The View From Broken Windows

The passing of of eminent political scientist James Q. Wilson has brought renewed attention and almost universal praise to his most famous work, Broken Windows Theory. While Wilson will certainly be missed and Broken Windows was a rare and valuable fresh addition to police doctrine, now that his theory has been put to the test for 30 years, it’s time to reevaluate its success and some of its assumptions just as Wilson began to do later in his life. Continue reading

Predictive Policing With Big Data

Police Departments nationwide have been using data and statistics to drive policing since the 90s in an approach founded by the NYPD named CompStat was credited with dramatic reductions in crime and increases in efficiency. CompStat, a process and philosophy rather than a single technology or software, uses databases and GIS to record and track criminal and police activity and identify areas that are lagging or need more attention. While it provides much more information than “primal policing”, CompStat has advanced little beyond simple spreadsheets and mapping software. Inspired by recent innovations in Big Data and Apache Hadoop and businesses like Walmart or Amazon using analytics to determine future demand, departments across the country and worldwide are looking to take this approach to the next level and go from tracking crime to predicting it. Continue reading

The Cyber Power Index

The Economist Intelligence Unit sponsored by Booz Allen Hamilton recently released their Cyber Power Index, which compares the G20 countries in their ability to resist cyber attacks while simultaneously leveraging information technology in their economy. The nations are ranked based on 39 indicators combined into 4 weighted attributes: Legal and Regulatory Framework, Economic and Social Context, Technology and Infrastructure, and Industry Application. The Cyber Power Index is in interactive tool so users can custimize the weighing as well as drill down into the details, but the default has all four factors as roughly equal, with slightly less emphasis on Industry Application. With these settings, the index holds a few surprises. The United States is second, behind the United Kingdom, and some of the countries often characterized to be cyber powerhouses like China and Russia did relatively poorly, 13th and 14th place respectively. Continue reading

DC Area Police Use of Force

Police use of force isn’t necessarily bad – we give law enforcement tools, training, and mandates to use force on behalf of polite society for a reason. It also isn’t common, with less than 1% of all calls for service resulting in use of force. It is, however, always alarming, at best a sign that officers encountered an extremely dangerous situation and at worst, in the case of deadly force, short-circuiting the justice system. So when police use of force spikes, as it did last year in the DC area, my own backyard, we must take notice.

Prince George’s County reported 8 fatal police-involved shootings in 2011, up from only one in 2010, and the Metropolitan Police Department of DC saw 5 people killed in police-involved shootings with none in the previous year. Officials say that this is due to officers getting attacked more often, but statistics on violence are mixed. In both DC and PG County, homicides decreased last year. While assaults on police officers in PG County stayed roughly constant, there was some increase in assaults against officers with guns and three officers were shot and wounded, which a spokesperson called “unprecedented.” In DC, while statistics for 2011 were not available, the FBI recorded assaults against police increasing slightly from 969 in 2009 to 998 in 2010. If this trend continued into 2011, the increase in assaults would be much smaller as a proportion than the increase in lethal force employed by police, so what might be driving these numbers, and how can we reduce them? Continue reading

Crying “Cyber Attack” In Illinois

via CTOvision.com

Earlier this month, a pump burned out mysteriously at a water plant in Springfield, Illinois. Log data traced the problem back several months to a command from an IP address in Russia that forced the pump to turn on and off repeatedly until it broke. When this news was leaked to the media from a cyber expert convinced that we were under attack by Russian hackers, a media frenzy ensued that made it all the way to Congress. On MSNBC, Rep. Jim Langevin, the  founder of the Congressional Cybersecurity Caucus, lamented our state of preparedness and called the attack, allegedly the first against the United States with a kinetic effect, yet another “wakeup call.” The weakness of American supervisory control and data acquisition (SCADA) systems was referenced by an anonymous hacker on PasteBin, which some in the press believed to be a confession. The worst fears of cybersecurity experts had been confirmed, foreign hackers could cause damage to US critical infrastructure through the internet.

Except that wasn’t what happened in Illinois, which highlights the difficulty of forensics and attribution in cyberspace. The DHS and FBI, who were investigating the alleged attacks, denied from the beginning that there was any proof of intrusion on the SCADA logs and recently concluded the investigation, releasing the results. The failure was due to a faulty command inputted by a contractor several months ago who accessed the system remotely while travelling through Russia on personal business. Over time, his mistake caused greater and greater errors until, several months later, the pump failed. While, as the source who initially leaked the suspicious information noted to defend his claims, there is no proof that the water plant wasn’t hacked, it seems very unlikely given corroborating evidence of the mistake. Continue reading

Police Militarization, Professionalism, and the Balance of Persuasion and Force

By Fred Leland and Alex Olesker

“The strategic success of the Byzantine empire was of a different order than any number of tactical victories or defeats: it was a sustained ability, century after century, to generate disproportionate power from whatever military strength could be mustered, by combining it with all the arts of persuasion, guided by superior information.” ~Edward Luttwak

There has been a lot of talk recently in the wake of responses to the Occupy Wall Street Movement and its nationwide evolution on the topic of militarizing police forces. This topic has also come up in regards to police raids in their various forms throughout the country. Yet “militarization” is seldom defined and has grown to mean whatever the author doesn’t like about modern law enforcement. Often it’s about gear, but dressing in black does little to militarize an agency. Expanding tactical capabilities also do not justify the widespread outrage, as a more capable police force is, all else being equal, always preferable. Continue reading

Ovens Versus Guns: Interdiction, Opportunity, and Security

Studying security even in the Frozen North, I recently sat in on a terrorism lecture by criminologist Dr. Troy Payne at the University of Alaska, Anchorage. On the subject of disrupting terrorist networks, he brought up some counter-intuitive studies and statistics on suicide in the UK.

While we assume that those who kill themselves are highly motivated, suicides in the UK dropped precipitously between 1963, when carbon monoxide (CO) was removed from public gas, and 1975, despite other factors correlated with suicide such as unemployment increasing, as did the suicide rate in the rest of Europe. Gas suicide, sticking your head into an oven like Sylvia Plath, accounted for 40% of suicides in the UK at 1963, almost the same as the decrease by the time carbon monoxide was phased out. Continue reading

Dronegate: The First Casualty is our Cybersecurity Paradigm

As of yet, there is no definitive narrative of the virus that hit the U.S. drone fleet at Creech Air Force Base in Nevada this September. Original reports stated that drone cockpits had been infected with a keylogger virus and, while there was no indication that classified information had been stolen or that missions had been compromised, the virus has proven tenacious, resisting efforts to disinfect machines and forcing the Air Force to wipe entire hard drives. Sources said that officials at Creech never informed the 24th Air Force, the central authority on cyber for the Air Force, about the breach until the 24th read about it online. Yesterday, however, in its first official statement on the infection, the Air Force explained that the virus was actually credential stealer and insisted that the virus was only a nuisance that was easily contained. It claimed that the 24th AF had known about the breach since the 15 September. The Air Force also disputed that cockpits were affected, stating that only ground control systems were breached.

If initial reports were true, then our military cybersecurity is in a lamentable state. The most critical element of perhaps our most vital weapons and intelligence systems would have been breached, and the primary defenders were kept in the dark because of the fear of failure that permeates security and stifles information-sharing and cooperation. But even if the relatively optimistic official accounts of the infection are the whole truth, the military’s computer security paradigm still needs an overhaul. Continue reading

London Riots Retrospective: The Baseball Bat Doctrine

When a London Riots round-table was proposed, I promised an article on what I found to be the most interesting news out of the whole ordeal: on the third day of the riots in London, Amazon’s UK sales of baseball bats increased by over  6,500% in 24 hours, a rather curious discovery as I thought they played cricket over there. Similarly, police baton sales went up over 4,200%.

As the riots raged, I heard many Americans blame those effete Brits for banning firearms, explaining that here, where every shop owner is expected to be packing heat, such a thing would never happen. Not only is this historically false, as demonstrated by stateside riots like those in 1992 Los Angeles, but it has the pro-gun crowd making the same mistake as some gun-control advocates. Guns don’t kill rioters, shopkeepers kill rioters, and if anything, a clerk with a baseball bat in the face of a masked mob is much more hardcore than an attendant with a handgun. It takes a certain level of desperation and fear to smash someone to bits with sporting goods – it’s much more dangerous, messy, and personal. Continue reading

We’re Already Cyborgs

Re-posted from CTOvision.com

I noticed the phenomenon XKCD describes above in a recent trip outside the states to Uzbekistan, via Munich. When I touched down in Germany, to my surprise the airport didn’t have wifi and data roaming was $20 a megabyte. With prices more fitting of truffles than data and no internet outlets like I had seen in Denmark, for the next 12 hours connectivity would be a luxury for emergencies only.

So what’s the problem? If you’re only in Munich for 12 hours, why do you need internet? Go out, have a beer (sold here in liters), and see the city. Well, expecting to be able to get online one way or another, I had arrived in Munich with no plans or information, ready to make it up as I went. I knew that the airport was about half an hour from the heart of the city, but I didn’t know how to get there, or even  where “there” was.  I wasn’t even sure how to reach transportation or get around the sprawling airport. Uzbekistan would be even more extreme, with internet only available through the wifi at the first hotel I stayed in in Tashkent at the very beginning of the trip.

Was I the world’s most helpless traveler? Perhaps, but more likely, our hyper-connected world had changed the way I think and I had grown too used to my information age superpowers. With a smartphone and laptop, I was used to having the World Wide Web and the wealth of information it represents at my fingertips whenever and wherever. Years ago, I would have at least looked up the layout of Munich airport before I had gone, or printed out a map. I had intended to meet a friend in town who had to cancel so I didn’t have a plan, but the analog Alex would have hedged his bets with a guide or list of things to see. He would have familiarized himself with public transportation.

Continue reading