You are reading it here first: The Indian government is looking to acquire software and equipment that can, among other things, decrypt encrypted databases of platforms like WhatsApp in order to train state police officials on how to conduct ‘a cyber forensic investigation’.
The proposal is included in a tender (a copy of which MediaNama has seen) floated by the Ministry of Electronics and Information Technology (MeitY) as its National e-Governance Division (NeGD) plans to set up a Cyber Forensic Lab at the National Law University, Bhopal. A look at the tender shows that the NeGD has laid down several provisions that is expected to secure ‘confidential information’ emerging out of the forensic labs. For instance, the “IA cannot disclose confidential information to third parties”. However, the software and equipment that it will be procuring for training cops, raises privacy concerns —
- The NeGD is looking to acquire a mobile phone forensic system that extracts cloud data source tokens accessed by mobile phones “with or without consent“. The system should be compatible with 31,110 device profiles.
The NeGD also said that certain equipment should be able to decrypt encrypted platforms and their databases. The agency has also separately stated its requirement for a system that can decrypt WhatsApp, the highest-used encrypted messaging platform in India.Physical extraction of major device support should at atleast (sic) support: Installed applications data: WhatsApp, Facebook, Twitter, Google Talk (Gtalk), UberSocial (WhatsApp data retrieval includes decryption of the database and recovery of contacts, chats, chat attachments and user account)The solution should have an automated version of manual app examination on Whatsapp and Whatsapp for Business Messages with the benefit of storing image, text data and Emoji in a searchable way. Stored text data and Emoji must be presented with 100% accuracy — Tender
MediaNama has reached out to WhatsApp and will update this report when we receive a response.
Why it matters? The NeGD’s request for software that can access encrypted databases and the lack of proper data protection laws in the country, paints a very bleak picture when it comes to maintaining an individual’s privacy. It is important to note that if the current version of the draft Personal Data Protection Bill is enacted as law, its various provisions will not apply because of exemptions granted to government agencies.
What will the lab do?
The lab is being established as part of a nine-month training course for 1,000 state cyber police officials, judiciaries, and prosecutors at the end of which they will receive an ‘online PG diploma in cyber law, crime investigation, and digital forensics’, said the tender floated by MeitY.
The tender has been floated for selecting an Implementing Agency (IA) that will build and operate the digital forensics lab. The selected agency will also supply and maintain the forensic equipment while will be owned by the NeGD. Apart from that, the agency will also provide experts for the management of the lab.
Software and equipment that NeGD is looking to use
1. Mobile Phone Forensic System
Apart from giving access to cloud data source tokens ‘with or without consent’ NeGD wants the system to —
- Allow users to have the control to input IMEI number to decrypt WeChat database
- Decode Google Archive files
- Support extraction, decoding and media analysis from drone apps such as DJI Go
- Be able to extract memory from Samsung devices to decrypt Samsung Health database, and popular activity trackers like FitBit
- Allow extraction of bitcoin addresses and transaction history from crypto apps like Coinbase
- Should provide generic pattern/pin/password lock screen removal and bypass method for various models from leading vendors including Samsung, LG, Motorola, Sony, Xiaomi, and others.
- Should acquire apps data from Android devices via all extraction types including Facebook, Facebook Messenger, Google+, PingChat! (aka Touch), Skype, Twitter, Viber, Yahoo Messenger, WhatsApp, TigerText, Dropbox, QIP, Kik Messenger, Evernote, Kakao Talk, ICQ, Vkontakte, HideSMS, Kakao Story, MeetMe, Coco, Google Duo, FitBit, Zalo, Yubo, and Zello.
- The extraction software should be touch screen enabled and should be available in at least 5 langugages
2. Password Recovery Software
The NeGD said that the software should be able to —
- Support password recovery for 280+ file types like MS Office, PDF, Zip and RAR, QuickBooks, FileMaker, Lotus Notes, Bitcoin wallets, Apple iTunes Backup, Mac OS X Keychain, password managers, and many other popular applications.
- Support live memory analysis and extract encryption keys for FileVault2, TrueCrypt, VeraCrypt, BitLocker, logins for Windows & Mac accounts from memory images and hibernation files
- Support cloud data acquisition from services like Apple iCloud, MS OneDrive, and Dropbox
- Detect all encrypted files and hard disk images and report the type of encryption and the complexity of the decryption.
- Support passware kit agents
3. Image and analysis of Mac/iOS devices:
The NeGD said that the system should —
- Selectively acquire email, chat, address book, calendar, and other data on a per-user, per-volume basis and other data on a per-user, per-volume basis
- Capture important live data such as Internet chat and multimedia files in real-time
- Target and forensically acquire files, folders, and user directories while avoiding known system files and other unneeded data
- Preserve metadata by maintaining its association with the original file
- Should have a built-in algorithm for skin tone analysis, video frame analysis
- Analyse iOS device backups, recent file downloads, Trash (for Mac OS X volumes) and Recycle Bin (for Windows volumes), and Current and deleted user account info
Apart from these three, the tender also listed requirements for the following systems —
- Network Forensics and Analysis toolkit that can allow investigators to preview ‘suspected storage media’ and create forensic images
- Forensic Case Management System that can process digital exhibits, expedite the flow of cases, and optimise lab resources.
- Mobile Phone Forensic System Cloud Data Analyser, whose specifications are similar to the requirements that NeGD sought in regards to acquiring data from cloud services
- Digital Video Recording (DVR) Recovery Solution that can recover digital video from original ‘evidence or a forensic clone’.
Requirement of software that can bypass encryption and access cloud, problematic: Experts
Use of cyber forensics software by law enforcement agencies by itself is not a problem as in many cases it is required to access data in devices seized in connection with criminal investigations. However, software that is used to access data stored on various cloud platforms and those that enable remote access to devices and apps is a matter of concern. The current legal framework does not provide sufficient protection for data of citizens. In many cases, proper procedures are also not followed while seizing devices — Prasanth Sugathan, Legal Director at Software Freedom Law Center (SFLC)
On similar lines, Nakul Batra, Associate Partner, DSK Legal said, “Any privacy intrusive move by the Government (including in the form of some software tools) to break encryptions from private communications is undoubtedly questionable, in the backdrop of privacy being recognised as a fundamental right.”
Current form of PDP Bill would exempt Cyber Lab
The current version of the PDP Bill provides a number of exemptions to the state with respect to processing of personal data, and this Cyber Lab with the acquiring of software from private enterprises could create a number of questions with respect to data collection and processing. It would have been ideal if the Cyber Lab was created after the PDP Bill became an Act as this would have ensured that there was some compliance and data protection — Shweta Mohandas, Policy Officer at Centre for Internet and Society
Amay Jain, an associate lawyer at Victoriam Legalis, had a similar argument to make. “Given that the Bill accommodates the possibility for central government to exempt any of its agencies.. the activities of such a Cyber Forensics Lab are likely well within the confines of law even after the Bill is passed as an enactment of the legislature,” Jain said.
- Exclusive: Hyderabad Police wants to acquire Cellebrite UFED to break into smartphones, extract WhatsApp data
- Exclusive: Delhi Police has tools to extract data from smartphones, including iPhones
Have something to add? Post your comment and gift someone a MediaNama subscription.