Hey Lets be “Friends”: Why Police Need to be Careful with Personal Cell Phones

Well it happened again. You know what we are talking about. A police officer either issues a ticket or arrests someone, and the suspect concludes it is a good idea to go to Facebook and make a threat against the officer.  This time it happened in Jackson County, MI, when Joey Jason Holliman allegedly posted a threatening message on Officer Michael Strickland’s timeline shortly after being ticketed Wednesday.

We don’t know how Holliman located Officer Strickland’s profile.  It may be that Officer Strickland didn’t set his privacy settings properly. For instance, he may have allowed search engines to index his profile, a feature that can be turned off rather easily.

But then again it might not have anything to do with the settings. Let us explain. About two weeks ago, I started seeing individuals appear in my suggested friends page that should not be there. For instance, offenders that I supervised and had sent to prison. Todd and I discussed how this might happen. We ruled out that I had searched for them with my profile or I had their telephone number in my personal address book.  I theorized that they may have searched for me. Even though they couldn’t find me as my privacy setting was locked down, Facebook, thought I might want to connect with them, so it suggested them as possible “friends.” How helpful! (We haven’t ruled that theory out yet.)

However, it appears there is another possibility that is even more troubling. If two Facebook users connect to Facebook from the same IP subnet or they are using Facebook on their cell phone from near-overlapping geocodes, the social networking site assumes the users are “friends” or potential “friends.” Yep, you guessed. It then populates the suggested “friends” to both users.  How nice!

In the ticket incident above, if both Holliman and Officer Stickland had cell phones on, with Facebook connecting to the Internet, they would have likely been using an overlapping geocode.  Even if Holliman’s didn’t remember Stickland’s name, Facebook would likely have suggested him as a potential “friend.”

Many of us carry our personal cell phones on our person in the field.  We also have them in our office.   But by allowing Facebook to connect to the Internet from our cell phones, we are exposing ourselves to “friend” suggestions from those we would prefer not know we even have a Facebook profile.  How many times do those of us in law enforcement go into high crime areas with criminals nearby with cell phones on their person? How many times do suspects have cell phones on their person in police waiting areas or outside courtrooms? Do we really want our Facebook profile offered up as a “friend” suggestion to EVERYONE?  Unfortunately, Facebook does not offer restrictions on appearing in “friend” suggestion lists.

It would seem the solution is to turn off one’s geolocation  (Suggestions can be found here). But, this would seem only to limit Facebook from sharing it with other users. This suggestion does not prevent Facebook from gathering your geolocation and using it for its own purposes, such as in suggesting “friends” in the same area.  The really only secure why to stop this is not have Facebook installed on your phone OR at a minimum limiting your cell phone/Internet usage. For instance, turning it on when needed and turning if off when not in use.  This way it is not consistently connected to the Internet, looking for “friends.”  Additionally, limit or eliminate your cell phone/Internet usage in “high “risk” areas, such as where you might run into someone you are going to arrest, are arresting, and/or did arrest. Finally, individuals involved in law enforcement must be continually vigilant to how their personal devices may be inadvertently “leaking” information to other devices in a way that poses a risk to them and their loved ones. Of course, that is really sound advice for all of us, regardless of our occupations. On that note I left a cigar lit somewhere.

Digital Domestic Violence

“Stranger danger” has been used frequently to describe online threats, particularly those facing minors. However, one of the most serious digital dangers facing some individuals is posed by those who likely know the Internet user the best, such as a former spouse or significant other. Increasing domestic abusers are turning to technology to harass, threaten, and/or stalk their victims. This has become known as “digital domestic violence.” Use of technology to stalk or harass, has been since almost since the Internet’s inception. In the mid-1990’s, we started seeing the term “cyberstalking” and cyber harassment being coined in recognition of how individuals were using electronic communications to victimize others. Digital domestic violence (DDV) is more narrowly focused on those who use technology against a former girl/boyfriend or spouse. It can include using the Internet to:

  • Research methods and means to harass or stalk their victims;
  • Keep track and follow their victim’s movements and habits, frequently by accessing social media, either with or without global positioning information;
  • Transmitting and/or accessing computer monitoring software reports installed on victim’s computer or devices;
  • Transmit actual threats or harassment towards their victim; and
  • Facilitate the use of other technologies in DDV, such as GPS trackers, cell phone tracking, and remote video/audio surveillance.

One’s former significant other or spouse, is in a unique position to wreak digital chaos on their victim’s lives. This is because of trust. The victim at some point in the relationship likely trusted their future attacker. With trust can come access to the victim’s computer and/or mobile devices. Prior to the relationship’s termination, the offender may have searched the device, viewing browsing history, e-mails, text messages, etc. They may have also left their e-mail account or social media profile opened. This access also may have allowed the future attacker to install monitoring software unbeknownst to the victim. Monitoring software by the way is very easy to install on computers and mobile devices. It is rather inexpensive, free versions are available, and depending upon the vendor, the results can be reviewed via the Internet, without direct access to the device that it is installed on.

Even if the victim did not provide access to their devices, they may have accessed their e-mail and/or social media from their future attacker’s own device. It isn’t that uncommon for a trusting girlfriend to check on their social media profile or e-mail via their boyfriend’s lap top or computer. They might not have been completely logged off when they were done, allowing the boyfriend to gain access. Even if they did log off, depending upon the offender’s technical sophistication, the password may be able to be recovered from their system at a later date. An unsophisticated offender may have even installed monitoring software on their own computer to capture passwords of unsuspected users for later retrieval. These are not the only methods to gain access to a victim’s digital life. Other cyber-criminal’s rely on methods, such as social engineering, to get passwords. Because of trust, a future attacker, may know their victim’s passwords to e-mail accounts and social media profiles. DDV offenders unlike strangers, know their victims, their friends, their habits, their history, etc.. If they don’t know the passwords, they likely know the answers to challenge questions to reset them. They know a lot about their victims, which can be used to trick them into providing information, getting them to install a program, such as monitoring software, or unknowingly add them as an “old” school friend in their social media circle. Other DDV offenders focus at the start with more direct methods of harassment and/or threats, such as sending messages or posting on social media profiles.

Victims should make sure to print out or take screen shots of all harassing or threatening messages so they can be provided to law enforcement. These posts can be quickly dealt with by reports to law enforcement and service providers and electronically blocking the offender from sending or posting messages. However, if the DDV offender still manages to electronically get to their victim, it may be that they have gotten access to the victim’s accounts and/or installed monitoring software. At a minimum, individuals involved in a bad break up with no violence, need to change all passwords to all accounts. They should also consider removing their former partner from their social media circles or at a minimum imposing restrictions on what they can access. Additionally, it is important to turn off GPS tracking on one’s mobile devices (cell phone, I-Pads, Windows Tablets, etc.) as well as for digital cameras (Digital cameras will embed GPS coordinates in the meta-data of image files created). If it appears that their former partner is still gaining access to them or following them they may wish to either get new devices or have their old ones checked for monitoring software (this can be costly but effective). In cases where violence occurred, victims need to immediately stop using their devices until they are deemed safe and gain access to new or trusted devices. In all cases where DDV is occurring victims need to contact law enforcement and seek help from resources such as those listed below. Obviously, victims should not use an untrusted device to make these contacts as their attacker may be monitoring them. (The National Domestic Violence Hotline is 1-800-799-7233 TTY: 1-800-787-3224).

Resources

Daily Tip: How to turn off GPS geo-location for iPhone photos, protect your privacy

Digital Harassment Is the New Means of Domestic Abuse

How to Turn Off GPS on a Cell Phone

How to Turn off GPS on the iPhone

How to Turn Off Location Services on an iPad

Minnesota Center Against Violence and Abuse

National Coalition Against Domestic Violence

Privacy and Domestic Violence

Smartphone Pictures Pose Privacy Risks

The National Domestic Violence Hotline

Turn Off Your Smartphone Camera’s GPS to Protect Your Privacy

What is Digital Abuse?