Welcome to “DC Public Safety” – Radio and television shows, blog and transcripts on crime, criminal offenders and the criminal justice system.
The portal site for “DC Public Safety” is http://media.csosa.gov.
Radio Program available at http://media.csosa.gov/podcast/audio/2013/06/cyber-safety-national-organization-for-victim-assistance-dc-public-safety/
[Audio Begins]
Len Sipes: From the nation’s capital, this is DC Public Safety. I’m your host, Leonard Sipes. Back at our microphone is Will Marling. He is the Executive Director of the National Organization for Victim Assistance. www.trynova.org. www.trynova.org. Will, welcome back to DC Public Safety.
Will Marling: Len, thank you. It’s always great to be with you.
Len Sipes: Well, the show today is on cyber safety. We’ve done a variety of shows on cyber safety but two things first. What is the National Organization for Victim Assistance? I’ve been working with NOVA for well over three decades. So first of all, give me the overall view of what you have done in the past, and then I’m going to ask you why you got involved in cyber security.
Will Marling: Yeah, thanks. NOVA started in 1975. It came out of the Victims Rights and Services Movement, and it stands as the oldest National Victim Assistance Organization of its kind in the nation. So we’ve been involved in crime and crisis, and serving those harmed by those two issues. Of course criminal justice is our specific focus here, and dealing with criminal victimization and victim assistance, and so that really is the heart of what we’ve done. We work with victim advocates and training. We also of course want to educate political leaders and community leaders on policy issues related to the needs of victims. So that is our core, that is our history, and it remains as such even as we move into the cyber age.
Len Sipes: And the core has been garden-variety street crimes, rapes, robberies, burglaries, those sorts of things, violent crime. That’s been the principle point of NOVA, and NOVA acting as an advocacy organization for victims of crime, and anybody who hears this show can simply contact www.trynova.org and they will be assisted, correct?
Will Marling: That’s exactly right, yeah. They can go to our website. We try to have a healthy amount of information on there but we also have a toll-free victim assistance number – that’s 800-879-6682 – and for victims specifically, we would rather they just call us if they’re able to because email itself, you know, it’s not efficient when talking about the complexities of criminal victimization.
Len Sipes: I agree.
Will Marling: And it’s not secure, quite frankly, for especially people at risk, domestic violence victims and the like.
Len Sipes: I agree.
Will Marling: So that’s why we encourage that, you know, when they get to a safe place, to give us a call, and we’re happy to help them.
Len Sipes: We’ll give that number again — 800-879 –?
Will Marling: Yeah. 800-879-6682
Len Sipes: — 6682.
Will Marling: And that’s 800-trynova. 800-T-R-Y-N-O-V-A.
Len Sipes: Okay. Why did NOVA get involved in cyber security?
Will Marling: Cyber security, cyber safety, came on our radar really about three years ago, a little over three years ago, when we started taking calls and we were getting victim assistance calls in this arena. It started with kind of identity theft and some other things, and we were looking at this issue not really knowing how to help people directly, not knowing what to do with them specifically. We had some idea but, you know, it’s a complex issue, and we moved into that arena and we started training up ourselves, our staff, and then training victim advocates out in the field. We go out and we provide training on victim assistance, cyber crime remediation techniques, and then we’ve moved into an education of consumers as well because we know that we need to get on the front end of this and not just deal with the back end of it because of the scale.
Len Sipes: Everybody has cell phones, everybody has computers, everybody has tablets, or a lot of people have a combination of those, and so these devices are not part and parcel to our lives, and when we use them, we place ourselves at risk.
Will Marling: We do. I want to keep it in perspective because I don’t want to create an unnecessary sense of fear. It’s awareness of risk just like anything we do but what people don’t realize is for us, we kind of principlize these things to help people get their head around them because it can get murky especially for people who aren’t tech-savvy or tech-focused but we are today, we are our data. You are your data, and that means that we have to think about ourselves as electronic bits. When we start thinking about it like that, then that kind of changes our perspective about how we protect ourselves in this arena with technology.
Len Sipes: Well, it’s extraordinarily complex because I consider myself as tech-savvy as the next person and yet it confuses me to no end, and I’ll give an example in a little while about how one of my websites – I can’t give it out doing this broadcast – but one of my personal websites was hacked and I had to go through a process of getting it unhacked, and it was a real pain in the tuckus. But before getting to that, before getting to a larger discussion on cyber security, I always am interested in NOVA’s take on the Constitutional amendment, a U.S. Constitutional amendment for victims of crime. There are a wide variety of state constitutions that have amendments for victims of crime, not all of them. I think the last time we discussed it, it was like 32, 33 states have state constitutional amendments, but there is a need for a United States Constitutional amendment for victims of crime. Can you give me a two-minute summation as to where we are regarding that?
Will Marling: Sure, and thanks for asking about that. It’s is an important issue for the nation. House Joint Resolution 40 was introduced into the House of Representatives during National Crime Victims Rights Week, the third week of April of this year, and House Joint Resolution 40 is a proposed Constitutional amendment for victims’ rights. So with the introduction of that amendment – or, I’m sorry, with that resolution – there was a hearing, and it’s kind of the basic I don’t want to say perfunctory but in a sense that’s where it has to start, and then it’s going to need to move from there. So we are currently seeking co-sponsors in the House of Representatives who would sign up to co-sponsor that and to build momentum. You know, we both live in the Washington, D.C., area, we work here, and so you kind of get a sense of this. Other people certainly who track would know this as well but it really is – there are over 10,000 bills that are introduced in any Congressional session, and so people think it might be the greatest but that doesn’t mean anybody even knows about it because there are so, so many bills that can be introduced. So what we’re trying to do is educate our Congressional leaders on the bill that is as a resolution, and then have them sign on as co-sponsors so that we can build momentum and move it forward.
Len Sipes: Okay, so it’s starting in the House.
Will Marling: It’s starting in the House, that’s right.
Len Sipes: And I would imagine if there’s any non-partisan issue out there, it’s going to be protection of victims of crime.
Will Marling: It’s a totally bi-partisan issue if you’re talking politics. For the rest of us who aren’t representatives, it’s a non-partisan issue, and it touches every aspect of society. A simple primer on this is if you get accused of a crime in this country, you could have up to 23 protections that you could seek as rights for justice of your case. If you’re the victim of that very same crime, under the Constitution, the United States Constitution, you have no rights and yet you’ll be drawn into that system most likely as a witness or trying to track it in the justice process because of yourself or your loved one who was harmed, and so we believe that it is clearly appropriate to address this from a Constitutional level.
Len Sipes: And something that would apply to the federal criminal justice system but in a sort of a de facto way would eventually apply to all the rest of the states that do not have constitutional amendments, or their constitutional amendments are not as strong as a U.S. Constitutional amendment.
Will Marling: That’s right. Yeah, that’s exactly right, and I would add one key area is the military because the military, you know, sexual assault is a big issue.
Len Sipes: A huge issue.
Will Marling: It’s being discussed right now and it’s very important that we should be discussing it but most people don’t understand that specific to this issue under the Military Code of Justice that there are not victims’ rights as such, so this would afford a very important population that we all respect —
Len Sipes: A very good point.
Will Marling: Yeah, and they would fall under that category as well.
Len Sipes: That’s a very good point.
Will Marling: So it touches every American.
Len Sipes: And I thank you for that segue. Okay, let’s get back to cyber safety. Somewhere along the line, I do want to do an update, an entire show on the Constitutional amendment for victims’ rights because I think it’s so extraordinarily important, but back to cyber safety. Again, I go back to what I said before – all of us are electronically connected. Our grandparents are now on Facebook, they have computers, they have cell phones, they have smart phones. The last data that I saw, that smart phones now exceed feature phones or regular phones, and I think now 60% of all phones in the United States are smart phones. They are the equivalent of the computer sitting on my desk just a couple years ago. They are that powerful. So now we have implications, we have real implications in terms of our day-to-day lives as to the devices that we have, and it strikes me that as we go through a 20-year decline in crime in terms of the crimes reported to law enforcement and as reported by the FBI and the National Crime Survey done by the Bureau of Justice Statistics of the U.S. Department of Justice, basically if you take a look at the last 20 years, there’s been an overall decline in crime. I know it’s blipped up slightly this year in terms of FBI data but while that’s been going down, cyber crime has been going up, and I’m not quite sure that anybody has any real idea as to how much it’s increased over the course of the last 5, 10 years.
Will Marling: Yeah. It’s a difficult statistic to track specifically because it’s not tracked. It’s not part of uniform crime reporting unless it falls under a category that is already there. So if it’s, you know, some kind of bank fraud and then attached to it is the use of a cyber tool, then that could be part of it, but in terms of good, consistent data, we know we have to extrapolate from a lot of different sources, and there are good sources but they’re showing that it’s a huge problem, and the FBI would affirm that.
Len Sipes: Well, I think the FBI and everybody else who’s been measuring it would affirm it. Okay, so on a personal note, I have a website, and I can’t give out the website address because I can’t mix personal with federal, but it received malware. I had to clean it up. I had to have somebody go in and be sure that it was cleaned up, and that cost me more than a little bit of money, and now it’s clean and up-and-running, and I won’t get into the details of that but I was hacked. My website was hacked. They had malicious malware installed on the site, and it was brought to my attention, and like I said, I had to go through more than just a couple of dollars to get it cleaned up. So, I mean, this happens to us all! I have this conversation with my wife about electronic banking. I can’t talk about the specifics and I shouldn’t be talking about the specifics – I’ll give out one, Google Wallet – but all the different internet providers have a version of Google Wallet so I’m just not promoting them, whereby you can take care of all of your monetary transactions from your smart phone, from your computer, from your tablet. Banks have them as well. And I’m always concerned, very concerned, about having my entire financial history either hacked by somebody because I or my wife uses a WiFi shared by lots of other people and they can easily get into our data and they can easily get into our pass codes, or we would lose the phone, or lose the tablet, or somebody would break into our house and steal the computer. They just don’t have our photos, they just don’t have our documents, they have our financial history.
Will Marling: That’s right, and you know one of the principles is if it’s convenient for you in terms of use, it’s probably convenient for a perpetrator to access, and we have to think differently about this. For instance, we encourage people with this principle: if it has a lock, use it. Use it. 33% – and it varies depending on who the population is – but cell phones, smart phones, have a lock-screen on them, and 30% to 33% of people don’t actually use that.
Len Sipes: I’m sorry, 33% don’t use it or do use it?
Will Marling: Don’t – don’t use it.
Len Sipes: Oh, I thought the majority didn’t use the locks.
Will Marling: Well, people are getting smarter but that’s still 1 out of 3 just on that issue so that tells you that just from something so basic as locking our phone. Now when we think about all of our physical keys, Len, I mean, do you have one key that unlocks your office, your car, your house, your bank?
Len Sipes: Nope. Nope.
Will Marling: No! We have multiple keys. Why? – Because we want to make it a little more complex than having a master key but what happens is – and this is kind of that password thing – password attitudes are, “Well, it’s a master key.” We use the password for everything, or we use the same email address as the identity, and we’ve just simply got to change that. Why do we do that? – Well, it’s convenient. Why do we need to change it? – We need to create a little bit of inconvenience for ourselves, yes, but more so for a potential perpetrator.
Len Sipes: The bottom line is that we’re making it ridiculously easy for people to rip us off.
Will Marling: That’s it! That’s it.
Len Sipes: By weak passwords, by not locking our phones, by not locking our tablets, by having, again, weak passwords in terms of our computers.
Will Marling: That’s right, and so it really is changing our thinking. I believe we can do that because once we realize that it doesn’t have to be always this complex and always this inconvenient, but sometimes it’s just changing our behavior slightly like, you know, I quickly now unlock my phone. It automatically locks after a minute. I can quickly unlock it. Is it an inconvenience? – Well, only slightly because I don’t think anything about it now. It’s rote muscle memory, and so boom, I unlock it. We had a phone that was lost by actually the repair company that was fixing it, and that’s a completely separate irritating story. It’s my teenage son’s phone that we had repaired and they lost it, and you know it was interesting that his reaction to that, he immediately got the implications of somebody having his phone. He was concerned that they would put information on his, you know, Instagram and social networking information and this kind of thing. I mean, he was far more concerned about that threat to his personal information as he was to the actual device. I, of course, was thinking about both because these devices, you know, can cost us some money. But there is this emotional concern, and it’s an understandable one, and when we get that as a victim assistance organization, we get that this stuff creates trauma for people and that’s why we’re always very validating. – And in our world today, quite honestly, sometimes when people hear about a cyber crime, they call it a white-collar crime or a paper crime as if it’s less harmful, and quite frankly we’ve dealt with victims of these things that their lives have been absolutely destroyed.
Len Sipes: Yeah, and that’s a big part of it that we’re not recognizing.
Will Marling: That’s right.
Len Sipes: But let me re-introduce you, Will. Ladies and gentlemen, we’re halfway through the program, Will Marling, the Executive Director of the National Organization for Victim Assistance – www.trynova. org. – T-R-Y-N-O-V-A.org. www.trynova.org. 800-879-6682. 800-879-6682 for the National Association for Victim Assistance. We’re doing a show today on Cyber Safety but what we’re talking about is fraud. We’re talking about personal safety. We’re talking about child safety. We’re talking about computer safety, and when I say computer safety, your Smartphone is a computer. Your tablet is a computer. It’s just as powerful as the PC that sat on my desk just a couple of years ago. So we’re talking about a brand new day and age and, you know, when we are talking about the old issues, Will, years ago regarding the National Organization for Victim Assistance, the solutions would be ridiculously simple. The most burglaries happened through unlocked doors and unlocked windows. When they used forced entry, the locks were inadequate or the doors were inadequate. So it was close your doors, close your windows, put on decent locks, take the key with you from car because a large percentage of car thefts involved keys in the vehicle. So there were very, very, very simple types of explanations that helped you stay safe. There were simple explanations in terms of violent crime, that most rapes happened, the perpetrator knew you, you knew the perpetrator, and often times they happened at residential settings which means the victim often times willingly went into the house of somebody else or invited somebody into their house so the point was don’t do those sort of things unless you absolutely know and trust the person. Does it become that simple in terms of cyber security? I know lock your computer, put on a strong password or pass code – those are the simple steps that people can take that really do help protect them from cyber security. Are there others?
Will Marling: Well, I would affirm what you’re saying that we can start with the basics and that is important. The unique dimension of the cyber world, of course, is that we can be attacked by somebody who lives 10,000 miles away while we’re sleeping. It happens overnight, just like you were describing with your website. So yes, it starts with that. More sophisticated criminal activity can result in sophisticated harm for victims just like with actually some violent crimes and other physical crimes. One thing I want to affirm in the process here is we separate out, like cyber crime is its own thing, and it’s whatever we want to say to the mystery of it, you know. We see the outcome. People think it’s just about lost money. The reality is that cyber crime is also used as a tool to create harm in other ways including violent crime. I talked with a woman who, as a professional victim advocate, she informed me that somebody had assumed her identity on Facebook and built a relationship with a man, and he came to her house and sexually assaulted her.
Len Sipes: Oh, my God. Oh, my God.
Will Marling: Yeah, so there’s an identity theft, there’s a Facebook engagement, and then there’s a sexual assault, and she was telling me this, and I’m a seasoned professional like you, and I was working hard to keep my jaw up. Having thought that I had heard everything, this was standing in front of me. So there are risks there. I’m not trying to raise an alarm as if this is happening to everybody but it does happen, and so let’s start with the basics. Let’s, if it has a lock on our device, use it because this is the one day that we get out of the car and we drop the phone, and the wrong person picks it up, you know.
Len Sipes: Okay, we have an issue with personal information given out on Facebook, given out on other social media sites. I’m told by some pretty knowledgeable people that they no longer run algorithms to figure out your pass codes. Your pass codes can easily be figured out by what you place on your Facebook page and other social media sites. Sometimes we simply give up too much information on our social media sites. The best example of that is, “Bye, everybody. We’re heading out to Cancun for the next two weeks. We’ll talk to you when we get back.” If that’s not an invitation to go and burglarize that house, I don’t know what is.
Will Marling: Well, that’s exactly right, and we’re putting information on, as you described, at too high a levels, and people don’t realize what personal information means. Since perpetrators many times know that people use their pet’s name as a password, for instance, when you put your pet’s name on your Facebook page or your social networking site, you’re giving them that much more. There are algorithms as well but we also address the low-hanging fruit. Since perpetrators know that if they hack an account – let’s say they hack a database of emails and they get passwords – they will find out where else you might have accounts and they’ll start with using that same information because a good percentage of people do that. That’s why we say, you know, not the same lock. Use a different pass code. And a simple tip, if I could give that since we’re talking about this?
Len Sipes: Please.
Will Marling: You can change your password for every account. You just need to use the right code in your own thinking. For instance, if you create a 10-number/symbol core password, and maybe it’s the first letters of your kids’ names and dates of birth in there all mixed up but you’ve memorized that, that becomes your core, and then you change the front and the back as it’s associated with a new account. Just to be simple here by illustration, let’s say you have a Gmail account, so you can start with capital G on your password, your core of 10, and then at the end capital L. So you know you always have the core, but in every account you go to, you know that then if it’s a Yahoo, it starts with a capital Y and then the last word is capital – Yahoo – O. So you never actually have to remember anything more than your core because your account triggers, “Okay, I always do this with every new account.” So every password is different but every password is similar. You see how that works?
Len Sipes: Two-factor identification was introduced by Google and it really is wonderful. – And I’m not going to try to explain two-factor identification beyond the fact that once you’ve entered into two-factor identification, and they send you that code through your phone and you plug it in, it reads the cookies of your site so it doesn’t ask it for you again but so that means every time somebody comes into your Google accounts or your email or anything else, if you have Gmail, then that person not only needs a password, they need two.
Will Marling: Yeah.
Len Sipes: And Twitter and other organizations are starting to introduce two-factor identification.
Will Marling: Yep, and two-factor identification of course can be helpful. In the meantime, we’re recommending in dealing with this that people change, they have a different password for every account, and of course that’s when this discussion is, “Oh, I’ll never remember,” and hence the tip I’m giving – figure out the pattern that you want to use. The thing is a long password will be hacked eventually if somebody wants to camp on it or run a high-powered device to figure out what the password is but nobody’s going to bother because there’s so much low-hanging fruit with password as P-A-S-S-W-O-R-D and that kind of thing that, you know, people aren’t bothering. So we tell people, “Well, raise your fruit. Just do even simple things to make yourself a little less obvious, a little less vulnerable.” You know, there are certain places in town that, you know, I wouldn’t go there at 2 o’clock in the morning, there are no street lights available, I don’t feel safe there. You know, you’d make a choice. And so it’s the similar parallel – let’s just make some choices to change our patterns.
Len Sipes: Well, in terms of the garden-variety of crime that we dealt with previously in terms of National Organization for Victim Assistance, it was, you know, the simple steps can keep you safe. They can dramatically increase the odds of you not being victimized by crime. The same message applies in terms of cyber safety.
Will Marling: That’s right. We commonly tell people too, especially with this data era that we’re in – and it’s different with that because of, like I said, the connectedness that we have – but we tell people when asked for – so people say, “I want some information from you,” it’s okay to ask them, “What for? Why are you asking for that?” I go to hotels, I travel a lot, I check in, I’ve made a reservation or I might have prepaid – I want them to verify my identity but I don’t want them to take my driver’s license and make a color photocopy and stick it in a little plastic file box on the front counter, and that’s what I’ve experienced. I tell them, “I won’t let you do that.” Why? Because you’ve just taken that, and I ask them, “Why do you need to do that?” “Well, it’s just what we do here.” “Well, not with me. I’m not giving you a color digital copy of my driver’s license for somebody to steal.” And when you ask for, we need to move into an age, without being belligerent, but we need to say, “Okay, since this is my stuff,” like if somebody said, “I want to borrow your car,” we would say, “Well, what are you going to do with it? Are you insured? When are you going to return it to me?” Or in the digital age, “How are you going to delete or destroy it when you’re done with it?” – And we/re not asking those questions.
Len Sipes: We only have a couple minutes left. The other part of it is that when somebody contacts you, regardless of what organization they say they’re from – and we all get these emails – then to disregard that email. Don’t go back and use them as contact points. But if your bank sends you an email, just go to the number in terms of looking it up on the computer or calling directory assistance. Call them up and say, “Okay, I supposedly have this email from you. What’s up with this?” Do not use the information provided to do the transaction. Call the organization directly through another channel.
Will Marling: That’s right. Yeah, that’s the age-old phishing but quite frankly, it still works. We’re a National Victim Assistance Organization, Len, and we get people that try to scam on a regular basis.
Len Sipes: Yes. Yes. Yeah.
Will Marling: It’s interesting.
Len Sipes: Just do not willy-nilly give out information just because somebody is asking for it.
Will Marling: That’s exactly right. Ask, “Okay, what do you want it for?” –Because we need to actually verify who’s on the other end of just a phone or an email. There are ways to trace emails, by the way. We can’t address that here but mostly, you know, if people are asking for something, they don’t really need to have it or they wouldn’t be asking, actually.
Len Sipes: Yeah. Well, that’s true but the weird part about it is the fact that I’ve been in the criminal justice system for over four decades. I am as cynical as a cynic could possibly be after 40 years in the criminal justice system and yet I was three-quarters of the way through filling out a form and realizing it was fraudulent, and I was just, “Oh, my God, what am doing? Am I an idiot?” So if it can happen to me, it can happen to anybody.
Will Marling: Yeah. Well for one, Len, I’ve known you for a few years now, and you are not a cynical guy. You’re skeptical.
Len Sipes: Okay, skeptical, skeptical.
Will Marling: There’s a difference because you have that hopeful spirit that we can get stuff done, which is why you have me on, which I appreciate. But, you know, the skepticism is a bit of what we need. There is nothing wrong with being a bit skeptical especially with strangers, unknown email, blank cold calls. We’re allowed to ask questions so let’s do it.
Len Sipes: All right. Will Marling, Executive Director for the National Organization for Victim Assistance, you had the final word. www.trynova.org. www.T-R-Y-N-O-V-A.org. 800-879-6682. 800-879-6682. What we talked about today is use good passwords. Lock your portable devices. Lock your computers. Do not provide personal information on social media sites. Change those passwords for every account that you have, and don’t comply with every request for information over the internet.
Ladies and gentlemen, we appreciate your calls, we appreciate your comments, we even appreciate your criticisms, and we want everybody to have themselves a very, very pleasant day.
[Audio Ends]
