Investigative & Security Professionals for Legislative Action

Security Related Topics

  • 25 Nov 2015 7:26 PM | Anonymous member (Administrator)

    Crowd Management Safety Guidelines for Retailers

    Crowd related injuries can occur during special sales and promotional events. In 2008, a worker died at the opening of a "Black Friday" sale on Long Island in New York.

    Under the Occupational Safety and Health Act of 1970, employers are responsible for providing their workers with safe and healthy workplaces. The Occupational Safety and Health Administration (OSHA) encourages employers to adopt effective safety and health management systems to identify and eliminate work-related hazards, including those caused by large crowds at retail sales events

    OSHA has prepared these guidelines to help employers and store owners avoid injuries during the holiday shopping season, or other events where large crowds may gather. Crowd management planning should begin in advance of events that are likely to draw large crowds, and crowd management, pre-event setup, and emergency situation management should be part of event planning. OSHA recommends that employers planning a large shopping event adopt a plan that includes the following elements.

    In 2008, a 34-year-old retail worker was trampled to death when Black Friday shoppers in Long Island literally busted through the doors of a Walmart store to claim their holiday bargains. Since then, OSHA has issued "Crowd Management Safety Guidelines for Retailers."


    1. It’s wrong – perhaps illegal – to expect that shoppers will be able to control themselves enough to avoid destroying whatever stands between them and the best bargains.
    2. When counting your blessings this Thanksgiving, don’t forget to include the increased availability of online shopping, where the risk of getting trampled by Long Island shoppers at 5 a.m. is minimal.


    §  Where large crowds are expected, hire additional staff as needed and have trained security or crowd management personnel or police officers on site.

    §  Create a detailed staffing plan that designates a location for each worker. Based on the size of the crowd expected, determine the number of workers that are needed in various locations to ensure the safety of the event (e.g., near the door entrances and throughout the store).

    §  Ensure that workers are properly trained to manage the event.

    §  Contact local fire and police agencies to determine if the event site meets all public safety requirements, and ensure that all permits and licenses are obtained and that local emergency services, including the local police, fire department and hospital, are aware of the event.

    §  Designate a worker to contact local emergency responders if necessary.

    §  Designate a store manager to make key decisions as needed during the event

    §  Provide legible and visible signs that describe entrance and exit locations, store opening times, and other important information such as the location of major sale items and restrooms.

    §  Prepare an emergency plan that addresses potential dangers facing workers, including overcrowding, crowd crushing, being struck by the crowd, violent acts and fire. Share emergency plan with all local public safety agencies.

    §  Train workers in crowd management procedures and the emergency plan. Provide them with an opportunity to practice the special event plan. Include local public safety agencies if appropriate.

    Pre-Event Setup:

    §  Set up barricades or rope lines for crowd management well in advance of customers arriving at the store.

    §  Make sure that barricades are set up so that the customers' line does not start right at the entrance to the store. This will allow for orderly crowd management entry and make it possible to divide crowds into small groups for the purpose of controlling entrance.

    §  Ensure that barricade lines have an adequate number of breaks and turns at regular intervals to reduce the risk of customers pushing from the rear and possibly crushing others, including workers.

    §  Designate workers to explain approach and entrance procedures to the arriving public, and direct them to lines or entrances.

    §  Make sure that outside personnel have radios or some other way to communicate with personnel inside the store and emergency responders.

    §  Consider using mechanisms such as numbered wristbands or tickets to provide the earlier arriving customers with first access to sale items.

    §  Consider using Internet lottery for "hot" items.

    §  Locate sale items in different parts of the store to prevent overcrowding in one place.

    §  Locate shopping carts and other potential obstacles or projectiles inside the store and away from the entrance, not in the parking lot.

    §  If appropriate, provide public amenities including toilets, washbasins, water and shelter.

    §  Communicate updated information to customers waiting in line. Have signs and distribute pamphlets showing the location of entrances and exits, store opening times and location of special sales items within the store.

    §  Shortly before opening, remind waiting crowds of the entrance process (i.e., limiting entry to small groups, redemption of numbered tickets, etc.).

    During the Sales Event:

    §  Provide a separate store entrance for staff. Provide door monitors there to prevent crowd entry.

    §  Make sure that all employees and crowd control personnel are aware that the doors are about to open.

    §  Staff entrances with uniformed guards, police or other authorized personnel.

    §  Use a public address system or bullhorns to manage the entering crowd and to communicate information or problems.

    §  Position security or crowd managers to the sides of entering (or exiting) public, not in the center of their path.

    §  Provide crowd and entry management measures at all entrances, including the ones not being used. If possible, use more than one entrance.

    §  When the store reaches maximum occupancy, do not allow additional customers to enter until the occupancy level drops.

    §  Provide a safe entrance for people with disabilities.

    Emergency Situations:

    §  Do not restrict egress, and do not block or lock exit doors

    §  Know in advance who to call for emergency medical response.

    §  Keep first-aid kits and Automated External Defibrillators (AEDs) available, and have personnel trained in using AEDs and CPR onsite.

    §  Instruct employees, in the event of an emergency, to follow instructions from authorized first responders, regardless of company rules.

    This is one in a series of informational fact sheets highlighting OSHA programs, policies or standards. It does not impose any new compliance requirements. For a comprehensive list of compliance requirements of OSHA standards or regulations, refer to Title 29 of the Code of Federal Regulations.

    Have a Safe and Happy Thanksgiving Day too!

    Bruce H. Hulme, CFE, BAI - ISPLA Director of Government Affairs

  • 19 Oct 2015 5:41 PM | Anonymous member (Administrator)

    New York State Rifle & Pistol Ass’n, Inc., et al. v. Cuomo, et al.

    Connecticut Citizens’ Defense League, et al. v. Malloy, et al.

    1436cv(L); 14319cv

    Laws in New York and Connecticut prohibiting certain semiautomatic assault weapons and large-capacity ammunition magazines do not violate the Second Amendment, the U.S. Court of Appeals for the Second Circuit ruled. Upholding laws passed in the wake of the 2012 murder of 20 students and six adults at the Sandy Hook Elementary School in Newtown, Connecticut, the Second Circuit said the measures do not violate the Second Amendment's guarantee of "the right of the people to keep and bear arms."

    In the first case, the court upheld, with one exception, Western District Judge William Skretny's grant of summary judgment to New York. The circuit held only that one provision of New York's law regulating load limits on guns did not survive scrutiny.

    In the second case, the circuit upheld summary judgment for Connecticut granted by U.S. District Judge Alfred Covello of the District of Connecticut except on one provision: the state's prohibition of the non-automatic Remington 7615 "unconstitutionally infringes upon the Second Amendment right," Judge Jose Cabranes wrote for the court.

    Cabranes said the court was adopting a two-step analytical framework for challenges under the Second Amendment in light of the U.S. Supreme Court's decision in District of Columbia v. Heller, 554 U.S. 570 (2008) and the case law as it has developed since Heller.

    Heller struck down the District of Columbia's ban on handgun possession as it affirmed the individual right to possess and carry weapons in "common use" and "for lawful purposes like self-defense."

    Read more:

    Read more:

    Investigative and Security Professionals should consider reviewing the 57-page opinion of the U.S. Circuit Court for the Second Circuit with regard to appeals in New York and Connecticut. What follows is merely an ISPLA summary of just a few key points.

    Before the Second Circuit Court were two appeals challenging guncontrol legislation enacted by the New York and Connecticut legislatures in the wake of the 2012 mass murders at Sandy Hook Elementary School in Newtown, Connecticut. The New York and Connecticut laws at issue prohibit the possession of certain semiautomatic “assault weapons” and largecapacity magazines. Following the entry of summary judgment in favor of defendants on the central claims in both the Western District of New York (William M. Skretny, Chief Judge) and the District of Connecticut (Alfred V. Covello, Judge), plaintiffs in both suits pressed two arguments on appeal. First, they challenged the constitutionality of the statutes under the Second Amendment; and second, they challenged certain provisions of the statutes as unconstitutionally vague. Defendants in the New York action also crossappeal the District Court’s invalidation of New York’s separate sevenround load limit and voiding of two statutory provisions as facially unconstitutionally vague.


    To summarize, we hold as follows:

    (1) The core prohibitions by New York and Connecticut of assault weapons and largecapacity magazines do not violate the Second Amendment.

             (a) We assume that the majority of the prohibited conduct falls within the scope of Second Amendment protections. The statutes are appropriately evaluated under the constitutional standard of “intermediate scrutiny”—that is, whether they are “substantially related to the achievement of an important governmental interest.

             (b) Because the prohibitions are substantially related to the important governmental interests of public safety and crime reduction, they pass constitutional muster.

    We therefore AFFIRM the relevant portions of the judgments of the Western District of New York and the District of Connecticut insofar as they upheld the constitutionality of state prohibitions on semiautomatic assault weapons and largecapacity magazines.

    (2) We hold that the specific prohibition on the non semiautomatic Remington 7615 falls within the scope of Second Amendment protection and subsequently fails intermediate scrutiny.

    Accordingly, we REVERSE that limited portion of the judgment of the District of Connecticut. In doing so, we emphasize the limited nature of our holding with respect to the Remington 7615, in that it merely reflects the presumption required by the Supreme Court in District of Columbia v. Heller that the Second Amendment extends to all bearable arms, and that the State, by failing to present any argument at all regarding this weapon or others like it, has failed to rebut that presumption. We do not foreclose the possibility that States could in the future present evidence to support such a prohibition.

    (3) New York’s sevenround load limit does not survive intermediate scrutiny in the absence of requisite record evidence and a substantial relationship between the statutory provision and important state safety interests.

    We therefore AFFIRM the judgment of the Western District of New York insofar as it held this provision.

    The following concerns the SevenRound Load Limit, a controversial measure that passed in New York during the "Dead of Night" within weeks after the shooting

    "Though the key provisions of both statutes pass constitutional muster on this record, another aspect of New York’s SAFE Act does not: the sevenround load limit, which makes it 'unlawful for a person to knowingly possess an ammunition feeding device where such device contains more than seven rounds of ammunition.

    "As noted above, the sevenround load limit was a secondbest solution. New York determined that only magazines containing seven rounds or fewer can be safely possessed, but it also recognized that sevenround magazines are difficult to obtain commercially. Its compromise was to permit gun owners to use tenround magazines if they were loaded with seven or fewer rounds. On the record before us, we cannot conclude that New York has presented sufficient evidence that a sevenround load limit would best protect public safety. Here we are considering not a capacity restriction, but rather a load limit. Nothing in the SAFE Act will outlaw or reduce the number of tenround magazines in circulation. It will not decrease their availability or in any way frustrate the access of those who intend to use tenround magazines.

    "To be sure, the mere possibility of criminal disregard of the laws does not foreclose an attempt by the state to enact firearm regulations. But on intermediate scrutiny review, the state cannot 'get away with shoddy data or reasoning.' To survive intermediate scrutiny, the defendants must show 'reasonableinferences based on substantial evidence' that the statutes are substantially related to the governmental interest. With respect to the load limit provision alone, New York has failed to do so."

    A link to the full opinion is at:

    Bruce Hulme, CFE, BAI

    ISPLA Director of Government Affairs

  • 15 Sep 2015 7:18 PM | Anonymous member (Administrator)

    UNLICENSED FLORIDA PI ARRESTED FOR COMPUTER CRIME: claims to be searching for transfer of funds from charitable organization to Jihadist groups

    Manhattan U.S. Attorney Announces Charges Against Florida "Private Investigator" For Attempting To Gain Unauthorized Access To The Computer Network Of A Global Charitable Organization

    Preet Bharara, the United States Attorney for the Southern District of New York and Robert J. Sica, the Special Agent in Charge of the New York Office of the United States Secret Service, announced on September 14 the filing of a criminal complaint against TIMOTHY SEDLAK for attempting to gain unauthorized access to the computer network of a global charitable organization based in New York, NY (the “Organization”).  Sedlak was arrested in Ocoee, Florida on the evening of September 11, 2015 and was presented September 14 in federal court before U. S. Magistrate Judge Gregory J. Kelly in Orlando, FL.

    Sedlak, 42, of Ocoee, Florida, was charged with one count of attempted unauthorized access to a computer, which carries a maximum sentence of five years.  The maximum potential sentence in this case is prescribed by Congress and is provided for informational purposes only. According to the complaint, an unidentified global charity headquartered in New York experienced some 390,000 attempts to gain unauthorized access to its computer network from June to July, 2015.

    The attempted intrusions, which disrupted employees' ability to access email and conduct business, were made by computers associated with two internet protocol addresses subscribed to by Sedlak at his home in Florida.

    On LinkedIn, Sedlak holds himself out as an investigator with Surveillance Associates, LLC, a Florida company registered in his name. However, complaint indicates that he did not have a license to work as a private investigator in Florida.

    The Complaint filed in Manhattan federal court also revealed the following:

    Computers associated with two particular internet protocol addresses made nearly four hundred thousand attempts to gain unauthorized access to the Organization’s computer network.  As a result, numerous Organization employees experienced difficulty accessing their Organization email accounts, and were disrupted in their ability to conduct regular business functions.  Both of the IP Addresses were subscribed to Sedlak at his residence in Florida.

    In particular, between June 22, 2015 and July 8, 2015, from one of the IP Addresses, there were approximately 195,000 attempts to log into approximately twenty email accounts of the Organization.  Between July 8, 2015 and July 10, 2015, from the other IP Address, there were an additional approximately 195,000 attempts to log into approximately six email accounts of the Organization.  Sedlak had never been employed by the Organization, and was not authorized to access any email accounts of the Organization.

    On September 11, 2015, US Secret Service agents executed a search warrant at the Sedlak Residence, from which they seized, among other things, (i) approximately 30 computers connected to the same internal network, which enabled each computer to communicate with the others (the “Sedlak Computers”); (ii) notes pertaining to the Organization, an executive of the Organization (“Individual-1”) and an individual who has been publicly affiliated with the Organization (“Individual-2”), including e-mail addresses, registrant information for certain website domain names, and certain IP address information associated with the Organization, Individual-1 and/or Individual-2; and (iii) lists of e-mail addresses and e-mail servers, many of which included the word “jihad.”  The Sedlak Computers contained, among other things, a list of certain Organization employees’ email account usernames, and a “brute force” password-cracking tool.  Such a tool is designed to launch a relentless barrage of potential passwords at an email account in an attempt to guess the account’s password.

    That same date Secret Service agents interviewed Sedlak, who claimed to be using the computers to conduct “research” into charitable organizations in the course of his work as a private investigator.  He claimed to be trying to determine if the organizations were unintentionally financing jihadist groups by sending funds to charitable organizations in the Middle East, which are then seized by jihadist groups.  When questioned about notes pertaining to Individual-1 and Individual-2 found at the Sedlak residence, he claimed that he came across such information in his “research” into the financing of jihadist groups and that he hoped to sell the information he found.

    The investigation remains ongoing. This case is being handled by the Office’s Complex Frauds and Cybercrime Unit.  AUSA Kristy J. Greenberg is in charge of the prosecution. (U.S. v. Sedlak, U.S. District Court, SDNY - No. 15-mj-3265)

    Bruce Hulme, ISPLA Director of Government Affairs

    Your Resource to the Profession, to Government, and to the Media

    Educate to Legislate:


  • 04 Sep 2015 2:32 PM | Anonymous member (Administrator)

    Department of Justice Policy Guidance: Use of Cell-Site Simulator Technology

    Cell-site simulator technology provides valuable assistance in support of important public safety objectives. Whether deployed as part of a fugitive apprehension effort, a complex narcotics investigation, or to locate or rescue a kidnapped child, cell-site simulators fulfill critical operational needs.

    As with any law enforcement capability, the Department must use cell-site simulators in a manner that is consistent with the requirements and protections of the Constitution, including the Fourth Amendment, and applicable statutory authorities, including the Pen Register Statute. Moreover, any information resulting from the use of cell-site simulators must be handled in a way that is consistent with the array of applicable statutes, regulations, and policies that guide law enforcement in how it may and may not collect, retain, and disclose data.

    As technology evolves, the Department must continue to assess its tools to ensure that practice and applicable policies reflect the Department’s law enforcement and national security missions, as well as the Department’s commitments to accord appropriate respect for individuals’ privacy and civil liberties. This policy provides additional guidance and establishes common principles for the use of cell-site simulators across the Department.1 The Department’s individual law enforcement components may issue additional specific guidance consistent with this policy.

    This policy applies to the use of cell-site simulator technology inside the United States in furtherance of criminal investigations. When acting pursuant to the Foreign Intelligence Surveillance Act, Department of Justice components will make a probable-cause based showing and appropriate disclosures to the court in a manner that is consistent with the guidance set forth in this policy.


    Cell-site simulators, on occasion, have been the subject of misperception and confusion. To avoid any confusion here, this section provides information about the use of the equipment and defines the capabilities that are the subject of this policy.

    Basic Uses

    Law enforcement agents can use cell-site simulators to help locate cellular devices whose unique identifiers are already known to law enforcement, or to determine the unique identifiers of an unknown device by collecting limited signaling information from devices in the simulator user’s vicinity. This technology is one tool among many traditional law enforcement techniques, and is deployed only in the fraction of cases in which the capability is best suited to achieve specific public safety objectives.

    How They Function

    Cell-site simulators, as governed by this policy, function by transmitting as a cell tower. In response to the signals emitted by the simulator, cellular devices in the proximity of the device identify the simulator as the most attractive cell tower in the area and thus transmit signals to the simulator that identify the device in the same way that they would with a networked tower.

    A cell-site simulator receives and uses an industry standard unique identifying number assigned by a device manufacturer or cellular network provider. When used to locate a known cellular device, a cell-site simulator initially receives the unique identifying number from multiple devices in the vicinity of the simulator. Once the cell-site simulator identifies the specific cellular device for which it is looking, it will obtain the signaling information relating only to that particular phone. When used to identify an unknown device, the cell-site simulator obtains signaling information from non-target devices in the target’s vicinity for the limited purpose of distinguishing the target device.

    What They Do and Do Not Obtain

    By transmitting as a cell tower, cell-site simulators acquire the identifying information from cellular devices. This identifying information is limited, however. Cell-site simulators provide only the relative signal strength and general direction of a subject cellular telephone; they do not function as a GPS locator, as they do not obtain or download any location information from the device or its applications. Moreover, cell-site simulators used by the Department must be configured as pen registers, and may not be used to collect the contents of any communication, in accordance with 18 U.S.C. § 3127(3). This includes any data contained on the phone itself: the simulator does not remotely capture emails, texts, contact lists, images or any other data from the phone. In addition, Department cell-site simulators do not provide subscriber account information (for example, an account holder’s name, address, or telephone number).


    This policy guidance is intended only to improve the internal management of the Department of Justice. It is not intended to and does not create any right, benefit, trust, or responsibility, whether substantive or procedural, enforceable at law or equity by a party against the United States, its departments, agencies, instrumentalities, entities, officers, employees, or agents, or any person, nor does it create any right of review in an administrative, judicial, or any other proceeding.

    Cell-site simulators require training and practice to operate correctly. To that end, the following management controls and approval processes will help ensure that only knowledgeable and accountable personnel will use the technology.

    1. Department personnel must be trained and supervised appropriately. Cell-site simulators may be operated only by trained personnel who have been authorized by their agency to use the technology and whose training has been administered by a qualified agency component or expert.

    2. Within 30 days, agencies shall designate an executive-level point of contact at each division or district office responsible for the implementation of this policy, and for promoting compliance with its provisions, within his or her jurisdiction.

    3. Prior to deployment of the technology, use of a cell-site simulator by the agency must be approved by an appropriate individual who has attained the grade of a first-level supervisor. Any emergency use of a cell-site simulator must be approved by an appropriate second-level supervisor. Any use of a cell-site simulator on an aircraft must be approved either by the executive-level point of contact for the jurisdiction, as described in paragraph 2 of this section, or by a branch or unit chief at the agency’s headquarters.

    Each agency shall identify training protocols. These protocols must include training on privacy and civil liberties developed in consultation with the Department’s Chief Privacy and Civil Liberties Officer.


    The use of cell-site simulators is permitted only as authorized by law and policy. While the Department has, in the past, appropriately obtained authorization to use a cell-site simulator by seeking an order pursuant to the Pen Register Statute, as a matter of policy, law enforcement agencies must now obtain a search warrant supported by probable cause and issued pursuant to Rule 41 of the Federal Rules of Criminal Procedure (or the applicable state equivalent), except as provided below.

    As a practical matter, because prosecutors will need to seek authority pursuant to Rule 41 and the Pen Register Statute, prosecutors should, depending on the rules in their jurisdiction, either (1) obtain a warrant that contains all information required to be included in a pen register order pursuant to 18 U.S.C. § 3123 (or the state equivalent), or (2) seek a warrant and a pen register order concurrently. The search warrant affidavit also must reflect the information noted in the immediately following section of this policy (“Applications for Use of Cell-Site Simulators”).

    There are two circumstances in which this policy does not require a warrant prior to the use of a cell-site simulator.

    1. Exigent Circumstances under the Fourth Amendment

    Exigent circumstances can vitiate a Fourth Amendment warrant requirement, but cell-site simulators still require court approval in order to be lawfully deployed. An exigency that excuses the need to obtain a warrant may arise when the needs of law enforcement are so compelling that they render a warrantless search objectively reasonable. When an officer has the requisite probable cause, a variety of types of exigent circumstances may justify dispensing with a warrant. These include the need to protect human life or avert serious injury; the prevention of the imminent destruction of evidence; the hot pursuit of a fleeing felon; or the prevention of escape by a suspect or convicted fugitive from justice.

    In this circumstance, the use of a cell-site simulator still must comply with the Pen Register Statute, 18 U.S.C. § 3121, et seq., which ordinarily requires judicial authorization before use of the cell-site simulator, based on the government’s certification that the information sought is relevant to an ongoing criminal investigation. In addition, in the subset of exigent situations where circumstances necessitate emergency pen register authority pursuant to 18 U.S.C. § 3125 (or the state equivalent), the emergency must be among those listed in Section 3125: immediate danger of death or serious bodily injury to any person; conspiratorial activities characteristic of organized crime; an immediate threat to a national security interest; or an ongoing attack on a protected computer (as defined in 18 U.S.C. § 1030) that constitutes a crime punishable by a term of imprisonment greater than one year. In addition, the operator must obtain the requisite internal approval to use a pen register before using a cell-site simulator. In order to comply with the terms of this policy and with 18 U.S.C. § 3125,3 the operator must contact the duty AUSA in the local U.S. Attorney’s Office, who will then call the DOJ Command Center to reach a supervisory attorney in the Electronic Surveillance Unit (ESU) of the Office of Enforcement Operations.4 Assuming the parameters of the statute are met, the ESU attorney will contact a DAAG in the Criminal Division5 and provide a short briefing. If the DAAG approves, the ESU attorney will relay the verbal authorization to the AUSA, who must also apply for a court order within 48 hours as required by 18 U.S.C. § 3125. Under the provisions of the Pen Register Statute, use under emergency pen-trap authority must end when the information sought is obtained, an application for an order is denied, or 48 hours has passed, whichever comes first.

    3 Knowing use of a pen register under emergency authorization without applying for a court order within 48 hours is a criminal violation of the Pen Register Statute, pursuant to 18 U.S.C. § 3125(c).

    4 In non-federal cases, the operator must contact the prosecutor and any other applicable points of contact for the state or local jurisdiction.

    5 In requests for emergency pen authority, and for relief under the exceptional circumstances provision, the Criminal Division DAAG will consult as appropriate with a National Security Division DAAG on matters within the National Security Division’s purview.

    2. Exceptional Circumstances Where the Law Does Not Require a Warrant

    There may also be other circumstances in which, although exigent circumstances do not exist, the law does not require a search warrant and circumstances make obtaining a search warrant impracticable. In such cases, which we expect to be very limited, agents must first obtain approval from executive-level personnel at the agency’s headquarters and the relevant U.S. Attorney, and then from a Criminal Division DAAG. The Criminal Division shall keep track of the number of times the use of a cell-site simulator is approved under this subsection, as well as the circumstances underlying each such use.

    In this circumstance, the use of a cell-site simulator still must comply with the Pen Register Statute, 18 U.S.C. § 3121, et seq., which ordinarily requires judicial authorization before use of the cell-site simulator, based on the government’s certification that the information sought is relevant to an ongoing criminal investigation. In addition, if circumstances necessitate emergency pen register authority, compliance with the provisions outlined in 18 U.S.C. § 3125 is required (see provisions in section 1 directly above).


    When making any application to a court, the Department’s lawyers and law enforcement officers must, as always, disclose appropriately and accurately the underlying purpose and activities for which an order or authorization is sought. Law enforcement agents must consult with prosecutors6 in advance of using a cell-site simulator, and applications for the use of a cell-site simulator must include sufficient information to ensure that the courts are aware that the technology may be used.7

    6 While this provision typically will implicate notification to Assistant United States Attorneys, it also extends to state and local prosecutors, where such personnel are engaged in operations involving cell-site simulators.

    7 Courts in certain jurisdictions may require additional technical information regarding the cell-site simulator’s operation (e.g., tradecraft, capabilities, limitations or specifications). Sample applications containing such technical information are available from the Computer Crime and Intellectual Property Section (CCIPS) of the Criminal Division. To ensure courts receive appropriate and accurate information regarding the technical information described above, prior to filing an application that deviates from the sample filings, agents or prosecutors must contact CCIPS, which will coordinate with appropriate Department components.

    1. Regardless of the legal authority relied upon, at the time of making an application for use of a cell-site simulator, the application or supporting affidavit should describe in general terms the technique to be employed. The description should indicate that investigators plan to send signals to the cellular phone that will cause it, and non-target phones on the same provider network in close physical proximity, to emit unique identifiers, which will be obtained by the technology, and that investigators will use the information collected to determine information pertaining to the physical location of the target cellular device or to determine the currently unknown identifiers of the target device. If investigators will use the equipment to determine unique identifiers at multiple locations and/or multiple times at the same location, the application should indicate this also.

    2. An application or supporting affidavit should inform the court that the target cellular device (e.g., cell phone) and other cellular devices in the area might experience a temporary disruption of service from the service provider. The application may also note, if accurate, that any potential service disruption to non-target devices would be temporary and all operations will be conducted to ensure the minimal amount of interference to non-target devices.

    3. An application for the use of a cell-site simulator should inform the court about how law enforcement intends to address deletion of data not associated with the target phone. The application should also indicate that law enforcement will make no affirmative investigative use of any non-target data absent further order of the court, except to identify and distinguish the target device from other devices.


    The Department is committed to ensuring that law enforcement practices concerning the collection or retention8 of data are lawful, and appropriately respect the important privacy interests of individuals. As part of this commitment, the Department’s law enforcement agencies operate in accordance with rules, policies, and laws that control the collection, retention, dissemination, and disposition of records that contain personal identifying information. As with data collected in the course of any investigation, these authorities apply to information collected through the use of a cell-site simulator. Consistent with applicable existing laws and requirements, including any duty to preserve exculpatory evidence,9 the Department’s use of cell-site simulators shall include the following practices:

    8 In the context of this policy, the terms “collection” and “retention” are used to address only the unique technical process of identifying dialing, routing, addressing, or signaling information, as described by 18 U.S.C. § 3127(3), emitted by cellular devices. “Collection” means the process by which unique identifier signals are obtained; “retention” refers to the period during which the dialing, routing, addressing, or signaling information is utilized to locate or identify a target device, continuing until the point at which such information is deleted.

    9 It is not likely, given the limited type of data cell-site simulators collect (as discussed above), that exculpatory evidence would be obtained by a cell-site simulator in the course of criminal law enforcement investigations. As in other circumstances, however, to the extent investigators know or have reason to believe that information is exculpatory or impeaching they have a duty to memorialize that information.

    1. When the equipment is used to locate a known cellular device, all data must be deleted as soon as that device is located, and no less than once daily.

    2. When the equipment is used to identify an unknown cellular device, all data must be deleted as soon as the target cellular device is identified, and in any event no less than once every 30 days.

    3. Prior to deploying equipment for another mission, the operator must verify that the equipment has been cleared of any previous operational data.

    Agencies shall implement an auditing program to ensure that the data is deleted in the manner described above.


    The Department often works closely with its State and Local law enforcement partners and provides technological assistance under a variety of circumstances. This policy applies to all instances in which Department components use cell-site simulators in support of other Federal agencies and/or State and Local law enforcement agencies.


    Accountability is an essential element in maintaining the integrity of our Federal law enforcement agencies. Each law enforcement agency shall provide this policy, and training as appropriate, to all relevant employees. Periodic review of this policy and training shall be the responsibility of each agency with respect to the way the equipment is being used (e.g., significant advances in technological capabilities, the kind of data collected, or the manner in which it is collected). We expect that agents will familiarize themselves with this policy and comply with all agency orders concerning the use of this technology.

    Each division or district office shall report to its agency headquarters annual records reflecting the total number of times a cell-site simulator is deployed in the jurisdiction; the number of deployments at the request of other agencies, including State or Local law enforcement; and the number of times the technology is deployed in emergency circumstances.

    Similarly, it is vital that all appropriate Department attorneys familiarize themselves with the contents of this policy, so that their court filings and disclosures are appropriate and consistent. Model materials will be provided to all United States Attorneys’ Offices and litigating components, each of which shall conduct training for their attorneys.

    * * *

    Cell-site simulator technology significantly enhances the Department’s efforts to achieve its public safety and law enforcement objectives. As with other capabilities, the Department must always use the technology in a manner that is consistent with the Constitution and all other legal authorities. This policy provides additional common principles designed to ensure that the Department continues to deploy cell-site simulators in an effective, appropriate, and consistent way.

  • 14 Apr 2015 10:43 AM | Anonymous member (Administrator)





    v. CASE NO: 8:14-cr-379-T-36TGW




    This matter comes before the Court upon the Defendant’s Motion for an Evidentiary Hearing on Admission of Polygraph Evidence (Doc. 67). An evidentiary hearing was held on this matter on December 23, 2014. In the motion, Defendant sought a hearing on the admissibility of the polygraph evidence and a ruling on the admissibility of said evidence. Accordingly, the Court will construe Defendant’s Motion for an Evidentiary Hearing on Admission of Polygraph Evidence (Doc. 67) as a motion to determine the admissibility of the polygraph evidence under Federal Rule of Evidence 702. The Court, having considered the motion and being fully advised in the premises, will grant the Motion and permit the polygraph evidence to be admitted at trial.

    I. Background

    Defendant Angulo-Mosquera, a 53-year old deckhand and cook, was indicted on September 4, 2014 in the Middle District of Florida on charges related to the seizure of 1,700 kilograms of cocaine concealed on board a Ruleighter known as the "Hope II" in August 2014.

    Defendant Angulo-Mosquera is a Colombian national with no known criminal record in any country. He has never before been in the United States. Defendant Angulo-Mosquera denies any knowledge of the drugs found concealed on the Hope II and any involvement of any kind in the illegal drug trade.

    After several lengthy interviews by counsel with the assistance of a court-certified interpreter (also from Colombia), Defendant Angulo-Mosquera agreed to submit to a polygraph examination administered by James Orr, a former special agent for the FBI with extensive experience in administering polygraph examinations on behalf of the United States government. According to Mr. Orr, the examination results indicated that there was no deception on the following relevant questions:

    1. Did you know those drugs were on that ship before the Coast Guard boarded the ship? Answer: No.

    2. Did you know those drugs were on the Hope II before the Coast Guard boarded that ship? Answer: No.

    3. Did you know those drugs were on that ship before the Coast Guard found them in August? Answer: No.

    Doc. 67 at p. 2; Doc. 67-1 at p. 4. Mr. Angulo-Mosquera answered “No” to all three questions. Raskin Dec. ¶ 38.

    Defendant Angulo-Mosquera plans to testify in his own defense at trial and requests that the results of the polygraph examination be admitted into evidence to corroborate his testimony. The Government objects arguing that polygraph examinations are just “one step above” junk-science and are “not suitable for juror consumption.” TR at 46:15-24, 49:16-17. The results of the polygraph examination, if admitted at trial, would be presented through expert witness testimony. Thus, on December 23, 2014, the Court held an evidentiary hearing to determine the admissibility of the polygraph evidence and expert testimony regarding same, under Federal Rule of Evidence 702 (“Rule 702”) and Daubert v. Merrell Dow Pharmaceuticals, Inc., 509 U.S. 579 (1993).

    At the hearing, Defendant Angulo-Mosquera presented the testimony of Dr. David C. Raskin, who for 44 years has conducted laboratory and field research on polygraph techniques for the detection of deception, taught university courses about polygraph techniques, trained government and law enforcement polygraph examiners, and published extensively on polygraph techniques, regarding the reliability of polygraph examinations in general and the examination in this case specifically.

    II. Standard of Review

    The Eleventh Circuit has held that polygraph evidence may be admitted to impeach or corroborate witness testimony at trial. See United States v. Piccinonna, 885 F.2d 1529, 1535 (11th Cir. 1989) (en banc); United States v. Gilliard, 133 F.3d 809, 811-12 (11th Cir. 1998).

    In Piccinonna, the [Eleventh Circuit] fashioned a novel approach to the admissibility of polygraph evidence. The decision to change the legal landscape was based on the Court's view that advances in the science of polygraph have greatly increased the reliability of the tests and consequently reduced many of the prejudicial effects. The Eleventh Circuit outlined two situations where polygraph evidence may be admitted. Id. at 1536. The first instance is stipulated polygraph evidence. The second instance, the one most relevant for the purposes of the instant case, is polygraph evidence used to impeach or corroborate the testimony of a witness at trial.

    The Court stated that polygraph evidence may be used to impeach or corroborate, subject to three preliminary requirements. First, the party planning to use the evidence must provide sufficient notice to the opposing party. Second, the opposing party must be given a reasonable opportunity to have its own expert administer a polygraph examination which is materially similar to the previously taken examination. Third, the admissibility of evidence is subject to the relevant provisions of the Federal Rules of Evidence, specifically, Fed. R. Evid. 608 and 702.

    United States v. Crumby, 895 F. Supp. 1354, 1357 (D. Ariz. 1995). See also United States v. Henderson, 409 F.3d 1293, 1301-1302 (11th Cir. 2005). District courts have discretion regarding whether to admit polygraph evidence in a particular case. See id. Both the Eleventh Circuit and the U.S. Supreme Court have held that “reasonable judges can disagree over the reliability of polygraph methodology.” Id. at 1303. Thus, it is incumbent on district courts to review the evidence presented and determine admissibility under Rule 702.

    Rule 702 compels district courts to perform a “gatekeeping” function, an exacting analysis of the foundations of expert opinions to ensure they meet the standards for admissibility under the rule. United States v. Frazier, 387 F.3d 1244, 1260 (11th Cir. 2004) (citations and quotations omitted). This requirement is to ensure the reliability and relevancy of expert testimony. Kumho Tire Co., Ltd. v. Carmichael, 526 U.S. 137, 152 (1999).

    Thus, in determining the admissibility of expert testimony under Rule 702, courts must engage in a rigorous three-part inquiry, determining whether:

    (1) the expert is qualified to testify competently regarding the matters he intends to address; (2) the methodology by which the expert reaches his conclusions is sufficiently reliable as determined by the sort of inquiry mandated in Daubert; and (3) the testimony assists the trier of fact, through the application of scientific, technical, or specialized expertise, to understand the evidence or to determine a fact in issue.

    Frazier, 387 F.3d at 1260 (citations omitted). “While there is inevitably some overlap among the basic requirements – qualification, reliability, and helpfulness – they remain distinct concepts and the courts must take care not to conflate them.” Id. It is the proponent of expert testimony who bears “the burden to show that his expert is qualified to testify competently regarding the matters he intended to address; the methodology by which the expert reached his conclusions is sufficiently reliable; and the testimony assists the trier of fact.” Id. (citations and internal quotations omitted).

    The Supreme Court has stated that, in order for a trial judge to determine whether the expert is proposing to testify to scientific knowledge that will assist the trier of fact to understand or determine a fact in issue, this entails “a preliminary assessment of whether the reasoning or methodology underlying the testimony is scientifically valid and of whether that reasoning or methodology properly can be applied to the facts in issue.” Daubert v. Merrell Dow Pharmaceuticals, Inc., 509 U.S. 579, 592-93 (1993). Some factors that bear on this inquiry are:

    1) whether the expert’s theories, methods or techniques can be or have been tested;

    2) whether the technique, method, or theory has been subject to peer review and publications;

    3) whether the known or potential rate of error of the technique when applied is acceptable; and

    4) whether the technique, method, or theory has been generally accepted in the scientific community.


    Daubert, 509 U.S. at 593-94. The Supreme Court was clear, however, that this was not a definitive or exhaustive list and was intended to be applied in a flexible manner. Id.; see also United Fires and Casualty Co. v. Whirlpool Corp., 704 F.3d 1338, 1341 (1999). The focus is on the scientific validity and the evidentiary relevance and reliability of the principles and methodology underlying a proposed submission. Daubert, 509 U.S at 594-95.

    III. Discussion

    There is no argument here that the Government lacked sufficient notice or a reasonable opportunity to have its own polygraph expert administer a test covering substantially the same questions. Thus, this Court must determine whether the Federal Rules of Evidence allow admission of this evidence at trial. See Henderson, 409 F.3d at 1301-1302. Dr. Raskin’s testimony supported all of the Daubert factors, and no evidence was presented by the United States to challenge or contradict that testimony.

    A. The expert’s theories, methods or techniques can be and have been tested.


    First, Dr. Raskin testified that there are dozens of scientific studies with regard to polygraph examinations. TR at 5:22 – 6:1; Raskin Dec. ¶¶ 12-16. In his Declaration, Dr. Raskin describes laboratory research studies and field studies that have been used to test the accuracy of polygraph examinations. Raskin Dec. ¶ 11. These studies and publications indicate that a properly performed polygraph examination has a 90% accuracy rate. TR at 6:16-20. The studies also show that the risk of a person who is lying passing the test (false negative) is less likely than a person who is telling the truth failing the test (false positive). TR at 9:15-23. An extensive study by the Department of Defense supports the accuracy and reliability of polygraph exams. TR at 11:3 - 12:6; Raskin p. 29. Accordingly, Defendant has shown that polygraphy can be and has been scientifically tested.

    B. The technique has been subject to peer review and publications.


    Polygraphs have also been the subject of numerous peer-reviewed publications. TR at 6:6-20; Raskin Dec. ¶¶ 12-16, and 21. Dr. Raskin cited numerous articles written and published in peer reviewed journals such as the Journal of Applied Psychology, the Journal of General Psychology, and the Journal of Police Science Administration. See Raskin Dec. at p. 6-10. Thus, the Court finds that polygraphy has been subjected to sufficient peer review and publication. See also Crumby, 895 F. Supp. at 1359.

    C. The known or potential rate of error of the technique when applied is acceptable.


    As previously discussed, the error rates are less than 10% based on the studies cited by Dr. Raskin. This error rate is certainly acceptable under Daubert. See id. at 1360 (citing John A. Podlesny and David C. Raskin, Effectiveness of Techniques and Physiological Measures in the Detection of Deception, Vol. 15 No. 4 Psychophysiology (1978); David C. Raskin, et. al., Recent Laboratory and Field Research on Polygraph Techniques in J.C. Yuille (ed.), Credibility Assessment (1989); David C. Raskin, et. al., A Study of the Validity of Polygraph Examinations in Criminal Investigation, Final Report to the National Institute of Justice).

    D. The technique has been generally accepted in the scientific community.

    Dr. Raskin testified that several “carefully constructed surveys” indicate that there is a high degree of acceptance for polygraph examinations within the scientific community. TR at 7:15 – 8:1. Moreover, all major federal law enforcement agencies use polygraphs in their investigative process and Dr. Raskin has been involved in training federal agents to conduct polygraph examinations. TR at 6:24 – 7:5, 10:1 – 11:2. Thus, the Defendant has shown that polygraphy is generally accepted in the relevant scientific community.

    E. The testimony will be helpful to the jury.

    The primary evidence in Defendant’s case will be his own testimony. The results of the polygraph examination and the expert testimony regarding that examination could help the jury make a credibility determination regarding that testimony. Accordingly, the evidence will be helpful to the jury.

    The Government expressed concern that jurors would be overly persuaded by the results of the polygraph. However, Dr. Raskin testified that studies have shown that jurors consider polygraph examination results as they would any other piece of evidence, they do not give it any extra weight and are often cautious with such evidence. TR at 8:2-15; Raskin Dec. ¶¶ 22-25. Dr. Raskin’s testimony on this issue was not challenged. Furthermore, juries are regularly presented with complex, conflicting, and persuasive evidence and trusted to weigh all evidence presented appropriately before reaching a verdict. The Court will not presume that the jury is incapable of evaluating evidence appropriately without some evidence to support that claim.

    F. The Government did not present any evidence to contradict or call into question Dr. Raskin’s testimony.

    The Government did not present any evidence or testimony at the hearing to contradict Dr. Raskin’s testimony. Instead, the government relied solely on the cross-examination of Dr. Raskin, which it aimed at calling into question the results of the polygraph examination conducted in this case. The Government attempted to show that the Defendant’s responses to the relevant questions were in fact untrue because the Defendant had previously been subject to arrest on another ship that was also carrying illegal drugs. The Government’s questioning was unconvincing, as that prior event had no relevance to the polygraph examination conducted here. It was clear that the questions asked in this particular polygraph examination were aimed at this most recent incident, and that this context was explained to the Defendant prior to the test being administered. Additionally, the Government presented no evidence of the prior incident which appears to have been an arrest only, with no conviction. There is no evidence before the Court that the Defendant had knowledge of illegal substances on the prior ship and, in fact, no evidence that such illegal substances were present.

    The Government placed significant emphasis on the holding in United States v. Scheffer, 523 U.S. 303 (1998). The Scheffer case involved a constitutional challenge to an executive order that prohibited the admission of polygraph evidence in the proceedings of courts martial. The Supreme Court held that the executive order did not violate the constitution. This holding, however, is irrelevant to the instant inquiry. Nothing in the Scheffer order has any effect on the admissibility of polygraph evidence in civilian courts. The Supreme Court did not categorically reject the admissibility of polygraph evidence but, instead, held that military defendants did not have a constitutionally protected right to admit such evidence in military courts.

    The Government then suggested that this Court should use other courts’ criticisms of polygraph evidence to discredit Dr. Raskin’s testimony. However, as noted by the Defendant, this Court does not know what kind of evidence was before the courts in those other cases. TR at 58:1-18. Here, the only evidence presented supports the admissibility of the polygraph examination under Rule 702 and Daubert. Furthermore, the case law does not uniformly support exclusion. See, e.g., United States v. Padilla, 908 F. Supp. 923 (S.D. Fla. 1995) (holding that as long as defendant only attempted to introduce evidence of her polygraph examination to corroborate or impeach a witness' testimony at trial, the polygraph was admissible. The polygraph was relevant, and its probative value was not substantially outweighed by its prejudicial effect. The test was conducted with sufficient scientific rigor to conclude that it may assist the trier of fact in determining whether defendant's confession was, in fact, induced through impermissible coercion.).

    With regard to the test administered in this case, Dr. Raskin testified that the polygraph examination conducted here by Mr. Orr was of high quality, using a “Utah Probable Lie Comparison Question Test.” TR at 15:5-25; Raskin Dec. ¶ 37. Dr. Raskin found the results reported by Mr. Orr to be correctly reported. TR at 15:25 – 16:2. Mr. Orr’s qualifications, which have not been challenged, are extensive and are primarily bestowed by the United States’ Government. See Doc. 67-2 at p. 3-6. Mr. Orr was an agent with the Federal Bureau of Investigation (“FBI”) where he was trained to administer polygraph examinations and then did so, on behalf of the Government, for over a decade. Id. at p. 3. In 1999 Mr. Orr graduated from the Department of Defense Polygraph Institute in Alabama. Id. In 2005 Mr. Orr transferred to Florida so that he could lead the local polygraph division for the FBI. Id. Mr. Orr held that position until his retirement in 2011, at which time he began his own business conducting polygraph examinations and providing expert testimony. Id. Mr. Orr is also an instructor at the Academy of Polygraph Science in Fort Myers, Florida. Id.

    Thus, the Court finds the polygraph evidence to be admissible at trial to either impeach or corroborate witness testimony. Further specifics regarding the admission of the polygraph evidence will be determined at the time of trial. Accordingly, it is hereby

    ORDERED that Defendant’s Motion for an Evidentiary Hearing on Admission of Polygraph Evidence (Doc. 67), construed as a motion to determine the admissibility of the polygraph evidence under Federal Rule of Evidence 702, is GRANTED. The Defendant may present the polygraph evidence, through expert testimony, to corroborate or impeach witness testimony at the trial in this matter.


    DONE AND ORDERED in Tampa, Florida on April 9, 2015.

    (Signed) Charlene Edwards Honeywell

                 United States District Judge

    Copies to:

    Counsel of Record and Unrepresented Parties, if any

  • 16 Feb 2015 2:46 PM | Anonymous member (Administrator)

    Promoting Economic Competitiveness While Safeguarding Privacy, Civil Rights, and Civil Liberties in Domestic Use of Unmanned Aircraft Systems - February 15, 2015

    Today the White House issued a Presidential Memorandum to promote economic competitiveness and innovation while safeguarding privacy, civil rights, and civil liberties in the domestic use of Unmanned Aircraft Systems (UAS).

    This Presidential Memorandum builds on efforts already underway to integrate UAS into the national airspace system (NAS).  The Federal Aviation Administration has authorized the testing of UAS at six sites around the country in December 2013 as part of its efforts to safely integrate UAS into the NAS, as required by the Federal Aviation Administration Modernization and Reform Act of 2012.

    UAS are a potentially transformative technology in diverse fields such as agriculture, law enforcement, coastal security, military training, search and rescue, first responder medical support, critical infrastructure inspection, and many others.

    The Administration is committed to promoting the responsible use of this technology, strengthening privacy safeguards and ensuring full protection of civil liberties.

    The Presidential Memorandum released today ensures that the Federal Government’s use of UAS takes into account these important concerns and in service of them, promotes better accountability and transparent use of this technology, including through the following:

    First, the Presidential Memorandum requires Federal agencies to ensure that their policies and procedures are consistent with limitations set forth in the Presidential Memorandum on the collection and use, retention, and dissemination, of information collected through UAS in the NAS.

    Second, the Presidential Memorandum requires agencies to ensure that policies are in place to prohibit the collection, use, retention, or dissemination of data in any manner that would violate the First Amendment or in any manner that would discriminate against persons based upon their ethnicity, race, gender, national origin, religion, sexual orientation, or gender identity, in violation of law.

    Third, the Presidential Memorandum includes requirements to ensure effective oversight.

    Fourth, the Presidential Memorandum includes provisions to promote transparency, including a requirement that agencies publish information within one year describing how to access their publicly available policies and procedures implementing the Presidential Memorandum.

    Fifth, recognizing that technologies evolve over time, the Presidential Memorandum requires agencies to examine their UAS policies and procedures prior to the deployment of new UAS technology, and at least every three years, to ensure that protections and policies keep pace with developments.

    Consistent with these objectives, the Presidential Memorandum additionally requires the Department of Commerce, through the National Telecommunications and Information Administration, and in consultation with other interested agencies, to initiate a multi-stakeholder engagement process within 90 days to develop a framework for privacy, accountability, and transparency issues concerning the commercial and private use of UAS in the NAS.

  • 16 Feb 2015 2:37 PM | Anonymous member (Administrator)

    White House Summit on Cybersecurity and Consumer Protection-February 13, 2015

    As a nation, the United States has become highly digitally dependent.  Our economy, national security, educational systems, and social lives have all become deeply reliant on cyberspace.  Our use of digital networks provides a platform for innovation and prosperity and a means to improve general welfare around the country and around the globe, driving unparalleled growth. But this dependency also creates risks that threaten national security, private enterprises and individual rights. It is a threat not just here in the United States, but one that everyone, everywhere who is connected to cyberspace faces.

    On February 13, the President is convening leaders from throughout the country who have a stake in bolstering cybersecurity – from industry, tech companies, and consumer and privacy advocates to law enforcement, educators, and students.  Participants will discuss opportunities to spur collaboration and develop partnerships in the cybersecurity and consumer financial worlds to share best practices, promote stronger adherence to security standards, improve cyber threat information sharing, and encourage the adoption of more secure payment technologies. 

    This Summit comes at a crucial point.  The President has been committed to strengthening our Nation’s cybersecurity since the beginning of his Administration and we have made significant progress.  Yet, cyber threats to individuals, businesses, critical infrastructure and national security have grown more diffuse, acute, and destructive. Despite improvements in network defense, cyber threats are evolving faster than the defenses that counter them. Malicious actors ranging from sophisticated nation states to common criminals to hacktivists take advantage of the anonymity, reach, and broad range of effects that cyberspace offers. Because of the interconnected nature of the Internet, no one is isolated from these threats. We are at an inflection point, both domestically and internationally, and now is the time to raise the call for greater collective action.

    Public and Private Commitments

    Cybersecurity is a shared responsibility.  The Federal government has the responsibility to protect and defend the country and we do this by taking a whole-of-government approach to countering cyber threats. This means leveraging homeland security, intelligence, law enforcement, and military authorities and capabilities, which respectively provide for domestic preparedness, criminal deterrence and investigation, and our national defense.   Yet much of our nation’s critical infrastructure and a diverse array of other potential targets are not owned by the Federal government.  The Federal government cannot, nor would Americans want it to, provide cybersecurity for every private network.  Therefore, the private sector plays a crucial role in our overall national network defense.   To that end, both the Federal government and the private are announcing key commitments today. 

    The Cybersecurity Framework

    In 2013, the President signed an Executive Order on Critical Infrastructure Cybersecurity which resulted in the development of the Cybersecurity Framework, released on February 12, 2014.  In taking a risk management approach, the Framework recognizes that no organization can or will spend unlimited amounts on cybersecurity.  Instead, it enables a business to make decisions about how to prioritize and optimize its cybersecurity investments. The Framework also offers a flexible benchmarking tool for a wide range of organizations. For organizations that don’t know where to start, the Framework provides a roadmap. For organizations that are already sophisticated, the Framework offers a yardstick to measure against – and to use in communicating with partners and suppliers. Finally, the Framework creates a common vocabulary that can be used to effectively communicate about cyber risk management. The Framework is emerging as an important tool for technologists to communicate with organizational leaders on managing cyber risks. We have been encouraged by industry use of the Framework, and we will continue to promote its broad uptake both within the government and across the private sector.  Today, the following corporations are announcing a commitment to using the Framework.

    • Intel is releasing a paper on its use of the Framework and requiring all of its vendors to use the Framework by contract.
    • Apple is incorporating the Framework as part of the broader security protocols across its corporate networks.
    • Bank of America will announce that it is using the Framework and will also require it of its vendors.
    • U.S. Bank and Pacific Gas & Electric are announcing that they are committed to using the Framework.
    • AIG is starting to incorporate the NIST framework into how it underwrites cyber insurance for large, medium-sized, and small businesses and will use the framework to help customers identify gaps in their approach to cybersecurity.
    • QVC is announcing that it is using the Cybersecurity Framework in its risk management.
    • Walgreens is announcing its support for the Cybersecurity Framework and that it uses it as one of its tools for identifying and measuring risk.
    • Kaiser Permanente is committing to use the Framework.

    Information Sharing

    Today the President is also signing an Executive Order to encourage and promote the sharing of cybersecurity threat information within the private sector and between the private sector and Federal government. Rapid information sharing is an essential element of effective cybersecurity because it ensures that U.S. companies work together to respond to threats, rather than operating alone. This Executive Order lays out a framework for expanded information sharing designed to help companies work together with the federal government to quickly identify and protect against cyber threats.  From removing barriers, to helping to improve the delivery of timely and relevant intelligence to the private sector, to advocating for needed legislation, the President is committed to improving information sharing and collaboration with the private sector. 

    The following organizations will also be making commitments today:        

    • The Cyber Threat Alliance (including Palo Alto Networks and Symantec, Intel Security, and Fortinet) will announce that its new cyber threat sharing partnership is starting to build best practices and standards consistent with the new information sharing Executive Order.
    • The Entertainment Software Association is announcing the creation of a new information sharing and analysis organization that will be built consistent with the new information sharing Executive Order.
    • Crowdstrike is announcing that it will form an information sharing and analysis organization.
    • Box is announcing that it will participate in the standards-development process for ISAOs, and that it will explore ways to use the Box platform to enhance collaboration among ISAOs.
    • FireEye is launching its “Information Sharing Framework,” which allows FireEye customers to receive threat intelligence in near-real-time, and provides anonymized threat indicators 

    Secure Payment Technologies

    In October 2014, the President signed an Executive Order to advance consumer financial protection and launched the Buy Secure Initiative.  Today, the following organizations will announce new commitments to promote more secure payment technologies.

    • Visa is committing to tokenization – substituting credit card numbers with randomly generated tokens for each transaction - by the end of the 1st quarter of 2015.
    • MasterCard will invest more than $20 million in new cybersecurity tools, including the deployment of Safety Net, a new security solution that will reduce the risk of large-scale cyber attacks. 
    • Apple, Visa, MasterCard, Comerica Bank and U.S. Bank are committed to working together to make Apple Pay, a tokenized, encrypted service, available for users of federal payment cards, including DirectExpress and GSA SmartPay cards.
    • Square is working with the Small Business Administration to roll out an education program aimed at convincing small business to adopt more secure payment technologies.
    • The Financial Services Roundtable and the Retail Industry Leaders Association, on behalf of a partnership of 19 associations, are jointly announcing today the release of two papers to enhance collaboration in the development of technology standards and principles for the development of next generation technologies that minimize the value of payments information if it is stolen or lost.  

    Multi-Factor Authentication

    In order to replace the password as our primary means of security online, we must have new technologies that combine greater security and convenience.  This technology moves beyond usernames and passwords to employ multiple security steps to better ensure a person is who they say they are. 

    Through the National Strategy for Trusted Identities in Cyberspace, the US Government has invested more than $50 million over the past four years to advance this market in partnership with the research and development community and technology firms.  

    The following companies are announcing new initiatives to advance multi-factor authentication:

    • Intel is releasing a new authentication technology that will not rely on a password, but will instead employ other technologies, such as biometrics.
    • American Express is announcing rollout of new multi-factor authentication technologies for their consumers.
    • MasterCard, in partnership with First Tech Credit Union, will announce that they will implement a new pilot later this year that will allow consumers to authenticate and verify their transactions using a combination of unique biometrics such as facial and voice recognition. 
    • In September of last year, CloudFlare enabled more than a million of its customers' Web sites to support Universal SSL--for free.  Now, they are taking another step to secure the Web by enabling every CloudFlare customer to support DNSSEC, the open standard for authenticating domain names, by the end of the year. 

    Credit Score Transparency – A number of leaders in the financial services industry will be making credit scores more readily available to all Americans, improving consumers’ awareness of credit health, and providing them a tool to identify major shifts in their credit score – a key first sign of identity theft.

    • In partnership with FICO, Nationstar will join the growing list of firms making credit scores available for free to their customers by the end of the year

    Call for Legislative Action

    The government and private sector have made significant commitments to advance cybersecurity and consumer protection.   While we applaud Congress for successfully passing several pieces of important cybersecurity legislation last year, we still need Congress to pass key cybersecurity legislation.  To support that call for action, last month the President sent our updated cybersecurity legislative proposal to Congress. 

    Enabling Cybersecurity Information Sharing: The Administration’s updated proposal promotes better cybersecurity information sharing between the private sector and government and enhances collaboration and information sharing amongst the private sector.  Specifically, the proposal encourages the private sector to share appropriate cyber threat information with the Department of Homeland Security’s National Cybersecurity and Communications Integration Center (NCCIC), which will then share it with relevant federal agencies and with private sector-developed and operated Information Sharing and Analysis Organizations (ISAOs), by providing targeted liability protection for companies that share information.

    The legislation also encourages the formation of private-sector led Information Sharing and Analysis Organizations.  The Administration’s proposal safeguards Americans’ personal privacy by requiring private entities to comply with certain privacy restrictions such as removing unnecessary personal information and taking measures to protect any personal information that must be shared to qualify for liability protection.  The proposal further requires the Department of Homeland Security and the Attorney General, in consultation with the Privacy and Civil Liberties Oversight Board and others, to develop receipt, retention, use, and disclosure guidelines for the federal government’s sharing of cyber threat indicators.  Finally, the Administration intends this proposal to complement and not to limit existing effective relationships between government and the private sector.  These existing relationships between law enforcement and other federal agencies are critical to the cybersecurity mission.

    Modernizing Law Enforcement Authorities to Combat Cyber Crime: Law enforcement must have appropriate tools to investigate, disrupt and prosecute cyber crime.  The Administration’s proposal contains provisions that would allow for the prosecution of the sale of botnets, criminalize the overseas sale of stolen U.S. financial information like credit card and bank account numbers, expand federal law enforcement authority to deter the sale of spyware used to stalk or commit identity theft, and give courts the authority to shut down botnets engaged in distributed denial of service attacks and other criminal activity.  It also reaffirms important components of the Administration’s 2011 cyber legislative proposals to update the Racketeering Influenced and Corrupt Organizations Act (RICO), a key law used to prosecute organized crime, so that it applies to cybercrimes, clarifies penalties for computer crimes, and makes sure these penalties are in line with other similar non-cyber crimes.  Finally, the proposal modernizes the Computer Fraud and Abuse Act by ensuring that insignificant conduct does not fall within the scope of the statute, while making clear that it can be used to prosecute insiders who abuse their ability to access information to use it for their own purposes.

    National Data Breach Reporting: State laws have helped consumers protect themselves against identity theft while also encouraging business to improve cybersecurity.  These laws require businesses that have suffered an intrusion to notify consumers if consumers’ personal information has been compromised.  The Administration’s updated proposal helps businesses and consumers by simplifying and standardizing the existing patchwork of 46 state laws (plus the District of Columbia and several territories) that contain these requirements into one federal statute, and by putting in place a single clear and timely notice requirement to ensure that companies notify their employees and customers about security breaches.

    Moving Forward

    The Cybersecurity Summit marks a milestone in our Nation’s efforts to strengthen its cyber defenses.  It provides an opportunity to discuss what we have accomplished to date and to highlight immediate commitments that the Federal government and the private sector are making to improve the security of cyberspace.   However, in cybersecurity, we can never rest on past achievements.  Therefore, even as we and the private sector make good on these commitments, we need to keep moving forward.   We will continue to focus on strengthening the defenses of our critical infrastructure and government networks, improving our ability to disrupt, respond to, recover from, and mitigate malicious cyber activity, enhance our international cooperation, and shape the future of cyberspace to be inherently more secure.  And we look forward to doing this in close collaboration with our private sector partners.

  • 12 Feb 2015 12:19 PM | Anonymous member (Administrator)

    Private Investigators Indicted In E-Mail Hacking Scheme

    DOJ Release: U.S. Attorney's Office - Northern District of California

    SAN JOSE, CA –  Nathan Moser, Peter Siragusa, AKA Bobby Russo, Carlo Pacileo, Trent Williams, and Sumit Gupta, AKA Sumit Vishnoi, were charged with crimes related to a conspiracy to access the e-mail accounts, Skype accounts, and computers of people opposing Moser’s and Siragua’s clients’ in civil lawsuits, announced United States Attorney Melinda Haag and Federal Bureau of Investigation Special Agent in Charge David J. Johnson.

    A federal grand jury indicted Moser, 41, of Menlo Park, Calif.; Siragusa, 59, of Novato, Calif.; Pacileo, 44, of El Segundo, Calif.; Williams, 24, of Martinez, Calif.; and Gupta, 26, of Jabalapur, India, on January 15, 2015, charging them with one count of Conspiracy, in violation of 18 U.S.C. § 1030(b), six counts of Accessing a Protected Computer and Obtaining Information, in violation of 18 U.S.C. § 1030(a)(2)(C), and two counts of Interception of Electronic Communications, in violation of 18 U.S.C. § 2511(1)(a). The indictment was unsealed in court in San Jose, Calif., yesterday.

    According to the Indictment, Moser was a private investigator and owner of Moser and Associates in Menlo Park. Siragusa was also a private investigator and owner of Siragusa Investigations in Novato. Although Moser and Siragusa operated separate businesses, they often assisted in each other’s investigations. The Indictment further alleges that Williams and Gupta were computer hackers hired by Moser and Siragusa to access the e-mail accounts, Skype accounts, and protected computers of individuals without authorization. Pacileo was the director of security for ViSalus, a network marketing company based in Los Angeles and one of Moser’s clients.

    The Indictment alleges that the object of the defendants’ conspiracy was to obtain information that would assist Moser’s and Siragusa’s clients, including Pacileo, in the clients’ lawsuits. According to the indictment, once retained by a client, Moser and Siragusa would hire Williams and Gupta, among others, to hack into the victims’ e-mail accounts, Skype accounts, and protected computers. In addition to that conduct, the defendants allegedly installed and used a keylogger—a tool that intercepts and logs the particular keys struck on a keyboard in a covert manner so that the person using the keyboard is unaware that his or her actions are being monitored—to obtain information that would assist Moser’s and Siragusa’s clients.

    According to the Indictment, Ocean Avenue, a network marketing company based in South Jordan, Utah, was a competitor of ViSalus that had hired several former ViSalus employees. As a result, ViSalus initiated a civil lawsuit against Ocean Avenue employees. Pacileo hired Moser to investigate Ocean Avenue.  Moser allegedly enlisted Siragusa to assist with the investigation, and together they hired hackers to illegally obtain information to assist in the lawsuit.

    Moser, Siragusa, and Williams made their initial appearances in San Jose yesterday before the Honorable Paul S. Grewal, U.S. Magistrate Judge. Moser was released on a $100,000 bond, with his wife signing as surety and custodian. Moser’s next hearing is scheduled for identification of counsel today before Judge Grewal.  Siragusa was released pending the filing of a $100,000 secured bond on or before February 20, 2015. His next hearing is scheduled for February 23, 2015, at 1:30 p.m. before the Honorable Edward J. Davila, U.S. District Judge, in San Jose. Williams, who remains in custody, has a detention hearing scheduled for February 13, 2015, at 1:30 p.m., before Judge Grewal.

    Pacileo made his initial appearance in Los Angeles before the Honorable Ralph Zarefsky, U.S. Magistrate Judge, and was released pending the filing of a $25,000 secured bond on or before February 13, 2015. His next hearing is scheduled for February 23, 2015 before Judge Davila.

    An arrest warrant has been issued by the court for Gupta, who is believed to be in India. FBI Agents in San Jose are working with the FBI office in New Delhi, India, to secure Gupta’s prosecution.

    The maximum statutory penalty for a violation of 18 U.S.C. § 1030(b) is 5 years custody, 3 years supervised release, and a fine of $250,000.  The maximum statutory penalty for each violation of 18 U.S.C. § 1030(a)(2)(C) is 10 years custody, 3 years supervised release, and a fine of $250,000.  The maximum statutory penalty for each violation of 18 U.S.C. § 2511(1)(a) is 5 years custody, 3 years supervised release, and a fine of $250,000. However, any sentence will be imposed by the court only after consideration of the U.S. Sentencing Guidelines and the federal statute governing the imposition of a sentence, 18 U.S.C. § 3553.

    Matt Parrella and Michelle Kane are the Assistant U.S. Attorneys who are prosecuting the case with the assistance of Elise Etter. The prosecution is the result of an investigation by the FBI.

    Updated February 11, 2015
  • 18 Dec 2014 7:39 PM | Anonymous member (Administrator)

    A December 18, 2014 article "German researchers discover a flaw that could let anyone listen to your cell calls" by Craig Timberg of The Washington Post should be reviewed by investigative and security professionals. He points out that German researchers discovered security flaws that could allow hackers, spies and criminals listen to private phone calls and intercept text messages on a potentially massive scale – even when cellular networks are using the most advanced encryption presently available.

    The flaws, reported at a hacker conference in Hamburg this month, are the latest evidence of widespread insecurity on SS7, the global network that allows the world’s cellular carriers to route calls, texts and other services to each other. Experts say it’s increasingly clear that SS7, first designed in the 1980s, is riddled with serious vulnerabilities that undermine the privacy of the world’s billions of cellular customers.

    The flaws are actually functions built into SS7 for other purposes – such as keeping calls connected as users speed down highways, switching from cell tower to cell tower – that hackers can repurpose for surveillance because of the lax security on the network.

    Those skilled at the myriad functions built into SS7 can locate callers anywhere in the world, listen to calls as they happen or record hundreds of encrypted calls and texts at a time for later decryption. There also is potential to defraud users and cellular carriers by using SS7 functions, the researchers say. (The term is short for Signaling System 7 and replaced previous networks called SS6, SS5, etc.)

    These vulnerabilities continue to exist even as cellular carriers invest billions of dollars to upgrade to advanced 3G technology aimed, in part, at securing communications against unauthorized eavesdropping. But even as individual carriers harden their systems, they still must communicate with each other over SS7, leaving them open to any of thousands of companies worldwide with access to the network. That means that a single carrier in Congo or Kazakhstan, for example, could be used to hack into cellular networks in the United States, Europe or anywhere else.

    “It’s like you secure the front door of the house, but the back door is wide open,” said Tobias Engel, one of the German researchers. He is founder of Sternraute, who with Karsten Nohl, chief scientist for Security Research Labs, separately discovered these security weaknesses as they studied SS7 networks in recent months, after The Washington Post reported the widespread marketing of surveillance systems that use SS7 networks to locate callers anywhere in the world. The Post reported that dozens of nations had bought such systems to track surveillance targets and that skilled hackers or criminals could do the same using functions built into SS7.

    The researchers did not find evidence that their latest discoveries, which allow for the interception of calls and texts, have been marketed to governments on a widespread basis. But vulnerabilities publicly reported by security researchers often turn out to be tools long used by secretive intelligence services, such as the National Security Agency or Britain’s GCHQ, but not revealed to the public.

    “Many of the big intelligence agencies probably have teams that do nothing but SS7 research and exploitation,” said Christopher Soghoian, principal technologist for the ACLU and an expert on surveillance technology. “They’ve likely sat on these things and quietly exploited them.”

    The GSMA, a global cellular industry group based in London, did not respond to queries seeking comment about the vulnerabilities that Nohl and Engel have found. For the Post’s article in August on location tracking systems that use SS7, GSMA officials acknowledged problems with the network and said it was due to be replaced over the next decade because of a growing list of security and technical issues.

    The German researchers found two distinct ways to eavesdrop on calls using SS7 technology. In the first, commands sent over SS7 could be used to hijack a cell phone’s “forwarding” function -- a service offered by many carriers. Hackers would redirect calls to themselves, for listening or recording, and then onward to the intended recipient of a call. Once that system was in place, the hackers could eavesdrop on all incoming and outgoing calls indefinitely, from anywhere in the world.

    The second technique requires physical proximity but could be deployed on a much wider scale. Hackers would use radio antennas to collect all the calls and texts passing through the airwaves in an area. For calls or texts transmitted using strong encryption, such as is commonly used for advanced 3G connections, hackers could request through SS7 that each caller’s carrier release a temporary encryption key to unlock the communication after it has been recorded.

    Nohl on Wednesday demonstrated the ability to collect and decrypt a text message using the phone of a German senator, who cooperated in the experiment. But Nohl said the process could be automated to allow massive decryption of calls and texts collected across an entire city or a large section of a country, using multiple antennas.

    “It’s all automated, at the push of a button,” Nohl said. “It would strike me as a perfect spying capability, to record and decrypt pretty much any network… Any network we have tested, it works.”

    Those tests have included more than 20 networks worldwide, including T-Mobile in the United States. The other major U.S. carriers have not been tested, though Nohl and Engel said it’s likely at least some of them have similar vulnerabilities. (Several smartphone-based text messaging systems, such as Apple’s iMessage and Whatsapp, use end-to-end encryption methods that sidestep traditional cellular text systems and likely would defeat the technique described by Nohl and Engel.)

    In a statement, T-Mobile said: “T-Mobile remains vigilant in our work with other mobile operators, vendors and standards bodies to promote measures that can detect and prevent these attacks."

    The issue of cell phone interception is particularly sensitive in Germany because of news reports last year, based on documents provided by former NSA contractor Edward Snowden, that a phone belonging to Chancellor Angela Merkel was the subject of NSA surveillance. The techniques of that surveillance have not become public, though Nohl said that the SS7 hacking method that he and Engel discovered is one of several possibilities.

    U.S. embassies and consulates in dozens of foreign cities, including Berlin, are outfitted with antennas for collecting cellular signals, according to reports by German magazine Der Spiegel, based on documents released by Snowden. Many cell phone conversations worldwide happen with either no encryption or weak encryption.

    The move to 3G networks offers far better encryption and the prospect of private communications, but the hacking techniques revealed by Nohl and Engel undermine that possibility. Carriers can potentially guard their networks against efforts by hackers to collect encryption keys, but it’s unclear how many have done so. One network that operates in Germany, Vodafone, recently began blocking such requests after Nohl reported the problem to the company two weeks ago.

    Nohl and Engel also have discovered new ways to track the locations of cell phone users through SS7. The Post story, in August, reported that several companies were offering governments worldwide the ability to find virtually any cell phone user, virtually anywhere in the world, by learning the location of their cell phones through an SS7 function called an “Any Time Interrogation” query.

    Some carriers block such requests, and several began doing so after the Post’s report. But the researchers in recent months have found several other techniques that hackers could use to find the locations of callers by using different SS7 queries. All networks must track their customers in order to route calls to the nearest cellular towers, but they are not required to share that information with other networks or foreign governments.

    Carriers everywhere must turn over location information and allow eavesdropping of calls when ordered to by government officials in whatever country they are operating in. But the techniques discovered by Nohl and Engel offer the possibility of much broader collection of caller locations and conversations, by anyone with access to SS7 and the required technical skills to send the appropriate queries.

    “I doubt we are the first ones in the world who realize how open the SS7 network is,” Engel said.

    Secretly eavesdropping on calls and texts would violate laws in many countries, including the United States, except when done with explicit court or other government authorization. Such restrictions likely do little to deter criminals or foreign spies, say surveillance experts, who say that embassies based in Washington likely collect cellular signals.

    The researchers also found that it was possible to use SS7 to learn the phone numbers of people whose cellular signals are collected using surveillance devices. The calls transmit a temporary identification number which, by sending SS7 queries, can lead to the discovery of the phone number. That allows location tracking within a certain area, such as near government buildings.

    The German senator who cooperated in Nohl’s demonstration of the technology, Thomas Jarzombek of Merkel’s Christian Democratic Union party, said that while many in that nation have been deeply angered by revelations about NSA spying, few are surprised that such intrusions are possible.

    “After all the NSA and Snowden things we’ve heard, I guess nobody believes it’s possible to have a truly private conversation on a mobile phone,” he said. “When I really need a confidential conversation, I use a fixed-line" phone.

  • 10 Jul 2014 1:34 PM | Anonymous member (Administrator)

    In light of ongoing revelations regarding the NSA and the action of the German government on July 10, 2014 to have the US CIA station chief in Berlin recalled, below is ProPublica's article Here's One Way to Land on the NSA's Watch List: If you downloaded the privacy software Tor in 2011, you may have been flagged to be spied on by Julia Angwin and Mike Tigas.

    Last week, German journalists revealed that the National Security Agency has a program to collect information about people who use privacy-protecting services, including popular anonymizing software called Tor. But it's not clear how many users have been affected.

    So we did a little sleuthing, and found that the NSA's targeting list corresponds with the list of directory servers used by Tor between December 2010 and February 2012 – including two servers at the Massachusetts Institute of Technology. Tor users connect to the directory servers when they first launch the Tor service.

    The revelations were among the first evidence of specific spy targets inside the United States. And they have been followed by yet more evidence. The Intercept revealed this week that the government monitored email of five prominent Muslim-Americans, including a former Bush Administration official.

    It's not clear if, or how extensively, the NSA spied on the users of Tor and other privacy services.

    After the news, one of Tor's original developers, Roger Dingledine, reassured users that they most likely remained anonymous while using the service: "Tor is designed to be robust to somebody watching traffic at one point in the network – even a directory authority." It is more likely that users could have been spied on when they were not using Tor.

    For its part, the NSA says it only collects information for valid foreign intelligence purposes and that it "minimizes" information it collects about U.S. residents. In other words, NSA may have discarded any information it obtained about U.S. residents who downloaded Tor.

    However, according to a recent report by the Privacy and Civil Liberties Oversight Board, the NSA's minimization procedures vary by program. Under Prism, for example, the NSA shares unminimized data with the FBI and CIA.

    In addition, the NSA can also later search the communications of those it has inadvertently caught in its Prism dragnet, a tactic some have called a " backdoor" search. It's not clear if similar backdoors exist for other types of data such as IP addresses.

    In response to the Tor news, the NSA said it is following President Obama's January directive to not conduct surveillance for the purpose of "suppressing or burdening criticism or dissent, or for disadvantaging persons based on their ethnicity, race, gender, sexual orientation, or religion."

    [Disclosure: Mike Tigas is the developer of an app that uses Tor, called the Onion Browser.]

    We updated our chart of NSA revelations to include monitoring of privacy software.



Powered by Wild Apricot. Try our all-in-one platform for easy membership management