interested in joining corrections.com authors network, email us for more information.

Archive

Archive for the ‘Uncategorized’ Category

Yes We Can and Should Be Looking at Social Media

May 31st, 2018
Recently, one of my fellow Corrections.com contributors posted an article on social media issues that I feel compelled to response to.  He notes that “Social media is now a super-highway for mass murderers and their grievances. It’s also used for day-to-day criminal activity.” Additionally, he notes that Facebook is “banning” criminal activity from its pages. From there he goes south and comes up with the following conclusions:

Facebook and other social media entities plus the justice system face an immense challenge as to keeping people safe. As offenders change tactics, will we be astute enough to recognize ongoing criminal behavior?

It’s my assertion that the justice system does not have the capacity, training or time to monitor the social media accounts of offenders on a large scale. If that changes, do we have societal and legal approvals?

Do parole and probation agencies really want to know? Probably not; it will greatly increase their rate of failure.

It’s also my opinion that social media sites do not want to be in the business of policing their platforms; it’s a slippery slope and partnering with law enforcement is bad for business. It’s my guess that their “credible threat” manifesto is not easily actionable.

Thus for all the reasons above, social media monitoring is a quagmire. Remember this the next time a mass murderer broadcasts and acts, or a sex or violent offender uses Facebook and someone is hurt or killed. Critics will say that the ‘system’ failed to take action. There are reasons why.”

If I had to summarize the above in three sentences they would be: Facebook, law enforcement, probation/parole, etc. don’t attempt to police social media it is just too big.  You can’t do it as you might violate someone’s rights.  Probation/Parole don’t do it as you might have to revoke someone’s supervision if you find something. Let’s start with the first one:

Social Media is Too Big

Yes, social media is big. But there are ways to make things manageable. Let’s start with Facebook.  They have made a policy that criminal behavior will not be tolerated on their platform. Remember, they own that platform and we as users agree to their terms of use. If they determine that something violates their policy they remove it. There is no judge or jury to decide these things. We as users agree to their terms. If we as users don’t like the terms we don’t have to use their site. They are putting these rules in place to make their site safer for all users. They do use “algorithms” to detect bad behavior but they also take reports from other users on problem postings. Do they catch everyone the minute it happens? No, they do not. But what would you have them do? Should they allow criminals to run a muck on their platform?  That would be like Walmart saying drug dealers, muggers, etc. feel free to use our parking lots to commit crime.

Now let’s turn to law enforcement a bit. Many police agencies and private sector companies are using software that search for key terms in social media. These programs are very sophisticated and allow for searches to target multiple terms, geographic areas, etc.  These programs are being used to help secure big events, such as the Super Bowl, World Series, etc.  Law enforcement also uses social media to investigate after the fact, particularly if they have a suspect and want to see if they can find further evidence. There is not only software out there but there is law enforcement training on conducting social media investigations which cover techniques and the law.  (One such event is coming up Washington, DC from August 19-22, 2018). I have listed at the end of this piece the groups that provide on training and/resources on these kinds of investigations.

Okay, finally, let’s look at probation and parole. They don’t have access to software that searches all social media for problems. But then again they not are supposed to be looking at everyone. Their focus is just the offender’s under their supervision. Is their entire caseload on social media? No of course not, so that limits the number further. Do all their offenders require that kind of scrutiny? Again, the answer is of course not. Probation/Parole also have the ability to ask offenders questions and to get info on an offenders’ social media accounts, which can greatly reduce the time needed to search for those accounts.

One thing that troubled me about this article is it didn’t reference the American Probation and Parole Association’s issue paper, The Use of Social Media in Community Corrections. This issue paper provides guidance about the issues associated with conducting these kinds of investigations. Why would you take a position on probation/paroles role with social media without mentioning a topic specific issue paper written by a professional organization for probation/parole? (By the way, they are updating this issue paper too). Those groups that focus on training noted below are also resources for probation and parole agencies.

Violating Someone’s Rights

I think this is one of the most troubling issues I have with this contributor’s position. If someone posts something on social media for literally the world to read, how in heaven’s name is that post somehow off limits for law enforcement or a probation/parole officer to view?  Sure there can be concerns in doing social media investigations but those can be addressed with training. Sure agencies might have to update their policies but it can be done. Heck, take a look at that issue paper I mentioned above.  It gives some guidance on legal concerns.

You might have to Violate Someone’s Supervision

Is he serious about this conclusion? My fellow contributor gave an example of what if you see a social media post of an offender with a gun. Well, a gun is not only a technical violation but in the case of an felony offender on supervision, it is a violation of federal and state law. Guns by the way are bad things for offenders to possess. Yes, you have to prove it is a gun but this is not a small technical issue. It warrants inquiry/investigation. Yes, there will be plenty of technical violations that might be uncovered. But that doesn’t mean they all have to go back to prison. For instance, you have social media posts of an offender using drugs. Maybe that results in the person going to treatment.  A social media investigation does not equate with someone going back to prison every time.  Social media investigations can be a useful tool.  What other tools should we stop using as they might end up with someone going back to prison? The objective is NOT to keep offenders in the community at all costs. The objective is to keep them in the community if it’s safer to do so.

Conclusion

My advice to my fellow contributor or for that matter anyone writing on cybercrime and corrections is to take a look at my past posts on corrections.com. I have been writing about this topic since 2007.   They will give you a bit more information that just shooting from the hip. On that note I left my cigar lit somewhere. Be safe out there.

Training/Resources

High Technology Crime Investigation Association

SEARCH

The National White Collar Crime Center (NW3C)

Uncategorized

Should Probation/Parole Officers Be On Social Media?

November 6th, 2017

There are two schools of thought for those in corrections and/or law enforcement when it comes to social media. The first is to avoid it at all cost. In short, don’t get on it in the first place. This position seemed natural for those that entered the field before social media took off in the early 2000’s. Why get involved in it when they have done fine without it for 20 or more years. Granted some of these folks are a bit behind the learning curve concerning social media and what can be gained from understanding its usage. The upside is many of these individuals are likely retiring and/or near retirement and their lack of tech savvy is being replaced by those who grew up with the Internet. Today’s reality is most of those now entering the profession have had one or more profiles for years before entering the field. Does anyone honestly expect them to give up their accounts? Of course not. This growing group of new officers and those who declined to opt out as suggested, leads us to the second school of thought, specifically it is okay to have social media provided you exercise caution. But what does “caution” mean when it comes to social media? Well, let’s explore it.

For most the primarily line of defense is to lock-down all those privacy settings for their social media. Don’t let anyone who is not a “friend” or connection see anything about you or what you post. Also, don’t let yourself be “tagged” without your permission and make sure your posts likewise can’t be shared without your authorization.  This is a good start, but it must be continually tweaked as social media sites like to make changes to their privacy settings (If you don’t know your profile’s privacy/security setting look to the help menu within your social media profile). Unfortunately, many users, including officers, consider having locked down settings is all they need to exercise caution. Well I can’t impress upon anyone this is not exercising caution, particularly if you are very active online. Let me explain what I am talking about.

I have seen officers who appear to have their setting locked down post things that their bosses would find very troubling, such as details about offender encounters, pictures of home visits, searches, etc. These kinds of posts and the commentary that often comes with them appear on the officer’s timeline. For some it doesn’t stop there. There are numerous officer only groups on various social media sites that restrict access to employed and/or retired officers. Some even go so far as to require a picture of official identification to gain access so that those interacting in the group have some level of confidence that their posts wouldn’t be shared. Here is a sample of posts that are all too frequently posted on these groups: Jokes about the circumstances of an offender’s arrest/revocation, details of office or home visits; negative comments about individual’s actual booking pictures; and posts soliciting comments about how many have angered defense counsels in courts. One officer noted in one post during an office day:

… somethings my mind wanders to a happy place where I am allowed to punch people in the throat.” In a reply the same officer noted they sometimes get angry with victims too.

I get that officers need a place to vent frustrations and these groups provide that space. But one has got to be naive to think that any online group can prevent online posts from seeing the light of day. Here is how it will happen.

Most likely, a fellow group member will alert someone at the person’s employer of a troubling post, either because they work there or because they know someone that does. In fact, if they work at the same location, they likely have an ethical duty to do so, which clearly overrides any group site policy. The next scenario will occur if a group member happens to find themselves in legal trouble (civil and/or criminal) and their social media posts become subject of discovery. No online group policy will prevent legal discovery.

Imagine the officer who posted they wish they were “allowed to punch people in the throat” defending themselves from an excessive force law suit. Heck, any officer might have trouble explaining themselves in such a lawsuit if they are an active member of an online group where such comments are common place. You get the picture.

So we must go beyond just making sure our privacy settings are secure. We must also be cautious of what we post online. How will it play with one’s supervisor or agency head? How will it appear if it comes out in a law suit? We also must be careful of what groups we join online. If the group regularly allows members to engage in discussions that show disdain for offenders, should a correctional “professional” be in that group? I will leave you to resolve that issue yourselves.  Make no mistake, I am no advocating that officers discard social media. I am only advocate using it cautiously and safely, whether is its personal, family or professional safety. On that note I left a cigar lit somewhere. Be safe out there.

Note

For those interested in using social media as part of one’s duties I suggest looking at the American Probation and Parole Association’s Issue Paper, The Use of Social Media in Community Corrections.

Uncategorized , , , , , ,

Supreme Court Strikes Down Social Media Restrictions for Non-Supervised Sex Offenders

June 20th, 2017

In May of this year, I mentioned that the Supreme Court was going to decide whether North Carolina’s criminal statute prohibiting sex offenders would stand constitutional scrutiny. I speculated it would be struck down and I guess I win a cigar because the entire Court voted to nullify North Carolina’s statute for violating the First Amendment (Packingham v. North Carolina)

So what does this mean for probation and post release conditions prohibiting sex offenders from using social media? Well, here is what my crystal ball tells me. First, let me note that Packingham was NOT on any form of community supervision. He had completed his sentence and was prosecuted for a new criminal offense, specifically accessing social media as a convicted sex offender. Let me repeat that… this person was not under any supervision condition prohibiting him from accessing social media.

My layman’s reading of the Supreme Court decision is that it currently does not invalidate supervision conditions prohibiting sex offenders’ from accessing social media. That said, my layman’s mind tells me that the Supreme Court in this decisions has recognized the significance of accessing to social media as it relates to the First Amendment. It has not struck down the supervision conditions but it has clearly indicated that they likely will be subject to judicial review. In short, conditions restricting supervised offenders from accessing social media in the future will likely have to be narrowly drawn and related to the offender. For instance, one’s status as a supervised sex offender will not alone be enough to trigger the restriction. They might actually have to had to been convicted or have a history of abusing social media to commit a crime. Even then, they might not be totally restricted from accessing social media. For instance, they may be granted permission subject to monitoring of their profiles and/or Internet/computer use. This decision will likely make any total Internet restriction for probation/parole cases harder to justify. Look for more conditions that allow Internet use but only with some kind of monitoring.

The interesting thing here is Facebook has a policy that prohibits sex offenders from using their site. This case does not force Facebook to allow sex offenders on their site. It only struck down North Carolina’s statute criminalizing the access of any social media site by sex offenders. Will Facebook change their policy? Why should they? My guess is no. But I have been wrong before. Also, I don’t’ think the case will not have any impact on Facebook’s policy concerning inmates using their site, which it recently mitigated somewhat.

My question is why don’t legislatures just focus on increasing the penalties for sex offenders who use certain high tech tools to victimize others? For instance, adding a mandatory criminal penalty for any person that uses social media to victimize another. That would not restrict anyone from accessing social media. It would just criminalize or increase the penalty for using it as a tool to victimize others.

This case will require officers to justify their conditions. It will not, however be the end to conditions governing how offenders access the Internet while on supervision. I see more monitoring and more use of searches. Additionally, officers may now have to check profiles to see who supervised sex offenders may be “friending” to insure there are no future victims. On that note I left a cigar lit somewhere. Be safe out there!

Uncategorized , , , , ,

Cyber-risk: Can Corrections Get it Right?

May 9th, 2017

Computers and corrections (in the community and behind the walls),  is really getting some headlines recently. The thread that appears to running these stories is “risk.” Is there a risk with offenders and computers and if there, is how do we manage it? Let’s start with the case that is currently before the U.S. Supreme Court, Packingham v. North Carolina.

Lester Gerard Packingham Jr., a  convicted North Carolina sex offender, who was no longer under any form of supervision, posted a message “”G-d is Good” on Facebook after a traffic citation was dismissed. Problem is in North Carolina all sex offenders are prohibited from accessing social media.  His conviction has been appealed all the way to the Supreme Court.  A decision is likely this month. The question is can a sex offender, even after he has served all of his sentence, be prohibited for using social media? Does their risk trump the Constitution?

The next story comes from New Jersey. A sex offender on lifetime supervision was completed barred from accessing the Internet by his parole officer. It is unclear if the officer had tried monitoring/filtering and/or periodically computer searches before imposing the complete prohbition.The New Jersey Supreme Court struck down the condition noting that:

access to the internet is a basic need because most job seekers these days need it to find and obtain work.”

Gee, I wonder how the U.S. Supreme Court will rule in imposing Internet restrictions on sex offenders who completed their sentence (I am betting it gets struck down). Now the next two stories represent that even prisons can not stop offenders from accessing the Internet. In the first case, federal sex offenders, in custody, swapped child pornography using smuggled cellphones and data cards. Apparently, they were in a low-security prison, where they were able to work in tandem, to defeat staff’s supervision of them.

In the next story Ohio inmates built their own computer and used the prison’s Internet access to download hacking programs and carry out identity theft. Apparently, some of the inmates were part of a detail working on disassembled computers for a contractor. Unfortunately, they were not supervised and were able to build their system. They also were able to connect to the prison network and to power, all undetected.  The last two examples are cases where offenders, presumedly under a much higher level of supervision were still able to find a way to get connected. It appears corrections staff underestimated their “risk.”

Corrections appears to have trouble understanding risk when it comes to computers. They either overstate it or understate. I recently got forwarded a request from a corrections professional asking how to teach high risk offenders Internet safety because they were posting inappropriate things online and getting in trouble. I took this to be a request of “can we teach felons to lock up their social media profiles so they stop getting in trouble, particularly with their supervision officers?” Really? Is that what we want, high risk offenders who can’t be monitored online? I think not.

There is a fine line that many in corrections can’t seem to grasp in managing cyber-risk. They either go over board, such as with complete bans, which aren’’t always upheld, or they go the other way and ignore the risk. We need to get this right and soon. I have been absent from this column for too long and maybe, just maybe, I need to resume writing about these issues. On that note, I left a cigar lit somewhere. Be safe out there!

Uncategorized , , , , ,

HELP: A Pokémon Is After Me!

August 25th, 2016

I am not sure if any of you have witnessed the recent craze that started in July called Pokémon GO, which has individuals using their Smart Phones to search and capture imaginary creatures in the real world. No I am not making this up.  Some are forecasting a “flood” of more games to come, capitalizing on this concept which is more specifically referred to as augmented reality gaming. As with any new technological development, there can be a dark side, which has already been exploited by those who look to victimize others.

Before delving into this discussion, let me first explain a little further about Pokémon Go. The game is aimed at players age 10 and up and at least initially the developers did not see fit to put perimeters on where the “creatures” could be located. Individuals were finding the creatures in clearly inappropriate places for children playing a game, such as The Holocaust Museum, funeral homes, and adult themed stores.

Not long after game was released, a NY state senator expressed concern that the game could be used by “higher-level sex offenders” to gain access to children.  The senator observed an informal investigation revealed 57 Pokémon creatures were located near 100 addresses of registered sex offenders across New York City.  The senator advocated and apparently obtained earlier  this week a parole condition for MOST sex offenders in NY that reflects:

“I understand that I shall not download, access, or otherwise engage in any internet-enabled gaming activities to include Pokémon Go.”

I find this very interesting. I have long stressed that Internet gaming held the potential for sex offenders to engage in grooming activities and therefore was an appropriate supervision prohibition. After all playing a game does not educate or help someone get employment.  However, I tended to focus on games children victims would most likely be playing. Children are the ones who are the grooming targets of pedophiles. However, the prohibition reflects “any Internet-enabled gaming.” That clearly applies to Pokémon Go. But does it also apply to online Chess and games less likely to be played by children? A more specific example is the American Association of Retired Persons, which has games for the over 50 crowd to play.   Is an elderly, maybe disabled  sex offender under supervision in NY now prohibited from this activity? There is a real potential to widen the net here beyond what is needed.

One thing that kind of dropped by the wayside was a recommendation by this same senator to require these game developers to exclude locations where registered sex offenders reside. The state of NY has a shown a willingness to share sex offender registration information for such purposes. Gee, that would exclude a much larger sex offender population then just those under parole supervision.  I think though from a developers’ standpoint it may make it bit more challenging to have these augmented reality games function in large areas that are off limits due to sex offenders in the community. (Yes, people, not all sex offenders are in prison and they do live in our communities.)

I mean, what is the acceptable distance from a sex offender and Pokémon creature, 100 feet, or like school restrictions, a 1,000 to 2,000 feet from the sex offender’s residence? Additionally sex offenders are allowed to move, which requires them to update their registration. This would require the gaming company to periodically update their “exclusion zones.” At a minimum this might require a monthly reconciliation but more likely a weekly update to make sure the zones are properly excluded. Also, people we are just taking about keeping the residences of sex offenders off the gaming zones. What about where they work or go to school? This information is also part of the registration. Should the gaming grid also exclude these locations to make sure kids are safe? Maybe from a developer’s standpoint, they hold no responsibility to make sure the players are safe. That is up to the Government, right?

The Government only has control over those who are currently under supervision. Many sex offenders aren’t on supervision. Additionally, there are obviously those who have absconded and are wanted. No parent should throw caution to the wind because there are parole conditions that prohibit supervised sex offenders from using these games.  Allowing their children to run free, unsupervised, and possibly alone, while playing Pokémon Go or any other augmented reality game is asking for trouble.

By the way, to date the biggest offender group to exploit Pokémon Go, appears not to be in the sex offender population. At a minimum there have been reports in California, Georgia, Florida, Indiana, Oklahoma, Nevada, Maryland, and Texas where adults playing this game have been robbed at gun point. (I found maybe two examples of sex offenders missing using this particular gaming application) Basically, victims find themselves distracted by the game, in areas they probably should not be in, during times when they should be there. It doesn’t help that they are holding expensive electronic devices in the open.  Should we start barring parolees who committed robbery from playing these games too? Maybe they should not be in the close vacancy of a Pokémon creature.

It seems we need to do a better job of balancing these parole restrictions to the risk and tailored to the needs of the case.  Additionally, it probably is appropriate to require software/gaming companies to develop products that minimize the potential for harm to users.  For starters they should focus on game grids in the real world that are as free from risk areas as possible and where law enforcement regularly patrols. They should also have built in controls that prohibit any users from adding creatures or game tokens to locations that have not been approved.  They might also consider requiring users that are given such powers to be properly vetted. Finally, we as consumers, either as individuals or parents need to start thinking about how we are ultimately responsible for our own safety  and that of our loved ones and quit relying solely on the private sector and Government to make us safe.  On that note, I left a cigar lit somewhere (Hopefully some stray Pokémon hasn’t taken off with it.). Be safe out there!

Uncategorized , , , , ,

Felony Arrest Not Key to Hacking Success

April 14th, 2015

Well, it has been quite a while since I put some random thoughts down in this forum. My apologizes to corrections.com and those of you who might have found my “pebbles of wisdom” of interest over the years.  (Yes, I know it is pearls, but that would be a bit vain of me wouldn’t it?)  Recent events have caused me to draw some parallels for those hacker wantabees out there and those who must deal with them when they are caught.

About a month ago the Fortune article 6 Notorious Hackers and Their Second Careers caught my eye.  I have been aware for years that two of the noted hackers in this article, notably Kevin Mitnick and Kevin Poulsen, had turned their life in a law abiding direction. For those who work in corrections this is a confirmation that individuals can and do turn away from a life of crime. Not that they need my praise, but well done to both of them.

The second event that occurred was the recent arrest of Pasco County, Florida teen for allegedly hacking into his school’s computer network to engage in an prank. This event was followed by an opinion piece by Robby Soave, staff editor at Reason.com. He notes in part:

Treating every small infraction of school rules as a crime requiring police involvement is a waste of time and public resources. And it’s bad for the kids. (Juvenile Name)  might not be able to return to school; will he learn anything from this experience? Will he become a more mature teen? Or will his life become immeasurably worse because officials went to DEFCON 1 over almost nothing?”

I agree with Soave that this youth doesn’t need to go to juvenile prison. However, I don’t agree that his conduct should just be ignored.  I also don’t believe the media is doing any service to this juvenile or other “wantabees” by glorifying his conduct.  This got me thinking about the old mindset that if one could hack one could become famous and get hired by some big tech company.   What are the odds that this juvenile who is being elevated to somewhat “star” status by the media might turn out to be another famous (infamous) hacker? Let’s take for a moment our two reformed hackers as examples.

Both Mitnick and Pouslen were jailed/convicted in around 1995/1996. During those years the U.S. Department of Justice charged between 43-45 defendants for computer fraud. So a rough estimate is that 4% to 5% of the “hacker” class of 1995/1996, made it “big.”

Let’s put that in comparison to sports, particularly at this time of seniors getting ready to graduate and go to college. Stats compiled by the NCAA reflect that 6.9% percent of the high schools who played baseball in high school went on to play in college.  For high school football players the percentage is 6.5%.  So the odds of playing college sports are better than making it big as a hacker. But wait, who cares about college … what about professionals?  The percentage of baseball and football college players who are were drafted professionally is 8.6% ( MLB) and 1.6%  ( NFL) respectively.  Obviously, this means less high school graduates make it to the big leagues.

Now I know many of you are like wow. You have a better chance of making it big as a hacker compared to playing professionally sports, provided of course you have “talent.” But not so fast Mister Matrix! The percentage I used for the hacker class is only federal convictions. There were countless convictions occurring at the state level, even in 1995/1995, which significantly reduce those “success”stats.

One also should point out that both Mitnick and Pouslen had to serve long periods of incarceration and later time on supervision. Mitnick in particular had computer restrictions that would make daily life today almost impossible.  Finally, it took both Mitnick and Pouslen a significant amount of time and energy to get where they are today.  Was prison and felon status a better first option than going to college and obtaining employment?  I would say no but they may answer otherwise. In the end, we have to treat cybercrime as any other crime. It is not a resume builder for the vast majority of individuals.  On that note, take care as I left a cigar lit somewhere.

Uncategorized , , , ,

Back to Tor, Silk Road and Bitcoins

March 4th, 2014

It was a few months back when I first introduced the terms, Tor, Silk Road, and Bitcoins on this forum. Those of you who read my piece recall that drugs were being sold on an underground website located on the Tor network called Silk Road. The currency for this underground website was bitcoins, a digital cyptocurrency.  I know. It sounds like the start of a bad science fiction movie but it is all true. Quite a bit has happened since that piece was written which warrants revisiting.

 At approximately the same time I introduced the above,  law enforcement appeared to be on a Tor offensive, with Silk Road’s allegedly leader, Ross Ulbricht, aka, Dread Pirate Roberts (DPR) and several of his alleged co-conspirators arrested and the offending site shut down.  Additionally, arrests related to illegal guns sales were also made on another Tor site, called BlackMarket Reloaded, which by the way also sells drugs.  But the online drug dealers were not through and launched Silk Road 2.0.  Much to their surprise they found that law enforcement was up to the task and two moderators of Silk Road 2.0, who apparently were also involved in the original site, were arrested. It came out last month that Silk Road 2.0, unlike its predecessor, apparently had its assets stolen by hackers as opposed to being seized by law enforcement.  

The assets stolen, specifically bitcoins, have also had their ups and downs. When I first mentioned them they were going for about $135 a piece.  Early last month they were going for about $800 a piece, only to drop these past few weeks to about $500 a piece. The reasons for this wide price fluctuation are varied but include: the seizure of Silk Road bitcoins, China imposing restrictions on their use, and more recently  the public exposure of a bitcoin flaw, transaction malleability. Okay, your head is now officially spinning. Transaction malleability, is that like a trans warp, anti-matter drive used on a starship? Trust me it is not and I promise I will stop using “geek” terms.

Here is something that is not so geek for you to wrap your mind around.   An Australian online study involving 9,470 drug using respondents, in three countries (United States, United Kingdom, and Australia) was completed at the end of 2012. Silk Road goods were part of the survey questions. To put this in perspective, Silk Road was only about a year old in 2012. The results of this study were published in the journal,  Addiction.   According to a news report on this study:

  • 18% of American drug users had used Silk Road “products.” 
  • Over  three-quarters of the respondents indicated they used Silk Road because it had better-quality of drugs.
  • Depending upon the country, between 53 and 60 percent bought MDMA, while 35 and 51 percent bought marijuana.

I know this study may be considered skewed because it was an online study, meaning non-online drug users would not be included. But think about it for a moment. After only a year being on the cyber-space corner, 18% of U.S. online drug users had experienced Silk Road products. I am no business major but 18% from nothing in a year seems pretty impressive to me.

So what does this all mean to those of us in corrections? I think it reiterates what I noted in 2011, namely that drug use and sales are going online.  We now have large scale sites dealing drugs and a significant number of users consuming drugs obtained online. Users are noting they are buying online based upon quality. What trends can we expect?  Stopping drug usage in your own community is one thing. When the entire world becomes an illicit supply chain the task  becomes much more difficult to control. We are likley to see more users getting their supply, at least in part, from online sources.  I also think if  Tor becomes much more user friendly on cell phones we will likely see more underground drug purchases made through cell phones. It can be currently run on an Android phones but it ain’t pretty. Android phones by the way can be used to hold a bitcoin wallet,  the currency of choice in this underground market place. Instead of looking at an offender with a wad of bills, we may need to start looking at cell phones with bitcoin wallets. On that thought, I left a cigar lit somewhere. Be safe out there in the real world and in cyberspace.

Uncategorized , , , , , , , ,

Investigating Internet Crimes: A Crimcast Interview

February 8th, 2014
On February 7, 2014, Crimcast interviewed me about Internet crime and my new book, Investigating Internet Crime: An Introduction to Solving Crimes in Cyberspace, co-written with Todd G. Shipley.  Click here to access the interview.  (And by the way thanks to Crimcast for the interview!)

Uncategorized , ,

Survey of Cyber-risk Management Practices in Community Corrections

November 27th, 2013

I have been writing for this blog since November 29, 2010. My first article on Corrections.com, Supervising the cyber-offender: Are you ready? actually appeared three years earlier on November 26, 2007. So by any measure I have contributed my little pearls of wisdom on this website for some time. Recently I wondered how things have changed since I started writing these articles.  In my 2007 piece I concluded by noting:

It is clear that technology has benefited society in so many ways. It is equally clear that offenders have found ways to use technology to the detriment of society. Probation, parole, and pretrial officers, like law enforcement previously, are learning that we must not let offenders go unchecked in this new arena of criminal behavior. Community supervision agency managers and administrators must be willing to support their staff in developing and learning these skills to be effective change agents in the future. Otherwise, offenders will continue to increase their technological edge, creating an unacceptable risk to our communities.

To kind of get an idea of where agencies are at I decided to do a survey. In September of this year I solicited input from a LinkedIn Group (Community Corrections Cyber-Supervision Group) by asking for their responses to ten questions related to cyber-offender management. I figured this would be a good group to target, since I started it in July 18, 2009 …  “for community corrections officers (pretrial services, probation, and parole) and others who are involved with supervising individuals in the community and in cyberspace.”  The vast majority of members work as line officers or as supervisors/managers in probation or parole agencies. However, there are also a few individuals who are consultants or work as vendors.   At the time I solicited the group’s input we had 378 members. Thirty-five percent were in entry level positions; 32% in management, and 13% in senior level positions. The remaining 12% fell in the following three other categories, director, owner, etc.  A high percentage of the group, eight percent, were located in either the New York or Boston areas.  The online survey was only sent to group members and was only open from September 4, 2013 to October 31, 2013. I got 37 responses, or  approximately 10% of the group.

Twenty-seven percent of the responses came from individuals located in California. Followed by 11% in Ohio or Texas; 8% in Nebraska; 5% in Illinois or Utah; and 2% in Idaho, Michigan, Minnesota, New Jersey, New Mexico, Oregon, Pennsylvania, Tennessee, or Virginia.  Approximately 46% of the individuals worked for state agencies, with 35% working for local or county agencies. Fourteen percent worked in the U.S. federal system. One response was received for an individual working at an agency in Canada.  The vast majority of individuals responding, 73%, had experience in probation. Thirty-seven percent had experience in parole and 13.5% with pretrial services cases.  Approximately 11% of the respondents were chiefs or administrators.

The most prevalent supervision practice to manage offender cyber-risk was home and/or employment visits, with 70% identifying it use. This was followed by 68% using computer searches or Internet investigations (such as checking social media).  Sixty-two percent used location monitoring devices. Fifty-seven percent of the individuals indicated they used computer monitoring.   Thirty percent of the respondents used polygraph examinations.

Many of the individuals reported using more than one supervision technique. Fifty-four percent of those who used home/employment visits also used computer searches or Internet investigations. Thirty-eight percent of those using home/employment visits also did computer monitoring.  Of those who did computer searches, 64% also did computer monitoring or Internet investigations.  Twenty-seven percent of the respondents did home/employment visits, computer searches, computer monitoring, and Internet investigations.  Eleven percent of the respondents did everything, ie. home/employment visits, third party contacts, computer searches and monitoring; Internet investigations, polygraph examinations, and location monitoring. Fourteen percent of the respondents report their agency has monitoring software installed by law enforcement. Another 11% used a private contractor to install monitoring software on offenders’ computers.  Approximately 32% reported that law enforcement personnel from outside their agency conduct computer searches on their behalf.  No respondents reported their agency used a private contractor to conduct computer searches for them. Respondents noted their agencies used computer monitoring and/or searches to manage risk in the following types of cases:

  • Sex Offenders, 78%
  • Internet Harassment/Stalking, 35%
  • Internet/Identify Fraud, 27%
  • Check Fraud, 22%
  • Hacking Offenses, 16%
  • Counterfeiting, 16%
  • Approximately, 19% reported not using either computer monitoring or searches to manage cyber-risk in any cases.

Respondents collectively identified the following resources lacking in the management of offender’s computer use:

  • Training, 65%
  • Time/Other Resources, 62%
  • Staff, 46%
  • Equipment and/or Monitoring or Search Software, 41%
  • Policy/Procedures, 32%
  • Judicial Support, 27%
  • Administrative/Management Support, 22%
  • Legislative Support, 22%

Okay, what does all this mean? Well, clearly agencies are using various techniques to manage cyber-risk, with home or employments visits of all things, topping the list. Home visits are great for detecting if an unauthorized computer is in the home or work site. However, such visits alone are useless in determining what someone might have done on a computer. At least 54% of the agencies doing visits agreed with me because they also use computer searches. I would hope it would be higher. I was bit surprised to see that only 57% of the respondents report their agency used monitoring software and only 30% used polygraph examinations. I was disappointed more agencies were not using both computer monitoring and searches. They must not have read the American Probation and Parole issue paper or seen the webinar on that topic.  I was not surprised to see how many individuals were reporting their agencies lack such things as training, time, staff, equipment and software. More is needed if officers are expected to effectively manage cyber-risks.  I wonder what these results would have been had I done this survey when I started writing these articles. With 65% noting they needed more training, I can’t imagine it being much worse.  Between 22% to 27% observe they lack administrative, legislative, or judicial support in managing offender computer use. I know law enforcement is being relied on by some agencies to install monitoring software and to search computers. But, will they be able to help to the extent needed? Remember my 2007 comment noted above. We clearly are still not doing enough and I fear we are creating an unacceptable risk to our communities. It is meaningless if courts and parole authorities impose conditions that can’t be enforced by supervision officers, with or without the aid of law enforcement.  Hopefully, if I do this survey again in a year or two the results be will better. Until then I left a cigar lit somewhere. Be safe out there and enjoy the holidays.

Uncategorized

Investigating Internet Crimes….. We are going to Print!

October 28th, 2013

Todd Shipley’s and my book is finalized and in the hands of our publisher, Syngress. Release date is November 22, 2013.

Uncategorized