Did IBM use “Face Capture” to Surveil Boston Calling? What is “Face Capture”?

A large element of what was troubling to readers with whom I spoke about our disclosures at DigBoston was so-called “face capture” and “face tracking” software employed on live video surveillance of Boston Calling attendees at both music festivals last year.

In emailed comments published by the Boston Globe days before the most recent festival, IBM addressed reports of the technology’s use.

City of Boston Public Event Mgmt Demo handout, prepared by IBM for the City of Boston in anticipation of live implementation in May of 2013.
“City of Boston Public Event Mgmt Demo handout,” prepared by IBM for the City of Boston in anticipation of live testing in May of 2013.

Writes the Globe:

IBM did not return calls seeking comment about the demonstration, but in an e-mail, company spokeswoman Holli Haswell said neither “face capture . . . nor facial recognition” were used at the event.

Out of consideration for the privacy of the thousands of individuals whose images were captured and retained for more than year, flapping in the digital breeze, as it were, and additionally out of a desire to respect substantive security concerns, we eschewed publication of the original files. We did, however, provide exhaustive sourcing, and take back not a single line of our original work. Dan McCarthy, Editor of DigBoston, had this to say about the “Boston Trolling” series’ significance:

“The discovery of this story, and its ensuing publication in the print and online pages of DigBoston, has been a watershed mark for journalism, but not just within Greater Boston. In the weeks that followed the initial chapter, we have been approached by print publications and online news outlets, both national and international. And there’s good reason for that. The microcosm this story represents seems to have tapped into a larger encroaching sense of diminishing privacy in the new socio-cultural frontier.”

There are in fact multiple references to “face capture,” both in the preparation for and in the “Post-Mortem [sic]” of the Smart Surveillance Solution pilot at Boston Calling. (note the timestamps in the above image).

In preparation for the first festival, at least three cameras were configured with “face capture” as a Use Case.

From IBM spreadsheet "CoB Analytic Cameras."
From IBM spreadsheet “CoB Analytic Cameras.”

“Face Capture” in video surveillance is not a type of software, but a necessary element in multiple analytic profiles. It refers to exactly what it literally describes, the photographic capture of a person’s face. IBM’s denial is particularly hollow, in that it cannot only be refuted directly by its own documentation, but by a simple observation of the visual media that its employee stored unsecured on his private server.

“Face Capture” can be done on any video where a subject’s face appears in full or in a predetermined percentage in at least one frame – software can be configured to do this automatically according to certain rules determined by the programmer and operator, such as in the performance of a “Near-field People Search.” Some software, including IBM’s, can “learn” what sort of searches it should perform and deliver automated alerts when it gets a “hit.”

IBM and the City of Boston most certainly performed “face capture” at Boston Calling – whether or not they used facial recognition technology remains to be settled. Both have denied this as well, while the same IBM employee’s documentation makes note for integration of a “third-party facial recognition engine.” Boston Police denied their involvement in the program entirely, and shortly after pictures of BPD officers observing the software in live use were published by Vice’s Noisey. I’m publishing all of the “Command Center” photos with BPD in them for dramatic effect below.

DigBoston’s McCarthy also noted the attitude of acceptance of privacy encroachments in the wake of the Marathon bombings, and how revelations like those published in Dig are enabling a “sudden shift to one of justifiable skepticism. It may be one of the last weapons the Fourth Estate has in these increasingly uncertain and nervous times.”

05252013_1 05252013_2 05252013_6 05252013_10

Philly City Council Candidate Nikki Allen Poe Joins Calls to Free Imprisoned Journalist Barrett Brown

My friend Poe is running for Philadelphia City Council under issues including an end to abusive searches, weed decrim, and ridding our city of the arbitrary Philadelphia Parking Authority. I’m acting as Poe’s campaign manager.


Speaking in support of Barrett Brown’s immediate release, Poe commented:

“We are trying to Spark a Change here in Philly by ending abusive law enforcement practices and taking a common sense approach to public safety, and really agreeing that a political prisoner should not be held and subjected to successive, inflated prosecutions, as far as change goes, doesn’t seem ground-breaking. Myself being prone to self-defeating internet and public outbursts, I further sympathize with Mr. Brown and urge his immediate freedom be secured.”

Another quick word from Poe:

You can hear more from this peach of a citizen here. I’m not just his manager, I’m his Rove.

Barrett pleaded guilty today to three counts, you can read all about his case at the Free Barrett Brown website. The introductory text below is reproduced from there (I’ll be publishing a review of Barrett’s new book in two shakes, stay on your guard).

Barrett Brown is an American activist, author, and freelance writer/journalist. His work has appeared in theGuardianVanity FairHuffington PostBusinessweekTrue/SlantSkeptical Inquirer and many other outlets. He has appeared as a guest on MSNBC, Fox News and Russia Today and as an interviewee in three recent documentary films: We Are LegionFuture Radicals, and Terms and Conditions May Apply.

He is the founder of Project PM, a distributed think-tank which researches and reports on matters related to the intelligence contracting industry. More recently, he has been misrepresented in the media as a spokesperson for the hacktivist collective known as Anonymous. He’s a co-author on Flock of Dodos: Behind Modern Creationism, Intelligent Design and the Easter Bunny, and had been working on additional books, with topics such as the failures of American media punditry and the early history of Anonymous, while maintaining a blog. Previously, Barrett had served as Communications Director for Enlighten the Vote.

Although Barrett had a serious side, he was also noted for his irreverence and use of humorsatire and hyperbole, demonstrated through writings for National Lampoon and The Onion and is often described as a modern-day Hunter S. Thompson.

Having previously been raided by the FBI on March 6, 2012 and not arrested or charged, on September 12, 2012 Barrett Brown was again raided and this time arrested by the Federal Bureau of Investigation while he was online participating in a Tinychat session. He was subsequently denied bail and detained without charge and adequate medical treatment for over two weeks while in the custody of US Marshals. In the first week of October 2012, he was finally indicted on three counts. related to alleged activities or postings on popular websites such as Twitter andYouTube.

On December 4, 2012 Barrett was indicted by a federal grand jury on twelve additional counts related to data from the Stratfor breach. Despite his lack of direct involvement in the operation and stated opposition to it, he faces these charges simply for allegedly pasting a hyperlink online. On January 23rd, 2013 he was indicted a third time on two more counts, relating to the March 2012 FBI raid(s) on his apartment and his mother’s house.

Barrett has pleaded not guilty in all three cases. He is currently incarcerated while awaiting trial. At this critical time, with such a prominent internet activist facing an extremely difficult legal battle and uncertain future, he needs our unwavering help and support. We encourage you to donate to his defense, so that he may have the resources he needs to fight these charges. Your prospective contribution has significance in a wider campaign for free speech and transparency both on the internet and across the world.”

Research Hacking – Searching for Sensitive Documents on FTP; Captchas and the Google Governor

If you want to find *sensitive documents using Google search (*documents with impacting information which someone does not want revealed, more or less), I’ve found that in addition to targeting queries to search for specific domains and file types, an alternative and potent approach is to restrict your results to files residing on an ftp server. 

The rationale is that while many allow anonymous log-in and even more are indexed by Google, FTP servers are used more for uploading and downloading, storing files than viewing pages, and typically house more office-type documents (as well as software).  As limiting your searches to ftp servers also significantly restricts the overall number of results to be returned, choice keywords combined with a query that tells Google to bring back files that have “ftp://” but NOT “http://” or “https://” in the url yield a high density of relevant results. This search type is easily executed:

Screenshot - 12032013 - 08:10:35 AM

A caveat one encounters before long using this method is that eventually Google will present you with a “captcha.” Many, many websites use captchas and pretty much everyone who uses the internet has encountered one. The basic idea behind a captcha is to prevent people from using programs to send automated requests to a webserver, they are a main tool in fighting spam by thwarting bots that mine the internet for email addresses and other data, and which register for online accounts and other services en masse. The captcha presents the user with a natural language problem which they must provide an answer to.

Google is also continuously updating its code to make it difficult to exploit Google “dorks,” queries using advanced operators similar to one used above (but usually more technical and specific). Dorks are mostly geared toward penetration testers looking for web application and other vulnerabilities, but the cracker’s tools can easily be adapted for open source research.

Screenshot - 12032013 - 08:13:41 AM

Unless you are in fact a machine (sometimes you’re a machine, in which case there are solutions), this should be easily solved; however lately, instead of returning me to my search after answering the captcha, Google has been sending me back to the first search page of my query (forcing me to somewhat start the browsing process again and to encounter another captcha). I’m calling it a Google Governor, as it seems to throttle searchers’ ability to employ high-powered queries.

The good news is that the workaround is really just smart searching. One thing you’ll notice upon browsing your results is that dozens of files from the same, irrelevant site will be presented. Eliminate these by adding -inurl:”websitenameistupid.com” (which tells Google NOT exactly “websitenameistupid.com” in the url). Further restrict your results by omitting sites in foreign domains (especially useful with acronym-based keyword searches): -site:cz -site:nk.

When you find an ftp site which looks interesting, copy and past the url into a client like Filezilla for easier browsing.

To give you an idea of the sensitivity of documents that can be found: One folder was titled “[Name] PW and Signature,” which contained dozens of files with passwords as well as .crt, .pem, and .key files; another titled “admin10” contained the file “passwords.xls.” This was the site of a Department of Defense and Department of Homeland Security contractor – the document contains the log-in credentials for bank accounts, utilities, and government portals. This particular document is of more interest to the penetration tester; for our purposes it serves as a meter for the sensitivity of the gigabytes of files that accompanied it on the server. The recklessness of the uploader exposed internal details of dozens of corporations and their business with government agencies.

The hopefully sufficiently blurred "passwords.xls"
The hopefully sufficiently blurred “passwords.xls”

*As of this writing, the FTP mentioned above is no longer accessible

Blackwater GSA Schedule 84 Security Services Pricing Catalog

Screenshot - 12072013 - 07:37:51 AM

Found included in documents I’ve been posting here and those published on the Declaration, a nice reference: the Blackwater GSA Price List (General Services Administration Schedule, GS-07F-0149K) 30 August 2006. You’ll remember Blackwater or can use your Googler.

It’s an interesting read – Tier 1 a nice place to be, at over $1,000 a day.


Screenshot - 12072013 - 07:36:11 AM

Read here

First Release: Internal Documents, DHS Federal Protective Service Officers and Megacenters

Monday I published an article to the Declaration which introduced documents detailing the operations and contracting history for the Department of Homeland Security’s Federal Protective Service Philadelphia Megacenter. The following is a brief description of the DHS Megacenters, a listing of internal documents obtained via confidential source, and a first posting of what will eventually include many hundreds of records which relate to the same agencies and contractors. I am currently reviewing thousands for release, the source is currently active and still protected by the Declaration for ongoing investigations.


Federal Protective Service (FPS) Headquarters is located in Washington, D.C. Regional offices are geographically located in New York, Boston, Philadelphia, Atlanta, Denver, Chicago, San Francisco, Seattle, Fort Worth, Kansas City, and Washington, D.C. Other sites include the Far East and the Caribbean.

“The Federal Protective Service (FPS) MegaCenter monitors multiple types of alarm systems, surveillance cameras and wireless dispatch communications within federal facilities throughout the nation. Always in operation, the Center is equipped with state-of-the-art communication systems to make it a unique and vital communications link between FPS law enforcement personnel on the street and contract security guards located at various FPS-protected facilities.”

Screenshot - 12042013 - 05:38:58 AM

Primary: Covenant Security Solutions (CSS), a division of Covenant Worldwide, a Chicago IL company in the news since 2003, most recently in 2010, after scandals including tipping off employees of Covenant Aviation Security, its airport security division, working as TSA screeners at San Francisco International and Los Angeles International airports, about undercover inspections by the TSA, were reported in the San Francisco Chronicle, LA Times, and elsewhere.

CSS successfully bid on a comprehensive contract for all 4 Megacenters – Denver, CO; Battle Creek, MI; Suitland, MD. The first center built was the Suitland facility, responsible exclusively for the many Federal properties in the Washington, DC facility. The following three were completed shortly after.

Companies involved: Honeywell, Covenant, Gonzales, Excalibur, Computer Sciences Corporation, Centurion

FPS/Megacenter Documents:

These are the documents I’ve vetted for personally identifiable information, metadata, and compromising data regarding a source. This list will likely need updating as I continue to parse the documents corpus – further links will be posted here or in future publications.

A first document is embedded as an overview sample

Department of Homeland Security solicitation 

Overhead for Protective Service Officers (PSO) Philadelphia 

Gonzales Consulting Services Megacenter/PSO 

DHS-FPS-PSO Philadelphia

Comprehensive Technical Proposal, Covenant, Philadelphia Federal Protective Service

Covenant Basis of Estimation 

Subcontracting by PSO site 

DHS Request for Information

All Positions, subcontracting 

DHS FPS Megacenter FTE 

Initial Response from FEMA Regarding FOIA Request

On November 1st I submitted a Freedom of Information Act request to the Federal Emergency Management Agency for all of its records related to the Delaware Valley Intelligence Center. This morning that request was responded to by the agency – FEMA acknowledged the request and cited the present large number of FOIA requests currently in processing by all Federal agencies in alerted me to the possibility of a delayed full response. The agency also conditionally granted my request for a fee waiver as a member of the media acting in the interest of public information.  The response can be viewed below.





The Department of Defense Information Operations Condition (INFOCON) Decision Matrix

Screenshot - 11212013 - 03:36:23 PM

Employing meta-search methods for online research about which I have been tweeting and writing, I found myself in possession of a copy of the Department of Defense Information Operations Condition, or INFOCON, Decision Matrix. “INFOCON” is a threat condition like DEFCON, with numbered tiers, based on an intelligence assessment of active malware and its likelihood of disrupting connectivity/functionality.

There is much more where this came from. – K

Forensic Indexing, Metadata, and the DVIC Privacy Policy

When doing research on a subject that has some measure of obscurity by design, such as the fusion center in Philadelphia, the Delaware Valley Intelligence Center (DVIC), I often find the only way to fill in the gaps is to “data-mine” for documents. I use quotes, because data-mining strictly involves aggregating and analyzing more fragmented bits of *data, I deal more in *information, and data-mining usually applies to a much more intensive level of computation applied to a much larger corpus to be processed than I will discuss here.

You can get hands on with data mining. This is Tree-Map, I use a program called XBase. They're similar, great for browsing structured data  like xml.
You can get hands on with data mining. This is Tree-Map, I use a program called BaseX. They’re similar, great for browsing structured data like xml.

A more appropriate term would be “forensic indexing,” in that I am applying basic methods of digital forensics like metadata extraction to a general knowledge management system for large collection of documents, too large realistically to open one by one. And I’ve just made it sound more organized than it usually is.

In the case of the DVIC what this meant was using an application which automates queries to metasearch engines as well as enumerating a specified domain to find relationships and other information. I used FOCA. I saved the documents that were the result of this search in separate folders according to which domain I had chosen for the search. I collected around 1800 documents.

I then run a simple command line program called pdfgrep, I used the command pdfgrep -n -i “dvic” *.pdf to bring me a list displaying every line in every pdf file in the same directory containing the phrase “dvic,” tagged with file name, page of line, and ignoring case. One such query returned:

[filename]pg#: "text"
[filename]pg#: “text”

As you might imagine if you have followed the Declaration’s coverage, I was a bit confused. I went to the corresponding folder on my desktop and opened the file in my reader:

Screenshot - 11062013 - 05:33:45 PM

This document is titled “Nebraska Information Analysis Center,” another fusion center which it just so happens is missing a document from the fusion center association website. Where metadata plays in, and why I had missed this by manually “googling” until now, is in how FOCA searches for documents – by file name which is in the metadata of the document which gives its file path on the machine that stores it, its uri– something you can sometimes do by typing inurl:[term] into Google, but then you would have to know the exact name of the file to get relevant results. The name of this file is “Delaware-Valley-Intelligence-Center-Privacy-PolicyMar-2013.” It would have been very difficult to come up with this by educated accident.

Screenshot - 11062013 - 05:11:50 PM

So while there are still serious questions about the date gap between beginning a “cell” and submitting a policy, and concerns about a lack of full time privacy officer among others, it seems that everyone that was sure that a policy was completed and was approved by the DHS was quite correct, and I’d like to thank them for adding accurate memory to their graciously-given time to discuss the subject. It seems that a March draft was labeled somewhere in its life as the Nebraska Information Analysis Center’s policy perhaps at the National Fusion Center Associate website, where the “comprehensive” list is found, by whomever didn’t link it to the analysis center website.

This is only one elucidation among many from recent developments, the fruits of fresh approaches, and as mentioned, more documents to parse. Read the Declaration

Perl Crawler Script “fb-crawl” Lets You Automate and Organize Your Facebook Stalking

While browsing for scripts that might make my often very high-volume webmining for research less time-consuming/more automated, I came upon the following on Google Code 

fb-crawl.pl is a script that crawls/scrapes Facebook friends and adds their information to a database.
It can be used for social graph analysis and refined Facebook searching.


– Multithreaded
– Aggregates information from multiple accounts


This is very useful for social engineering and market research, and could also very easily find fans among the more unsavory Wall creepers. They don’t even have to be programming-competent, so most neck-bearded shiftless layabouts and of course Anons can do it. You only have to plug in your FB email address and  a MySQL password (you can download and click-to-install MySQL with simple prompts if you don’t have it).


Crawl your friends’ Facebook information, wall, and friends:
$ ./fb-crawl.pl -u email@address.com -i -w -f

Crawl John Smith’s Facebook information, wall, and friends:
$ ./fb-crawl.pl -u email@address.com -i -w -f -name ‘John Smith’

Crawl Facebook information for friends of friends:
$ ./fb-crawl.pl -u email@address.com -depth 1 -i

Crawl Facebook information of John Smith’s friends of friends:
$ ./fb-crawl.pl -u email@address.com -depth 1 -i -name ‘John Smith’

Extreme: Crawl friends of friends of friends of friends with 200 threads:
$ ./fb-crawl.pl -u email@address -depth 4 -t 200 -i -w -f

Users of the script can also aggregate information about relationship status by location or by school, essentially allowing stalkers to create automated queries for lists of potential victims.


Find local singles:
SELECT `user_name`, `profile` FROM `info` WHERE `current_city` = ‘My Current City, State’ AND `sex` = ‘Female’ AND `relationship` = ‘Single’

Find some Harvard singles:
SELECT `user_name`, `profile` FROM `info` WHERE `college` = ‘Harvard University’ AND `sex` = ‘Female’ AND `relationship` = ‘Single’

And if a stalker wants to make an even handier database of GPS located targets, there are plug-ins:

To load a plug-in use the -plugins option:
$ ./fb-crawl.pl -u email@address -i -plugins location2latlon.pl
This plug-in adds the user’s coordinates to the database using the Google Geocoding API.

And as no stalker want to terrorize someone age-inappropriate, they can sort by DoB as well

This plug-in convert the user’s birthday to MySQL date (YYYY-MM-DD) format.

How Police Use Social Media To Monitor, Respond to, and Prevent Mass Gatherings

I have posted several reports from a recent police chiefs conference in Philadelphia, at which revelations were made that have been reported elsewhere in the press which cite this blog. An official from the Chicago Police, whose name I omitted because I have not deciphered it from my recording, announced work between his department and Facebook to disable certain users from posting to website by a device ID. These comments were part of a short session that followed the main discussion, which was titled “Helping Law Enforcement Respond to Mass Gatherings Spurred by Social Media.”

A Facebook spokesperson contacted me via email last night and said that the company has “no special relationship”  with Chicago Police to block users and responds to all reports of violate content equally.  Facebook has updated its “fact check” page with the following item:

Fact Check

Facebook’s Law Enforcement Guidelines

October 27, 2013 11:00 a.m. PT

Content reported by law enforcement is subject to the same review applied to reports from anyone using Facebook. There is no special partnership. We evaluate these reports based on our community standards, and as always, may remove information that violates our policies.

Read more here.

The following report is posted in order to clarify stories which describe a plan to “make protesting impossible” that do not represent the context of the officer’s statement, and to provide a sober look at what we do know about how law enforcement is using Twitter, Facebook, Youtube, dating sites, forums, and the rest of the social web, from the mouths of the police who do the most with it.

After attending this panel and from my own experience covering law enforcement interaction with 1st Amendment protected demonstrations as well as more “direct action” geared assembly, I cannot imagine something law enforcement would want to do less than shut down Facebook or twitter during a protest. With notable exceptions, monitoring and influencing a group of people who self-identify for ready-made aggregation by #hashtagging their activity is a favorable arrangement for police.

Police departments have recognized how integral social media platforms like Facebook and Twitter have become in mainstream communications, and dependence on the Internet by the public to access private and government resources and information has expanded to the degree that even the smallest township department is expected to have a presence on the world wide web.

Thetford Township, Michigan, population  8,277
Thetford Township, Michigan, population 8,277

It is now familiar for a police twitter account to be a celebrity of itself, and vital public relations bulletins are now tweeted contemporaneously or prior to the issuance of traditional press advisories, as seen after the Boston Marathon bombings, when erroneous reports of an arrest on CNN’s twitter feed were corrected by the BPD’s account. As smartphones proliferate crowds the police have in turn taken to having officers on site to film the entirety of gatherings (TARU, the Technical Assistance and Response Unit, does this for the NYPD).

Screenshot from 2013-10-26 14:38:39

Law enforcement has taken to heart the real-time interaction and mobile capabilities of new technology, especially the ubiquity of smartphones and the ability for not only media organizations but participants in events to provide live video coverage of their activities to an international audience, and incorporated it into their operations to enhance more traditional practices of “spin control” and public relations, as well as finding wide application for the information resources of the web in their investigations and the crafting of policy.

Departments have used social media as a key source for strategic and tactical intelligence, and as a medium for conducting counter-intelligence operations. Chicago, Toronto, Oakland, Indianapolis, and Milwaukee are all among departments that report success in using social media in operations to surveil and even deter mass gatherings. Under certain conditions of perceived risk, special units or officers frequently undertake targeted monitoring and  “digital stakeouts,”  which can be done from anywhere with precious few necessary resources. Chief William Blair of the Toronto Department said, for example, that for every big event in his city he had 8 officers assigned to the Major Incident Unit whose sole job is to conduct social media operations.

State Police in Chicago lock batons during a confrontation at the NATO protests May 2012. Photo by Kenneth Lipp
State Police in Chicago lock batons during a confrontation at the NATO protests May 2012. Photo by Kenneth Lipp.

The close attention paid is a rational response to the feedback loop created by the real-time interaction of participants in mass gatherings with those observing the scene remotely – the potential for “flash mobs” of thousands to gather as a result of  tweets and Facebook posts is not a theoretical one, and events already drawing large crowds such as sporting events and scheduled protests can be augmented and influenced heavily by images, video, and messages posted online.

Photo by Kenneth Lipp
Denver Police flank an un-permitted march through the 16th Street Mall downtown. Photo by Kenneth Lipp
Police in Denver outside the Education Building where they interdicted a protest. Photo by Kenneth Lipp
Police in Denver outside the Education Building where they interdicted a protest. Photo by Kenneth Lipp

Philadelphia Police officer Corporal Frank Domizio presented a case study in February on how his department used practices of manipulating traditional media in concert with internet social network monitoring to successfully uproot the Occupy Philadelphia encampment at Dilworth Plaza in November of 2011. Corporal Domizio writes for the IACP:

[Captain Ray Evers, formerly commander of the PPD’s Office of Media Relations and Public Affairs] says social media was integral to the last push to clear the city’s Dilworth Plaza of Occupy Wall Street protesters so that planned construction could begin on the plaza. “We embedded a reporter with Commissioner Ramsey, which gave our efforts lots of credibility because the reports were coming from a neutral source,” Evers explains.

It was another example of combining traditional with new media, as the reporter lent an “old school” source of information while Evers and the rest of his team used social media for tactical, step-by-step information transmission. “We actually compete with news media because we’re going directly to consumers, without need for the media middleman,” Evers says. And yet, as the Dilworth operation showed, traditional media are still necessary.

The result: no incidents of police brutality were reported or recorded, as had been the case in other cities. “These days everyone has a camera, and if something had happened, it would’ve come out,” says Domizio.

There were 52 arrests at the Dilworth eviction, and while the Philadelphia media on the large part did accept that the police were comparatively gentle, the protesters themselves have indeed used words like “brutality” and “rancor and violence,” and Will Bunch of Philly Daily News noted that the press had abandoned the Occupiers.

A history of the potential for embedded reporters to be directed from unfavorable observations is available for the reader to independently research and assess.

Occupy Philadelphia eviction. Photo by Dustin Slaughter
Occupy Philadelphia eviction. Photo by Dustin Slaughter

Chiefs are working with Federal law enforcement agencies and the private sector to develop technology and best practices for local police (these partnerships are termed community-policing initiatives as part of the Department of Justice COPS office, Community Oriented Policing Services, and are often supported by the DoJ Bureau of Justice Assistance) on how to maximize social media tools to engage the public and for investigation, interdiction, and prosecution. The International Association of Chiefs of Police, which met 13,000-officers-strong in Philadelphia last weekend for networking and discussions that largely featured these policy and industry developments, operates a Center for Social Media that pools resources developed to assist law enforcement agencies who wish to implement social media into their own operations.

When Mayor Quan was spotted leaving the Capitol Hilton, the news was tweeted and her car was stopped in the middle of K Street for a full 5 minutes
When Mayor Quan was spotted leaving the Capitol Hilton by protesters demonstrating outside the US Conference of Mayors in January ’11, the news was tweeted and her car was stopped in the middle of K Street for a full 5 minutes
Protester outside the Capitol Hilton
Protester outside the Capitol Hilton
Occupy DC at McPherson Park protesters bang drums and chant for Mayor Quan of Oakland to leave the US Conference of Mayors at the Capitol Hilton, Washington, DC
Occupy DC at McPherson Park protesters bang drums and chant for Mayor Quan of Oakland to leave the US Conference of Mayors at the Capitol Hilton, Washington, DC

I’ve reported in several posts about a Chicago Police/Facebook collaboration to block criminal posting from the site by user and device. This collaboration was described by a Chicago PD official at the above-mentioned IACP conference, 2013 Conference Flyer (pdf) at the panel “Helping Law Enforcement Respond to Mass Gatherings Spurred by Social Media,” held Monday, October 21. The official, not on the schedule for the panel, spoke during the Q & A session at the behest of Chuck Wexler, the Executive Director of the Police Executive Research Forum, who led the workshop along with Chief William Blair of the Toronto Police and Assistant Chief Liebold of Milwaukee PD.


Facebook’s Chief Security Officer Joe Sullivan was originally scheduled, according to the flyer, but a Facebook spokesperson tells me that while they “haven’t yet figured out what caused” the Facebook Chief of Security to appear in the schedule, they can confirm that he was never supposed to speak at the event.

In the panel, one of dozens at the conference that highlighted the importance of social networking, cybercrime, and their intersection in “intelligence-led policing” (a close analog of “community-oriented policing”), the speakers provided an overall scope of how law enforcement uses the internet, and what about these practices is novel.

The panel description reads:

Protests and mass gatherings aren’t what they used to be. This discussion will focus on the new methods organizers and protestors are using to get the word out, and how law enforcement can sharpen their skills to ensure an even playing field.

Screenshot from 2013-10-27 08:56:51

After an introduction from Ms. Katherine McQuay, Assistant Director, Office of Community Oriented Policing Services, U.S. Department of Justice , a former journalist,  the panel began with Mr. Wexler, who first made clear that he was not an expert by any means in social media, and that he would largely defer to Assistant Chief Liebold and to Chief Blair, whose department’s policies were frequently lauded in more than one panel as a gold standard in the field.

Tactics used in Philadelphia have been reported as an adaptation to unfavorable media coverage of brutality in California and by the NYPD and resulting litigation, and it is at panels such as those held at IACP in Philadelphia where that experience is shared. Wexler’s organization PERF provides another, more elite, venue for such industry audits. Their work consulting with chiefs of police from departments whose cities held Occupy Wall Street movement encampments earned them some attention in the media in November 2012. Commissioner Ramsey of Philadelphia was among law enforcement executives facing occupations that attended and advised in these sessions, and whose cities within a month conducted evictions of those encampments. The communications were revealed in the press, and Wexler’s organization suffered from the ire of activists as well as the wrath of Anonymous, which he recalls as an introduction to the panel. There is no evidence that PERF advised any specific tactics, and in their response to the allegation issued a statement directing everyone who wishes to obtain an accurate view of PERF’s work to read a report that we released in July 2011 called “Managing Major Events: Best Practices from the Field.”

Before Wexler launches into his “observations” he takes a moment to direct the audience to the IACP’s social media resource page, which contains the NYPD’s social media policies which Wexler and others would note repeatedly as a model implementation.

“I wanna make about 8 kinda observations about this notion of social media, I think it’s really changing everything we think about our live and our work….and there is a real intersection between social media and cybercrime. It’s actually hard to know where one starts and one begins….”

Wexler sees social media and cybercrime intersecting in “strange ways,” which include PERF’s being targeted by Anonymous for what was interpreted by many as a coordination of the multi-city evictions which occurred across the US of Occupy camps, including New York City and Philadelphia.

Wexler says that “you will, if you haven’t already…if you haven’t been targeted by Anonymous for something that you did that’s related to your work, it’s really an interesting experience.” Wexler denies the characterization of the meeting as a “crackdown,” describing Anonymous as “twelve or thirteen year old kids living at home in their basement  that now have this enormous power,” and says the FBI notified him at 5 one day that the cyber collective was planning to access PERF’s website and attempt to download the organization’s internal emails, a prospect  which Mr. Wexler fends off with a shudder.

He discusses the risks the online environment poses to officers, especially the vulnerability to being identified and targeted for “d0x”ing (mass dissemination of personal information), fraudulent credit transactions, and other attacks (“paper terrorism”,) and the need to mitigate those risks (another officer in the Q and A session echoed this concern with more emphasis, adding that his department was working on alternate ways protect officer identity from “these hacker whiz kids” had taken officer badge numbers from media and used it to expose officers and their families,).

Wexler also notes that internet and social media have claimed victims in the form of cyber bullying and child exploitation, making it this “thing that terrifies” young people before summoning Chief Blair to the microphone.

“Where [social media] has really emerged as an effective and important law enforcement tool is in helping us manage large scale, mass public events, demonstrations, or sporting events, where we have large crowds to deal with, sometimes certain behaviors to control.”

Both Blair and Assistant Chief Liebold outline a social media strategy in lockstep with the overall trend in law enforcement toward Intelligence-led policing.

Intelligence-led policing as a generic practice is not new, however it took on new life post 9/11. The term is always introduced in the context of the World Trade Center attacks and how those attacks punctuated shortcomings in US intelligence practices. An output of the audit of the 9/11 commission was the finding that local police and federal agencies ought to increase and improve their sharing of information, and that the former were recognized as vital source of anti-terrorism intelligence

According to the Bureau of Justice Assistance:

“..effective intelligence operations can be applied equally well to terrorist threats and crimes in the community, homeland security and local crime prevention are not mutually exclusive. Officers “on the beat” are an excellent resource for gathering information on all kinds of potential threats and vulnerabilities. However, the intelligence operations of state and local law enforcement agencies often are plagued by a lack of policies, procedures, and training for gathering and assessing essential information.”

As Chief Liebold describes about the role of the police officer on social media under this philosophy moving “more from collecting evidence to collecting information” toward intelligence and operations that frequently do not involve the formal invocation of the law.

What both Blair and Leibold make clear is that they positively always make sure they are as fully engaged as possible in the sentiment of social media concerning large gatherings of people.

Chief Blair describes a November 2012 demonstration by Palestinians set to coincide with a parade celebrating the city’s CFL victory. He reports that his team monitored social media and determined through a practice called “geofencing” that the demonstration which they expected to be bringing 40 had attracted hundreds. Geofencing is a general term meaning to establish via GPS data sensors and remote communications a virtual perimeter or “fence” for a real world geographic area. It’s a basic element of the science of telematics, and can be thought of in some ways like a virtual electric fence that notifies the owner instead of shocking the pet. In this case it allowed Toronto police to assess sentiment associated with a certain topic by concentration in a specified location, the area of the expected demonstration.

A commercial application for geofencing is transportation logistics
A commercial application for geofencing is transportation logistics

Geofencing is also useful in allowing police to add a form of automation to their Internet intelligence. Software is available and used along with direct observation by analysts to extract information from large amounts of unstructured data, such as the hundreds of thousands of tweets per minute that can accompany events of wide public interest. Blair was able to focus his resources on a “parade” of the kind which often ends in flipping and burning cars while a relatively small number of officers successfully presaged a secondary incident.

Riots in Oakland after a light sentence was given to a police officer in the killing of Oscar Grant. Ray Brooks of the Northern California Regional Intelligence Center told another panel that his fusion center monitored social media for threats after the verdict was delivered.
Riots in Oakland after a light sentence was given to a police officer in the killing of Oscar Grant. Ray Brooks of the Northern California Regional Intelligence Center told another panel that his fusion center monitored social media for threats with technology including geofencing after the verdict was delivered, in anticipation of unrest.

Blair also says that the organizer of the event was very effectively using twitter and Facebook to promote it and direct congregants. He says this person was their “best intelligence officer,” as he was not only posting video and images from on scene with descriptions, but had left on his GPS and was allowing them to closely track his real time location.  Toronto PD’s intelligence on the Palestinian demonstration was enhanced by the media the organizer posted, allowing them to survey the setting and identify people from images and video. The Star has reported that Toronto Police used the Canadian Banking Association’s facial recognition software in attempting to identify suspects involved in a actions at the 2010 G20 Summit. (An intense set of photos can be found here of the property damage and clashes between protesters, called “thugs” by the mayor, and police).

The Chief says that Toronto was able to both monitor and influence the organizer such that whatever potential the demonstration had for creating conflict was defused.

Milwaukee has been able to identify positively protesters allegedly in the act of committing crimes, he reported to the panel, and in one case actually deferred immediate arrest in favor of crowd control and avoiding an appearance on the news in violent confrontation with demonstrators, and made the arrest after the “Black Bloc” action subsided (Milwaukee experienced “Black Bloc” tactics along with other cities during Occupy protests), according to Assistant Chief Liebold, who says that after assessing the situation via social media intelligence he gave the order not to arrest the subject in the act of destroying Milwaukee police property. He said that though it was contrary to his instinct that he knew it was better “not to appear on television fighting with protesters.

Liebold said Milwaukee PD used social media to deter potentially violent assembly at the Wisconsin State Fair. In 2011 his force was “caught with their pants down” in what Eugene Kane of the Milwaukee Journal Sentinel told NPR was

“an incident with young African-American kids who had attended either the fair or the midway, which is the entertainment section. And fights broke out on the fairgrounds, and the fights were between the kids themselves. But at some point, the fighting spread outside of the grounds of the fair – and at that point became a racial incident with black kids basically targeting and attacking and in some case, robbing predominantly white fairgoers”

After an investigation of social media after the fact, Liebold says that they were able to determine that the attacks were not entirely spontaneous but in fact organized through social media and facilitated by real-time posts by alleged participants. At the 2012 and 2013 Fairs, the police were able to use information from profiles built on predicted offenders in combination with traditional law enforcement crowd control tactics, like “cutting off the head, divide and conquer,” and a “14 person rule” Liebold says they developed from experience that 14 was a kind of “magic number” that could serve as a threshold to deter incitement. Milwaukee had officers on site with pictures printed of suspected participants, and made contact when they were sighted to alert them that they were being surveilled.

Liebold reports that Milwaukee has “interdicted 32 incidents” as a result of their social media strategies.

When dealing with populations that are highly responsive to social media, police departments have everything to gain from platforms like Facebook, Youtube, and Twitter.  As Blair notes, their subjects “post everything about themselves,” and he admonishes his colleagues that, despite the potential of social media to get officers and agencies in trouble and perhaps result in unfavorable legislation it is too powerful a tool as an unregulated medium to glean information and develop complex profiles for law enforcement purposes. Activists and others post everything from photos to their *political preferences all in a forum available to “open source.”

The quality of this information is not always reliable, as a report from the Philadelphia Declaration reveals.

Vulnerable populations like First Nations protesters in Canada and elsewhere who lack the access and leverage to draw mainstream media to their causes are sadly more subject to law enforcement overreach and brutality in a blackout imposed by apathy or obliviousness.

Dell Cameron reported in the Daily Dot: "What started as a peaceful protest by the Mi’kmaq First Nation in Elsipogtog, New Brunswick against a shale gas project has now spun violently out of control. After the Royal Canadian Mounted Police (RCMP) advanced on the anti-fracking protest, demonstrators clashed with police, chemical agents were deployed and at least half a dozen police vehicles were destroyed by Molotov cocktails."
Dell Cameron reported in the Daily Dot: “What started as a peaceful protest by the Mi’kmaq First Nation in Elsipogtog, New Brunswick against a shale gas project has now spun violently out of control. After the Royal Canadian Mounted Police (RCMP) advanced on the anti-fracking protest, demonstrators clashed with police, chemical agents were deployed and at least half a dozen police vehicles were destroyed by Molotov cocktails.”

*The relaxation of restrictions imposed in the Handschu agreement, in 2002 on national security grounds,  now allow the NYPD to freely conduct politically-focused intelligence-gathering from “open sources.” 

Chicago PD on Stopping Incidents Organized Through Social Media Before They Start

In the same panel where a Chicago police official shared his department’s collaboration with Facebook to block criminal posting from the social media site, that Officer claimed that the Chicago police has in fact already had success “getting in front” of activity that its surveillance of the internet predicted would be a public safety threat.

Here the Officer recounts occasions where the Chicago PD has had success “in various areas of the city getting in front of”  events, he says, “everything from the  cyber banging all the way to the flash-mob type incidents.” The officer does not reveal the specific method or application used in these operations.

He also cites other occasions where the social media surveillance “enhanced prosecution,” and that in these cases a warrant was obtained.

Police Departments Work to Expand Capability to “Shut Down” Social Media

Police Departments worldwide are aggressively developing methods and policy to avail themselves of both the public relations and the Big Data resources of ‘social media,’ and adapting to social media platforms as environments for strategic and tactical intelligence.

“95.9 % of law enforcement agencies use social media, 86.1 % for investigative purposes,” said the head of the social media group for the International Association of Chiefs of Police on Sunday, at the organization’s 120th Annual meeting in Philadelphia. She also said that 81% report social media has successfully aided prosecutions, in a panel titled “Using Social Media as an Investigative Tool,”


Slide from Power Point Presentation, Using Social Media as an Investigative Tool
Slide from Power Point Presentation, Using Social Media as an Investigative Tool

The US law enforcement industry has been rolling out a commensurate line-up product, and this was in great evidence at the  IACP conference exposition, which occupied the entirety of the 679,000 square foot Pennsylvania Convention Center Exhibit Hall floor this past week and weekend. Booths in the massive expo hall touted everything from wearable tactical gear to Unmanned Aerial Vehicle Systems and full-sized helicopters.

From the Expo floor
From the Expo floor


Increasingly in discussion in workshops held by and for top police executives from throughout the world (mostly US, Canada, and the United Kingdom, with others like Nigeria among a total of 13,000 representatives of the law enforcement community in town for the event),  and widely available from vendors, were technologies and department policies that allow agencies to block content, users, and even devices – for example, “Geofencing” software that allows departments to block service to a specified device when the device leaves an established virtual geographic perimeter. The capability is a basic function of advanced mobile technologies like smartphones, “OnStar” type features that link drivers through GIS to central assistance centers, and automated infrastructure and other hardware including unmanned aerial systems that must “sense and respond.”

SocioSpyder, for web-mining
SocioSpyder, for web-mining


BrightPlanet, whose BlueJay software has been ubiquitous in the news as a law enforcement staple
BrightPlanet, whose BlueJay software has been ubiquitous in the news as a law enforcement staple
Surveillance Tower by FLIR, maker of NYPD's superstar SkyWatch
Surveillance Tower by FLIR, maker of NYPD’s superstar SkyWatch

Also, not yet reported in the press, a senior police officer from the Chicago PD told a panel on Monday that his department was working with Facebook’s security chief to block users’ from the site by account (person), IP, and device (he did not say if by UUID or MAC address or other means of hardware ID) if it is determined they have posted what is deemed criminal content. Facebook’s Joe Sullivan was scheduled to speak according to the original schedule for the panel “Helping Law Enforcement Respond to Mass Gatherings Spurred by Social Media,” but was unable to attend (also present: Edward Flynn, Chief of Police, Milwaukee Police Department, Milwaukee, WI; Katherine McQuay, Assistant Director, Office of Community Oriented Policing Services, U.S. Department of Justice, Washington, DC; Chuck Wexler, Executive Director, Police Executive Research Forum, Washington, DC).

Updated: In my recording of the panel I was able to locate of the portion of the discussion, it was in the question and answer portion of the discussion and I unfortunately had turned my camera off for a moment, but what is on video makes the nature of the developing arrangement with Facebook more clear. See my post

FBI’s “Next Generation” Facial Recognition Software can be Wrong 1 out of 5 Times


The FBI’s “Next Generation Identification (NGI)” project, currently under development, will be the largest biometric database in the world when complete. The records available for cross-reference through NGI will include various biometric markers used in criminal investigation and identification, including long-archived fingerprints, “DNA profiles,voice identification profiles, palm prints, and photographs.” The system will be equipped with facial recognition software to analyze images captured and retained by cameras connected to the database.


The majority of information publicly available about NGI is so thanks to a FOIA request and subsequent lawsuit filed by the Electronic Privacy Information Center, (EPIC).

In 2012, EPIC filed two Freedom of Information Act (FOIA) requests for documents related to the FBI’s NGI system. One request sought technical specifications related to the roll out of the NGI system. The other sought contracts between the FBI and the private entities developing the system. The FBI did not promptly comply with the law’s requirements and has so far failed to give EPIC any responsive documents. After the agency failed to comply with the Freedom of Information Act, EPIC filed a lawsuit in federal district court.

The documents obtained by EPIC are available on their website, where they describe more fully the breadth not only of content the new system will curate, but the wide scope of public and private entities who will have access to the database’s very sensitive information:

The NGI database will be used for both law enforcement and non-law enforcement purposes. It will be available to law enforcement agencies at the local, state, and federal level. But it will also be available to private entities, unrelated to a law enforcement agency.

Using facial recognition on images of crowds, NGI will enable the identification of individuals in public settings, whether or not the police have made the necessary legal showing to compel the disclosure of identification documents. The New York City Police Department began scanning irises of arrestees in 2010; these sorts of records will be entered into NGI. The Mobile Offender Recognition and Information System (“MORIS”), a handheld device, allows officers patrolling the streets to scan the irises and faces of individuals and match them against biometric databases. Similarly, children in some school districts are now required to provide biometric identifiers, such as palm prints, and are also subject to vein recognition scans. Clear, a private company offering identity services based on biometric identifiers, attempted to sell the biometric database of its users after its parent company, Verified Identity Pass, declared bankruptcy. The transfer of the biometric database was blocked by a federal district court judge.

While biometrics is a fairly new term in public conversation, its standardized use by law enforcement is nearly a century old – the term describes all identification methods which assign a system of measurements (a *metric) to features of the human body, with the ultimate goal of providing unique markers that can be assigned and attributed exclusively to one person (markers which that person would be unable to themselves corrupt or exchange), and includes fingerprints.

What is truly new and at the core of the problem with current application of biometric technology is the AMOUNT of data being collected and retained, the necessary AUTOMATION to realistically process/analyze it, and the INTEGRATION of the information into a form and location which is accessible to an unprecedented multitude of public and private security and intelligence interests, many of whom are subject to zero public oversight.

risc1 (1)

Fingerprints long collected and now part of IAFIS, the FBI *Integrated Automated Fingerprint Identification System  will now be combined with DNA, images, voice recordings, iris scan data, palm prints – terabytes upon terabytes of data which must be sifted and gleaned for information which can be used in the primary business of threat intelligence machinery – producing reports for policy makers and risk assessments, *alerts for law enforcement and private security. Upon encountering law enforcement (people of color especially) might be immediately submitted to the system, in the process undoubtedly having further information obtained from them in the form of fingerprints (and in many cases of late, DNA by default) – which can then remain in the system, available to the security market at-large, indefinitely.

*(responds to requests 24 hours a day, 365 days a year with automated fingerprint search capabilities, latent search capability, electronic image storage, and electronic exchange of fingerprints and responses. ….Not only fingerprints, but corresponding criminal histories; mug shots; scars and tattoo photos; physical characteristics like height, weight, and hair and eye color; and aliases. The system also includes civil fingerprints, mostly of individuals who have served or are serving in the U.S. military or have been or are employed by the federal government. The fingerprints and criminal history information are submitted voluntarily by state, local, and federal law enforcement agencies)


This deluge of data cannot be analyzed manually to timely effect, by a long shot, and so increasingly law enforcement ID systems include softwares with higher and higher levels of automation. Often systems are upgraded using only existing hardware – already installed cameras, for instance, were networked through the Trapwire software to provide automated threat response intelligence to the agency clients of the software’s developer. These systems, many of which attempt to provide agencies with “predictive policing” capabilities, have an abysmal track record. The National Journal reports, also from documents obtained by EPIC, that the standards set for the Next Generation Identification system’s facial recognition software’s accuracy, are disturbing at, well, face-value:

A 2010 report recently made public by the Electronic Privacy Information Center through a Freedom of Information Act request states that the facial-recognition technology “shall return an incorrect candidate a maximum of 20% of the time.”

When the technology is used against a searchable repository, it “shall return the correct candidate a minimum of 85% of the time.”

via FBI’s Facial Recognition Software Could Fail 20 Percent of the Time – NationalJournal.com.

80% might be overshooting, it seems, as additional EPIC reporting shows that Virginia Beach has a facial recognition  system currently in operation that has never produced a match or arrest since its installation in 2002. And Boston’s Logan Airport ran two separate facial recognition system tests at its security checkpoints using volunteers posing as terrorists over a three-month period and posted disappointing results. Throughout the testing period, the systems correctly identified the volunteers 153 times. However, they failed to identify the volunteers 96 times, a success rate of only 61.4 percent.

Sheriff of MN County with the Largest US Somalian Population Worried They’ll Aid Al-Shabab

Hennepin County contains Minneapolis, where  a man was convicted earlier this year for lying to a grand jury when he testified he didn’t know two men who had returned to Somalia to join al-Shabab.

Supporters of two Somali women scheduled to be sentenced for helping a terrorist group gather outside the Hennepin County Government Center on Thursday, May 16, 2013, in Minneapolis. Nine people being sentenced this week in the government's long-running investigations into terror recruiting and financing, including Adarus Abdulle Ali. (MPR Photo/Brandt Williams)
Supporters of two Somali women scheduled to be sentenced for helping a terrorist group gather outside the Hennepin County Government Center on Thursday, May 16, 2013, in Minneapolis. Nine people being sentenced this week in the government’s long-running investigations into terror recruiting and financing, including Adarus Abdulle Ali. (MPR Photo/Brandt Williams)

In the wake of the Westgate attacks, Hennepin County’s sheriff is worried about his jurisdiction’s large Somali population, as he told the House Homeland Security Committee yesterday.

Sheriff of Hennepin County testifying at the House Homeland Security Committee
Sheriff of Hennepin County testifying at the House Homeland Security Committee

The sheriff of the county with the largest Somali population in the United States called for federal support to counter recruitment by the Somalia-based terrorist group al Shabaab during a House hearing Oct. 9.

Sheriff Richard Stanek of Hennepin County, Minn., told the House Homeland Security Committee that the sheriff’s office would benefit from access to classified federal databases. “This will allow us to connect the dots in real time between local law enforcement sensitive information and classified data,” he said.

He also requested that county officers who serve on the FBI’s Minneapolis Joint Terrorism Task Force be allowed to maintain their security clearances when they return to the sheriff’s office. (excerpt from: Concern over al Shabaab recruiting in the United States )

And here’s a video of Hennepin County’s first Somali deputy.