Prison Hack Shows More About Shared & Open Data Than Fugitive Hunting

Posted on 19 October 2013 by

0


Fugitive Charles Walker

Fugitive Charles Walker

This blog post ran at StreetCred Software.com and is cross-posted here. It is non-commercial.

When the story broke about Charles Walker and Joseph Jenkins, the two Florida murderers who hacked their way out of jail with forged documents, I had just finished giving a speech on fugitive capture and manhunts that included this observation: “If your fugitive is featured on CNN, he’s going to be found.”

That is very true. I have huge confidence in the ability of the cops and the US Marshals Service to locate these guys and get them out of circulation – among the worst things in the world is to be someone hunted by a Deputy United States Marshal.

We at StreetCred are in the fugitive capture business, and it’s my personal opinion that, strictly from an odds perspective, if I were either of Messrs Walker and Jenkins, I would grab a phone book and get any lawyer down to and including Saul Goodman to help me arrange a surrender.

More on the Marshals and why my money’s on them in a minute.

Fugitive Joseph Jenkins

Fugitive Joseph Jenkins

Don’t get me wrong – Walker and Jenkins are demonstrably smarter than your average bear; they even took the trouble to register themselves as felons with the Sheriff’s office, to keep up the charade, which takes some foresight, some good understanding of the system, and some cast-iron testicular resolve. It’s likely they had help.

Ultimately, though, this case is less interesting to me as a manhunt than it is as a demonstration of why data sharing and open*, machine-readable data in the criminal justice system is so important.

The Orlando Sentinel reported that the “phony paperwork contains the forged signatures of at least two judges and members of the State Attorney’s Office — including State Attorney Jeff Ashton.” What people in the system don’t seem is shocked: assistant state attorney Eddie Evans told CBS affiliate WCTV that he was,  “Not surprised that someone was able to take advantage of the judicial system.”

Ninth district Chief Justice Belvin Perry, whose signature appears on the forged documents for both escapees, told CBS This Morning that forging his signature was, “Not hard to do.”

So this incident is nothing if not an advertisement for a fundamental lack of information security in the systems the state replies upon to manage its criminal justice system. The IT system relied upon by Florida’s criminal justice, public safety and corrections environments failed on all three objective measures of information security: Confidentiality. Integrity. Availability.

To wit: the process and access to both the data and authentication credentials (from network credentials to samples of the signatures of key players) was corrupted, accessible and known to the bad guys; there was no way for the good guys to easily confirm that the documents were forged or that the communications were in fact not from whom they claimed to be from; and the data that would have allowed authorities at each stage of this hack to quickly see what was happening and fix it was not available due to systemic limitations and siloed data.

Three strikes, and Walker and Jenkins are out.

Oh, don’t get me wrong: there is plenty of blame to go around in Florida; but I would maintain that it’s truly not the fault of any single person (let’s knock off the foolish witchhunts, eh?) but rather a Balkanized system that favors vendors and creates a penny-wise and extremely pound-foolish outcome.

Walker and Jenkins, two murderers, are in our communities and at liberty with the felon’s equivalent of a note from their mom excusing them from jail – and that is primarily a failure of the data systems and checks-and-balances in place.

One of the only ways to assure that this kind of thing doesn’t happen is through compliance with the spirit and concepts laid out in the President’s Executive Order on Open and Machine Readable Data and enacted by cities around the country*.

This was one of the key themes last week at the 2013 Code for America Summit in San Francisco, where I gave that speech I mentioned. At the CfA Summit, representatives of more than 80 cities, counties and states met to discuss (among many civic coding, Govtech and other topics) the nuts and bolts of actually making open and machine readable the default.

What happened in Florida could absolutely have happened anywhere, but it’s far less likely to happen in cities that have embraced and leveraged open data in their corrections and public safety environments, like San FranciscoNew York CityOaklandLouisville and Baltimore. Representatives from those cities, along with those from cities like AustinFort Worth and scores of others are rolling out criminal justice system solutions that leverage the power of open data initiatives and of strategic partnerships with organizations like Code for America.

I mentioned my money being on the US Marshals Service precisely because every day they engage in the kind of information sharing that is a model for all law enforcement. The way Marshals work with law enforcement throughout the country demonstrates that they patently understand their core problem set: no one hides federally, fugitives hide locally.

Consider that in 2012, when the US Marshals apprehended 36,200 federal fugitives, Marshals-led fugitive task forces throughout the US helped local, county and state agencies apprehend more than 86,700 state and local fugitives. This is a testament to their dedication to collaboration.

They are so successful because (in addition to being studs), in a manner that is perhaps unique among federal law enforcement agencies, US Marshals forge lasting bonds and foster a culture of collaboration with their partners in local, county and state law enforcement. Without giving away any of their tactics, techniques and procedures, I can say that every day, Deputy US Marshals and their local counterparts, working collaboratively, prove over and over again that data sharing works.

______________________

NB: when I use the term, “Open” here, it is a term of art that I am warping. It is true that information within certain parts of the criminal justice system (the part governed by the CJIS, or Criminal Justice Information Services security standard) must be secured and is not generally available to the public. Now, nowhere near all the data I describe in this blog post is CJIS – much of it is simply garden-variety court administration documents, which is by definition “Open” in the “Everyone-can-read-it” sense. But in the case of data within the CJIS environment, I use the term “open” to mean, “machine readable and openly shared within a CJIS framework.” However, since each datum in the system is itself discoverable under FOIA (that statement is PACKED with caveats but true), it is ULTIMATELY open in the full meaning of the term.