On Q Professional Investigations

From American Eagle to Apple Stores, beacons are popping up everywhere. Are they a shopper’s best friend or another pesky Big Brother monitoring our every move?

The square or rectangular devices, smaller than a smartphone, can hang on a wall or be placed on a machine and communicate with your phone via Bluetooth signals. Accessed through apps you download to your smartphone, beacon technology can do everything from guide you to the correct airport terminal to turn on your coffee maker as you sleepily enter the kitchen. In retail, beacons aim to entice you to spend money. As you enter a store, your smartphone might light up with a sale alert. Stand in the dress section for a while and a coupon may pop up for something on a nearby hanger.

“The most important thing a shopper might need to get access to when they go into a store are ratings and reviews, coupons and promotions,” said Erik McMillan, CEO of Shelfbucks, which is working with video game retailer GameStop and others on its beacon marketing. Beacons give customers that research right there in the store ? when they have their wallets and are looking to buy.

Macy’s Inc. has installed beacons in all of its 840 department stores; other chains such as Kohl’s are testing them in some locations. McMillan likens beacons to the early days of retail websites in the 1990s when “all of a sudden it got to the point that ‘you can’t not have a website’.” He predicts the technology will skyrocket from the 50,000 beacons in use now to between 5 million and 10 million next year.

The vast majority of shopping is still done in stores. E-commerce is fast-growing but accounts for only about 9 percent of total retail sales, according to Forrester Research. Beacons merge in-store shopping with mobile access to information ? and data shows they work.

Between July and September, 30 percent of shoppers who received a “push-ad” from an in-store beacon used that offer to buy something, according to a survey by Swirl, a marketing technology company that has worked with retailers such as Lord & Taylor, Hudson’s Bay, Alex and Ani, Kenneth Cole and Timberland to deploy beacons. Sixty percent of shoppers opened beacon-sent messages, and over half of those surveyed said they would do more holiday shopping at the stores as a result of their beacon experience.

Graham Uffelman, a 45-year-old New Yorker, said he bought Bluetooth headphones at Best Buy because of a deal he got via the Shopkick beacon marketing app.

“The app knew I was in the store and actually suggested a product I wanted,” he said. “The experience was great but also a little unnerving in the sense that the store knew who I was and that I was present in their location. It felt a little Big Brother-like.”

Read More

Google just bought another online communications channel it can fill with ads.

The tech giant confirms it has acquired Emu, a startup that offers a kind of instant messaging tool. The price was not disclosed, but Google’s interest in the company isn’t hard to divine: Emu has built a system that can monitor chats, infer what people are talking about, and insert relevant links—including ads.

Emu, which has been subsisting for two-and-a-half years on venture funding, doesn’t insert such ads today. Instead, it uses its monitoring tools to identify certain other information that might be helpful to you. For example, if you’re chatting on the Emu service and the other person types something about getting lunch, Emu might suggest nearby restaurants or show the mid-day schedule from your calendar. But it’s a very short leap from such information to commercial promotion. A nearby cafe might pay for ad to appear every time the word “coffee” comes up in your chat.

The Emu buy is part of a much larger trend to monitor and thus profit from new chunks of people’s lives. Foursquare just rolled out a new version that, by default, tracks your movements continuously, negating the need for a “check in” button. Google, meanwhile, isn’t just interested in chats; the company has said that it may eventually show ads on internet-connected home devices, such as thermostats.

A NEARBY CAFE MIGHT PAY FOR AD TO APPEAR EVERY TIME THE WORD “COFFEE” COMES UP IN YOUR CHAT.

Emu fills a growing hole in Google’s ad offerings. Google mines search terms and emails for advertising purposes, but not yet chats. As people shift their computing to smartphones and other mobile devices, chatting—short, immediate, and part of phone culture for decades—has become more popular.

Read More

A new, extremely persistent type of online tracking is shadowing visitors to thousands of top websites, from WhiteHouse.gov to YouPorn.com.

First documented in a forthcoming paper by researchers at Princeton University and KU Leuven University in Belgium, this type of tracking, called canvas fingerprinting, works by instructing the visitor’s Web browser to draw a hidden image. Because each computer draws the image slightly differently, the images can be used to assign each user’s device a number that uniquely identifies it.

Like other tracking tools, canvas fingerprints are used to build profiles of users based on the websites they visit 2014 profiles that shape which ads, news articles, or other types of content are displayed to them.

But fingerprints are unusually hard to block: They can’t be prevented by using standard Web browser privacy settings or using anti-tracking tools such as AdBlock Plus.

The researchers found canvas fingerprinting computer code, primarily written by a company called AddThis, on 5 percent of the top 100,000 websites. Most of the code was on websites that use AddThis’ social media sharing tools. Other fingerprinters include the German digital marketer Ligatus and the Canadian dating site Plentyoffish. (A list of all the websites on which researchers found the code is HERE).

Rich Harris, chief executive of AddThis, said that the company began testing canvas fingerprinting earlier this year as a possible way to replace “cookies,” the traditional way that users are tracked, via text files installed on their computers.

“We’re looking for a cookie alternative,” Harris said in an interview.

Harris said the company considered the privacy implications of canvas fingerprinting before launching the test, but decided “this is well within the rules and regulations and laws and policies that we have.”

He added that the company has only used the data collected from canvas fingerprints for internal research and development. The company won’t use the data for ad targeting or personalization if users install the AddThis opt-out cookie on their computers, he said.

Arvind Narayanan, the computer science professor who led the Princeton research team, countered that forcing users to take AddThis at its word about how their data will be used, is “not the best privacy assurance.”

Device fingerprints rely on the fact that every computer is slightly different: Each contains different fonts, different software, different clock settings and other distinctive features. Computers automatically broadcast some of their attributes when they connect to another computer over the Internet.

Tracking companies have long sought to use those differences to uniquely identify devices for online advertising purposes, particularly as Web users are increasingly using ad-blocking software and deleting cookies.

Read More

A cellphone case promises to spit out a quick read of your blood pressure, heart rate, blood oxygen, temperature and lung function. But how much data do people really need—or even want—about their bodies’ day-to-day behaviors?

The Wello case, a hard shell made of polycarbonate plastic, will have sensors clustered around four hotspots on the surface of the phone to take readings from your hands.

“We want it to be very simple so you can see how your body is doing any given day,” said Hamish Patel, founder of Azoi, the maker of Wello. “Press on the sensors, open the app and you see your vitals.”

What they don’t tell you in the press release: The $199 Wello case likely won’t be available for iPhone and Android phones until at least the fall because it is still waiting for FDA approval. (That process alone could take 90 days or more.) The case will be manufactured in Texas but sold globally, so the data consumers will see will depend on health regulations in their country.

How accurate will the readings be? The data from the cellphone case will be on par with devices already approved by the FDA such as pulse oximeters, says Patel.

Wello is the latest entrant to the consumer personal health tracking device market that has seen the rise of wristband and clip-on health trackers such as Fitbit, Jawbone Up and Nike+ FuelBand. To start with, Wello will just integrate with Fitbit so users can see Wello data layered on top of their Fitbit stats.

But unlike with activity trackers, health monitors such as Wello could quickly become boring. Most healthy individuals are unlikely to see a change in their heart rate, blood pressure or temperature from day-to-day. Regular vital signs as displayed by the Wello could soon seem monotonous—that’s good news for one’s health but bad for anyone looking to stay interested.

“We are working to get the stickiness factor,” says Patel.

View Source

NORTH ROYALTON, Ohio – From the Columbine shooting to the Newtown massacre, these tragedies have shaped the way we look at school safety.

It’s a topic that’s on the minds of many educators.

“In all the emergency situations you’ve seen around the country, time is of the essence,” said Edward Vittardi.

He’s the principal at St. Albert the Great Elementary School in North Royalton.

His staff was recently armed with a new device called the Tattletale Panic Button. All of them were paid for using grant money.

“As soon as they press the button, the police department gets notification of where the emergency button was pressed and they then can get to the school as quickly as possible,” Vittardi said.

The device is only meant for major emergencies, like if there’s an intruder. That’s a scenario Kelly Beskid hopes to never experience. She’s a teacher at St. Albert.

“I started teaching 15 years ago, and I never thought that being a teacher would have to be saving some kid’s life,” she said.

It’s difficult to set off the device accidentally — that’s because both buttons need to be pressed in order for police to come.

They’re not the only ones notified, so is the principal and on site security.

Beskid said knowing that, brings a sense of relief.

“It’s much faster than using a cellphone and entering a pass code and everything. Plus, we have it on our bodies and it`s right there for us if we were any kind of trouble like that,” she said.

St. Albert is the first school in the area to try out this device.

View Source

TUCSON — The two girls, ages 12 and 13, were barefoot and trembling as they pounded on a neighbor’s door shortly before 4 a.m. Tuesday. The couple inside were shocked when the girls told them they had been imprisoned in a home across the way.

A day later, that neighbor was still at a loss.

“I didn’t even know there were children living in that home,” Phillip said. He and his wife, Alice, who declined to give their last name, helped the girls calm down and then called police, though the sisters had begged them to instead phone their grandmother.

Tucson police Wednesday said three sisters — the oldest is 17 — had been confined to their bedrooms for months, where music or a static sound played at all hours and surveillance cameras were pointed at their beds 24 hours a day.

Sometimes they weren’t allowed to go to the bathroom, forced to relieve themselves in their bedroom closets, police said.

Authorities said the family moved into the Tucson neighborhood in August, but the girls said they had been imprisoned for up to two years in previous homes.

Sophia and Fernando Richter, the girls’ mother and stepfather, were taken into custody shortly after police arrived and were booked into Pima County Jail.

The stepfather, 34, was arrested on suspicion of kidnapping, emotional child abuse, physical child abuse and sexual abuse with a person under 15 years of age. The mother, 32, was arrested on suspicion of kidnapping, emotional child abuse and physical child abuse. A judge set their bail at $100,000 and $75,000, respectively. They did not enter pleas.

Phillip, the neighbor, said he and his wife opened the door only because the girls were so distraught. “They kept saying their stepfather had a knife and tried to break into their room,” he said. “They were also afraid that the mother was going to be killed by their stepfather.”

The girls, who told police they had escaped the single-story suburban home through an alarmed bedroom window, appeared unkempt and smelled of urine and body odor, Phillip said. He also said the girls were worried about their older sister because she was still in the house.

When officers responded to the Richter home, they found the 17-year-old in a locked bedroom with loud hip-hop music blaring from speakers facing the bed.

“I can tell you that the music was so loud that she had no idea what was going on around there,” Tucson Police Chief Roberto Villaseñor said at a news conference Wednesday. “She was totally surprised to see police there.”

Phillip said he heard loud music whenever the couple were out but had figured they wanted to make it appear someone was home so nobody would break in.

The 17-year-old kept a satchel around her neck with a small calendar where she documented in detail the number of days she had been confined and the food she had consumed, Villaseñor said, adding that the girls were fed once or twice a day and were kept in filthy living conditions.

An elaborate alarm system had been attached to the two bedroom doors, and vents were shuttered with duct tape. The space between the bedroom doors and the floor were blocked off with some sort of cloth.

“It seemed to be a way of soundproofing the rooms,” Tucson Police Sgt. Chris Widmer said.

Villaseñor said the locks to the bedrooms were from the inside and, except for the alarm system, it appeared the girls could have opened the doors on their own.

“But something kept them from doing that,” he said. “Until you’ve been in those shoes, you really can’t understand. … I will say that they did do things that made these girls feel isolated and made real sure that they didn’t feel like they were in control.”

Villaseñor said the two bedrooms were monitored with security cameras and that the girls had to signal to the camera if they needed to use the bathroom. A parent would escort each to the bathroom and back through a hallway where a barrier blocked the view to the rest of the house.

There were also times when they were not allowed to use the bathroom, Villaseñor said. Investigators found jars of what appeared to be human waste along with piles of clothes contaminated with urine inside a closet.

Relatives never visited because they believed the family was living in San Diego, police said, noting that the mother had a cellphone number with a San Diego area code.

Villaseñor said the girls had not attended school for the last two years, though their mother said they had been home-schooled. Phillip said one of the girls told him, “We’re not allowed to go to school.” The neighbor described the girls as polite and articulate.

The three girls are in a group home for now. “We didn’t want to separate them,” Villaseñor said. “We made sure they are together.”

View Source

They look like ordinary streetlights, shining down on Las Vegas sidewalks after the sun has set. But Sin City’s new streetlights have a few special capabilities that have civil libertarians up in arms.

The city is installing Intellistreets, a brand of street lighting that is capable of recording video and audio of pedestrians and motorists. What happens in Vegas, it seems, no longer stays in Vegas.

“We want to develop more than just the street lighting component. We want to develop an experience for the people who come downtown,” Neil Rohleder of the Public Works Department told NBC News affiliate KSNV. The lamps are equipped with large video monitors that display ads or other messages, and speakers that broadcast muBut people like civil liberties advocate Daphne Lee have concerns that Big Brother is watching — and recording. “This technology is taking us to a place where you’ll essentially be monitored from the moment you leave your home until the moment you get home,” Lee told KSNV.

Although Illuminating Concepts, the Farmington Hills, Mich.-based company that developed Intellistreets, does make streetlights with video and audio recording capabilities, those features will not be present on the lamps in Las Vegas, according to city officials.

“Right now, our intention is not to have any cameras or recording devices … it’s just to provide output out there, not to get any feed or video feed coming back,” Las Vegas public works director Jorge Cervantes told KSNV.

Techno-shaming?

Similar streetlights have been installed in a handful of European cities. In Middlesbrough, England, lamps equipped with a full suite of monitoring equipment were installed in 2006. When monitoring operators saw a cyclist riding his bicycle through a crowded pedestrian area, they broadcast a message over the loudspeaker: “Would the young man on the bike please get off and walk, as he is riding in a pedestrian area?”

The admonished young man shamefacedly dismounted and walked his bicycle as instructed, according to the Daily Mail. Among people disturbed by anti-social behavior — biking on sidewalks, littering, fist fighting — the smart streetlights are a big hit. “Put it this way: We never have requests to remove them,” manager Jack Bonner told the Mail.

Intellistreets lamps operate over a Wi-Fi network that’s linked to a central server; each lamp can be individually controlled. The LED lights, remote dimming controls and other energy-saving features of the streetlamps can cut electricity use by 70 percent, according to the manufacturer. They can also be equipped with pollution monitors, emergency call buttons and optical recognition software.

Emergency information

And in the event of an emergency, Intellistreets can provide useful information, such as Amber Alerts, threats including natural disasters or chemical spills, real-time evacuation procedures and other security concerns through visual monitors and audio messages.

In addition to Las Vegas, Intellistreets have been installed at the Mercedes-Benz Superdome in New Orleans, Sony Pictures in Culver City, Calif., and the Navy Pier in Chicago.

Illuminating Concepts founder Ron Harwood told CBS Detroit that the Intellistreets system was “born in the parks of Disney and Universal,” where “imagineers” (engineers working in design and development) needed an integrated network that could guide large crowds while also giving them information in an emergency.

Nonetheless, in an era where security watchdogs at the National Security Agency are spying on everyone from heads of state to their girlfriends, some are raising concerns that a streetlight that can watch and listen to your conversations is more than a little unsettling.

“At what point do we say, ‘this is the land of the free,’” Lee told KSNV. “People have a right to a reasonable amount of privacy.”

Follow Marc Lallanilla on Twitter and Google+. Follow us @livescience, Facebook & Google+. Original article on LiveScience.sic or voice messages.

View Source

It’s an unfortunate truth of the cell phone era that sometimes, employees will abuse their access to these devices. Whether their employer owns the device, or allows “bring your own device” (BYOD) to work, the convenience and ubiquity to an individual’s day-to-day means that sometimes, devices will be used inappropriately.

In the law enforcement arena, several very recent news stories highlight this truth:

Chicopee (Massachusetts) police officers were investigated after leaking crime-scene images of murder victim Amanda Plasse. The photos were taken with officers’ personal mobile devices and shared with people outside the Chicopee Police Department.
In Denver (Colorado), an officer was given a desk assignment after allegedly using his department-issued mobile device to sexually harass a woman.
Connell (Washington)’s chief of police is under investigation for allegedly watching pornography on a city-issued cellphone.
A Roseville (California) police officer used his cell phone to stalk and harass a woman.

How can you protect yourself and your agency in the event of these types of allegations?

Establish proactive and reactive policies

Whether you issue devices or allow BYOD, have policies that establish acceptable use. In either case, personal communications should not interfere with official duties. Require employees to password-protect their devices, and possibly even encrypt potentially sensitive data, such as text messages between officers and witnesses.

Clearly lay out what behavior will not be tolerated. This can be as obvious as pornography viewing on duty (or even off duty on a government-issued device), or as “gray” as limiting personal communications only to family emergencies.

In Connell as well as in many other communities, employees can use their city-issued phones for some personal use as long as it doesn’t add to maintenance costs, and/or if they agree to pick up the tab for additional accrued costs. However, employees also have a limited expectation of privacy in the use of employer-issued devices, as the US Supreme Court ruled in City of Ontario v. Quon in 2010.

BYOD policies are a little different. These should stipulate:

What devices are permitted. As government employees, everyone in your agency may need to adhere to any policy already in place for your city, county or state. Devices that are allowed can affect any support issues officers may have with connecting to work email or other internal resources, as well as potential security issues.
What apps are permitted. Especially on Android devices, it’s possible that some apps may not be as secure as you’d like them to be when a device is accessing your network.A BYOD policy should also include language that allows the agency or government to search the employee’s device. There should be cause to do so, of course, and the policy should state that the scope of a search will be limited to relevant data (not a wholesale scouring of employee personal data, which could leave you liable if you uncover personal health information or other protected data). This part of the policy should also cover what happens when employees leave the department.

Employees should also be compelled to turn over any evidentiary data on their personal devices as soon as possible after obtaining it. It may be, in some situations, that a personal device is the only means of recording a crime scene, a victim’s injuries, a confrontation of some kind, or other evidence. But policy should dictate when this type of use is allowable and what should happen to the evidence following the recording.

Policy should also dictate how to handle mobile devices in certain situations, like officer-involved shootings or other use of force encounters. It may be that the device contains no evidence. Then again, the nature of text messages or other communications can help to establish an officer’s frame of mind leading up to an encounter.

Have a standard search procedure
Policy only goes so far. Also understand how you’re going to obtain the data. Just as with a civilian’s device, it’s not appropriate to “thumb through” text messages, images, or other data. That would be like thumbing through all the pictures, files and personal effects within an officer’s home.

“Digital first responder” training is imperative for everyone in the agency, including any officer or commander responsible for conducting internal investigations. This training helps the investigator understand how to preserve digital evidence.

For instance, it would not be enough to put an iPhone in Airplane Mode. The investigator also needs to turn off its wi-fi. Doing one but not the other would still allow the device to send and receive data from wi-fi access points, changing data on the device.

Investigators should also be sure to collect data and power cables for all relevant devices. While Android phones use micro USB and therefore have interchangeable power cords, other makes and models do not; Apple iOS devices, for instance, do not have consistent power cabling. If you don’t collect the right cables, you may face having to purchase one.

Keep cables with the devices they’re meant to go with, separate from other devices and cables. Label everything: device make and model, whose it is, case control number. If for some reason you could not collect the cable, note that too.

Internal investigations may start in the field rather than in the office. In this event, a small “first responder” kit (which should be standard issue in all field vehicles) should be maintained. The kit should include a Faraday bag or box to help you isolate the device as you transport it from the scene to the office or forensic lab.

If the device is locked, obtain its password. This may be part of consent to search — be sure to maintain consent forms for BYOD scenarios — or the employee may be compelled to provide the password. Keep in mind that the officer may be unwilling or unable (if physically injured) to provide the password. In this event, know whether your agency’s or government’s IT staff maintains device passwords, and whether they can be reset over the network.

Finally, once you have the device and all necessary legal authority, examine or assign the examination like you would any other evidence device. Know who in your agency or region can perform mobile forensic examinations, and how to contact the on-call specialist.

If you are the one doing the examination, it is wise to undergo training on how to use the forensic tool, including obtaining any necessary certifications. It may also be wise to perform any search in the presence of the officer’s union representative or attorney, or request independent examination by a district attorney’s or attorney general’s investigative staff.

Communicate with employees

Employees should understand that nothing on their personal mobile device is truly “private.” It could become discoverable for any reason at all. Employees should be taught to assume their mobile devices may be searched at any time, and that the old saying “better to ask forgiveness than permission” may not be true of mobile device usage.

Clearly communicate what policies exist and why, along with any changes that are made as soon as they are made. Make sure employees also understand the SOP that goes along with those policies and what their rights are. Know how to answer any questions they might ask, which means working with the city attorney to address them.
Annual in-house training, complete with scenarios and/or role-play, can help in this regard. Regular briefings on offenses, right and wrong responses, implications and consequences of each, and what officers are required to report should all be built into this type of training.

Just like social media posts, mobile device content can affect your credibility as a witness in court, and your usage habits can affect the public’s perception of your professionalism. Strong policies, procedures, and training can help both officers and agencies protect themselves and one another from damaging mobile device misuse.

View Source

There’s more bad news on the Fourth Amendment front as the appeals court reviewing a lawsuit filed against the US government for illegally spying on American citizens has declined to rehear the Al-Haramain case.

A federal appeals court is refusing to reconsider its August ruling in which it said the federal government may spy on Americans’ communications without warrants and without fear of being sued.

The original decision by a three-judge panel of the 9th U.S. Circuit Court of Appeals this summer reversed the first and only case that successfully challenged President George W. Bush’s once-secret Terrorist Surveillance Program.

Without comment, the San Francisco-based appeals court announced Wednesday that it would not rehear (.pdf) the case again with a larger panel of 11 judges, effectively setting the stage for a Supreme Court showdown. The appeals court Wednesday also made some minor amendments (.pdf) to its August ruling, but the thrust of it was the same as before.

Not only does this mean the plaintiffs will have to take the case to the Supreme Court (if it will hear the case), but it also means the damages awarded ($20,000 each for the two plaintiffs and $2.5 million in legal fees) have been reversed.

This also means the Bush’s Terrorist Surveillance Plan will continue unchecked as citizens will be unable to bring suits against the government for warrantless spying. The decision rests on a couple of dubious items: a “missing” sovereign immunity waiver and a document mistakenly sent to the plaintiffs that was later designated a “state secret.”

The San Francisco-based appeals court had ruled that when Congress wrote the law regulating eavesdropping on Americans and spies, it never waived sovereign immunity in the section prohibiting targeting Americans without warrants. That means Congress did not allow for aggrieved Americans to sue the government, even if their constitutional rights were violated by the United States breaching its own wiretapping laws…

A lower court judge found in 2010 that two American lawyers’ telephone conversations with their clients in Saudi Arabia were siphoned to the National Security Agency without warrants. The allegations were initially based on a classified document the government accidentally mailed to the former al-Haramain Islamic Foundation lawyers Wendell Belew and Asim Ghafoor.

The document was later declared a state secret, removed from the long-running lawsuit and has never been made public.

Concern about the government’s ability to designate nearly anything as a “state secret” in order to prevent the release or use of possibly damning evidence has already been discussed by the Supreme Court during oral arguments in the Clapper v. Amnesty International case. In this case, the belated “state secret” designation effectively limited the plaintiffs to citing circumstantial evidence, which is far less effective than producing an actual document showing that the NSA was doing exactly what the plaintiffs claimed it was.

Between the “sovereign immunity” that is unlikely to ever be waived and the ability to designate damning evidence post-facto as “state secrets,” the NSA has set itself up with the ability to run a constitutionally dubious, but legally sound, domestic spying program. The system of checks and balances our nation was formed on now more closely resembles a series of erected walls protecting government agencies from being held accountable for their actions.

View Source

AT&T, Verizon Wireless, Sprint, and other wireless providers would be required to record and store information about Americans’ private text messages for at least two years, according to a proposal that police have submitted to the U.S. Congress.

CNET has learned a constellation of law enforcement groups has asked the U.S. Senate to require that wireless companies retain that information, warning that the lack of a current federal requirement “can hinder law enforcement investigations.”

They want an SMS retention requirement to be “considered” during congressional discussions over updating a 1986 privacy law for the cloud computing era — a move that could complicate debate over the measure and erode support for it among civil libertarians.

As the popularity of text messages has exploded in recent years, so has their use in criminal investigations and civil lawsuits. They have been introduced as evidence in armed robbery, cocaine distribution, and wire fraud prosecutions. In one 2009 case in Michigan, wireless provider SkyTel turned over the contents of 626,638 SMS messages, a figure described by a federal judge as “staggering.”

Chuck DeWitt, a spokesman for the Major Cities Chiefs Police Association, which represents the 63 largest U.S. police forces including New York City, Los Angeles, Miami, and Chicago, said “all such records should be retained for two years.” Some providers, like Verizon, retain the contents of SMS messages for a brief period of time, while others like T-Mobile do not store them at all.

Read More