Compliance Management, Threat Intelligence, Privacy

DOJ report finds local police sought surveillance tech to blackmail city council

As local law enforcement agencies increase efforts to make use of powerful surveillance technologies, the Department of Justice (DOJ) has issued a harsh report detailing a pattern of misconduct and corruption at the Calexico Police Department.

The report raises important questions about ethics oversights in the purchasing and use of surveillance devices by law enforcement departments. While the use of surveillance equipment has inspired a longstanding debate between privacy advocates and law enforcement officials, the report demonstrated a situation that observers see as the worst-case scenario, in which a lack of oversight created a trail of consequences that will plague law enforcement and city officials.

The DoJ report was prompted by a Federal Bureau of Investigation (FBI) investigation into criminal misconduct in 2014 after allegations that members of the Calexico Police Department kidnapped and beat an individual. It was also found that Calexico police officers used “seized assets to buy surveillance equipment to extort the city council.” The DoJ also reported that it “did not find any evidence” of an early intervention (EI) system -- the systems used by police departments to ensure police accountability.

A national discussion about the “balance between surveillance and making sure that power isn't abused” is needed, according to Ben Johnson, co-founder and chief security strategist for Carbon Black, and formerly a computer scientist for the NSA, “Without proper guidance and oversight, both virtual and physical monitoring can be abused,” he wrote in an email to SCMagazine.com

Even well-intentioned uses of surveillance technologies can create unintended consequences that can damage affect law enforcement departments, said industry pros. “Does local law enforcement really need all of the information that they request?” asked Bill Leddy, chief architect, ZapFraud, “And do they have the ability to secure that information from a hacker stealing that information from the police?”

Case in point, in November, iPower Technologies discovered that body cameras created for police departments were infected with the Conficker worm. Last month, a hacker known as Phineas Fisher posted an online tutorial demonstrating how the hacker – also known as “Hack Back!” and “GammaGroupPR!,” – defaced a website belonging to Spain's Catalan police union.

Surveilance technologies “not only raise blackmail and extortion concerns, but they add risk – if an outside obtains access to these systems, it's a whole new vector into sensitive information that can be used for malicious purposes,” wrote Johnson.

“Calexico is a microcosm of an epidemic we are seeing throughout American communities—the belief that mass surveillance and data gathering are panaceas that can take the place of honest police work,” wrote the Electronic Frontier Foundation's Camille Ochoa, in a blog post.

The security industry has faced similar challenges, according to Michael Covington, VP of Product at Wandera. “In our line of work, we can't rely on regulations that force people into doing the right thing,” he wrote, in an email to SCMagazine.com. He noted that privacy-preserving capabilities are often baked into infosec products at the outset. “I suspect some of those same controls could be built into the surveillance products, if only the police departments were asking for them in the first place.”

“I'm not sure these guys have the technical or security expertise to protect this information,” said Leddy, discussing local law enforcement departments that use surveillance technology to acquire sensitive information. “I'm sure they're well-intentioned, but they're probably in over their heads.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.