By now, most of you have probably heard about the case in Florida of two convicted murderers who hacked up their release papers and were released from prison, even though they were both serving life sentences. They were fugitives on the loose for a few weeks and then were recaptured without incident, forunately. But the fact that they were able to hack their release documents and fool the prison officials into releasing them should give us all reason to pause.
I spoke about this case with an old friend of mine, Nick Selby. I know Nick from back in his days when he was an analyst/VP with The 451 Group. I knew when I was going to brief Nick I had to be prepared for a rigorous interrogation because he wasn't going to take no for an answer. Well, Nick's bulldog questioning technique seems to have served him pretty well. Nick went on to become a police officer in 2010 and established a consultancy helping law enforcement agencies. Nick then teamed up with David Henderson to form StreetCred Software.
In addition to consulting with law enforcement agencies, StreetCred has developed a one-of-a-kind software solution that helps local law enforcement agencies deal with the millions of fugitives with warrants outstanding that are roaming our streets every day. Nick says it is not the criminals you see on CNN that you need to worry about. If a criminal makes it all the way to CNN, chances are the U.S. Marshals or local law enforcement are already hot on their heels. But it is the millions of others, some of whom are definitely considered armed and dangerous, that we need to worry about.
Using Big Data and proprietary techniques developed by StreetCred, along with public information and court records, the company can prioritize for a local agency's fugitive and warrant division which fugitives they should go after and have the highest likelihood of success. It really is a fascinating business and you should check it out.
But enough about Nick and StreetCred. How did these two murderers forge their court papers and walk out the front door of the jail? Nick says the problem isn't that the process is too open; in fact, it is just the opposite - it's is not open enough! There wasn't enough transparency in the whole process for the prison officials to follow the chain of events involved in the release and see if it was legitimate or not. Instead, they were presented with the end result - documents that appeared to be legitimate. Without the insight into the entire process, that was all they had to go on, so they let two murderers walk out the door.
Nick laments what happened as a result of this, though. In typical knee jerk reaction, the system will be more closed instead of more open. They are just going to make it harder for people to be released even if they appear to have the right paperwork. All this is going to do is delay people who are rightfully entitled to be released to be set free. It is going to add hours and days of extra work to the process and waste untold millions of dollars.
The right answer, according to Selby, is to make the whole process more open. If prison officials had more insight and could follow as well as look into each step of process, they would have a higher degree of confidence in the end product. If they followed the release process right through, there would not be a doubt if the papers were legitimate.
So, as counter-intuitive as it may seem, more openness is the key to making the system work better and safer. Nick says some cities and locales have in fact put this practice in place. New York City, for instance, has a pretty good system, Nick says. You can read more about his thoughts on this at his blog here.
As co-founder and Managing Partner at The CISO Group, Alan Shimel is responsible for driving the vision and mission of the company. The CISO Group offers security consulting and PCI compliance management for the payment card industry. Prior to The CISO Group, Alan was the Chief Strategy Officer at StillSecure. Shimel was the public persona of StillSecure as it grew from start up to helping defend some of the largest and most sensitive networks in the world.
Shimel is an often-cited personality in the technology community and is a sought-after speaker at industry and government conferences and events. His commentary about the state of security, open source and life is followed closely by many industry insiders via his blog and podcast, "Ashimmy, After All These Years" (www.ashimmy.com). Alan is now also a regular contributor to The CISO Group’s security.exe blog and podcast. Follow him on Google.
Alan has helped build several successful technology companies by combining a strong business background with a deep knowledge of technology. His legal background, long experience in the field, and New York street smarts combine to form a unique personality.
Disclosure: The CISO Group sells a software-as-a-service PCI compliance application called SAQPro. The company is independent and does not represent any other vendor's products as a reseller.
Policy on comments: Respectful discussion is welcomed! However comments that use inappropriate language, consist of name calling or personal attacks, or include accusations of wrongdoing are not appropriate. Those comments will be deleted or edited.