The United States of America establishes protocols for the use of facial recognition systems

Face recognitionFacial recognition technology has become one the most developed over recent years that most clearly support policing tasks. However, when they are adopted, many factors must be borne in mind, both from a legal point of view (mainly because of privacy-related issues when taking, storing and processing images), and the technical point of view (the precision of the identification and the security of systems that use them, among others). The Department of Justice of the USA has elaborated and provided its police force with a model in order to apply these systems, especially focused on privacy-related questions.

One of the reasons is that the shortcomings in the development and implantation of these systems, and the malfunctions in its use may imply highly potential risks, both in the area of civil responsibility and negative perceptions on the part of the public. Moreover, given that US regulations applicable to these situations are disperse and complicated, the Department of Justice wants privacy-related risks to be reduced, as well as establishing minimum and common elements about areas such as the training and preparation of its users, and the supervision and responsibility of the entities.

The document includes a first introductory section with a review of facial recognition technology, the use of the document and a list of resources (both relevant to technical questions and legal aspects and other complementary resources). The main part of the document is a model with which agencies and entities wishing to apply this system or facial recognition programme have all their needs met in foreseeable cases. In some cases the content will simply need to be copied along with the adding of the names of the reference entities, and in others the model gathers a range of potential cases so that entities or agencies can choose the one that best suits their circumstances, needs or the system that they want to use.

The sections chosen refer to questions of motivation, regulations, the use of systems and some information obtained by using it, information processing, responsibility and training for users.

The document is available on the following link:

https://www.bja.gov/Publications/Face-Recognition-Policy-Development-Template-508-compliant.pdf.

_____

Aquest apunt en català / Esta entrada en español / Post en français

 

 

Predvol, the tool the French police force use to predict areas where there is a risk of vehicles being stolen, improves police operations

In 2015, the General Administration of Data Team (AGD) within the interministérielle du numérique et du système d’information et de communication de l’État (DINSIC),[1] developed, in collaboration with the Service of Technologies and Interior Security Information Systems (ST(SI),2 a model to predict vehicle-related robberies. This collaboration has facilitated the Predvol, a tool to help with police decision-making to predict the risk of theft on a daily basis, presents a record of thefts and a classification of neighbourhoods in accordance with the type of offences that take place there.


Predvol has been optimised to be used with a touch screen and has been implemented in the French department of Oise (in the north of the country), which is especially prone to vehicle theft. More specifically, the gendarmes have applied it as a decision-making tool and have tested it in the city of Compiègne (one of the main cities of Oise) as of May 2016. Moreover, the anti-crime squad of the department’s public security board of the national police tested it in the city of Beauvais, the department’s capital.

This programme is a predictive tool[2] that uses a large number of variables and algorithms that enable the police to decide which variables are the best predictors to anticipate car theft.

After experimenting for six months, one of the conclusions has been that the attention of the operating systems focused more on visualising the crimes committed rather than the prediction of theft on a daily basis. Hence, the predictions were very effective, but only served to confirm high-risk areas that are already known to the system; on the other hand, the simple representation of incidents on a map implied improvements in the daily service. This realisation facilitated the introduction of improvements in the visualisation of offences. The visualisation of offences from the moment a report is filed enables the police to gather quality data and provide better results in police work.

For further information: https://agd.data.gouv.fr/2018/01/12/predire-les-vols-de-voitures/.

[1] The DINSIC is answerable to the prime minister within the French public administration and is in charge of coordinating the actions of administrations in terms of information. http://www.modernisation.gouv.fr/mots-cle/dinsic; https://lannuaire.service-public.fr/gouvernement/administration-centrale-ou-ministere_194230

[2] Other predictive models: “logistic regression”, “random method”, XGBoost, Boosting, PredPol (predictive policing), evolutionary heat mapping…

_____

Aquest apunt en català / Esta entrada en español / Post en français

 

The pirate of hotel rooms

Today we introduce a new post to the blog. We tell a singular story that we think may help us to think about some aspects of security and which may be a source of learning.

In 2012, the security analyst Cody Brocious, discovered a vulnerability which affected the electric handles manufactured by the Onity brand (installed in doors in many hotels all over the world) and created a little portable device which was able to open 10 million hotel doors.

The discovery, apart from the company being informed, was communicated in specialised forums for hackers and computer security and in some media (like the journalist Andy Greenberg of Forbes magazine) echoed this. Despite some disclosures and the fact that on internet different devices were replicated (increasingly small ones) that were able to take advantage of this vulnerability, the company was slow to respond and many hotels did not want to change the handles which were no longer secure.

Aaron Cashatt, a youngster from Arizona, with drug-related problems, a brief criminal background and knowledge of computers and electronics saw a television programme which explained the system used to pirate the door handles to hotel rooms. In the summer of 2012, with an investment of 50 dollars, he was able to copy the device and he tried it out in a hotel from which he stole a few towels. Seeing how effective it was, he began to perfect his break-ins, with an increase in the value of the objects stolen (first televisions and room fittings and later the belongings of the hotel guests) as he perfected the tool that gained him entry to rooms without leaving a trace. For over a year, Arizona’s police authorities and those of other states like Ohio and California were trying to track down a ghost that was entering hotel rooms without leaving a trace. And in spite of being arrested and imprisoned for a short time for previous crimes, it was not until the summer of 2013 that they were able to relate him with the almost 100 crimes that had been committed during that time and he was finally arrested, sentenced and imprisoned for the hotel robberies.

Greenberg, published Cashutt’s story in the magazine Wired in the summer of 2017 and, despite a lack of computer knowledge he was able to copy the device conceived by Brocious. He tried to use the device in four different hotels (he stayed in the rooms that he was trying to gain entry to in order to avoid committing an offence) and, surprisingly, five years after the vulnerability involved was made public, the device worked in one of the rooms.

This story enables us to reflect on the following aspects as well as others:

  • The many actors responsible for security (in this case the police, hotels, handle manufacturers … and hackers who discover vulnerability)
  • The importance of taking measures once vulnerabilities are detected. Cashatt spent a year exploiting the vulnerability detected by Brocious … and Greenberg showed that five years later this still involved a risk for establishments that had not changed or updated their handles.
  • The need to follow security-related information. Although this had been communicated publicly and had been published by the media, police forces did not discover Cashatt’s modus operandi until he was arrested and they found the devices he was using to enter the rooms.

_____

Aquest apunt en català / Esta entrada en español / Post en français

Assessment of predictive policing: the case of Baden Württemberg (Germany). There are still many shady areas

The increase in burglaries in recent years in Germany has led to, among other measures, resorting to methods to predict crime (“predictive policing”) which enables forces to predict in what contexts there is a risk of such crimes in order to be able to take the necessary preventive measures to avert it being perpetrated. First Bavaria and, more recently, Baden Württemberg began to use PRECOBS[1] software produced by the Institute of Prognosis Techniques based on samples[2] and previously experimented with in Switzerland. This software is based on the idea that certain crimes (burglaries, in this case), committed in certain circumstances tend to be repeated in the same areas the following days. The success of the robbery will lead the perpetrators to regard this context as favourable for their purposes and will repeat such an action a few days later. If these crimes are identified and the police force takes the necessary measures the repetition of such crimes could be prevented.

Despite the enthusiasm these methodologies have stirred in the world of the police, there are no empirical studies which prove their efficacy beyond doubt. It is for this reason that those responsible for the pilot project “Predictive Policing P4”, initiated in Baden Württemberg on 30 October 2015 asked the Institut Max-Planck[3] for an assessment of the application of the project. The results of the assessment, carried out between the month of November 2015 and April 2016 in the police regions of Kasrlsruhe and Stuttgart, have just been published, according to the latest edition of the magazine PolizeiNewsletter[4]. The report[5] explains that during the six-month assessment period there were 183 alarms (practically all of them in urban areas, and rarely in rural areas). The police used this to take a range of preventive measures to avert the repetition of such crimes in areas near the location of these. These results were different in accordance with the areas. In some areas crime was reduced (Stuttgart) whereas in others the effect could not be perceived (Karlsruhe).

The study included an on-line survey involving 700 police officers who were related, in one way or another, with the experiment, where they were asked about their utility. The results were varied in accordance with the police structure within which they worked. In this case, 65% of the higher level members made a positive assessment of the method, at an executive and intermediate scale this stood at 57%, whereas at a basic scale only 46% regarded it as useful. Curiously, the highest percentage of professionals in favour of continuing with the experiment (62%) was in Karlsruhe, where the effect seemed open to question, whereas in Stuttgart, with a drop in burglaries during this period, only 41% were in favour.

[1] Vid. https://blog.pilpul.me/2014/08/precobs-einbrueche-und-near-repeats/

[2]Vid. http://www.ifmpt.de/

[3]Vid. https://www.mpg.de/en

[4]Vid. http://www.polizei-newsletter.de/newsletter_german.php?N_NUMBER=214&N_YEAR=2018 (it also has versions in Spanish, French and English)

[5]Vid. https://www.mpicc.de/files/pdf4/rib_50_gerstner_2017.pdf

_____

Aquest apunt en català / Esta entrada en español / Post en français

 

The European Public Prosecutor comes into being

It is known that one of the objectives of the European Union is the creation of an area of freedom, security and justice. The latest step, until now, to achieve this has been made by the Council of the European Union with the passing of Regulation (UE)2017/1939[1] of the Council, on 12 October 2017, which establishes reinforced cooperation for the creation of the European Public Prosecutor. This has been done by abiding by the Treaty on the functioning of the European Union (TFUE) which establishes judicial cooperation in penal terms and keeping to the proposal of the European Commission and to the approval of the European Parliament.[2]

In accordance with article 86 of the TFUE, the European Prosecutor must be created based on Eurojust. This means that regulation 2017/1939 has to establish a close relationship between both based on cooperation.

The area of material competences of the European Prosecutor is limited to penal offences that damage the financial interests of the Union in accordance with what the TFUE has at its disposal. This way, the functions of the European Prosecutor must be to investigate, process and take to trial those who have committed offences against the financial interests of the Union such as crimes which have an indissoluble link to them.

Therefore, abiding by the principle of subsidiarity, offences that damage the financial interests of the Union, because of their dimension and effects, could be combatted more effectively at Union level. And concerning the principle of loyal cooperation, both the European Prosecutor and the competent national authorities must help each other and inform each other with the aim of effectively fighting against offences included in the field of competence of the European Prosecutor.

The regulation predicts that the European Prosecutor will elaborate and publish an annual report of its general activities that will, at the very least, include statistical data of the work of the European Public Prosecutor.

The Prosecutor must be inseparable from the Union, which works as a sole organism. Furthermore, with the aim of guaranteeing the coherences of actions by the European Prosecutor and, therefore, an equivalent protection of the financial interests of the Union, the organisational structure and the process of internal decision-making of the European Prosecutor, the central office must be allowed to control, direct and supervise all investigations initiated by delegate European prosecutors and the penal processes they intervene in.

The General European Prosecutor exercises its functions as head of the European Prosecution and will take on responsibilities before the European Parliament, the Council and the Commission. At a decentralised level, there will be delegate European prosecutors, established within the member states.

The regulation requires that the European Public Prosecutor must respect, in particular, the right to an impartial trial, the rights of defence and the presumption of innocence, enshrined in articles 47 and 48 of the charter.

The activities of the European Public Prosecutor are carried out in complete accordance with the rights of suspects and the accused enshrined in the charter, including the right to an impartial trail and the right of defence.

Likewise, a coherent and homogeneous application of norms protecting fundamental rights and freedoms in relation to the treatment of personal data throughout the Union must be guaranteed.

The Public Prosecutor must be able to access any information affecting its competence stored in the databases and records of the institutions, organs and organisms of the Union.

[1] Directive (UE) 2017/1371 of the European Parliament and the Council, of 5 July 2017, linked to the fight against fraud that affects the financial interests of the Union via penal law.

[2] Passed 5 October 2017

_____

Aquest apunt en català / Esta entrada en español / Post en français

Is it necessary to wait for the perfection of autonomous cars before authorising them?

One technological advance which may most affect our daily life in the near or not-so-near future is that of autonomous vehicles, those which circulate without anyone steering or controlling them. At this moment, apart from technical issues, public debate about these vehicles involves safety, a key factor related to the authorisation by public administration to be able to circulate.

Nidhi Kalra and David G. Groves, Rand Corporation researchers have published research that analyses 500 different scenarios assessing the introduction, adoption and improvement of autonomous vehicles, in order to respond to the following questions:

  • How safe do these vehicles have to be before they can be authorised for public use?
  • Under what conditions can lives be saved by each of the policies in the short and long term and how many are saved?
  • What do the tests suggest about conditions that generate minor costs while waiting for significant improvements prior to their implementation?
  • What does this imply for policies that direct the introduction of autonomous vehicles to their use by consumers?

The model that they have designed to carry out the analysis compares the accident rate and deaths that would be caused if autonomous vehicles were authorised to circulate when it has been confirmed that these improve by an average of 10% the accident rate connected to human-driven vehicles or if it is expected that this improvement is between 75 and 90%.

The conclusion they come to is that it would be necessary to authorise the circulation of autonomous vehicles once the average of safe driving by humans has been improved by 10%. The main reason would be to save human lives (hundreds or thousands in the short term and thousands in the long term) which would transpire for two reasons. The first reason would be that once autonomous vehicles, on average, acquire a safety level higher than that of human driving its authorisation would reduce accident rates. Even if this reduction were small, the time that has passed between the level of acceptable safety and the ideal level of safety, would accumulate a number of human lives saved. The second reason is that the authorisation of these vehicles would encourage their use, and considerably increase the data available for analysis. This way, the evolution of autonomous driving would speed up and levels of safety of over 75 or 90% better than those involving human driving would be reached before.

Source: Kalra, Nidhi; Groves, David G. The enemy of Good. Estimating the Cost of Waiting for Nearly perfect Automated Vehicles. Rand Corporation

https://www.rand.org/pubs/research_reports/RR2150.html

_____

Aquest apunt en català / Esta entrada en español / Post en français

Data related to ambulances, an excellent complement to those of the police

Situations related to crises and shortages often involve a greater and better use of available resources. On this premise, British investigators have studied whether the police could find additional information and reduce the sombre figure related to some crimes based on the data generated by another public service, ambulances.

According to police records, violent crime against people increased in England and Wales by 19% between 2015 and 2016. This figure could be influenced by the improvement in the system aimed at gathering data, as the data from the police survey show an increase of 4%, which is not regarded to be statistically significant[1].

Furthermore, the police forces of England and Wales have been affected by important cutbacks in their budgets. In this context, and with the philosophy of doing more with less, West Midlands police force and the European section of Rand Corporation managed to acquire a research grant for police-related innovation to study whether they could use data gathered by ambulances to monitor assaults and whether they could take advantage to develop plans to prevent violence.

The data of ER services has been analysed when related to violence in the cities of Birmingham, Coventry and Wolverhampton during the 2012-2015 period, as have police data from these cities during the same time period.

The main result they have achieved has been the successful implementation of a system which has improved the way in which data is shared between the ambulance service and West Midlands police. Moreover, the comparison between the data from both sources has led to detect that:

  • Data gathered by ambulances provides substantial information about acts of violence. Over 66% of incidents recorded by ambulances were not recorded by the police.
  • In the West Midlands there are an average of 16 calls daily for ambulances due to acts of violence, and this implies a large amount of data that is not usually recorded by the police.
  • A part of the data related to ambulances is gathered automatically, like locating each call. This means that this could be worked on and shared without any additional work.
  • The police do not record all acts of violence they intervene in. This explains the fact that that only 34% of ambulances with police records have been successfully recorded, whereas 55% of calls to ambulances are made by police officers.

Although the results may seem promising, investigators stress that the effectiveness of ambulance data remains to be proven where the prevention of violence is concerned, and suggest opening the debate up to the national context and gain an insight into the exchange of data related to incidents in which ambulances and the police force have been involved. Moreover, they propose lines of future investigation, even linked to investigation.

In June 2016, we included another similar initiative in this blog, which was also in a British context. In this case, the information involved hospitals rather than ambulances. The information aimed to analyse the evolution of the number of victims attended to in hospitals, and compare it with the evolutions of violent crime in the crime survey and police records.

Source: Shuterland, Alex; Strang, Lucy; Stepanek, Martin; Giacomantonio, Chris; Boyle, Adrian. UsingAmbulance Data for ViolencePrevention. Rand Corporation

https://www.rand.org/pubs/research_reports/RR2216.html

[1]https://www.ons.gov.uk/peoplepopulationandcommunity/crimeandjustice/bulletins/crimeinenglandandwales/yearendingdec2016#latest-violent-crime-figures-continue-to-present-a-complex-picture

_____

Aquest apunt en català / Esta entrada en español / Post en français

Europol launches the SIRIUS platform to facilitate on-line investigations

The SIRIUS platform is a practical and innovative solution to address the current challenges faced by law enforcement in internet-based investigations.

As criminals increasingly adopt the Crime-as-a-Service model, getting easy access to tools and services for digitally enabled crimes, law enforcement authorities face a highly complex challenge when conducting criminal investigations online.

To address this challenge and better support EU member state investigations, Europol officially launched the SIRIUS platform at a special Meeting in The Hague in October 2017.

SIRIUS is a secure web platform for law enforcement professionals, which allows them to share knowledge, the best practices and expertise in the field of internet-facilitated crime investigations, with a special focus on counter-terrorism. It offers an innovative collaborative approach by providing investigators with a platform to quickly and efficiently exchange expertise, manuals and advice, as well as tools to help them analyse the information received by the different online service providers. The platform also addresses other challenges in criminal investigations, such as streamlining the requests to online service providers, and improving the quality of the responsive record.

SIRIUS aims to encourage the co-development of tools and solutions that can support internet-based investigations. To this end, Europol will organise a bi-annual codefest meeting at its headquarters in The Hague, which will bring together law enforcement experts in computer programming to jointly develop common tools and solutions.

With the political impulse of the Internet Forum of the EU and the work of the European Commission on cross-border access to electronic evidence, the SIRIUS platform was proposed as a practical solution, addressing the demand for an online information and support portal at EU level. 

The meeting to launch SIRIUS, held at Europol headquarters, gathered over 100 professionals from 30 countries and more than 60 different organisations, including law enforcement and government authorities in the EU Member States and third partners, as well as representatives from Facebook, Google, Microsoft, Twitter and Uber

This annual SIRIUS meeting and the associated bi-annual events demonstrate Europol’s commitment to being at the forefront of innovation to support internet-facilitated crime investigations.

_____

Aquest apunt en català / Esta entrada en español / Post en français

What do the police need to use Big Data?

Police organisations, for their daily activity, generate, store and work with large amounts of data, within the field of Big Data. Unfortunately, they don’t always have the technology and techniques which provide an added value when acquiring it. This is one of the conclusions that Alexander Babuta came to in his report Big Data a police project. An assessment of the needs, expectations and priorities of British security forces, published by the Royal United Services Institute (RUSI).

The author stresses that the investigation related to big data is prolific, but there is a lack of studies about its use in police work in the United Kingdom. Babuta tries to contribute to fill this gap. His research began with a review of the documentation (both academic and institutional), of police strategies and reports from the private sector on the use of data by the police. He then went on to interview 25 workers from four police agencies (involving police and support personnel) and 5 experts from technological and academic sectors. Finally, he directed a project team with representatives from five police forces, and from the Home Office, the College of Policing, and from the university environment.

The two big problems that the researcher identified are the lack of a single area to store and retrieve data, and the absence of technology to give meaning to the data. He also highlights four priorities where technology related to big data can be applied to police work:

  • Take advantage of maps to predict crime to send patrols to places where there is more probability of crime taking place.
  • Use predictive analysis to associate risks with particular persons, whether they are potential authors or possible victims.
  • Use advanced analysis to try to take advantage of the entire potential of visual recording systems (video surveillance systems) and of the data of automatic registration recognition systems.
  • Apply big data technology to open data resources, to obtain a better knowledge of some crime problems.

The author presents 14 recommendations for police forces and heads of security; for national organisms (Home Office, the National Police Academy and Police ICT Company[1]); for programme developers, including three lines of research.

Babuta’s proposals that may be more relevant to the field of social science are[2]:

  • Prioritize the exploration of the potential of the programming of prediction related maps
  • Use national data, not only local data, when there is a desire to predict risks related to individuals.
  • Include a register with all data applications to allow for the documentation of any change affecting the data as a whole.
  • Gain an insight into research into crime prediction programming to be able to generate models of prediction in accordance with street segments.
  • Explore potential uses of Risk Terrain Modelling (RTM)[3] to identify areas where there is a higher risk of crimes being committed.
  • Explore the use of damage assessment models to assess the damage caused due to different types of crime.

The report was presented to the public on 6 September 2017 and a presentation of this can be seen on the following link:

https://rusi.org/event/paper-launch-%E2%80%93-big-data-and-policing-assessment-law-enforcement-requirements-expectations-and

[1] It is a company with public capital created and administered by heads of security to improve information and communication technology with the objective of improving security for the general public.

[2] According to the network of researchers MethodSpace

[3] http://www.riskterrainmodeling.com

_____

Aquest apunt en català / Esta entrada en español / Post en français

 

An improvement in the participation of child offenders in juvenile justice

Observatori Internacional de Justícia Juvenil (OIJJ)The International Observatory of Juvenile Justice (OIJJ) and the University of Leidenhan have published materials to train professionals who work with those working in the judicial system in an issue as complex as the participation of child offenders in juvenile justice. Entitled “Can anyone hear me?” , so far a manual to adapt the European systems of juvenile justice for minors and a guide for programming training sessions for professionals have been published.

The manual addresses legal aspects of children’s rights, interrogation techniques, communication, child psychology and pedagogical skills. Given that in 2016 a new European directive was published regarding juvenile justice [1], the manual includes information about its content and how to apply it in accordance with European and international standards in this field. It can also be used to train professionals in the fields of restorative justice and mediation. The bases of the document are the practices and techniques seen as promising in relation with justice adapted to children. The five chapters of the manual address the following issues:

  • International and European regulations regarding juvenile justice and adolescent development
  • The general prerequisites linked to the three fields:
    • The procedures children participate in when in conflict with the law
    • The right to legal assistance or other kinds of support
    • The role of the parents in juvenile justice
  • The effective participation of children, both regarding the right to information and the right to be heard
  • The communication skills of the actors who intervene in the procedure and who have to deal with children in conflict with the law
  • Follow-up and support, focussing on how to accommodate the opinions of children in conflict with the law when taking decisions and how to explain these decisions

The guide, which complements the manual, is aimed at instructors who have elaborated and carried out training programmes. Therefore, the structure is very similar to that of the manual, but it adds elements to prepare didactic activities, with questions and answers to the different sections of the document which can be used as exercises in training activities.

The publications are the result of the project “Improving juvenile justice systems in Europe: Training for professionals”, coordinated by the OIJJ, in which ten other entities, both public and private, have participated from the different member states of The European Council of Juvenile Justice. The main objective of the project has been to improve the juvenile justice systems in the European Union and understand which aspects can be more efficient or adapt better to children, concentrating on improving the directives of the Council of Europe concerning justice adapted to children and international standards.

[1]Directive (UE) 2016/800 of the European Parliament and the Council, of 11 May, relative to the procedural guarantees of minors under suspicion or accused in criminal proceedings.

_____

Aquest apunt en català / Esta entrada en español / Post en français