interested in joining corrections.com authors network, email us for more information.

Way to Go HTCIA… 25 years and still growing!

January 30th, 2011

Congratulations to the High Technology Crime Investigation Assocation (HTCIA) on 25 years of excellence.  Started in 1986 by a band of committed law enforcement and private sector professionals it has grown to the largest non-profit professional organization of it kind in the world. Their membership continues to be made up of individuals concerned about in prevention, investigation and prosecution of crimes involving advanced technologies.  I might add that probation and parole officers in the last few years have joined its ranks as well.

HTCIA 2o11 International Training Conference & Expo is being held at the Renaissance Esmeralda Resort & Spa Indian Wells, California near Palm Springs.  Look for speakers/workshops on the following topics:

  • Cloud computing
  • Mac Forensics
  • Memory acquisition and analysis
  • Live Forensics
  • Cell phone Forensics
  • Windows 7 Forensics
  • Imaging
  • File structures
  • Social Networking
  • E-Mail analysis
  • E-Discovery
  • Legal issues
  • Lock picking
  • GPS analysis
  • Artifacts of any kind
  • Linux Forensic tools
  • Linux System Analysis
  • Tape Forensics
  • Photo Forensics
  • Printer Forensics
  • Accounting packages
  • SQL Analysis
  • Network and TCP/IP
  • Social Networks for Law Enforcement (Twitter, MySpace, Face Book)
  • Managing Incident Response/Investigations
  • Vehicle black Box forensics
  • Emerging Laws re: eDiscovery-ESI
  • eDiscovery – new legal issues/ Working with Attorneys
  • Advance Issues of Email & Web Mail
  • Collecting internet evidence
  • Investigation of social web sites (MySpace, Face Book, Twitter etc.)
  • Managing Investigations – criminal and civil
  • Network Device Forensics (Log Files from network device) Router
  • Court Room Testimony techniques
  • Financial Crimes – Tax Evasion & Money laundering
  • International Trends – Situations – experience
  • White Collar & Corporate Investigations
  • Legal Issues – Civil & Criminal
  • Legal Mock Trial
  • Memory – court decisions
  • Human Resources Department Internal Investigations
  • Case Studies – criminal investigations (breaches, identity theft)
  • Case Studies – civil
  • Report Writing for Forensic Examiners
  • Report Writing for Investigations

For more details check http://www.htciaconference.org/.  For details about HTCIA and how to become a member visit their website at HTCIA.org.

Email This Post Email This Post    Print This Post Print This Post

Uncategorized

The Three C’s: Answers for the Correctional Professional on Cybercrime

January 30th, 2011

My blog “The Three C’s (Computers, Crime & Corrections)” has been up for a little over two months now and I have been a little self centric. I have been writing about topics that I found interesting/intriguing etc. However, I am sure my reader(s) out there have some thoughts, questions, etc. that they are curious about. Well here is what you do:

  1. You don’t need a user account to post a comment, However.
  2. Your name and email are required to post a comment but only your “Screen Name” will appear in all communications and APPROVED comments that are posted. So, use good judgment about it. Be good and be safe!
  3. Your email is included in the communication but it does not get posted with the comment.
  4. Post a comment on this page and I will get your message.

Couple things about posting. We, the blog authors, Moderate the comments. Which means we have authority to APPROVE, which means make public your comments. So remember in Item 2, if you put your full name in your profile it will appear on the post, if APPROVED.

No one but the individual blog authors and of course corrections.com can see the message or who sent it . After it is APPROVED the comment and author appears but not the email. I also can just trash it so it is gone too (I do that after reading the spam for laughs). So this means you can shoot me a topic and don’t have to worry the whole world will read what you suggested or that you asked something. Nothing gets posted unless it is APPROVED.

So if you have a topic that is germane to this blog, shoot me your suggestion.

Now I will also entertain “how to or what does this mean’ questions from correctional professionals, which means, correctional, probation, parole, pretrial, or community sanction officer or someone employed in the system (as opposed to “serviced” by the system), please be prepared to give me your name/agency and work telephone number. Again, that information will not appear on the blog as I won’t be approving it. This way I can confirm I am not telling those who shall not be named how to take over the world! (If it were that easy)

So get registered and start those questions/comments flying!

Email This Post Email This Post    Print This Post Print This Post

Supervision

State Wiretap Laws: The Title III Gorilla in Correctional Computer Monitoring?

January 27th, 2011

Community corrections agencies are increasing being asked to manage cyber-risk. Some prohibit all computer or Internet use. Others conduct periodic computer searches. Many are relying on computer monitoring software to do the lion’s share of the risk management. So how does wiretap laws pertain to community corrections computer monitoring? Lets see!

Title III in this article collectively refers to wiretap laws at the federal and state level. Kerr writes this in regards to the federal statute:

“The basic structure of the Wiretap Act is surprising simple. The statue envisions that an individual is exchanging communication with another person or machine. The state makes it a crime for someone who is not a party to the communication to use an interrupting device to intentionally access the private communication in “real time.” (pg. 451)

How does this relate to computer monitoring then? In O’Brien v. O’Brien, Case No. 5D03-3484, (2005) a Florida appellate court ruled that computer monitoring by a spouse was governed by the state’s wiretap statute, which was patterned after the federal law (18 U.S.C. § 2501). In this case the spouse used software to capture chats, instant messages, and web browsing by her husband, without his knowledge. The software eventually captured the husband’s communication with his girlfriend, who also was unaware of the monitoring. The appellate court ruled in part that …. “spyware installed by the wife intercepted the electronic communication contemporaneously with transmission, copied it, and routed the copy to a file in the computer’s hard drive, the electronic communications were intercepted in violation of the Florida Act.”

Some community corrections officers are deploying similar monitoring software, particularly on sex offenders’ computers. The installation is usually through a supervision condition authority. Additionally, the offender and all household members who may use the computer are always fully aware that the monitoring software is present. Progressive agencies also place electronic consent banners at the start up of the operating system and place hard copy warning stickers letting all who may use the system know they have no expectation of privacy if they use the computer.

Federal law provides a minimum level of privacy protection with the wiretap statute. Some states have greater protections. The federal Title III law and states with similar laws provide for some exceptions to a wire tap. Several exceptions are germane here. The first is commonly known as consent. There are two kinds of consent. The first is one party consent, which is contained in the federal law and 38 state statutes.

Under one party consent if one person knows about the inception (monitoring) and agrees, the monitoring can occur. In a correctional setting, the offender knows as well as all who use the system, that the computer is being monitored. This is established by the use of the banner and/or hard copy notices. Additionally under federal law there is also an exception for a person acting under “color of law” to intercept a wire, oral, or electronic communication with consent of one party to the communication.

The other type of consent is called two party. This means that both parties to the communication have to consent to the monitoring. There are twelve states that have two party consent (CA, CN, FL, IL, MD, MA, MI, MO, NV, NH, PA, and WA,  Reporters Committee for Free Press). Some two party states, such as Florida, allow an exception to law enforcement with one party consent, when…. “the purpose of such interception is to obtain evidence of a criminal act.” (FL 934.03(1)(c)). The purpose of correctional computer monitoring is to insure compliance not necessarily to obtain evidence of a criminal act. For instance, monitoring may used to insure a sex offender is not viewing adult pornography, which would be a treatment issue and not a criminal act.  

Two party consent can therefore be an important consideration if computer monitoring is occurring. The offender and their household’s consent means little when they communicate via the computer with someone who is not aware the monitoring is taking place. The third party person they may communicate with can’t see the warning banner or the stickers. Lets see how this plays out.

  1. Sally’s son is being supervised for downloading child pornography. They live in a two party state and her son’s officer has installed monitoring software on the computer so he can have Internet access to look for work. Sally is okay with this as she wants her son to say out of trouble. The software will be on the computer as long as her son is in the home and on supervision.
  2. Sometime after the installation, Sally gets online and enters a chat room where a discussion on breast cancer is taking place. There are five others in the chat room. Sally posts in the chat room as well as communicates via instant messaging with the other participants. Additionally, she sends and receives e-mails from all them after exiting the chat room. All of this activity is being recorded by the monitoring software. Sally knows about the monitoring software but the five others do not.

Do the five have a reduced expectation of privacy for their chat room discussions, yes of course? But what about the private instant messages or their e-mails with Sally? You see the problem.

Some monitoring software alleviates this problem by limiting monitoring to only the offender’s usage. One company actually uses a biometric device to ensure only the offender is being monitored. But the offender’s communications are still obviously being monitored. It is hard to imagine why a sex offender would be allowed in a chat room, but use of e-mail is another matter. The offender’s exchange of e-mail with someone else could also create the same consent issues to monitoring in a two party state.

Now the second exception to wire taps is the issuance of a court order. Under federal law there are specific time constraints and judicial oversight of the entire process. Additionally, there are specific requirements to get a wiretap order issued. They include a finding of probable cause that the following exists:

” a) there is probable cause that an individual is committing or about to commit a specific crime; there is the belief that particular communications concerning that offense will be obtained through such interception; and c) normal investigative procedures have been tried and have failed or reasonably appear to be unlikely to succeed if tried or to be too dangerous.”

Even a supervision condition for monitoring software, ordered by a Court is hard to imagine being the same. There is no probable cause to believe the offender is committing or about to commit a new crime.  Additionally, a periodic computer search can be used to find the evidence so a normal investigative procedure could be used.  Finally, computer monitoring on an offender can literaly be on the entire term of supervision, which is often years in duration as opposed to days or months common in wiretap orders. 

It is possible that monitoring software might follow what has occurred with probation searches. Specifically, in United States v. Knights, 122 S.Ct.587 (2002), the Supreme Court “…held warrantless search of a probationer’s apartment, supported by reasonable suspicion and authorized by a condition of his probation, was reasonable within the meaning of the Fourth Amendment.” Does this mean an appellate Court could carve out some kind of exception for computer monitoring for probation/paroles because they have an reduced expectation of privacy? What about the order’s impact on others inside and outside of the offender’s home who may be involved in communications with the offender’s monitored computer?

By the way, what is the down side of breaking a wiretap law? How does possible criminal and/or civil penalties grab you? Clearly some thought has to go into computer monitoring in states with two party consent issues. At a minimum agency’s should do the following:

Know throughly what computer monitoring they are using can do and can not do. Some important considerations are:

  1. Is a electronic consent banner part of the program?
  2. Can it be configured to only capture the offender’s activities?
  3. Can it be set to prevent incoming communication from non-supervised person’s from being captured?
  4. Can it block programs that might create two party consent programs, such a chat or Instant message programs?
  5. Can it filter data to monitor or alert, to only that which is germane to the conviction or problem conduct?
  6. Can it set to capture only outgoing communication from the offender

With a working knowledge of the software discuss the situation with a Title III legal expert in the jurisdiction to insure that if monitoring can be deployed that it is done only in a manner consistent with state and federal law. The last thing you want to do is create bad case law or worse, by not dealing with this “gorilla.”

References

Electronic Surveillance Laws, Accessed from http://www.ncsl.org/default.aspx?tabid=13492

Florida State 934.03: Interception and disclosure of wire, oral, or electronic communications prohibited. Accessed from http://www.leg.state.fl.us/Statutes/index.cfm?App_mode=Display_Statute&Search_String=&URL=0900-0999/0934/Sections/0934.03.html

Kerr, Orin (2006) Computer Crime Law, Thompson, St. Paul

O’Brien v. O’Brien, Case No. 5D03-3484, (2005). Accessed from http://www.5dca.org/Opinions/Opin2005/020705/5D03-3484.pdf

Reporters Committee for Free Press “Can We Tape?” Accessed from http://www.rcfp.org/taping/

United States v. Knights, 122 S.Ct.587 (2002)

18 U.S.C. Chapter 119, Wire and Electronic Communications Interception and Interception of Oral Communications. Accessed from http://www.justice.gov/criminal/cybercrime/wiretap2510_2522.htm

Email This Post Email This Post    Print This Post Print This Post

Supervision

Twitter and Probation and Parole

January 21st, 2011

We repeatedly see stories of sex offenders posting on Facebook® or MySpace®. There are news accounts of sex offenders being removed by these sites and law enforcement arresting them for failure to report their Internet Identifiers. One of the things I have been trying to stress is that all offenders, not just sex offenders use social media to communicate. They are no different then any other person in this regard. They post commentary about their lives and how things are going on. They even post stuff they probably really shouldn’t. I was curious though if they were also “Tweeters”…. Well the answer is YES. Here is a snap shot of some of the tweets I collected in about 5 minutes, cleaned up slightly, with only their Twitter names. They give you an idea of what some of these folks are thinking when they leave your office or waiting for you to make your home visit. By the way, if you have a Twitter account and the right information about your offender you can see what they are posting specifically. Enjoy!

ScottiePiffin15: “*itch im on probation so my nerves bad”

C3pmoody: Once I get off probation I get bac on dats *ucked

cchellahandsome: “Sitting in the probation place like I don’t have *hit to do today.”

Lil_CrYs420: “Ughhhhhh who knew you needed a whole cup of *iss…grrrrr hates probation soooo much!!! I need to smoke badly”

sillyskrod: “I am all in compliance and my probation officer is happy with me. Only three more probation visits!!!!!!!! Eeeeeeee!!!!!!!!!!!”

MrPearlEm: “*itch im on probation so my nerves bad, and they say time flys well mine first class”

JGon561: “@KalioGo1wayWM how you smoke and on probation? I’m scared as *uck to smoke!”

IamGotti: “Just left my probation officer office…….this is no good”

brycelamaar: “*uck probation!! I seriously won’t let this get me down.”

ThatsSoKiva Kivz: “Released on probabtion. Reduced sentence for good behaviour. Have to see my *ucking parole officer. #TwitterJail”

Shedd2009: “Damn… Gotta see the Probation Officer today…. Just another #Mutha*uckaIHateButWontEverKnowIt”

VthePerfection: “Waiting on this parole officer to make a home visit. I’ll b glad when thus *hit over. Got one more year 2012, then I’m free.”

Stickileaks: “#thingsthat*issmeoff My parole officer…”

xADRiZZy: “I need to get alway frm my parole officer! Smh; All up on my business’”

harkinator: “@BrettGates She’s been sandbagged by her Lindsay Lohan SCRAM bracelet. Her parole officer will be here any second.”

Email This Post Email This Post    Print This Post Print This Post

Supervision

Heads up DOP…NY Maybe

January 12th, 2011

@NYCMayorsOffice

Someone, apparently an offender,  posted this to a Legal Question Board

http://www.avvo.com/legal-answers/can-parole-completely-bar-my-access-to-computers—402575.html

Can parole completely bar my access to computers, cellphones, and internet-accessible electronic devices? Viewed 21 times. Posted 1 day ago in Criminal Defense – Brooklyn, NY

I am a sex offender convicted of a crime involving the internet and a minor victim.  On release, the DOP imposed a condition preventing possession or use of any computer, cellphone, or internet-accessible electronic device. This would seem appropriate, but I am not allowed to use them for legit reasons, i.e., searching for employment, work, or attending college/vocational programs.  Also, the Electronic Security and Targeting of Online Predators Act specifically says in section 1, “Legislative purpose and findings”, “Therefore, any measure that restricts an offender’s use of the internet must be tailored to specifically target the types of offenses committed on the internet while not making it impossible for such offenders to successfully reintegrate back into society.” Can I fight this?

There is no mention that someone is posing this question on their behalf.  So, if they are posting…online…obviously with a computer…they have already violated their conditions. DOP might be Department of Probation, City of NY.

If so, DOP, you may have a live on on your hands! Good hunting!

Email This Post Email This Post    Print This Post Print This Post

Uncategorized

Corrections Responses for Juvenile Sexting

January 2nd, 2011

It was ten years ago last month that I raised the issue of computer delinquency in the FBI Law Enforcement Bulletin  December 2000, article, “Juveniles and Computers: Should We Be Concerned?” The article discussed how juveniles were increasing being involved in all manner of high tech delinquency from hacking to check fraud and counterfeiting. Some juveniles were also getting involved in possession and distribution of child pornography. The article concluded with “Only by recognizing early on that computer delinquency is a serious matter that inflicts financial and ethical burdens on society can the criminal justice system hope to effectively handle these youths before they become master computer criminals.” Little did I realize what was on the horizon.

I really missed the mark. With the increased use of mobile devices, particularly by our youth, we now have minors involved in juvenile sexting.  How could I have not realized that juveniles would actually be creating their own child pornography with the future’s technology? What are the corrections implications for this activity? Should juvenile authorities be involved with these cases or is it just a phase our youth will go through?

In “Sexting: Risky Actions and Overreactions” (FBI Law Enforcement Bulletin, July 2010) I discussed with Michael Sullivan that these cases poses a challenge for numerous groups to act responsibly with common sense and sound discretion.  The article provides a framework for deciding an appropriate investigative and/or legal response to these cases.  Before I delve into juvenile corrections considerations, let me be clear about one thing. These considerations only apply if we are dealing solely with juveniles and not adults. An adult involved in the situation changes the dynamics, particularly if they were the cause or catalyst for the juvenile’s involvement.

Prevention is really the key to these cases. Youth must be educated about Internet safety, computer usage ethics, and the repercussions of inappropriate online behavior. Digital images do not deteriorate over time and can be easily distributed worldwide. Offensive online behavior posted on a social networking site may seem “funny,” when one is 15-years old but may be extremely difficult to explain away when one is trying to get into college or even get hired. Active Internet safety/ethic presentations should be part of every school’s curriculum. Such presentations can help minimize or prevent future juvenile sexting occurrences as well as cyberbullying. They also can be used as a component in developing diversion programs for cases which do not warrant formal juvenile adjudication.

Once a juvenile case is presented for adjudication, officials need to evaluate several factors to ascertain an appropriate response to the underlining conduct. For instance, if we are talking about images, how did they come to be created? Did the victim take the images and forward them? Were they coerced or somehow forced to take the images or were they taken without their knowledge? What is the age difference between the victim and the person who created, received, and/or distributed them? It may be a mitigating factor where there is little or no disparity in age. However, if the offender is significantly older (e.g., a 15-year-old with pictures of an 8-year-old) there are serious treatment considerations present. Has the offending youth participated in similar misconduct in the past?

Likewise, did the offender forward the images or messages to get back at the victim? Did the initial illicit activity somehow transform into cyberbullying or Internet harassment? Was the act itself perpetrated by the juvenile offender meant to be a “prank’? For instance, a wayward male teenager taking a picture of his privates and posting them on a school’s computers. Evaluating these issues will help juvenile corrections recommend appropriate responses that do not go overboard but likewise do not underestimate a possible serious problem area.

Finally, juvenile community corrections officers also need to become familiar with how youth use computers and the Internet for delinquent behavior if they can hope to fashion realistic supervision strategies. It is kind of ironic that over ten years ago when I made my observations about computer delinquency some of today’s teenagers were only toddlers. In some ways, they have out distanced many in corrections with regards to technology. It is really time we as a professionals started to seriously look how technology and new opportunities for delinquent/criminal behavior are developing. If we don’t the next challenge may be far more serious than juvenile sexting.

References

Bowker, Art and Sullivan, Michael. “Sexting: Risky Actions and Overreactions” FBI Law Enforcement Bulletin (July 2010, Volume 79, No. 7) 27-31. Retrieved from http://www.fbi.gov/stats-services/publications/law-enforcement-bulletin/july-2010/sexting

Bowker, Arthur L. “The Advent of the Computer Delinquent” FBI Law Enforcement Bulletin (December 2000, Volume 69, No. 12) : 7-11. Retrieved from http://www.fbi.gov/stats-services/publications/law-enforcement-bulletin/2000-pdfs/dec00leb.pdf

Bowker, Arthur L. “Juveniles and Computers: Should We Be Concerned?” Federal Probation 63, No. 2 (December 1999): 40-43. Retrieved from http://www.uscourts.gov/viewer.aspx?doc=/uscourts/FederalCourts/PPS/Fedprob/1999decfp.pdf

Computer delinquency refers to any delinquent act or criminal behavior committed by a juvenile where a computer was the tool used in the offense, was the target of a delinquent act, or contained evidence of a delinquent act.

Juvenile sexting entails youths sending or posting sexually suggestive text messages and images, including nude or seminude photographs, via cellular telephones or over the Internet.

Email This Post Email This Post    Print This Post Print This Post

Internet Safety

Dial M for Murderer: Mobile Phones in Prisons

December 21st, 2010

An article appeared early this month that Charles Manson, the infamous murderer, was found with mobile phone in his cell, which he used to make calls to and send text messages to people in California, New Jersey, Florida and British Columbia (Choney, 2010 and Dolan, 2010). The same article noted another murder had been maintaining a Facebook® profile via a concealed BlackBerry® (Choney, 2010 and Friedman, 2010)

Mobile phones were never meant for use by prisoners (They were called “cell” phones because of the cellular technology, not because they were designed for use by individuals in cells). The mobile phone problem in prisons is growing at an alarming rate. More and more of these devices are being found inside our prisons. Unfortunately, the devices are not being used just to connect with love ones and to avoid exorbitant collect calls. They are being used in extortion schemes; tax evasion plots; drug deals; credit card fraud; prison riots, and escapes (Justicefellowship.org). In South Carolina a mobile phone was used to order a hit against a prison guard (Kinnard, 2010).

The federal response has been to pass a law that makes it a crime to smuggle a mobile phone into a federal facility (Frieden, 2010) Impressive uh? States without such laws, like California need to follow suit. Such laws make sense but do they stop the smuggling of anything into prison? We still have inmates smuggling drugs in. It is too bad we can’t do something to make the item smuggled, in this case a mobile device, worthless.

Wait, there is something. There is actually technology that could be used jam the devices communication. Unfortunately, an antiquated law specifically, The Communications Act of 1934, as amended and Federal Communications Commission (FCC) rules prohibit the use of such devices, even in a correctional setting. At the time this law was passed and no doubt when FCC rules, were adopted no one thought there would be devices so small they could be smuggled into a prison setting and be used undetected. In 2005, the FCC reiterated its position on these devices (FCC, 2005)

Construction materials may hold an option that block signals but do not jam them, and therefore fly under the legal restrictions. However, that is going to costly and not a perfect solution. There is federal bill, Safe Prisons Communications Act of 2009, introduced on January 15, 2009, that would provide the legal mechanics for state prisons to start using these jamming devices (National Conference of State Legislatures, 2009). Many state corrections departments support this. Prisoner advocacy groups like the Justice Fellowship support it. However, it being held up. The cause? Washington gridlock, maybe. However, it is just as likely that greed is to blame. You see there is money to be made off the prisoners if you can come up with a system where inmates have to pay to use controlled “cell” phones.

So if is truly money that is the hold up, how much is the cost of a prison guards life anyway? What about if Manson had convinced a new bunch of crazies to go do his evil bidding via “cell” phone and killed innocent citizens? What are their lives worth? Lets take the phones out of the cells and get this law passed. Until then at least I have designed to adopt the British term for such devices, mobile phones. The idea of “cell” phones just doesn’t set well will me.

References

Choney, Suzanne, (2010) “Charles Manson had Cell Phone under Prison Mattress” Retrieved December 21, 2010, from http://technolog.msnbc.msn.com/_news/2010/12/03/5574585-charles-manson-had-cell-phone-under-prison-mattress

Dolan, Jack, (2010) “Charles Manson had a cellphone? California prisons fight inmate cellphone proliferation” Retrieved December 21, 2010 from http://www.latimes.com/news/local/la-me-prison-cellphones-20101203,0,2436484,full.story

Federal Communications Commission (June 27, 2005) “Sale or Use of Transmitters Designed to Prevent, Jam or Interfere with Cell Phone Communications is Prohibited in the United States” retrieved from http://www.fcc.gov/eb/Public_Notices/DA-05-1776A1.html

Frieden, Terry, (2010) “President Obama Signs into Law Ban on Cell Phones in Federal Prisons” Retrieved December 21, 2010, from http://articles.cnn.com/2010-08-10/us/obama.prison.phone.ban_1_cell-phones-phones-and-wireless-devices-prison-gangs?_s=PM:US

Friedman, Emily, (2010) “Convicted Murderer Justin Walker Used a Blackberry to Talk to Friends on Facebook While in Prison” Retrieved December 21, 2010 from http://abcnews.go.com/US/convicted-murderer-updates-facebook-page-prison-cell/story?id=12286265

Justice Fellowship (2010) “The Case for Cell Phone Jamming in Prisons”, Retrieved on December 21, 2010 from http://www.justicefellowship.org/key-issues/issues-in-criminal-justice-reform/inmate-telephones/pf-commentary-inmate-telephones/12696-the-case-for-cell-phone-jamming-in-prisons

Kinnard, Mag, “Attack on SC Prison Guard Renews Phone-Jam Debate”, Retrieved on December 21, 2010, from http://www.usatoday.com/tech/wireless/2010-09-13-prison-cellphone-jam_N.htm

National Conference of State Legislatures (2009) H.R. 560, Safe Prisons Communications Act of 2009, Retrieved December 21, 2010, from http://www.ncsl.org/default.aspx?tabid=16176

Email This Post Email This Post    Print This Post Print This Post

Uncategorized

Yes Virginia, Corrections Should Consider themselves part of the critical Infrastructure

December 18th, 2010

William Sturgeon’s article “Cyber Attack” hits on the need for corrections to make sure they are up on their collective games when it comes to IT security.  He brings up a excellent points. One area that I would add is corrections facilities also have to think beyond their four walls.  Let me explain a bit.

Many prisons are located in rural areas. They may have alternative sources of power, water, etc. but for how long? If the power grid that provides resources to them is hit by a cyberattack what will happen to them? They may have the best security measures in place…but if xyz facility that supplies power, water, etc. to their facility is taken out by a cyberattack… what then?

This is one of the changes we all face…not just corrections… in dealing with cyber-attacks.  A good link that provides some more on this topic is  http://www.youtube.com/paulcdwyer.

Corrections agencies, particularly their IT should become part of groups such as Infragard (infragard.net) so they can network on a continuing basis with others (public and private) concerned about protecting the infrastructure.

An attack against a correctional facility, particularly if it caused a mass escape or riot, would be one additional method for a terrorist to blend a cyber attack on other targets…or a real world attack…. to make an an overall impact much more serious.

Imagine an cyber attack against a city, that cuts off power or other needed services, a cyber-incident at a nearby correctional facility, and a real world terrorist incident occurring in the vicinity, with another cyber attack against communications, all occurring within minutes of one another.  How thin would that stretch government resources…how great the impact?  As Sturgeon notes we (corrections) need make sure we do not ignore the wake up call on this issue.

Email This Post Email This Post    Print This Post Print This Post

Uncategorized

Keep it Secret…Keep it Safe: Good Advice for Corrections and Social Networking

December 7th, 2010

For sometime it has been sound advice not to have family pictures displayed in one’s office or workstation. This was a safety precaution. After all one didn’t want an offender to know about your family or what they looked like just in case they decided to retaliate against them. Likewise, it was professionally not a good idea to discuss personal details or specifics of one’s life with their correctional clients. 

We know have social networking sites (SNS) such as Facebook®. In getting ready for this column I decided to do some informal checking to see what correctional professionals were doing on SNS. By searching for employers with corrections, prisons, probation, parole, etc. I came up with current and/former employee at state, federal and private sector correctional entities. I easily found hundreds, if not, thousands, of correctional employees from all levels and agencies, posting an unbelievable amount of personal data online for anyone to see. Correctional guards were posting their significant others/spouses names and ages of their children (with pictures), right on the profile. Of course all their friends were also listed as well. Some were allowing me to see what they were up to as well. 

In many ways this is much worse than having a portrait in your office. Those pictures didn’t have names, ages, schools, employers, their schedule, etc. on it. Additionally, it is tough to make a copy of a portrait but SNS information is there for anyone, and can be printed out and provided in hard copy format rather easily. 

So how big of deal is all this readily available information? Would your activities be of interest to offenders? What would any offender do with this information about the individuals who are charged with controlling them or supervising their actions?What about a prison gang? Would they be able to use this information to their advantage? Anything that might cause you problems with your employer? What if an offender had knowledge of that information? Would they be able to extort you to do something, even minor, with that information? I believe most of us know the answers to these questions. Clearly, knowledge is power. 

Now many of you are thinking, gee, I am really careful. I don’t list any one’s names. I might have my friend’s listed but so what. I only allow friends to see my pictures and my posts. How hard would it be to get added as a friend, from say high school? You know someone the class above or below. How diligent are we in verifying they really are a high school classmate? Once we let them in, they now have access. 

Prison staff may feel somewhat immune to these concerns. After all, inmates are in custody, presumably without access to the Internet or Facebook®. What about their friends on the outside? What about their criminal associates? What about former inmates? You really think they can’t get find you on a SNS? This also is not just some vague warning. There have been real world cases of law enforcement and corrections being attacked through information they posted on a SNS. 

How Your Facebook Profile Should Look to Non-Friends

 

The good news is we control the information that is posted in these forums. Some good Facebook® safety advice can be found at http://www.computerworld.com/s/article/9180642/5_tips_to_protect_yourself_on_Facebook Additionally, I would strongly encourage making many of the Facebook® settings “Only me” with “Friends Only”, as a second option. The “Friends of Friends” option is very tricky as you are depending upon your friends and/or coworkers to be just as mindful of who they allow in or to see their information as you. (Above is a image of a Facebook Profile with the setting set to “Only Me”) .Finally, set your profile at the most restrictive search setting so you can’t be found easily. As the quote goes, “Keep it Secret, Keep it Safe,” sound advice for those in corrections with a social networking presence.

Email This Post Email This Post    Print This Post Print This Post

Internet Safety

Supervising Internet Harassment Offenders

December 7th, 2010

The Internet has blossomed into a modern day necessity. However, serious on-line victimization, such as cyberharrsssment, cyberbulling, and cyberstalking can have a chilling effect on a victim’s computer use. The negative impact can be even more frightening when on-line harassment transcends into real world contact. Former Vice President Al Gore observed: “Make no mistake. This kind of harassment can be as frightening and as real as being followed and watched in your own neighborhood or in your own home.” (U.S. Department of Justice, 1999, p. 1)

Approximately 3.4 million people are stalked annually and 1 in 4 victims reported the offense included a cyberstalking act. (Baum, Catalano, and Rand, 2009) Law enforcement estimates that electronic communications are a factor in 20% to 40% of all stalking cases. (NCSL, 2009) Forty-seven states have laws which explicitly include electronic communications with stalking and harassment laws. (NCSL, 2009)

The Internet is often a stalker’s harassment vehicle, either directly, such as through e-mails/Instant messages to the victim, or indirectly, by posting false or misleading information about victims in chatrooms, social networking sites, etc. The offender can also use the Internet to influence and encourage others to harass the victim, such as can occur in cyberbullying cases. They can also create bogus social networking profiles, impersonating the victim, to harass or gain even more information about their target.

The Internet can also be used to conduct victim research. If the victim has any kind of information that has been posted to the Internet, a stalker can find it. This information may have been posted willingly by the victim, such as in social networking profiles or innocently by others, such as friends, employers, schools, churches, etc. Even posts in chatrooms can sometimes find their way into Internet databases. Once the information is posted on-line it is very hard to contain.

Some stalkers have also used computer spyware or monitoring software [i] to track their victims’ on-line and real world activities. Spyware does not require a great deal of sophistication to deploy or use. It is also readily available online for a nominal fee. Offenders can send an innocent looking e-mail containing a malicious program to their victim. The victim opens the e-mail and inadvertently installs spyware on their computer. In cases where the stalker has gained access to the victim’s computer, they may directly install spyware themselves. The installed spyware usually reports back to the stalker via the Internet and the results can be reviewed at their leisure. Depending upon the spyware the stalker may collect an amazing amount of personal information and details from the victim’s computer. Some spyware can capture the user’s web cam activity or even activate the user’s web cam, forwarding the victim’s images to the stalker.

Finally stalkers use computers to store their research efforts. Victim pictures, spy monitoring reports, etc. can be stored for ready access by the stalker. In cases were the stalker is under community supervision, this information is easily hidden during home visits, unless of course the officer conducts computer searches.

Correctional Efforts

Many correctional methods currently employed, such as location monitoring or victim alerts, cannot prevent cyberstalkers from using the Internet to research and/or strike at their victims. Eliminating the stalker’s Internet use or computer access seems to some to be the logical solution. However, such drastic measures fail to take into account how integrated Internet use has become to our modern society. In juvenile offenses, such as cyberbullying, Internet prohibitions can have serious repercussions for their education and rehabilitation.

Computer monitoring software, which has been used with sex offenders, can also be deployed to supervise Internet harassment cases. The offender can be permitted Internet acesss but their computer is monitored to determine if they are attempting to research, contact, or otherwise harass their victims. The software can also be used to prevent offenders from online locations, such as social networking sites, which were the harassment vehicle or location. Depending upon the software it can generate an alert to a supervision officers’ cell phone of serious non-compliance. Imagine the significance if officers can be instantly alerted to an offender’s efforts to locate their victim’s new contact information or address online.

For the software to be effective offenders must be required to use only a monitored computer. Employers will sometimes allow software to be installed on their computers or have restrictions/monitoring efforts already in place that are sufficient. Likewise, schools can be accommodating. Frequently school services can be accessed via the offender’s assigned monitored computer. Any use of a non-monitored computer without advanced approval should be considered a serious supervision violation.

Officers should not depend solely on monitoring software to supervise the risk posed by the Internet harasser. Field work, ie., home/community contacts are still a requirement. Location monitoring, such as global positioning, can also be used to remain aware of the offender’s location in relationship to the victim and also to computers which could be used to bypass monitoring efforts. Officers should also routinely check the Internet for evidence that the offender is using a non-monitored computer. Oftentimes offenders will recycle or slightly modify old Internet Identifiers (e-mails/profiles) and again start posting on-line. The use of polygraphs, a tool frequently used in sex offender treatment, can also be employed to detect if an offender has used an unmonitored computer or taken some action to locate or contact a victim. These supervision efforts also have to be combined with the appropriate treatment options available for dealing with stalkers.

Conclusion

Stalkers will use whatever means necessary, including the Internet, to annoy, harass, threaten, locate, and/or harm their victims. Officers cannot ignore this reality. To do so places victims and our communities at risk. Computer monitoring of Internet harassers, coupled with other supervision strategies, can help manage the online and real world risk posed by these offenders.

References

Baum, Katrina; Catalano, Shannan; and Rand, Michael, (2009). Stalking Victimization in the United States. Bureau of Justice Statistics (BJS), U.S. Department of Justice, Office of Justice Programs.

National Conference of State Legislatures (NCSL) http://www.ncsl.org/IssuesResearch/TelecommunicationsInformationTechnology/CyberstalkingLaws/tabid/13495/Default.aspx Retrieved November 28, 2010

U.S. Department of Justice (1999) Cyberstalking: A New Challenge for Law Enforcement and Industry — A Report from the Attorney General to the Vice President. Washington, DC: U.S. Department of Justice


[i] Monitoring software is used legitimately by parents, employers, and even community corrections officers to monitor the activities of individuals. In such cases it being used with authorization. For purposes of this article, where such software is deployed without authorization, it is collectively referred to as spyware.

Email This Post Email This Post    Print This Post Print This Post

Supervision