Improvements to SEAB's investigation process

Today newspaper published an article on how SEAB handled the investigation into the O-level cheating case. I was mildly horrified upon reading it and felt that the investigation could have been conducted in a more professional manner. The perpetrators discovered that they were caught even before the end of the second paper and started to destroy evidence before the end of the day. From what I gathered, the case devolved into a "he said, she said" case because crucial evidence was destroyed before law enforcement could get to it. There could have been more students involved and were not caught due to the lack of evidence. In my opinion, the following points could be improved upon.

   (SEAB advised Ms Chiew to) pull Mr Chen aside after the English Paper 1 exam to conduct further investigations.    

The decision to reveal the investigation should not be taken lightly. Where possible, investigations should first be conducted in a covert manner to avoid alarming the perpetrator. At this point, the most crucial thing is to determine if this is an isolated case or if it is part of a larger cheating ring. I would choose to discreetly observe and record down the student's actions and look out for similar suspicious activity from the other students. Only when no additional information can be gained from observation should the investigation then proceed in an overt manner.

   Mr Benin testified that the mobile phone they had confiscated from him (Mr Chen) began lighting up with messages in Mandarin    

This statement is rather revealing. If SEAB managed to preserve the evidence, the evidence would speak for itself and Mr Benin would not need to testify. Due to the lack of evidence, the court can only rely on testimony, devolving this case into a "he said, she said" case.

While interrogating Mr Chen, he confessed that it involved a tuition centre. This shows that this case is very likely part of a larger cheating ring. At this point, I would either intimidate him or seek his cooperation in exchange for leniency depending on his mental state. I would return the phone and ask him to behave normally, so as not to alert the perpetrators. Since the name of the tuition centre is already known, law enforcement should be quickly involved to seize evidence from the tuition centre. By returning the phone, there is a risk that Mr Chen might alert the perpetrators, however confiscating the phone would also alert them.

   Using his own mobile phone, Mr Benin called that number on the pretext that someone had called him in the morning, and asked who was on the line.    

This is not a smart move. What response was Mr Benin expecting? Earlier on, we have already discovered that this is a cheating ring. That line is likely a dedicated line used to send out answers and thus would not be receiving incoming calls. This likely helped the perpetrators discover even earlier that they were caught.

   Ms Chiew and Mr Benin then drove to SEAB, located at Geylang Bahru Lane, to hand over the exam script and devices.    

There is a legal concept known as chain of custody. Upon confiscation, the phone should be sealed in a bag and signed. There should be accompanying documentation and the seal should only be broken by the forensic analyst. The entire process should be witnessed. This ensures that the evidence has not been tampered with. Mr Benin cannot just put the phone in his pocket. The defence lawyer can argue that Mr Benin works in a rival tuition agency and swapped the phone while in the car to sabotage this tuition agency.

This process should be quite familiar to SEAB as I believe exam papers are sealed in the same way to ensure that papers have not been swapped.

   When they got there, they noticed that "someone had somehow reset the phone. Mr Benin elaborated that the iPhone displayed...    

The best course of action would be to immediately place the phone in a Faraday bag. A Faraday bag blocks all electromagnetic transmission, the phone will lose all signal and thus it cannot be successfully wiped. The second best alternative would be to switch it off and remove the battery. Some volatile data would be lost, but I believe it is negligible in this case since Mr Benin already has the passcode.

Most smartphones have the ability to perform a remote wipe of lost devices. iPhones have encryption enabled by default. This means that once wiped, it is impossible to recover the original data. At this point, I believe that the tuition agency started wiping all their other phones and shredding all enrolment and student records to avoid implicating the other students who were not caught.

In conclusion, this investigation could have been handled in a much better manner. As cheating becomes more sophisticated, a better process should be put in place to deal with such cheating cases and closer cooperation with law enforcement is needed to quickly respond before the evidence is destroyed.