• XShare

I know what you’ll do next summer

I know what you’ll do next summer

More data and surveillance are transforming justice systems

The relationship between information and crime has changed, says Jon Fasman

ON WHAT does the administration of justice depend? Devotees of the Old Testament might say wisdom, as displayed in King Solomon’s judgment. Others might say a dispassionate objectivity. It also requires the threat of punishment—the basis of the modern state’s coercive power to enforce laws. But John Fielding knew that, before administrators of justice could mete out punishment or exercise wisdom, they needed something else: information.

Together with his half-brother Henry (a magistrate better remembered as the author of “Tom Jones”), in 1749 Fielding founded the Bow Street Runners, London’s—and the world’s—first professional police force, paid for largely with public funds. Information was at the centre of everything Fielding did. He retained descriptions of suspected criminals, for instance, as well as a “watch book”, which contained details of expensive timepieces to help prevent their resale if stolen.

The world’s most famous detective shared Fielding’s view; Sherlock Holmes retained an extensive indexed library of criminals and their crimes. The delight readers took in following him—a delight that makes crime fiction one of the great literary genres—also had information at its heart. What is a clue? What is a red herring? How does justice work? We pay homage to that tradition with the graphic story that illustrates these pages.

In fact as in fiction, the trend has continued. The Metropolitan police department, which has patrolled Washington, DC, since 1861, retains annual reports detailing crimes in each precinct. American homicide detectives record details of their cases in “murder books”, which are then filed for future consultation.

Historically, gathering information was an arduous process, requiring innumerable conversations, many of which later proved to be irrelevant; hours staking out a subject; researching documents and testimony; and reams of tedious paperwork. In illiberal countries, where governments do not care about their citizens’ civil rights, police could easily tap phones and open letters. Liberal countries make that harder; police who want to listen to someone’s phone calls can do so only for limited periods and specific purposes, and then only with judicial approval.

It’s not Cagney and Lacey

Now the relationship between information and crime has changed in two ways, one absolute, one relative. In absolute terms, people generate more searchable information than they used to. Smartphones passively track and record where people go, who they talk to and for how long; their apps reveal subtler personal information, such as their political views, what they like to read and watch and how they spend their money. As more appliances and accoutrements become networked, so the amount of information people inadvertently create will continue to grow.

To track a suspect’s movements and conversations, police chiefs no longer need to allocate dozens of officers for round-the-clock stakeouts. They just need to seize the suspect’s phone and bypass its encryption. If he drives, police cars, streetlights and car parks equipped with automatic number-plate readers (ANPRs, known in America as automatic licence-plate readers or ALPRs) can track all his movements.

In relative terms, the gap between information technology and policy gapes ever wider. Most privacy laws were written for the age of postal services and fixed-line telephones. Courts give citizens protection from governments entering their homes or rifling through their personal papers. The law on people’s digital presence is less clear. In most liberal countries, police still must convince a judge to let them eavesdrop on phone calls.

But mobile-phone “metadata”—not the actual conversations, but data about who was called and when—enjoy less stringent protections. In 2006 the European Union issued a directive requiring telecom firms to retain customer metadata for up to two years for use in potential crime investigations. The European Court of Justice invalidated that law in 2014, after numerous countries challenged it in court, saying that it interfered with “the fundamental rights to respect for private life”. Today data-retention laws vary widely in Europe. Laws, and their interpretation, are changing in America, too. A case before the Supreme Court will determine whether police need a warrant to obtain metadata.

Less shoe leather

If you drive in a city anywhere in the developed world, ANPRs are almost certainly tracking you. This is not illegal. Police do not generally need a warrant to follow someone in public. However, people not suspected of committing a crime do not usually expect authorities to amass terabytes of data on every person they have met and every business visited. ANPRs offer a lot of that.

To some people, this may not matter. Toplines, an Israeli ANPR firm, wants to add voice- and facial-recognition to its Bluetooth-enabled cameras, and install them on private vehicles, turning every car on the road into a “mobile broadcast system” that collects and transmits data to a control centre that security forces can access. Its founder posits that insurance-rate discounts could incentivise drivers to become, in effect, freelance roving crime-detection units for the police, subjecting unwitting citizens to constant surveillance. In answer to a question about the implications of such data for privacy, a Toplines employee shrugs: Facebook and WhatsApp are spying on us anyway, he says. If the stream of information keeps people safer, who could object? “Privacy is dead.”

It is not. But this dangerously complacent attitude brings its demise ever closer. One of the effects technology has on law enforcement is to render its actions less visible. You would notice if a policeman took photos of every parked car and pedestrian on your street. But ANPRs and body-worn cameras (“bodycams”) let officers do that as an unnoticed matter of course. That makes speaking up about privacy concerns more important, not less.

Technology used responsibly and benignly by one country or agency can be used for sinister purposes by another. Activists in, say, Sweden or New Zealand may have few concerns that police will use their technological prowess to arrest them on trumped-up charges, because rule of law is strong and those governments generally respect citizens’ civil liberties. Activists in China or Russia have far more to fear.

Some people argue that those who have done nothing wrong need not worry. But that justifies limitless state surveillance, and risks a chilling effect on citizens’ fundamental civil liberties. After all, if you are not planning crimes while talking on the phone, why not just let police officers listen to every call? Police need oversight not because they are bad people but because maintaining the appropriate balance between liberty and security requires constant vigilance by engaged citizens. This is doubly true for new technologies that make police better at their jobs when policy, due process and public opinion have not caught up.

This report will examine the promise and the dangers of those technologies. It explores several arenas in which technology is radically changing how the justice system operates—in street-level surveillance, the ease with which law enforcement can bypass encryption, the use of electronic monitoring as an alternative to prison, and the introduction of algorithms by police and courts.

It examines technology’s effects on crime and criminals, and on innocent people caught up in a tech-dominated approach to policing. The report does not demand the wholesale rejection of these technologies. Instead it calls for rigorous oversight, which has been shown to benefit both citizens and law enforcement, and which is the only way to ensure that, in their quest for security, societies do not inadvertently surrender too much liberty.

Walls have eyes

Street-level surveillance is everywhere

Police have many new ways of monitoring people

ON AUGUST 25th 2017 Johnnie Rush was walking home after a 13-hour shift washing dishes at Cracker Barrel, a restaurant in Asheville, North Carolina. Police watched Mr Rush cross a street without using a zebra crossing. They waited for him to buy beer and then confronted him about the jaywalking, an offence in that state. When he argued and ran away, they knocked him to the ground, used a Taser and punched him in the head.

Eight months later, following a lawsuit, officials in Asheville released nine videos from the officers’ bodycams. These cameras are usually clipped to the front of an officer’s uniform or used as a headset. They record audio and video, often with date and time stamps as well as GPS co-ordinates. They can also be Bluetooth enabled and set to stream in real time. Some have to be turned on manually, others can be triggered automatically by, for instance, an officer unholstering his weapon.

Bodycams are just one way that what officers on the street can see, store and search is changing. These new technologies help in investigations and also offer benefits such as accountability. They make it more difficult for police and citizens to lie about contested encounters, or whether a person or car was at the scene of a specific incident. Yet they are still controversial. Evidence of whether bodycams reduce bad behaviour by police officers is ambiguous. And the potential for abuse of facial-recognition technology is vast, allowing, as it does, real-time deep surveillance.

Bodycam bodyslam

The videos of the assault on Mr Rush are sickening. The officer who punched him resigned in January, reportedly just before the department could fire him. Another officer was reassigned, a third disciplined, and Asheville released a statement condemning their behaviour. In a narrow sense, this represented a victory for bodycam advocates. But that does little for Mr Rush’s battered head. Bodycams are not just supposed to record bad behaviour. The threat of recording is supposed to impel good behaviour, from both officers and citizens.

The first large randomised study of the issues was in 2012. It found that police use of force and citizen complaints in Rialto, California, dropped markedly when officers wore bodycams. A study conducted in Britain and California by Cambridge University two years later found similar results: wearing bodycams was associated with a 93% drop in complaints about police behaviour.

But these effects appeared only when cameras recorded entire encounters. Another study of eight British and American police forces conducted by Cambridge criminologists found that rates of assault against police were 15% higher when an officer turned his bodycam on in the middle of an encounter compared with officers who wore no cameras—suggesting that turning on a bodycam may represent an escalation. And a randomised study of officers in Washington, DC, found that wearing bodycams had no statistically significant effect on police use of force or citizen complaints.

Not everyone has embraced bodycams. City officials often balk at the cost: cameras cost as much as $1,000 each, with an additional $100 per month per camera for video-storage fees. Police unions have expressed privacy concerns. Some civil libertarians fear they will be used to surveil already heavily policed communities. Policies governing public access to, and retention of, bodycam footage vary widely. Still, usage is growing. One in five American police departments uses them, and nearly all others plan to do so. By some estimates the market for bodycams and data management is $1bn a year in America alone.

It should give Westerners no comfort that China—a one-party state obsessed with social order—is at the forefront of developing bodycams. One Beijing company says it has invented a shoulder-worn, networked model that can recognise faces.

Another Chinese firm has equipped police with facial-recognition cameras embedded in glasses that are meant to let officers know in real time if they are looking at someone on a police blacklist. One estimate values China’s surveillance-tech market in 2018 at $120bn. Human-rights campaigners fear that such technology has already been used to monitor activists, enabling arbitrary detention.

Cameras do not have to be worn by policemen. London has one fixed camera for every 20 people. Washington, DC, has about one for every 22. But the data they provide are not always usable. Sometimes their images are poor quality, their formats are not always uniform, and there is often too much to sort through quickly. After the terrorist bombing of a concert hall in Manchester in 2017, British police had to wade through more than 16,000 hours of CCTV footage.

According to Mick Neville, who spent 28 years with London’s Metropolitan Police before leaving to found his own forensic facial-recognition firm, police find usable CCTV images in only 2% of reported crimes in London. “That’s because they don’t have systems in place,” says Mr Neville. “There are too many cameras, too many formats, maybe they’re working; maybe not.” Don’t blow money on gear without systems to extract the data, he advises.

Entrepreneurs have noticed the new market: startups that can analyse CCTV footage in nearly any format are now offering their wares to video-addled forces around the world. The ideal, says one facial-recognition startup founder, is “one to many in the wild”, meaning that a successful platform will be one that can compare a single face to its full database of faces, all with non-posed images, looking up or down, or half in shadow.

Round up the usual suspects

Machine learning and neural networks—software modelled on the human brain that learns from observational data and inference as humans do—power today’s facial-recognition products. They could make tomorrow’s even more powerful as they incorporate data on body mass, gait and gestures, rather than just the standard metrics such as distance between the eyes and width of nose. These platforms can also be trained to recognise objects, such as bags or a wristwatch, and to link them to people.

Roughly half of all American adults—the vast majority non-criminal—have images of their faces stored in FBI-accessible databases, according to Georgetown University Law Centre. Other countries are expanding biometric storage. This raises questions of racial bias. People from minority groups with disproportionately high arrest rates are more likely to be in such databases, and so disproportionately likely to be targeted by dragnet surveillance.

But citizens are also staring back at police. The American Civil Liberties Union, a watchdog, has released an app through which citizens can automatically send it recordings of police interactions. Mobile-phone cameras have recorded the deaths of a number of African-Americans killed by police. Footage of the death of one, Walter Scott, led to the indictment of the officer who shot him.

ANPRs raise concerns similar to those about facial-recognition databases. Police drive around, collecting and storing images of number plates registered to people not suspected of any crime. Vigilant Solutions, an ANPR firm, has a database of at least 7bn data points from number plates, most of which presumably belong to the innocent. If they become suspects, police can then trawl through ANPR data to create detailed portraits of their lives.

Supporters also say that they do nothing more than collect publicly available information, and that it is securely stored. Yet even that is not always true because rules governing storage and information-sharing vary. In 2015 a journalist in Boston found the city’s entire number-plate database online, including the addresses of everyone with a city parking permit, and the names of thousands of people suspected of being terrorists or gang members.

Such data can be abused personally as well as constitutionally. A policeman in Washington, DC, was convicted of extortion for blackmailing the owners of cars parked near a gay bar. ANPR firms insist what they do is constitutional—in America the First Amendment protects public photography. But not everything constitutional is desirable. Even the International Association of Chiefs of Police has admitted that ANPRs could have an impact on freedom by recording vehicles going to political gatherings, abortion clinics or other sensitive venues.

The argument is that ANPRs and CCTV with facial recognition give the state a time machine. If they connect a suspect (or a car) with a crime, they can simply track him through footage recorded before he became a suspect. Police argue that they try to do that anyway by digging into a suspect’s history; the new technology just makes it easier to do it better, and sometimes deeper. But you can be sure that, if police had real time machines—based, perhaps, in old-fashioned blue phone boxes—regulators would be all over them. With virtual time machines, not so much.

Read my phone

Police can bypass encryption and monitor anything

The law is not keeping up

“YOU can tell me who you are,” says Leeor Ben-Peretz, an executive at Cellebrite, an Israeli security-tech company, “But give me 15 minutes with your phone and I can tell you who you really are.” Mr Ben-Peretz’s office windows have a lovely vista of the low-slung skyline of PetahTikva and the burnished mountains beyond, but the real view is on a large monitor in front of him.

A young engineer connects a smartphone to what looks like a desktop computer with several ports on the front. After a quick login and a few clicks, the computer identifies the phone type. The user can then bypass the locked phone’s passcode and continue to use one of several extraction methods. “Logical extraction” reveals immediately accessible data: stored text messages, e-mails, pictures and instant messages. With more time, Cellebrite’s machines can also perform a “physical extraction”, revealing more information, including data that may have been deleted. The neatly organised, labelled data can then be viewed, saved, shared, filtered and searched.

Police officers can also carry with them a tablet-sized device that does a basic device search—a sort of digital triage that lets them decide quickly whether a fuller investigation and extraction is merited. “Crime scenes in the past were about fingerprints and footsteps,” says Mr Ben-Peretz. “Today it’s digital: mobile devices, connected cars and tablets. Our digital footprint: this is the strongest indicator for what really happened.”

The spread of such technology—more than 10,000 law-enforcement agencies in 150 countries use Cellebrite’s services—raises profound privacy concerns. Most countries have laws offering people’s homes protection from intrusive searches. But laws governing devices are not nearly so clear. Cloud computing makes things ever more complex. As Adam Ghetti, a cyber-security entrepreneur, points out, “The law and the constructs that it was built on were written at a time when everything you had was near you and could be touched.” That is no longer the case, he says. “The average human in a developed country has more data that they created in a faraway place than in a tactile place at home.”

Cracking the code

One response is encryption, which has grown from a niche market to a standard feature of digital life. As one veteran European intelligence analyst puts it: “Encryption was dodgy when I joined. Now the modern economy runs on it.” WhatsApp, Signal, Telegram and Facebook Messenger offer end-to-end encryption, meaning that messages can be read only by the sender and the receiver; they cannot be intercepted in transit, nor can the companies themselves read them. The easiest way for law enforcement to read encrypted messages is to gain access to the phone of the sender or receiver.

Users can protect mobile phones by setting passcodes that restrict access. And not all phones are created equal. “Your best bet for default privacy is, hands down, getting a modern iPhone,” says Mr Ghetti. “There’s no close second.” What sets Apple apart is not just the quality of its encryption but also its commitment to user security. After a mass shooting in San Bernardino, California in 2015, the FBI asked Apple to build an operating system to install on a recovered iPhone in order to bypass its encryption. Fearful of setting a precedent that, as Tim Cook, Apple’s chief executive, wrote, “would hurt only the well-meaning and law-abiding citizens who rely on companies like Apple to protect their data”, the company fought the order in court. A six-week battle ended when the FBI found another way to extract the data.

What that method was and who did it (a source outside government, according to the FBI) remains a mystery. But bypassing encryption appears to involve tricking a phone’s co-processor—the part that limits the number of times a user can guess a passcode—into allowing unlimited guesses without triggering the phone’s security measures. Those measures may involve destruction of its encryption keys, which makes accessing the phone’s data impossible, or exponential increase in the time required between each guess, making brute-force guessing not worth the time.

The method required for physical extraction varies with each phone. Cellebrite has a large research department and a laboratory filled with thousands of different mobile-phone models stacked in drawers, floor to ceiling. Some are easier to crack than others. Over the past few years iPhone models have included an upgraded co-processor with an additional level of encryption. Cellebrite may have found a way to bypass it but, if so, Apple will no doubt patch the weakness, and encryption-bypassers will hunt for another.

Pulling metadata from a phone is much easier. Police can use fake mobile-phone towers (colloquially known as “Stingrays”), which trick mobile phones into connecting to them rather than to a real tower. Police can then learn which websites a user visited, and whom he texted and called, as well as the International Mo bile Subscriber Identity, a unique number associated with the phone. It can also give the police a precise user location.

According to the American Civil Liberties Union (ACLU), a watchdog, at least 73 agencies in 25 states in America use Stingrays, though the true number is probably much higher. Police rarely seek approval or admit to using them, and indeed agencies that buy them generally keep them secret, on the basis that public knowledge of their use will render them ineffective.

Sting in the tail

Privacy advocates cite two problems with Stingrays. First, they suck up information about all phones in a certain location, not just that of a suspect; and second, they can pinpoint phones in homes and pockets that privacy laws often protect from warrantless searches. Though governments claim they need Stingrays to catch suspected terrorists and drug kingpins, they are more often used in routine police work, without warrants or oversight.

Police also monitor what people do on their mobile phone through social-media analytics. Most users expect their postings and preferences to be tracked and analysed. But in 2016 Geofeedia, an analytics firm, had its access to Facebook and Twitter removed after revelations that it marketed itself to law enforcement as a way to monitor “overt threats” such as unions and activist groups. Shortly after they bought it, police in San Jose, California, used the service to surveil Sikh and Muslim protesters.

Some argue that because social-media posts are public, police monitoring of them does not have the same privacy implications as, say, tracking your phone’s metadata, or using a GPS tracker to follow all your movements. But, says Matt Cagle of the ACLU of Northern California, users do not expect or desire law enforcement to conduct surveillance of their social-media posts.

Mr Cagle’s statement hints at a broader confusion over privacy in the digital age. To what extent do—or should—people expect that privacy norms and laws written for the landline and newspaper age protect their digital data? Laws are changing. The European Court of Justice ruled in 2016 that blanket metadata collection and retention violates privacy laws, and America’s Supreme Court ruled in 2014 that police need a warrant to search an individual’s mobile phone. But they are not changing as quickly as human habits. As people move more of their lives online, they will demand the same level of protection for their data as for their personal papers at home. Mobile phones, after all, are not simply communication devices; they are also personal filing cabinets. They are just not kept behind locked doors.

Home, home within range

Electronic monitoring is a different approach to jail

You don’t have to go to prison to go to prison

KARL’S troubles began, as troubles often do, in a pub. He and his daughters, both in their early 20s, went out drinking near their home in Stockholm. His daughters got into a scrap with some other young people. He stepped in. “I was dragged down to the ground and it all happened so quick,” he explains. “My side of the story is I was defending my two girls. But the other girls reported me for assaulting them.” The other girls prevailed in court; Karl was sentenced to six months’ imprisonment for assault.

Under Swedish law, anyone sentenced to six months or less can apply to the Prison and Probation Service to serve that sentence at home, under electronic monitoring (EM). Karl’s application was successful. He is 45, runs a painting firm with 23 employees, and has no previous convictions—all factors in his favour. “It would have been a disaster if they had put me into jail,” Karl says. “Financially, economically, and I don’t know what would have happened to my marriage…This works pretty good for me.”

EM works well for Sweden, too, saving the taxpayer money. According to Helena Lundberg, a criminologist who works for the justice ministry, prison costs SKr3,000 ($365) per prisoner per day, compared with just SKr450 under EM. Also, gainfully employed people such as Karl continue to work, contributing to the economy rather than draining it. It also helps keep staff costs down in low-security prisons, where EM replaces guards: an alarm sounds if a prisoner crosses the facility’s boundary.

EM’s success in Sweden shows how technology, combined with enlightened public policy, can cut public spending while also benefiting society. Some worry that its ease and cost efficiency might lower barriers to putting more people under state supervision. But it remains preferable to sending lots of nonviolent criminals to prison.

The wherewithal to get an offender to wear a rubber anklet with a radio-frequency identification (RFID) transmitter that sends a signal to fixed units in his home and workplace is not new. The technology was already a decade old when Sweden introduced it in 1994. There have been innovations, though. Some offenders are now given GPS trackers which tell police precisely where a subject is, log and store a person’s movements and can also be used to “geofence” restricted areas, alerting police when, say, a sex offender gets too close to a school, or a domestic abuser to his victim’s home or office.

EM sentences in Sweden come with strict schedules. Except for agreed-upon free hours for errands or family, the offender must either be at home or at work. Karl, for instance, has designated working hours of 6am to 5pm, so must leave his house at 5.45 every morning. The service also has a mobile RFID unit. Officers drive or walk randomly past offenders’ homes and places of work to ensure that they are where they should be. They also make unannounced visits to test offenders for drugs and alcohol, both of which are forbidden.

In addition to offering EM as a replacement for prison time, Sweden also allows long-term prisoners (those who have served at least six years) to use it to complete the last six months of their sentence at home. Although few violent criminals get “front-end” EM—in 2016 most of those who successfully applied had been sentenced for drunk driving or drug crimes—no such limits apply to those serving the end of long sentences at home. They can be rapists or murderers. One probation officer explains, “The system knows them. They have good behaviour [in prison]…They understand schedules. And they have a goal: ‘I want to go home with my family and go to work’.”

Sweden is not the only place to use EM. At least 27 countries in Europe do so, as well as all 50 American states. Frequency of use varies. Scandinavian countries use it as Sweden does, to reduce imprisonment for the many short sentences their judicial systems impose. Britain uses it to impose curfews on probationers, to let prisoners serve the last parts of their sentences at home, and as a condition of bail. Parts of Britain have also used EM with transdermal drug and alcohol monitors, as opposed to the Swedish in person drug-testing model. Germany, by contrast, remains relatively resistant. Prosecutors there see EM as too lenient, while many in the probation service see house arrest and the conditions imposed by monitoring with RFID as too punitive.

Get out of jail free

Across Europe, however, the judicious use of EM is associated with long-term reductions in prison populations and imprisonment rates. In America, it remains relatively rare, accounting for only 2% of all of those under correctional control. It is used there not as a substitute for imprisonment but to monitor those on probation and on parole, as well as for pre-trial monitoring. Yet, in 2005-15, its use in America grew by 140%, driven mainly by the growth in GPS-enabled monitoring. Much of Europe might balk at placing under state supervision people who have not been convicted. But in America it happens all the time. Jails are full of pre-trial detainees (“jail” being where people are held before trial or for short periods, while “prison” is for post-conviction sentences).

EM’s use in America looks set to rise further. Despite Donald Trump’s law-and-order bombast, America’s prison population is falling, even in Republican-controlled states, as the system realises that jailing people is an expensive way to turn them into better criminals. Monitoring them remotely is much cheaper and avoids the criminogenic effects of prison.

Yet Mats Johanssen, a senior officer with Sweden’s PPS, cautions, “If you want to change someone, EM alone won’t do it.” It is impressive that just 17% of Swedes sentenced to EM reoffend within a year, compared to over half of those who do six months or less in prison. That reflects not just the sort of criminals who get the two types of sentence, but also the host of interventions such as counselling and job training that come along with EM in Sweden. These are in keeping with the country’s overall attitude that prison should rehabilitate rather than just punish, and its overarching goal that people who go to prison do not return there.

If EM can help keep people out of jails while awaiting trial, that could also have long-term benefits: a study from Harris County, Texas, found that defendants jailed before their trials are more likely to plead guilty, serve longer sentences and reoffend than those who are released. That could just mean that police are jailing the right people. But defence lawyers say that people jailed before their trial cannot participate effectively in their own defence, and often plead guilty just to avoid a long pre-trial wait in jail. EM has also shown benefits on the other end. A study from Florida found that it reduced the risk of released felons failing to meet their parole terms by 31%. Another analysis in Washington, DC, reached similar conclusions.

But an intriguing study from Argentina suggests Mr Johanssen may be overstating the need for supplemental programmes and judicious selection of EM recipients. It looked at detainees accused of serious offences who received EM more or less at random, and found that it cuts the risk of reoffending nearly in half, compared with a prison sentence. Moreover, the offenders received no counselling, education, training or other programmes—suggesting that the easiest way to keep people out of prison may be not to send them there in the first place.

Algorithm blues

The promise and peril of big-data justice

Can algorithms accurately predict where crime will occur?

EIGHT storeys above downtown Los Angeles, Sean Malinowski, deputy chief of the Los Angeles Police Department (LAPD), focuses intently on a computer map of his old stomping ground. Nestled between Burbank and Santa Clarita, the Foothill district is a hotch-potch of industrial and residential districts riven by highways. Mr Malinowski ran its police station before his promotion moved him downtown.

Colourful dots representing reported crimes freckle the map like psychedelic pimples. Adjacent to some of the dots are red squares. Each one represents a 250,000-square-foot (2.3-hectare) area that PredPol, a crime-prediction software used by the LAPD and at least 50 other law-enforcement agencies around the world, has flagged as being at risk of future criminal activity. Mr Malinowski says that, if he were still in charge of policing in Foothill, he would ask his officers to drive through those areas frequently, “so we’re there randomly—it throws the criminals off.” The idea is not to nab people red-handed, but to deter them through increased police presence.

PredPol is just one of a number of firms offering crime-prediction software to police forces. While the precise components of each firm’s algorithms probably differ, the broad idea is the same. They aim to help police allocate resources efficiently by using large amounts of data to predict (and therefore prevent) crime.

The use of algorithms to tackle complex problems such as urban crime, or to try to forecast whether someone is likely to commit another crime, is not inherently alarming. An algorithm, after all, is just a set of rules designed to produce a result. Criminal justice algorithms organise and sort through reams of data faster and more efficiently than people can. But fears abound: that they remove decisions from humans and hand them to machines; that they function without transparency because their creators will not reveal their precise composition; that they punish people for potential, not actual, crimes; and that they entrench racial bias.

Defenders of such programmes argue, correctly, that police have always relied on prediction in some form. Officers line parade routes, for instance, because experience has shown that the combination of crowds, alcohol and high spirits create an increased public-safety risk. Eliminating prediction from policing would produce an entirely reactive force. All these programs do, defenders say, is harness more data from more sources to help police make better decisions.

But the algorithms on which police base their decisions are, as far as the public is concerned, black boxes. The companies that create and market them consider their precise composition trade secrets. “Algorithms only do what we tell them to do,” says Phillip Atiba Goff of John Jay College of Criminal Justice in Manhattan. If their creators feed them biased data they will produce results infected with bias. And predictive policing is just one way in which the criminal-justice system is using algorithms to help them make decisions.

New Jersey uses an algorithm based on past criminal history, age, past failure to appear at trial and the violence of the current offence to determine whether someone is suitable for bail—that is, whether he presents too great a risk of flight or of committing more crimes while awaiting trial. Several states use algorithms to provide sentencing recommendations. At least 13 American cities use them to identify people likely to become perpetrators or victims of gun violence.

NYPD, too

The first time such approaches came to public notice was in the 1990s, when William Bratton introduced CompStat, a statistically driven management system, into the New York Police Department (NYPD), which he ran. CompStat involved regular meetings of commanding officers discussing prevention strategies and recent crime data from their precincts. As one former NYPD deputy commissioner says, CompStat encouraged police to ask, “What is the problem? What is the plan? What are the results to date?” and to use data to answer all of those questions.

But CompStat was largely reactive rather than predictive. It also used precinct-wide data, while software such as PredPol can target enforcement to specific blocks. Crime does not occur randomly across cities; it tends to cluster. In Seattle, for instance, police found that half of the city’s crime over a 14-year period occurred on less than 5% of the city’s streets. The red squares in Foothill cluster around streets near junctions to main roads—the better to burgle and run while homeowners are at work—as well as around businesses with car parks (lots of inventory, empty at night) and railway stations. Burglars who hit one house on a quiet street often return the next day to hit another, hence the red squares.

And, unlike CompStat, which used arrests as a measure of officers’ productivity, PredPol aims to prevent rather than punish crimes. “I’m more concerned about the absence of crime” than citations and arrests, says Mr Malinowski. “We don’t want mass incarceration for little crimes.” As for measuring productivity, that, too, has grown easier. LAPD patrol cars are geotagged, and the red boxes geofenced, so senior officers know precisely how long each car spends there.

Exactly what data get fed into the algorithms varies by company. Some use “risk-terrain modelling” (RTM), which tries to quantify what makes some areas crime-prone. One RTM algorithm uses five factors: prevalence of past burglaries, the residence of people arrested for past property crimes, proximity to main roads, geographic concentration of young men, and the location of apartment buildings and hotels. Some include requests for police help, weather patterns and the proximity of bars or transport stations. PredPol uses reported, serious crimes such as murder, aggravated assault and various forms of theft, as well as the crime’s date, time and location. Most of these algorithms use machine learning, so they are designed to grow more accurate the more predictions they make and the more data they take in.

Some analytic programmes suck in and link up more data. A joint venture between Microsoft and the NYPD called Domain Awareness System pulls data from the city’s thousands of publicly owned CCTV cameras, hundreds of fixed and car-mounted ANPRs, and other data sources. The NYPD says its system can track where a car associated with a suspect has been for months past, and can immediately alert police to any criminal history linked with a flagged number plate.

You have the right to remain silent

So do these algorithms work? Do they accurately forecast where crime will occur and who will go on to commit future crimes? Here the evidence is ambiguous. PredPol touts its 21-month-long trials in Kent, an English county, and Los Angeles, which found that the programme predicted and helped to prevent some types of crime (such as burglary and car theft) more accurately than human analysts did. A trial in Louisiana of a different data-driven predictive-policing model, however, found no statistically significant reduction in property crimes compared with control districts.

But even if such approaches proved effective beyond a doubt, concerns over their potential to trample civil liberties and replicate racial bias would remain. These concerns are most acute for algorithms that implicate people rather than places. The Chicago police department has compiled a “strategic subject list” of people it deems likely to be perpetrators or victims of gun violence (both groups tend to comprise young African-Americans from the city’s south and west sides). Its central insight parallels that of geographic predictions: a small number of people are responsible for a large share of violent crime. The department touts its accuracy. In the first half of 2016, it says, 74% of gun-violence victims and 80% of those arrested for gun violence were on the list.

Police say they update the list frequently. When someone new shows up on it, officers will sometimes visit that person’s home, thus promoting contact with police before a person has committed a crime. Nobody knows precisely how you end up on the list, nor is it clear how (short of being shot dead) you can get off it. One 22-year-old man, Robert McDaniel, told the Chicago Tribune that police came to his home and told him to straighten up—even though he had just a single misdemeanour conviction (he may have been earmarked because a childhood friend with whom he was once arrested was shot dead).

In a study of the first version of the list from 2013, RAND, a think-tank, found that people on it were no more likely to be victims of a shooting than those in a random control group. Police say the current list is far more accurate, but have still refused to reveal the algorithmic components behind it. And both Chicago’s murder rate and its total number of homicides are higher today than they were when police started using the list in 2013.

Meanwhile, algorithms used in sentencing have faced criticism for racial bias. ProPublica, an investigative-journalism NGO, studied risk scores assigned to 7,000 people over two years in Broward County, Florida, and found black defendants twice as likely as whites to be falsely labelled at high risk of committing future crimes. It also found the questions predicted violence poorly: only around 20% of those forecast to commit violent crimes actually did so. Northpointe, the firm behind the algorithm, disputed ProPublica’s findings.

But the questions on Northpointe’s risk-assessment form illustrate how racial bias can infect an algorithm even without any direct questions about race. It asked how often a defendant, his family members and friends have been arrested. Those numbers will presumably be higher in poor, overpoliced, non-white districts than rich ones. It also asked whether friends were in gangs, how often the defendant has “barely enough money to get by” and whether it is “easy to get drugs in your neighbourhood”—all questions that ethnic minority defendants will, on average, answer affirmatively more often than white ones. More broadly, a proprietary algorithm that recommends a judge punish two people differently based on what they might do offends a traditional sense of justice, which demands that punishment fit the crime not the potential crime.

Another analytical system, called Beware, assigns “threat scores” in real time to addresses as police respond to calls. It uses commercial and publicly available data, and it has a feature called Beware Nearby, which generates information about potential threats to police near a specific address, meaning officers can assess the risk when a neighbour calls the emergency services.

This raises privacy concerns, but it could cause other problems, too. For instance a veteran who has visited a doctor and taken medicine prescribed for PTSD, who also receives gun catalogues in the post, could be deemed high risk. Police might then approach his house with guns drawn, and it is not hard to imagine that kind of encounter ending badly. Such threat scores also risk infection with bad data. If they use social-media postings, they also raise free-expression concerns. Will police treat people differently because of their political opinions?

Questions of bias also surround place-based policing. Using arrests or drug convictions will almost certainly produce racially biased results. Arrests reflect police presence more than crime. Using drug convictions is suspect, too. Black and white Americans use marijuana at roughly similar rates, with the rate for 18- to 25-year-olds higher for whites than blacks. But blacks are arrested for marijuana possession at nearly three times the rate of whites across America—and even more often than that in some districts. Black people in Washington, DC, and Iowa are eight times likelier than whites to face arrest for marijuana. Charges for possession of that one drug comprise half of all drug arrests. Small wonder that a study by Kristian Lum of the Human Rights Data Analysis Group and William Isaac found that when a predictive algorithm was trained on historical drug-crime data in Oakland, California, it targeted black areas at twice the rate of white ones, and low-income neighbourhoods at twice the rate of high-income ones.

Place-based prediction also raises questions about reasonable suspicion. If police are on a residential block algorithmically predicted to be at risk of theft, and they drive past a man carrying a heavy satchel, does that justify stopping and searching him, especially when they might not do the same on another block?

Some accept that algorithms may replicate racial biases, but say they at least do not aggravate them. “It’s not a perfect world,” says one advocate of algorithm-based bail reform. You need to compare risk-based assessments with the status quo, he says. If a black and a white defendant came before a judge with the exact same record today, the judge might treat the black defendant worse. “At least with the risk assessment they’ll get the same score.” But that is a depressingly low bar to set.

Watching the detectives

Rigorous accountability is essential to check police activity

An engaged citizenry is starting to hold law enforcement to account

ACOUSTIC sensors trained to recognise the sound of gunfire and send alerts to officers’ mobile phones telling them when and where the shots were fired. Glasses that recognise faces and record everything. Drones equipped with high-definition video cameras. GPS readers and ANPRs, allowing for constant surveillance of entire swathes of a city. CCTV systems with embedded facial recognition that lets authorities track people in real time.

All of these new technological possibilities are upending a wide range of activities and the customs associated with them. Law enforcement is no different. But if citizens do not like how their doctor or hairdresser, or a social-media site, uses their data or tracks their purchases, they can go somewhere else. The state wields a monopoly on punishment through law enforcement. Police can arrest, and even kill, their fellow citizens. Judges have the power to imprison people. That makes transparency and public consent in the justice system essential.

There is no reason for the police to eschew the best available technology just because it can be used invasively. If criminals store information on their phones, police should be able to see it. If data can help police prevent crime, they should use them. But this needs to be done without impinging on people’s civil liberties. Police and politicians cannot let the allure of new technology lead them to overlook how it will affect the people they serve. And citizens must hold them to account.

Such vigilance must extend to the sellers of these systems as well as their users. Some regimes have embraced emerging technologies the better to control and surveil people: China, for instance, has blanketed its restive regions of Xinjiang and Tibet with facial-recognition cameras, iris scanners and other such kit. In January the European Parliament, following popular concern, imposed export controls on surveillance technology that regimes can use to spy on citizens.

In liberal countries, big-data policing is not about police chiefs sitting around strategising, says Andrew Ferguson, author of a book on the subject. “It’s tech companies selling them cool stuff, charging police departments for storage and data…[and] telling them, ‘We can help you solve more crimes with our cool tech’.” The companies give technology free to help police solve their problems, he says.

Mr Ferguson suggests five questions that departments should answer before buying new technology. Can you identify the risks that the technology addresses? Can you ensure accurate data inputs? How will the technology affect community relations and policing practice? Can it be tested to ensure transparency and accountability? And will police use the technology in a manner that respects the autonomy of the people it will affect?

Some places have begun to create institutions to answer those sorts of questions. Just like many tech firms, the cities of Seattle and Oakland have chief privacy officers, charged with vetting and managing the privacy implications of their cities’ policies. Oakland’s grew out of its privacy commission, a nine-member advisory body to the city council formally established in 2016, after citizens resisted its plan to introduce a domain-awareness system similar to the one Microsoft and the NYPD built in New York.

“We just started showing up and educating the council on the risks of this equipment,” says Brian Hofer, a member of the commission. The Oakland PD and the commission meet once a month to discuss surveillance and the data of Oakland residents. They write tech-use policies together, and the department submits public annual reports on how often and for what purpose its surveillance tech was used. On May 1st Oakland’s city council proposed a bill requiring that any new police technology be approved by the city council and privacy commission.

One might imagine that background—successfully stopping a planned surveillance programme in one of America’s most liberal cities—would augur an oppositional relationship between the privacy commission and the police department. But the opposite is true, say both Mr Hofer and Tim Birch, who heads the Oakland PD’s research and planning division.

Working with the commission “encourages us to think about what technology is really needed,” and to ask whether the benefits are worth the costs, says Mr Birch. Or as Mr Hofer puts it, “The police are aware that they have to behave differently because someone is watching.” He notes that the commission has never recommended the city council bar police from obtaining new technology that they want. “Technology itself isn’t good or bad, as long as they tighten up their [usage] policies.”

Several other municipalities in California have passed surveillance-transparency requirements similar to Oakland’s. Last February a state senator in California introduced legislation requiring that municipalities create and publicise policies for the use of surveillance technology, and restricting the sale or transfer of information gathered through surveillance.

Accidents will happen

Concerns over data-sharing have led cities in California to rethink contracts with Vigilant, an ANPR firm that recently signed up Immigration and Customs Enforcement (ICE), America’s federal immigration police, as a client. Civil-liberties groups worry that ICE could tap into local law-enforcement ANPR data stored on Vigilant’s servers to target undocumented immigrants. Vigilant insists that would be impossible unless a local law-enforcement agency explicitly allowed it, which California’s would not. But, according to Mr Birch of Oakland PD, the ICE contract “terrifies people”. The prospect that the government could find a back door into Vigilant’s massive database, or that a rogue officer who disagrees with California’s liberal policies could share information from the database with federal police, was enough to make co-operation politically impossible for California’s liberal cities.

New Orleans recently ended its relationship with Palantir, a company that built predictive-policing software for the city entirely outside public view. (Its founder, Alex Karp, is a non-executive director on the board of The Economist Group.) Palantir donated the product to the city, but civil-rights activists feared the firm was using New Orleans as a testing ground. Had the city acquired the services through the usual procurement process, it may not have caused a fuss. But a secretive deal for a predictive-policing program run with proprietary algorithms proved too much.

Local politicians upholding their communities’ values is cause to cheer, particularly when it happens in the usually grey area of law-enforcement surveillance. This does not mean that the sort of strict oversight favoured by liberal, multi-ethnic northern California will fly everywhere. “It has to be local,” says Mr Birch. “That’s the only way these privacy commissions can work. They have to reflect local standards.”

There are also benefits in sharing results of number-crunching with other arms of government and civil society. A map of crime is also a map of need. “What you’re modelling is a host of factors, and you’re only giving it to one publicly available resource, which is the punitive resource,” says Mr Goff of John Jay College. “Why would you not also give this to social-service providers?”

Similarly, Andrew Papachristos, a sociologist whose research helped the Chicago PD create its strategic subject list, urged the police to share data, and wrote, “The real promise of using data analytics to identify those at risk of gunshot victimisation lies not with policing, but within a broader public-health approach.” The young men at risk of being shot may also need job training and counselling. Trained mediators could calm conflicts before they flare into violence.

Any number of interventions might benefit them and the community better than contact with the police. As Mr Ferguson writes, “Police may be the primary actors in the system to solve crime, but they do not have to be the primary actors in the system to reduce risk.” And if police can measure their success at driving down crime rates, surely cities can measure providers’ success at offering social services.

But they have to want to do it, and this, too, is a question of citizen involvement—not of oversight, but of political will. “Law and order” candidates win elections more often than “efficiently targeted social-services” candidates. New technology helps justice systems collect and organise data more efficiently. They can use it to punish. Or they can use it for the unglamorous, less politically rewarding work of dealing with the causes of crime.

Ultimately, citizens in open societies must decide for themselves what they are willing to tolerate. Technological change is inevitable, but does not have to happen without being questioned. Perhaps people want their neighbours to drive around in cars topped with facial-recognition cameras that report everything to police. If they do not, they need to speak up—forcefully, and now.

Illustration by Simon Myers



Download the complete “data detectives” graphic novel here

Read more from the print edition »