When Stupid Strikes: Social Media Policy and Training

Posted on 31 January 2012 by


A Bay-area police agency has found itself at the center of a firestorm which began with comments on Twitter apparently by one of its officers.

The officer apparently posted to a Twitter account the comment, “Get those fucking hackers. I’m a cop in the Bay Area CA. I’d go after them with both guns.

Awesome. Other than to call the comments abhorrent and monumentally stupid, we won’t comment on the specifics because, frankly, we don’t know if the officer actually said these things. That’s why we don’t give his name in this post or the image, even though all the links we list in this post point to sources which do. There is an investigation underway (see below), and because we know some good folks at Richmond, we believe that if there were in fact violations of policy, they will be followed up on.

UPDATE: 02:21 CT, 1 Feb: I just got off a plane to see that Richmond PD, true to what I believed, has posted information on its process to its Facebook page.

But we can comment on cops saying monumentally stupid things on social media, and the cost to the agency when this occurs. And make some solid suggestions on how to prevent this kind of thing from happening to you.

The hackers the officer apparently referred to align themselves with the criminal hacking group Anonymous, which had earlier been involved with a hack targeting UFC President Dana White. White had made public comments about the group while voicing his support fo the Stop Online Privacy Act which Anonymous (and, incidentally, we here at Policeledintelligence) opposed.

The officer’s comments on Twitter (which he apparently removed from the site before ultimately deactivating the account) were picked up on by a wide range of people, who quickly started flooding blogs, newspapers and the Richmond Police Department’s Facebook page accusing the officer of making threats. The comments have since been removed from the Richmond PD’s Facebook page, but elsewhere on the Web we have seen photos purporting to depict the officer’s name, his truck and license plate, his badge and his Twitter page before the Twitter account was deleted.

On a forum, comments were negative to outraged. The San Jose Mercury News says that the Richmond PD says it is investigating the officer’s conduct and that it will pursue any policy violations.

Which brings me to the point: if this is true, if this cop posted what has has been attributed to him, then discipline (as distinct from any possible criminal prosecution) comes down to policy violations.

Were there any in this case? We don’t know.

In the February Law Officer Magazine, Dave and I discuss some of the things that agencies must think about when it comes to hackers and their cyber security. What that article does not address is policy.

Officers simply should not be making public comments that make them look unprofessional. In the interaction on Twitter, the parties were using @ tags to speak “to” one another, which might have given the author the sense that it was a private conversation. It was not.

It’s often forgotten that anyone can read publicly posted Twitter messages. Dozens, if not scores of products exist to scour the pages of twitter to seek specific key words – we’ve spoken of these in the past and discussed how useful they are to law enforcement. If you think that criminals and activists and housewives and marketing professionals and researchers and whole boatloads of other kinds of people don’t use these tools to track discussions on Twitter and other social media of what interests them, you’re seriously out of touch.

So these posts, regardless of who they’re ultimately shown to be from, were incredibly stupid, and entirely public.

Would you tweet publicly that you were coming for a criminal with both guns?

Cops suck – badly – at understanding the consequences of cyber communications. Since 2011, police systems have repeatedly been hacked, and with each hack comes the revelation of embarrassing email. We say this a lot: everyone gets hacked. Agencies must understand the consequences of stating things in email and online, especially in social media.

Three Important Steps:
Social Media Policy If your agency does not yet have a social media policy, get one. It is important. Dale Stockton talked about this in the June, 2011 issue of Law Officer Magazine.

Check out the very first post we ever did here at PLI, which talks specifically about this.

Your officers need the policy, your agency may end up spending hundreds of thousands of dollars and even more important, valuable community goodwill fighting a social media event caused by stupid.

Clear Social Media Guidelines The policy is not enough, you must be able to provide guidelines for acceptable and unacceptable online behavior to your officers. They often are new to the world of social media, and really need help understanding it. Have I ever uttered a, “Why, I oughta…” kind of statement? Of course I have. But learning the boundaries of acceptable social media behavior, especially as a police officer, is truly difficult. Agencies need to guide their officers through this, not just throw them under a bus when they do something dumb.

Train Your Leadership If your administrators don’t understand social media, if they’re not familiar with the rules of the road in cyber, and if they don’t recognize the risks of running a contemporary law enforcement IT shop, you and they are simply lucky you haven’t yet been hit by hackers or an outraged populace. As administrators, it’s as important for you to understand social media and the fundamentals of the public Internet as it is for you to understand the fundamentals of body armor, patrol cars, DWI procedures and other basic law enforcement tools.