LAPD Exposes Login To Data Harvesting Software During Interview With CNN

from the as-secure-as-Darth-Helmet's-luggage dept

The Los Angeles Police Department has obtained tons of data over the past several years and that amount of data increases exponentially every year. In addition to its criminal databases, it also collects thousands of license plate time-and-location data points every day and has deployed other forms of surveillance (like Stingray devices), gathering even more data surreptitiously.



Of course, the LAPD feels it can be trusted with all of this data. It claims to have controls in place to prevent unauthorized access to information related to non-criminal Los Angeles citizens. Working with Palantir, the LAPD has instant access to a vast amount of gathered data -- a database so impressive it spent a bit of time bragging about it to a CNN reporter. (via Lowering the Bar)

The CNN video shows LAPD Sergeant Jason O'Brien using Palantir to search for data on a burglary suspect."After searching over a hundred million datapoints, Palantir displayed an impressive web of information," said CNN reporter Rachel Crane. Palantir's interface resembles a web search engine with datasets labeled People, Vehicles, Locations, Crime, Arrests, FIs (Field Interview Reports), Citations, Bulletins, Tips, and Everything (view screenshot). The video also shows Sergeant O'Brien accessing the LAPD's automatic license plate reader database to map the past locations of the burglary suspect, which go back as far as March 2011.

Captain Romero told CNN that the LAPD "cannot just go searching for you or anyone else without a reason because we have a lot of data for people who have done nothing."

Even if additional steps are needed to complete an internet based attack, information on the whiteboard certainly peals [sic] back one layer of security blocking the way to private data. Above all else, the LAPD keeping a password—any password—on an office whiteboard in plain sight is deeply troubling. Haphazardly allowing CNN to film the password for a national news broadcast is more troubling still... [T]he whiteboard depicted in the CNN video casts doubt upon the LAPD's ability to keep its data private.

Name: LAPD

Password: [blank]

Name: LAPD

Password: LAPD

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

With all this information come strict controls, or so the LAPD would like you to believe.And yet, during this same CNN taping, the LAPD shows just how careless it is about protecting data. Written on a whiteboard for anyone to see is the login and password to its CAMS (Computer Analysis Mapping System) training system.While this may be training access only and wholly separated from the actual system and its hundreds of millions of datapoints, it's still not a good idea to leave logins and passwords publicly displayed. Sure, whoever wrote it probably thought no one but cops undergoing training would ever see it (along with the filepath to the CAMS data), but the person or persons OKing the interview should have made a sweep of anything the camera might see. It's simply lousy operational security and it's the sort of thing you never want to see an entity with access to "hundreds of millions of datapoints" do.Freedom du Jour points out that the LAPD's negligent attitude towards security has been encountered before. Documents acquired by the EFF and ACLU showed that officers were given the following name and password to log into their ALPR terminals. Two years later , the LAPD decided the system might need a password.These are the people who claim they can ensure hundreds of millions of datapoints won't be accessed without authorization, thanks to policies and strong statements given to credulous CNN reporters. But this shows that the LAPD's security measures border on nonexistent and its interest in protecting the data of Los Angeles citizens is minimal.

Filed Under: cnn, lapd, los angeles police department, passwords, privacy, security