A Guide to Mitigating and Preventing Stress in U.S. Law Enforcement Organisations

Researchers Jennifer R. Rinner and Travis A. Taniguchi developed the Customized Offerings for Mitigating & Preventing Agency-Specific Stress (COMPASS) project, with the knowledge that many aspects of police work could be stressful. Their work is based on having the necessary tools to identify which stressors affect agents the most and how to tackle them in order to create a sustainability plan.

Law enforcement officers often suffer from extreme stress, which differs in many ways from the stress experienced in other professions. On a regular basis, police officers are exposed to violence, human suffering, death, and unpredictable and uncontrollable events, in addition to maintaining non-standard work timetables.

Although efforts to address the mental health of police officers have often focused on exposure to traumatic incidents, research has shown that organisational stressors would be challenges related to the internal culture and practices of police agencies, which are also detrimental.

Work-related stress includes fatigue, insomnia, depression, anxiety and a whole host of psychological problems; other somatic problems, such as back pain and headaches, and harmful habits such as increased alcohol consumption and smoking, lack of physical exercise and diets with a high content of fat.

Work-related stress has been associated with more on-the-job injuries, increased absenteeism, and increased staff turnover. Work-related stressors correspond to negative emotions, such as frustration and anger, which increase the chances of having interpersonal problems with co-workers.

Stress can also affect police-community interactions. Officers experiencing greater stress-related burnout report more accepting attitudes towards the use of violence. Emotions induced by stress and fatigue are connected to police disengagement with the community. Stress can also have an impact on officers’ well-being, family life and interactions with community members, and ultimately the safety of the neighbourhoods they serve.

Most law enforcement agencies have some tools to support health and wellness. But a shortcoming of many available resources is the failure to incorporate significant contextual factors. Due to factors such as the size of the organisation, the internal culture, the political environment, and the relationship between police and professional staff, police organisations differ greatly in the challenges they face.

To address this gap, RTI International and the National Policing Institute, with funding from the Community Policing Development program of the Office of Community Oriented Policing Services (COPS Office), developed a process that police chiefs can use to better understand and thus respond to the major sources of stress in their own departments.

The purpose of this publication is to offer agency leadership a step-by-step guide on how to identify which aspects of the job are causing the most stress to officers and staff (including supervisors), and then implement specific solutions to make improvements in these targeted areas. This guide provides instructions on the steps necessary to do this effectively, including:

  • Listening to the needs and experiences of officers and staff in different roles.
  • Understanding the underlying causes of the distress experienced.
  • Identifying areas that can be improved.
  • Implementing significant changes.
  • Evaluating the effectiveness of these efforts.

Before taking any of these steps, it is essential to identify the police chiefs who will lead the coordination of these efforts.

_____

Aquest apunt en català / Esta entrada en español / Post en français

EU Member States agree on security requirements for digital products

Aiming to ensure that products with digital components, such as connected home cameras, smart fridges, TVs and toys, are secure before entering the market, representatives of Member States (Coreper) reached a common position on proposed legislation on horizontal cybersecurity.

The agreement advances the EU’s commitment to a secure digital single market. The various network-connected objects must provide a basic level of cybersecurity when sold within the Union’s borders. It is also necessary to ensure that businesses and consumers are effectively protected against cyber threats.

The draft regulation aims to enforce compulsory cybersecurity measures for hardware and software products’ design, development, production, and market availability in the EU Member States. This is to prevent duplicating requirements arising from various legislations within the EU.

The proposed regulation will be applicable to all products that have direct or indirect connections to other devices or networks. Some products, such as medical devices, aviation equipment, or cars, which already have cybersecurity requirements defined in existing EU regulations, are exempted from the proposed rules.

The objective of the proposal is to address the deficiencies, establish clear connections, and enhance the overall consistency of current cybersecurity laws. This will be achieved by ensuring that products containing digital elements, such as Internet of Things products, are secure across the entire supply chain and throughout their lifecycle.

Finally, the proposed regulation enables consumers to consider cybersecurity while choosing and using products that incorporate digital elements. It empowers users to make informed decisions by selecting hardware and software products that possess appropriate cybersecurity features.

The European Council’s common position maintains the general direction of the Commission’s proposal, namely:

  • Regulations to redistribute the responsibility for compliance to manufacturers, requiring them to ensure that products containing digital elements, offered on the EU market, meet security requirements. This includes obligations such as conducting cybersecurity risk assessments, issuing declarations of conformity, and collaborating with competent authorities.
  • Essential requirements for vulnerability management processes for manufacturers to ensure the cybersecurity of digital products, and obligations for economic operators, such as importers or distributors, in relation to these processes.
  • Measures to improve transparency in the security of hardware and software products for consumers and business users and a market surveillance framework to enforce these standards.

However, the European Council’s text modifies several parts of the Commission’s proposal, including the following aspects:

  • The scope of the proposed legislation, including the specific categories of products that should meet the regulation’s requirements.
  • Obligations to report actively exploited vulnerabilities or incidents to the competent national authorities (Computer Security Incident Response Teams – CSIRTs) instead of the EU agency for cybersecurity (ENISA), with the latter establishing a single reporting platform.
  • Elements for determining the product’s functional lifespan foreseen by the manufacturers.
  • Support measures for small and micro enterprises.
  • A simplified declaration of conformity.

_____

Aquest apunt en català / Esta entrada en español / Post en français

Video surveillance control centres on the rise in the United States

U.S. cities have been setting up “real-time crime centres” (RTCC), which, according to the police, protect the rights of innocent people, but critics of this system warn of the excesses of this type of surveillance.

Last June, a report signed by researcher Zac Larkham was published on the website wired.com, which explained that in the 1990s, London built the so-called “ring of steel” with a network of concrete barriers, checkpoints and thousands of video cameras surrounding the city, due to the bombings of the Irish Republican Army. The idea was to control everyone coming in and out of the Square Mile, which ended up being called “fortress urbanism”.

In the aftermath of the 11 September 2001 attacks, urban planners seeking to defend New York from terrorism looked to London’s experience and fortress urbanism for inspiration. So-called “fusion centres”, where U.S. police share intelligence at the federal level to analyse it and build a broader picture of crime, had been in existence for several years. But officials began to wonder what would happen if they could perform geo-locations from these fusion centres and if local law enforcement could analyse and gather intelligence data from one city.

In 2005 they responded with the “first real-time crime centre,” an extensive network of CCTV and Automatic License Plate Readers (ALPR) connected to a central hub at NYPD headquarters, which cost more than $11 million. Since then, from Miami to Seattle, RTCCs have gradually expanded throughout the United States. The Atlas of Surveillance, a project of the not-for-profit digital rights organisation Electronic Frontier Foundation (EFF), which oversees police surveillance technology, has accounted for 123 RTCCs nationwide, and that number is increasing.

Each RTCC is slightly different, but its function is the same: collect surveillance data across a city and use it to create a live picture of crime in the city. Police departments have a wide variety of technologies at their disposal, ranging from CCTV, gunshot sensors and social network monitoring to drones and body-worn cameras. In many cases, the images collected by police systems are run through facial recognition technology and the data collected is often used in predictive policing.

However, most evidence on the efficacy of RTCCs is anecdotal and there is an effective lack of studies on the actual efficacy of this system. In Detroit, a National Institute of Justice study concluded that Project Green Light, in which the Detroit Police Department set up cameras in more than 550 locations, including schools, churches, private businesses and health care facilities, helped decrease property damage in some cases or areas, but did not help prevent violent crime or other types of crime. However, police departments argue that RTCCs have a positive impact on their work.

Few people know that RTCCs exist, let alone the extent of surveillance they entail, so these expanding control centres may receive little public scrutiny and often operate without much oversight. For a long while there have been concerns from various sectors about how these surveillance technologies could affect the First and Fourth Amendments.

_____

Aquest apunt en català / Esta entrada en español / Post en français

European agreement to ensure a high common level of cybersecurity

The chair of the European Council and the Parliament negotiators have reached a provisional agreement on a regulation aimed at ensuring a high common level of cybersecurity in the EU institutions, bodies, offices and agencies.

The measures were proposed by the Commission in March 2022 in the context of a significant increase in the number of sophisticated cyberattacks affecting the EU’s public administrations in recent years.

The new regulation will create a common framework for all EU entities in the field of cybersecurity and improve its resilience and incident response capability. The new rules should help EU entities prevent and counter cyberattacks, which have become increasingly frequent in recent years.

To ensure high common standards among EU institutions, the new rules require them to establish a framework for governance, risk management and control in the field of cybersecurity.

All Union entities will also have to implement cybersecurity measures to address identified risks, conduct regular cybersecurity maturity assessments and implement a cybersecurity plan.

With the new regulation, the mandate of the Eu’s Computer Emergency Response Team (CERT-EU) will also be strengthened and renamed the Cybersecurity Service for the Union Institutions, Bodies, Offices and Agencies, while keeping the current acronym.

CERT-EU will advise all EU bodies and help them to prevent, detect and respond to incidents. Additionally, it will serve as a hub for sharing information and coordinating efforts related to cybersecurity and responding to incidents. All EU entities will have to share unclassified incident-related information with CERT-EU without undue delay.

Furthermore, the newly introduced regulation will create an interinstitutional Cybersecurity Board responsible for overseeing and ensuring the implementation of the regulation across the various EU agencies.

The new board will also oversee CERT-EU’s implementation of overall priorities and objectives and provide it with strategic direction. The board will consist of representatives of all EU institutions and advisory bodies, the European Investment Bank, the European Cybersecurity Competence Center, the European Union Agency for Cybersecurity (ENISA), the European Data Protection Supervisor, the EU Agency for the Space Programme, as well as representatives of the EU Agencies Network. The European Commission will be responsible for providing the Secretariat of the board.

The provisional agreement will now be finalised at technical level, following which it will be submitted to the EU ambassadors of member states for confirmation. Once it receives confirmation from both the Council and the Parliament, the agreement will be formally adopted by both institutions.

In its 20 June 2019 conclusions, the European Council called upon the EU institutions, in collaboration with member states, to work on initiatives aimed at strengthening resilience and fostering a stronger security culture within the EU. These measures aim to address cyber and hybrid threats originating from outside the EU, as well as to enhance the protection of the EU’s information and communication networks and safeguard its decision-making processes from all kinds of malicious activities.

The regulation is one of the measures envisaged in the EU Cybersecurity Strategy for the Digital Decade, presented by the Commission and the High Representative of the Union for Foreign Affairs and Security Policy in December 2020 to strengthen the EU’s collective resilience to cyberthreats.

In its 22 March 2021 conclusions on this strategy, the Council emphasized the critical importance of cybersecurity for the effective operation of public administrations and institutions, both at the national and EU levels. Furthermore, cybersecurity was recognised as indispensable for the well-being of our society and the overall functioning of our economy.

_____

Aquest apunt en català / Esta entrada en español / Post en français

London works towards safer public transportation for women

As Christopher Carey reports from London’s Cities Today , as public transport passenger figures move towards pre-pandemic levels, a growing number of cities around the world are re-assessing how they can make travel safer and more inclusive.

Over the past two decades, reports of attacks and anti-social behaviour directed at staff and passengers have been increasing throughout the world. While developing cities, especially in South Asia, continue to see the most serious attacks, countries with advanced economies are accounting for an increasing number of incidents.

Women, in particular, report feeling more and more unsafe on public transport, as well as more vulnerable than men to attacks and harassment of a sexual nature.

To address this problem, some cities have made changes to vehicles and station infrastructure, including the installation of brighter lighting, cameras and emergency buttons, and ensuring a visible presence of station staff. Other cities have gone further and involved passengers in prevention efforts.

In October 2021, Transport for London (TfL) launched a zero-tolerance campaign on sexual harassment.

The initiative, which included an online poster campaign and social media posts, aimed to challenge harassment and send a clear message to offenders that they will not be tolerated.

Last month, the transport operator stepped up its efforts with a new initiative that encouraged bystanders to be proactive and intervene if they witnessed sexual harassment on public transport.

Although overall levels of public transport control have not increased in London, there have been more targeted operations in certain areas. TfL has also introduced a new team of transport enforcement officers, who are responsible for reducing anti-social behaviour.

In research published last year by transport watchdog London TravelWatch, nearly half of women said they had stopped travelling to London at certain times of day because of concerns for their personal safety.

The figures also revealed an 81% year-on-year increase in sexual harassment of women and girls, although this has been put down to a growth in the reporting of incidents as a result of the campaign.

In 2015, former U.K. Labour Party leader Jeremy Corbyn, who has been an MP for north London since 1983, said he would consider introducing women-only vehicles on public transport to help reduce harassment.

The idea received a strong backlash from many, but the debate about women-only carriages is periodically reignited.

These vehicles are common in several countries, especially in India, Iran, Japan or Egypt, where there have been several high-profile incidents involving sexual violence against women.

A Reuters poll from 2014 asked 6,300 women around the world whether they would feel safer travelling in a single-sex vehicle. The survey, which covered 15 of the world’s largest capital cities and New York, the most populous U.S. city, found that 70% of women had said they would feel safer.

Manila, in the Philippines, was the city where women were most in favour of single-sex transportation, with support from 94% of women followed by Jakarta in Indonesia, Mexico City in Mexico and Delhi in India.

_____

Aquest apunt en català / Esta entrada en español / Post en français

Provisional agreement in Europe to improve information exchange in terrorism cases

The European Council Presidency and European Parliament representatives reached a provisional agreement on a regulation aimed at improving the exchange of digital information in terrorism cases. The text agreed upon is subject to approval by the European Council and Parliament before going through the formal adoption procedure.

This draft regulation would be part of the ongoing work to modernise and digitise cross-border judicial cooperation.

These days, terrorism knows no borders; networks are built and attacks can be prepared and perpetrated within the territories of the European Union. Therefore, in order to be able to deal with it, the European judicial authorities must also have a cross-border strategy.

The agreed new system should allow better checking of information and ensure that any links are detected, regardless of where a terrorist crime has been committed in the EU.

Currently, member states share information with Eurojust on terrorism-related cases through various channels. This information is then included in the European judicial register for the fight against terrorism, a system that is currently technically obsolete as it does not allow for proper cross-checking of information.

The proposal aims to amend these shortcomings and enable Eurojust to play a more proactive and conclusive role in supporting coordination and cooperation between national authorities that investigate and prosecute terrorist offences.

Under the proposed rules, member states will have to provide Eurojust with information on any criminal investigations related to terrorist offences as soon as these cases are transferred to the judicial authorities.

According to the agreed proposal, this would entail:

  • Creating a modern, digital case management system that stores this information and allows it to be cross-checked.
  • Empowering Eurojust to better detect links between transnational investigations and prosecutions in the field of terrorism and to proactively inform Member States of links found.
  • Creating a secure digital communication channel between Member States and Eurojust.
  • Simplifying cooperation with third countries by granting liaison prosecutors attached to Eurojust access to the case management system.

_____

Aquest apunt en català / Esta entrada en español / Post en français

European Union strengthens cybersecurity and resilience across the Union

The European Council adopted certain legislative aspects in order to apply them to a high common level of cybersecurity across the entire Union. The goal is to further enhance the resilience and incident response capabilities of the public and private sector and the Union as a whole.

The new directive, called ‘NIS2’, will replace the current directive on network and information systems security (the NIS directive). With this initiative, the Council itself believes that cybersecurity will undoubtedly remain a key challenge for the coming years. In this sense, the new legislation is a huge gamble for our economies and our citizens.

The NIS2 will establish the baseline for cybersecurity risk management measures and reporting obligations in all sectors covered by the directive, such as energy, transport, health and digital infrastructure.

The revised directive seeks to harmonise cybersecurity requirements and the implementation of cybersecurity measures in the different member states. To this end, it establishes minimum rules for a regulatory framework and mechanisms for effective partnership among the relevant authorities in each member state. It updates the list of sectors and activities subject to cybersecurity obligations and provides for remedies and penalties to ensure enforcement.

The directive will officially set up the European Cyber Crisis Liaison Organization Network, EU-CYCLONE, which will support the coordinated management of large-scale cybersecurity incidents and crises.

Under the old NIS directive, member states were responsible for determining which entities would meet the criteria to qualify as operators of essential services. The new NIS2 directive, however, introduces a size-limit rule as a general rule for identifying regulated entities. This means that all medium and large entities operating within the sectors or providing services covered by the directive will fall within its scope.

Although the revised directive maintains this general rule, its text includes additional provisions to ensure proportionality, a higher level of risk management and clear criticality criteria to allow national authorities to determine other covered entities.

The text also clearly states that the directive will not apply to entities carrying out activities in areas such as defence or national security, public security and law enforcement. Judiciary, parliaments and central banks are also excluded.

The NIS2 will also apply to public administrations at the central and regional levels. In addition, member states may decide to apply it to these entities at the local level.

Furthermore, the new directive was aligned with sector-specific legislation, in particular the regulation on the digital operational resilience of the financial sector (DORA) and the directive on the resilience of critical entities (CER), to provide legal clarity and ensure consistency between the NIS2 and these acts.

A voluntary peer-to-peer learning mechanism will increase mutual trust and learning from good practices and experiences in the Union, thus contributing to achieving a high common level of cybersecurity.

The new legislation also streamlines reporting obligations in order to avoid cases of over-reporting and undue burden on covered entities.

_____

Aquest apunt en català / Esta entrada en español / Post en français

Hate crimes and mental illness in the U.S.

Last October, The New York Times published an article by researcher Eyal Press in which he questioned the treatment and response to mentally ill people involved in hate crimes in the United States. Press is the author of the book Dirty Work: Essential Jobs and the Hidden Toll of Inequality in America.

The author explains that since the onset of the COVID pandemic, a wave of violence against Asian Americans has spread across the country. There have been blatant assaults in which victims have been spat on, beaten, pushed from the subway platform, stabbed or shot with firearms. This shocking number of attacks that have made the news has meant that most of those arrested have turned out to have serious mental health problems.

Although the number of hate crimes against Asian Americans in New York went down during the first half of 2022, the overlap between hate crimes and bias attacks has remained. The New York Police Department announced that, of the 100 people arrested for hate crimes in the city during the first four months of 2022, half had previously been classified as emotionally disturbed.

Press believes that, because of these patterns of behaviour, the role that mental illness may play in racially motivated violence makes it a pending and necessary issue to resolve. And we must avoid the belief that such a debate would reinforce negative stereotypes, since people experiencing mental illness are much more likely to be victims of violence than to be its perpetrators. Another danger would be if mental illness were invoked to divert attention from the rhetoric and ideas that breed acts of violent extremism.

Edward Dunbar, professor of psychology at the University of California, a researcher on bias-motivated crime, believes that it is not surprising that during the pandemic some people with mental disorders committed aggressive acts, because of the constant anti-Asian speeches in the public debate.

What Press exposes in his article is that most of the mentally ill people who were arrested for attacking Asian people in New York City during the pandemic were not only mentally ill, but homeless.

The community organization The Anti Police-Terror Project proclaimed in a propaganda leaflet that mental illness is not a crime, advocating keeping such people out of the criminal justice system.

Brian Levin, director of the Center for the Study of Hate and Extremism at California State University, San Bernardino, has proposed creating a separate classification for mentally ill offenders as a way of highlighting that their cases are different. The goal would be for these people to receive treatment rather than incarceration. The imposition of harsh criminal penalties on these offenders is perhaps ineffective.

A better approach would be to invest resources in the flawed mental health systems that leave so many highly unstable people without long-term care. Addressing other social problems would also be useful, as a growing body of research suggests that people with severe mental illness are more likely to carry out violent acts when exposed to other risk factors, such as traumatic childhood experiences, financial instability, or living in high-crime neighbourhoods. Treatment alone would not solve these problems, but locking these people in prisons won’t make them go away either.

_____

Aquest apunt en català / Esta entrada en español / Post en français

The European Council Approves Conclusions for a Unified Cyber Posture

The European Council has approved conclusions on the development of the European Union’s stance against cyber-attacks. The posture is intended to demonstrate the EU’s determination to provide immediate and long-term responses to threats that seek to deny the EU secure and open access to cyberspace and affect its strategic interests, including its partners’ security.

Ministers, among other things, call on the European Commission to propose common EU cybersecurity requirements for connected devices and associated processes and services. They also invite relevant authorities, such as the European Union Agency for Cybersecurity (ENISA), to make recommendations to strengthen the resilience of communication networks and infrastructures within the EU. The Council also stresses the importance of establishing regular cyber exercises to test and develop the EU’s internal and external response to large-scale cyber incidents.

Cyberspace has become an arena for geopolitical competition. The EU must therefore be able to respond swiftly and forcefully to cyber-attacks, such as malicious cyber-activities targeting the Union and its member states. It must also make full use of all the instruments at its disposal. Perpetrators should be aware that cyber-attacks against member states and EU institutions will rapidly be detected, identified and fought with all necessary tools and policies.

In the conclusions, the Council highlights the EU’s five roles in the cyber domain:

1. Strengthen resilience and protective capacities. Malicious behaviour in cyberspace has intensified in recent years and emanates from both state and non-state parties. This includes a sharp and steady increase in activities targeting critical infrastructure and supply chains.

2. Improve solidarity and comprehensive crisis management. In the current geopolitical climate, the Union’s strength lies in unity, solidarity and determination, and the implementation of the Strategic Compass. This should enhance the EU’s strategic autonomy and its ability to work with partners to safeguard them, while respecting their values and interests, including in the cyber domain.

3. Promote the EU vision of cyberspace. Consolidate peace and stability in cyberspace and in favour of an open, free, global, stable and secure cyberspace, and coordinate short-, medium- and long-term actions to prevent, identify and respond to cyber threats and attacks.

4. Improve cooperation with partner countries and international organisations. The overall level of EU cybersecurity needs to be raised and see a rapid adoption of the draft Directive on measures to achieve a high common level of cybersecurity across the Union (NIS), the draft Regulation on Digital Operational Resilience for the Financial Sector (DORA) and the draft Directive on Critical Entity Resilience (CER).

5. Prevent, defend and respond to cyber-attacks. Competent authorities, such as the Body of European Regulators for Electronic Communications (BEREC), the European Union Agency for Cybersecurity (ENISA) and the Network and Information Security (NIS) Cooperation Group, together with the Commission, will formulate recommendations based on risk assessment in the member states and the European Commission to strengthen the resilience of communications, networks and infrastructures within the European Union.

_____

Aquest apunt en català / Esta entrada en español / Post en français

The European Union Strengthens IT Security for Financial Institutions

Taking into account the ever-increasing risks in relation to cyberattacks, the European Union is reinforcing IT security in various sectors, in particular financial institutions such as banks, insurance companies and investment firms.

The European Council and Parliament reached a provisional agreement on the Digital Operational Resilience Act (DORA), which will ensure that Europe’s financial sector is prepared in the event of a severe operational disruption.

DORA establishes uniform security requirements for the network and information systems of companies and organizations operating in the financial sector. These also apply to third parties providing ICT (information and communication technology) related services, such as cloud platforms or data analysis services.

According to the regulatory framework on digital operational resilience that DORA has created, all companies have to ensure that they can withstand, respond to and recover from all types of ICT-related disruptions and threats. These requirements are the same for all EU member states. The main objective is to prevent and mitigate cyber threats.

Under the provisional agreement, the new rules will provide a very robust framework for enhancing IT security in the financial sector. The extent financial institutions must go to in order to protect their information will be proportional to the potential risks.

Critical third country providers of ICT services to EU financial institutions will have to establish a subsidiary within the EU so that supervision can be properly implemented.

Regarding the supervision framework, the co-legislators agreed upon an additional joint supervision network that will strengthen coordination between European authorities on this cross-cutting issue.

In light of provisional agreement the, DORA interacted with the Network and Information Security (NIS) Directive in order to provide financial institutions with full clarity on the different digital operational resilience standards they have to comply with. This will also prepare financial institutions holding multiple authorisations and operating in different EU markets. The NIS policy will continue to apply. DORA is based on the NIS Directive and addresses possible overlapping through a lex specialis exemption.

The provisional agreement reached is subject to approval by the European Council and Parliament before going through the formal adoption procedure.

Once the DORA proposal is formally approved, each EU member state will also approve it. European Supervisory Authorities (ESAs), such as the European Banking Authority (EBA), the European Securities and Markets Authority (ESMA) and the European Insurance and Occupational Pensions Authority (EIOPA) will develop technical standards for all financial institutions, from banking to insurance and asset management. The respective competent national authorities will take on the task of compliance monitoring and will enforce the regulations when necessary.

This package fills a gap in existing EU legislation and ensures that the current legal framework does not pose barriers to the use of new digital financial instruments. It also ensures that the new technologies and products fall within the scope of financial regulation and operational risk management arrangements for companies active in the EU. Thus, the package aims to support innovation and the adoption of new financial technologies, while providing an adequate level of consumer and investor protection.

_____

Aquest apunt en català / Esta entrada en español / Post en français