Wednesday, April 5, 2017

Smart police station

As per the directives by Rajnath Singh, the Ministry of Home Affairs has decided to allocate specific funds for setting up of SMART police stations in each state shortly and will work towards the founding of more SMART police stations during the next financial year.

A concept of Prime Minister Narendra Modi, SMART police stations (S-Sensitive and Strict; M-Modern with mobility; A- Alert and Accountable; R- Reliable and Responsive; T- Trained and Techno-savvy) will seek to be also the primary point of interaction between citizens and the police.

Among the suggested features of a SMART police station are basic amenities for visitors, including a waiting area, toilets and drinking water; rest room for constables, including separate room for women constables; natural lighting and ventilation, CCTV, record room, communication room for wireless, computers, and so on; and automated kiosks for filing of complaints by the public

While the concept of SMART is certainly smart but is thinking on correct track? Most of components suggested are of a "model" police station rather than "smart". First as has been common with all indian schemes ( for schools, roads, tourism) its main focus seems to be hard infrastrucutre. Nothing wrong with it but what private firms call "non linear" growth should be the paradigm here.

A typical refrain one often hears is we are so and so number short of policemen. Basis? Data from developed nations. What is assumed here is that we have similar crime patterns, geogrpahical distribution of population & more importantly same efficiency of police forcce both on individual as well as unit level (i.e. police station) as developed nations which is not supported by any research whatsoever.

Sensitive & strict should mean that each complaint should be looked into;and people not shooed away & strict means once it is established that crime has taken place, police should be relentless in pursuing criminals & seeing to it that they meet justice. In USA it is not uncommon to hear about reversal of homicide or rape convictions done years ago after new forensic methods like DNA have come into vogue. In Indian police stations once the chargesheet is filed or culprits arrested very little attention is paid to witness protection or good upkeep of record.

Waiting room with basic amenities for visitors is good idea but what happens to their small complaints? Lets go back to Muzzafarnagar riots. Starting point was eve teasing of a girl who complained to her brothers about it who took matter in their hand. Why did the girl or her brothers did not feel that they should go to local police first? A sensitive police would mean first point of contact should be trained in listening to complainant.A transparent & time bound escalation mechanism where CO,SPP, DIG, IG are easily accesible using technology and not in "darbar" fashion which is in vogue nowadyas will ensure sensitive policing.
Often a poor person comes with little land where he has dispute with some neighbour or relative. Instead of washing hands by saying its civil matter, a sensitive police officer would connect him to free legal aid cell of district or probation officer so that he can initiate civil proceedings. Marital disputes likewise should be referred to NGOs working in the domain.A biweekly meeting of relevant functionaries of district & local administration with police will go in long way in making dispensation of justice sensitive than "marking" of complaints from one office to other

It is also necessary that an apparatus for prosecution is created parallel to police apparatus i.e. police station, circle, district & range level. As one of my seniors used to say to make sure a criminal meets his creator five links in criminal justice chain should remain intact i.e. complainant, witness, Investigating officer or IO, public prosecuotr & Judge. A criminal needs to manage just one of five elements i.e. either scare away witness, bribe any of above five, public prosecutor may lose interest with time or complainant go weary i.e. why each SMART police station should have a wing looking after prosecution.

M stands for Modern with mobility. It will be instructive to see fuel allocations for police station jeeps in North Indian states. An SHO is almost always expected to manage almost everything.A time and motion studies of activities being done at a Police station both in terms of man hours as well physical resources like fuel, stationery, power, bandwidth is must. Especially in rural area where distances are large & its not advisable to go alone or on two wheeler, an SHO has to come twice or thrice to district HQ for meetings. Sometimes SHO spends full day just to get a remand from court or submit some document. Why? Video confrencing is exclusive preserve of higher officials & conference call on telelphone or computer so common in multinational companies working across geographies are taboo in Indian babudom.
Mobility should not merely mean buying vehicles with higer horse power or RPM but it should also mean improving response time. After getting a complaint on phone or from control room how many minutes it takes to scramble the response team? How much time it takes to reach spot? Unless these KRAs are introduced we will end up buying vehicles & gadgets only.

A stands for alert & accountable. Right now YoY crime figures, time taken to investigate a case or chargesheet filed & no of cases succesfully traced are broad parameters on which Police brass is measured. Recently Delhi police went for free FIR & there is a famous "jalpaiguri" experiment in record books.It would be interesting to note roughly 1/3rd of FIRs today are registered on direction of court.Imagine a poor person from village has to hire a lawyer, go to a city court two-three times just to get a complaint registered!! This needs to be stopped.

Complainant can always be informed via sms of the progress of his/her case & similarly witnesses of date of their deposition. By suitable changes in law & taking judiciary on board statements of witnesses can be recorded even before filing of chargesheet as later they might turn hostile or it may be cumbersome for them to depose. Imagine a road accident on noida expressway or a theft in a train, a witness if assured that he/she will not be troubled after few months or years to go to that place & depose will be willing to tell what has transpired. As things are today there is no such assurance so finding a witness is biggest concern for police.
Accountable should also mean that how many chargesheets are resulting in conviction. This is crucial as this is dependent on quality of investigation, right procedure being followed, chain of custody being maintained, timely & correct fornesic tests being conducted. But a tortoise paced judicial system of India means that it is next to impossible to evaluate an officer on this parameter as many of cases investigated by him will not go to hearing itself for a year or two & final judgmenet may well take 5-6 years.

R stands for reliable & responsive. How many times one has called 100 number & found a busy tone. Do all control rooms have phones with caller ID so that they can call back if a caller is not able to contiue the call due to distress? Are ambulance avaialble at call or paramedics available at control room?Is it guaranteed that there will always be a doctor at hospital to treat a victim of accident or a magistrate to give custoady of minor offendor or expelled woman to right government instiutions.Is there incident registering & monitoring sytem where any transgression from ideal is being captured, documented & analysed periodically with corrective action being taken. This & especially availability of magistrate is a reason why hold out states (MP,UP & Bihar) should also adopt commissionarate system to improve responsiveness of system.

T stands for trained & tech savy.Have we defined like private sector minimum number of days each policeman/woman should undergo training every year? Whatever training constabulary receives is on initiative of a senior officer who may not be there always.Every few years there is no audit of future requirments of skill sets & training of current forces accordingly.This is not to suggest it does not happen but it is neither insitutionalised nor strucutured.

To sum it all after a long time we have a government which is not afraid to tread a new path.But are we sure we are treading a new path or just going in circles.
If SMART police station is only about hard infrastructure without process efficieny or business process reengineering it may not yield its full potential.
In passing it would be great if states resist temptation of setting up model PS in capital cities or urban areas.It would be wonderful if MP has SMART police station in Bhind or Murena, UP in Badayun or Tamilnadu in caste war infested Ramnad.

Sunday, March 26, 2017

UP Police & Yogi


My wish list for UP Police from new government...
Very first step is enough police force, there are few steps for this
Regular recruitment of 3000-4000 constables every year, this makes sure they are trained properly & training capacity is sufficient for training
This also minimises chances of malfesance in recruitment which often happens in case of mass recruitment. Look at this for example
Around 22,500 police constables were recruited during 2004-2006 in the biggest ever recruitment drive for state forces during the previous Mulayam Singh Yadav regime. After the Bahujan Samaj Party (BSP) government was voted to power in 2007, chief minister Mayawati ordered an inquiry into the recruitments following allegations of large scale irregularities in short listing of selected candidates. As a result, recruitment of more than 18,000 jawans of UPP and the Provincial Armed Constabulary (PAC) and police radio department were cancelled.
The single-member inquiry committee of the then additional director general of police (ADG) SK Mishra appointed by the state government had found shocking instances of candidates being awarded grace marks for no rhyme and reason merely to help them qualify the written exam and rampant use of fake mark-sheets and certificates by candidates to meet the minimum requirement for recruitment. Not only this, it was found that the interview boards had cleared hundreds of candidates within hours time to the extent that each candidate spent only a few seconds to clear the interview - something which was practically impossible.
All the officers accused in this case have been since rehabilitated e.g. Sunil Gupta who is now IG. It is must that all such faulty recrutiments are cancelled. CBI inquiry in this even at this stage is must to root out corruption from public life and police.
It should be completely transparent as to how many constables are retirirng every year and how many are needed, at least for next 10 years this can be made online so that discretion of future governments is removed.
So called good officers from field should be made to opt for training centres for a posting of 2 yrs by paying 30% extra, right now training centres are place of dejected, discarded officers this should be reversed.
Castes & social groups which have very few representation in police should be encouraged to apply & interview boards sensitised to prefer them. Same thing for districts which have very less representation in police. It is very important to have a representative lower constabulary than one dominated by one caste group or district.
 From every serving personnel in police his caste, block of domicile should be asked & a matrix be made. Then prioity blocks identified which see most crime and/or are most poor. It should be a policy decision to award extra marks to candidates from these areas.
Once Police force is representative and is not dominated by yadavs or jats only , intelligence gathering of police will improve dramatically & crimes will reduce. A quota of 10% for muslims can also be thought of inside OBC quota, which will dent the Yadav dominance.
Training of constabulary in sof skills, cyber crime, forensic science is necessary via phase 2 , phase 3 training
For constabulary, random allocation of duties at district level should be introduced.
Tendency to provide gunner to people closed to ruling party should be curbed. even in small districts 60-80 constables are doing this duty while largest police station of district may not have that much force
⦁Young homeguards should be given a chance to appear in constable test with some relaxations, this will encourage them to do better.

UP is a large cadre with lots of officers. Officers from other states should be brought on deputation only in exceptional cases & not routine.
There is a premium posed on so called field postings. To obviate this for all officers, IPS, PCS & inspector rank a 10 yr plan should be made where numbers to spent in field postings, in HQ postings, In non field postings & in PAC are divided based on number of posts of each in total cadre. e.g. if out of 500 posts for IPS in UP, 70 are from PAC, 100 from HQ, 130 non field (intelligence, telecom, ATS etc) & 200 so called field , an officer can spend only (200/500) i.e. 40% of career in so called field posts (with relaxation of 10%).
This will reduce jockeying for posts & also make available good and motivated officers for hitherto neglected area of policing.
Promotion of state services officers is slow it should be speeded up but strictly only for those who maintain good reputation and are honest, not automatice promotion for everyone.
Even if central govt does not do, UP govt can on its own introduce post specific extra pay, where officers posted on high stress posts are paid extra so that any motive for corruption is nipped in bud.
Check DysPs, Inspectors and sub inspectors who have spent more than stipulated time in a district or range should be transferred
At least half of thanas should be headed by inspector level officers. THis is a rule which has been violated by impunity since many years. This is not good for morale of police & had rank and command issue when one of SIs becomes boss of his peers.
Border scheme should be rethought. It creates discontent among constables as they dont get leaves easily. New recruits can be posted in border districts & after 10 yrs if they want can be posted in home district as well but not in home circle. This will take care of stree prevalent among constabulary. But sub inspector & above, specially DySPs should be kept away from home as far as possible.
An index to measure effectiveness of district SPs need to be devised, which should not be traditional measure which promotes burking & non reporting rather efforst at preventing crime should also be rewarded. Victimisation survey of populace should be done regularly. Similar transparent objective index for SHOs can be devised. For this a committee of retired IPS, SPS & inspector level officers can be formed to be headed by some IPS from outside state.
A standard operating procedure in case of cross religion & cross community elopment cases should be followed & strictly implemented. Past cases of such violence should be opened one at a time at each police station and cuplrits identified and prosecuted.
Meat factories should be permitted in transparent way only & only on need based. Old ones should be regulated as per norms of pollution, no of animals killed, health , sanitation, labour safety. Many a times lower functionaries let such places have a free run by taking bribes , this should be severely curtailed
Vigilance, CBCID & Lokayukta should be strengthened. Many old cases are effectively lying in doldrums since years, they shoud be pursued vigorously. Distarict branches of vigilance should be strenghtened to stem local level corruption in PWD, education & health department. 
Forencsic labs should be strengthend. Lead time is currently 3-4 months, all efforts should be made to reduce it. Each circle should have a forensic van. Instead of mindlessly recruting more constables this will help police and crime detection more. Similarly trained sniffer dogs should be provided at every police station with handler.
For women safety, 1090 should be strengthended. Many districts had shakti mobile but not many SPs take interest in that, it should be revived. Female constables from districts should be sent on deputation to 1090. SPs should be given target that at 12 in night female students should feel free to roam out in city, then only real women safety has been achieved.
CCTV cameras after geo spatial mapping of crime should be deployed. Instead of each district police doing it independently, statewide some 1 lakh camera a year should be installed & made sure that they dont stop working after few months. Many district polie are buying gps & cammers independently and they are not functioning due to maintenance budget. For a year period remove all taxes on cctv cameras to encourge business to buy them, this will control theft to a large extent.
Mining policy especially for sand and minor minerals should be relooked into & reationalised by giving more lease proportional to demand - as its major source of corruption. Mining department is den of corruption. separate recrutiment for mmining, RTO & excise should be stopped and people from other govertnment departments like education, police, revenues, power who have clean record should be sent there on deputation.
Number of judges should be increased & testimony by video conferencing should be encouraged to fasten the speed with which cases are solved. THis is specially true for lower courts where state government has control. Further all lawyers who have cases against them should be reported to bar council to cancel license
Put end to armed dacoity in kithore of delhi highway or bulandshahar stretch close to delhi
Put end to e waste mafia in moradabad
Put end to vehic scrap industry in meerut and sambhal. It breeds mafia.
Strict action against all past cases of attacks on police
strict control of "nakal" mafia in board exams
Make 100 number strong, and respond to public grievances & SPs should be judged on effectiveness of 100 number rather than illusiory crime figures.
A separate sc/st thana in each district on the lines of mmahila thana to deal with cases of atrocities against SC
Since its a 3/4 majority, legislations can be made to increase punishment for currency counterfeiting
Strictly control and regulate construction of new religious places
Grant more lease of sand mining to kill the mafia and earn revenue
Taxation on liquor same as neighboutin states to prevent smuggling and liquor mafia
In towns of tourist & religious significance, like agra, mathura, benara,s lucknow, allahabad etc, tourism police should be formes. Tourist police station of Agra can serve as a model.
Control and regulate e rickshaw for traffic woes. In many towns they have become a menace. Political consideration or corruption should not allow unchecked proliferation of same.
Make govt hospitals, chc and phc responsive especially SOP in case of medico legal cases. Doctors who help people in getting false cases should be prosecuted severely.
Improve capacity of Jails, few can be outsources as well. Involve NGOs in a big way to improve them
Child homes are breeding ground of crime instead of reformation , need to be revamped thoroughly. If required involve private parties in manageing them or religious ngos
In SP offices some 10-15 cells are there and many people are stffed there e.g. DCRB has 5-8 people everywhere, there is osmmething called summon cell, SC/ST cell, women cell etc , all this should be rationalised and number fixed at lucknow for three categories of districts large, medium, small with power to IG to increase by 1 in case od requirement.
Many local people have been given police protection wich they dont need and also whcih means huge force is wasted in such fruitless efforts
Giving polie for codutcting exams should be stopped, private schools asked to hire their own security guards for same
Similarly organisers of various social , religious congregations should be asked to pay for police deploymment

Wednesday, March 15, 2017

Examiner of Electronic Evidence

Detailed article from this site

In a move to facilitate speedy prosecution of cybercrime and financial fraud cases, the government recently announced that it would appoint Examiner of Electronic Evidence (EEE) under section 79A of the IT Act 2000, to authenticate electronic evidences in the court. With the appointment of EEE, the government aims at eliminating the present hurdles in collecting, analyzing and proving digitalevidences in the court of law.
Since digital forensics is a crucial element in the cybercrime investigations, cyber security analysts expect that EEE will improve the present state of digital forensics mechanism in India. However, scarcity of manpower, lack of infrastructure and awareness are the major hurdles EEE will have to overcome for ensuring justice to victims.
Significance Of Digital Forensics
Every crime has some aspect of digital, which sometimes is a vital link in the investigation. With the growing sophistication of cybercrimes, the traditional methods of investigation are no longer helpful in prosecution. Digital forensics is specialized investigative science, where specialized cyber forensic investigators identify, acquire, maintain, analyse and report the digital evidences.
Digital evidence aids in cases such as online fraud, harassment, IP theft, ID theft, hacking, pornography, malware attacks and many more, where incriminating documents are likely to be found on the victim’s or the suspect’s computer. However, for electronic evidence to be legally admissible in court, investigators need to follow proper legal procedures in recovering and analysing data from computer systems.
“There are various aspects associated with digital forensics like network forensics, memory forensics, file system forensics, mobile forensics, operating system forensics, browser forensics, email analysis, log analysis, disk imaging, establishing timeline of occurrence of events, identifying indicators of compromise and many more which need to be carried out in order to find substantial evidences that can be presented in court of law”, said Rohit Goel, Information Security Analyst, Tata Consultancy Services.
State Of Digital Forensic Labs In India
Despite of an exponential growth in the cybercrimes, the current state of cybercrime investigation mechanism is in a vulnerable state in India. Government forensic labs are presently over-burdened and in spite of good round the clock work of staff; pendency is growing every passing day. Also, as technology advances, these labs need to be updated on a real time basis. On the other hand, there are few private labs established in India for Cyber forensics assisting activities, but they are not approved by the government and hence not contributing significantly in the mainstream activities. Since there is no approval from the government to these private labs, cyber experts and agencies mostly find it impracticable to invest in such labs.
Cybercrime is happening across India, however, presently only a few cities have proper cyber forensic labs to assist police machinery. This results in huge pendency of cybercrime investigations. Secondly shortage of funds is another major cause of concern for LEA’s. Therefore, cybercrime experts voice for cyber forensics labs not only in metros and cities, but in every district and town, where internet penetration is high and IT infrastructure is strong.
Challenges In Obtaining Digital Evidences
Though digital evidences form a major component in the cybercrime crimes, there are several obstacles in collecting the evidences and prove it in the court of law. The collection and analysis of massive data generated from multiple devices, is the biggest challenge in front of the investigation agencies. Encryption is another hurdle in terms of retrieving the information from encrypted devices. Today, organizations highly leverage cloud for data storage. In such scenario, an absence of a cooperation treaty between the two countries makes investigation difficult.
“The police often does faulty investigation or collect the evidence wrongly that creates loopholes. Private digital forensics without court prior permission also makes a very weak case. Secondly, digital evidence is volatile and storing digital evidence in courts is a challenge as it can become useless after 3-4 years”, said advocate Prashant Mali, President of Cyber Law Consulting.
Most significantly, the dearth of trained manpower and lack of awareness about digital evidences creates hurdles in the cybercrime investigations. “Lack of proper knowledge about collection of digital evidence is a major hindrance. Again, lack of training of LEA’s about 65B is very crucial and many times good investigation suffers on part of procedural lapses as mandated under section 65B. Use of the many freeware tools also hampers evidentiary value of the investigation”, said Advocate Mahendra Limaye, Cyber Legal Consultant.
Will EEE Speed Up Investigation?
Advocate Limaye believes that the collaboration between private and public agencies will serve the purpose of establishment of EEE in a much efficient way. “Electronic Evidence Examiner (EEE) will share the burden on existing set up and speed up the investigation procedure. But as per my knowledge government is looking only to those agencies which are from government sectors. Private players are again presently eliminated from this procedure. I firmly believe that we need a huge Private, Public Partnership in this movie”, Lima said.
The significance of Digital evidence in cybercrime investigation is immense. However, the potential of digital forensics is presently not appropriately understood by Law enforcement agencies. Goel said that EEE will independently verify the authenticity of the evidence and that will eliminate the loopholes in the process facilitating speedy and unbiased investigation.
“Due to the fragility and sensitivity of the electronic evidence, the police are currently requesting court for permission to send the electronic evidence to a forensic lab for expert opinion. The establishment of various EEE organizations would speed up the proceedings of the court as any of the legal entities can, not mandatory, approach these EEE directly at the investigation step, to verify the authenticity of the evidence and submit the evidence u/s 65B of Indian Evidence Act”, Goel said.  
Acknowledging the importance of digital forensics in cybercrime investigations, the government has taken a very crucial step to appoint EEE. However, it has taken almost 9 years for government to take a move after the IT Act was amended to mandate appointment of such examiners in 2008. The history says many crucial initiatives lies only on paper and does not reflect in actual implementation. Industry experts expect that considering the gravity of current cybercrime scenario in the country, the government should speed up the procedures and come up with viable mechanism for cybercrime investigations, which will encourage victims to report the crimes. 


relevant section of IT act reads like this

45A. Opinion of Examiner of Electronic Evidence.-When in a proceeding, the court has to form an opinion on any matter relating to any information transmitted or stored in any computer resource or any other electronic or digital form, the opinion of the Examiner of Electronic Evidence referred to in section 79A of the Information Technology Act, 2000(21 of 2000)., is a relevant fact. Explanation.--For the purposes of this section, an Examiner of Electronic Evidence shall be an expert.
link to  a pilot scheme of govt of India is here
section 79 A under which this is being done reads like this




Monday, March 6, 2017

Friday, December 16, 2016

facial recognition

a good article detailing why facial recognition does not work in real life

in india , though, we are yet to have a database of mugshots

Thursday, November 24, 2016

Police Procurement

Why police need to strategically plan for technology procurement

Police agencies need to assess whether it makes sense to implement a new technology solution using in-house resources

A group of U.S. law enforcement practitioners, from chiefs to IT personnel, met at the 123rd annual International Association of Chiefs of Police Conference to discuss how today’s technology solutions and requirements are shaping 21st century policing. This PoliceOne roundtable, sponsored by CDW-G, shed light on current issues agencies are experiencing when navigating the technology landscape.
Most police leaders realize that keeping up with the latest and greatest technology  can be difficult. From software to hardware, there are an abundance of solutions available to agencies. Although keeping up with it all can seem daunting, the wealth of options is generally a good thing for law enforcement. The plethora of technology gives agencies the opportunity to search for the best solution to meet their business requirements, demand high-quality solutions, review different solutions from multiple vendors to make an informed decision and ultimately negotiate the best price.
Participants also agreed that law enforcement agencies may need to accept that they may not have the in-house expertise to take on the administrative oversight of the new solution after it’s implemented, which likely includes data storage, infrastructure and cybersecurity demands.
Due diligence in technology purchasing
It is incumbent on law enforcement agencies to perform their due diligence before any technology procurement. In some cases this is not ideal because of budget or resource constraints, but failure to do so may result in a significant financial loss or data breach without the correct resources and security requirements.
Part of the due diligence process for technology procurement includes, at a minimum, learning from other agencies that deployed the current version of the solution, conducting a needs assessment, documenting those needs, identifying and documenting agency business requirements, examining FBI CJIS requirements and reviewing state and federal legislative requirements.
For larger-scale technology projects, this process also typically includes:
•    issuing a request for information or request for qualifications 
•     inviting vendors for in-person demonstrations 
•    developing and releasing a request for proposal 
•    inviting a smaller group of vendors back for additional demonstrations and questions 
•    reviewing RFP responses 
•    selecting a vendor 
•    finalizing contract negotiations 
•    issuing an award 
•    developing test scenarios 
•    system testing 
•    allowing time for break/fix cycles 
•    developing and administering policies 
•    implementing the solution to all users 
•    delivering training 
•    administering and maintaining the technology program
Law enforcement agencies need to keep all of the above in mind and  assess whether it makes sense to implement a new solution using in-house resources. The alternative to assigning a police officer to oversee an IT implementation is to consider outsourcing this undertaking to experts who have backgrounds as IT business analysts, computer scientists or systems analysts.
During the PoliceOne roundtable, there was an overall consensus that police officers are trained and charged to be police. They are not trained to be IT business or systems analysts. This consensus emphasizes the understanding this group of law enforcement professionals has about the complexities of IT and the responsibilities that go along with overseeing IT.
Technology realities for law enforcement
Technology changes daily. This constant reality impacts law enforcement on multiple levels. Existing software an agency currently has will be updated at some point.
Software updates are often a blessing and a curse. On the positive side, law enforcement agencies now have a new version with some likely bug fixes and backend or frontend improvements. On the flipside, continual software updates may impact an agency’s CJIS requirements, legal requirements, data management, training and infrastructure.
There will always be a new solution available and a likely update or new version during its lifecycle. Given this, agencies need to be confident that the technology they are exploring and considering procuring actually meets their current and likely future business needs and requirements in order for it to be successfully implemented. This necessary burden falls on each individual law enforcement agency, but it’s a necessary reality that all agencies must plan for and factor.
21st century constraints
There are significant financial, personnel and infrastructure constraints agencies should consider when exploring a new solution. The most common financial constraint is underestimating the level of effort — personnel time — for a successful implementation. Every month an IT project is delayed, there is a cost associated with implementation, as well as the officers being unable to use the new solution to do their jobs more efficiently and more effectively. Every time there is a software update needed after implementation, there is a potential cost for retraining personnel and managing unintended consequences due to the updates.
A shared personnel constraint is often the lack of in-house expertise for effectively managing a year-long or large-scale technology program implementation. Beyond daily IT project management requirements, the roundtable group also discussed the general lack of knowledge among law enforcement leaders about cybersecurity and how to prevent, respond and recover from possible cyberattacks targeting law enforcement agencies and personnel.
Law enforcement agencies realize they do not have the infrastructure to store massive amounts of data. With the emergence of video technology, from body-worn cameras to facial recognition software, the amount of data that needs to be retained based on state statute is exorbitant. During the roundtable, the group collectively expressed concerns that data management is a constant issue. Data retention schedules impact storage capacity. FOIA requests for data are on-going and growing. Data security requirements are always changing.
In addition to financial, personnel and infrastructure constraints, the law enforcement participants also highlighted that there are often legislative constraints from data retention policies to data privacy considerations. Every state has different guidelines on record retention, FOIA requests and data release. There was a consensus among the group that legislation is behind the curve and technology case law is still being established.
Today’s reality and the future 
Law enforcement agencies are making significant progress accepting the rapid advancements of technology. Today, most agencies agree that sharing law enforcement data locally, regionally, state-wide and nationally is important to combat crime. This wasn’t the case 20 years ago when every agency held data closely.
Now, we’re seeing a new paradigm shift. Law enforcement agencies are recognizing and accepting that they do not have the financial, personnel or infrastructure to keep up with technology updates and comply with legal, CJIS and cybersecurity requirements. As a result, agencies are increasingly looking to outsource several of these requirements.
Given the reality that technology will continue to evolve, new cybersecurity threats will continue to emerge and police officers are not trained to be computer scientists or IT project managers, it is time for law enforcement agencies to think and strategically plan how they will continue to advance their department to effectively manage technology in the 21st century.

About the author

Heather is the Senior Editor of PoliceOne and CorrectionsOne. She has been working with law enforcement and public safety for over 15 years. She understands that although agencies have similar operations and missions, every agency is unique when it comes to their standard operating procedures, business requirements and communities they serve.
In her spare time, she volunteers as Executive Director at the International Public Safety Association. Prior to joining Praetorian Digital, Heather worked on projects supporting several state and federal agencies. She also spent a few years working at the IACP. Heather earned her Master's degree from Arizona State University and her Bachelor's at Indiana University, both in Criminology. Heather currently calls Arizona home.

Thursday, October 20, 2016

russian us cyber war..lessons for india

e basic facts about Russia’s election-year hacking of the American political system are clear. For more than a year, the Russian government has repeatedly infiltrated the computers of both parties’ presidential campaigns to steal data and emails to influence the outcome of the election. In response, the Obama administration has promised a “proportional” response against Russia.
What’s much less clear is what a “proportional” response could mean. This is an unprecedented situation for the American national security establishment — which means the Obama administration’s response will set a precedent for future foreign-directed cyber-plots.
The first thing the U.S. government will have to determine is whether the Russian actions rise to the level of an attack — something that would require a direct U.S. response. There are many examples of cyber-infiltration that fall short of that designation, qualifying rather as nuisance activities or even garden-variety espionage. The activities in question, however, cross an important political and operational threshold by attempting to influence the American public on behalf of one of the candidates for the presidency. Most egregiously, the release of internal Clinton campaign emails violates a wide variety of U.S. laws, and the potential release of material related to her email server investigation late in the campaign season could have extraordinary impact on the election.
These are actions that affect the heart of the U.S. democratic process. They may not exhibit physical damage of the sort that we saw in North Korea’sattack on Sony Pictures, which did millions of dollars of damage to hardware. But the political and symbolic meaning of Russia’s actions nonetheless elevate them to something requiring a response.
When an attack has been identified, the next step is to attribute it — to determine whom to hold responsible. U.S. intelligence officials seem to have already done this, at least to the satisfaction of the White House. But it’s worth remembering that attribution is especially challenging in the world of cyber-conflict. The Russians have managed to cling to a veneer of deniability, at least in public, by relying on a clever pattern of cut-out agents, ranging from Russian cyber-criminals to WikiLeaks founder Julian Assange. This is a version of the hybrid warfare we’ve seen used so effectively in the attacks in Ukraine and the annexation of Crimea — essentially using the cyber-equivalent of the unmarked soldiers (so-called little green men) that led the fight into Ukraine.
After attribution, the final step is to craft a response. The cybersphere is not immune to the universal legal norms that require a nation to respond to an attack in proportional fashion. In other words, you can’t destroy the Russian electric grid in response to email hacks. From a strategic perspective, the response should also be timely (although at a time and place of the responder’s choice) and distinctive — that is, it should bear a clear and specific relationship to the original attack that is recognizable to all.
With all this in mind, there are a variety of responses that the Obama administration should be considering against Russia.
The first response should be a definitive exposure of the Russian government’s presumably high-level involvement in the attacks. 
The U.S. case against Russia may be convincing, but the White House has chosen so far to keep parts of it classified.
The U.S. case against Russia may be convincing, but the White House has chosen so far to keep parts of it classified.Revealing the names of the officials who authorized the cyberattacks against the United States would put Moscow in an extremely uncomfortable position. Ideally, the United States could reveal emails or conversations between Russian officials that demonstrated their intent to undermine the U.S. electoral process. Such revelations would likely lead to U.N. condemnations and further economic sanctions against Russia, inflicting additional damage to its economy. They would also potentially expose U.S. intelligence sources and methods, but there are ways to sanitize the material to minimize those risks.

Second, the United States could undermine the Russian government’s reliance on a wide variety of cyber-tools to censor the web within its own country by exposing them to the public. While not actively manipulating the Russian web, the National Security Agency could “out” the code and tool sets used by the Kremlin, thus permitting activists (and citizens) to avoid the manipulation and censorship more effectively. As a response to the Russian attacks on the U.S. democratic system, this would be both proportional and distinctive.
A third and more aggressive approach would be to use U.S. cyber-capabilities to expose the overseas banking accounts and financial resources of high-level Russian government officials, up to and including President Vladimir Putin, who is widely rumored to hold billions of dollars in offshore accounts shielded from his public. While Washington should refrain from destroying or manipulating financial records, which would be an escalation, simply exposing the level of corruption among the officials who authorized the political cyberattacks in the United States would be strategically and morally sound.
Fourth, the United States could use its own offensive cyber-tools to punish Russian hackers by knocking them off-line or even damaging their hardware. This response would be open to objections that it represents an unwarranted escalation. But under prevailing international law, if a nation has information of a nexus of offensive activity, has requested it to stop, and the offending nation declines to do so, that offensive center is liable for attack. The burden of proof for attribution would be higher in crafting such a response; it would be viable only if Washington had definitive information on the command and control centers that launched the hacking activity. But given the brazen level of Russian activity, this at least warrants a serious discussion by the U.S. government.
Fifth, and finally, the United States should think about how our allies can be helpful in this situation. NATO partners have significant capability and could be helpful in much of this. 
All democratic nations have a stake in pushing back against this blatant interference in the democratic political process.
All democratic nations have a stake in pushing back against this blatant interference in the democratic political process.

All of this should be done in a very careful, measured fashion. The potential for miscalculation and escalation is high. But that potential pertains both to a possible overreaction as well as an under-reaction by the U.S. government. The president and his senior national security and economic teams will have to seriously (but, hopefully, swiftly) deliberate on a course of action. And the NSA and U.S. Cyber Command should prepare to carry out whatever actions they settle on. (Whatever else happens, these events have already proved why it’s to everyone’s benefit that Cyber Command will soon be elevated by the military to the status of a full combatant command.)
An old Russian saying is: “Probe with bayonets. If you encounter steel, withdraw. If you encounter mush, continue.” The bayonets of today are the bits of the cybersphere. The United States needs to show some steel or face much worse to come.