Search, Social Engineering and the 4th Amendment

LawOfficer.com has an interesting review of United States v. Harrison and when/how social engineering is acceptable to gain entry to private space.

Importantly, the prosecution conceded that just as it would be a violation of the Fourth Amendment for an officer to induce consent by pointing a gun at a suspect, it would also violate the Fourth Amendment if an ATF agent induced consent by falsely claiming that someone had planted a bomb in Harrison’s apartment. Yet, the district court found that this is the precise effect of the agents’ misrepresentation.

The agents’ conduct left Harrison with two options: (1) either deny consent to search and take the risk that a bomb had been planted in the residence, or (2) consent to the search. Consent under these circumstances wasn’t free of impermissible coercion, and Harrison’s consent was therefore involuntary. As such, the court of appeals affirmed the suppression of the firearm and ammunition.

Lying and social engineering tactics have been protected by the courts in the past. Officers may lie about their identity and claim they have more knowledge, evidence or insights than they really do in an investigation as explained in a FLETC law enforcement training brief.

Officers often use deception during the course of their investigations. Hoping to entice a confession from a suspect, an officer may legally, but falsely, tell a suspect that his fingerprints were found at a crime scene, that his criminal acts were recorded by a concealed video camera, or that a co-criminal has confessed and implicated him. An undercover officer, by design, is engaged in a pattern and practice of deception.

This case illustrates that lies go too far when they involve risk of death or injury to a suspect (e.g. bomb threats or pointing a gun). They are unacceptable because high severity threats make consent to a search involuntary, which violates the Fourth Amendment.

The case is also interesting because it is not clear whether the suspect who answered the door was authorized to give consent to the space searched. The story calls it his apartment but the case detail is slightly different.

When Harrison was reluctant, the agents assured him he could give permission to search even though it was his girlfriend’s apartment…

The courts usually support an officer who asks for consent to search from anyone who has control over the property (a key, name on a lease, no one else is present, no one else objects, or is legally authorized). More to the point, with regard to cloud environments, in a co-tenant situation there needs to be evidence of control (e.g. a locked door and a unique key) to prevent the search of shared infrastructure/space becoming a search of individual/private space.

EAST Report 3: ATM Cash Trapping

The European ATM Security Team (EAST) has published their third report of the year. Their data shows the skimming losses continue to shift to areas without chip. They also point to a rise in devices used to block the cash dispenser.

The trend of the majority of skimming related losses occurring outside of EMV liability shift areas continues; from January to September 2011 such losses were reported in 47 countries outside of the Single Euro Payments Area (SEPA) and in 12 countries within SEPA. The USA remains the top location for such losses.

Cash trapping incidents were reported by nine countries and this type of attack is increasing in most of them. This reflects a continuance of the trend reported in EAST’s most recent European ATM Crime Report (covering January to June 2011)

The report also indicates a rise in gas-based explosions. While the new cash trapping attacks are said to be easily defeated by retrofitting or upgrading the ATMs, there was no mention of guidance to defeat explosive attacks.

Jaguar XF Diesel in America: Road Test

Early this year I whined about the lack of an American model of the Jaguar Diesel

It’s so fast, despite being fuel efficient, the police even have a model. Actually, the police model gets the smaller 40mpg engine but it still runs under 6 seconds to 60

Later in the year I complained about the strange case of the Los Angeles County Police Department who boasted about squeezing a tiny amount of efficiency out of a new fleet of expensive Ford gasoline engines.

[The Jaguar diesel] has the same horsepower rating as the new Police Interceptor sedan in Los Angeles, yet double the mpg. Why are police in America getting shafted (pun not intended) by Ford on this technology? The County could be saving a whole lot more.

Here are some guestimates, based on the Ford press release. It says the current police car gets between 14 mpg and 21 mpg. A new engine will improve by 20 percent, which puts it at 17 mpg to 25 mpg.

Those are modest numbers, at best. Moving to a 40 mpg Jaguar XF Diesel S would achieve a 90 percent improvement ( (40-21) / 21 = .9 ).

Fast forward to today…

I am happy to say that just a few minutes ago the official Jaguar Twitter stream announced their Jaguar XF “2.2-litre four-cylinder diesel with an eight-speed automatic gear box with stop-start” will soon arrive to California to complete their cross-country road test.

Day Seven. Flagstaff, Arizona to Victorville, California.

The #XFCoast2Coast road test has already tweeted results above 60mpg but they are keeping the final results quiet until they reach Los Angeles County.

I hope they can draw the attention of the LAPD, who should immediately confiscate the vehicle and then convert it to a police cruiser as the first step in reducing massive amounts of American taxpayer money wasted on antiquated/inefficient technology and foreign fuel.

LA County estimated $20 million in savings from a 20% improvement in efficiency. Imagine the savings from 90% improvement! $90 million?

Diesel. It is what the future will look like:

Jaguar XF Diesel