Philly City Council Candidate Nikki Allen Poe Joins Calls to Free Imprisoned Journalist Barrett Brown

My friend Poe is running for Philadelphia City Council under issues including an end to abusive searches, weed decrim, and ridding our city of the arbitrary Philadelphia Parking Authority. I’m acting as Poe’s campaign manager.


Speaking in support of Barrett Brown’s immediate release, Poe commented:

“We are trying to Spark a Change here in Philly by ending abusive law enforcement practices and taking a common sense approach to public safety, and really agreeing that a political prisoner should not be held and subjected to successive, inflated prosecutions, as far as change goes, doesn’t seem ground-breaking. Myself being prone to self-defeating internet and public outbursts, I further sympathize with Mr. Brown and urge his immediate freedom be secured.”

Another quick word from Poe:

You can hear more from this peach of a citizen here. I’m not just his manager, I’m his Rove.

Barrett pleaded guilty today to three counts, you can read all about his case at the Free Barrett Brown website. The introductory text below is reproduced from there (I’ll be publishing a review of Barrett’s new book in two shakes, stay on your guard).

Barrett Brown is an American activist, author, and freelance writer/journalist. His work has appeared in theGuardianVanity FairHuffington PostBusinessweekTrue/SlantSkeptical Inquirer and many other outlets. He has appeared as a guest on MSNBC, Fox News and Russia Today and as an interviewee in three recent documentary films: We Are LegionFuture Radicals, and Terms and Conditions May Apply.

He is the founder of Project PM, a distributed think-tank which researches and reports on matters related to the intelligence contracting industry. More recently, he has been misrepresented in the media as a spokesperson for the hacktivist collective known as Anonymous. He’s a co-author on Flock of Dodos: Behind Modern Creationism, Intelligent Design and the Easter Bunny, and had been working on additional books, with topics such as the failures of American media punditry and the early history of Anonymous, while maintaining a blog. Previously, Barrett had served as Communications Director for Enlighten the Vote.

Although Barrett had a serious side, he was also noted for his irreverence and use of humorsatire and hyperbole, demonstrated through writings for National Lampoon and The Onion and is often described as a modern-day Hunter S. Thompson.

Having previously been raided by the FBI on March 6, 2012 and not arrested or charged, on September 12, 2012 Barrett Brown was again raided and this time arrested by the Federal Bureau of Investigation while he was online participating in a Tinychat session. He was subsequently denied bail and detained without charge and adequate medical treatment for over two weeks while in the custody of US Marshals. In the first week of October 2012, he was finally indicted on three counts. related to alleged activities or postings on popular websites such as Twitter andYouTube.

On December 4, 2012 Barrett was indicted by a federal grand jury on twelve additional counts related to data from the Stratfor breach. Despite his lack of direct involvement in the operation and stated opposition to it, he faces these charges simply for allegedly pasting a hyperlink online. On January 23rd, 2013 he was indicted a third time on two more counts, relating to the March 2012 FBI raid(s) on his apartment and his mother’s house.

Barrett has pleaded not guilty in all three cases. He is currently incarcerated while awaiting trial. At this critical time, with such a prominent internet activist facing an extremely difficult legal battle and uncertain future, he needs our unwavering help and support. We encourage you to donate to his defense, so that he may have the resources he needs to fight these charges. Your prospective contribution has significance in a wider campaign for free speech and transparency both on the internet and across the world.”

Research Hacking – Searching for Sensitive Documents on FTP; Captchas and the Google Governor

If you want to find *sensitive documents using Google search (*documents with impacting information which someone does not want revealed, more or less), I’ve found that in addition to targeting queries to search for specific domains and file types, an alternative and potent approach is to restrict your results to files residing on an ftp server. 

The rationale is that while many allow anonymous log-in and even more are indexed by Google, FTP servers are used more for uploading and downloading, storing files than viewing pages, and typically house more office-type documents (as well as software).  As limiting your searches to ftp servers also significantly restricts the overall number of results to be returned, choice keywords combined with a query that tells Google to bring back files that have “ftp://” but NOT “http://” or “https://” in the url yield a high density of relevant results. This search type is easily executed:

Screenshot - 12032013 - 08:10:35 AM

A caveat one encounters before long using this method is that eventually Google will present you with a “captcha.” Many, many websites use captchas and pretty much everyone who uses the internet has encountered one. The basic idea behind a captcha is to prevent people from using programs to send automated requests to a webserver, they are a main tool in fighting spam by thwarting bots that mine the internet for email addresses and other data, and which register for online accounts and other services en masse. The captcha presents the user with a natural language problem which they must provide an answer to.

Google is also continuously updating its code to make it difficult to exploit Google “dorks,” queries using advanced operators similar to one used above (but usually more technical and specific). Dorks are mostly geared toward penetration testers looking for web application and other vulnerabilities, but the cracker’s tools can easily be adapted for open source research.

Screenshot - 12032013 - 08:13:41 AM

Unless you are in fact a machine (sometimes you’re a machine, in which case there are solutions), this should be easily solved; however lately, instead of returning me to my search after answering the captcha, Google has been sending me back to the first search page of my query (forcing me to somewhat start the browsing process again and to encounter another captcha). I’m calling it a Google Governor, as it seems to throttle searchers’ ability to employ high-powered queries.

The good news is that the workaround is really just smart searching. One thing you’ll notice upon browsing your results is that dozens of files from the same, irrelevant site will be presented. Eliminate these by adding -inurl:”” (which tells Google NOT exactly “” in the url). Further restrict your results by omitting sites in foreign domains (especially useful with acronym-based keyword searches): -site:cz -site:nk.

When you find an ftp site which looks interesting, copy and past the url into a client like Filezilla for easier browsing.

To give you an idea of the sensitivity of documents that can be found: One folder was titled “[Name] PW and Signature,” which contained dozens of files with passwords as well as .crt, .pem, and .key files; another titled “admin10” contained the file “passwords.xls.” This was the site of a Department of Defense and Department of Homeland Security contractor – the document contains the log-in credentials for bank accounts, utilities, and government portals. This particular document is of more interest to the penetration tester; for our purposes it serves as a meter for the sensitivity of the gigabytes of files that accompanied it on the server. The recklessness of the uploader exposed internal details of dozens of corporations and their business with government agencies.

The hopefully sufficiently blurred "passwords.xls"
The hopefully sufficiently blurred “passwords.xls”

*As of this writing, the FTP mentioned above is no longer accessible

The Department of Defense Information Operations Condition (INFOCON) Decision Matrix

Screenshot - 11212013 - 03:36:23 PM

Employing meta-search methods for online research about which I have been tweeting and writing, I found myself in possession of a copy of the Department of Defense Information Operations Condition, or INFOCON, Decision Matrix. “INFOCON” is a threat condition like DEFCON, with numbered tiers, based on an intelligence assessment of active malware and its likelihood of disrupting connectivity/functionality.

There is much more where this came from. – K

The Problem is that They Don’t Acknowledge this Problem

We could ignore everything wrong with pattern analysis and predictive policing (as in it usually amounts to statistical racial profiling) as they are used in fusion centers – and the largest problem still remains, that those who are designing the modus operandi don’t see the problem with imputing it with the following premise –

(from “Integrating the Philadelphia Fire Department into the Fusion Center Process,” by Derrick J. V. Sawyer Philadelphia Fire Department, Philadelphia, Pennsylvania)

Screenshot - 11132013 - 08:30:04 AM

Forensic Indexing, Metadata, and the DVIC Privacy Policy

When doing research on a subject that has some measure of obscurity by design, such as the fusion center in Philadelphia, the Delaware Valley Intelligence Center (DVIC), I often find the only way to fill in the gaps is to “data-mine” for documents. I use quotes, because data-mining strictly involves aggregating and analyzing more fragmented bits of *data, I deal more in *information, and data-mining usually applies to a much more intensive level of computation applied to a much larger corpus to be processed than I will discuss here.

You can get hands on with data mining. This is Tree-Map, I use a program called XBase. They're similar, great for browsing structured data  like xml.
You can get hands on with data mining. This is Tree-Map, I use a program called BaseX. They’re similar, great for browsing structured data like xml.

A more appropriate term would be “forensic indexing,” in that I am applying basic methods of digital forensics like metadata extraction to a general knowledge management system for large collection of documents, too large realistically to open one by one. And I’ve just made it sound more organized than it usually is.

In the case of the DVIC what this meant was using an application which automates queries to metasearch engines as well as enumerating a specified domain to find relationships and other information. I used FOCA. I saved the documents that were the result of this search in separate folders according to which domain I had chosen for the search. I collected around 1800 documents.

I then run a simple command line program called pdfgrep, I used the command pdfgrep -n -i “dvic” *.pdf to bring me a list displaying every line in every pdf file in the same directory containing the phrase “dvic,” tagged with file name, page of line, and ignoring case. One such query returned:

[filename]pg#: "text"
[filename]pg#: “text”

As you might imagine if you have followed the Declaration’s coverage, I was a bit confused. I went to the corresponding folder on my desktop and opened the file in my reader:

Screenshot - 11062013 - 05:33:45 PM

This document is titled “Nebraska Information Analysis Center,” another fusion center which it just so happens is missing a document from the fusion center association website. Where metadata plays in, and why I had missed this by manually “googling” until now, is in how FOCA searches for documents – by file name which is in the metadata of the document which gives its file path on the machine that stores it, its uri– something you can sometimes do by typing inurl:[term] into Google, but then you would have to know the exact name of the file to get relevant results. The name of this file is “Delaware-Valley-Intelligence-Center-Privacy-PolicyMar-2013.” It would have been very difficult to come up with this by educated accident.

Screenshot - 11062013 - 05:11:50 PM

So while there are still serious questions about the date gap between beginning a “cell” and submitting a policy, and concerns about a lack of full time privacy officer among others, it seems that everyone that was sure that a policy was completed and was approved by the DHS was quite correct, and I’d like to thank them for adding accurate memory to their graciously-given time to discuss the subject. It seems that a March draft was labeled somewhere in its life as the Nebraska Information Analysis Center’s policy perhaps at the National Fusion Center Associate website, where the “comprehensive” list is found, by whomever didn’t link it to the analysis center website.

This is only one elucidation among many from recent developments, the fruits of fresh approaches, and as mentioned, more documents to parse. Read the Declaration

Perl Crawler Script “fb-crawl” Lets You Automate and Organize Your Facebook Stalking

While browsing for scripts that might make my often very high-volume webmining for research less time-consuming/more automated, I came upon the following on Google Code is a script that crawls/scrapes Facebook friends and adds their information to a database.
It can be used for social graph analysis and refined Facebook searching.


– Multithreaded
– Aggregates information from multiple accounts


This is very useful for social engineering and market research, and could also very easily find fans among the more unsavory Wall creepers. They don’t even have to be programming-competent, so most neck-bearded shiftless layabouts and of course Anons can do it. You only have to plug in your FB email address and  a MySQL password (you can download and click-to-install MySQL with simple prompts if you don’t have it).


Crawl your friends’ Facebook information, wall, and friends:
$ ./ -u -i -w -f

Crawl John Smith’s Facebook information, wall, and friends:
$ ./ -u -i -w -f -name ‘John Smith’

Crawl Facebook information for friends of friends:
$ ./ -u -depth 1 -i

Crawl Facebook information of John Smith’s friends of friends:
$ ./ -u -depth 1 -i -name ‘John Smith’

Extreme: Crawl friends of friends of friends of friends with 200 threads:
$ ./ -u email@address -depth 4 -t 200 -i -w -f

Users of the script can also aggregate information about relationship status by location or by school, essentially allowing stalkers to create automated queries for lists of potential victims.


Find local singles:
SELECT `user_name`, `profile` FROM `info` WHERE `current_city` = ‘My Current City, State’ AND `sex` = ‘Female’ AND `relationship` = ‘Single’

Find some Harvard singles:
SELECT `user_name`, `profile` FROM `info` WHERE `college` = ‘Harvard University’ AND `sex` = ‘Female’ AND `relationship` = ‘Single’

And if a stalker wants to make an even handier database of GPS located targets, there are plug-ins:

To load a plug-in use the -plugins option:
$ ./ -u email@address -i -plugins
This plug-in adds the user’s coordinates to the database using the Google Geocoding API.

And as no stalker want to terrorize someone age-inappropriate, they can sort by DoB as well
This plug-in convert the user’s birthday to MySQL date (YYYY-MM-DD) format.

From IACP 2013: GBI’s Vernon Keenan and others on “Using Social Media as an Investigative Tool”

For an even more complete picture of how cops are making social media a part of their every day operations, I’m also reposting video from another panel at the International Association of Chiefs of Police which I made while covering it last week entitled “Using Social Media as an Investigative Tool,” featuring Vernon Keenan of the Georgia Bureau of Investigations.

Keenan’s comments about the privacy climate in the aftermath of Edward Snowden’s revelations were reported by Reuters.

I also attended “Leveraging Concepts and Techniques of Social Media Monitoring and Analytics to Enhance Special Event Security and Executive Protection Capabilities,” about which I will be publishing further.


Top Cop: There’s a ‘Huge Social Media Component’ to Policing These Days – South Deering – Chicago

I was interested to see that Erica Demarest of DNAinfo Chicago was able to obtain comment from Police Superintendent McCarthy regarding my the report from IACP:



Photo credit: DNAinfo/Erica Demarest
Photo credit: DNAinfo/Erica Demarest

After a panel in Philadelphia last week, reports circulated that a “senior representative” from the Chicago Police Department claimed the city’s cops were working with Facebook to permanently block users who post what’s deemed criminal content.

During the panel — which was hosted by the International Association of Chiefs of Police — a panelist claimed Facebook could identify and permanently block a person’s phone or computer from using the site.

McCarthy wouldn’t address the claims, but did say Chicago cops use social media to aid in their investigations.

“Obviously, there’s a huge social media component to law enforcement these days,” the superintendent said Monday in the South Chicago Police District station, 2255 E. 103rd St.

But “I don’t want to speak about investigative prowess … because it can compromise some of the advantages that we’re finding.”

The top cop said the police department plans to expand its use of social media in coming years.

via Top Cop: There’s a ‘Huge Social Media Component’ to Policing These Days – South Deering – Chicago.

How Police Use Social Media To Monitor, Respond to, and Prevent Mass Gatherings

I have posted several reports from a recent police chiefs conference in Philadelphia, at which revelations were made that have been reported elsewhere in the press which cite this blog. An official from the Chicago Police, whose name I omitted because I have not deciphered it from my recording, announced work between his department and Facebook to disable certain users from posting to website by a device ID. These comments were part of a short session that followed the main discussion, which was titled “Helping Law Enforcement Respond to Mass Gatherings Spurred by Social Media.”

A Facebook spokesperson contacted me via email last night and said that the company has “no special relationship”  with Chicago Police to block users and responds to all reports of violate content equally.  Facebook has updated its “fact check” page with the following item:

Fact Check

Facebook’s Law Enforcement Guidelines

October 27, 2013 11:00 a.m. PT

Content reported by law enforcement is subject to the same review applied to reports from anyone using Facebook. There is no special partnership. We evaluate these reports based on our community standards, and as always, may remove information that violates our policies.

Read more here.

The following report is posted in order to clarify stories which describe a plan to “make protesting impossible” that do not represent the context of the officer’s statement, and to provide a sober look at what we do know about how law enforcement is using Twitter, Facebook, Youtube, dating sites, forums, and the rest of the social web, from the mouths of the police who do the most with it.

After attending this panel and from my own experience covering law enforcement interaction with 1st Amendment protected demonstrations as well as more “direct action” geared assembly, I cannot imagine something law enforcement would want to do less than shut down Facebook or twitter during a protest. With notable exceptions, monitoring and influencing a group of people who self-identify for ready-made aggregation by #hashtagging their activity is a favorable arrangement for police.

Police departments have recognized how integral social media platforms like Facebook and Twitter have become in mainstream communications, and dependence on the Internet by the public to access private and government resources and information has expanded to the degree that even the smallest township department is expected to have a presence on the world wide web.

Thetford Township, Michigan, population  8,277
Thetford Township, Michigan, population 8,277

It is now familiar for a police twitter account to be a celebrity of itself, and vital public relations bulletins are now tweeted contemporaneously or prior to the issuance of traditional press advisories, as seen after the Boston Marathon bombings, when erroneous reports of an arrest on CNN’s twitter feed were corrected by the BPD’s account. As smartphones proliferate crowds the police have in turn taken to having officers on site to film the entirety of gatherings (TARU, the Technical Assistance and Response Unit, does this for the NYPD).

Screenshot from 2013-10-26 14:38:39

Law enforcement has taken to heart the real-time interaction and mobile capabilities of new technology, especially the ubiquity of smartphones and the ability for not only media organizations but participants in events to provide live video coverage of their activities to an international audience, and incorporated it into their operations to enhance more traditional practices of “spin control” and public relations, as well as finding wide application for the information resources of the web in their investigations and the crafting of policy.

Departments have used social media as a key source for strategic and tactical intelligence, and as a medium for conducting counter-intelligence operations. Chicago, Toronto, Oakland, Indianapolis, and Milwaukee are all among departments that report success in using social media in operations to surveil and even deter mass gatherings. Under certain conditions of perceived risk, special units or officers frequently undertake targeted monitoring and  “digital stakeouts,”  which can be done from anywhere with precious few necessary resources. Chief William Blair of the Toronto Department said, for example, that for every big event in his city he had 8 officers assigned to the Major Incident Unit whose sole job is to conduct social media operations.

State Police in Chicago lock batons during a confrontation at the NATO protests May 2012. Photo by Kenneth Lipp
State Police in Chicago lock batons during a confrontation at the NATO protests May 2012. Photo by Kenneth Lipp.

The close attention paid is a rational response to the feedback loop created by the real-time interaction of participants in mass gatherings with those observing the scene remotely – the potential for “flash mobs” of thousands to gather as a result of  tweets and Facebook posts is not a theoretical one, and events already drawing large crowds such as sporting events and scheduled protests can be augmented and influenced heavily by images, video, and messages posted online.

Photo by Kenneth Lipp
Denver Police flank an un-permitted march through the 16th Street Mall downtown. Photo by Kenneth Lipp
Police in Denver outside the Education Building where they interdicted a protest. Photo by Kenneth Lipp
Police in Denver outside the Education Building where they interdicted a protest. Photo by Kenneth Lipp

Philadelphia Police officer Corporal Frank Domizio presented a case study in February on how his department used practices of manipulating traditional media in concert with internet social network monitoring to successfully uproot the Occupy Philadelphia encampment at Dilworth Plaza in November of 2011. Corporal Domizio writes for the IACP:

[Captain Ray Evers, formerly commander of the PPD’s Office of Media Relations and Public Affairs] says social media was integral to the last push to clear the city’s Dilworth Plaza of Occupy Wall Street protesters so that planned construction could begin on the plaza. “We embedded a reporter with Commissioner Ramsey, which gave our efforts lots of credibility because the reports were coming from a neutral source,” Evers explains.

It was another example of combining traditional with new media, as the reporter lent an “old school” source of information while Evers and the rest of his team used social media for tactical, step-by-step information transmission. “We actually compete with news media because we’re going directly to consumers, without need for the media middleman,” Evers says. And yet, as the Dilworth operation showed, traditional media are still necessary.

The result: no incidents of police brutality were reported or recorded, as had been the case in other cities. “These days everyone has a camera, and if something had happened, it would’ve come out,” says Domizio.

There were 52 arrests at the Dilworth eviction, and while the Philadelphia media on the large part did accept that the police were comparatively gentle, the protesters themselves have indeed used words like “brutality” and “rancor and violence,” and Will Bunch of Philly Daily News noted that the press had abandoned the Occupiers.

A history of the potential for embedded reporters to be directed from unfavorable observations is available for the reader to independently research and assess.

Occupy Philadelphia eviction. Photo by Dustin Slaughter
Occupy Philadelphia eviction. Photo by Dustin Slaughter

Chiefs are working with Federal law enforcement agencies and the private sector to develop technology and best practices for local police (these partnerships are termed community-policing initiatives as part of the Department of Justice COPS office, Community Oriented Policing Services, and are often supported by the DoJ Bureau of Justice Assistance) on how to maximize social media tools to engage the public and for investigation, interdiction, and prosecution. The International Association of Chiefs of Police, which met 13,000-officers-strong in Philadelphia last weekend for networking and discussions that largely featured these policy and industry developments, operates a Center for Social Media that pools resources developed to assist law enforcement agencies who wish to implement social media into their own operations.

When Mayor Quan was spotted leaving the Capitol Hilton, the news was tweeted and her car was stopped in the middle of K Street for a full 5 minutes
When Mayor Quan was spotted leaving the Capitol Hilton by protesters demonstrating outside the US Conference of Mayors in January ’11, the news was tweeted and her car was stopped in the middle of K Street for a full 5 minutes
Protester outside the Capitol Hilton
Protester outside the Capitol Hilton
Occupy DC at McPherson Park protesters bang drums and chant for Mayor Quan of Oakland to leave the US Conference of Mayors at the Capitol Hilton, Washington, DC
Occupy DC at McPherson Park protesters bang drums and chant for Mayor Quan of Oakland to leave the US Conference of Mayors at the Capitol Hilton, Washington, DC

I’ve reported in several posts about a Chicago Police/Facebook collaboration to block criminal posting from the site by user and device. This collaboration was described by a Chicago PD official at the above-mentioned IACP conference, 2013 Conference Flyer (pdf) at the panel “Helping Law Enforcement Respond to Mass Gatherings Spurred by Social Media,” held Monday, October 21. The official, not on the schedule for the panel, spoke during the Q & A session at the behest of Chuck Wexler, the Executive Director of the Police Executive Research Forum, who led the workshop along with Chief William Blair of the Toronto Police and Assistant Chief Liebold of Milwaukee PD.


Facebook’s Chief Security Officer Joe Sullivan was originally scheduled, according to the flyer, but a Facebook spokesperson tells me that while they “haven’t yet figured out what caused” the Facebook Chief of Security to appear in the schedule, they can confirm that he was never supposed to speak at the event.

In the panel, one of dozens at the conference that highlighted the importance of social networking, cybercrime, and their intersection in “intelligence-led policing” (a close analog of “community-oriented policing”), the speakers provided an overall scope of how law enforcement uses the internet, and what about these practices is novel.

The panel description reads:

Protests and mass gatherings aren’t what they used to be. This discussion will focus on the new methods organizers and protestors are using to get the word out, and how law enforcement can sharpen their skills to ensure an even playing field.

Screenshot from 2013-10-27 08:56:51

After an introduction from Ms. Katherine McQuay, Assistant Director, Office of Community Oriented Policing Services, U.S. Department of Justice , a former journalist,  the panel began with Mr. Wexler, who first made clear that he was not an expert by any means in social media, and that he would largely defer to Assistant Chief Liebold and to Chief Blair, whose department’s policies were frequently lauded in more than one panel as a gold standard in the field.

Tactics used in Philadelphia have been reported as an adaptation to unfavorable media coverage of brutality in California and by the NYPD and resulting litigation, and it is at panels such as those held at IACP in Philadelphia where that experience is shared. Wexler’s organization PERF provides another, more elite, venue for such industry audits. Their work consulting with chiefs of police from departments whose cities held Occupy Wall Street movement encampments earned them some attention in the media in November 2012. Commissioner Ramsey of Philadelphia was among law enforcement executives facing occupations that attended and advised in these sessions, and whose cities within a month conducted evictions of those encampments. The communications were revealed in the press, and Wexler’s organization suffered from the ire of activists as well as the wrath of Anonymous, which he recalls as an introduction to the panel. There is no evidence that PERF advised any specific tactics, and in their response to the allegation issued a statement directing everyone who wishes to obtain an accurate view of PERF’s work to read a report that we released in July 2011 called “Managing Major Events: Best Practices from the Field.”

Before Wexler launches into his “observations” he takes a moment to direct the audience to the IACP’s social media resource page, which contains the NYPD’s social media policies which Wexler and others would note repeatedly as a model implementation.

“I wanna make about 8 kinda observations about this notion of social media, I think it’s really changing everything we think about our live and our work….and there is a real intersection between social media and cybercrime. It’s actually hard to know where one starts and one begins….”

Wexler sees social media and cybercrime intersecting in “strange ways,” which include PERF’s being targeted by Anonymous for what was interpreted by many as a coordination of the multi-city evictions which occurred across the US of Occupy camps, including New York City and Philadelphia.

Wexler says that “you will, if you haven’t already…if you haven’t been targeted by Anonymous for something that you did that’s related to your work, it’s really an interesting experience.” Wexler denies the characterization of the meeting as a “crackdown,” describing Anonymous as “twelve or thirteen year old kids living at home in their basement  that now have this enormous power,” and says the FBI notified him at 5 one day that the cyber collective was planning to access PERF’s website and attempt to download the organization’s internal emails, a prospect  which Mr. Wexler fends off with a shudder.

He discusses the risks the online environment poses to officers, especially the vulnerability to being identified and targeted for “d0x”ing (mass dissemination of personal information), fraudulent credit transactions, and other attacks (“paper terrorism”,) and the need to mitigate those risks (another officer in the Q and A session echoed this concern with more emphasis, adding that his department was working on alternate ways protect officer identity from “these hacker whiz kids” had taken officer badge numbers from media and used it to expose officers and their families,).

Wexler also notes that internet and social media have claimed victims in the form of cyber bullying and child exploitation, making it this “thing that terrifies” young people before summoning Chief Blair to the microphone.

“Where [social media] has really emerged as an effective and important law enforcement tool is in helping us manage large scale, mass public events, demonstrations, or sporting events, where we have large crowds to deal with, sometimes certain behaviors to control.”

Both Blair and Assistant Chief Liebold outline a social media strategy in lockstep with the overall trend in law enforcement toward Intelligence-led policing.

Intelligence-led policing as a generic practice is not new, however it took on new life post 9/11. The term is always introduced in the context of the World Trade Center attacks and how those attacks punctuated shortcomings in US intelligence practices. An output of the audit of the 9/11 commission was the finding that local police and federal agencies ought to increase and improve their sharing of information, and that the former were recognized as vital source of anti-terrorism intelligence

According to the Bureau of Justice Assistance:

“..effective intelligence operations can be applied equally well to terrorist threats and crimes in the community, homeland security and local crime prevention are not mutually exclusive. Officers “on the beat” are an excellent resource for gathering information on all kinds of potential threats and vulnerabilities. However, the intelligence operations of state and local law enforcement agencies often are plagued by a lack of policies, procedures, and training for gathering and assessing essential information.”

As Chief Liebold describes about the role of the police officer on social media under this philosophy moving “more from collecting evidence to collecting information” toward intelligence and operations that frequently do not involve the formal invocation of the law.

What both Blair and Leibold make clear is that they positively always make sure they are as fully engaged as possible in the sentiment of social media concerning large gatherings of people.

Chief Blair describes a November 2012 demonstration by Palestinians set to coincide with a parade celebrating the city’s CFL victory. He reports that his team monitored social media and determined through a practice called “geofencing” that the demonstration which they expected to be bringing 40 had attracted hundreds. Geofencing is a general term meaning to establish via GPS data sensors and remote communications a virtual perimeter or “fence” for a real world geographic area. It’s a basic element of the science of telematics, and can be thought of in some ways like a virtual electric fence that notifies the owner instead of shocking the pet. In this case it allowed Toronto police to assess sentiment associated with a certain topic by concentration in a specified location, the area of the expected demonstration.

A commercial application for geofencing is transportation logistics
A commercial application for geofencing is transportation logistics

Geofencing is also useful in allowing police to add a form of automation to their Internet intelligence. Software is available and used along with direct observation by analysts to extract information from large amounts of unstructured data, such as the hundreds of thousands of tweets per minute that can accompany events of wide public interest. Blair was able to focus his resources on a “parade” of the kind which often ends in flipping and burning cars while a relatively small number of officers successfully presaged a secondary incident.

Riots in Oakland after a light sentence was given to a police officer in the killing of Oscar Grant. Ray Brooks of the Northern California Regional Intelligence Center told another panel that his fusion center monitored social media for threats after the verdict was delivered.
Riots in Oakland after a light sentence was given to a police officer in the killing of Oscar Grant. Ray Brooks of the Northern California Regional Intelligence Center told another panel that his fusion center monitored social media for threats with technology including geofencing after the verdict was delivered, in anticipation of unrest.

Blair also says that the organizer of the event was very effectively using twitter and Facebook to promote it and direct congregants. He says this person was their “best intelligence officer,” as he was not only posting video and images from on scene with descriptions, but had left on his GPS and was allowing them to closely track his real time location.  Toronto PD’s intelligence on the Palestinian demonstration was enhanced by the media the organizer posted, allowing them to survey the setting and identify people from images and video. The Star has reported that Toronto Police used the Canadian Banking Association’s facial recognition software in attempting to identify suspects involved in a actions at the 2010 G20 Summit. (An intense set of photos can be found here of the property damage and clashes between protesters, called “thugs” by the mayor, and police).

The Chief says that Toronto was able to both monitor and influence the organizer such that whatever potential the demonstration had for creating conflict was defused.

Milwaukee has been able to identify positively protesters allegedly in the act of committing crimes, he reported to the panel, and in one case actually deferred immediate arrest in favor of crowd control and avoiding an appearance on the news in violent confrontation with demonstrators, and made the arrest after the “Black Bloc” action subsided (Milwaukee experienced “Black Bloc” tactics along with other cities during Occupy protests), according to Assistant Chief Liebold, who says that after assessing the situation via social media intelligence he gave the order not to arrest the subject in the act of destroying Milwaukee police property. He said that though it was contrary to his instinct that he knew it was better “not to appear on television fighting with protesters.

Liebold said Milwaukee PD used social media to deter potentially violent assembly at the Wisconsin State Fair. In 2011 his force was “caught with their pants down” in what Eugene Kane of the Milwaukee Journal Sentinel told NPR was

“an incident with young African-American kids who had attended either the fair or the midway, which is the entertainment section. And fights broke out on the fairgrounds, and the fights were between the kids themselves. But at some point, the fighting spread outside of the grounds of the fair – and at that point became a racial incident with black kids basically targeting and attacking and in some case, robbing predominantly white fairgoers”

After an investigation of social media after the fact, Liebold says that they were able to determine that the attacks were not entirely spontaneous but in fact organized through social media and facilitated by real-time posts by alleged participants. At the 2012 and 2013 Fairs, the police were able to use information from profiles built on predicted offenders in combination with traditional law enforcement crowd control tactics, like “cutting off the head, divide and conquer,” and a “14 person rule” Liebold says they developed from experience that 14 was a kind of “magic number” that could serve as a threshold to deter incitement. Milwaukee had officers on site with pictures printed of suspected participants, and made contact when they were sighted to alert them that they were being surveilled.

Liebold reports that Milwaukee has “interdicted 32 incidents” as a result of their social media strategies.

When dealing with populations that are highly responsive to social media, police departments have everything to gain from platforms like Facebook, Youtube, and Twitter.  As Blair notes, their subjects “post everything about themselves,” and he admonishes his colleagues that, despite the potential of social media to get officers and agencies in trouble and perhaps result in unfavorable legislation it is too powerful a tool as an unregulated medium to glean information and develop complex profiles for law enforcement purposes. Activists and others post everything from photos to their *political preferences all in a forum available to “open source.”

The quality of this information is not always reliable, as a report from the Philadelphia Declaration reveals.

Vulnerable populations like First Nations protesters in Canada and elsewhere who lack the access and leverage to draw mainstream media to their causes are sadly more subject to law enforcement overreach and brutality in a blackout imposed by apathy or obliviousness.

Dell Cameron reported in the Daily Dot: "What started as a peaceful protest by the Mi’kmaq First Nation in Elsipogtog, New Brunswick against a shale gas project has now spun violently out of control. After the Royal Canadian Mounted Police (RCMP) advanced on the anti-fracking protest, demonstrators clashed with police, chemical agents were deployed and at least half a dozen police vehicles were destroyed by Molotov cocktails."
Dell Cameron reported in the Daily Dot: “What started as a peaceful protest by the Mi’kmaq First Nation in Elsipogtog, New Brunswick against a shale gas project has now spun violently out of control. After the Royal Canadian Mounted Police (RCMP) advanced on the anti-fracking protest, demonstrators clashed with police, chemical agents were deployed and at least half a dozen police vehicles were destroyed by Molotov cocktails.”

*The relaxation of restrictions imposed in the Handschu agreement, in 2002 on national security grounds,  now allow the NYPD to freely conduct politically-focused intelligence-gathering from “open sources.” 

Chicago PD on Stopping Incidents Organized Through Social Media Before They Start

In the same panel where a Chicago police official shared his department’s collaboration with Facebook to block criminal posting from the social media site, that Officer claimed that the Chicago police has in fact already had success “getting in front” of activity that its surveillance of the internet predicted would be a public safety threat.

Here the Officer recounts occasions where the Chicago PD has had success “in various areas of the city getting in front of”  events, he says, “everything from the  cyber banging all the way to the flash-mob type incidents.” The officer does not reveal the specific method or application used in these operations.

He also cites other occasions where the social media surveillance “enhanced prosecution,” and that in these cases a warrant was obtained.

Boston PD’s Daniel Coleman of BRIC at #IACP on Fusion Center’s Role after the Marathon Bombing

Sergeant Detective Dan Coleman, assigned for the past four years to the Boston Regional Intelligence Center, spoke at the panel “Fusion Centers: Supporting All-Crimes and All-Hazards Missions” on Monday at IACP (David Carabin, the Director of BRIC, was slated to speak in the published schedule, no explanation was given for the change). Coleman spoke after the police chiefs were addressed by Major Christian Schulz of the ROIC fusion center in New Jersey about the Trenton fusion center’s role in facilitating first-responder operations during Hurricane Sandy. It appeared possible from Schulz’s fairly vague talk that his facility may have provided value during the storm, however they themselves seemed to still be working out exactly what that was.

Det. Coleman provided a fairly detailed narrative (though exclusive, he said, of SWAT or tactical information, as he was not SWAT and that operations continued, so it would be an inappropriate discussion)  of the scope of the Boston Marathon as a Boston Police Department law enforcement mission. He described the multi-jurisdictional layout of the course, specific preparations, instructions for officers, gave a very graphic description of the scene, and at least a very earnest *sounding account of their reflections on the tragedy (an earnest but certainly self-congratulatory post-mortem).

Despite the often colorful detail in his talk, when it came to the actual fusion center, the only explicit mention is in his description of first hearing the news at the facility of an explosion, then another (both he and Ed Davis would say in their talks at the conference that they thought it was a man-hole cover blowing as electrical problems were common in the area – Davis then said, incidentally, that “because everybody knows al-Qaeda attacks in threes, he was waiting on another explosion”), and of the immediate aftermath of the attacks, 6-12 hours, where the facility and staff “did not do much fusing,” he said it was essentially just a room they worked out of – they lost all communications, their cell phones city-wide, and then their city-issue satellite phones would not function inside the facility, and they operated on police radios alone.

He additionally addressed at length the problematic nature of a “24 second news cycle” vis-a-vis social media, a trigger-happy press, especially CNN.

He made an exception of CBS Boston’s John Miller, who “received no special information” but took instructions well.

Coleman also said several times during his talk, and then again in conclusion when addressing how their experience with the bombing effected the Boston PD’s preparation for the World Series: “You never go back to normal again.”

Photograph by Edward Keating, Mens Journal
Photograph by Edward Keating, Mens Journal

Coleman’s talk is in four parts below, I recommend leaving the audio on and going to another tab, my fingers get in front of the camera occasionally.

“…except for John Miller, who received no special information, but would allow us to set him on the right track.”

Chicago Police Department’s Facebook Graph Search To Stop “Cyber-Banging”

While it does not mention any direct work with Facebook, ReadWriteWeb’s Oct. 10 feature gave an overview of social media surveillance and response techniques and technology the Chicago Police say are helping them stop gang violence.

“The police department worked with a local sociologist to develop the social mapping strategy, that documents and predicts behaviors similar to how platforms like Facebook and Twitter track our relationships and conversations. The network analysis is like a real-life version of Facebook’s Graph Search, the social search tool that analyzes likes, connections and conversations to produce user-specific search results”

Chicago Police Use A Real-Life Graph Search To Stop Crime – ReadWrite.

Yesterday I reported that Chicago PD were working with Facebook to block users who post criminal content from the social networking site by device ID, and I posted a clip from a video I recorded at a panel of police chiefs discussing social media surveillance.


The clip posted was preceded by a depiction of Chicago’s gang culture presence on social media, which led to the officer’s introduction of the department’s work with Facebook to curb “incitement” online.

More Information on Facebook’s Ability to “Lock” Devices Permanently from Their Site, at IACP 2013

Earlier today I posted a report on discussion at a panel at the recent police chiefs conference that wrapped up in Philadelphia yesterday. In the panel a senior representative from the Chicago Police Department discussed his work with Facebook Chief Security Officer Joe Sullivan to permanently block user from the social media platform by account, Internet location, and device. I also reported that the technological means of identifying the device was not stated, however upon reviewing my record of the discussion I noted two methods mentioned: by Voice Internet Phone Network (VIPN) number , and phone PIN, Personal Identification Number.

“….So at the very least they’re probably going to have to get a new computer or a new phone, because as we all know all that information can be culled from either a VIPN number or a PIN number from a phone. It’s all documented, they can actually lock it if they want to.”

The next voice you hear is that of Chuck Wexler, the Executive Director of the Police Executive Research Forum (PERF).

Police Departments Work to Expand Capability to “Shut Down” Social Media

Police Departments worldwide are aggressively developing methods and policy to avail themselves of both the public relations and the Big Data resources of ‘social media,’ and adapting to social media platforms as environments for strategic and tactical intelligence.

“95.9 % of law enforcement agencies use social media, 86.1 % for investigative purposes,” said the head of the social media group for the International Association of Chiefs of Police on Sunday, at the organization’s 120th Annual meeting in Philadelphia. She also said that 81% report social media has successfully aided prosecutions, in a panel titled “Using Social Media as an Investigative Tool,”


Slide from Power Point Presentation, Using Social Media as an Investigative Tool
Slide from Power Point Presentation, Using Social Media as an Investigative Tool

The US law enforcement industry has been rolling out a commensurate line-up product, and this was in great evidence at the  IACP conference exposition, which occupied the entirety of the 679,000 square foot Pennsylvania Convention Center Exhibit Hall floor this past week and weekend. Booths in the massive expo hall touted everything from wearable tactical gear to Unmanned Aerial Vehicle Systems and full-sized helicopters.

From the Expo floor
From the Expo floor


Increasingly in discussion in workshops held by and for top police executives from throughout the world (mostly US, Canada, and the United Kingdom, with others like Nigeria among a total of 13,000 representatives of the law enforcement community in town for the event),  and widely available from vendors, were technologies and department policies that allow agencies to block content, users, and even devices – for example, “Geofencing” software that allows departments to block service to a specified device when the device leaves an established virtual geographic perimeter. The capability is a basic function of advanced mobile technologies like smartphones, “OnStar” type features that link drivers through GIS to central assistance centers, and automated infrastructure and other hardware including unmanned aerial systems that must “sense and respond.”

SocioSpyder, for web-mining
SocioSpyder, for web-mining


BrightPlanet, whose BlueJay software has been ubiquitous in the news as a law enforcement staple
BrightPlanet, whose BlueJay software has been ubiquitous in the news as a law enforcement staple
Surveillance Tower by FLIR, maker of NYPD's superstar SkyWatch
Surveillance Tower by FLIR, maker of NYPD’s superstar SkyWatch

Also, not yet reported in the press, a senior police officer from the Chicago PD told a panel on Monday that his department was working with Facebook’s security chief to block users’ from the site by account (person), IP, and device (he did not say if by UUID or MAC address or other means of hardware ID) if it is determined they have posted what is deemed criminal content. Facebook’s Joe Sullivan was scheduled to speak according to the original schedule for the panel “Helping Law Enforcement Respond to Mass Gatherings Spurred by Social Media,” but was unable to attend (also present: Edward Flynn, Chief of Police, Milwaukee Police Department, Milwaukee, WI; Katherine McQuay, Assistant Director, Office of Community Oriented Policing Services, U.S. Department of Justice, Washington, DC; Chuck Wexler, Executive Director, Police Executive Research Forum, Washington, DC).

Updated: In my recording of the panel I was able to locate of the portion of the discussion, it was in the question and answer portion of the discussion and I unfortunately had turned my camera off for a moment, but what is on video makes the nature of the developing arrangement with Facebook more clear. See my post