wall). With smart devices, content can include photos, visual and audio recordings, and biometric information (in the case of body-worn devices).
Non-content information includes data about your account and device. It includes subscriber registration information (like your name, surname, phone number, email and physical address), billing information, the date you created your account, and the times your device connected to the net. Police can also request your device’s Internet Protocol (IP) address – a unique number assigned to every device connected to the internet. An email header can also be disclosed. This includes the subject line, email addresses of the sender and all receivers, the email’s time-stamp, and the sender’s IP address.