Forged Credentials and Security

In Beyond Fear, I wrote about the difficulty of verifying credentials. Here's a real story about that very problem:

When Frank Coco pulled over a 24-year-old carpenter for driving erratically on Interstate 55, Coco was furious. Coco was driving his white Chevy Caprice with flashing lights and had to race in front of the young man and slam on his brakes to force him to stop.

Coco flashed his badge and shouted at the driver, Joe Lilja: "I'm a cop and when I tell you to pull over, you pull over, you motherf-----!"

Coco punched Lilja in the face and tried to drag him out of his car.

But Lilja wasn't resisting arrest. He wasn't even sure what he'd done wrong.

"I thought, 'Oh my God, I can't believe he's hitting me,' " Lilja recalled.

It was only after Lilja sped off to escape -- leading Coco on a tire-squealing, 90-mph chase through the southwest suburbs -- that Lilja learned the truth.

Coco wasn't a cop at all.

He was a criminal.

There's no obvious way to solve this. This is some of what I wrote in Beyond Fear:

Authentication systems suffer when they are rarely used and when people aren't trained to use them.

[...]

Imagine you're on an airplane, and Man A starts attacking a flight attendant. Man B jumps out of his seat, announces that he's a sky marshal, and that he's taking control of the flight and the attacker. (Presumably, the rest of the plane has subdued Man A by now.) Man C then stands up and says: "Don't believe Man B. He's not a sky marshal. He's one of Man A's cohorts. I'm really the sky marshal."

What do you do? You could ask Man B for his sky marshal identification card, but how do you know what an authentic one looks like? If sky marshals travel completely incognito, perhaps neither the pilots nor the flight attendants know what a sky marshal identification card looks like. It doesn't matter if the identification card is hard to forge if person authenticating the credential doesn't have any idea what a real card looks like.

[...]

Many authentication systems are even more informal. When someone knocks on your door wearing an electric company uniform, you assume she's there to read the meter. Similarly with deliverymen, service workers, and parking lot attendants. When I return my rental car, I don't think twice about giving the keys to someone wearing the correct color uniform. And how often do people inspect a police officer's badge? The potential for intimidation makes this security system even less effective.

Posted on January 13, 2006 at 7:00 AM • 73 Comments

Comments

NocturnJanuary 13, 2006 7:24 AM

I often tought about this, but wat is the solution to overcome the problem?

Even if I'm familiar with a real police badge, they are easy to forge...

HritzJanuary 13, 2006 7:51 AM

Its up to the cabin crew (not passengers) to authenticate a sky marshall. They should certainly have seen a sky marshall's id.

As for the gas/cable/electric service person, you can call the main number and confirm that they've dispatched someone to your address. You might not have the presence of mind to do that if the person in question tells you that there is a gas leak and is evacuating the block.

JeffJanuary 13, 2006 7:54 AM

Well, then don't rely on the badge. Use a trusted third party.

Criminals have posed as police officers before and will continue to do so for the very reason you describe. If the situation doesn't seem right (the car's not right, the lights don't look right, you're on a deserted road and don't feel comfortable), the best advice that I've heard is to slow down (not stop), turn on your emergency flashers, and call 911 on your cell phone. Explain the situation and ask that they contact the officer behind you. Once you've established trusted communication with the driver behind you, or once you reach a public location, then pull over. The officer won't be happy about the runaround (and he might issue you a ticket for failing to obey an officer), but you'll be safer.

That makes sense to me. Fortunately, I've never needed to test it out.

MitchJanuary 13, 2006 8:05 AM

To fake some "false authority", you don't need to spend much effort on the uniform; when I was at Polytechnic many years ago, a lot of PCs were stolen from the labs by people in blue overalls with trolleys were coming up in the lift, removing the PCs from the desks calmly, and walking out the building.

Separate observation - In my corporate life, I have noticed that cleaners have the highest security clearance in the building - they basically need to clean everywhere, yet get the least screening. And people tend to hold doors open for them... if you wanted to tailgate your way to the executive floor or machine room of most buildings I've ever visited, the easiest way would be to dress as a cleaner and carry a bulky bin bag - people are so keen to hold doors open... and it's amazing what you could take in or out in a bin bag.

theodoricJanuary 13, 2006 8:11 AM

What do you do? You could ask Man B for his sky marshal identification card,

or you could get off the set of the Leslie Nielsen movie you've wandered into.

More seriously, why was I not surprised to learn that Frank Coco was employed by the Illinois Department of Transportation? Sure, authentication of cops is a serious, perhaps insurmountable problem when you're living under an uncontrollably corrupt government, but surely the practical approach to dealing with the problem is to improve the government so that the climate becomes uninhabitable for fake cops, rather than devising authentication algorithms for ordinary citizens.

SteffoJanuary 13, 2006 8:12 AM

"It doesn't matter if the identification card is hard to forge if person authenticating the credential doesn't have any idea what a real card looks like."

Good point! And the reverse is also true: it does not matter if you have a real card, if no one knows what it looks like. Example: In Europe, a new identity card has been implemented that can replace the passport when travelling within the European union. But the staffs do not know what the cards look like, so the early adopters get a lot of trouble when they try to travel without their regular passports.

TimJanuary 13, 2006 8:14 AM

@Mitch : This is why many hotels now use non-opaque bin bags : clear or translucent yellow/white are popular. So that cleaners (or those imitating cleaners) have a harder time of getting valuable such as laptops out of the building.

I surprised it doesn't happen more in commercial settings, but where I work it is black bags all the way.

The last theft here was done by someone on crutches - people held the doors open and he got passed swipe card doors and walked (hobbled) back out with a backpack full of laptops...

jayhJanuary 13, 2006 8:16 AM

>>To fake some "false authority", you don't need to spend much effort on the uniform

absolutely. Very few people would be able to quickly identify a legitimate police or other uniform.

Some years ago there was a series of rapes in this area by a man posing as a cop in an 'unmarked' car. Criminals breaking into houses have been known to shout 'police' to prevent a possibly armed homeowner from attacking them. On the other hand, recently a homeowner was convicted of murder after shooting a cop engaged in a no-knock invasion at THE WRONG HOUSE.

Steve BennettJanuary 13, 2006 8:16 AM

What's really needed is some analogue to public-key cryptography's "web of trust" - some unambiguous way for a third party to sign off on the authenticity of the identification, so that if you trust the third party, you can assume the credentials are accurate.

Of course, signing an essentially freeform document that has to be human-viewable in its entirety, and still obtaining the mathematical properties of good digital signatures, is a Very Hard Problem. I certainly don't have a solution for it. The point is that anything less has at least some degree of forgeablility.

philippeJanuary 13, 2006 8:23 AM

We have a tv show here in Quebec ("Les Bougons", the show is in french) about a family who uses every trick in the book to utilise and abuse the "system", the society we live in. They don't work and rely on their ingenuity and ability to take advantage of society and the "way things work" in order to survive. It is a very funny and thoughtfull show. In a few episodes, they have a variation on the theme where they go in the office, pretend to be from some agency/company/environmental organism, speak to the receptionist scare her with a ploy and then to the office manager, scaring him too by saying they are in some kind of danger of some pollutant or other fabrication. After a few make believe tests, they have the office manager evacuate the office. Of course eveybody in the office falls for this scheme and then they are free to steal whatever they came for.

ProbitasJanuary 13, 2006 8:45 AM

"What's really needed is some analogue to public-key cryptography's "web of trust" - some unambiguous way for a third party to sign off on the authenticity of the identification, so that if you trust the third party, you can assume the credentials are accurate"

Quick... What does *that* look like? How is it different from a regular ID in the eyes of the average citizen? The one who has been trained to, when pulled over by the police, pull over, keeps both hands on the wheel, eyes straight ahead, and do whatever the officer tells them to.

We have all seen the videos on the evening news of what can happen to people who stray from that model. Compelling video indeed, which will probably not be overcome by the nice man in a nice suit talking camly on morning TV about authentication and trusted third party verification.

This type of abuse is, to some extent, inevitable. Another layer of unrecognizable authentication will not likely slow down somebody who has exerted the minimal effort needed to circumvent the barriers already in place. These systems are mainly designed to keep honest people honest. Therefore, I have to agree with those who say that the most effective way to deter these typse of attacks is a solid audit trail and stiff penalties for getting caught.

"Bruce Schneier"January 13, 2006 8:47 AM

Wait a minute. I'm the real Bruce Schneier. Someone hacked my blog and posted the "Forged Credentials and Security" entry. They've changed the password and now the only way I can post on this blog is in the comments!

Don't believe the Bruce Schneier who now posts to this blog. I'm the real Bruce Schneier! Really! (or not)

CJJanuary 13, 2006 9:00 AM

Slightly off-topic of the fake credentials issue:

As for the gas/cable/electric service person, even if you do verify that they really are from the company they say they are, it doesn't mean that they can't still tie you up and rob your house. It's a bit more unlikely, since *if* you verify them, *and* you remember their name, it would be easier to track them down and report them. But just because someone is authenticated doesn't mean that they can be trusted ...

Roy OwensJanuary 13, 2006 9:07 AM

Strictly speaking, the problem is not about identification, but authorization. We are trained to pretend along with the police that when someone claims to be the police, that is identification. Actually, it is only an unsubstantiated claim to membership in an unnamed organization of a general type. True identification specifies which of the six billion people on this planet is you.

Forcing someone to produce authorization for inspection and approval is an act of dominance. Being forced to produce authorization for inspection and approval is an act of submission.

Cops dominate, and therefore do not submit (except to higher-ranking cops).

Anyone can impersonate a cop without resorting to a card, a badge, a uniform, or even a gun: all it takes is attitude -- a confident dominating attitude (which many professional criminals already have).

A cop likes his badge because to other cops the badge means he's 'sworn' (read 'armed and dangerous') but he isn't so keen on showing it because of that damn number, which could betray him to his own police force when he's misbehaved, while anonymizing him to the general public (who do not have a lookup table for badge numbers).

(In my area, most police cars say 'POLICE' but give no city name, further anonymizing the occupants.)

The problem of legitimately determining who is an authorized police officer is probably insoluble, principally because cops will never willlingly submit to domination by a submissive public.

David HarmonJanuary 13, 2006 9:17 AM

And of course, a significant fraction of the US population (mostly blacks and *poor folks*) consider genuine cops to be deadly threats, rather than authority figures....

VWMJanuary 13, 2006 9:30 AM

About the sky marshal example:

The pilot can ask via radio whether B or C (or both or none) is the real sky marshal. Somebody at the ground should have that information.

Besides: If they both just want to arrest A -- where is the problem? Wait till the plane has landed and let somebody down there decide. If some of them tries to redirect the plane to some strange Airport without consensus of the ground control, or politely asks the captain to crash the plane somewhere... then you probably will know he is just an other hijacker -- where is the point in imposing being a Marshal, then?

Sincerely

RouninJanuary 13, 2006 9:32 AM

Personally, I don't see this as being a big deal. The statistical likelihood of something like this occurring on a noticeable basis is slim at best.

Not every problem has a solution.

AnonymousJanuary 13, 2006 9:46 AM

For some reason this reminds me of a college prank used by students from Gothenburg in Sweden. It goes like this. A few guys buy a completly normal park bench. The kind that is used in all public parks and owned by the city. They start to carry it around on the streets perfectly visible which provokes the police to stop them and ask them to return the property of the city. Of course, the carriers can show a receipt of purchase which proves that they own the park bench and that it's not city property.

They get stopped by different police patrols over and over again until the police headquarters issue advice over the radio to all police partols to "not bother about the bloody kids with the park bench, they are just messing around and creating a lot of paperwork for us". At that point everyone who's in on the prank and was listening to police scanners goes out, picks up every park bench they can find and starts walking around with it.

BLPJanuary 13, 2006 9:46 AM

An anecdote:
A couple months ago at work, I got a pre-recorded message from the phone company saying that they had noticed some unusual charges on our bill and I should call them back at a particular number. I looked at the company's website and couldn't find the number. I googled the number to no avail.

So I called their regular customer service number, and discovered that they had just closed for the day. I ended up filling out an online suspected fraud report for them.

The next day I called their regular customer service number, discovered that they couldn't see my current activity, but that my bill was high by about $50, but that matched with the amount of international calling we had done that month.

I then called the number the recording had given me and immediately was connected to a CSR-- which is unheard of for this company. I hung up at that point.

About this time, I got a reply from their fraud department, which said "oh, you seem to have dealt with it." I replied saying that while my billing issue was resolved, this mysterious phone call wasn't. She checked the number and it was indeed one of their numbers.

Her advice, however, was intriguing. She told me that all employees have an ID number which I could call the main number and use to check their identity. I didn't bother getting into a discussion about how I could use that ID number (unless it somehow prevents replay attacks) to pretend to be an employee.

My recommendation was that the recorded message should say "call the CSR number x and type in extension y", I can at least then verify that I'm calling my phone company.

As for traffic-stop authentication-- I think that it would make sense if there was a non-emergency number that you could call that would let you verify a traffic stop. It could be automated, but that opens up a whole different security issue.

Davi OttenheimerJanuary 13, 2006 9:46 AM

"Authentication systems suffer when they are rarely used and when people aren't trained to use them."

It's actually even worse than that. Meeting a police officer might be a less-than-regular event for most, but what about parents finding a babysitter for their kids?

I recently wrote about a case related to Operation Ore where a mother did reference checks and eventually hired a man to watch her baby. The man (and his girlfriend) were soon-after arrested and have just been put in jail for child porn and abuse.

The authentication we deal with most often in Information Secruity is based on formal credentials specifically because they are meant to be a more efficient and safer control point than weaker systems. In other words there is an economy to the risk such that the more effort someone has to exert to perform an authentication check (the higher their asset's value), the more likely they are to be in want of a less breakable system (cost of the control is offset by the cost of an attack). If you couple that with an increased frequency of threats (perhaps at the point when 1/1000 police are corrupt or bogus, or 1/100?), you get an approximation of the point when even often-used and intimately familiar authentication systems give way to those that are technically stronger.

DennisJanuary 13, 2006 10:06 AM

I bet if a fake sky marshal produced a gun, nobody would question him. We all know regular passengers couldn't possibly sneak guns aboard, after all. Then instead of being one guy with a gun against a planeful of desperate passengers charging him, he's one guy screaming at a bunch of compliant passengers to keep their heads down (as we've seen in the news that sky marshals do).

Pat CahalanJanuary 13, 2006 10:19 AM

@ jayh

> recently a homeowner was convicted of murder after shooting
> a cop engaged in a no-knock invasion at THE WRONG HOUSE.

Can you point to a source for this? Barring a fairly bizarre set of extenuating circumstances, this seems completely screwy. There has to be more to the story...

paulJanuary 13, 2006 10:54 AM

All of the third-party identification methods pretty much rely on being in a position not to put yourself under the control of the purported officer (or cable person or whoever) until you've verified the ID. That makes them valuable only for a limited set of circumstances. What would be nice would be some kind of beacon (speed dial on a cellphone would do fine) you could activate to say, "I'm being stopped by a purported officer at this location now." Matching beacon in the hands of all officers, any unmatched citizen calls would trigger an urgent call of real officers to the scene. Of course there's a false-alarm problem, but probably not an enormous one after the first few pranksters get hung out to dry. (And a surveillance problem, but we've got that already)

Another IdeaJanuary 13, 2006 11:01 AM

"...but he isn't so keen on showing it because of that damn number, which could betray him to his own police force when he's misbehaved, while anonymizing him to the general public."
One could use a car camera (the type used to monitor teen driving, etc.) and point it at the interior and immediate exterior (to catch the view outside the windows).
Since the cameras record to an off-site location, it would be difficult for the policeman to avoid "giving" his badge number to the camera.

@jeff
To reduce the potentital for a citation for resisting arrest, one could stop, allow the policeman to walk up, write down the badge number, tell him that you need to verify, and then call 911.
On the other hand, this would greatly reduce the amount of protection...

JustinJanuary 13, 2006 11:03 AM

Regarding fake police officers, Mississipi had/has a problem with fake cops pulling over women on the Interstate to rape them. Mississipi apparently now allows women travelling alone to keep driving to a rest stop (i.e., a populous area) before pulling over for an apparent police cruiser.

Of course, the reason I know this is a story on 20/20 about a real cop who wanted to pull a woman over on the highway. When she didn't stop because she was waiting for a rest stop, he forced her over and beat her senseless for not obeying his flashing lights.

SukottoJanuary 13, 2006 11:12 AM

My spouse is flight crew for an American airline. Apparently, the gate agents know in advance which seats they should give the marshal(s). The marshal(s) are introduced to the flight crew before the regular passengers are allowed on the plane.

So the marshal's id gets checked at the security screen, at the gate, and by the captain. Also, the presence of the marshal(s) is independantly verified by the flight schedulers who book their seats in the plane and inform the gate agents.

Mike SherwoodJanuary 13, 2006 11:24 AM

@BLP

"As for traffic-stop authentication-- I think that it would make sense if there was a non-emergency number that you could call that would let you verify a traffic stop. It could be automated, but that opens up a whole different security issue."

Actually, 911 is a perfectly reasonable resource in this situation. Everyone knows the number and they tend to answer the phone most of the time. If you believe someone who is not a police officer is trying to stop you, that constitutes an emergency.

LygerJanuary 13, 2006 11:34 AM

Isn't this simply another example of cost/benefit tradeoffs? Obeying an "authority figure" (of any sort) quickly, without taking time to check their stories could save my life in an emergency, while making them jump through hoops until I'm sure of them can keep me from being victimized. Mr. Schneier says that this lacks an obvious solution - but most issues that involve trade-offs lack just such a solution. While the best-case scenario is to get the best of both worlds, to the degree that we can't have it both ways, perhaps we need to be more invested in informing people about the trade-offs?

bartJanuary 13, 2006 11:38 AM

@Tim: Translucent bags are standard at big box retailers. (Circuit City, Staples, OfficeMax) Some (Lowe's) even use them at checkout. Employee theft ("shrink") is a primary loss vector. If you aren't using them in a retail environment you are nuts - its a really cheap layer for "defense in depth".
Note that Staples carries them. (They aren't expensive, but they don't carry the 45 gallon tough kind.)

Context:
Tim wrote the following (to Mitch)
@Mitch : This is why many hotels now use non-opaque bin bags : clear or translucent yellow/white are popular. So that cleaners (or those imitating cleaners) have a harder time of getting valuable such as laptops out of the building.

I surprised it doesn't happen more in commercial settings, but where I work it is black bags all the way.

Ed T.January 13, 2006 11:49 AM

@Jeff,

"The officer won't be happy about the runaround (and he might issue you a ticket for failing to obey an officer), but you'll be safer.

That makes sense to me. Fortunately, I've never needed to test it out."

Well, don't try it in Texas. More than likely, you will be charged with resisting arrest, or evading arrest, or some such nonsense. We have had several instances of that in Sugar Land (just outside of Houston.)

And, if you think the "cop" is a fake, and you shoot him/her, and it turns out the "fake" cop was real, you are looking at dying of a state-induced drug overdose.

Cheers,
-EdT.

Ed T.January 13, 2006 12:05 PM

@Bruce,

"Imagine you're on an airplane, and Man A starts attacking a flight attendant. Man B jumps out of his seat, announces that he's a sky marshal, and that he's taking control of the flight and the attacker. (Presumably, the rest of the plane has subdued Man A by now.) Man C then stands up and says: "Don't believe Man B. He's not a sky marshal. He's one of Man A's cohorts. I'm really the sky marshal.""

I would wait for one of them to announce "Do the right thing, Mr. Spock. Set your phaser to 'stun', and shoot *both of us*."

Sounds like a movie-plot threat to me.

-EdT.

Gopi FlahertyJanuary 13, 2006 12:28 PM

"As for traffic-stop authentication-- I think that it would make sense if there was a non-emergency number that you could call that would let you verify a traffic stop."

You could use something akin to SecurID. Constantly changing number.

In fact, you could actually have a display on the police car with this. When the police are pulling me over, I can call the special phone number, enter, say, a four digit ID number, and the system tells me what number should be currently displayed on the LED sign on the cop car.

One question with this scheme is how long it would take to validate, and whether a fake policeman could move quickly enough to get to you before you validated it.

This would obviously only work with people with cellphones, and they'd need to know in advance how to use the system - I doubt it would ever end up being deployed. But IMHO it's a nifty idea anyway :)

AnonymousJanuary 13, 2006 12:33 PM

EdT: That's odd. There's a law in Texas that explicitly allows for this sort of drive-to-a-safe-place-where-others-are-around behavoir (I can't recall it off the top of my head). A family friend did exactly that when a state trooper wanted to pull her over for speeding. He was pissed, wrote her up for extra infractions, and it was all thrown out by the court clerk/prosecutor when she called to protest.

ZwackJanuary 13, 2006 1:07 PM

On the subject of authentication, people make assumptions about clothes and settings...

When I was a student, at University studying physics, I was in the corridor, putting some of my stuff in my locker. Only students had lockers in the corridor. I was wearing jeans and a t-shirt with a loose white shirt over the top (as I was just putting the shirt on). A member of staff came up and asked me to unlock one of the classrooms. Obviously they had seen the shirt, assumed it was a lab coat and thus I had to be a member of staff.

I suspect that this sort of thing is very common.

Z.

RobertJanuary 13, 2006 1:10 PM

@ Pat Cahalan

> Can you point to a source for this? Barring a fairly bizarre set of extenuating circumstances, this seems completely screwy. There has to be more to the story...

When the cop in question is the son of the police chief, and the suspect is black, and you're in the deep rural south, it's not too hard to believe.

Google for "Cory Maye" or visit http://www.theagitator.com for more info.

Ed T.January 13, 2006 1:12 PM

Well, IIRC at least one of the "evading arrest" cases is still pending a court date. And, even if/when it ends up getting thrown out (as I suspect it will), the damage will have been done -- many employers around here will fire you *for cause* if you are arrested.

Also, many folks simply pay those tickets, as it can get rather costly to fight them. Kudos to your family friend, and shame on the trooper for failing to follow the law.

However, in the post-911 atomosphere where anyone who challenges law enforcement tends to be seen as a threat, and where said law enforcement tend to be trigger-happy, asserting your rights under the law can be hazardous to your health.

-EdT.

Paul SJanuary 13, 2006 1:19 PM

@ Pat

The case of the man convicted and on death row for shooting an invading policeman on a no-knock raid is in Mississippi, do a web search on "Cory Maye".

AC8January 13, 2006 1:32 PM

@Ed.T: However, in the post-911 atomosphere where anyone who challenges law enforcement tends to be seen as a threat, and where said law enforcement tend to be trigger-happy, asserting your rights under the law can be hazardous to your health.

This is what Schneier is talking about -- the hightened profile and wider latitude given law enforcement tends to make it easier for criminals to impersonate law enforcement.

arlJanuary 13, 2006 1:32 PM

OK good advice on slowing down, flashers and getting to a place that makes you feel safe if you have questions about who is pulling you over. The 911 call may do little good unless you know which agency is behind you.

One thing you can do in advance is see if the agencies in your area have web sites. Go there and take a look at the symbols etc used by the agency. If you have dealings with someone who claims to be from the agency, yet is not displaying the proper symbols that is your first indication there may be a problem.

While symbols (such as a star or state seal) can be forged, they present a barrier to entry that must be overcome.

If an officer becomes abusive or seems out of control hit 911 ASAP. It does not matter if you have a real or fake at that point.

JeffJanuary 13, 2006 1:46 PM

OK, I read the "Cory Maye" article. Assuming that every fact in that article is correct, JAYH somewhat overstated the facts. The search wasn't at the wrong house. They had a warrant for both halves of the duplex. That means that the search, which may have been unfair, was legal. The implication by JAYH's admittedly very short reference was that the search was warrantless because the warrant applied to a different house. That doesn't seem to be the case.

If I'm misinterpreting the original post, I apologize.

Most states provide a homeowner (or renter, as the case may be) latitude to shoot unlawful intruders into the home as self defense. But, no state that I'm aware of allows you to shoot police officers merely because the warrant was unfair, even if the warrant ultimately is determined to be illegal or unconstitutional. While Cory's reaction is understandable, before you shoot someone, you need to know who you're shooting and you need to confirm that they aren't there legally.

To try to move this back to authentication. This is a perfect example of where there is absolutely NO time to verify or even obtain credentials. The intruders are armed and they may, or may not, have claimed to be officers. The defender has a split second to decide whether these guys are here to harm him or his child. He is forced to guess. The problem is, he guessed wrong and used unjustified deadly force.

Milan IlnyckyjJanuary 13, 2006 2:06 PM

Another related problem: how many private businesses take back all of the authenticating material they give employees when they quit or are fired. People can have real knowledge and insignia without having the authority to use it.

Pat CahalanJanuary 13, 2006 2:52 PM

@ Jeff

> The problem is, he guessed wrong and used unjustified deadly force.

Looks like Cory was convicted of capital murder under SEC. 97-3-19., Paragraph 2, part (a):

(2) The killing of a human being without the authority of law by any means or in any manner shall be capital murder in the following cases:

(a) Murder which is perpetrated by killing a peace officer or fireman while such officer or fireman is acting in his official capacity or by reason of an act performed in his official capacity, and with knowledge that the victim was a peace officer or fireman. For purposes of this paragraph, the term "peace officer" means any state or federal law enforcement officer [edit]

The justification of self defense was dismissed (apparently) because the jury didn't believe this qualified as appropriate use of deadly force in self defense.

Self-defense keys around three issues:

* Who was the aggressor?

* Was the defendant's belief that self-defense was necessary a reasonable one?

* If so, was the force used by the defendant also reasonable?

The problem with this case is that many "average" citizens would not consider shooting someone for breaking into your room to be a reasonable action.

I would *tend* to agree, but I live in a low crime neighborhood -> if someone breaks into my room violently in the middle of the night (assuming I can think coherently at all at that point) I would think it much more likely they're going to be either cops or firemen. (I don't have a gun in any case).

Reasonably, I don't expect someone breaking into my house with the intention of doing violence upon me is going to bust down a door -> they'll pick the lock, sneak in, and stab me while I sleep.

Someone who keeps a loaded gun next to his/her nightstand either has an extreme expectation that someone is trying to kill them, they live in a very dangerous neighborhood, or they're (IMO) an idiot.

On the other hand, while I could see convicting someone of manslaughter or perhaps murder for shooting someone busting into his house, it certainly shouldn't be a capital case.

This is a failure of legislation. Killing a cop or fireman shouldn't be "de facto" capital murder.

WrongfulEntryJanuary 13, 2006 3:07 PM

@Jeff:
I believe it is unlawful for you to shoot an intruder unless you have no other alternative. Believe it or not, a lot of states say you should give up your property before defending it.

B-ConJanuary 13, 2006 4:02 PM

The best solution in authentication problems, albeit fairly obvious, is to a) Make the credentials hard to forge, and b) Educate the people who will authenticate these users.

In the case of police cars, adopting a very obvious, straight forward standard for police car markings that, ideally, is as hard to accurately forge as possible, then educating drivers (during licience applications, perhaps) on what exactily squad cars look like, is probably the best way. In addition, it would also be best to educate users in exactily what a badge looks like, and perhaps one or two nuances in it that would distringuish it from forgeries.

theodoricJanuary 13, 2006 4:18 PM

"The pilot can ask via radio whether B or C (or both or none) is the real sky marshal. Somebody at the ground should have that information."

under this administration, though, it's entirely imaginable that that somebody would withhold it until the pilot and his political affiliations have cleared a background investigation.

MozJanuary 13, 2006 4:36 PM

>Well, then don't rely on the badge. Use a trusted third party.

This is where the "potential for intimidation" comes in. If the police are at your door they generally react badly to you calling the station to verify that they really are police. I've been threatened with immediate arrest for doing this, and I've police push me aside and enter the house without my consent. Of course, it's my word against that of two loyal members of the force when I tried to make a complaint.

Their assumption is that if you're not thrilled to have the privilege of helping them then you're obviously a criminal. Especially if you live in a neighbourhood where criminals live (why else would they be door-knocking?) People like me who try to obstruct them in the course of their duties clearly deserve to be punished.

In Australia we have the added joy of non-uniformed staff who are not required to identify themselves, and obstructing *them* is good for 7 years gaol. Here, if you're being abducted it pays to be very sure that it's not the secret police or immigration department before you resist your kidnappers. You don't have the right to know who they are, and the difference between armed thugs working for the local drug lord and armed thugs working for the local regulator of alcohol and tobacco supplies can be quite subtle.

LockedAndLoadedJanuary 13, 2006 5:48 PM

@WrongfulEntry

Unlawful for you to shoot an intruder unless you have no other alternative? What state do -you- live in?

If you're in my house, I can legally kill you. All I have to prove is that I was afraid for my life and safety. Hell, in my county over the last ten years, several (5+) thieves have been shot (in the back) and killed whilst running away, by homeowners defending their property. No criminal charges were filed in any of those cases.

Armed or not, an intruder should expect no quarter from a homeowner. As a homeowner, why should I even give them a choice?

Jim FennerJanuary 13, 2006 6:38 PM

Bruce's book may already mention this, we should buy it. :-)

One thing you can do when people are/may be suspicious, is drag out a camera. It is legal to photograph people in public places. It is legal to photograph furniture movers emptying a house in broad daylight, people brawling outside a hotel, policemen on a highway, etc. In some of these situations you might get shot or beaten up for using a camera - well that's an excellent way of confirming that they are not *nice* :-(

Pat CahalanJanuary 13, 2006 6:40 PM

@ LockedAndLoaded

What state do -you- live in?

> If you're in my house, I can legally kill you

and

> Armed or not, an intruder should expect no quarter
> from a homeowner.

I guess the fire department ought not to bust into your place to rescue you if you're asleep and your house is on fire? They are, after all, "intruders". If you accidentally shoot one in the face because you keep a loaded shotgun next to your bed and you don't wake up clear headed, I imagine most district attorneys will prosecute you for some crime. I certainly hope so.

> All I have to prove is that I was afraid for my life and safety.

Right, you have to prove that. This is an instance of "guilty until proven innocent" in practice -> if the jury doesn't believe that you were afraid for your life and safety, you're up the creek.

> several thieves have been shot and killed whilst
> running away, by homeowners defending their property

How are they defending their property if the thief is running away? And is the death penalty really a suitable punishment for B & E?

> No criminal charges were filed in any of those cases.

Sounds like you've got a pretty gung-ho district attorney who approves of vigilante justice. This is not a universal constant in the U.S.

DavidJanuary 13, 2006 7:24 PM

What this shows is that such forged identity crimes are not as common as they easily could be. It's easy to commit lots of crimes, but unless there's a proper motive, people don't necessarily do them.

Most forged identity is no doubt related to kids and their fake ids, only needed because the government has made criminals out of so many people who will otherwise consume alcohol or cigarettes.

While people do need some diligence when checking ids, most have very little need. How many times do you return your car and find the person there is a thief? Yet there are stories that it happens.

That's life, though. Crime happens. The real question is are we really that much less safe than before? Do we really need more solutions to these "problems"? Are there not more pressing issues?

abcJanuary 13, 2006 7:30 PM

I remember hearing a few months back about a high school student near here who ran into a police imposter. He pulled her over. She thought he was acting strangely, so she told him she was calling 911 to make sure he was legit, and he sped away. They caught him later.

Before cell phones, my mom always advised us to pull into a fire or police station and honk the horn if we felt like we were in trouble. My brother used the tactic once when he was driving alone in an unfamiliar suburb and had a medical emergency.

StiennonJanuary 13, 2006 8:53 PM

Sky Marshalls are actually pretty easy to spot. They are male traveling alone or in pairs. They whisk right through airport security after showing their ID. No X-Ray, no metal detector. They chat with the flight attendants when they get on the plane obviously identifying themselves.

Bruce SchneierJanuary 14, 2006 2:30 PM

"My spouse is flight crew for an American airline. Apparently, the gate agents know in advance which seats they should give the marshal(s). The marshal(s) are introduced to the flight crew before the regular passengers are allowed on the plane.

"So the marshal's id gets checked at the security screen, at the gate, and by the captain. Also, the presence of the marshal(s) is independantly verified by the flight schedulers who book their seats in the plane and inform the gate agents."

I am pleased to learn this. Thank you.

OneEggJanuary 15, 2006 4:16 AM

@WrongfulEntry: "Believe it or not, a lot of states say you should give up your property before defending it."

What's odd about that? The alternative is to say that the penalty for burglary is death. While a burglary victim (such as myself) may be angry enough to wish the criminal dead, as a society we have decided that execution for theft is a bit excessive.

Jim HyslopJanuary 15, 2006 12:23 PM

@EdT: "many employers around here will fire you *for cause* if you are arrested."

Umm... whatever happened to "innocent until proven guilty in a court of law?"

KevinJanuary 15, 2006 1:25 PM

@Jim Hylsop:

You are "innocent until proven guilty" in the eyes of the Government. Since the US law is "employment at will", though, your employer can fire you for any reason, or none. And of course the insurance company will make the decision for him.

AnonymousJanuary 15, 2006 2:20 PM

Sky Marshall walks to the Identifikation Terminal, his hearbeat-id is checked with a database, over a thin-client-connection,
very secure, and the monitor wil tell who he is.
The same with police-officers, they first
have to identify, with fault-proof biometrics.
Roland Sassen, sassen@thinsia.com

StephenJanuary 15, 2006 3:35 PM

@Bruce

Although, if the intention of the system is to keep us safer, shouldn't we be learning about the network of trust authenticating Air Marshals from the government, not as hearsay from an involved individual?

MathewJanuary 15, 2006 9:01 PM

"You could ask Man B for his sky marshal identification card, but how do you know what an authentic one looks like?"

Makes me think of the stories I've heard about people not being able to use a $2 bill to make a purchase because the person behind the counter has never seen one before.

real cop authenticationJanuary 16, 2006 4:06 AM

When presented with the uncertainty of a law officers identity ask for these 3 things:
BADGE
ID CARD
BUSINESS CARD with raised lettering. The cell number on the card should ring in his pocket if called @ that moment.
Unmarked car with flashing lights?
Slow down turn on flashers keep going until in a public well lit area.

If this is a kidnap attempt, drop to the floor and scream bloody murder about them being a fake. By dropping the floor you make yourself harder to move/carry.
ALWAYS GO WITH YOUR GUT INSTINCT.. We have suppressed it in modern times but your instincts are usually correct.

DennisJanuary 16, 2006 10:05 AM

There was another case, and unfortunately I've long lost the link, where cops were attempting to break down a door at the wrong house, without identifying themselves, and the homeowner shot one of them through the door. He was prosecuted for capital murder and found innocent on grounds of self-defense.

In North Carolina, according to the concealed-carry course, it is legal to shoot someone breaking into your house if you reasonably believe they have felonious intent. Once they are in your house, you have to fear for your life....it's a bit odd.

Home robberies are really not all that rare, even in nicer areas of town. The odds aren't high, but then again I don't wreck my car very often either. I still wear my seatbelt.

I have a smoke detector, firemen generally don't carry guns, I have a flashlight mounted on my gun so I can tell if intruders are armed, and since I'm a law-abiding citizen I don't expect cops to break in. I've read several reports of incidents in which robbers wore clothing marked "POLICE." I would never knowingly shoot a cop, but if the cops want to visit, it would be best for all concerned if they knocked politely, the way they used to before they started thinking they were special-ops soldiers.

FrankJanuary 16, 2006 9:42 PM

"My spouse is flight crew for an American airline. Apparently, the gate agents know in advance which seats they should give the marshal(s). The marshal(s) are introduced to the flight crew before the regular passengers are allowed on the plane.

"So the marshal's id gets checked at the security screen, at the gate, and by the captain. Also, the presence of the marshal(s) is independantly verified by the flight schedulers who book their seats in the plane and inform the gate agents."

Yep, this makes sense to me. I've seen some big guys get on a plane before other passengers have gotten on the plane. What I don't get is why? They aren't hiding their identity or purpose very well from observant passengers. Isn't that part of the job? What's the point of trying to hide your identity from everyone but the crew if you happen to disclose who you are to everyone else in the process? It was pretty clear these guys I saw were Marshalls. They might as well have the pilot or crew announce who they are ahead of time to all the passengers so people would be comfortable. The alternative is that a few observant people, the crew, and the "smart" criminal are the only ones who know the who the Marshalls really are... and know when the Marshalls aren't on a plane too. This process isn't working.

a concerned citizenJanuary 17, 2006 12:55 AM

From what I understand, there is debate that the Cory Maye incident was in actuallity a 'no-knock' entry (meaning the police have to announce their presence before entering the premesis).

If it was no-knock and Maye defended himself (in the half of the duplex that wasn't being served, no less) the charge of murder hardly seems fair. More info here: http://www.theagitator.com/archives/026002.php
(yea... its a blog called 'the agitator'. so sue me. ;-) )

RogerJanuary 17, 2006 2:51 AM

On looking at the graphic with the breakdown of figures for this in the Chicago area over a three year period, it seems to actually be a pretty rare problem. In fact if we look just at the cases where the impersonation was used to facilitate some other serious crime, it turns out to be rarer than being struck by lightning!

I think part of the reason is that contrary to what some here have suggested, it is actually fairly difficult to obtain good quality fake badges. Real badges -- at least in some jurisdictions -- are quite complicated and intricate castings with enamel inclusions, and are beyond the ability of an amateur caster, and outside the interest of professional foundrymen. Fakes do exist, but generally if you've ever seen a real one, the errors in the fake are obvious. (That highlights one problem though: most honest folks have never seen a real badge!)

Having said that, the incidence of this type of crime seems to be much lower in Australia. I don't have solid figures, but a quick guesstimate based on some I do have, suggests it is on the order of 5 times less common here. Possible reasons include:
* much stiffer penalties (typically 10 times longer sentences, and 50 times larger fines, than the examples from the US news article); and
* fewer badge designs for citizens to memorise (most states have just one police force, plus the feds).

Maybe the proliferation of US badge designs could be counteracted by putting all US law enforcement badge production, for every agency, under a common umbrella -- perhaps the US Mint?

A couple more random ideas:
* stick an RFID chip on police badges, containing a digitally signed ID number and photograph of the legitimate holder. Stolen badges could then be automatically identified by other officers (from the mismatched photograph, or a published list of stolen serial numbers), making a stolen badge much more dangerous to possess and easier to recover.
* Citizens could also purchase a police badge reader, to help detect police impersonators (a fake cop might still be able to gain a few seconds to get inside your danger zone, though);
* Malicious uses, such as cop-detecting alarms on drug houses, or cop-triggered bombs, could be prevented by radio-absorbing flaps over the badge.
At any rate, a discussion of why this might or might not be a good idea could illuminate reasons why it might not be a good idea to put RFID tags on citizens either...

(As an alternative, include a 2D barcode on a badge, with a digitally signed ID.)

David ConradApril 5, 2006 11:18 PM

"BUSINESS CARD with raised lettering. The cell number on the card should ring in his pocket if called @ that moment."

There are a lot of silly, impractical suggestions in some of the comments on this item, but this one really takes the cake. If the purported, doubted "cop" can produce a business card with his cell phone number on it, that is evidence that he's the real mccoy?

Can you think of any other way, any way at all, that someone could possibly obtain a business card (with raised lettering, even) with their own cell phone number on it?

MENovember 13, 2006 8:50 AM

Convicted of MURDER for shooting someone breaking into his house? Unfair indeed. Policeman or not. You have to act quickly, your life could be in danger. MURDER charges are a bit harsh, it was a misunderstanding obviously. The is the law.

DigitalCommandoJuly 22, 2007 10:43 AM

Cops entering the wrong house is almost an unexcuseable event due to the fact that determining the correct address can be accomplished BEFORE kicking down the door. If your so incompetant that you can't get the address right, you probably should seek another line of work. The fact that an officer may be killed by entering the WRONG house should serve as a good reason to get it right first, then kick down the door. To those of you who do not own guns and look down on those of us who do, you are the perfect victim for criminals. Your sad, pathetic views will ensure unfettered success for the criminal who invades your home, rapes your wife and maybe even you. It all went down because you are a weak, unprepared loser that will get what you deserve, and have earned by your thoughts and views. P.S. Dont forget to keep a tube of KY on the nightstand, after all, we do want to enhance our criminals visit, dont we?

bmanAugust 15, 2007 6:10 AM

I dont think its necessary to verify police officers. There should be simply enough officers to make sure nobody is pretending to be one.

themiraclemanApril 7, 2009 5:02 PM

Come on guys it's an easy one...

Challenge-Repsonse.

SEMI-HUMAN VERIFICATION
I think the simplest method is a challenge-response. Your driver’s license could come with challenge-response check values the officer would need to give you before he says anything else, including the “License, registration, and proof of insurance”. Driver gives the cop a value, the cop responds, the driver checks the answer. If it’s wrong, take off like a bat out of hell. Having this method would probably deter some wannabe cops. However, it would not defeat rogue cops.

Also, the cop could provide an initial declaration over the loud speakers only the driver would know, (hopefully the driver’s not deaf or drunk). This would put the driver at ease before the cop approaches the vehicle. The driver could acknowledge the cops declaration and tap the brakes 3 times. This initial declaration could be any words or values that are either prearranged or predetermined, like last 4 of SSN.

Same thing for the Sky Marshal. However, I feel that the Sky Marshal should declare himself to everyone on board first.

Of course, these methods could also be compromised. Someone could hack the pre-computed values from the airlines somehow. But even then, the real Sky Marshal would still interfere. As for the driver’s license, same thing.

ALTERNATIVES
PURE HUMAN VERIFICATION
In terms of a rogue cop scenario, one method would be peer-review type verification. Like many of you have mentioned, the person could pull over to an area that could help further identify or dissuade the rogue cop, (police station, downtown streets, or fire department). This would require that a majority (not necessarily all) peers be part of the verification process. Each peer would provide verification in their own way, all at the same time (i.e., cops badge is wrong shape, cop car is wrong color, license plate is a regular issued plate). If one person sees a potential area of concern in verification, appropriate personnel are alerted, and everyone assists (i.e., refuses to cooperate, tries to stop the rogue, assists the victim,)

As for the Sky Marshal, one method would be for the Sky Marshal to declare himself the Sky Marshal to everyone on board before departing. Should this be an imposter, the real Sky Marshal could diffuse the situation, kind of like SPF records. SPF records work by publishing "reverse MX" records to tell the world what machines send E-Mail from that domain. When receiving an E-Mail from a domain, the recipient can check those records to make sure E-Mail is originating from the actual mail server. In this case Sky Marshal A says Hey I’m the Sky Marshal. A real Sky Marshal (B) checks to see if Sky Marshal A is legit, if not Sky Marshal B would interrupt and stop the imposter. This would require a real Sky Marshal to be onboard though.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..