Not Just Guns And Laws

I feel as bad and outraged about the shooting at Marjory Stoneman Douglas school in Parkland, Florida as anyone – I truly do. And I understand the frustration of the students and parents and staff at this school and others across the country who want something – anything – done to prevent such incidents in the future. I have listened to and read the heated comments about this incident, the calls for banning guns and more “gun control” (whatever that means). But I am outraged as much about what I haven’t heard or read.

Because of what I do for a living, I have dissected and analyzed this incident (and most of the others like it) both frontwards and backwards. And what I rarely see (the shooting from Mandalay Bay Resort in Las Vegas being a notable exception) is any outrage directed toward the place where the shooting occurred…in other words, the lack of security which allowed such an event to happen.

Consider just these few issues related to Stoneman Douglas school:

· There was nothing or no one to identify, prevent, restrict or impede the armed shooter from being on the school grounds – no outdoor access control. 

· There was nothing or no one to monitor, identify, screen, prevent, restrict or impede the armed shooter from getting into the school – no perimeter access control. 

· There was nothing or no one to monitor, screen, prevent, restrict, impede or limit the armed shooter from roaming through the school once he got in – no interior access control or response plan. 

· There was the questionable response from the school resource officer who failed to immediately enter the school to engage the shooter.  

But of course the measures needed to remedy these shortcomings – which are unfortunately common at most schools across the country – require more resources, and nobody wants their taxes raised or additional fees imposed.

The point I am trying to make is that there is no single or simple fix to prevent these types of incidents. We need to expend resources to reasonably harden our schools and other “soft targets.” We need to assure that we have adequate plans in place to respond to these kinds of incidents because there is no such thing as perfect or absolute security and such situations will surely be attempted in the future. And perhaps most importantly we need to expend resources to identify and deal with the kinds of aberrant people and behaviors which commit these heinous acts.  

What we don’t have to do is focus all the blame and attention on banning guns and creating more gun laws, because to do so ignores the real roots of the problem.

Security In Today’s World

We claim to be winning the war on terrorism; and we base this claim on the fact that there have been relatively few significant terrorist acts in the recent past.  (This does of course make a distinction between extremist/radical terrorism and homegrown domestic violence/terrorism – although the lines are becoming more and more blurred.) 

But our sense of accomplishment and almost-victory is belied by reality.  The bad guys – whatever their ilk – are in fact winning.  To make my point, consider the following:

 

·        Heavily armed law enforcement officials patrol downtown areas and sporting venues and public buildings and transportation hubs and election sites.  The Super Bowl is classified as a National Security Event.

 

·        The airplane experience has no resemblance to what it used to be:  removing shoes, physical body searches, extensive baggage screening, waiting lines to enter plane areas and board are now the norm.

 

·        The places we went to feel safe and to “get away from it all” – the movie theatres and restaurants and resorts and public parks and shopping malls are now the scenes of cruel and deadly attacks and murders.  We now go armed to those places.

 

·        The places we went for comfort and solace and healing and education – schools, churches, hospitals, day care centers, rehab facilities – are now places where the bad guys know they can prey upon the defenseless.

 

So with all these changes to the way we feel and the way we must now live, can we really say that we are “winning” the war on terrorism? 

 

I think there is some comfort and consolation in knowing that bad events are still relatively infrequent.  But I also think that we must never let our sense of comfort overshadow our sense of realization that we still live in an unpredictable and not-so-safe world.

Words To Live – Or Stay Living – By

In the world of security, as in many facets of life, an old adage is absolutely true:  It is better to have it and not need it than to need it and not have it.

The Concept Of “Reasonable Security”

Every organization has a legal obligation to provide a safe environment, based on the concept of “reasonable security.”  The owner/landlord does not have to guarantee absolute security.  However,  reasonableness and adequacy of security must be affirmatively demonstrated.  This basic concept is founded in most states’ case law (and, in some states, in statutory law).  In today’s world, there is virtually no place that can claim that no security is adequate.

The implementation or existence of a security program in and of itself does not guarantee that the program is adequate and sufficient, since the standard by which a security program will be judged is reasonableness with regard to foreseeable threats and risks at a specific place.

“Reasonable security” has been consistently defined by premises security case law to mean that appropriate security measures must be implemented commensurate with risks which are reasonably foreseeable at a specific place.  And a reasonable consideration of foreseeability has been determined to include the nature of the premises; the history of incidents at the premises; the history of incidents in geographic surroundings; and  any relevant industry standards.

Adequacy of security is legally defensible only when  vulnerabilities and risks are assessed via some conscious or formalized process to determine foreseeability, and commensurate security measures then  implemented to reasonably address those identified foreseeable risks (this is the usual standard by which adequacy and sufficiency of security is determined by courts).

 
A good process for developing a sound security strategy has dual benefits:  The program will be designed to protect the organization’s assets; and the program will be legally defensible should it be challenged in court.
 

 

“Predicting” Violent Behavior

We currently live in a society that is “an environment conducive to criminality:”  virtually all aspects of the most popular forms of entertainment involve violence and anti-social behavior (movies, television, video games, etc.); the news media thrives on violence and anti-social behavior (count the number of such stories versus “good” or “nice” news); society by and large has come to accept violence and anti-social behavior (we abide such behaviors in our neighborhoods and schools, our criminal justice system is virtually an ineffective revolving door, etc.); and we expend resources to protect ourselves usually only after a tragic event has occurred.  In other words, we may not like it, but we actually do – or can do – little about it.

 

We try to find reasons for violent behavior, and try to find ways to “predict” it in hopes of preventing it.  But is such a lofty goal even possible?   Or does the concept of preventing problems exist only in theory, not reality or practicality?  Consider:

 

“Behavior modification” is a great term and concept – provided that we have some idea as to whose behavior we are attempting to modify.  When the threat is external to an organization, how can we begin to know which of the next 732 persons to enter a facility is the one whose behavior needs modifying?  How can we begin to know if the “behavior modification” techniques that might work on 731 of those persons will work on the 1 who will actually be the next shooter?  If none of those 732 go on a shooting rampage today, does that mean that our “behavior modification” techniques were successful – or that none of them simply chose today as the day to shoot?   Etc. etc. etc.

 

We see examples of our efforts to find a new way to predict the next shooter every time another incident occurs (and by the way, nothing PREDICTS behavior – certain behaviors may be indicated, but none can be PREDICTED).  But the reality is that there is virtually nothing we can do because, even when some people see the signs, nothing is done because “if you see something, say something” is not socially acceptable, or is contrary to HIPAA (when the see-er is a mental or medical health professional), or is something that “…I was going to do later…” or whatever.  Families, bosses, co-workers, fellow classmates, etc. see things every day that are indicators of potential violent behavior, but do nothing because it is simply not politically correct or they’re busy or they did not realize what they were seeing or a million other excuses.

 

After every new incident comes another discussion of the same things, and the results are always the same – nothing gets changed, because nothing can really be changed.  Because even when problems are indicated before they occur, we still almost never do anything about them until after they have occurred.

 

Security professionals do not control organizational purse strings or the magic key to the CEO’s psyche, so we cannot implement the things which we know will pretty much stop the bad guys from doing most bad things most of the time.  And all of the studies and nice terminology and fancy graphs will never change that fact.  (And while agencies such as the U.S. Secret Service do a great job of behavioral analysis, remember that they have an entire division of professionals who do nothing but behavioral analysis and have the resources to investigate and check out their findings and leads and have to “only” protect a handful of key assets.)

 

So in the end,  all we as security professionals can really DO (as opposed to discussing theory and hypothesis) is do the best we can with resources our bosses choose to expend – that is, protect to the best of our abilities, with whatever resources we have been allotted, whatever our bosses have decided are our key assets. Period.

 

Business Size And The Need For Security

Regardless of the size and sophistication of a business – from the sole proprietor of the neighborhood bar to the international conglomerate – the concept of providing a reasonably safe premises remains the same:   namely, a business must provide reasonable security commensurate with reasonably foreseeable threats and risks; and reasonable foreseeability is generally determined by a conscious analysis of the inherent nature of the business and the history of general criminal acts at and around the business.

 

While large organizations may meet their obligation to provide a safe environment via sophisticated security programs with designated personnel and formalized policies and procedures, even small businesses must do something proactively to meet their obligation – they must still take into account the kinds of problems that they will likely encounter given their particular situation (i.e., location, nature of business, clientele, prior problems, etc.).

 

Many small businesses erroneously presume that their small size will somehow either preclude problems or somehow absolve them of their legal obligation to provide a safe environment.  But statistics continue to show that small businesses – bars, apartment buildings, retail stores, etc. – are the venues where criminal activities are most likely to occur and consequently the kinds of places most likely to be sued for inadequate security.  And the settlements and awards stemming from these lawsuits should give business owners and operators cause for concern.

 

This information is important for 2 reasons:  First, it is prudent for businesses to understand that proactive attention to security matters is better and ultimately less expensive than after-the-fact litigation; and businesses that may find themselves involved in premises security liability cases need to remember that the criteria by which security is assessed will be the same regardless of the size of the business at which an incident has occurred.

What Is “Profiling” – And Is It Inherently Bad

From the never-ending hunt for terrorists to the George Zimmerman/Trayvon Martin criminal case, the term “profiling” is much in everyday news and media.  But do we fully understand the concept?

 

If memory serves me correctly, “profiling” was initially intended to connote an unwarranted singling out of a particular group for excessive or intense scrutiny.  The term was primarily focused on law enforcement practices,  and was usually translated to mean the surveillance of persons of color by white police officers for no particular or specific reason other than the color of their skin.  The term was then expanded:  “surveillance” was expanded to include practices such as stopping, questioning, detaining, and harassing; and “color of their skin” was expanded to include certain names, ethnic groups, religious affiliations and neighborhoods.  Used in that narrow and straightforward context, “profiling” is not a good concept or effective law enforcement strategy. 

 

HOWEVER:  With the advent of sophisticated data collection practices and tools, information-gathering has become the norm rather than the exception, so the “simple” concept of profiling is no longer so simple and straightforward.  Now there are empirical ways to gather and analyze data to single out and categorize specific groups for specific reasons – the perpetrators of every type of crime or terrorist act can be specifically identified and correlated to specific kinds of incidents.  This categorization of individuals who are undeniably linked to particular kinds of crimes and incidents creates groups who need to be more intensely scrutinized than groups who have little if any relationship to those crimes. 

 

Hypothetical case in point:  I am the Security Manager for a store with a significant theft problem.  I have competently performed my due diligence and gathered and analyzed information from 5 years worth of theft statistics including surveillance video and apprehensions and investigations and interviews, and the resulting empirical data shows that 95% of my theft problems have been caused by well-dressed white women over the age of 50.  Is it not then good practice to pay special surveillance attention to well-dressed white women over the age of 50 who come into my store?  And if so, then watching for those women is NOT “profiling” in the bad sense, it is good, reasonable and appropriate security practice which I would be remiss to ignore.  But have I singled out (“profiled”) a particular group for enhanced observation?  Certainly. 

 

Profiling is not inherently a bad practice.  It is bad only when used in a haphazard, uneducated, unsubstantiated manner.  So the intensified scrutiny of young Middle Eastern men by those concerned with terrorism detection and prevention, or the focused scrutiny of an unrecognized young black man by a neighborhood watch volunteer are not intrinsically bad things.

Preparing for Testimony

Practitioners in the security industry may occasionally be called on to provide testimony in some legal proceeding (either a criminal or civil case; during a deposition or at trial; as a fact witness or an expert). While those practitioners who have served as case consultants and/or expert witnesses will probably have had testimony experience, other security personnel may be faced with giving testimony for the first time. Regardless of the inherent knowledge or expertise of a witness, he/she still needs to be credible, effective and persuasive to the Judge and/or jury. To this end, preparation of the witness is very important.

Each attorney has a unique style and strategy and will undoubtedly have an established procedure for prepping witnesses. But here are a few issues that should be considered by anyone preparing to testify:

(1)  One issue that is sometimes overlooked in the preparation of a witness is the fact that he can only respond to the questions asked (a good witness can sometimes find a way to include additional information, but not always). So close collaboration with counsel is very important, not only to prepare for testimony expected during direct examination at trial, but for anticipated cross-examination. There needs to be a clear understanding and agreement of what information needs to be conveyed, the best manner to convey it, and the best manner to counteract aggressive cross examination, including attacks on both personal credibility and the credibility of testimony.

(2)  Even if not specifically demanded in the deposition or trial subpoena, availability of any relevant case materials/files is a good idea. Specific information such as dates, times and/or other technical information is likely to be a subject at issue, so it is better to refer to notes than to give erroneous information which may later be challenged or used to impeach the witness.

(3)  Answering questions “yes” or “no,” or at least as briefly as possible, is always a good idea. But when such a brief answer is not sufficient – such as when additional clarification or expansion is necessary – it is often best not to begin the answer with “yes” or “no” (such as “Yes, but…”) because an experienced attorney may not allow the “but” portion. Rather, it is sometimes better to begin a longer answer with a qualifying statement such as “Unfortunately, that question cannot be answered with a simple ‘yes’ or ‘no’, ” then go on with the full answer.

(4)  It is usually helpful for a witness to be advised of the personality and usual strategies/tactics of the opposing attorney. This helps the witness to better prepare for the demeanor and “personality” of the anticipated proceeding (for example, knowing that a particular attorney focuses just as much on the witness’s background as he does on specific case issues). Knowing what to expect from a particular attorney is a great asset for testimony preparation.

(5)  A witnesses should pause briefly before giving any answer, to allow his attorney the opportunity to object before potentially damaging or unnecessary information is inadvertently given.

Testifying in any legal proceeding is often a stressful and challenging ordeal. So having as much information as possible about what to expect, and being as prepared as possible, goes a long way towards doing a thorough, competent and professional job.

Foreseeability In Premises Liability Cases

Civil lawsuits resulting from security-related incidents on both public and private property generally are classified as “premises liability” cases. The basic concept of premises liability is that owners/landlords have a legal obligation to provide reasonable security based on foreseeability. But many persons with an interest in providing or assessing “reasonable security” – security and loss prevention practitioners, and attorneys – are sometimes misinformed about the concept of foreseeability.

“Foreseeability” as defined by most courts in the U.S. (with only few minor exceptions, most notably Michigan) is a broader concept than is recognized by many. Foreseeability is usually determined by a formal assessment of 4 distinct criteria:

The inherent nature of the premises: Every premises has a distinct nature, each with its inherent problems and risks. Bars, for example, have different inherent risks than do shopping malls, just as schools have different inherent risks than do hospitals. The intrinsic nature of the premises is the first factor to be considered in determining foreseeability.

The history of security incidents at the premises: History does have a tendency to repeat itself. A premises with a history of crime and security incidents can probably expect more crime and incidents in the future. The history of events at a premises is the second factor to be considered in determining foreseeability.

And with regard to the history of incidents at a premises, Courts have not necessarily held that criminal or security incidents of a specific nature are a determining factor. For example, a parking lot with a history of thefts and robberies will probably not be able to successfully claim that it was unaware of security issues when a carjacking occurs. Criminal and security incidents in general are considered, because security measures are usually not implemented to prevent or deter only one type of incident (the CCTV surveilling the parking lot is not only scanning for thieves and robbers).

The history of security incidents in the immediate geographic surroundings: Crime usually does not limit itself to specific sites. Criminals engaged in inappropriate activities are usually opportunists who are always looking for an easy target. So security problems that occur in a neighborhood will frequently find their way to and impact any given premises in that neighborhood. The history of events in the neighborhood is the third factor to be considered in determining foreseeability.

Industry security standards for the premises: Any organization whose industry has established some formalized standards or practices for security has an obligation to at least consider those security measures. Industry standards, guidelines and practices are usually not developed until and unless there is significant commonality among the members of the industry. So standards and practices that have been developed, especially for security, are probably relevant and must be considered. Industry security standards are the fourth factor to be considered in determining foreseeability.


So a quick review of past incident reports will not be sufficient for an organization to successfully argue that it has met its obligation with regard to foreseeability. And why is foreseeability so important? Because it is the results of the foreseeability assessment that determine what security measures are reasonable under the circumstances.