crime Archives - Page 18 of 39 - Schneier on Security

Entries Tagged "crime"

Page 18 of 39

New Police Computer System Impeding Arrests

In Queensland, Australia, policemen are arresting fewer people because their new data-entry system is too annoying:

He said police were growing reluctant to make arrests following the latest phased roll-out of QPRIME, or Queensland Police Records Information Management Exchange.

“They are reluctant to make arrests and they’re showing a lot more discretion in the arrests they make because QPRIME is so convoluted to navigate,” Mr Leavers said. He said minor street offences, some traffic offences and minor property matters were going unchallenged, but not serious offences.

However, Mr Leavers said there had been occasions where offenders were released rather than kept in custody because of the length of time it now took to prepare court summaries.

“There was an occasion where two people were arrested on multiple charges. It took six detectives more than six hours to enter the details into QPRIME,” he said. “It would have taken even longer to do the summary to go to court the next morning, so basically the suspects were released on bail, rather than kept in custody.”

He said jobs could now take up to seven hours to process because of the amount of data entry involved.

This is a good example of how non-security incentives affect security decisions.

Posted on January 22, 2009 at 1:51 PM • View Comments

In-Person Credit Card Scam

Surely this isn’t new:

Suspects entered the business, selected merchandise worth almost $8,000. They handed a credit card with no financial backing to the clerk which when swiped was rejected by the cash register’s computer. The suspects then informed the clerk that this rejection was expected and to contact the credit card company by phone to receive a payment approval confirmation code. The clerk was then given a number to call which was answered by another person in the scam who approved the purchase and gave a bogus confirmation number. The suspects then left the store with the unpaid for merchandise.

Anyone reading this blog would know enough not to call a number given to you by the potential purchaser, but presumably many store clerks don’t have good security sense.

Posted on January 19, 2009 at 1:23 PM • View Comments

Two Security Camera Studies

From San Francisco:

San Francisco’s Community Safety Camera Program was launched in late 2005 with the dual goals of fighting crime and providing police investigators with a retroactive investigatory tool. The program placed more than 70 non-monitored cameras in mainly high-crime areas throughout the city. This report released today (January 9, 2009) consists of a multi-disciplinary collaboration examining the program’s technical aspects, management and goals, and policy components, as well as a quasi-experimental statistical evaluation of crime reports in order to provide a comprehensive evaluation of the program’s effectiveness. The results find that while the program did result in a 20% reduction in property crime within the view of the cameras, other forms of crime were not affected, including violent crime, one of the primary targets of the program.

From the UK:

The first study of its kind into the effectiveness of surveillance cameras revealed that almost every Scotland Yard murder inquiry uses their footage as evidence.

In 90 murder cases over a one year period, CCTV was used in 86 investigations, and senior officers said it helped to solve 65 cases by capturing the murder itself on film, or tracking the movements of the suspects before or after an attack.

In a third of the cases a good quality still image was taken from the footage from which witnesses identified the killer.

My own writing on security cameras is here. The question isn’t whether they’re useful or not, but whether their benefits are worth the costs.

Posted on January 13, 2009 at 6:58 AM • View Comments

The Best Capers of 2008

Good list.

Posted on January 6, 2009 at 2:28 PM • View Comments

Shoplifting on the Rise in Bad Economy

From the New York Times:

Police departments across the country say that shoplifting arrests are 10 percent to 20 percent higher this year than last. The problem is probably even greater than arrest records indicate since shoplifters are often banned from stores rather than arrested.

Much of the increase has come from first-time offenders like Mr. Johnson making rash decisions in a pinch, the authorities say. But the ease with which stolen goods can be sold on the Internet has meant a bigger role for organized crime rings, which also engage in receipt fraud, fake price tagging and gift card schemes, the police and security experts say.

[…]

Shoplifters also seem to be getting bolder, according to industry surveys.

Thieves often put stolen items in bags lined with aluminum foil to avoid detection by the storefront alarms. Others work in teams, with a decoy who tries to look suspicious to draw out undercover security agents and attract the attention of security cameras, the police said.

“We’re definitely seeing more sprinters,” said an undercover security guard at Macy’s near Oakland, Calif., referring to shoplifters who make a run for the door.

A previous post listed the most frequently shoplifted items: small, expensive things with a long shelf life.

EDITED TO ADD (1/13): Maybe shoplifting isn’t on the rise after all.

Posted on December 29, 2008 at 2:52 PM • View Comments

Friday Squid Blogging: Vandals Wreck Giant Squid Collection

Sad squid news.

…vandals got in by taking advantage of a temporary door, smashed windows and broke display cases containing male and female giant squids each measuring ten metres long as well as skeletons of whales, tortoises, marine birds and fossils.

Where was the security?

Posted on December 26, 2008 at 4:41 PM • View Comments

CCTV Cameras Going Unmonitored

This is not surprising at all; when money is scarce, these sorts of things go unfunded. Perhaps the biggest surprise is that people thought the cameras were ever monitored—generally, they’re not.

Posted on December 26, 2008 at 7:09 AM • View Comments

Registry of Cell Phone Owners

In Mexico:

Also Tuesday, the Senate voted to create a registry of cell phone owners to combat kidnappings and extortions in which gangs often use untraceable mobile phones to make ransom demands.

Telecoms would be required to ask purchasers of cell phones or phone memory chips for their names, addresses and fingerprints, and to turn that information over to investigators if requested.

At present, unregulated vendors sell phones and chips for cash from streetside stands. It is unclear how such vendors would be made to comply with the new law.

How easy is it to steal a cell phone? I’m generally not impressed with security measures, especially expensive ones, that merely result in the bad guys changing their tactics.

Posted on December 22, 2008 at 12:01 PM • View Comments

Food in Defense of a Crime

Last year, throwing hot coffee in the face of a store clerk was a new robbery tactic. Now, we have a Pizza Hut delivery man throwing a hot pie in the face of a would-be (armed) mugger.

Posted on December 22, 2008 at 6:16 AM • View Comments

As the first digital president, Barack Obama is learning the hard way how difficult it can be to maintain privacy in the information age. Earlier this year, his passport file was snooped by contract workers in the State Department. In October, someone at Immigration and Customs Enforcement leaked information about his aunt’s immigration status. And in November, Verizon employees peeked at his cell phone records.

What these three incidents illustrate is not that computerized databases are vulnerable to hacking—we already knew that, and anyway the perpetrators all had legitimate access to the systems they used—but how important audit is as a security measure.

When we think about security, we commonly think about preventive measures: locks to keep burglars out of our homes, bank safes to keep thieves from our money, and airport screeners to keep guns and bombs off airplanes. We might also think of detection and response measures: alarms that go off when burglars pick our locks or dynamite open bank safes, sky marshals on airplanes who respond when a hijacker manages to sneak a gun through airport security. But audit, figuring out who did what after the fact, is often far more important than any of those other three.

Most security against crime comes from audit. Of course we use locks and alarms, but we don’t wear bulletproof vests. The police provide for our safety by investigating crimes after the fact and prosecuting the guilty: that’s audit.

Audit helps ensure that people don’t abuse positions of trust. The cash register, for example, is basically an audit system. Cashiers have to handle the store’s money. To ensure they don’t skim from the till, the cash register keeps an audit trail of every transaction. The store owner can look at the register totals at the end of the day and make sure the amount of money in the register is the amount that should be there.

The same idea secures us from police abuse, too. The police have enormous power, including the ability to intrude into very intimate aspects of our life in order to solve crimes and keep the peace. This is generally a good thing, but to ensure that the police don’t abuse this power, we put in place systems of audit like the warrant process.

The whole NSA warrantless eavesdropping scandal was about this. Some misleadingly painted it as allowing the government to eavesdrop on foreign terrorists, but the government always had that authority. What the government wanted was to not have to submit a warrant, even after the fact, to a secret FISA court. What they wanted was to not be subject to audit.

That would be an incredibly bad idea. Law enforcement systems that don’t have good audit features designed in, or are exempt from this sort of audit-based oversight, are much more prone to abuse by those in power—because they can abuse the system without the risk of getting caught. Audit is essential as the NSA increases its domestic spying. And large police databases, like the FBI Next Generation Identification System, need to have strong audit features built in.

For computerized database systems like that—systems entrusted with other people’s information—audit is a very important security mechanism. Hospitals need to keep databases of very personal health information, and doctors and nurses need to be able to access that information quickly and easily. A good audit record of who accessed what when is the best way to ensure that those trusted with our medical information don’t abuse that trust. It’s the same with IRS records, credit reports, police databases, telephone records – anything personal that someone might want to peek at during the course of his job.

Which brings us back to President Obama. In each of those three examples, someone in a position of trust inappropriately accessed personal information. The difference between how they played out is due to differences in audit. The State Department’s audit worked best; they had alarm systems in place that alerted superiors when Obama’s passport files were accessed and who accessed them. Verizon’s audit mechanisms worked less well; they discovered the inappropriate account access and have narrowed the culprits down to a few people. Audit at Immigration and Customs Enforcement was far less effective; they still don’t know who accessed the information.

Large databases filled with personal information, whether managed by governments or corporations, are an essential aspect of the information age. And they each need to be accessed, for legitimate purposes, by thousands or tens of thousands of people. The only way to ensure those people don’t abuse the power they’re entrusted with is through audit. Without it, we will simply never know who’s peeking at what.

This essay first appeared on the Wall Street Journal website.

Posted on December 10, 2008 at 2:21 PM • View Comments

←Previous 1 … 16 17 18 19 20 … 39 Next→

Sidebar photo of Bruce Schneier by Joe MacInnis.