How smart are "smart" phones?

Sept. 15, 2017

Earlier this year, during a demonstration of a software platform for law enforcement that enables interoperable communications between diverse devices and communicators, a thief riding a bicycle snatched an iPhone loaded with this software from the hand of a young intern as she was demonstrating the software’s capability to transform iPhones into personal GPS location tracking devices for law enforcement. The stolen iPhone in this demonstration was intended to simulate what a law enforcement official could carry in the field. 

As the whereabouts of the phone (and the thief) were being tracked by a remote PC, a 911 dispatcher was given second by second information on the location of the thief. Within nine minutes, the San Francisco Police Department had apprehended the suspect. He was in possession of the stolen iPhone as well as another phone that he had stolen earlier in the day. It was a glorious example of the effectiveness of the SFPD when provided with timely and actionable information.

It has been nine years since the tragic deaths of many New York City emergency responders during the 9-11 tragedy when fire and police communications systems did not interoperate. Despite multi-billion dollar investments at the federal, state and local levels, voice communication between organizations remains a distant goal. P25 mobile radios and the towers needed to support them are too expensive for the majority of police departments. Many officers consider the voice quality of digital radios marginal and even unacceptable when the signal is weak or noisy.  For it to be effective, all organizations would need to purchase P25 gear. Since this would be exorbitantly expensive, the only way that is likely to happen is with considerable financial assistance from the federal level, as well as allocation of the 800 MHz D-B lock by the FCC to avoid congestion. While both might happen, it would be extremely risky to count on it.

Law enforcement recognizes the tremendous capabilities, and cost-effectiveness, of commercial “off the shelf” smartphones. Phones selling for under $500 have voice and data connectivity, GPS, camera, compass and accelerometers to determine orientation. There are millions of applications for cell phones that provide everything from games to applications that could be extremely useful to law enforcement, such as maps with street views, traffic congestion and video feeds, and access to useful data. Moreover, cell phones already provide voice and data interoperability that exceeds the dedicated radio system available to law enforcement.

It all sounds pretty good. But there are two big issues: security and application interoperability.

Security

Cell phone voice communication, particularly GSM, is relatively easy to crack. While current protocols prevent honest people from listening in on private conversations, they do not stop criminals, terrorists and others. Moreover, GSM and CDMA voice communication utilize a backchannel to hand off the phone to the next tower as the user changes location. Since this channel is unencrypted, it is extremely easy to determine the location of a cell phone. That is great when law enforcement uses it to locate criminals, but not so great when the tracking is reversed. Fortunately, beginning with 3G digital cellular, the backchannel is encrypted. If law enforcement personnel used the cell phone’s digital channel for voice, it would be possible to hide their location.

Virtually all soldiers and law enforcement personnel own cell phones. When their standard issue radios cannot communicate with other organizations, they often make unsecure cell phone calls. These conversations are easily intercepted by criminals/enemies, and they provide a means to determine the user’s location. The lack of interoperability has created a dangerous security hole.

The main methodology used to protect data has been to create private networks that are not connected to the Internet, or if they are connected, to protect them at their periphery. This approach has two problems. The first, known as “Hard Shell, Soft Center,” describes what happens when your security perimeter is breached, and applications which were designed assuming they operated in a protected environment, and hence did not need to protect themselves, are attacked. The second occurs when there is a need to share data, at least temporarily, with personnel and systems that cannot be allowed to enter the private protected network. Basically, how do you create a protected enclave that can operate on an unprotected network?

New software technologies are now being developed with security models that allow the rapid creation of a protected enclave within digital security perimeter that lasts for the duration of an operation, and allows coordination and information sharing with less trusted individuals and organizations while running on unsecure public networks. All data, at-rest or in-transit, can now be secured using both the credentials of the device and the credentials of the operation. This means that having access to the data within one operation does not grant access to other operations, and that access to the data on one device does not allow access to other devices.

Personnel can be added to an operation by simply sending them an e-mail or text message with a link to the operation. Personnel will have access to data based on their roles, and when their need to know ends, their access to data unquestionably terminates. If a devices falls into the wrong hands, its credentials can easily be remotely revoked.

Application interoperability

Computers are able to effortlessly connect with other computers over the Internet. However, it remains impossible for an application meant for a PC to run on a cell phone, or for an application meant for an iPhone to run on a Blackberry. The reason computers can connect via the Internet is that there exists an interoperability standard for Internet packets called TCP/IP that describes the addressing and packaging of data. No equivalent standard exists for applications.  Even if data interoperability were agreed to by all law enforcement and public safety agencies, law enforcement in one region would still be unable to access the software systems of other law enforcement agencies when they need to work together.

Java was, until recently, the closest we had come to interoperable applications. It provides a secure run-time environment that allows the same executable to run on multiple platforms – sort of. The fundamental weakness of Java is that by necessity it hides the underlying hardware from the programs. That’s okay when the hardware is very similar, such as with PCs. However, it fails miserably on devices such as cell phones that have slower computers and connectivity, smaller screens than PCs, and added features such as GPS and cameras. And it is hopelessly inadequate for law enforcement, which needs to use devices such as radios, remote cameras and radar that look nothing like a PC.

New “connective” software is now being developed that can easily and inexpensively be ported to most hardware devices, operating on PC’s running Windows, OS/X, and many flavors of Linux, as well as Windows Mobile, iPhones, Android and older cell phone operating systems such as Brew and Symbian. They can also run in routers and other devices with and without operating systems such as drone helicopters and streaming video cameras.

This connective software exposes the underlying capabilities of the hardware, e.g., if it has a camera, GPS, or if it is connected by Wi-Fi, Bluetooth, or a wired connection, and how fast are the connections; if it has a screen or a keyboard and what is their size and layout. Once it has been installed on a device, any connected application will adapt itself to the capabilities the device. Remote cameras will provide video feeds, even automatically downloading their control panels to the people who need them. The GPS in a cell phone will provide location information for “Blue Force Tracking” or geotagged pictures. If one organization has a database containing criminal record information, it will provide access and a user interface to any device that is connected. Officers in the field can directly access legacy systems from their cell phones.

Tracking on command

Software technology can now be used by law enforcement agencies to provide secure geotagged voice and text messaging that works well even when signal quality is poor. Tracking the locations of officers and 911 callers on command center computers and mobile devices could aid dispatchers and command personnel in managing their forces. Providing video feeds, maps, arrest records and other data directly to field personnel could help them do their job and make them safer. True interoperability which allows adding external personnel to an operation, controls their access, and even bringing them up to date by synchronizing all relevant past events onto their system could finally allow effective Command & Control of joint operations.

About the Author:  David E. Kahn is CEO of Covia Labs, Mountain View, Calif.  Covia Labs has developed a software platform to enable secure interoperable applications regardless of operating system or hardware. (headshot on server, feb folder)

?

Sponsored Recommendations

Voice your opinion!

To join the conversation, and become an exclusive member of Officer, create an account today!