It has been several years that I have been dealing with digital forensic investigators in different aspects of my cyberlaw practice, both from the government and private sector, and as far as my encounters with them have gone, particularly in court, they have not followed the laws, rules, national and international standards that govern digital forensic investigations. So it was with great anticipation that I accepted the invitation from the University of the Philippines Institute for Government Law Reform (UPIGLR), thru its Director, Atty. Solomon Lumba, and relayed to me by Ms. Eleanor Arzadon, that I can talk about my advocacy against “Digital Forensic Fraud” in the POPLAW seminar series that UPIGLR had been conducting with the Philippine National Police (PNP) for the past 47 years. This continuing program has benefited thousands of our brothers and sisters in blue, in their professional practice.
The main unit that this particular series was organized for, was the PNP Directorate for Investigation and Detective Management (DIDM), and the main class was IOBC, but there were representatives from various PNP branches and even from the Philippine Coast Guard. According to their website (https://didm.pnp.gov.ph/index.php), the PNP DIDM is the unit tasked to “assist and advice the (PNP) Chief in the direction, control, coordination and supervision of the investigation of all crime incidents and offenses in violation of the laws of the Philippines.” It has “close supervisory direction of crime laboratories and other investigative support units.” And it has a “Detective School which offers regular courses on Criminal Investigation and Detective Development Course (CIDDC) and other crash courses on investigation.” If ever there was a government entity that I could exchange notes, share my advocacy against Digital Forensic Fraud, and ascertain the standards that government digital forensic investigators (DFIs) follow, it would be from the members of this unit.
First, I qualified the 150 member audience, if there were actual DFIs amongst them that testify in court. Three of them came forward, and for the rest of my lecture, they became my sounding board because their opinions, particularly on standards and ethical matters were what I sought to find out. Since I had not encountered them before in court, I took their statements at face value. They did not disappoint.
One of the egregious violations in my actual experience in court with digital forensic investigators whether they were from government or from the private sector, is that they monumentally fail in observing the standards set by the 2018 Rules on Cybercrime Warrants, particularly in surrendering all the pieces of electronic evidence they collected, acquired, preserved, examined, and stored in e-devices to the court that acquired jurisdiction over the cybercrime case/s. I spent some time narrating the reasons DFIs that I have confronted in court have given as to why they did not, could not and would not turn over these pieces of evidence even though that is the mandate by the Cybercrime Warrants Rules, to defeat the right of the accused to know, confront and disprove the electronic evidence against them. I asked the PNP DIDM DFIs their opinion, and to my surprise, they agreed with me, and one even saying that these Rules are the standard in cybercrime cases that must be followed by all DFIs, even though they are from the private sector, and employed by private complainants.
I discussed with them some of the nitty gritty stuff they must do in order to comply with the rigorous standards of these Rules, and relevant international standards. I went from using write blockers, to the rigid observance of the Chain of Custody procedures, to hashing algorithms. While some, like the DFIs were able to follow, the rest appeared to encounter the concepts and processes I discussed for the first time, which is fine because not all in PNP DIDM are involved in forensic investigations. I just had to bring to their attention one matter that I disagree with, that was stipulated in the PNP DIDM Investigative Directive 2017-17, dated December 4, 2017, which was issued to govern the forensic investigations done by the PNP Anti-Cybercrime Group (ACG):
As I stated in my discussion, the requirement of giving just one destination/hard drive by the requesting agency to the PNP DIDM DFIs, which would be used in storing the additional pieces of electronic evidence that might be gathered, upon the extension of the search warrant, to grant more time for the forensic investigation, should be revised to two repository devices, to comply with forensic industry standards.
Since the 2019 Amendments to the 1989 Revised Rules on Evidence (A.M. NO. 19-08-15-SC) or “New Rules of Evidence” took effect last May 1, 2020, the requisite “education” background of a DFI is now one of the factors to consider and examine when s/he/they are presented as expert witness in court. I apprised the participants about the real legal educational framework which must be used in assessing a DFI’s education and disclosed my professional connection with this framework. It is the Commission on Higher Education’s (CHED) Memorandum Circular #48, series of 2012, entitled “Criminal Justice Education: Policies, Standards and Guidelines for the Bachelor of Forensic Science Program”, which is one of the CHED standards that I was tasked by then CHED Chair, Dr. Patricia Licuanan to critique and give recommendations on. I queried the educational degrees of the three DFIs. While none of them graduated with the Bachelor of Forensic Science degree, all three had Bachelor of Science degrees in the Allied Programs stated under the same Circular.
Another significant and vital matter I imparted to them, which was something that all of them had no previous knowledge is the concept of “cognitive bias,” specifically “forensic confirmation bias” which afflicts DFIs, most of whom are not even aware of its influence on their jobs. The ideal notion of a DFI is that s/he/they are properly objective in their mindset, as well as their usage of their forensic tools and their report of their factual findings. But legal and medical literature have confirmed that this notion is far from real. According to the conception of forensic confirmation bias, DFIs are susceptible to being affected by extraneous information, such as the suspect’s ethnicity, previous criminal record, eyewitness identification, or other types of evidence, that are given to them prior to their investigation of a cybercrime. This information can potentially bias the forensic scientist throughout the course of their investigation, affect the way they use their forensic tools, and ultimately bias their analysis of the case.
As an example, I discussed the case of Brandon Mayfield, who was the subject of extraction by the U.S. government, due to what the FBI believed as his direct involvement as the bomber in the 2004 series of bombings in Spain because of a latent fingerprint on a bog of detonation devices found in the crime scene. Even though Mayfield had never been to Spain, or outside of the U.S., since he had no passport, and even if the Spanish authorities already said that he was not the bomber because they caught the real one, one of the top FBI investigators, and several of his subordinates, and a consultant, all “100%” identified him as the culprit! Why? It was because they were made aware beforehand of his background as a Muslim, of the fact that he was a lawyer of a convicted terrorist and he had contacts with Muslim extremists. Mayfield sued the U.S. and won US$2,000,000.00 as settlement.
There is no previous record of the concept of cognitive bias, or forensic confirmation bias, in any cybercrime case in Philippine jurisprudence as far as my research goes. I presented this concept for the first time as the cybercrime consultant of accused in several cybercrime cases in a Regional Trial Court last 2021. To my personal knowledge, this was also the first time this concept had been presented in the RTC level in the Philippines. My client was acquitted in 2022.
In closing, I would like to acknowledge the important work being done by the PNP and the UPIGLR in educating our crime fighters and advancing their professional development thru endeavors like the POPLAW seminars. Special thanks to the considerate UPLGR Director, Atty. Lumba, and the ever kind Ms. Arzadon. Heartfelt appreciation to all the courageous men and women of the PNP and all its units, the PNP DIDM, the IOBC Class President, PLTCOL Norman Tanedo Florentino, the PCG people, and all who put their lives on the line everyday to safeguard our lives and our freedoms. Finally, it was such a privilege to share my advocacy with the participants, specially the 3 DFIs, who appear to be standard bearers of Ethics in Digital Forensics in Government Service! May your tribe increase! Thank you and God Bless!