Solution Ideas by Al Mac

8/7/2013 11:06:36 PM

Solution Ideas
Solving national challenges.
Ideas from Alister William Macintyre Last updated 2013 Aug 07
Version 0.7

Table of Contents
Solution Ideas Introduction................................................................................................. 2 Al’s other notes ........................................................................................................... 2 Gov Id including ADA & IRS ............................................................................................ 3 A better system via the Post Office................................................................................. 5 More Postal Services....................................................................................................... 6 Extend Common Carrier ..................................................................................................... 7 Improve Info for Investigations .......................................................................................... 8 ID Theft and the IRS....................................................................................................... 9 Mac suggests............................................................................................................. 10 Disabling Internet Crime Opportunities........................................................................ 14 Mapping Crime Friends ............................................................................................ 15 Measuring Dirty Data ............................................................................................... 15 Internet Crime Patterns – Data Breaches ...................................................................... 16 Internet Crime Patterns - Phishing................................................................................ 18 Improve Tech for Justice .................................................................................................. 21 Botched Police Raids ........................................................................................................ 23 Medical backup ............................................................................................................. 24 Demographic backup .................................................................................................... 25 Police challenges........................................................................................................... 26 Indoor Maps ...................................................................................................................... 26 Economic Embezzlement.................................................................................................. 29 ISO Tutorial .................................................................................................................. 31 Personal Experience...................................................................................................... 33 More challenges ................................................................................................................ 34 False DNA .................................................................................................................... 34 Bogus Fingerprint Evidence ......................................................................................... 35 Faking Phone Records .................................................................................................. 36 Revision Notes .................................................................................................................. 36 Blurb ......................................................................................................................... 37


Solutions in National Security folder


Solution Ideas by Al Mac

8/7/2013 11:06:36 PM

Solution Ideas Introduction (3 Aug 7)
I became semi-retired late in 2009, and soon had a new hobby of researching hot topics in the news:  What the heck is really going on?  Why have we not fixed this problem?  Pros & Cons of various proposed solutions?  My ideas about solving or mitigating the situation. There are some challenges which cross multiple areas, so here are my thoughts on solving some problems which do not fit into the narrower focus areas, of my other research notes.
Al’s other notes

You can find some of my other research notes here:  Critical Infrastructure1 = reports, and analysis, addressing serious problems with, and threats to, topics such as: o Border Protection; o Cyber Security; o Economy; o National Security; o Pipelines; o More to be added in the future.  Disaster Avoidance2 = a collection of write-ups regarding various disasters and crises: what happened; various solutions proposed by me and others, to help mitigate the next time.  Drone3 Info:4 = How drones are being used worldwide, inside the USA, changing capabilities, and discussion issues. o My notes are in the form of the word Drone, one word that is the sub-topic focus area, and an X.XX version # edition. o Other documents usually are named with identity of original publisher, summary of content topic, then date vintage.

1 2

http://www.scribd.com/collections/4108500/Critical-Infrastructure https://docs.google.com/folder/d/0B9euafJH4bZMTA0YTM0YzktNTI0YS00NjVhLTg5NTItY2RiZjhiM2MzODkw/edit 3 http://www.scribd.com/collections/3807680/Drone-Info 4 https://docs.google.com/folder/d/0B9euafJH4b-ZLWR0bmZLS3d5OVk/edit http://www.scribd.com/my_document_collections/3807680


Solutions in National Security folder


Solution Ideas by Al Mac

8/7/2013 11:06:36 PM

 Haiti Research5 = I look into a bunch of topics in aftermath of 2010 Jan earthquake, which devastated their capital city, and some other cities. These notes are getting to be of reasonable size. When I started, I just had a handful of ideas which did not logically fit into any of my main focus research. But now I have a significant growing number, so I will start labeling approx vintage of when various chapters were last updated, like I also do with my larger research notes. 3 Aug 7 = 2003 August 07 was date I last updated some chapter. 3 July = 2003 July was when I last updated some chapter.

Gov Id including ADA & IRS (3 Aug 7)
Gov = Government Id = Identity IRS = US Internal Revenue Service People need an Id, issued by the state government, for access to many services. We need a photo id to get into many government buildings. Typically that id needs to be issued as a person approaches adult-hood, because a school student id is not accepted for id purposes outside of school. Those with a driver’s license, that serves as a government id, but if we cannot get a driver license, perhaps because we are too old to have good vision etc. then instead we get a state id, which cannot be used as a driver license, and we get it from the same government agency which issues the driver licenses. I think people with disabilities, need to have a code on their state id card, with info about what their disability is, which police officers would be trained to notice, when people show their id. This is because law enforcement often does not believe statements by suspects, regarding nature of their disabilities, when there is an encounter between the suspect and law enforcement.6 I believe the federal government should amend the Americans with Disability Act, 7
5 6

http://www.haiti.prizm.org/ http://reason.com/blog/2013/07/30/serially-sued-utah-trooper-faces-new-law 7 http://www.eeoc.gov/facts/fs-ada.html http://www.ada.gov/pubs/ada.htm


Solutions in National Security folder

wikipedia.gov/2012AnnualReport http://www. I expected that in 2013-2014 there will be over a million tax payers victimized by identity theft with the IRS. In 2012. https://en. and in the process improve the Post Office’s financial stability.gov/2012-Annual-Report/identity-theft/ http://www.accountingtoday.irs. Then I address what needs to be done at the IRS.scribd. who were not previously victimized. The volume of victims is skyrocketing each year.8 At the rate of growth. to reverse this trend. Next there is what the Post Office can do about it. with more and more millions in the years ahead.com/blogs/on-the-money/domestic-taxes/276369-advocate-irs-efforts-on-identity-theft-lacking http://www. and unfriendly to real people.taxpayeradvocate. we find that my expectation was valid. and the crooks know it. 10 http://www. I think there are several things which can. the IRS received ½ million new cases of tax payer identity theft victims. as of 2012. Then most of them get extra identification info.com/news/IRS-Not-Doing-Enough-Help-Identity-Theft-Victims-65292-1. so that in all future years they will have less hassles.4 Solution Ideas by Al Mac 8/7/2013 11:06:36 PM to request state governments to do this.com/doc/142707892/IRS-NGO-Al-Mac 4 Solutions in National Security folder . who typically had to go thru 6 months of hassles with the IRS before they could prove they were the real person. That is exactly what is happening. and should be done. These Solution Ideas share some of my ideas about that. but still some hassles. and the trend continues. but many branches of government seem illequipped to handle this in an efficient manner. because the IRS does not appear to be competent to distinguish a valid tax return from an identity fraud one.10 as of 2013.usatoday.org/wiki/Americans_with_Disabilities_Act_of_1990 8 http://www. had not filed any fraudulent tax return.taxpayeradvocate. resulting in many services being friendly to identity theft criminals.com/story/money/business/2013/01/09/irs-identity-theft-response-criticized/1819003/ http://thehill. walking off with $billions in tax payer money each year.html 9 See my IRS Scandals research notes for additional statistics.9 Well. We need to be able to prove who we are to get all kinds of government services.irs. through fraudulent returns in need of tax refunds. in my IRS Scandals research notes.

it took them months before I got my Medicare “card”. when my driver license expired. but there’s a training issue. It has my picture on the front. I had to show them a mountain of paperwork to establish my identity. then the process can take months. GAO. accused of being illegal immigrants. for people to establish their identity with the government. and six months later they screwed up my records. can swipe that bar 5 Solutions in National Security folder . some biometric statistics (dimensions. with astronomical government waste. The US Post Office is looking for more ways to make money. When I became eligible for Medicare. and other interested parties. have found that government agencies typically have 5-10% error rates.). and other inspections. Agencies. registered with the state government. in early 2012. and on the back is a bar code. Multiply that by millions of people. due to screwed up government records. whose records are not screwed up by the government. and profit by doing so. because their government records are screwed up. I recognize that some people cannot get a driver license. some of them experiencing denial of basic rights which stem from the constitution and how our civilization is structured. Each time we need to interact with some other government agency.5 Solution Ideas by Al Mac 8/7/2013 11:06:36 PM I needed to get REAL ID. than the law requires. I had to take a mountain of paperwork to the driver license bureau to establish my identity. it is alleged that a much smaller mountain is needed. Many born here Americans have been deported. I went to the Social Security office to apply. eye color. there are still excessive hassles. So for the lucky majority. When it is time for renewal. I now have a REAL ID. we need to show them a mountain of paperwork to establish our identity. and you are talking real big numbers of people inconvenienced. I think they can help solve this mess. and it still took them six months before it was issued. which cannot be fixed. I have an idea for a better system. I am now almost age 70. where some workers think more paperwork is needed. etc. A better system via the Post Office (3 Jan) A better system is needed.

6 Solutions in National Security folder . and our new address. There would be check boxes: various government agencies (used by many people) can be checked off. and the Post Office sees to it that all those agencies are notified of our address change. or not know the right government address to send to. unless I. like the IRS. you can withdraw some money from that account. 11 See the state record. Go to any Post Office in the land. My identity has now been established. show your id. More Postal Services (3 Aug 7) When we have a snail mail address change. driver license agency etc. and with my appearance in person. or some confederate. At the Post Office. have successfully hacked into state computers.6 Solution Ideas by Al Mac 8/7/2013 11:06:36 PM code and see the state record associated with the issuing of that license. the photo they have on me. with room to write in some names (used by less people). need to be notified. the card is not a counterfeit. Count up the # of checked off boxes. if we have just done this. and not some identity theft crook. making them like a national bank. or state income tax people. The Post Office could offer a WE DO IT service. not change it. or use it as collateral for a credit card transaction. and affix that to a document to go by secure snail mail to some government agency. It is very easy to overlook some place. using name of an id theft victim. add some. they can make a registered copy of the bar code. the Post Office supplies a kit with post cards for us to notify a ton of places. The Post Office has our old address. so now THEY know that the person who sent in the return was the REAL ID person. British Post Offices offer savings accounts. The check boxes serve as a useful reminder that various Tax authorities. Would that model fly in the USA? In my IRS Scandals research notes.11 If this agrees with what the card says. which can go on a special form reprinted with this info for this purpose.12 I share the problem of crooks receiving government mail. pay the Post Office a fee times the count.

water. the US Post Office could be notified.  what we buy from bookstores. or whoever is moderating the Internet 12 http://www. The content is believed to be the property of the people sending the info.  patterns of our use of electricity. the business of institutions we voluntarily choose to share it with. common carrier protection should be extended to institutional activity which reflects the modern age of technology.  what we post to social media. and a copy of the vacant home status info. what TV shows we watch.  what we studied in school. like discussion groups. such as for Facebook friends and family only. until the home gets a new legal occupant.  cell phones. etc. Same deal with phone land lines. we do NOT arrest the mail man. blogs. plumbing. and the business of the product or service provider. the US Post Office sends to the sender an image of the envelope to-from address particulars. our grades. garbage disposal. Extend Common Carrier (3 July) What common carrier means is if someone sends a criminal activity via snail mail.7 Solution Ideas by Al Mac 8/7/2013 11:06:36 PM and address of a vacant foreclosed house. If. without being traced. so their privacy gets legal protection.com/doc/142707892/IRS-NGO-Al-Mac 7 Solutions in National Security folder . borrow from public libraries. our access to other sources of knowledge. where it is easy for them to get the mail. in my opinion. so the address can be flagged. gas. like:  E-mail. forums. This kind of info is OUR business. when that info is not coded open to the public. Then when any government snail mail is sent to that address. without constitutional protections. when a home becomes vacant due to foreclosure.  info in the black boxes in our automobiles. This could fix problems at a lot more government agencies than the IRS. any trouble we got accused of. nor charge the Post Office with being part of organized crime.scribd. the business of our friends family co-workers whoever we choose to share the info with.

what is known about those sites. DARPA might be the appropriate agency to offer funding for the development of any necessary tools not already in the hands of relevant investigative agencies. I envisage a combined architecture which could work as follows: 1. but they must report it to FISA within 48 hours. LINUX. to get retroactive approval.14 other Internet resources.wikipedia. Improve Info for Investigations (3 July) The government should also have good tools to access and decipher our info. UNIX. and it is too urgent to wait for a judge to sign off on it. but we do not recognize the language they are speaking in. solve a serious crime. 13 http://www. or repair of improper activity. The tools to search this stuff. It is like a drone intercepting a discussion between suspected enemies. I want that access to be documented for review by the courts like what is done with FISA. Many main domains also have WHOSIS services which show who is in charge of each sub-domain. for suspicious content. Investigators have tools similar to Google search. with the material in a variety of computer languages. can be different for every unique combination.mil/ https://en. I don’t know how common this is. I recognize that there are emergency situations. once they get that judicial authority. but the government should get a warrant signed by a judge. various IBM OS. Different people’s personal computer systems. where the police need immediate access to data to help save lives. However.. Novell. and business networks. human languages. there 8 Solutions in National Security folder . DARPA13 = US Defense Advanced Research Projects Agency. to justify their grabbing of data from places which have data that they think might help in some investigation. others).darpa. function on a variety of different operating systems (Microsoft Windows. WHOSIS. data base systems. where the FBI is allowed to do anything they please. before demanding access to this data.org/wiki/DARPA 14 WHOSIS is a system where people can find out who is the official owner of a main domain. to tell them what web sites exist. It is a standard part of the plots of many TV shows about cops.8 Solution Ideas by Al Mac 8/7/2013 11:06:36 PM discussion area. and types of aps (applications). I want local and state police to be placed under a similar burden.

serial # of device so its purchase history can be verified that WE bought it. get recognized by the OS. e-mail. which can come thru a judge’s warrant. or on any connected devices. or permission of the people in charge of the site. which can be granted by the people in charge of the site. For info on this reality. to drain confidential and proprietary info without the personnel there being any the wiser. there could be tools for people on networks to find such info from whatever data structures. the type and volume of data flowing thru it. social networking. do an Internet search for combination of KNUJON and REGISTRAR. 99% of Internet crime is perpetuated by sites enabled by approx a dozen registrars.17 I share tons of examples. and handshake configured correctly for them to work. but it has also made the reality criminal-friendly. to find key words in documents. and what other tools are needed to search that info. ID Theft and the IRS (3 Aug 7) In my IRS Scandals research notes. spread sheets. so the Internet criminals gravitate to those registrars. 16 There is also a need to improve human access to map of connected devices. is are a handful of domain registrars which are not following ICANN standards. aps. It has made it so that devices connected to a PC or network. Investigators get authority to investigate those sites. as opposed to suspicion of criminality breach. 4. without good tools to analyze that data. Where Google Desktop permits someone with Microsoft Windows to search what’s on their PC. of id theft. KNUJON (no junk backwards) has an annual report. and a legal structure to permit access to everything imaginable.. provided the authorities show proper clearance to have that access. 17 http://www. not found on all computer systems in current use. illustrating a big picture: 1.9 Solution Ideas by Al Mac 8/7/2013 11:06:36 PM 2. One of the fastest growing areas. when there is good cause. court like FISA. and room for someone to add comments regarding who in the organization authorized this connection. A series of tools are used to learn more about the specifics of the data at the site. A more serious question is how come ICANN permits this violation of standards to continue. money is better spent developing good analysis tools. are found on the networks. So instead of the government building copies of all Internet and other traffic. where unauthorized devices can easily be attached. some emergency suspicion to later get court review.16 limited by security clearance. or the manufacturers of the network resources. Identity Theft has been the fastest growing white collar crime for some time. What we need is a human map of everything the Plug & Play has accepted. Plug and Play is a relatively recent development. with a log of when this got connected. 15 See Extend Common Carrier chapter.15 3. back tracing Internet criminality to the organizations which enable it.com/doc/142707892/IRS-NGO-Al-Mac 9 Solutions in National Security folder .scribd. relieving the computer technicians of enormous workload. perhaps within the last decade. for more info on some of these choices. etc. OS.

but this is a drop in a bucket. I feel that many of the suggestions do not go far enough. Traffic Cop suggestion from NTA. There are various lists. buying things on credit. of people who logically would not be opening accounts.  TIGTA on Id Theft scale. see the following chapters in my IRS Scandals research notes:18  Big picture of id theft refund problem. Many watchdog organizations. created to help credit agencies detect possible fraud. including IDT4 (stolen wallet of taxpayer). The ID theft tax crimes are growing much faster. and even legislation. The trend is an increase in the damage. and new born children. but the IRS has been slow to accept such input. have provided the IRS with many suggestions. where people using other people’s identities impinges on tax returns. which have stopped many tax crimes.scribd. Crooks are using those lists to file fraudulent tax returns on those people’s SSN. convicted many tax criminals. leading to both tax crimes and massive hassles for the id theft victims.  IRS struggles with id theft tax refunds. We now have millions of new taxpayer victims every year. and other government agencies. 3. The IRS has reacted to the ID theft epidemic with massive efforts. The IRS also needs to be accessing those lists. Plus maybe some of those lists should be more selective on who all can have access to them. when they are dealing with the IRS.  Glossary of terms.com/doc/142707892/IRS-NGO-Al-Mac 10 Solutions in National Security folder . 2. Mac suggests (3 Aug 7) For more info on problems compounded by the IRS having a Rube Goldberg approach to dealing with Id Theft. The IRS is working hard. looking for suspicious ones. as part of its filtering of tax returns. 18 http://www. so the IRS can implement improvements in the battle. and $billions of fraudulent tax refunds going to the id theft criminals. not smart. for good solutions. such as dead people. than the impact of IRS fighting back.10 Solution Ideas by Al Mac 8/7/2013 11:06:36 PM its use for tax crimes.

 List of SSNs issued to new born children. The IRS also has to cope with the id theft crooks calling the IRS. for an hour or more. if we are phoning from our home or wherever. I have called other government offices. When people call the IRS with tax problems. such as:  List of SSNs of dead people. and who is the parent or guardian. pretending to be the real taxpayer. Then when tax returns arrive on that new born. listening to the music etc. and/or record a voice message. and been kept on the line. showing date of birth. they use Caller id and phone directory info to confirm that this call is coming from the residence of the taxpayer. If not. before a real person talks with them. which are inconsistent with what we would expect of a child of that age. 19 20 Some. that the IRS open an account on that new born. to seek good id on who that person is. If it is not the taxpayer. US Dept of Health & Human Services (HHS) has a data base of wage and employment info submitted by federal and state agencies which oversee employer reporting about who is in the US work force. but not all prisons. Someone is paying the phone company an arm and a leg for these phone calls when we are kept waiting. We would give some info about our identity.19  List of SSNs of people who are employed in the USA. the IRS consider it suspicious. such as last 4 digits of SSN.  Lists of SSNs of people in prison. When this call gets to IRS person. there would then be need to show authorization to access the taxpayer info. they are kept on the line for an average of at least ½ hour. the police might be dispatched to the location of the phone. Instead. 11 Solutions in National Security folder . but legislative action may be needed to help implement IRS access to data bases of other government agencies.11 Solution Ideas by Al Mac 8/7/2013 11:06:36 PM The IRS could reduce the impact of id theft tax crimes.20 I suggest that when a SSN is issued to a new born. are supplying this info to the IRS. I suggest an option to use touch tone phone with one of those damn menus.

they are not yet checking to see if the contact info on the request for refund. there is the name of the manufacturer.  Years ago. Thus one unresolved challenge is when the criminal calls the IRS. which do not have to pay US taxes on their US operations. or a tax preparing outfit. keep the caller on the line long enough for local police to join the caller. is registered to either that taxpayer. So some people.22  This is like a 5 story office building in the Caymen Islands which is allegedly home to 18 million different corporations. until the home gets a new legal occupant. and sometimes the address is a vacant home due to foreclosure. were copying the identical number many times. the US Post Office is notified. claiming to be the taxpayer. or organizes their records. This discovery was soon after one of them got stolen. over years if not decades of thousands of different refunds to be sent to one bank account.21 until 2013.12 Solution Ideas by Al Mac 8/7/2013 11:06:36 PM Many different tax returns claim refunds. in the names of many different tax payers. had the identical vehicle registration-id.patch. 12 Solutions in National Security folder . while the notion of the same address being used for tax refunds for many different people. recording auto registration #s. so the address can be flagged.  The same kind of phenomena can occur in other areas of government work. When that name is read upside down. I lived in Cincinnati Ohio. The explanation: When someone is looking at an engine block. This could fix problems at a lot more government agencies than the IRS. Then if mismatch. to verify identity. or on behalf of thousands of taxpayers residing at a street address with room for only a dozen people. and not realizing there was that duplication. to be sent to bank accounts which are NOT in the names of those tax payers. There was a discovery that thousands of automobiles registered in the state. to different paperwork. the IRS could check to see if the phone # for which the caller is using. every car should have a unique id. and a copy of the vacant home status info. because their HQ is located there. This idea has not yet occurred to the IRS. the US Post Office sends to the sender an image of the envelope to-from address particulars. employer. However. it looks like a number. is now suspicious for the IRS. so that they never see the duplication. when in theory. With caller-id. matches the real tax payer. Only the US government believes these types of figures. 22 http://seminoleheights. The IRS did not get suspicious.com/groups/editors-picks/p/epic-tax-scam-uncovered-in-tampa See time line for IRS very recently waking up to the notion that this might be a problem. for some manufacturers. Then when any government snail mail is sent to that address. 21 Suggestion: When a home becomes vacant due to foreclosure.

the IRS arranged with banking institutions. or was first discovered by IRS. which shows how many days months years it has been in the system. because after all they have different duties to perform with the contaminated tax returns. In 2013. There is also a potential problem with bank accounts recently opened. Here’s what I would do. or had good reason to open an account at a different bank. I further suggest a consistent priority be assigned. I don’t understand why it would take that long. giving different stories. I think this should be further modified. they have to deal with all these overlapping offices. multiple payments by the IRS to people of different names at the identical address. to accept as valid. so that resolution can be prioritized based on date the complaint entered IRS. they would tackle those with the oldest discovery date first.13 Solution Ideas by Al Mac 8/7/2013 11:06:36 PM In 2013.” Meanwhile. where the name of the taxpayer on the refund is not the same as the name on the bank account. if I was dealing with that issue at the IRS: 13 Solutions in National Security folder . The IRS uses a silo-FIFO mentality where approx 30 different functional unit offices of the IRS tackle different aspects of tax returns contaminated by id theft.” Or whatever. such as social security. Each unit says “We got our part done in 60 days. irrespective of functional unit. the bank is to return the check. I suggest this reform also apply to other government payments. if the person recently moved. which this system does not solve. in the name of the victim of the id theft. When an id theft is reported to the IRS. people who are known relatives of each other. for the taxpayer. so the IRS overall says “We are doing a good job. the IRS started considering as suspicious. from outside the process of income tax returns. The account could be legitimate. Thus instead of each silo having FIFO (first in first out) that got to their silo. If the IRS does a refund to a bank account. it takes the IRS on the average of 151 days to resolve what they need to do about that.

25 The report would be a guide to understanding many risks I have shared in these notes.  Fusion Report on Data Reliability = a proposed report which probably does not now exist. and also shared by other interested parties. or the IRS office. 25 I spell out a possible starting framework for such a report in my chapter: Mapping Crime Friends. 24 ID PIN is used by taxpayer in all subsequent filings with the IRS. First a summary of the proposals. Here I will suggest possible Fusion Report(s) to help fill that gap. to alert them to suspected risks. which were filed on or after the date of the id theft incident. as of mid 2013. and what can be done about them. identifying it as one which is a victim of id theft. or office of IRS near that community. 2. and millions of victims. with new editions every year or so.14 Solution Ideas by Al Mac 8/7/2013 11:06:36 PM 1. This contributes to epidemics of Internet crime. but I am suggesting that there is a need for one. with relevant documents to prove who they are. in which at least 10 million taxpayers are so coded. then more detail on each. Place code on the Taxpayer account. so that person can be issued IP PIN. It would also evaluate various ideas on what can be done about these risks. include date of id theft incident (when the wallet was stolen).24 3. and the authorities seem to be oblivious to potential solutions. but I am suggesting that 23 The IRS now has such a coding system. by which I mean organizations whose policy and behavior is Internet Crime-friendly.23 Within that coding. Concurrent with getting the IP PIN to the right person. they can appeal to legislators for standards to put a stop to some of this behavior. and national security investigations. 14 Solutions in National Security folder . Once Law enforcement investigators have a good understanding of this industry. for the taxpayer to meet with law enforcement. Arrange with law enforcement in community of the taxpayer.  Fusion Report on Internet Crime Enablers = a proposed report which probably does not now exist. along with instructions in its usage. Such behavior is not yet illegal.  Fusion Reports = Briefing papers for personnel involved in law enforcement. Disabling Internet Crime Opportunities (3 July) In other chapters I have explained scenarios where organized electronic crime is enabled. to show that they are the real McCoy. review any and all income tax returns on that person.

WHOSIS. see the chapter: Internet Crime Patterns = Phishing. to package a how-to on the overall threats. Measuring Dirty Data (3 July) Government data bases sometimes have serious error rates. Improve Info for Investigators. I suggest a consolidated GAO report charting last know error rate by various parts of government. 29 More info on these challenges in chapters: Economic Embezzlement. can convene meetings of representatives of such organizations as KNUJON. For the big picture on Phishing. 30 For more info. 26 The report would be a reminder what the state of art of standards are across government agencies and private enterprise. and the threat-enablers. the people who do annual reports on Phishing threats. 28 For an overview on Data Breaches. The report should include what other branches of government can do. until it is no longer as flawed. and links to relevant GAO reports for more details. Mapping Crime Friends (3 July) Existing government information sharing structures. summary of implications. and a collective sense of where improvements are most needed. see the chapter: Internet Crime Patterns = Data Breaches.15 Solution Ideas by Al Mac 8/7/2013 11:06:36 PM there is a need for one. implemented after 9/11 2001. we could get at: 26 27 I spell out a possible starting structure for such a report in my chapter: Measuring Dirty Data.  National Security may lack critical data clues to mitigate or avert future problems. Improve Tech for Justice.30 This has serious implications in several areas:  Ordinary people cannot properly interact with government services.27 patterns of Breaches. and help with investigations. The report should also provide comparable statistics from private enterprise. see Identity of Government chapter. the importance of using secondary sources.28 and others. From my clues. 15 Solutions in National Security folder . when relying on this flawed data. See the ISO chapter. Also see footnotes on: Connected Devices. with periodic new editions.29 The resulting report would also be a guide to organizations of expert witnesses who can visit local agency offices to brief personnel on latest threat developments. so we can see what credence to give information sources.

Internet Crime Patterns – Data Breaches (3 July) Several organizations come out with annual reports about patterns of Internet crime. knowing what are the greatest risks. but to see how government compares with private industry.com/verizon-dbir-intellectual-property-and-networks-under-siege-for-months-at-atime/ 32 16 Solutions in National Security folder . But there are implications for the safety and reliability of their products.com/DBIR/2013/ This report is 63 pages.verizonenterprise. when it comes to error rates. plus people. over several 31 UL = Underwriter Laboratories. This proposed consolidated report is not for the purpose of doing anything about lack of standards consistency. Perhaps the area which is doing a better job can help the one doing more poorly. so they can marshal their limited resources most effectively. Some companies may fraudulently claim they meet the standards. as having what level of precision in their data for what specific functions. and data. for their respective industries. or trying to protect against being victims. may have a better sense of how reliable it is. In early 2013. It has been alleged that some imports contain the various stamps of approval that consumers want.  There are similar systems. This can help people who are fighting that crime.16 Solution Ideas by Al Mac 8/7/2013 11:06:36 PM  How many organizations in the USA in fact have ISO certification. in some industries. who use the data.  How many organizations in the USA are registered with various states of the USA?  From the above #s. where the UL organization31 in fact has a list of companies which have earned the certification. Verizon came out with their annual Data Breach Investigations Report (DBIR)32 combining info from investigations they conducted. and other organizations conducted. it is perfectly legal to not follow the standards of the industry. For most industries. without the actual inspection audits to prove their safety. not part of the ISO hierarchy. services. For example UL certifies electrical safety. http://threatpost. we can get an idea of how many legal organizations do not have the relevant certifications. http://www.

34 33 34 https://www.17 Solution Ideas by Al Mac 8/7/2013 11:06:36 PM years. that maybe only 1% are getting a competent investigation. However.php 17 Solutions in National Security folder . or limit misconceptions or miscommunication. from which 1. 2. Except where the report says otherwise.  Page 32 = Microsoft flow chart showing the path by which malware can propagate into a system. and what % of Verizon’s data set went that way.500 breaches over the years.33 There are CERT’s in most all nations. Thus. all charts and statistics refer to the 621 breaches totalling 44 million records in 2012. Unfortunately Microsoft’s system is relevant only for 42% of what is in Verizon’s data set. used a known exploit to trick a user. and dealing with them. to avoid.  VERIS = a public set of standards for language to describe security incidents. so the statistics can be skewed. The report has many illuminating and educational charts and references. They have access to info on 47.org/blogs/insider_threat/2011/08/the_cert_insider_threat_database. these statistics can help guide security training. Unfortunately. there is a high degree of geeky language.000 security incidents in 2012. and the number actually investigated. as with many such reports. Probably not even in the statistics are cases of ordinary people who have to get their PC repaired due to malware getting thru their defenses.veriscommunity. But you can see from the disparity between the number of security incidents they know about. because 80% of what the data set knows about. for which they had specific info about how the breaches occurred. while some have changing percentages of frequency and risk. and counting. have been compromised. when this report was compiled.  CERT = a standards organization for getting reports of risks and breaches. There are several in the USA. with emphasis on changes in patterns of perpetrators of 621 breaches investigated in 2012. I suggest any first time user just skim thru to see the percentages of different kinds of attacks.net/doku.cert. Some patterns are the same year after year.html http://www.1 billion records. it is useful.

via http://securityaffairs. and supplemented with data from several phishing feeds.org/critical-security-controls/ APWG = Anti-Phishing Working Group 37 2013 Apr 30 downloaded APWG Global Phishing Survey report which analyzes phishing attacks detected in the second half of 2012.35 Internet Crime Patterns – Phishing (3 July) Several organizations come out with annual reports about patterns of Internet crime. APWG has learned how the phishers perpetrated those attacks. APWG36 Phishing 2013 April37 30 pages If you are unfamiliar with APWG phishing reports. 21 = lots of charts and graphs depicting basic numbers. This can help people who are fighting that crime. or trying to protect against being victims. location. CNNIC. I name them using a format: 1. but this problem is pretty pervasive across most of them. a trend we see in the wider world of cybercrime. 1 July 2012 through 31 December 2012). 4. ratios. Specifically. knowing what are the greatest risks. When I download docs. 15-16. The APWG phishing repository is the Internet’s most comprehensive archive of phishing and 35 36 https://www. when you get this first one.18 Solution Ideas by Al Mac 8/7/2013 11:06:36 PM  20 most critical cyber security controls for any institution. This report maps trends and their significance by quantifying scope of the global phishing problem. and how much of that is crooked sites (malicious) as opposed to legitimate sites which have been infiltrated. so they can marshal their limited resources most effectively. Some phishers have been breaking into Web hosting providers to great effect.html thanks to heads up from a Linked In cyber security group.sans. market share – total & phishing. Notice that several top level domains have NO phishing from them. and private sources. 22-29 = list of top level domains showing. Maybe a secondary identification aid.co/wordpress/13991/cyber-crime/apwg-globalphishing-survey-report. The data is for 1st & 2nd ½ of 2010 2011 2012. Vintage published. with a few spikes. What is it about. By analyzing phishing which took place in the second half of 2012. The data was collected by the Anti-Phishing Working Group. on a high level? 3. and what defensive measures are and are not working. you might just print some key pages:   5-13. 18-19. What organization published it? 2. this report examines all phishing attacks detected in second half of 2012 (“2H2012”. 18 Solutions in National Security folder .

etc. so that they can be launching pads for many thousands of concurrent attacks against American Banks.) 2. Other domains are registered by the crooks. one of which is the con game known as phishing. are bought and sold by ecriminals.835 domains).apwg.com/connect/articles/banking-scam-revealed Botnet = computers are secretly compromised. for example. Here is some used by the APWG report. (See pages 5-6. and the controls to operate them for such attacks. See Mass Break-in technique. then are infiltrated by crooks. but in my       19 Solutions in National Security folder . Phishers registered more subdomains than regular domain names (pages 16-17).5% (5. APWG calls the crooked domains “malicious registrations” that is. or for launching phishing or other malware. The number of phishing attacks rose due to this technique. http://www. The average and median uptimes of phishing attacks remained lower than the historical average. Cyber Security requires protection from many different kinds of threats.org Here are previous reports: http://www. Clusters of these compromised computers.org ● info@apwg. to help with clarity:   APAC = Anti-Phishing Alliance of China APWG = Anti-Phishing Working Group … they track phishing trends and domains used. can catch SOME of this stuff. while the number of domain names registered by phishers has dropped significantly since early 2011 (pages 11-12). and attacks leveraging these resources represented 47% of all phishing attacks recorded worldwide in the second half of 2012. Major findings in this report include: 1. This behavior is in decline. such as anti-virus. APWG is grateful to CNNIC and the Anti-phishing Alliance of China (APAC) for sharing their data. registering a domain with the full intention of using it just for crooked activity. Of those 6. ccTLD = country code top level domain CNNIC = China Internet Network Information Center https://en.org/wiki/China_Internet_Network_Information_Center Crooked Domains: Some domains start out legitimate.5% of the sites used for launching phishing. and other critical infrastructure.19 Solution Ideas by Al Mac 8/7/2013 11:06:36 PM e-mail fraud activity. This is their aggregate report for July-Dec 2012.wikipedia.org/resources/apwg-reports/ Banking Scam revealed http://www.symantec. Our Internet security.antiphishing. now down to 6. There’s some geeky language in some reports like these. Phishers are breaking into hosting providers with unprecedented success. See KNUJON for further insight about that. using these facilities to launch mass phishing attacks. and used almost exclusively for that. 48% were registered to target China. (Pages 7-8) 3. anti-spam.

then copies it to every host-name served by that main domain. or some branch of our government. the phisher uploads his content there. designed to suck the unsuspecting into malware infection.surbl.fraudwatchinternational.org provides free information on abusive use of url shortener services.com/ gTLD = generic top level domain ICANN = the International standards body which manages Internet naming IDNs = internationalized domain names ISP = Internet Service Provider KNUJON http://www.wikipedia. I suggest you do an Internet search for the latest KNUJON Registrar report.com/ = phishing reported by general public Shared virtual server – see Mass Break-in technique. there has been spear phishing. users need to be vigilant about suspicious patterns.html = preventing becoming a victim. an e-mail service which puts spammers in the slammer. Knujon has contributed to a rapid reduction in these kinds of attacks on me.net/papers/Phishing. Traditionally phishing has not been addressed to us personally. which tracks which registrars of Internet addresses are most criminal-friendly. I have been forwarding my spam to KNUJON (no junk backwards).20       Solution Ideas by Al Mac 8/7/2013 11:06:36 PM         experience. In the 2nd ½ of 2011. Pay Pal = 39% of all phishing attacks were against Pay Pal users Phishing = e-mails and web sites masquerading as something which they are not. which targets people by their specific name.knujon. after I had tried many other services. Solutions in National Security folder 20 . This type of attack has declined in 2012. citizen. https://en. In the last year or so. http://www. this technique accounted for 47% of all phishing attacks recorded world wide.technicalinfo. because internet security services do NOT catch all of it. resident” or whatever announcement allegedly from a place we may do business with. Fraud Watch International http://www. Once the upper domain is penetrated. I notice that phishing claiming to be from my ISP e-mail service has been the most common vector against me.com/ = no junk backwards. phishers broke into domains which host many sub-domains.com/registrars/ For many years now. In recent years. what the industry calls “shared virtual server” which we often find via blogging services.phishtank.org/wiki/Phishing Phishing Guide http://www. but is still a big problem. rather long winded … http://www. SURBL http://www. and analyzes this form of organized e-crime. Mass Break-in technique: Starting in 2011. with content relevant to their employment duties. & not found satisfaction. rather it is a generic “hey customer. There may be a correlation there with some of the results of APWG analysis.knujon.org/ is more user-friendly Phish Tank https://www. so that all web sites on that server display the phishing pages via a custom subdirectory. TLD = top level domain. and/or identity theft victimization.phishing.

US-Cert https://www. which provide hosting services. so they can do something about it.38 We need to encourage more use of video in public places. or “live times” of Phishing attacks = the amount of time any given phishing effort is active. WHOSIS = a service identifying who registered top level domains.us-cert. between the time of launch. where DNA evidence has led to the release from prison. This info is useful only for cyber security authorities trying to hunt down individual crooks. We need to improve ability to track photographs of scenes involved in some altercation calling for legal resolution. balancing needs for government investigations. to when the phisher moves on to a different launch site. Witness testimony is often unreliable. Here is a story of where video evidence disproved police memories of an incident.villagevoice. Some top level domains. Current maps would be enhanced to show what places are public and during what hours … city parks and 38 http://blogs. and unfortunately this is also true for well trained police officers. We have seen. and we need to make it easier for those to be identifiable to photographers.com/runninscared/2013/03/jury_finds_occu. in recent history. I envisage city maps using info from government and banking industry real estate records. of many people convicted by witness testimony.php 21 Solutions in National Security folder . not less. I use KNUJON instead.gov/report-phishing wants people to report phishing to them. expectation of privacy by civilians. Improve Tech for Justice (3 July) We have serious problems in our society. fighting the phishers whom we report. but some places should not be photographed. leading to acquittal of the accused person who most surely would have been found guilty without the video evidence.21  Solution Ideas by Al Mac 8/7/2013 11:06:36 PM   Uptimes. The reality is that we might receive a particular type of phishing attack on a regular basis from different phishing sources. are now providing WHOSIS registration of their sub-domain customers. and technology so that those two needs can be satisfactorily satisfied. One of the purposes of my notes is to figure out ways how we collectively can do a better job. because KNUJON has reports to let us know what progress they are making.

the child is dead. Photography is allowed:  Only after written permission from ….scribd. news media. seek more info about some event after the fact. relative to the map. Title of whom. some evenings. know when the camera is pointed at a location where photography is prohibited.  Family members & authorized guests may take photos. are often predatorfriendly. whose location/time is relevant to the incident. may only be filmed by authorized government employees and contractors. Police could search (with warrant or subpoena) cell tower and wi-fi activity in vicinity of location/time to seek potential witnesses. See in my School Children Abduction Scandal notes where I suggest improvements to the Amber Alert system. in a format which an Internet search can find. or lost forever. Many initial police investigations seem to be distracted by suspicions about broken families. no one else. and routes by which children walk between home and school without adult supervision. By the time police turn to the latter.com/doc/117284229/School-Scandals-and-Abductions 22 Solutions in National Security folder . for national security reasons. excluding bathrooms.22 Solution Ideas by Al Mac 8/7/2013 11:06:36 PM shopping centers are only open to the public during day. police followup. Private areas could have rules supplied by property owners.  Ok to film in places open to public.39 The alleged unsolved problem there is:  School bus stops. an internet search can locate anything uploaded to YouTube or other resources. replace view with an appropriate censorship picture. rather than focusing on possible witnesses to the abduction. location of filming.  We learned from the Boston bombing investigation that crimes can be rapidly solved when authorities have outreach to the 39 http://www. Later camera aps would know GPS location. etc. time of filming. So when some incident investigation.  There are numerous incidents of children being abducted when commuting between home and school.  This place. Camera aps need to include. in sub-titles and keywords. defense discovery.

and what could be done about it in my Boston Bombing notes. o People of various religions. Botched Police Raids (3 April) Here is a map on CATO Police Misconduct site of when and where police in the USA have made paramilitary attacks on some innocent household.42 40 http://www. done serious harm there. that serious crimes can go for years without resolution.40 but I also plan to add some ideas here. and what solutions exist which might mitigate these situations. o People whose personal lives are largely on-line. which are economically viable.  So in my School Children Scandal notes I try to determine if there is evidence to substantiate the alleged patterns of unsolved problems. 41 42 http://www. then said this was a once in a million error.  We learned from the Cleveland Ohio kidnap rescue that when there is a lack of communication between the police and communities. o People who are recent law-abiding immigrants. earliest events at bottom) where I ask “What could have been done differently to avoid this?”. had there been such outreach earlier. Communities can include: o People working and living in some particular geography.com/doc/136142293/Boston-Bombings-2013-April-by-Al-Mac Start near bottom of Time Line (which has most recent on top. then begin to explore multiple answers to that question. with the American Dream.org/ http://www. which are relevant to a bigger picture than any one individual bad incident. o People in various professions. who have expertise which is different from that of police investigators.41 Well.innocentdown.com/2013/03/24/nebraska-police-chase-down-man-video-recordingtheir-abuse-while-second-man-video-records-it-all/ 23 Solutions in National Security folder . combined with fixing the data stovepipe infrastructure I have more info on what we now think went wrong. and the Boston bombing could have been prevented.photographyisnotacrime.cato.scribd. There are other incidents of police killing people that sometimes defies explanation. given pinched budgets of local governments.org/raidmap http://www.23 Solution Ideas by Al Mac 8/7/2013 11:06:36 PM general public. it happens thousands of times all over the USA.

Medical backup (3 March) Would it make sense for police raids to be accompanied by paramedics. I have some ideas on what makes sense. do not know that the invaders are the police.  Innocent victims getting wounded during the raid. do not respond the same way as the criminal world. Survivors of these attacks. such as School Scandals. or family members of the deceased. in case of:  Police officers getting wounded during the raid. It is one of the reasons why US national security has at least two humans killed every day by police guns in the USA. and collect hundreds of thousands of dollars in compensation.  Alleged criminals getting wounded during the raid. I have documented an epidemic. especially when it wakes them from a sound sleep in middle of night. then ruled as something other than homicide. often react badly. or plague. I have much more on gun killing statistics in my Mass Shooting research notes. then considered ideas how best we can mitigate them. parked just outside the place to be raided. Serious criminals have learned. In those. from multiple encounters with paramilitary police raids. pandemic. that they must quickly surrender to avoid being killed. and other research notes. sue the local city governments. Problem: Police training is how to rapidly over power serious criminals. Ordinary law abiding citizens do not know how to react. 24 Solutions in National Security folder . So instead of the police raid personnel trying to rush wounded individuals to get medical attention. of problems. This chaotic reaction is outside what police training anticipates. medical attention is on scene immediately.24 Solution Ideas by Al Mac 8/7/2013 11:06:36 PM These raids accomplish nothing towards fighting whatever alleged crime triggered the decision to launch the raids. Botched Raids are a massive waste of taxpayer money. In this area also.

whatever. someone who would know what it means for the weather service to say that severe weather was arriving imminent. Apartment rental leases. with change of addresses officially and unofficially reported. Had they had a weather professional on staff. he/she could have told them this means they needed to implement their evacuation plan immediately. to be alerted in advance to the expectation that the home they are about to bust into. so that less reliance can be used on those sources in the future.25 Solution Ideas by Al Mac 8/7/2013 11:06:36 PM This notion of expansion. On stand by were ambulance crew. Due to the secrecy surrounding these events. 43 These tools should also be part of the analysis when researching warrants. people with particular medical problems. have as a condition of the lease. is also in my Indiana Fairgrounds Incident notes. Instead. which means the people did not get evacuated in time. and maybe even take some punitive action against the false information sources. which now can be shown they had a wrong address. Some judge signed a warrant authorizing a raid. the public has no idea what kind of follow up is going on to mitigate risk of same thing happening again. elderly. other first responders. Demographic backup (3 March) These botched raids rarely are the pure decision of police. The Post Office knows the names of people receiving snail mail at particular addresses. wrong information. and other government data bases. they are going in blind. police. The process of issuing warrants could access this. In other words. Police are using big data more and more as a predictive tool. heard that warning. When the people in charge. is likely to contain small children.com/software/business-intelligence/big-data-plus-police-workgood-partners/240004290 25 Solutions in National Security folder . disabled. They had thousands of people at a concert. they then had a meeting to discuss what it meant.informationweek. within the same community. but what they really needed was a weather professional. of what types of professionals go on a particular mission. if someone moves 43 http://www. that all residents names be on the lease. They have a data base for mass marketers. There is a paper record of what information was used.

who to contact in case of emergency. Before a police raid is implemented. listing the people officially residing there. phones. Indoor Maps (3 Feb) There have been many recent crises in the news. a state. and woe betide the officer who gets caught making a mistake there. or billionaires.com/help/maps/indoormaps/faqs. Police challenges (3 March) Can the job of the police be made simpler.py?hl=en&answer=1685827 26 Solutions in National Security folder . you have an obligation to inform apartment management of the identity of your new dwelling companion(s). Police officers are expected to know 100% of the laws for nation.html https://support.google.com/gmm/bin/answer. I am glad I do not have their job. 44 https://maps.26 Solution Ideas by Al Mac 8/7/2013 11:06:36 PM in with you. information that was readily available before the crisis. Here is info about Indoor Maps from Google.com/help/maps/indoormaps/ https://maps. Most politicians are millionaires. which sometimes also includes identification of where they work. who do not identify with the needs of poor and middle class people. so the necessary information needs to be organized in such a manner as to be available in such circumstances. compared to the Legislators who decide their income. The police have a horrible job. and local. The only good news in this is that means that IN State Troopers can identify with poor people and the middle class. they can check with the apartment office to get a copy of the latest lease paperwork. where I think that first responders could have done a vastly better job. Indiana State Troopers were on the list. can go down. We must also be aware that in most weather disasters.google. and still need food stamps. had they had access in advance to better information about where they were going. of people who are paid so poorly. where typically there is a loss of power. Internet. the local power. so less prone to error? Our nation's collection of laws are constantly being amended. I saw a year or so ago in newspaper some statistics on people who have jobs.google. and Internet connections. added to.44 This concept may not work for people inside a Natural Disaster immediate aftermath. phones. that their families have to be on food stamps.

an optimal solution would be two separate maps:  Clearly labeled as open to the public.citizencorps. in certain key areas.gov/cert/ which are general disaster relief efforts. which include the Sandy Hook elementary school. intended to help first responders. There are many private cyber security efforts. which require frequent patches. The worlds. this kind of cyber structure can be difficult to manage for administrators of some types of software tools. So any solutions also need to think through data risks. They need to go down for backups and upgrades. Sometimes upgrades introduce new problems with access.  School Safety Scandals. The School Safety notes focus on risks to 27 Solutions in National Security folder .45 or equivalent audit. and major Internet Security services. In Al Mac opinion. Very few data networks are accessible 24x7. in which different users see different levels of detail. While it is possible to have one map. if you are interested in this. Not all indoor maps should be available to the public in the same detail as to first responders. there are also cyber security issues.html 45 Do not confuse CERT = Community Emergency Response Teams https://www. with only the data which should be shared with the public. named Indy Boom. which in Al Mac opinion.46 http://www. to verify that it is not available to unauthorized persons. may be of interest to criminals. Check with Al for more info. which deals with cyber security issues. do not have a good track record when it comes to cyber security. Some of these maps. 46 These are separate and distinct from Al’s notes on Mass Shootings. and the Gun control controversy. findable by Internet search. with CERT = Computer Emergency Readiness Teams https://www.us-cert.  Clearly labeled as government classified. Also see Al Mac notes on  Explosions. SANS.emergencymgmt. or search the Internet for such names as KNUJON. renamed Gas Boom. because of the risk of how criminals and terrorists might use the info. often poorly understood by the clients of the software.com/emergency-blogs/disaster-zone/indoor-google-maps-011913.27 Solution Ideas by Al Mac 8/7/2013 11:06:36 PM In addition to the outage risk. and other trouble makers. or limited access. or whatever the terminology is. and subjected to CERT cyber audit. of government and private industry. are superior to the government cyber security.gov/ and note that such efforts exist for most every government in the world.

which in some communities is a playground for rapists. can have a structure outside the actual buildings. the fire dept would keep them informed on what kinds of software products the fire dept responders can handle. have keys. Different kinds of structures would have different kinds of data. and prefer. where both the building managers. to conduct a rescue. in these safety info sources. the data could include:  Directory of who is on which lease. also on CD-Rom.  Directory of public utilities and other vendors which service the facility.  Directory of phone#s staff persons who work the facility. children commuting between home and school. Periodic inspections of fire safety might also include periodic inspection that this system is functioning as intended. For all building structures which supply this kind of info. large buildings.  All this info on paper. which is seriously lacking in many jurisdictions. the fire dept has everything they need to know. where are shut-offs for public utilities. and what happened to Treyvon Martin. relevant to their kind of occupancy. and prefer. in which there are many other stories just like those scandals. Al also has separate notes on Child Scandals referring to people like Jerry Sandusky. the building managers update what’s in there. to make sure it is current with engineering blueprints and occupancy data.28 Solution Ideas by Al Mac 8/7/2013 11:06:36 PM  Both include mitigation needed. what range of version #s they can handle. 28 Solutions in National Security folder . On a regular basis. separate from the actual buildings. by apartment #. Apartment complexes. and the fire dept. what ages live there. and when it is known how many children. and if version #s involved.  Map of facility. including apartment #s. in format that does not require specialized or latest software to access. such as what vendor would have records of fire extinguisher inspections. and structures where many humans are normally located. In an emergency.  Master key set for access to outer doors of all the buildings. With apartment complexes. pedophiles. duct work accessible to maintenance. and motorists who claim to be ignorant of the function of school bus stop signs.

29 Solution Ideas by Al Mac 8/7/2013 11:06:36 PM Similarly. For those police cars which have Internet access. I believe that maps of schools. and management. There is the kind where an employee is allegedly stealing from the employer. According to the San Francisco Examiner. auditors. labeled “Personal Experience.sfexaminer. Then when someone calls 911 to report some emergency.47 Economic Embezzlement (3 April) For a related topic. the dispatcher can be looking at a map of the building.com/local/education/2013/01/sanfrancisco-schools-plan-shooting-response-drills 48 http://www. to whatever problems are being reported.  And reduction in general exposure to risk of being a victim of white collar crime. see my chapter defining the “Perfect Crime” within my “Boston Bombing” notes. to correlate where the caller is located. and other structures which have large public population like shopping malls and theaters. people of different professions can end up in meaningful discussions of challenges of supply chain information and inter-company infrastructure. leading to new insights.” These can be caught where there is good mutual cooperation between IT people. segments of the maps can be relayed to responding officers.com/local/education/2013/01/san-francisco-schools-plan-shootingresponse-drills#ixzz2I0QWrSumhttp://www. as in examples I supply below. to ask more intelligent questions about the direction. should be copied to be accessible to 911 dispatchers. San Francisco police are getting school floor plans on their smart phones.sfexaminer.scribd. Usually all we can get is two of the three.48 Via social media. 47 http://www. from the caller.com/doc/136142293/Boston-Bombings-2013-April-by-Al-Mac 29 Solutions in National Security folder . There’s several kinds of embezzlement. Here I share some thoughts on:  Improving the quality of our civilization.

the lawyers. A pathway to solving the above. I think the best way to catch this is to maintain industry statistics. How much do we expect certain operations to cost? How much of certain operations do we expect a company to engage in if they are in some type of business? Then. 30 Solutions in National Security folder . might be by applying ISO standards to the financial industry. They really need to employ a guide. or for many different competing enterprises to be in on the same fraud. trying to get info. feeding a lot of nonsense to the enemy. I will try to explain ISO in a later chapter. often come with the wool pulled over their eyes. When a scenario gets into the hands of the lawyers. There is the kind where a company’s personnel are stealing from customers or vendors of the company. and the economy. Consider causes of the recent world wide economic downturn. and inspired this chapter. to maximize their profits. through lack of understanding the industry or the institution.30 Solution Ideas by Al Mac 8/7/2013 11:06:36 PM There is the kind where a company is faking documents or data which are to go to government regulators. 49 I look into this in great detail in my “Economic Disaster” notes.49 This kind of nonsense can be caught only by structural changes in ability to audit the people we do business with. the only way to successfully defraud the government is either to have a conspirator inside the government. an ability which is practically non-existent in most industries. Well in legal discovery. Consider an analogy: You may remember military briefings during the First Gulf War (to liberate Kuwait). and a manual like those for auditors of whatever data systems the institution uses. invariably to get at the truth the lawyers need to know the right questions to ask in the context of industry standards and corporate data practices. where journalists assigned to the briefings were ignorant about the military. like someone who formerly worked there. at the expense of the clients. where Wall Street companies and Mortgage brokers manipulated data they supplied to their clients. so the briefers were able to pull the wool over the eyes of the journalists.

specialized know-how is essential in several key areas:  The industry  The company’s data systems  The company’s internal products and services ISO Tutorial (3 April) This chapter is not intended as a detailed explanation of ISO. They have blue prints detailing how those components must be structured. Instead of different OEM inspection teams visiting us every day of the year. these OEM customers would send inspection teams to our facilities on a regular basis. OEM = Original Equipment Manufacturer. then an independent system of ISO auditors visit the various vendors. Before we adopted ISO. With several hundred customers. there could be different inspection teams on our premises every day.31 Solution Ideas by Al Mac 8/7/2013 11:06:36 PM It does not matter if the lawyers are investigators for a government regulatory agency. Dealing with this was an enormous burden for our management. 31 Solutions in National Security folder . where we were making products for OEM’s. to conduct audits on behalf of all OEMs. etc.51 The OEM’s are various brand names most everyone might recognize from the US consumer market. or lawyers for another company engaged in some kind of dispute. efficiency. With ISO. speed. which we treated as demands to implement as fast as possible. my day job has been in manufacturing. who desire these standards. we now have ISO auditors visiting us every 50 51 ISO = International Standards Organization. and also for the OEM companies sending out such teams to all their vendors. They need components supplied by other vendors. such as my employer. Each team would make recommendations. the various OEMs spelled out what standards they required of their vendors. and Fortune 500 company names. quality. where the vendors figure out how to make them with maximum proficiency. Since the mid 1980’s. to make sure we were in fact making the products to the OEM standards.50 but rather an introduction to its applicability to more industries than where it has been employed so far.

and the concept of continuous improvement. so that as we do business with financial and other institutions. There is also an ISO series for cyber security. and where it needs to implement improvements. institutions which do not tell the truth about this. The ISO auditors supply lists of fixes we need to do. We are at the mercy of companies which have not met the appropriate ISO cyber security standards. that they reveal their ISO cyber security standards in a way that the ISO cyber security auditors can catch. When we use our bank card at a retailer. we have to trust them to be doing things right. The ISO cyber security audit identifies what the company is doing right.32 Solution Ideas by Al Mac 8/7/2013 11:06:36 PM 6 months. This means the inspections are much more detailed than under the each OEM system. and much less intrusive on our operations. and keep that a secret from their customers. categorized into major and minor priorities to implement. and shared in the same way. By supplying the OEMs with this info on all their vendors. and they inform our customer OEMs regarding what standards we are able to maintain. for a multi day visit. so as to protect that outfit from a variety of risks. It is a form of external audit for internal consumption. the OEMs are better able to manage the quality of their supply chain. 32 Solutions in National Security folder . and prosecute. Computer security professionals have come up with standards which need to be maintained at an institution. This info is rarely communicated to the institution’s customers. I also feel that there are other types of ISO standards which should be out there. My view is that consumers need to demand from the places where we do business. My employer participates in the ISO 9000 series. which have the capability of defrauding the public. we can see whether or not they are meeting certain fiduciary standards. which have to do with manufacturing quality standards. This works a bit differently.

and no record of transfer. and they got deposited in someone bank account. so that’s 1% inventory turn-over. so they are selling 1/10 as much merchandise. Sometimes the paperwork is recording the movement of products. I told management that I thought embezzlement was going on. which can take several days in transit. I was having a lot of trouble with assets float.XX a month. Nowadays it is perhaps a couple days. An order is sent for some merchandise.XX a month. in secret from top management of the company. Years later I learned what was going on. Middle managers were serving the interests of the corporation. but in fact floating from one financial institution to another. So “float” was the name for money not yet recorded everywhere. where the motive might be the compensation system. Banks used to take a while to process money deposited.XXX. because the paper checks were being snail mailed. Thus when we wrote checks. vendors. and supposedly has $ XXX. We can also have “float” in the rec ord keeping of transactions between companies. identifying it. but years ago it could be a week or more. One store sells $ XXX. and $ millions of dollars of transfers were lacking matching documents. because of the company’s crazy ratio commission system. based on regional favorites not reflected in HQ inventory management. but might not be into the books of a place until several days after it is sent.XX inventory. whom they considered to be incompetent. to illustrate difficulty in defining it. 52 I first encountered “float” with checking account. The company was paying sales people based on ratio between sales and inventory. Store managers were bartering products. and supposedly has $ XX.XXX.XXX.52 where we had “documentation” for transfers between facilities.XXX. At one company. so they get a small commission. customers. I thought people were manipulating inventory totals to earn excess commissions.33 Solution Ideas by Al Mac 8/7/2013 11:06:36 PM Personal Experience (3 April) Here is an example of alleged embezzlement encountered in my career. where the inventory was on the books at another store.XXX. when implementing a new inventory system. There were sales of products at one store. Another store sells $ XX. 33 Solutions in National Security folder .XX inventory on-hand. rather than electronically communicated. but they get 10 times the commission. it might be a week or more before that money was actually subtracted from our bank account. because the paperwork must go thru several people.

I do not normally associate that series with science fiction. but the DNA associated with someone who had donated an organ to the subsequent victim. I asked if that was NOT embezzlement because the lady remained in the USA. I do not know how true are the following allegations. The rationale given was that after the transplanting. The DNA of person-Y can be taken from saliva on some innocent object. A laboratory can take blood from person-X. This can lead to false identification of who got killed. or a blood transfusion. and depositing in personal bank account. I am not a doctor. A month later they fired someone for pocketing thousands of dollars of payments from customers. and flees to South America. or the risk of them being used to wrongfully convict people. so when a sample is taken from the recipient. More challenges (3 July) There are serious challenges in need of someone dreaming up solutions. I heard the following from a Law & Order episode. but plain stealing. So definitions are within a company management. Management told me that anyone can make a mistake. then remove all the white cells. False DNA (3 July) I also saw something similar from an NCIS episode. and often sound confusing and contradictory. that sample might have remnants of the donor DNA. and that embezzlement is when someone takes cash money they are not entitled to. and I don’t know how likely this is to contaminate a blood sample later taken from that person. such as 34 Solutions in National Security folder . Now that blood has no DNA. I was told that was NOT embezzlement. I do not know how long DNA from a blood or body part donor is in the body of the recipient. the donor DNA does not magically disappear.34 Solution Ideas by Al Mac 8/7/2013 11:06:36 PM I got in trouble for my speculations. which contain DNA. where the DNA of a body part. was not that of the person killed.

which is not also in the saliva. or remnants of some drug they’ve been taking. Unless person-Y’s. They matched is true. He was later exonerated because his fingerprints did not match. Then person-Y DNA can be amplified and added to the blood. not in the other person’s blood. They did not match is true. I do not know how credible the above story. which now has the DNA of personY. and planted at a crime scene. many more are needed. like a knife. As more and more people’s fingerprints get into systems. 35 Solutions in National Security folder . forensics won’t know that blood is not really from person-Y. Yes it is true. when only a handful of people’s fingerprints were stored by the authorities. The blood is then put on some object. maybe only a few points of comparison were needed. we really can have two or more people with identical fingerprints. Example: A guy was arrested in the USA because his fingerprints matched those taken from bomb parts at the Madrid Spain Railway bombing. or X’s. and some police labs use a low number of points. The difference was the # of points of comparison used. like antibodies of a disease. Decades ago. How many people have been convicted using only evidence which could have been tainted this way? The perpetrator does not need the expertise to do this. blood has something unique. Police labs confirmed this. Bogus Fingerprint Evidence (3 July) Fingerprint odds depend on number of points of comparison used. This may not yet be illegal. It is a task which can be delegated to someone who specializes in fabricating false evidence. but the new standards have not reached all the police labs personnel yet. I am not a doctor.35 Solution Ideas by Al Mac 8/7/2013 11:06:36 PM a food container that they recently used. Police labs confirmed they matched. but now with a move towards trying to get everyone’s prints.

but the info on the phone indicates George provoked the confrontation. who told the news media that the phone call records had been faked. and when it ended. There should be a time stamp when that happened. How often are juries reminded that computer records from any institution could be incorrect. as to the veracity of those records.  Girl friend call has phone company record when it started.  If girl friend call ends before the bang. who heard a conversation with George Zimmerman.7 version added o Tackle Id Theft at IRS and other places. The US Supreme Court has ruled on a person’s right to face their accuser. then consider this:  One of the 911 calls is from a person saying “there’s a fight outside my window” during which BANG we can hear a gunshot over the 911 call.36 Solution Ideas by Al Mac 8/7/2013 11:06:36 PM How many people have been convicted. who claims he killed Martin in self-defense. 36 Solutions in National Security folder . it is someone who works in the judicial system. he was on the phone with a friend. and also someone in the phone company. then George can give testimony not disputed by what the girl friend heard. or fabricated? If we believe times in phone records are valid (which George’s father disputes). as if that record is true. If anyone knows that phone call records can be faked. George’s father is a retired magistrate. which includes cross-examining a person who interprets evidence. then girl friend testimony is bad for George. Thus. using insufficient points of comparison? Faking Phone Records (3 July) In final moments before Trayvon Martin died. Revision Notes (3 Aug 7)  0. it should no longer be acceptable for a police officer to read off some record of phone conversations. without the defense having an opportunity to cross-examine telephone company employees. If time stamp of it ending is at or after we hear bang on 911 call.

such as some discussed in my notes. perhaps via relevant proposals. 2013 Jan 13. 0.com/doc/119857289/Solution-Ideas 37 Solutions in National Security folder . 2013 Jan 10: I started this. o Extend Common Carrier. 0. so I shared latest 0.1 version share on Scribd. with an idea on how the US Post Office. and technology. disaster after disaster. with the annual count rapidly climbing. so it is up to the people to figure out how to fix this. We have scandal after scandal. and launched initial 0. Blurb (3 June) Description of this document. such as Scribd:53 We have an expectation that our government be comprised of people who know what they are doing with security.4 version added more links regarding indoor maps. and Lobbyists. which looses maybe $19 billion a year. where upload sharing makes that practical. o Other Challenges. My Solution Ideas include how remediation might be practical to:  Prevent another economic crisis.5 version inserted additional examples of my thinking. traditional Postal services have shrunk. I noticed Google Drive working again.2 version which had added thoughts on mitigation of botched police raids.6 version added Economic Embezzlement explanation. but as the Internet grows. combined wisdom is often lacking.3 version added thoughts about indoor maps.  Prevent more terrorist attacks. and thoughts on what can be done to tackle that challenge.37 Solution Ideas by Al Mac 8/7/2013 11:06:36 PM       o Better relations between police and the disabled. so they still could use additional income services. o Improve Info for Investigations. o Improve Tech for Justice ideas. and get out of the current one. 0. where lessons learned don’t seem to get implemented in a timely manner. can profit more by helping to solve a problem the IRS has. o I believe Postal financial problems are largely caused by Congress. 0.scribd. which loses $billions (I am not sure how much) to crooks who stole ½ million tax payer identities in 2012. civil liberties. 53 http://www. Unfortunately.

and at the rate of growth I anticipate 1 million new victims for 2013. malware. phishing. hacking. 1/2 million tax payers had id theft with IRS in 2012. The US gun debate. in aftermath of Sandy Hook.  Or if not totally eliminate the problems. 38 Solutions in National Security folder .38 Solution Ideas by Al Mac 8/7/2013 11:06:36 PM  Put an end to identity theft. than has been the recent norm. is focused on US government mission creep and the broken mental health system.  Do this without going to a police state. using the US Post Office. This is a huge hassle. and breaches. Here I propose some re-thinking of how first responders can do a more professional job. and other mass shootings. I have some ideas on how to mitigate the hassle. diminish their volume to that of a minor annoyance compared to their epidemic proportions today.