interested in joining corrections.com authors network, email us for more information.

Archive

Author Archive

CYBERCRIME BOOK UPDATE

February 15th, 2012

The book, The Cybercrime Handbook for Community Corrections: Managing Offender Risk in the 21st Century is only a few weeks from being released. Check out the Facebook Fan page at Facebook.com/cybercrimehandbook for important updates and announcements.

Uncategorized

Why Does Your Facebook Profile have an Inmate Number?

February 15th, 2012

In August I wrote an article called Sex Offenders: 1 Supervision Officers: 0  specifically to highlight the need for officers to be able to access the same areas that their offenders are visiting and oftentimes posting to at will. I am sad to say things just haven’t changed since that piece appeared. I am still getting reports that officers both inside and outside prison walls continue to have their Internet access restricted.

It really is bizarre when you think about it. Take for instance Facebook, the current big dog of social networking sites. Offenders are having profiles often times from behind prison walls but the individuals that are suppose to be guarding or supervising them can’t access those sites from work. ( I also like the story out about probation violators posting on the Facebook profiles while they are wanted for violations but I digress).

Yes, I know some states are looking at ways to ban prisoners from having Facebook profiles, two notable ones are California  and recently South Carolina. Facebook and California Department of Corrections and Rehabilitation reportedly entered into partnership in August of 2011 to prohibit inmates from having accounts.  There are some exceptions. The policy does not apply to inmates who created an account before they were sentenced and have not used it while incarcerated. Reportedly, Facebook’s policies prohibit an individual other than the registered user from updating a Facebook account, which would happen when any update occurs…unless of course the inmates is doing it while in prison via a mobile device. Additionally, this described policy is only for states which prohibit inmates from accessing Facebook while in custody.  But none of this inmate or prison specific stuff appears anywhere on Facebook’s user agreement. There is a prohibition to a user allowing another person access their account (Item 8), but that is not specific to inmates.

All this has me scratching my head. Facebook reportedly has a prison policy, which is not part of its user agreement, last updated April of 2011. But there is a report out that California has an agreement with Facebook which points to a rule that they will prohibit inmates from accessing their accounts if they are not allowed to in their state. The last time I checked Internet access was very limited in U.S. prisons. Sure some have e-mail but I have never heard of any state or federal prison system allowing inmates to access Facebook accounts while in custody. At best most systems are silent on the topic. Does that mean approval? Is Facebook waiting until states like South Carolina take legislative action to prohibit access?  Meanwhile while all of this is going on many of those charged with guarding inmates can’t access the Internet or more specifically Facebook. So we can make sure the employees can’t access Facebook but the inmates can do it at will. That makes perfect sense. See no evil hear no evil, etc.

Now many of you are wondering what is the big deal. Let the inmates have Facebook access. What is the worse that could happen? It is not like they could coordinate a riot or attack via a social networking site. No one has done that yet. Nah… these are prisoners…. they wouldn’t do that…. Right!

States need to carefully articulate to Facebook that they don’t want inmates accessing and updating their profiles. Facebook has got to have a policy on this that can be enforced and is posted somewhere. It makes sense that if they had an account before going it that they can have it as long as no updates occur. Corrections has also got to find a way to allow officers both inside and outside of the walls to check on what is occurring in cyberspace before it finds its way into the real world and someone gets hurt. Finally, much of this would go away if prisons could block mobile phones from working in prison. Obviously I am asking for sanity in an insane world. Now where is that cigar at…

Supervision

Cybercrime and Corrections: Predictions for 2012

January 9th, 2012

 Well it is time from my first post of the year and I have decided that 2012 predictions are in order. Last year I wrote about mobile phones in prisons and online drug sales,  gambling, and victimization to name a few. Are these going to be topics in 2012? Regrettably, yes.

Let start with mobile phones in prisons. Last year I noted mobile phones were being used by prisoners to coordinate attacks including an attempted hit on a correctional officer. Charles Manson even had one in his cell. Within the last two months mobile phones were reportedly used during a coordinated attack by prisoners in a Georgia prison. Corrections Commission Brian Owens was reported as stating:

It’s at an epidemic level. Cell phones in prison aren’t about calling grandma for Thanksgiving. It’s about power, it’s about money, and often times it’s about gangs.”

During 2010, more than 8,000 mobile phones were confiscated from inside Georgia correctional facilities. In another mobile phone incident, inmates arranged for meetings with prostitutes while on work detail outside the facility. It seems like the Federal Government may be looking at ways to allow jamming of unauthorized mobile devices in correctional facilities. I put the chances at 50/50 that something will happen positive, particular during a presidential election year.

Last year I provided information regarding online illegal drugs sales. Before I make my prediction, let me mention a December story about online gun sales. This story noted that gun sales via the Internet had reached $1 billion in 2009 up from previous years and one site has 1.8 million registered users. Many of these sales were “largely unregulated and undocumented.” So guns are being sold in increasing numbers online. What does guns have to do with drugs? Well, one doesn’t need a background check to purchase drugs, presumably just a prescription. My common sense side tells me a gun should be the hardest thing to purchase online, followed by drugs. But my side that knows online business is the way of the world knows that is just not the case. Predictions? During an election year there will be no legistlative action to stop this activity. Gee, I hope an inmate can’t order drugs and guns online and have them delivered. But then again they were able to order prostitutes with mobile phones from jail. It would be a piece of cake for an offender under home confinement/detention.

Online gambling is also going to be interesting issue this year. Within just days before Christmas, The Justice Department, gave states the go ahead to start cashing in on intrastate online gambling systems that don’t include sports betting. States are going to have to make decisions about this issue sooner rather than later in light of this turn around. In these tough economic times I believe they will rush ahead, without a lot of study on the possible negative effects of online gambling.

Are online vitimizations are going to continue? In 2011, I noted one case of a Craigslist serial killer, in New York and individuals who used the site to rob and kill in California. Now it appears there are several difference cases were killers lured their victims online in Florida, Ohio, and Michigan. It seems the predators have taken their hunting online in a big way. At the same time we have a study out that stated more than than half of United States kids under 13 have illegal Facebook accounts. I know the cases involving killers noted above involved sites such as Craigslist, not Facebook and they were going after adults not kids. I am sure predators are only going to hunt those areas and leave Facebook as well as kids alone….NOT.

Internet harassment (cyberbullying, cyberstalking, etc.) also is going to continue as more and more folks get online, which will expose them to increased opportunities for victimization. By the way, January is National Stalking Awareness Month.

Congress is grappling with Computer Fraud and Abuse Act, which many argue is out of date requiring clarification about “exceeding authorization” and those Terms of User Agreements that sites have, including Facebook. In a nutshell there has to be a balance between those that fudge there online profiles to get a date and those that are fabricating information to target someone for victimization. I wonder where a Term of User agreement that prohibits particular class of offender will stand in the end. How will Facebook’s rule about no sex offenders stand? Wait a minute, it is an election year… there is no way politicians are going to go out of their way to advocate for forcing websites to allow sex offenders on them. Will courts make a decision? Stay tuned.

What about gangs? Are they still going high tech? Yep, The National Gang Intelligence Center noted it its 2011 assessment:

Gangs are becoming increasingly adaptable and sophisticated, employing new and advanced technology—including social networking websites—to carry out criminal activity discreetly and connect with other gang members, criminal organizations, and potential recruits around the country and around the world.”

Speaking of gangs…what about hacker groups? I don’t think we have heard the last of Anonymous. They like getting headlines. Maybe they will try to muck up a candidate’s or a party’s site since it is an election year here in the states. What about flash riots? I don’t know. Seems the last bunch occurred in August.. We will see if they reappear when the weather gets warmer.

What does all this mean for corrections? Well the mobile phone issue is obviously a big deal for anyone working in a prison. It needs resolved, even if it is an election year. What about community corrections? Seems like everyone is looking to do more with less. Hopefully, pretrial, probation, and parole agencies will take the recent American Probation and Parole Association issue paper, Managing the Risks Posed by Offender Computer Use to heart and take cyberspace into account.  Corrections has to realize that we living in a world where online conduct frequently has real world implications, particularly for vicitms.  At the same time technology can help offenders and we need to realize that a one size approach, namingly prohibiting all computer and Internet access for everyone who misuses technology, is not the solution. For me I will try to keep you posted and updated. Now where is my cigar at?

Uncategorized

Both Sides of Atlantic Take Aim at Offender Risk In Cyberspace

November 30th, 2011

Two news events occurred within the last week that warrant notice.  The first was the announcement by the American Probation and Parole Association (APPA) magazine Perspectives– Fall 2011 of the Issue Paper, “Managing the Risks Posed by Offender Computer Use.” The second was the announcement that Britain was unveiling a new strategy to battle online threats.  Both announcements touch specifically on managing offender computer use. Let’s deal with the first announcement. 

APPA Issue Paper

APPA develops issue papers on topics currently facing community corrections. These papers outline the concerns or considerations of a particular topic in a generally neutral fashion. The APPA, though its Technology Committee, has been wrestling with a cyber-supervision issue paper for well over a year (I know, as I was intimately involved in the process).  The APPA Board of Directors approved the issue paper in September 2011. It was formally announced in the Perspectives last week.  The result is a ten page document which identifies  five components to good computer management in the supervision of people on probation, parole or supervised release. The components are: 1) Obtaining accurate and up-to-date knowledge about what computers a supervisee has or may use; 2) Deciding how to monitor the computer or Internet use (random searches or installing monitoring software); 3) Encouraging venturing beyond the traditional “brick and mortar” world into cyberspace itself by going on-line to find out what offenders are doing on social networking sites and the Internet;  4)  Incorporating complementary technologies, such as GPS monitoring and polygraph evaluations for some high risk cases to augment  computer management; and 5) Requiring officers continue to incorporate field visits, to residences, employment sites, schools and other relevant locations as part of computer management. The paper also discusses the pros and cons of computer searches vs. computer monitoring, noting the ideal approach is to integrate both to provide effective cyber-risk management. Although the paper notes the high percentage of cases involving sex offenders, the discussion is not limited to just supervising sex offenders. It specifically notes all manner of criminal and non-compliance behavior is being committed by offenders using advanced technology and community corrections needs to come to terms with this reality.  Bill Burrell, editor of the Perspectives notes:

With the proliferation of digital technology through our lives, it has become increasingly difficult and impractical to prohibit the use of computers and other digital devices by offenders. Managing the risks falls to probation and parole officers, and it is incumbent upon us to throughly understand and fully exploit the potential of digital technology to monitor and manage offender use of computers and related technology.” (p. 10)

UK Cyber Security Strategy

Almost on que was the announcement  by United Kingdom of its new cyber strategy called  The UK Cyber Security Strategy Protecting and Promoting the UK in a Digital World.  Included in this cyber stragey was the increased use of sanctions, including Internet restrictions against offenders involved in flash mobs or other acts where the Internet or social networking sites were used to cause havoc.  The report notes in part:

4.27 The Government will also work to ensure that law enforcement agencies and the judiciary are aware of the additional powers the courts already have to protect the public when there is strong reason to believe someone is likely to commit further serious cyber crime offences. Computer use may be monitored or restricted under licence conditions when an offender is released, or through a Serious Crime Prevention Order (under the Serious Crime Act 2007). For example an internet fraudster can be prevented from offering goods for sale online. Other orders which may include restrictions on internet use are used to protect the public or victims in cases of sexual offences, harassment and anti-social behaviour. Through guidance we will encourage the judicial system to consider these cyber-relevant sanctions for cyber offences wherever appropriate.

4.28 In addition, the Ministry of Justice and the Home Office will consider and scope the development of a new way of enforcing these orders, using ‘cyber-tags’ which are triggered by the offender breaching the conditions that have been put on their internet use, and which will automatically inform the police or probation service. If the approach shows promise we will look at expanding cyber-sanctions to a wider group of offenders.” (p. 30)

So in a nutshell we have a professional organization for community corrections in the United States noting that officers and agencies tasked with supervision need to come to terms with dealing with cyber-risk.  At a the same time the UK comes out with a strategy that expands Internet restrictions beyond prevention orders typical in sex offense cases to include a “wider group of offenders.”  Unless I am missing something sentencing and correctional professionals on both sides of the Atlantic are starting to take seriously the cyber-risk posed by those accused or convicted of crimes.  The question remains is what may develop out of these two “bits” of news. 

You see in the UK much of the monitoring of offender computer use appears to have been done not by probation officers but by law enforcement. (See Elliot, I. A., D. Findlater and T. Hughes. 2010. “A Practice Report: A Review of e-Safety Remote Computer Monitoring for UK Sex Offenders.” Journal of Sexual Aggression. 16(2), 237-248 for a discussion on computer monitoring). But in the U.S. probation and parole officers are doing the monitoring. Sure some agencies rely on law enforcement assistance for computer searches, but monitoring is deployed and reviewed by corrections agencies.

Will the UK continue using law enforcement to monitor offenders during rehabilitation, reintegration, etc. or will they be forced to back track on their efforts over “big brother” concerns?  Likewise will US correction  agencies embrace 21st Century supervision or will they they advocate for law enforcement taking over a greater role in computer monitoring of these cases?  I doubt that will fly a lot lower in the US than in the UK which has no “First Amendment” concerns.  Maybe the private sector will step into the management role on both sides of the Atlantic as contract agencies offering monitoring service to corrections agencies. The advantage to private sector doing the monitoring is they are not law enforcement but unlike many in corrections, they have the expertise to get the job done. The issue though will be expense. Can they offer a service at a cost that public is willing to pay? 

Personally I see no issue with monitoring computer activities of convicted offenders but there will surely be those who argue that this smacks of “big brother.” I wonder though how these same individuals would feel if these offenders were just kept in prison. Is that a better solution?  What about the rights of  rest of  society which are negatively impacted by cyber-offenders? Don’t they count for something?  We all have to abide by the rules on the roadways, why should the information highway be any different? I think that cyberspace has been allowed to fester with lawlessness for too long without any repercussions to those who think it is their personal playground to stalk, attack, and victimize the rest of us.  The recognition of this fact on both sides of the Atlantic is clear. Equally clear is offender risk management is not going to be the same.  It now is being extended to cyberspace. On that note, where is that cigar I had?

Legal Updates, Supervision

It Our Anniversary!

November 17th, 2011

On or about November 29thof last year the Three C’s started up. Since the start up there have been about 40 posts, dealing with technology and criminal behavior, usually with a corrections perspective in mind. Here is a sampling of the topics covered: Sex offenders; Juvenile Sexting; Hackers; Social Networking; Gaming Devices; Computer Monitoring; Online Gambling; Substance Abuse and the Internet; Internet Harassment;  Flash Riots; Inmates and Computer Access; and Mobile Phones in Prison.

At this junction it seems fitting to ask for reader input, both pros and cons about the blog thus far. Let me know what I have done right and of course where I have missed the boat. Additionally, let me know what you think should be covered in the future. You can either response to this post or if you prefer go to Contact Us and click on the Editorial Department to send an e-mail to the “boss”.

Finally, I would be remiss if I didn’t also thank everyone that has checked out the Three C’s from time to time and of course those individuals who have provided  comments, both negative and positive to the posts. Take care and have a great holiday season!

Uncategorized

How Safe are Those “Off-line” Officers?

November 4th, 2011

I have posted about online officer safety previously.  I know many officers, particularly those uncomfortable with the Internet, have taken the approach of avoiding cyberspace like the plague, particularly social networking sites. After all, you can’t be a victim in cyberspace if you don’t venture there right? But I think that might be a variation of the ostrich head in the sand approach…surely the lion will not eat me if he can’t see my head. Some recent events have got me thinking that avoidance might not be the best strategy and here’s why.

Having an online presence is “staking claim” to one’s digital identity. If one doesn’t establish one they run the real risk that someone will go online and do it for them. It really isn’t all that hard for someone to create a fake social networking site. Recently researchers from the University of British Columbia (BC) found that Facebook’s fake account detection mechanisms can be defeated 80 percent of the time with the help of automated tools.  

Now the BC researchers were looking at tools that hackers might use to create hundreds of bogus accounts to spam and/or steal information from hundreds or thousands of legitimate users. However, if one is going to create a single false account the detection rate is probably much lower. Individuals have been able to successfully create these individual accounts and basically cyberharrass their victims. That is exactly what one New Jersey women is accused of doing when she alleged created a false Facebook account in her ex-boyfriend’s name and peppered it with “unpleasantries.” 

Here is what might happen with an officer who doesn’t have any cyber-presence. An offender or their associate creates one in the officer’s name. They might even obtain a picture from somewhere and post it to the profile. Sprinkle with the name of the officer’s current employer, their interests, (how many officers have pictures of themselves fishing or smoking cigars or with their favorite sports team memorabilia on display) and mix in the college they attended (yep, those college diplomas are proudly displayed in many offices) and you have a profile that might easily pass as legitimate. 

Now the offender might have some fun with it and use it to post inappropriate comments or pictures. But lets take it a step further. They might use it to communicate with the officer’s other offenders or even their co-workers. Gee all this might take some explaining to a supervisor. I am sure it would get sorted out but what a hassle in the meantime. But lets say they don’t do that with it. Lets say they just leave it out there, for the officer’s real friends and family to connect with. Sure some officers refuse to venture into cyberspace but what about their families and friends? Are they so unwilling to get online? Social networking sites are designed to search out new connections for their users. How long before the offender with the bogus officer profile gets connected to the officer’s family and friends? Once connected they can collect information about who the officer’s close family and friends are and where they can be located. What would an offender do with that information? We are dealing in a world where identity theft is prolific. There are also cases of cyber-impersonating occurring in the news with some regularity. It is not a matter of if but when an officer gets impersonated in cyberspace.

The point to all this is officers must take control of their Internet presence. They can’t just leave it to chance or ignore it. If an officer creates a profile and connects with their friends/family they have established a barrier of sorts to an offender creating a fake profile to obtain information from their contacts. After all a friend or family member will likely question why one of their contacts has two profiles and start asking questions. Additionally, officers need to communicate with family and friends and let them know whether they have an account and to notify them immediately if a new one appears in their name. Additionally, officers should periodically complete Google, Bing, and other online searches to see if someone is trying to impersonate them online.

Is all this going to prevent an offender from cyber-impersonating their officer? Maybe. They might see the officer’s real profile and conclude it is not a good idea. But if they do, at least the officer will hopefully catch the problem before an offender convinces family and friends to unwittingly provide personal information to them. It is a brave new world out there isn’t it? Not a place for sticking one’s head in the sand. Be safe out there and where is that darn cigar at?

Internet Safety

Read: Technology in Corrections at Corrections.com

October 26th, 2011

Technology in Corrections: Panacea or Pariah? by Joe Bouchard, is very nicely written. Please take a look at it

Uncategorized

Hackers, Sex Offenders, and All the Rest

October 24th, 2011

Community correction officers and others often equate technological conditions, such as computer searches, monitoring, Internet restrictions, etc. with sex offender supervision. Afer all, there isn’t a day that goes by where an individual isn’t busted for a sex crime in which a computer or the Internet did not play a role. We also have the cases of registered sex offenders violating their conditions and in some cases the law, by accessing social networking sites. Accordingly, it is understandable that many equate computer restrictions/monitoring with sex offender supervision. However, computer restrictions and monitoring go back to the early hacking cases. For instance, Kevin Mitnick, a reformed hacker and now security consultant/author, had numerous conditions imposed in 1999 including the following:

without the prior expressed written approval of the Probation Officer: 1. the defendant shall not possess or use, for any purpose, the following: (a) any computer hardware equipment; (b) any computer software programs; (c) modems; (d) any computer-related peripheral or support equipment; (e) portable laptop computers, personal information assistants, and derivatives; (f) cellular telephones; (g) televisions or other instruments of communication equipped with online, Internet, world-wide web or other computer network access; (h) any other electronic equipment, presently available or new technology that becomes available, that can be converted to or has as its function the ability to act as a computer system or to access a computer system, computer network or telecommunications network (except defendant may possess a “land line” telephone).”

But lets not equate computer restrictions/monitoring to just hackers and sex offenders. It is, however, kind of ironic that these two groups equated with such restrictions are making the news. For instance, the hacker group “Anonymous” reportedly crashed a large collection of child pornography Web sites, and published the names of its patrons.  So for those keeping score, that is Hackers 1 and Sex Offenders 0, oh that is not in binary code either. My money is on the hackers winning the cyberwar against those who victimize kids. But I digress.

Computer restrictions/monitoring conditions do get imposed on non-sex offender and non-hacker cases. Recently, a convicted fraudster, Charles D. Stergios, was released to a halfway house and home confinement. He promptly set about conducting a check kiting scheme via the Internet upon his release and succeeded in getting a second fraud conviction for his efforts. He also was given the following supervision conditions:

Subject always to review by the sentencing judge upon request by either the defendant or the government, the Defendant shall not possess or use a computer to access an online ‘computer service’ at any location, including his employment, without the supervising officer’s prior approval. This includes any Internet service provider, bulletin board system or any other public or private computer network.”

Defendant shall participate and comply with the requirements of the Computer and Internet Monitoring Program (which may include partial or full restriction of computer(s), Internet/intranet, and/or Internet capable devices), and shall pay for services, directly to the monitoring company. The defendant shall submit to periodic unannounced examinations of his/her computer(s), storage media, and/or other electronic or Internet capable device(s) performed by the probation officer based on reasonable suspicion of contraband evidence or a violation of supervision. This may include the retrieval and copying of any prohibited data and/or the removal of such system(s) for the purpose of conducting a more thorough inspection.”

Stergios appealed these conditions, noting in part they amounted to a complete Internet/computer ban. The First Circuit rejected his argument on October 18, 2011, noting he could access the Internet and computers, “as long as he obtains his supervising officer’s approval.” Additionally, if he disagreed with the officer’s decision he could take it to the sentencing judge. The First Circuit noted:

Stergios relied heavily on the Internet to perpetrate his frauds, including opening two checking accounts online through USAA, opening another using an email address, and conducting a number of electronic money transfers. Moreover, Stergios had a history of using the Internet to commit crimes. Stergios’s 2005 conviction involved hundreds of fraudulent Internet transactions on eBay, totaling over $421,000.00. It was therefore reasonable for the district court to find, the second time around, that restrictions on Stergios’s Internet usage were necessary to deter him from committing further crimes.”

Does this mean that we are going to see the flood gates open wide for special technology conditions being imposed in multitude of non-sex, non-hacker cases? I doubt it. However, in cases where offenders continue to misuse computers and the Internet to perperate fraud, those offenders better be prepared survive in a technologically advanced society without a computer, or at least not one that isn’t monitored. It is not an easy road to hoe. Mitnick noted upon his release from those restrictions that: “The greatest relief is that I am no longer subject to any conditions of supervised release” and … “being prohibited from the Internet has been an impediment going forward with my own business.” But again, Mitnick was prohibited from being online for about ten years ending in 2003. That was before Facebook, Twitter, I-Pads, X-Box 360, etc.  I think that the only ones in the U.S. that might not be online now are the Amish…but wait they have mobile phones. Needless to say, not a pretty picture. What does all this mean for the community corrections officers out there? Well, be prepared to see more non-sex and hacker cases with computer restrictions.  On that note, where did I put my cigar at?

PS  BOOK UPDATE: Sent the revised page proofs and index back to my publisher, Charles C. Thomas. Look for The Cybercrime Handbook for Community Corrections: Managing Offender Risk in the 21st Century in early 2012. I, of course, will send out a “tweat” to all my loyal readers and followers when it is available.

Legal Updates, Supervision

The Cybercrime Handbook for Community Corrections: Managing Offender Risk in the 21st Century

October 1st, 2011

Well, we settled on a title for the book: The Cybercrime Handbook for Community Corrections: Managing Offender Risk in the 21st Century. My publisher, Charles C. Thomas Pub Ltd., has returned the page proofs to me for final review and I am working on the index. Briefly, the book covers also aspects of managing an offender’s computer use and includes such topics as searching, computer monitoring and online investigations in a community correction setting. It was written to empower pretrial, probation, and parole officers to meet the supervision challenges of the twenty-first century. Those who help train or assist these officers, such as law enforcement and IT staff , will also benefit from its contents. Additionally, anyone involved in managing a community corrections agency (supervisors, chiefs, court administrators, judges, parole commissioners, corrections directors, etc.) will also find its contents beneficial. Finally, both prosecutors and defense attorneys will be in a better position to advocate the various sentencing options, including the imposition of technological conditions, by reviewing this book’s material.  I obviously am pleased with the results but don’t just take my word.  Jim Tanner, national cybercrime expert and Project Coordinator for NLECTC (and KBSolutions’) Field Search Project honored me with writing the book’s Foreword.  He notes in part:  ‘

Not only does this book help community corrections professionals understand how to monitor computer use, but it helps us realize how information gained during monitoring can assist us in overall case management. The technology is now readily available to effectively manage offenders’ digital behavior. Bowker’s book moves us all toward a more informed use of the technology.

Depending upon how fast I can get these page proofs back and the index finalized it will be available in January or February of 2012. Look for further updates at Charles C. Thomas Pub Ltd. or check back here.

Uncategorized

The Password is “Trouble”

September 23rd, 2011

Years ago there was a game show called Password where one contestant had to guess the secret word or “password” known by the other contestant. I see Saturday Night Live does a parody on it every once and a while for those too young to know what I am talking about. Well, I am hearing some rather distributing things in regards to passwords and social networking sites that I thought I would delve into here. Lets deal with it first from an officer and offender relationship and then we will move to agency and officer perspective.

Officers and Offenders

 Officers supervising offenders, particularly those dealing with offender computer management, frequently ask for all an offender’s social networking site (SNS) profiles as well as the passwords associated with those profiles. Some sex offender registration agencies are likewise asking for passwords as part of registration. Before SNS became a phenomenon supervision officers frequently asked for e-mail passwords. Obviously, having a password is the key to an offender’s accounts. However, and this is a BIG HOWEVER, having the password and using it to gain access to an offender’s account is a BIG NO! NO!There are legal prohibitions against accessing some-one’s e-mail account or SNS, even if you have the password. Even if one does have permission or authorization, it can create a chain of custody nightmare. After all an offender could allege the officer deleted or sent something from the account. There can be better ways of getting at the information. For instance, directing the offender to log on to the account in your presence and going through it with them, in the presence of another officer.  

So why ask for the password in the first place? Well, it is a good practice to ask for the password in case it is needed later after the appropriate legal authorizations are in place. Additionally, individuals may use a password numerous times. It may be used to log into an e-mail account, SNS, or to log in to their computer or an encrypted file.  Let me explain. You have an offender’s e-mail password and you find a computer later they were not suppose to have. The computer is secured with a password. The offender tells you he doesn’t remember the password. Well the e-mail password might be the same one to unlock the computer. Even if is not, it might be very similar to the password and be of use for password cracking tools in brute force or dictionary attack to access the computer.

Think of it in these terms. Officers are allowed to visit offenders in their homes and even to conduct searches upon authorization. However, I can’t think of any supervision agency that demands an offender provide a key for the officer to enter the home at any time they wish. In short, having the password to a SNS or e-mail account means an officer has the key to the offender’s virtual home. That does not translate into accessing the virtual home at will, even if they are on supervision.

Officers and Agencies

Now lets move on to the officers and their agencies. I have previously noted the concerns with officers posting personal information on SNS. Well some agencies are starting to look at new employees and current officer’s SNS profiles. I see no issue at looking at what is publicly posted on these profiles. However, some agencies are taking a more aggressive position and asking for passwords to their employee’s profiles. They want access to the private areas too. Imagine, officers being subject to a “search” of their personal space as a condition of employment. The next step is obviously having to consent to a search of their home at any time without a warrant.

It really is not that farfetched. Take Google+, which is Google’s venture into creating a social networking site business. If one has a profile on this site the password that accesses it is the same as the user’s e-mail account. Imagine an employer being able to not only search the SNS profile but each and every e-mail sent or received from the user’s account. Oh yeah and Google’s wonderful search engine works just as great on a user’s e-mail account on their server. Google also has Google Documents that allow the user to save letters, resume’, spreadsheets, etc. on Google servers. Yep, those are also accessed by the same password. So as a condition of government employment, an officer has to consent to having their digital life searched…even private information. Now there is an incentive to get a low paying dangerous job! Well, not all is loss. In large part due to the efforts of the American Civil Liberties Union of Maryland, the Maryland Department of Corrections suspended their SNS policy for prospective hires.

So what is the point to all this. Sit down with some legal beagles and hammer out a policy for this stuff. As it stands, offenders can be asked for their passwords but using those passwords to access a SNS or e-mail account without the proper legal authorization will get the officer and their agency in very hot water. For agency’s asking for passwords of their employees or potential employees, don’t even think of asking unless you want a call from your local ACLU. In short, the password for not knowing what you are doing in today’s technological and legal environment can be “Trouble.” By the way my password is CIGAR…. I am of course kidding. Be safe out there!

Legal Updates, Supervision