Posts Tagged ‘online investigations’

Now available: 3 free model policies for social networking support

Wednesday, May 12th, 2010

Our 2-day on-site training devotes a fair amount of time to policy issues: investigative ethics applied online, undercover work, deconfliction, and employee stress management. However, while we talked about the need for policy, we didn’t have a model to offer.

Well, now we do! In the “White Papers” section of our Web site, you’ll now find three separate model policies: social networking investigations, official agency communication, and employee off-duty use.

Why 3 policies?

Law enforcement presence online isn’t just about gathering evidence. It’s also about ensuring that employees represent themselves and their agencies as professionals at all times (including not conducting investigations via their personal accounts). Also, just as agencies simultaneously conduct investigations and community relations in their communities, they should at least consider doing the same online.

The three policies complement each other, and as Todd is quoted in our press release, they’re meant to minimize the risk and maximize the reward of an online presence. They also fill a gap: while many policies are available from private companies, few are published by law enforcement agencies.

What the policies cover

The “Investigative Use of Social Networking” policy provides for:

  • Professional online conduct
  • Investigation preparation
  • Undercover work
  • Legal issues
  • Employee stress management

The “Agency Official Use of Social Networking” policy discusses:

  • Social media tools
  • Strategy for use
  • Communicating on the agency’s behalf
  • Restrictions on use
  • Handling requests from media and general public

The “Employee Off-Duty Use of Social Networking” policy includes:

  • Employee self-identification as a police officer
  • Confidential and sensitive information
  • Legal requirements
  • Disciplinary action

Because these are model policies, be sure to run them through administrators and department or other legal staff before you implement them, as state or jurisdictional laws may need to be specifically addressed.

Who will benefit?

We timed these policies’ release during the week of the ICAC Conference in Jacksonville, FL, where Todd is exhibiting. Now, we know ICAC investigators are well-versed in online investigation and thus policy – but we also know that their investigations can take them into jurisdictions where other detectives are not familiar with online work, undercover or otherwise.

So whether you’re an investigator whose agency needs social networking policies, or you know of investigators who do, please feel free to pass these along. You can refer others to the policy page using this address:

http://tinyurl.com/verepolicies

And if you have any questions, please let us know at info (at) veresoftware (dot) com !

DragNet? In what form?

Wednesday, May 5th, 2010

In February, CNet reported that police are looking for a “back door” to private data, in the form of “a national Web interface linking police computers with those of Internet and e-mail providers so requests can be sent and received electronically.”

This was followed up in April by a revelation that the Department of Justice had requested Yahoo emails without a warrant—because the emails were older than 180 days and stored on Yahoo servers rather than on a local machine.

Civil libertarians, of course, regard these stories as evidence of Big Brother manifesting all his totalitarian glory. But the original concept of a national network, says its originator, has been misrepresented.

More efficient, not more invasive

Sgt. Frank Kardasz is director of the Phoenix (Arizona) area Internet Crimes Against Children task force and, in a report to the Commerce Department’s Online Safety and Technology Working Group, wrote about the need for Internet service providers (ISPs) at least to maintain records for longer than the few weeks they currently do—up to a year or longer.

“The trouble with real life policing is that there are reporting delays from victims, overwhelming caseloads for detectives, forensics analysts and prosecutors, time delays or no response from Internet service providers and many other systemic issues that impede the rapid completion of our work,” he wrote in his report, “Internet Crimes Against Children and Internet Service Providers: Investigators Request Improved Data Retention and Response.”

Similar problems exist among government agencies, which is why Los Angeles County instituted the Electronic Suspected Child Abuse Report System. The Web-based system links public agencies together, replacing outdated forms of communication like faxes and postal mail, and reducing the likelihood that charges will be dropped or reduced due to missing evidence.

Not a direct link from law enforcement to private records, it doesn’t carry quite the same implications for privacy. It does, however, solve very similar problems, and as the first of its kind in the country, could easily serve as a model for other efforts.

Logistical concerns

The need for a strong model is particularly important when it comes to security. Many companies have hesitated over moving to “the cloud,” fearful of what might happen if a malware-infected PC accessed cloud-based private information. (Many of these issues are discussed in our white paper, “Basic Digital Officer Safety.”)

However, the U.S. Army is now using “milBook”, a secure Facebook-like interface restricted to its own personnel. Connecting people with each other as well as with defense-related topics, milBook facilitates the sharing of a broad range of information. Fundamentally, it might be compared to the Regional Information Sharing System, though more socially oriented.

Whether this would be as easy to set up is debatable, however. The Army, after all, has the DoD to administer its private network. For the DOJ to set up and maintain a public-private information exchange would not, to put it lightly, sit well with groups like the Electronic Frontier Foundation.

More likely may be for the DOJ to require ISPs to set up their own networks. Some already do, as CNet pointed out. The networks would have to comply with certain requirements regarding data storage and speed of retrieval, but the companies would retain control of user information.

The need for better ISP support

Kardasz noted, based on a 2009 survey of 100 investigators:

  • 61% reported ISP delays and limited time periods for storage detrimentally affected their investigations.
  • 47% reported they had to end investigations because the ISP didn’t retain the data they needed to make a case.
  • 89% wanted to see a national network established to make legal process requests more efficient.

“Investigators recognize that the subject of data preservation is controversial,” Kardasz wrote. “I think investigators respect the Constitution, support the rights of Commerce and simultaneously want to protect citizens from cybercrime. They seem to be asking for a system that is more efficient, not more invasive, a system that favors the crime-fighters instead of the criminals.”

What law enforcement can do

In last month’s issue of Law Enforcement Technology, Vere president and CEO Todd Shipley was quoted as saying, “It’s not just a federal problem. It’s a state and local problem too because the victims are citizens of the local community.”

So while ISPs can improve their processes, so can law enforcement. Todd’s recommendations: Know how to take reports on cyber crimes. Collect information the cybercrime experts need. Know how to share information and with whom. These pieces, the building blocks of professional police response, must be in place so that whatever ISPs institute to help law enforcement, it will be supported rather than criticized.

Christa M. Miller is Vere Software’s marketing/public relations consultant. She specializes in law enforcement and digital forensics and can be reached at christa at christammiller dot com.

Legal Issues with Online Investigations: Some background

Friday, January 15th, 2010

As Executive Director and Senior Counsel of the National Law Center for Children and Families, Richard Whidden is most familiar with laws and precedents related to child pornography—but stresses that investigators of other crimes can take away important information, too. “Much of the case law on electronic evidence comes from child porn cases because those are what prosecutors take on,” Whidden says.

During his webinar, “Legal Issues with Online Investigation,” on Thursday, January 21, Whidden will be discussing a sampling of cases from 2009 that had to do with Internet and computer forensics. One of the primary cases, however, has to do not with child pornography but instead with steroids.

Specifically, U.S. v. Comprehensive Drug Testing, Inc. describes forensic procedures relative to search and seizure of electronically stored evidence. Although it applies to the 9th Circuit Court of Appeals’ jurisdiction, it’s likely that other courts will look to the decision when dealing with their own issues of electronic evidence.

The case also illustrates how the process of e-discovery has evolved over the past 10 years. Typically this is difficult to discuss. As Whidden says, “You could have entire symposiums on how the law has changed over the last 10 years, before you even break out the crystal ball on how it will change over the next 10.”

Notably, law changes according to the technology. “We’ve gone from pornographic images of children, to streaming video of abuse taking place,” says Whidden. “Modes of transmission change. Cell phone technology is much more prevalent now, and will continue to evolve.”

Whidden will cover other legal issues, such as the definition of “possession” of child pornography, procedures related to computer related evidence, search and seizure issues, and the difference between state and federal prosecutions. He will not discuss civil cases, only criminal cases because of the higher burden of proof.

Christa M. Miller is Vere Software’s marketing/public relations consultant. She specializes in law enforcement and public safety and can be reached at christa at christammiller dot com.

Identity theft online: Some background

Monday, December 7th, 2009

Identity theft is one of Detective Kipp Loving’s investigative specialties. Having worked hundreds of ID theft cases in the last decade, Loving has seen the crime evolve along with, and as an integral part of, the Internet. His webinar is based on the 8-hour block he teaches during the 40-hour California Peace Officer Standards & Training course on financial crimes.

Trends in online identity theft

The Internet’s reach often means multiple jurisdictions and sometimes hundreds of victims. In fact, it’s part of at least one of every level of an ID theft case, ranging from how criminals obtain identities to how they use them.

“Information compromise is just one component,” Loving says. “An ID thief doesn’t have to phish; he could as easily go dumpster diving for information, then go online to use it.”

Phishing is now a tool mainly of high-end rings associated with international gangs like the Russian Mafia, or Southeast Asian groups, who hire hackers to compromise databases. Cases involving them are usually federal, and much more sophisticated than most local ID thieves.

More likely for the average investigator to see:

  • “Crankster” (methamphetamine addict) dumpster divers.
  • An employee in a local company, abusing privileged access to private information in the employer’s databases.
  • Family-on-family ID theft.

The last trend has been particularly accelerated. ID theft is still prevalent in elder abuse cases. But in a troubling turn, more parents are stealing their children’s identities.

“The parents don’t get reported until the kids are of age and try to buy a first car or get an apartment,” says Loving. “And they can’t get out from under the liability unless they are willing to prosecute Mom and Dad.”

Case management + presentation

“Most people don’t associate case management with case presentation,” says Loving, “but prosecutors consider ID theft cases to be only a step above real estate fraud cases. When you’re dropping what may be a four-inch-thick case file on their desk, how you managed the case will be critical to how you present it, and therefore how it is received.”

A well-managed case contains several elements. “First, identify the cream that floats to the top,” says Loving. “You can’t manage 300 victims, so find out from the prosecutor how many is enough.” Sometimes the case will “go federal,” so local law enforcement and prosecutors need only do so much.

Second, a detailed timeline is critical to success. “A prosecutor will not read every page of your case, so a start-to-finish timeline on each charge helps them,” Loving says. “You include every incident, the elements of the crimes, dates, and amounts.”

Most important of all, however, is not to simply forward the case to the prosecutor once it is wrapped up. “You have to make an effort to form a relationship, talk to the prosecutor throughout the case,” says Loving, who once worked as a criminal investigator in a DA’s office. “They’ll tell you what they like and don’t like about the investigation.”

That relationship is not about micromanaging—it’s about “selling” the case. “You have to get to the point where you don’t need to sell it; they’re already sold by the time you close the case,” Loving says. “In fact, they’re so sold that they ask when they can have it.”

The need for information sharing

Identity theft investigations can be time-consuming and frustrating because it can span multiple victims and jurisdictions—which, at a time when law enforcement budgets are tight, makes them harder to work.

“You can’t always work with victims face to face, and there are usually many more victims than you know about,” says Loving. “The ones you work with are simply those who noticed and talked enough to assist your investigation.”

The most important thing at that point is for investigators to be involved with groups like the International High-Tech Crimes Investigators’ Association (HTCIA). Loving also runs his own 800+ member listserv, a restricted-access Yahoo! Group where detectives from across the nation can get search warrant language, company contact information, and connect with each other on their cases.

“Cops aren’t always good at information sharing,” he says, “but we need to get better as more of these crimes go into other jurisdictions.”

Register for the webinar on Thursday, April 28 — and during the webinar, find out how you can get 10% off the price of WebCase, plus free shipping!

Christa M. Miller is Vere Software’s marketing/public relations consultant. She specializes in law enforcement and public safety and can be reached at christa at christammiller dot com.