Tag Archives: crime

How to Picture the Future of Driverless

Picture this:

The year is 2025. A call comes to the police station—someone has broken into a local home. A drone is deployed to the address and arrives within five minutes. The drone feeds video to the station and to the closest autonomous (driverless) police vehicle. The drone guides the police car to the location. The officer in the car (we’ll assume he’s human, for now!) isn’t actually driving; he’s an occupant, watching the drone’s video feed. He can see the suspect fleeing, and he researches other crimes in the neighborhood along with potential suspects. The drone estimates the perp’s height and weight, and the officer can see his clothing and a possible gun in his belt. The police officer communicates with other officers in the area to coordinate the capture. As the suspect runs, his description and location is fed constantly to all nearby police vehicles, and he is surrounded within 15 minutes of the initial call.

This is far from fiction. The international consulting firm Frost and Sullivan predicts that 180,000 driverless cars will hit the U.S. market in 2020. That’s less than 1% of today’s annual new car market, but that’s just the beginning!

Just about every major car manufacturer (as well as Google, of course) is developing autonomous vehicles, and the competition is getting  more intense as the demand for collision avoidance features grows. Just as drones are spreading (if not yet regulated), driverless cars will become widely accepted. Americans love to drive, but there are too many undeniable advantages to autonomous cars.

The first one is safety. According to the U.S. Insurance Institute for Highway Safety  (IIHS), 94% of all car accidents are caused by human error. Nearly two million crashes could be avoided if human error were eliminated. That’s not to say that driverless vehicles won’t crash, but, as the technology improves, crash rates will drop like a rock. In 2025, if our roads are still packed with commuters, the occupants of many vehicles will be reading, answering emails, video conferencing and browsing the web. In other words, they’ll be working. A recent Morgan Stanley report predicted that driverless cars could add $5.6 trillion (yes, with a ‘T’) to the global economy because of the combination of a steep reduction in accidents and the dramatic increase in productivity. It is estimated that in 2035 autonomous cars will account for 25% of all cars.

Back to the police force. As driverless cars evolve, routine traffic monitoring will drop, high-speed chases will slowly decline (with drone help) and smaller police forces will focus on more serious crime. Cameras will capture everything—both from the ground and the sky. Officers will become highly trained in electronic law enforcement. Efficiency will rule!

Of course, these are just predicted outcomes. This policing panacea isn’t all roses; it will not eliminate the need for community relationships, direct contact with neighborhoods and personal contact in law enforcement. Furthermore, while vehicle collisions will fall, the cost and maintenance of autonomous cars will remain extremely expensive in the near future. Currently, it costs about $150,000 to equip a driverless car. But that cost will drop to $7,000 by 2030 and to $3,000 by 2035.

Nothing’s perfect. Every emerging concept or technology brings unexpected challenges and unintended consequences. But it appears that autonomous automobiles will emerge soon, and it’s likely that some day we’ll say they are “here to stay.”

For today, I guess I’ll have to drive myself home. What a chore.

Identity Theft Can Be Double Whammy

When it comes to data security and the real-life impact of identity theft, public awareness is at an all-time high. But there is still great confusion and ignorance about what it is, how it happens and what can be done to avoid the pitfalls of life after a data breach or personal compromise.

Most of us still feel flummoxed–and perhaps a bit panicked–when we get a phone call, an email or a letter saying our data or identity has been compromised. Even if it’s a situation that can be easily remedied, like a compromised credit card, where the problem is relatively small, it’s still frustrating. Even if the only real-life consequences are a day or two’s wait for a replacement card and the need to notify a few creditors that your billing information has changed, you feel violated. You wonder if it’s going to happen again. And depending on the source of the compromise and what’s been taken, it may well happen again. So, you stew and wonder some more.

The unfortunate part is that identity thieves understand this. In the mad dash to understand the full ramifications of what’s happened to you, you may expose yourself to further trouble–for instance, by providing your information to a phony identity theft resolution expert, only to be guided through a process of information shedding that brings about further compromise by the very data wolves in sheep’s clothing who ran the scam in the first place.

Taking a few simple steps will help you avoid crooked “helpers” like these, as I explain in my book Swiped.

Be Prepared

If you don’t subscribe to an identity theft resolution service or lack a plan of action before you suffer a personal compromise (other than the theft of a payment card, which can be solved with a couple of phone calls), you will need to spend more time and more money than you are probably prepared to spend. Then, after you have worked your way through the maze of law enforcement, credit bureau, creditor and record-keeping requirements necessary to put yourself back together again, you will almost assuredly spend additional time–more than you thought possible–rearranging the way you make your information available both online and in your everyday transactions.

For this to really work, you need to be willing to make a few adjustments in the way you approach your identity and your data hygiene.

The Best Defense Is a Good Offense

What the great majority of current and future identity theft victims fail to understand is that they really must be their own first line of defense. Because identity thieves can’t realistically be completely stopped, you can instead focus on making yourself a harder target, and on being readier when the attack comes.

A simple practice like shredding your personal documents can help, but it’s not a solution. Identity thieves can be anyone from a dental hygienist pilfering patient files to small-time crooks breaking into mailboxes or stealing unshredded garbage or tax-related documents during filing season. The more you know what the bad guys want and need, the better you can practice proactive data hygiene.

The fact of the matter is that when it comes to international crime syndicates that breach the databases of multibillion-dollar international corporations and sell the liberated information, deploying a paper shredder is like bringing a knife to a gunfight.

The above is an adapted excerpt from Swiped: How to Protect Yourself in a World Full of Scammers, Phishers and Identity Thieves, which hits bookstores everywhere Black Friday.

Preventing Violent Crime on Campuses

Violent crime, a major and growing problem in this country, is exacerbated by the fact that many crimes go unreported. But there’s a simple fix to the lack of reporting: Make it easier for people to tip off authorities anonymously.

Developments in communications technology and in social media can play a decisive role in increasing reporting, especially among young people. Once authorities have more information, they can not only track down more criminals but can develop a fuller picture of where and under what conditions violent crimes occur, and can develop better prevention programs.

In California, the Visalia campus of the College of the Sequoias has a program  allowing individuals to report suspicious behavior on campus to local police anonymously via text, voice mail or email.

“Our best resource, by far, is the students and faculty right here on campus,” Chief of the Police department Bob Masterson told the student newspaper . “Even if you’re not the victim, you could be a great witness.”

Many students said the program, TipNow, keeps them safer; they also consider it a good idea for all campuses.

Such programs are essential because violent crime remains an unfortunate truth in the U.S. According to the FBI’s national crime statistics, 1.2 million violent crimes were committed in the U.S. in 2012, and  even seemingly safe, self-contained campus environments like schools, colleges, hotels, hospitals and corporations are not immune.

At U.S. hospitals, the violent crime rate per 100 hospital beds rose 25%, from 2.0 incidents in 2012 to 2.5 incidents last year, according to research released by the IHSS Foundation at the International Association for Healthcare Security and Safety (IAHSS). The rate of disorderly conduct incidents experienced the biggest jump, from 28 per 100 hospital beds in 2012 to 39.2 last year (a rise of 40%). A separate IHSS Foundation study found that 89% of the hospitals surveyed had at least one event of workplace violence in the previous 12 months.

The federal Bureau of Justice Statistics’ National Crime Victimization Survey reported the following statistics for workplace violence between 1993 and 1999:

  • While working or on duty, U.S. residents experienced 1.7 million violent victimizations annually, including 1.3 million simple assaults, 325,000 aggravated assaults, 36,500 rapes and sexual assaults, 70,000 robberies and 900 homicides.
  • Workplace violence accounted for 18% of all violent crime.

From  1997 through 2009, 335 murders occurred on college campuses, according to data from the U.S. Department of Education (2010).  Three-fifths of campus attacks in a 108-year span occurred in the past two decades.

Yet many crimes go unreported to campus authorities. A 1997 study about campus violence by Sloan, Fisher and Cullen found that only 35% of violent crimes on college campuses were reported to authorities.

There are various reasons for not reporting crimes. For example, many may regard a crime as too minor a matter to report or may consider it a private matter. Many studies have shown a reluctance to report crimes or other suspicious activities out of fear of the authorities or of criminal retribution.

For instance, in February 2009 in San Gabriel, Calif., two gunmen opened fire inside a coffee shop, killing one and wounding six others, but police had trouble finding witnesses to what appeared to be a gang-related attack even though the shop was crowded with at least 40 people. Sheriff’s spokesman Steve Whitmore was quoted as saying,  “We know people saw something, and we need them to come forward and help us solve this crime.”

Too many Americans are inculcated with the belief that “the authorities will attend to it” – without considering that, in many cases, the appropriate law enforcement agency is unaware of a danger. Although many domestic terrorist events and campus shootings are committed by those whose previous actions were seen by those around them as odd, or even threatening, too often these observations go unreported.

This is why the concept of anonymous reporting is important: to get more information from the campus community. This anonymity is now possible.

TipNow receives tips via SMS/text, email, voice and mobile-app. When the tips hit the TipNow server, the sender’s information is encrypted. The tip is then disseminated to a pre-defined set of administrators on the system via email and SMS/text. The administrators can ask for more information from the tipster, still anonymously. For extra security, the server will delete all identifying information in 24 to 72 hours.

The system looks like this:

TipNow

In a recent interview, an anti-terrorism official (name withheld at his request) expressed his view on prevention: “The ability to gather information, sift through it to find what is useful intelligence – and then rapidly get that information to the right people – can and has made the difference between tragedy and that tragedy being averted.”

Why Traditional Crime Measurements Don’t Tell the Whole Story

All over the nation, the question is being asked, “Why is the overall crime rate in the US on the decline?”

We have the answer:  “It’s not.”

In 1930, the FBI was given the task of collecting and publishing crime-rate statistics from across the country, and the UCR (Uniform Crime Reporting) Program was born. This program collects data from across the country, and it is published in several reports, including the often quoted Crime in the United States report. The report separates offenses into two categories: violent crime and property crime. 

These two categories appear to provide an adequate sample of the types of crimes that should be captured to measure the overall crime rate, but the four “property crime” categories fall short. There is a simple reason: They have not changed since the 1920s.*

For instance, the category of larceny-theft does not include embezzlement, confidence games, forgery, check fraud, etc. Identity theft, which is growing astronomically, is also not included.

According to the two entities within the federal government that measure and report identity theft rates — the Federal Trade Commission’s (FTC) Consumer Sentinel Report and the Bureau of Justice Statistics — identity theft crime rates continue to increase. Identity theft has been ranked as the #1 complaint reported to the FTC for the past 13 years. Of the 2,061,495 complaints captured from a variety of organizations that share data with the FTC, 369,132 were regarding identity theft.

The Bureau of Justice Statistics uses the National Crime Victimization Survey (NCVS) to capture and report its statistics on identity theft.  The last report available captures information from 2005-2010. According to this latest report, approximately 8.6 million households experienced financial identity theft.

The latest statistics available (2012) are from Javelin Strategy & Research Inc., an independent organization not affiliated with the federal government.  Their study concluded that there have been 12.6 million incidents of identity fraud.

Identity theft is increasing faster than property theft crimes are declining, but the public isn’t paying enough attention.  The reasons for apathy include the misconception that one can’t be a victim without a stellar credit rating (i.e., my identity isn’t worthy stealing) and the conspiracy theorist notion that this is all just a scare tactic promoted by industry to entice consumers into buying services that are unnecessary. Both are misguided.

A change in public perception is required. It has been engrained into us that we must take personal responsibility for safeguarding our possessions and our physical wellbeing, so why not our identity?

Most people realize that they cannot guarantee they will never be burglarized.  So they employ tactics to make it harder to break into their home.  When leaving for vacation, they secure doors and windows and activate alarms.  Often, mail is held at the post office and friends are asked to check in on the place.

People must likewise actively guard their identity components (such as passwords and devices).  Taking regular steps to safeguard your identity must become engrained in all of us.  It’s absolutely true that you can do everything right and still become a victim of identity theft – but why not make the thieves work hard?

Ask anyone if they would think twice about wandering into a dark alley, alone, at night, in a dicey neighborhood, and they would say, Absolutely! But consumers think nothing of going to strange websites and entering credit card (or even more personal information) without checking the legitimacy of the site, especially when you can get a screaming deal on that flat-screen TV or tablet.

It is widely recognized that fraud and financial crimes don’t scare or shock people in the same way that violent crimes do.  Unless they rise to the level of Bernie Madoff or Enron, the crimes rarely make headlines.

Additionally, financial crimes are often cited as much harder to accurately measure because of underreporting and lack of consistent reporting methods.**  Some individuals do not believe that financial crime victims suffer true harm, especially if they are eventually made financially whole, as can happen with some identity-theft victims.  There is a misconception that once an individual has false charges removed from a credit account, or false accounts removed from a credit report, or a false tax return remedied by the IRS, that they are no longer the victim.  The victim label is assigned to the entity that takes the financial hit, such as the credit card issuer/financial institution and the IRS. Regardless, a crime has still been committed. Even if the crimes are difficult to measure and don’t shock, they certainly should be included in our evaluation of crime rates.

The infiltration of technology into our daily lives has not only changed the way we live, it has changed the way crimes are being committed. Much like water, criminal elements will take the path of least resistance.  When law enforcement and society become adept at suppressing scofflaws by making a particular crime more difficult to commit, such as through anti-theft devices on cars, criminals move on to other crimes.

Non-violent crimes rates haven’t decreased; they have just changed. Whereas the criminal of twenty years ago was armed with a knife or a gun, today’s criminal is armed with a keyboard or skimming device. The weapon(s) of choice has changed from tools of violence to tools of technology.  Criminals aren’t committing fewer criminal acts, just different ones. We don’t have fewer criminals, only smarter ones.

* Upon inquiry, the FBI responded with the historical information to explain how the eight offense classifications known as Part I crimes were chosen as indicators of the overall crime rate in the country.  The first seven offenses were originally chosen in 1929.  Arson, the 8th offense was added in 1979. The 7 original offenses chosen to illustrate the overall crime rate and used in the annual publication Crime in the United States were not altered at that time.  In fact, they have remained mostly unchanged since the 1920s.

** The FBI has a Financial Crimes Report that is listed under its “Other Reports and Publications” section. Other offense data for fraud and fraud type offenses is captured in the FBI’s NIBRS (National Incident-Based Reporting System); however, identity theft is not one of the incident types captured.

The Financial Crimes Report(s) differ in format from the violent crime/property crime format in the UCR and are more difficult to decipher.  The data contained in these reports is for cases investigated by the FBI.  It does not include financial crimes cases for local jurisdictions throughout the United States as the UCR does.  The most recent report shows 5 year trends in various categories.  The categories of  Corporate Fraud, Securities and commodities fraud, health care fraud, and mortgage fraud (reported cases) all show increasing numbers. Financial institution fraud, insurance fraud, and money laundering case statistics show a decrease in numbers and mass marketing fraud has stayed relatively flat.

The NIBRS report for 2011 indicates there is data on the following fraud type offenses: Bribery – 293; Counterfeiting/Forgery – 74,131; Embezzlement – 17,000; Extortion – 1217, and Fraud Offenses – 245,301. This a total of over 330,000 known incidents that could be counted in the overall crime rate in the UCR.  Though small in comparison to the other property crime numbers, it is not a statistically irrelevant number.   Identity theft statistics are not captured on this report.  Identity theft statistics are published by another department within the USDOJ (of which the FBI is a part), the Bureau of Justice Statistics.

Am I Covered For Cyber-Terrorism?

Are you covered for cyber-terrorism? If you have not purchased Cyberliability insurance, the answer is likely no. A General Liability policy needs bodily injury, property damage or possibly an advertising injury to respond. Property insurers don't view data as tangible property, and a property policy needs a peril like wind, fire or hail to respond to a loss. Crime policies cover embezzlement by employees. In the event of a cyber-terrorism loss, you can look to all of these policies for coverage, but there is only one policy that is designed specifically for this type of exposure — Cyberliability.

The next question is, what constitutes cyber-terrorism? When you think of activities committed by a terrorist, your first thoughts might be actions that lead to death or destruction of property. There are other ways terrorists can inflict harm, including through electronic means.

Below are scenarios that might be covered by a properly structured Cyberliability policy:

Sadly, the array of bad things for a terrorist to try extends far beyond the items listed above. They are out there working on ways to cause mayhem without leaving the comfort of wherever they may call home.

  1. Hackers funded by a foreign government get into your insured's network and cause private information to be leaked into the public domain.
  2. Hackers funded by a hostile party hijack an insured's network and computers and use them to cause a denial of service attack against other third parties, who then sue the insured for not preventing such an event.
  3. Unnamed hackers from a foreign nation deliver a virus to an insured's network and wipe out 30,000 company laptops causing a business interruption loss.
  4. Foreign-sponsored hackers launch denial of service attacks at everyone in the insured's industry in retaliation for some action taken by our own government. The business interruption may be covered, as well as a security breach arising from the attack.
  5. Hackers penetrate the control system for a manufacturing client's assembly line and prevent them from producing their product.
  6. Hackers replace a client's website with offensive or politically motivated content that causes people to sue for emotional distress, libel or slander.
  7. Hackers penetrate an insured's network and threaten to release private records or intellectual property.

To most insurers, it won't matter who is behind the security breach. The hackers can be foreign-sponsored, the kid next door, a disgruntled former employee or an organized crime gang. Coverage should apply regardless of who funded the attack. Cyberliability insurance policies are there to respond to liability claims arising from a security breach as well as some first-party expenses. There are also policies that include coverage for data restoration expenses and business interruption losses.

You probably won't see a policy that states, “You are covered for cyber-terrorism;” however, you should look for any definition of what constitutes a hacker. We have yet to see any definition that differentiates between prankster hackers, criminal hackers, political hackers, organized crime hackers or any other group. It is in the policyholder's favor that the definition isn't limited by a detailed description.

Most policies will be silent regarding the origin of the network attack; it remains your responsibility to be vigilant for any terrorism exclusion as well as acts of war exclusions. If you have been reading the newspapers lately, you have seen articles alleging that other nations have sponsored network attacks against companies and defense contractors in the United States. Some of those alleged foreign nations include Iran, China and North Korea. Our government hasn't classified those as acts of war, but at some point those actions could be deemed a precursor to war. A declaration of war usually requires a vote by Congress, which could take months, meaning that an insurer would likely have to wait to respond until the point a formal declaration of war is made. Insurers aren't intending to cover an aspect of war between two countries, but if an insured's computer network is collateral damage, they should provide coverage for the damages and liability.

A commonly asked Cyberliability question concerns the theft of intellectual property by a foreign nation, company or other party. Unfortunately that first-party loss is not contemplated in current Cyberliability insurance policies. There are intellectual property policies out there designed to defend and enforce patents, but it can be challenging to prove who took the information and how to find them. Those policies usually respond to claims once a competing product with the same or similar design(s) is sold on the open market. The theft of digital blueprints may not be enough to trigger these policies. There are also issues regarding the enforceability of intellectual property rights outside the United States.

A quick search of our major metropolitan newspapers shows that a number of industries are in the sights of a variety of hacker groups. The current list of primary targets includes financial institutions, power companies and defense contractors. In light of these ongoing activities of terrorists and state-sponsored hackers, it remains a good time to look at Cyberliability insurance. Your clients may not specifically be targeted by cyber-terrorists, but their network could suffer collateral damage or be used to inflict damage upon others.