Officers fear body cameras raise privacy concerns

LOS ANGELES — Officers at thousands of law enforcement agencies are wearing tiny cameras to record their interactions with the public, but in many cases the devices are being rolled out faster than departments are able to create policies to govern their use.

And some rank-and-file officers are worried the technology might ultimately be used to derail their careers if, for example, an errant comment about a superior is captured on tape.

Most law enforcement leaders and civil liberties advocates believe the cameras will ultimately help officers because the devices give them a way to record events from their point of view at a time when citizens armed with cellphones are actively scrutinizing their every move.

They say, however, that the lack of clear guidelines on the cameras’ use could potentially undermine departments’ goals of creating greater accountability of officers and jeopardize the privacy of both the public and law enforcement officers.

“This is a brave new world that we’re entering here, where citizens and police both are going to be filming each other,” said Chuck Wexler, the executive director of the Police Executive Research Forum, a nonprofit police research and policy organization.

The U.S. Justice Department has asked Wexler’s group to help develop guidelines for the cameras’ use, from when the devices should be turned on to how departments can protect the privacy of those who are inadvertently captured on the footage.

Equipping police with cameras isn’t a new concept. For decades police have used cameras mounted to the dashboards of their patrol cars — initially referred to with suspicion by officers as “indict-o-cams” until they discovered the footage exonerated them in most cases.

As camera technology and data storage has become more affordable and reliable, the use of portable cameras has increased over the last five years. Now officers in one of every six departments are patrolling with them on their chests, lapels or sunglasses, according to Scott Greenwood, general counsel for the national American Civil Liberties Union and an expert on the cameras.

With the push of a finger, officers can show the dangers and difficulties of their work. Unlike dashboard cameras, body cameras follow the officer everywhere — when their cruiser stays parked at the curb, when they go into homes on search warrants or when they are running after a suspect.

The cameras, if they aren’t turned off, can go with officers into a bathroom or locker room, or capture private conversations between partners. Footage can become evidence in a criminal case, or be used to discipline officers or exonerate them of false accusations.

Without strong policies, experts say, departments could lose the public’s trust. The public needs to know cameras aren’t only being turned on when it’ll help officers. But there are certain moments such as during the interview of a sexual assault victim or talk with a confidential informant when filming may be sensitive or even compromise a case, said Bay Area attorney Mike Rains, whose firm often represents officers and has worked on body camera policies with departments.

The Los Angeles Police Department is now field testing cameras with an eye toward ultimately deploying them to all patrol officers — a move that would make its program the nation’s largest. For the six months of the test, underway now, there will be no official policy. Department officials say a policy will be created with input from the community and union, when they know more about how the cameras work in the field.

Union chief Tyler Izen, who represents more than 9,900 sworn officers, said that while there’ve been no complaints so far, the strategy is risky and could be problematic for his officers as well as the public, which has become an involuntary guinea pig in the trial. “They’re basically taking their chances,” Izen said.

There’s still very little research into the impacts of these cameras on policing and their ripple effects on the criminal justice system, said Justin Ready, assistant professor at Arizona State’s department of criminology and criminal justice. But more studies are underway, including two that Ready is involved in.

The police department in Rialto, Calif., concluded a yearlong University of Cambridge study last year that found an 89 percent drop in complaints against officers during the camera trial. The chief has since mandated its deployment to its roughly 90 sworn officers.

Rialto police Sgt. Richard Royce said he was exonerated by the footage during the study.

“I’d rather have my version of that incident captured on high-definition video in its entirety from my point of view, then to look at somebody’s grainy cellphone camera footage captured a 100 feet away that gets cropped, edited, changed or manipulated,” Royce said.

Greenwood of the ACLU said he’s provided input in drawing up the Justice Department guidelines. He said the proposed policy is pretty good, but gives officers more discretion than is wise.

“It’s a far better policy decision to mandate the encounter be recorded and deal with the unwanted video,” Greenwood said. Because if a situation goes bad quickly and there’s no footage, the officer is in trouble, Greenwood said.

Captured video could protect the department — and ultimately the taxpayer— from a false claim and expensive litigation or result in disciplining a problem officer.

One case, also in Oakland, is being used to educate officers in California about the technology. An officer chasing a suspect said he saw the suspect with a gun in his hand before fatally shooting him three times in ¾ of a second. A gun was later found in the grass.

It cost the city $10,000 to have roughly 15 seconds of video analyzed by an expert, and because of the angle of where the camera was placed — on the officer’s chest — no gun was seen in the suspect’s hand on film, said Rains, an attorney whose firm represented the officer.

Sgt. Barry Donelan, the police union chief in Oakland, said the department initially moved to terminate the officer for an excessive response, but he was ultimately exonerated because the video analysis backed up the officer’s account.

Donelan said the danger with such footage is it taps into a human tendency to over rely on video at the expense of other accounts of an event, and can be especially problematic in high-adrenaline situations.

When that happens, “it’s just about the camera,” Donelan said. “It’s the ultimate Monday morning quarterbacking tool.”

View Source

Police body cameras spur privacy debate

The woman says she doesn’t know why she’s being pulled over, but it’s obvious: she’s driving on the wrong side of the road. And when a police officer asks the woman to get out of the car, she rams ahead before crashing into a pole and taking off on foot. She’s stopped with a stun gun and handcuffed.

You can watch the whole thing on YouTube, thanks to the Laurel Police Department’s decision to outfit its officers with what the police call “lipstick cameras.”

Enclosed in a slim piece of black plastic, the recorder attaches to a pair of sunglasses or a headband. The city started using the device six months ago. Since then, Chief Rich McLaughlin says, complaints against officers have gone down and so has the use of police force.

“It keeps everybody in check, on both sides,” he said.

Although dashboard cameras in police cruisers are ubiquitous, they provide a limited vantage point and capture mostly traffic stops. On-body cameras that take in everything an officer sees have started to gain traction nationwide; one recently captured the police shooting of a former New York Giants player in Daytona Beach, Fla. Laurel is one of the first departments in the Washington region to adopt them, along with Cheverly and New Carrollton. Hyattsville and the University of Maryland plan to start using them soon.

Police say the videos can provide valuable evidence in court and a clear record of the actions of officers. But questions remain about use of the cameras — precisely when they should be turned on and off — and what becomes of the countless hours of video footage. Some officials also worry that the cameras will discourage some people from approaching officers with tips or concerns.

“This is a discussion that’s bigger than just whether cameras work or not,” said Baltimore City Fraternal Order of Police President Bob Cherry. Next, he suggested, could come cameras on public school teachers and medical professionals. “How far do we want to go as a society, in terms of recording everything?”

The American Civil Liberties Union, which generally is wary of surveillance, recently expressed support for the cameras. But the organization acknowledges the privacy concerns of the police and the public, and its support comes with conditions.

“I absolutely know this tool will transform policing,” Scott Greenwood, a police accountability attorney and general counsel for the ACLU, said in an interview. “It’s an unalloyed good, provided that policies are in place that mandate the use of devices rather than leaving it up to the discretion of the officers.”

The ACLU calls for consent from a filmed citizen when releasing videos — a policy that could have barred Laurel’s car chase from YouTube — and redaction where feasible. Body camera makers are only just starting to catch up with that demand.

The video is “really helpful, but it also raises concerns,” said police Sgt. Rob Drager of Albuquerque, one of the first departments to use the body cameras. Under state information request laws, he said, his department once released a tape to a local news station that included unedited video of officers responding as a child was being strangled.

“We encounter people on the worst day of their lives, and now that’s public record, that’s out there,” he said.

There are also questions about what ultimately happens to the video — even scenes of mundane interaction between police and citizens.

“Who owns the data?” asked Steven Edwards, a senior policy adviser at the Justice Department, during a recent conference on body cameras organized by the Police Executive Research Forum, a national membership group. “Five years from now, how will this data be used?”

In New York, a judge has ordered some police to wear cameras as part of the ruling on the city’s “stop and frisk” policy. Los Angeles has decided to use the cameras — if the city can pay for them. D.C. police spokeswoman Gwendolyn Crump said city officers don’t wear cameras but “technology is constantly evolving and we will keep the possibility open.”

More than 100 small police departments in Virginia, including the cities of Fairfax and Falls Church, have been given body cameras by VML Insurance Programs.

But Lt. John Bisek of the Manassas Police Department said those cameras were more of a conversation-starter than a solution. “The quality isn’t there,” he said. More expensive cameras have better security measures to prevent tampering and require less upkeep, he said, but Manassas doesn’t have the funding.

Most of the cameras cost hundreds of dollars; data storage is an added cost. Laurel uses Taser, which sells a high-end camera and data system..

When they were first told they had to film every encounter, some officers in Laurel were not thrilled, McLaughlin said. But now they come to him asking for the cameras. He just ordered a new batch, and now nearly all 70 officers have them.

Officers from nearby cities “ask, ‘Oh, how do you like Big Brother?’” said Officer Matt Jordan. “But I don’t have a problem with it. I like it.”

The camera helped clear him after a citizen complaint, Jordan said. Once, it defused a confrontation outside a bar: “As soon as they saw the cameras, they left.” In court cases, they’ve been used to secure a drug-related guilty plea and prove that an officer was shoved.

A 12-month Police Foundation experiment in Rialto, Calif., found similar results, according to a report from the city’s police chief. Officer force was used 2.5 times more when officers were not wearing cameras. There were 28 citizen complaints the year before; during the experiment, there were three.

Unlike the District and Virginia, in Maryland taping a private conversation requires the consent of both parties. But state courts have concluded that public stops are not private. Laurel police only offer to turn the camera off when they go into a home; they also turn them off in hospitals.

“I think everyone’s sort of waiting to see how the courts going to accept some of these things,” said Cheverly Police Chief Joseph Frohlich. “I don’t think anyone knows what the limits are.” His officers also turn cameras off in private contexts.

Laurel officers can refer to the videos — automatically downloaded to a smartphone app — to write reports during each shift. At the end of the day, the cameras go into a docking station and the clips are automatically transferred to a data-storage Web site.

Unless the police mark a recording as evidence, it’s destroyed in 180 days. Officers can also ask for a copy to be burned onto a CD for use in court. Otherwise, they can’t touch them.

At the recent law enforcement conference, several chiefs said that in a world where people regularly use cellphones to film officers and post the choppy clips online, police need to be able to produce their own video.

“Everybody’s filming everybody,” said Philadelphia Police Commissioner Charles Ramsey, who led D.C. police from 1998 to 2006. “It’s the reality of the world we’re in; we can’t ignore it. We’ve just got to figure out a way to do it in a constitutional fashion.”

View Source

NSA Wrongly Says Warrantless Mobile-Phone Location Tracking Is Legal

National Security Agency snoops are harvesting as many as 5 billion records daily to track mobile phones as they ping nearby cell towers across the globe.

That alarming scoop by The Washington Post via documents provided by NSA leaker Edward Snowden included wishful thinking from an unnamed government “intelligence lawyer” interviewed in the story. This official, according to the Post, said that the data “are not covered by the Fourth Amendment,” meaning a probable-cause warrant isn’t required to get it.

In reality, however, the case law on cell-site locational tracking — while generally favorable to the government — is far from clear, with federal courts and appellate courts offering mixed rulings on whether warrants are needed.

And it’s a big deal. As of last year, there were 326.4 million wireless subscriber accounts, exceeding the U.S. population, responsible for 2.3 trillion annual minutes of calls, according to the Wireless Association.

All the while, warrantless cell-phone location tracking has become a de facto method to snoop on criminals in the wake of the Supreme Court’s decision that probable-cause warrants from judges are generally needed to affix covert GPS devices to vehicles.

Yet the mobile-phone location data issue has never been squarely addressed by the Supreme Court, and the dispute isn’t likely to be heard by the justices any time soon. All of which means that the legality of the latest crime- or terror-fighting method of choice is equally up in the air.

The high court in June rejected an appeal (.pdf) from a drug courier sentenced to 20 years after being nabbed with 1,100 pounds of marijuana in a motor home camper the authorities tracked via his mobile phone pinging cell towers for three days from Arizona to a Texas truck stop.

In that case, and without comment, the Supreme Court let stand a ruling from the 6th U.S. Circuit Court of Appeals, which covers Kentucky, Michigan, Ohio and Tennessee. The appeals court ruled that probable-cause warrants were not necessary to obtain cell-site data.

The appeals court had distinguished the case from the GPS decision decided by the Supreme Court two years ago. The high court had ruled that the physical act of installing a GPS device on a target’s vehicle amounted to a search, which usually necessitates a probable-cause warrant under the Fourth Amendment.

“Here, the monitoring of the location of the contraband-carrying vehicle as it crossed the country is no more of a comprehensively invasive search than if instead the car was identified in Arizona and then tracked visually and the search handed off from one local authority to another as the vehicles progressed. That the officers were able to use less expensive and more efficient means to track the vehicles is only to their credit,” the three-judge appellate panel of the 6th Circuit ruled 2-1.

According to the Post, “the NSA pulls in location data around the world from 10 major ‘sigads,’ or signals intelligence activity designators. A sigad known as STORMBREW, for example, relies on two unnamed corporate partners described only as ARTIFICE and WOLFPOINT. According to an NSA site inventory, the companies administer the NSA’s ‘physical systems,’ or interception equipment, and ‘NSA asks nicely for tasking/updates.’”

Regarding whether that’s legal, the 5th U.S. Circuit Court of Appeals — which covers Louisiana, Mississippi and Texas — in July sided with the government in a case involving three lower court rulings concerning unidentified suspects. A lower court said “compelled warrantless disclosure of cell site data violates the Fourth Amendment.”

The government argued that a mobile-phone company may disclose historical cell-site records created and kept by the company in its ordinary course of business, where such an order is based on a showing of “specific and articulable facts” that there are reasonable grounds to believe that the records sought are relevant and material to an ongoing criminal investigation. A court warrant, on the other hand, requires the higher probable-cause standard under the Fourth Amendment. The appeals court agreed. (.pdf)

The government’s argument is based on a 1979 Supreme Court ruling upholding a Maryland purse snatcher’s conviction. The conviction and 10-year term came after the cops compelled the phone company to make a record of the numbers dialed by defendant Michael Lee Smith. A warrant, the high court reasoned, was not required because people do not have a reasonable expectation that the records they maintain with businesses would be kept private.

That same case has provided the legal justification for the NSA’s massive phone-metadata snooping program.

Still, another appellate court to have ruled on the issue was the 3rd U.S. Circuit Court of Appeals. The appellate court said in 2010 that the lower courts have the option to demand a warrant for cell-site data. The court covers Delaware, New Jersey and Pennsylvania.

Meanwhile, U.S. District Judge Richard Bennet of Maryland last year cited the purse-snatching decision when declining to suppress evidence that Aaron Graham and Eric Jordan were allegedly involved in a string of Baltimore City fast-food restaurant robberies. They were arrested in connection to one robbery, and a 7-month historical look of their phone records placed them on the scene when other restaurants were robbed, the authorities said.

Bennet ruled:

For the following reasons, this Court concludes that the Defendants in this case do not have a legitimate expectation of privacy in the historical cell site location records (.pdf) acquired by the government. These records, created by cellular providers in the ordinary course of business, indicate the cellular towers to which a cellular phone connects, and by extension the approximate location of the cellular phone. While the implications of law enforcement’s use of this historical cell site location data raise the specter of prolonged and constant government surveillance, Congress in enacting the Stored Communications Act, has chosen to require only ‘specific and articulable facts’ in support of a government application for such records.

That decision is on appeal with the 4th U.S. Circuit Court of Appeals, which covers Virginia, West Virginia, North Carolina and South Carolina. Oral arguments are slated for next month.

View Source

A Night Watchman With Wheels?

The night watchman of the future is 5 feet tall, weighs 300 pounds and looks a lot like R2-D2 — without the whimsy. And will work for $6.25 an hour.

A company in California has developed a mobile robot, known as the K5 Autonomous Data Machine, as a safety and security tool for corporations, as well as for schools and neighborhoods.

“We founded Knightscope after what happened at Sandy Hook,” said William Santana Li, a co-founder of that technology company, now based in Sunnyvale, Calif. “You are never going to have an armed officer in every school.”

But what is for some a technology-laden route to safer communities and schools is to others an entry point to a post-Orwellian, post-privacy world.

“This is like R2-D2’s evil twin,” said Marc Rotenberg, the director of the Electronic Privacy and Information Center, a privacy rights group based in Washington.

And the addition of such a machine to the labor market could force David Autor, a Massachusetts Institute of Technology economist, to rethink his theory about how technology wrecks the middle class.

The minimum wage in the United States is $7.25, and $8 in California. Coming in substantially under those costs, Knightscope’s robot watchman service raises questions about whether artificial intelligence and robotics technologies are beginning to assault both the top and the bottom of the work force as well.

The K5 is the work of Mr. Li, a former Ford Motor Company executive, and Stacy Dean Stephens, a former police officer in Texas. They gained some attention in June for their failed attempt to manufacture a high-tech police cruiser at Carbon Motors Corporation in Indiana.

Knightscope plans to trot out K5 at a news event on Thursday — a debut that is certain to touch off a new round of debate, not just about the impact of automation, but also about how a new generation of mobile robots affects privacy.

The co-founders have chosen to position K5 not as a job killer, but as a system that will upgrade the role of security guard, even if fewer humans are employed.

“We want to give the humans the ability to do the strategic work,” said Mr. Li in a recent telephone interview, describing a highly skilled analyst who might control a herd of security robots.

The robot, which can be seen in a promotional video, is still very much a work in progress. The system will have a video camera, thermal imaging sensors, a laser range finder, radar, air quality sensors and a microphone. It will also have a limited amount of autonomy, such as the ability to follow a preplanned route. It will not, at least for now, include advanced features like facial recognition, which is still being perfected.

Knightscope settled in Silicon Valley because it was hoping for a warm reception from technology companies that employ large security forces to protect their sprawling campuses.

There are about 1.3 million private security guards in the United States, and they are low paid for the most part, averaging about $23,000 a year, according to the Service Employees International Union. Most are not unionized, so they are vulnerable to low-cost automation alternatives.

K5 also raises questions about mass surveillance, which has already set off intense debate in the United States and Europe with the expansion of closed-circuit television systems on city streets and elsewhere. The Knightscope founders, however, have a radically different notion, which involves crime prediction, or “precog” — a theme of the movie “Minority Report.”

“We have a different perspective,” Mr. Li said. “We don’t want to think about ‘RoboCop’ or ‘Terminator,’ we prefer to think of a mash up of ‘Batman,’ ‘Minority Report’ and R2-D2.”

Mr. Li envisions a world of K5 security bots patrolling schools and communities, in what would amount to a 21st-century version of a neighborhood watch. The all-seeing mobile robots will eventually be wirelessly connected to a centralized data server, where they will have access to “big data,” making it possible to recognize faces, license plates and other suspicious anomalies.

Mr. Rotenberg said such abilities would rapidly encroach on traditional privacy rights.

“There is a big difference between having a device like this one on your private property and in a public space,” he said. “Once you enter public space and collect images and sound recordings, you have entered another realm. This is the kind of pervasive surveillance that has put people on edge.”

Mr. Li said he believed he could circumvent those objections by making the data produced by his robots available to anyone in a community with access to the Internet.

“As much as people worry about Big Brother, this is as much about putting the technology in the hands of the public to look back,” he said. “Society and industry can work together on this issue.”

This is essentially a reprise of the debate over Google’s Street View system, which has drawn opposition from privacy advocates. But while Google’s cars captured still images infrequently, a pervasive video and audio portal that autonomously patrolled a neighborhood would in effect be a real-time Street View system.

For the moment, the system is unarmed, and it is certain to become the target of teenagers who will undoubtedly get a thrill from knocking the robot over. Mr. Li said he believed this was not an insurmountable challenge, given the weight, size and video-recording ability of the bots.

Mr. Rotenberg said a greater challenge would be community opposition. He acknowledged, however, that K5’s looks were benign enough. “It doesn’t look like Arnold Schwarzenegger,” he said. “Unless he was rolled over and pressed into a ball.”

View Source

Big Brother: Streetlights That Watch and Listen

They look like ordinary streetlights, shining down on Las Vegas sidewalks after the sun has set. But Sin City’s new streetlights have a few special capabilities that have civil libertarians up in arms.

The city is installing Intellistreets, a brand of street lighting that is capable of recording video and audio of pedestrians and motorists. What happens in Vegas, it seems, no longer stays in Vegas.

“We want to develop more than just the street lighting component. We want to develop an experience for the people who come downtown,” Neil Rohleder of the Public Works Department told NBC News affiliate KSNV. The lamps are equipped with large video monitors that display ads or other messages, and speakers that broadcast muBut people like civil liberties advocate Daphne Lee have concerns that Big Brother is watching — and recording. “This technology is taking us to a place where you’ll essentially be monitored from the moment you leave your home until the moment you get home,” Lee told KSNV.

Although Illuminating Concepts, the Farmington Hills, Mich.-based company that developed Intellistreets, does make streetlights with video and audio recording capabilities, those features will not be present on the lamps in Las Vegas, according to city officials.

“Right now, our intention is not to have any cameras or recording devices … it’s just to provide output out there, not to get any feed or video feed coming back,” Las Vegas public works director Jorge Cervantes told KSNV.

Techno-shaming?

Similar streetlights have been installed in a handful of European cities. In Middlesbrough, England, lamps equipped with a full suite of monitoring equipment were installed in 2006. When monitoring operators saw a cyclist riding his bicycle through a crowded pedestrian area, they broadcast a message over the loudspeaker: “Would the young man on the bike please get off and walk, as he is riding in a pedestrian area?”

The admonished young man shamefacedly dismounted and walked his bicycle as instructed, according to the Daily Mail. Among people disturbed by anti-social behavior — biking on sidewalks, littering, fist fighting — the smart streetlights are a big hit. “Put it this way: We never have requests to remove them,” manager Jack Bonner told the Mail.

Intellistreets lamps operate over a Wi-Fi network that’s linked to a central server; each lamp can be individually controlled. The LED lights, remote dimming controls and other energy-saving features of the streetlamps can cut electricity use by 70 percent, according to the manufacturer. They can also be equipped with pollution monitors, emergency call buttons and optical recognition software.

Emergency information

And in the event of an emergency, Intellistreets can provide useful information, such as Amber Alerts, threats including natural disasters or chemical spills, real-time evacuation procedures and other security concerns through visual monitors and audio messages.

In addition to Las Vegas, Intellistreets have been installed at the Mercedes-Benz Superdome in New Orleans, Sony Pictures in Culver City, Calif., and the Navy Pier in Chicago.

Illuminating Concepts founder Ron Harwood told CBS Detroit that the Intellistreets system was “born in the parks of Disney and Universal,” where “imagineers” (engineers working in design and development) needed an integrated network that could guide large crowds while also giving them information in an emergency.

Nonetheless, in an era where security watchdogs at the National Security Agency are spying on everyone from heads of state to their girlfriends, some are raising concerns that a streetlight that can watch and listen to your conversations is more than a little unsettling.

“At what point do we say, ‘this is the land of the free,’” Lee told KSNV. “People have a right to a reasonable amount of privacy.”

Follow Marc Lallanilla on Twitter and Google+. Follow us @livescience, Facebook & Google+. Original article on LiveScience.sic or voice messages.

View Source

Mobile Forensics in Internal Affairs Investigations

It’s an unfortunate truth of the cell phone era that sometimes, employees will abuse their access to these devices. Whether their employer owns the device, or allows “bring your own device” (BYOD) to work, the convenience and ubiquity to an individual’s day-to-day means that sometimes, devices will be used inappropriately.

In the law enforcement arena, several very recent news stories highlight this truth:

Chicopee (Massachusetts) police officers were investigated after leaking crime-scene images of murder victim Amanda Plasse. The photos were taken with officers’ personal mobile devices and shared with people outside the Chicopee Police Department.
In Denver (Colorado), an officer was given a desk assignment after allegedly using his department-issued mobile device to sexually harass a woman.
Connell (Washington)’s chief of police is under investigation for allegedly watching pornography on a city-issued cellphone.
A Roseville (California) police officer used his cell phone to stalk and harass a woman.

How can you protect yourself and your agency in the event of these types of allegations?

Establish proactive and reactive policies

Whether you issue devices or allow BYOD, have policies that establish acceptable use. In either case, personal communications should not interfere with official duties. Require employees to password-protect their devices, and possibly even encrypt potentially sensitive data, such as text messages between officers and witnesses.

Clearly lay out what behavior will not be tolerated. This can be as obvious as pornography viewing on duty (or even off duty on a government-issued device), or as “gray” as limiting personal communications only to family emergencies.

In Connell as well as in many other communities, employees can use their city-issued phones for some personal use as long as it doesn’t add to maintenance costs, and/or if they agree to pick up the tab for additional accrued costs. However, employees also have a limited expectation of privacy in the use of employer-issued devices, as the US Supreme Court ruled in City of Ontario v. Quon in 2010.

BYOD policies are a little different. These should stipulate:

What devices are permitted. As government employees, everyone in your agency may need to adhere to any policy already in place for your city, county or state. Devices that are allowed can affect any support issues officers may have with connecting to work email or other internal resources, as well as potential security issues.
What apps are permitted. Especially on Android devices, it’s possible that some apps may not be as secure as you’d like them to be when a device is accessing your network.A BYOD policy should also include language that allows the agency or government to search the employee’s device. There should be cause to do so, of course, and the policy should state that the scope of a search will be limited to relevant data (not a wholesale scouring of employee personal data, which could leave you liable if you uncover personal health information or other protected data). This part of the policy should also cover what happens when employees leave the department.

Employees should also be compelled to turn over any evidentiary data on their personal devices as soon as possible after obtaining it. It may be, in some situations, that a personal device is the only means of recording a crime scene, a victim’s injuries, a confrontation of some kind, or other evidence. But policy should dictate when this type of use is allowable and what should happen to the evidence following the recording.

Policy should also dictate how to handle mobile devices in certain situations, like officer-involved shootings or other use of force encounters. It may be that the device contains no evidence. Then again, the nature of text messages or other communications can help to establish an officer’s frame of mind leading up to an encounter.

Have a standard search procedure
Policy only goes so far. Also understand how you’re going to obtain the data. Just as with a civilian’s device, it’s not appropriate to “thumb through” text messages, images, or other data. That would be like thumbing through all the pictures, files and personal effects within an officer’s home.

“Digital first responder” training is imperative for everyone in the agency, including any officer or commander responsible for conducting internal investigations. This training helps the investigator understand how to preserve digital evidence.

For instance, it would not be enough to put an iPhone in Airplane Mode. The investigator also needs to turn off its wi-fi. Doing one but not the other would still allow the device to send and receive data from wi-fi access points, changing data on the device.

Investigators should also be sure to collect data and power cables for all relevant devices. While Android phones use micro USB and therefore have interchangeable power cords, other makes and models do not; Apple iOS devices, for instance, do not have consistent power cabling. If you don’t collect the right cables, you may face having to purchase one.

Keep cables with the devices they’re meant to go with, separate from other devices and cables. Label everything: device make and model, whose it is, case control number. If for some reason you could not collect the cable, note that too.

Internal investigations may start in the field rather than in the office. In this event, a small “first responder” kit (which should be standard issue in all field vehicles) should be maintained. The kit should include a Faraday bag or box to help you isolate the device as you transport it from the scene to the office or forensic lab.

If the device is locked, obtain its password. This may be part of consent to search — be sure to maintain consent forms for BYOD scenarios — or the employee may be compelled to provide the password. Keep in mind that the officer may be unwilling or unable (if physically injured) to provide the password. In this event, know whether your agency’s or government’s IT staff maintains device passwords, and whether they can be reset over the network.

Finally, once you have the device and all necessary legal authority, examine or assign the examination like you would any other evidence device. Know who in your agency or region can perform mobile forensic examinations, and how to contact the on-call specialist.

If you are the one doing the examination, it is wise to undergo training on how to use the forensic tool, including obtaining any necessary certifications. It may also be wise to perform any search in the presence of the officer’s union representative or attorney, or request independent examination by a district attorney’s or attorney general’s investigative staff.

Communicate with employees

Employees should understand that nothing on their personal mobile device is truly “private.” It could become discoverable for any reason at all. Employees should be taught to assume their mobile devices may be searched at any time, and that the old saying “better to ask forgiveness than permission” may not be true of mobile device usage.

Clearly communicate what policies exist and why, along with any changes that are made as soon as they are made. Make sure employees also understand the SOP that goes along with those policies and what their rights are. Know how to answer any questions they might ask, which means working with the city attorney to address them.
Annual in-house training, complete with scenarios and/or role-play, can help in this regard. Regular briefings on offenses, right and wrong responses, implications and consequences of each, and what officers are required to report should all be built into this type of training.

Just like social media posts, mobile device content can affect your credibility as a witness in court, and your usage habits can affect the public’s perception of your professionalism. Strong policies, procedures, and training can help both officers and agencies protect themselves and one another from damaging mobile device misuse.

View Source

Murder and serious assault scenes to be guarded by private security firms

Dorset England Oct 1 2013 A PRIVATE security firm is to guard major crime scenes under a four-month trial being carried out by Dorset Police.

The force said guarding the scenes of major crimes, such as murder and serious assault, was currently taking officers away from front-line policing.

It said the decision to outsource the role to Securitas Ltd had the potential to release between 2,600 and 3,600 police hours to front line services each year.

Detective Chief Superintendent Mark Cooper, head of Dorset Police criminal justice department, said: “Protecting the scene is an integral part of an investigation ensuring that evidence is not disrupted, destroyed or contaminated.

“Outsourcing has been tried and tested by other forces for a number of years and it has been found to be a very effective way of securing evidence as well as ensuring robust frameworks on contamination or interference at the scenes of crime.

“Specially trained scene officers will be able to perform this task to a high standard and release police officers back to the front line to perform other essential tasks.

“The outsourcing of scene guarding to Securitas Ltd has the potential to impact positively upon the service we can provide to the communities of Dorset.”

Dorset Police and Crime Commissioner Martyn Underhill said: “I welcome this trial which will put more officers back into core policing. It will also cut force costs and strengthen our ties with Avon and Somerset, and Devon and Cornwall Police Forces who have already adopted this scheme.”

Mike Clancy, south west area director of Securitas, said: “This tried and tested method since 2008 has seen a hugely successful relationship between two forces grow now into a third as we welcome Dorset Police.

“The work our crime scene officers conduct is of the highest standard, having been police-vetted and specifically trained for such a role prior to any deployment.

“Our density of branch network and front line staff enables us to deploy with pace, professionalism and the reliability you would expect from an organisation of our strength, depth and expertise.”

If the trial proves successful, Dorset hopes to use professional scene officers permanently from 2014.
It could also consider deploying them to other crime scenes.

View Source

Move toward LAPD body cameras gets big boost

Sept. 20–Many police departments around the country have been using body-mounted cameras to record their interactions with the community, and with a new push from the City Council and Police Commission, the Los Angeles Police Department may soon be testing the technology aimed at reducing the number of officer-involved complaints and lawsuits.

The idea for the small body-mounted cameras was thrust to the forefront last week when Police Commissioner Steve Soboroff announced he was raising private funding pay for the items, and City Councilman Mitch Englander said the first cameras for testing might be available as early as next week.

“What we’re looking at is an enhancement to the technology that is already out there with the dash cameras in the black-and-whites,” Englander said in an interview. “More is better in this case. We’re paying out tens of millions of dollars in lawsuits, and these cameras have been shown to lower that amount in other departments. There’s a new energy around this technology, and we want to move forward with it.”

One recent study in Rialto showed an 80 percent drop in the number of complaints against officers during a year-long pilot program, as well as a reduction in use-of-force incidents from 60 to just 25 year over year.

Two weeks ago, Soboroff had said the goal was to have cameras on all officers within the next 18 months, but last week he revised that time frame to one year.

“A couple of things went into that,” Soboroff said in an interview. “(Police Chief Charlie Beck) thinks the results will be so apparent once these things are up and running that the testing period doesn’t need to be that long. We thought it would take six months after we got them to test them — now it’s at three months.”

While he cautioned that the department still has to establish procedures for use of the cameras, including what divisions will test the technology and standards for privacy concerns when officers enter residences, he said the goal is still to move quickly on implementation.

The current plan is to acquire 25 cameras on loan from a manufacturer. Those will be worn in the field for 90 days, and then the department will report back to the City Council’s Public Safety Commission. By then, Soboroff hopes to have raised the money necessary to purchase the hardware, warranties and cloud storage space for the massive amount of data the cameras record.

Funding has consistently been a hang-up in adding the once much touted dashboard cameras to patrol cars, and a similar challenge faces body-camera proposals, even though Chief Beck has voiced his enthusiastic support for both.

Currently, about a fifth of the fleet’s vehicles have in-car cameras, but Beck said last week the department is moving forward with plans for more, on a separate track from the push for body cameras.

To sidestep money concerns over body cameras, Soboroff has taken his pitch private, securing pledges from some high-profile Angelenos, including $250,000 from media mogul Casey Wasserman and an undisclosed amount from DreamWorks co-founder and CEO Jeffrey Katzenberg.

“The goal is for the city to have no financial impact at all,” Soboroff said. “That includes warranties, maintenance, downloading and (data) storage … I have people calling me every day.”

The total cost to acquire 500 of the cameras Englander and Soboroff have been eyeing is about $1 million, including warranties that cover upgrades as technology advances, several years of data storage and monitoring and maintenance. Because those 500 will rotate among officers at shift changes, up to 1,500 officers will be able to use them.
The eventual goal is to equip all on-shift officers with the devices. Englander points out that many have already outfitted themselves with cameras or other recording devices at their own expense.

The Los Angeles Police Protective League, the union that represents the majority of sworn officers, has not yet taken a position on the cameras.The most popular manufacturer is an Arizona-headquartered company, Taser International Inc., which supplied the LAPD with its brand of stun guns and is providing the cameras for the initial testing period.

The company makes two versions of the cameras: the Axon Body, a rectangular device that mounts to an officer’s shirt pocket and costs about $299; and the Axon Flex, which runs between $700 and $800 and can be mounted on hats, collars, belts or specially designed Oakley sunglasses using a magnetic attachment, as well as on the dashboard of a patrol car to act as a dash cam.

Currently, dozens of U.S. police departments have incorporated the cameras — including Greensboro, N.C., Topeka, Kansas, and Houston — and have made public their drop in complaints against officers.

“Last month, there was an officer-involved shooting in Topeka, and the District Attorney and the police chief were able to watch the video of the incident at the same time,” said Steve Tuttle, a spokesman for Taser International. “Now, I don’t know the outcome of the case, but I know that they’ve tripled their purchase (of cameras) since that time. There’s a reason for that.”

Tuttle points out that the Axon Flex can be used as a replacement for dash cams with a mount similar to a GPS stand that affixes to the dashboard of a vehicle. In the case of motorcycle officers, the on-body camera becomes the default dash cam and records both audio and video.

“We’ve had officers out there going 100 mph, and the camera stays affixed,” he said.

Once the camera is turned on, it is always recording video but captures audio only when a police officer turns on that feature.

Despite the manufacturer’s indication that body cams are able to supplant dash cams, locals involved say they want to move forward with adding both to the LAPD’s equipment arsenal.”There are so many benefits to having these,” said Councilman Englander. “You can Bluetooth link the body cameras to your smart phone, which would allow officers to roll up to a scene with an operational perspective. They can use it when they are going around a corner or up into an attic. Instead of putting their head up in the attic and getting it shot at, they can put the camera up there. But we still want the perspective of both the officer and the suspect when you’re in the car. You want to have as many perspectives as possible, and this technology makes that possible.”

Copyright 2013 – Daily News, Los Angeles
View Source

Do you trust your waiter? Hacked bank-card reader TEXTS your info to crims

A Russian-speaking man casually shows on camera how he can download a punter’s bank-card details and PIN from a hacked card reader.

In a video demonstrating a tampered sales terminal, a card is swiped through the handheld device and a PIN entered – just as any customer would in a restaurant or shop. Later, after a series of key-presses, the data is transferred to a laptop via a serial cable.

Account numbers and other sensitive information appear on the computer screen, ready to be exploited. And the data can be texted to a phone, if a SIM card is fitted to the handheld.

We’re told the footage, apparently shown on an underworld bazaar, is used to flog the compromised but otherwise working kit for $3,000 apiece – or a mere $2,000 if you’re willing to share 20 per cent of the ill-gotten gains with the sellers under a form of hired-purchase agreement.

Crucially, the gang selling this device offers a money-laundering service to drain victims’ bank accounts for newbie fraudsters: a network of corrupt merchants are given the harvested card data and extract the money typically by buying fake goods and then cashing out refunds. The loot eventually works its way back to the owner of the hacked card reader.

A copy of the web video was passed to The Reg, and is embedded below. We have rotated part of the footage so it’s easier to read the on-screen text.

Electronic security consultancy Group-IB said the modified Verifone VX670 point-of-sale terminal, shown above, retains in memory data hoovered from tracks 1 and 2 of the magnetic stripe on the back of swiped bank cards, as well as the PIN entered on the keypad – enough information for fraudsters to exploit.

The setup suggests the sellers are based in Russia. In the video, a credit card from Sberbank, the country’s largest bank and the third largest in Europe, is used to demonstrate the hacked terminal’s capabilities.

If a SIM card for a GSM mobile phone network is fitted to the doctored device, the information can be sent by SMS rather than transferred over a serial cable, explained Andrey Komarov, head of international projects at Group-IB.

He told us crooks tampering with point-of-sale (POS) terminals and selling them isn’t new – but the bundling of money-stealing support services, allowing fraud to be carried out more easily, is a new development in the digital underground.

“We have detected a new group that sells this modified model of POS terminals and provides services for illegal cash-outs of dumped PINs through their own ‘grey’ merchants: it seems they buy fake stuff, and then cash-out money,” Komarov said.

“It takes less than three hours. According to our information, this kind of service is really new, and it is also being used by different cyber-criminals against the Russian bank Sberbank.”

Komarov told El Reg that the emergence of hacked card readers is due to banks improving their security against criminals’ card-skimming hardware hidden in cash machines and similar scams. Planting data-swiping malware in POS handhelds out in the field is possible, but it is fairly tricky to find vulnerable terminals and infiltrate them reliably without being caught.

It’s a touch easier to buy a tampered device and get it installed in a shop or restaurant with the help of staff or bosses on the take. This creates a huge potential market for fraudsters, according to Komarov.

Scam warnings

Banking giant Visa has issued several alerts about this kind of fraud along with occasional warnings about device vulnerabilities – such as this warning from 2009 [PDF]. And social-engineering tricks [PDF] in which fraudsters pose as Visa employees carrying out adjustments to terminals – while actually compromising them – has been going on for years.

One alert [PDF] from Visa, dating from 2010, explains how thieves worked in the past and the steps merchants can take to defend against the fraud: anti-tampering advice from this year can be found here [PDF], an extract of which is below:

Criminal gangs worldwide are illegally accessing active POS terminals and modifying them by inserting an undetectable electronic “bug” that captures cardholder data and PINs during normal transaction processing.
The impact of this type of crime can be significant to all key parties involved in card acceptance. An attack can not only undermine the integrity of the payment system, but diminish consumer trust in a merchant’s business. In response to this emerging threat, acquirers, merchants and their processors need to proactively secure their POS terminals and make them less vulnerable to tampering.

A more recent advisory on combating this type of fraud, issued earlier this year by Visa, can be found here [PDF].

Avivah Litan, a Gartner Research vice-president and an expert in banking security and related topics, said that tampering with card readers has been going on for years. She agreed with Group-IB’s observation that since banks are investing more in securing cashpoints, penetrating point-of-sale terminals can be an easier way to make money for criminals.

“The bad guys will go after anything they can, but it can be easier to find dishonest merchants to cooperate in running tampered terminals [to harvest bank details] than going after ATMs,” Litan told El Reg, adding that this kind of fraud was rife in South America, particularly in countries such as Brazil.

But Group-IB’s Komarov believes the Russian-speaking fraudsters behind the black-market sale of hacked sales terminals are targeting the international market as well as crims in the motherland. “The example they showed for Sberbank was just because they also use it against Russian-speaking countries, as they have Russian-speaking roots,” he explained.

We passed on Group-IB’s research to Verifone at the start of this month, along with a request for comment on what could be done to frustrate the trade of tampered card readers through underground markets and similar scams. We have yet to hear back from the device manufacturer. We’ll update this story if we hear more. ®

View Source

So, What’s a Little Surveillance Between Friends?

Unless you’ve been living under a rock, you’ve heard the National Security Agency vehemently denying that its spy program is trampling on the constitutional rights of citizens, while privacy advocates bellow about the rise of Orwellian dictatorships. They do love trotting out the 1984 metaphors.

Frankly, there are hypocrisies on both sides. But retailers using data mining and loyalty programs, could get caught in the wringer if they don’t police themselves and those that gather the data. More disturbing is what I’ve heard in retail circles recently about reining in customer analytics for fear of incurring the wrath of privacy activists.

I sincerely hope that government surveillance is more concerned with terrorist plots than people’s personal proclivities. But surveillance isn’t new. It just went electronic with George Orwell’s vision of an authoritarian utopia and the Internet has simply made it easier.

The fact is that someone, somewhere keeps tabs on you from the time you’re born to when you open your first checking account, use your first credit card, switch on your first computer, or make your first cellphone call.

Contrary to popular opinion, the Constitution doesn’t guarantee the right to privacy, although the Supreme Court said it’s implied in several Amendments. This was brought to an illogical and frankly, dumb, conclusion in 2011 by the California Supreme Court in the case of Pineda v. Williams-Sonoma where the plaintiff alleged that the store lied about needing her zip code to complete a credit card transaction. She said it was used it to track down her home address for marketing purposes and that her information was being sold.

The takeaway is that where there’s a will, there’s a lawyer and a court that will consider the legal ramifications of a tempest in a teapot.

Where does that leave retailers? Customer surveillance, or customer analytics to use a gentler term, has become a rallying cry throughout the industry and one of the most valuable tools in the retail arsenal.

But the furor over the NSA’s actions, will likely unleash a spate of data privacy bills in Congress this year. The latest is the “Apps Act,” which requires consumers to sign off on privacy policies before using them. This moves the industry closer to European privacy laws, with very strict rules about what companies can and can’t do. At the very least, it’s another barrier between customers and the checkout. And, as we have seen, people will simply abandon their carts if the process becomes too cumbersome or inquisitive.

Congress simply isn’t capable of coming to grips with complex privacy issues. As I said, the industry is more than capable of policing itself and making the best use of the data for itself and its customers. But in the immortal words of comic book icon Stan Lee: “With great power comes great responsibility”.

Never take consumers for granted and don’t keep secrets. Tell them how the information helps create a better, more rewarding shopping experience. Assure them that the data is safe and not for sale to outsiders. Make sure all IT security systems are up-to-date—even surpassing industry norms—and initiate oversight of your own IT departments. Most important, don’t abandon data gathering for fear of backlash—real or imagined.

Collecting and analyzing shopper data is not an option. It is a business imperative for improving operations, sales and profits and anticipating customer demand. The competition for reliable information is intense, but cheaper to obtain from reliable outsiders then ever. Why not use it to its fullest?

Sometimes having a Big Brother watching is not such a bad thing.

View Source