In our last post, we summarized our inquiry into the City of Austin Police Department’s Digital Analysis Response Team’s (DART) Operation Wardrive, concluding that it was now up to the City to provide the documents responsive to our open records request which the Office of the Attorney General (OAG) declared were not exempt from disclosure. In a letter dated December 16th (notably well within the ten calendar day deadline initiated on December 13th), the City of Austin responded by postal mail with copies of the remaining documents.
Here’s the cover letter and documents:
Included were two new documents: an “Operational Briefing” and a “Synopsis of Operation.” The operation objective is worth reproducing in full:
Crack down on unsecured wireless networks in residential neighborhoods.
The Austin Police DART Unit plans to conduct a ‘wardriving’ mission around select Austin neighborhoods in an effort to educate its citizens to secure their wireless networks.
‘Wardriving’ refers to the technique of searching for unsecured wireless networks by driving the streets armed simply with a laptop or smartphone seeking network connections. When unsecured networks are found, the Police detectives will pay a friendly visit to the household or small business, informing them of the risks they are exposing themselves to and attempt to assist in securing their wireless network.
The Synopsis provides a little additional information:
Detectives should log the locations where they have made contact with residents and identify them on provided activity sheet.
There are a few items worth emphasizing here:
- EFF Austin requested “All documents and communications related to the selection and identification of Austin locations, neighborhoods, and/or individual citizens that will be targeted by ‘Operation Wardrive'”. The Briefing specifies target locations as “Austin Neighborhoods,” while the objective mentions “select Austin neighborhoods.” We are left to presume the neighborhoods selected would be left to the recognizance of DART detectives or decided and communicated off-the-record, perhaps during the 30-minute briefing on September 22nd prior to the operation.
- EFF Austin requested “All documents and communications related to the devices, software, and other technologies that will be utilized to identify Austin locations with unencrypted broadband networks.” The Briefing indicates wardriving may be practiced “simply with a laptop or smartphone seeking network connections” but does not explicitly declare this as the tools or techniques DART would be deploying.
- EFF Austin requested “All documents and communications related to the policies governing the protection and security of the information obtained during ‘Operation Wardrive'”. The Synopsis instructs detectives to log the names and addresses of individual citizens they paid “friendly visit[s]” to, thus creating public records of open wireless access points – one of EFF Austin’s original concerns.
- Perhaps most revealingly, EFF Austin requested “All documents and communications related to The City of Austin’s, Austin Police Department’s, the Digital Analysis Response Team’s, or other Austin governmental agency’s recommendations and/or suggested practices for securing wireless broadband networks.” We did not receive a single document, nor can we find a single sentence responsive to this inquiry, leaving one to ask: how could DART “Crack down on unsecured wireless networks in residential neighborhoods” if the City of Austin was unable to locate a single document explaining how citizens or detectives are supposed to go about securing those networks?
Perhaps DART detectives have received special training towards that end…
Standard Operating Procedures
The last document included in the City’s response was an unredacted version of the APD DART Standard Operating Procedures (SOP), available in the embed above. The City provided EFF Austin with a redacted version of the SOP while appealing to the Office of the Attorney General, insisting that disclosure might interfere with law enforcement and crime prevention efforts. The OAG disagreed, forcing the City to release the complete document. It is an interesting read we encourage you to review, revealing the marching orders of one of the most venerable computer forensics and cybercrime prevention units in the country.
Within the previously censored sections of the document, EFF Austin found an item that might be worth further exploration.
The duties of the Sergeant of DART, the ranking officer of what appears to be a team of five detectives, are described in section .05.C.1 under “Personnel Duties, Authority, and Responsibilities.” Item “aa” on page 5 states:
Act as unit coordinator with the Austin Metro High Tech Foundation (AMHTF) Board of Directors:
- Prepare annual budget for December meeting which projects anticipated expenditures of the AMHTF monies over the upcoming calendar year.
- Supervise expenditures of these budgeted monies over the budget year and authorize all expenditures from these monies.
- Prepare annual reports for the board of directors meetings itemizing budgeted expenditures for the previous year.
- Prepare reimbursement request(s) for the AMHTF, as needed, to recover monies from authorized expenditures. Provide a receipt for all items in the reimbursement request.
- Authorize disbursements from and provide accounting on the travel and training fund provided by the AMHTF.
What is the Austin Metro High Tech Foundation? Some historical perspective can be found at what appears to be the Foundation’s most recent website, a lonely Geocities relic worthy of review for its quirky mid-90’s Internet aesthetic alone. Quoting from the site:
The Austin Metro High Tech Foundation (AMHTF) is an organization founded by local companies and law enforcement personnel to battle high-tech crime in the Austin Metro area. The Foundation began in mid-1994, when seven area security managers decided to join with local law enforcement to form a policing unit dedicated to investigating high-tech crimes.
Since 1994, the Foundation membership has grown, along with the expertise of the law enforcement personnel assigned to high-tech crimes.
And what does the Foundation do – or rather what did the Foundation do at this time?
Foundation members provide funds, training and in-kind donations to support the law enforcement community’s high-tech crime efforts. The funds are used for education, equipment and travel required by law enforcement personnel. The benefit to members is the increase in prosecutions and restitution associated with high-tech crimes.
This 1999 LA Times story (“Tech Firms Pay Police Agencies to Fight Cyber Crime”) mentions the Austin foundation, and its byline (“Law enforcement: Intel funds sheriff’s unit that chases computer pirates. Some fear conflict of interest.”) hints at reasons why AMHTF may opt for a low profile.
This is not to say funding from the Foundation is without cause or merit; from the article:
When losses mounted from armed robberies at computer chip plants in Austin in the early ’90s, the city’s high-tech companies decided to finance a private nonprofit group to train officers to deal with the problem. Through the Austin Metro High Tech Foundation, firms including IBM and Dell Computer Corp. annually donate up to $10,000 each for investigators’ training, travel and equipment.
In return, businesses–including Applied Micro Devices, National Instruments and Motorola Corp.–say they expect law enforcement to treat computer crime as seriously as drugs and gang violence.
In 1999, according to the article’s author, public sentiment was decidedly mixed on the appropriateness of private corporations funding specific law enforcement efforts narrowly focused on crime prevention within their business sector. Is that the cause for AMHTF deciding to assume a low public profile? Is that the reason why public servants of the City of Austin attempted to perpetuate the Foundation’s low profile through selective application of the secrecy attendant on the darkness of redaction?
In the cleansing sunlight, perhaps we’ll see.