More Forged Credentials

I've written about forged credentials before, and how hard a problem it is to solve. Here's another story illustrating the problem:

In an apparent violation of the law, a controverisal aide to ex-Gov. Mitt Romney created phony law enforcement badges that he and other staffers used on the campaign trail to strong-arm reporters, avoid paying tolls and trick security guards into giving them immediate access to campaign venues, sources told the Herald.

When faced with a badge, most people assume it's legitimate. And even if they wanted to verify the badge, there's no real way for them to do so.

Posted on July 20, 2007 at 1:37 PM • 28 Comments

Comments

AndyJuly 20, 2007 2:15 PM

Additionally, even questioning the validity of a badge can get you labeled as a troublemaker, even by those who carry legitimate badges.

Brandioch ConnerJuly 20, 2007 2:26 PM

And given the various restrictions of recording people, you won't even have evidence of what was said after.

We need jail time for this crime. Lots of jail time.

BreniirJuly 20, 2007 2:34 PM

It may not be the same for all jurisdictions, but if you feel uncomfortable about say, being pulled over for speeding, I think you can request a second unit arrive and confirm the identity of themselves and the first officer.

In this matter, calling 911 and asking for an officer to arrive to confim an identity is an idea, and may get the imposter spooked and stop what they're doing.

D. SKyeJuly 20, 2007 3:01 PM

From the Article:
"Under state law, it is illegal to use a badge without authority, an offense that carries a fine of not more than $50."
--Honestly, I'm extremely surprised that this doesn't happen more often, $50, that's it! A fake badge could potentially cost more than that!

neduJuly 20, 2007 3:08 PM

@me, above.

Oops. Obviously wrong thread. Sorry. Reposted. Am suitably embarrassed.

AnonymousJuly 20, 2007 4:57 PM

$50 fine?

I think the California law on pretexting might apply. But only for CA jurisdiction, of course.

Also, if money was involved, even once, that would be fraud.

MikeJuly 20, 2007 7:34 PM

The real problem is that people with badges are given powers above that of us inferior citizens. That's not how the USA was founded or will survive!

No government employee** should be have any privileges or immunity different from a normal citizen. No one should be allowed to break a law or a moral principle to enforce a law.

** Possible, RARE, and time-limited exceptions would be only for SOLDIERS during a congressionally declared war.

bzelbobJuly 20, 2007 9:38 PM

One of the lessons of this incident should be clear; DON'T just automatically obey someone because they have "a badge". The person with the badge may, in fact, be breaking the law themselves or giving you, the citizen, very harmful advice.

Many citizens have been harmed when actual police officers have directed them through intersections where they were then killed by unseen vehicles.

Also, there have been cases where burglars got the victim to open the door claiming to be police officers. When the victims opened up, the robbers just walked right on in.

Sometimes, however it turns around and bites these "badge wavers" on the butt.
http://www.dumbcrooks.com/police-impersonator-pulls-over-real-officer/

It's not enough to "Refuse to be Terrorized", we also have to refuse to be "BADGEred".

averrosJuly 21, 2007 3:49 AM

Mike got it absolutely right: the real problem with badges is that they are ALL fake.

The fundamental principle behind the legitimacy of US government (and, hence, delegation of its powers to its employees) is that it derives it's rights from the people.

But how people can give to anyone rights they do not themselves posess?

The answer is, of course, that the "rights" various badge holders posess in excess of what members of general populace do were not given by the people, they were taken by fraud or force. Not much different from someone simply pinning a fake badge and starting to boss people around.

buntklicker.deJuly 21, 2007 4:05 AM

I'm not a native speaker, and maybe I got this wrong, but as I understand it the $50 fine is for wrongfully using a (real) badge. Creating and/or using a fake batch may be a totally different thing. In Germany, that would be "Urkundenfälschung" (counterfeiting), punishable by 5 years (in severe cases 10 years) in jail.

gregJuly 21, 2007 8:34 AM

Perhaps public key methods could come to the party. If a badge is digitally signed... Then folk that are concerned could buy some electronic verifier that OCR the "badge" number (So the number is human readable as well).

RichJuly 21, 2007 11:03 AM

@Breniir

The problem with asking for a 2nd unit is that you have to stop first. I've seen at least two cases on the news in which ladies driving alone were signaled to stop. They put on their flashers, and drove slowly to a public place. Well, one drove home, which probably wasn't a smart 'public' place. In any case, the officer in both cases didn't have any sympathy for the single-female-drivers' point of view, and got pretty aggressive about their hand-cuffing and off-to-jail-ing.

So- if you don't feel right about the stop, you might want to proceed to a public place, but be aware that the cop knows he's real, and may not care about your concerns. Nor may the judge.

Captain MoroniJuly 21, 2007 7:18 PM

Hear, hear! "Mike" and "averros". Well said!

May I humbly take it upon myself to add:

If governments at all levels were limited to those powers which we all are actually capable of delegating to them (i.e., those powers which we individually already possess) law enforcement would not need to be left to specially-empowered citizens, but to all of us. Police powers are (in the case of a properly constituted government of delegated authority) simply the powers derived from our individual rights to self-defense. "Badges", in concert with the plethora of "victimless" crimes created by governments at all levels, weaken the intent of the 4th amendment, and ultimately, weaken our individual freedom and security.

Our governments at all levels have (as have all other governments in the history of this world) usurped powers not delegated to them by we, the people. They are not accountable to us for their actions (to wit: the vast amount of government actions hidden from us by being classified as government secrets, as well as secret meetings between policy makers and private business - ever heard of the Energy Policy Summit conducted by the Vice President in the summer of 2001?) How can any servant (e.g., the government) exercise delegated authority in secret, and remain accountable to its master? The simple answer is, they can't. The beast has grown bigger than its master, and it is at our own peril that we tolerate the tyranny. Almost daily, I hear tell of how grateful some folks are that police powers have been expanded - they imply that the lack of spectacular terrorist attacks in the U.S. since 2001 is the result of this expansion.

I would ask all Americans to awake and arise to an awful sense of their situation. We must use what remaining political voice we have, and quickly, to demand that governments at all levels revert to subservience to all of us. Myself, I sent a copy of "The Law" by Frederic Bastiat to the state representative from my district. I was happily surprised when he later approached me to thank me, stating that it has influenced his thinking on certain legislative issues.

This is the way to truly achieve security, both for ourselves, and our children. And we need look no farther than our own Declaration of Independence to see the arguments laid out with clarity, by folks who had as much reason as we to know.

RoyJuly 21, 2007 7:31 PM

Real badges are not necessarily safe. Think of George Michael Gwaltney, the only (at the time) CHP officer charged with committing murder while on duty. He was tried twice, with hung juries, in Barstow, California. Then the feds tried him for violating the civil rights of Robin Bishop by killing her, and got a conviction.

Basically, we civilians are screwed. It's the luck of the draw.

TwmJuly 22, 2007 5:27 PM

It's a known scam in the UK to impersonate a service man from the utility companies to gain entry into a flat, usually praying on the frail and elderly.
Some scamsters are known to have decorated their vans to show British Gas logo etc.
One of the problems in relying on a phone number that the guy gives you is that it could be his mate's number who is in on the scam.
There was quite a lot of publicity on TV from the utility companies, but I'm not sure how effective they were.
People tend to feel like they are an inconvenience when calling about the gasman and I don't think I would call 999 to check and if everyone insisted, then I'm sure it would clog the system anyway.
When you are out on the street, unprepared - it's unlikely that you would confront an agressive man with a shield.

Eric K.July 23, 2007 9:33 AM

I guess what we need for dealing with this is some sort of national badge registry in which the details for all officially-issued badges are stored.

Someone flashes a badge at you anywhere in the US, you call a single number, type in the badge number and a number representing the issuing agency, and the automated voice on the other end reads back the name of the issuing agency and the name of the badgeholder.

This has to be easy and fast, as a badgeholder flashing his badge in your face isn't going to be wanting to spend an hour waiting for you waiting on hold before he can get you to respect his authority.

It also has to be secure enough to trust, and hard to abuse. How does one guarantee that the name of the person holding the badge is actually what the badge states? If the phone system tells you enough information to verify the badgeholder is who he says he is, how to you prevent people from mining this badge database for other purposes, like finding enough details to forge a badge?

Not an easy problem to solve Far easier to abuse in nearly any implementation

David HarmonJuly 23, 2007 9:58 AM

The thing is, it's actually not unreasonable that a Governor should have police as guards, and I'm sure he could have arranged for some. Indeed, he could probably have instituted a non-police, but official, corps.

For the civilian aide to fake law-enforcement badges... well, besides "impersonating a police officer", this could be seen as the Governor's office directly infringing on police authority.

Bill ThompsonJuly 23, 2007 12:14 PM

I'm a UK journalist and have a Press Card issued by the National Union of Journalists. In order to prove my credentials with the police there is a number they can call (it's on the card but they also have it centrally) that will check a PIN code I give them. Not by any means foolproof, but some degree of authentication.

derfJuly 23, 2007 1:53 PM

"Under state law, it is illegal to use a badge without authority"

I have a feeling there's a lot more legalese in there somewhere.

If I create my own personal badge, can I give myself authority to use it? What about employee ID badges for my company?

Questions, questions, questions.

TwmJuly 23, 2007 2:50 PM

The problem with the "central badge registry" idea is cost. It would only happen when the problem is percieved to be endemic and more damaging than something else worth spending money on.

AndyJuly 23, 2007 2:52 PM

Reminds me of the time I tried to check out a book at the university library, having just lost my student id. The librarian joked that they would accept "any official-looking piece of plastic". I never bothered to replace the student id...

mikeOctober 15, 2007 2:37 AM

I have worked in the public safety sector for a number of years as a paramedic, my father is a retired police officer. at no time have I or my father had any problem showing our Identification card/ paramedic license to verify that we are who we say we are.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..