Not Just Guns And Laws

I feel as bad and outraged about the shooting at Marjory Stoneman Douglas school in Parkland, Florida as anyone – I truly do. And I understand the frustration of the students and parents and staff at this school and others across the country who want something – anything – done to prevent such incidents in the future. I have listened to and read the heated comments about this incident, the calls for banning guns and more “gun control” (whatever that means). But I am outraged as much about what I haven’t heard or read.

Because of what I do for a living, I have dissected and analyzed this incident (and most of the others like it) both frontwards and backwards. And what I rarely see (the shooting from Mandalay Bay Resort in Las Vegas being a notable exception) is any outrage directed toward the place where the shooting occurred…in other words, the lack of security which allowed such an event to happen.

Consider just these few issues related to Stoneman Douglas school:

· There was nothing or no one to identify, prevent, restrict or impede the armed shooter from being on the school grounds – no outdoor access control. 

· There was nothing or no one to monitor, identify, screen, prevent, restrict or impede the armed shooter from getting into the school – no perimeter access control. 

· There was nothing or no one to monitor, screen, prevent, restrict, impede or limit the armed shooter from roaming through the school once he got in – no interior access control or response plan. 

· There was the questionable response from the school resource officer who failed to immediately enter the school to engage the shooter.  

But of course the measures needed to remedy these shortcomings – which are unfortunately common at most schools across the country – require more resources, and nobody wants their taxes raised or additional fees imposed.

The point I am trying to make is that there is no single or simple fix to prevent these types of incidents. We need to expend resources to reasonably harden our schools and other “soft targets.” We need to assure that we have adequate plans in place to respond to these kinds of incidents because there is no such thing as perfect or absolute security and such situations will surely be attempted in the future. And perhaps most importantly we need to expend resources to identify and deal with the kinds of aberrant people and behaviors which commit these heinous acts.  

What we don’t have to do is focus all the blame and attention on banning guns and creating more gun laws, because to do so ignores the real roots of the problem.

Security In Today’s World

We claim to be winning the war on terrorism; and we base this claim on the fact that there have been relatively few significant terrorist acts in the recent past.  (This does of course make a distinction between extremist/radical terrorism and homegrown domestic violence/terrorism – although the lines are becoming more and more blurred.) 

But our sense of accomplishment and almost-victory is belied by reality.  The bad guys – whatever their ilk – are in fact winning.  To make my point, consider the following:

 

·        Heavily armed law enforcement officials patrol downtown areas and sporting venues and public buildings and transportation hubs and election sites.  The Super Bowl is classified as a National Security Event.

 

·        The airplane experience has no resemblance to what it used to be:  removing shoes, physical body searches, extensive baggage screening, waiting lines to enter plane areas and board are now the norm.

 

·        The places we went to feel safe and to “get away from it all” – the movie theatres and restaurants and resorts and public parks and shopping malls are now the scenes of cruel and deadly attacks and murders.  We now go armed to those places.

 

·        The places we went for comfort and solace and healing and education – schools, churches, hospitals, day care centers, rehab facilities – are now places where the bad guys know they can prey upon the defenseless.

 

So with all these changes to the way we feel and the way we must now live, can we really say that we are “winning” the war on terrorism? 

 

I think there is some comfort and consolation in knowing that bad events are still relatively infrequent.  But I also think that we must never let our sense of comfort overshadow our sense of realization that we still live in an unpredictable and not-so-safe world.

Being An “Expert”

In the security profession  – or in any discipline really – being an “expert” or “expert witness” is usually not a position to which one aspires at an early age.  It often comes first as an ancillary endeavor, then perhaps as a full-time profession.  It usually comes mid-career, and often endures past career prime and even past normal retirement time.  So how does one “become” an expert?  Is there a course or test that must be taken to “become” an expert?  Here’s the reality:

 

One does not necessarily seek recognition as an “expert;” and “expert” is not a connotation or designation bestowed on oneself – it is status or standing in one’s profession as attested to and recognized and conferred by others.  Therefore, there is – and really can be – no course of study or training program or test that culminates with the title of “expert” since a true “expert” does not become so until the expertise is recognized by others.

 

An “expert” is generally recognized for a composite of professional education, training, experience, expertise, analytical skills, writing skills, presentation skills, involvement in professional organizations, involvement in professional activities as a volunteer, professional and personal integrity, professional and personal credibility – and having a good track record in all the aforementioned.  And in addition to these attributes, “experts” usually have some other traits that are acknowledged by others:   He is the “go-to” guy within his organization;  he is a “go-to” guy within one’s industry and/or among one’s professional peers;  he is actively sought to help with resolving problems or improving operations or developing strategies or developing policies and procedures – being sought to do for others what they should/could be doing for themselves.  He is regarded as the person who will almost undoubtedly do the right thing or have the right answer at the right time.

 

So being the smartest man in the world by self-appointment – even if true – does not make one an “expert” as the term is being used here.  Rather, it is the acknowledgement by others that one is the right person to do a particular job that distinguishes one as an “expert.”

Words To Live – Or Stay Living – By

In the world of security, as in many facets of life, an old adage is absolutely true:  It is better to have it and not need it than to need it and not have it.

The Concept Of “Reasonable Security”

Every organization has a legal obligation to provide a safe environment, based on the concept of “reasonable security.”  The owner/landlord does not have to guarantee absolute security.  However,  reasonableness and adequacy of security must be affirmatively demonstrated.  This basic concept is founded in most states’ case law (and, in some states, in statutory law).  In today’s world, there is virtually no place that can claim that no security is adequate.

The implementation or existence of a security program in and of itself does not guarantee that the program is adequate and sufficient, since the standard by which a security program will be judged is reasonableness with regard to foreseeable threats and risks at a specific place.

“Reasonable security” has been consistently defined by premises security case law to mean that appropriate security measures must be implemented commensurate with risks which are reasonably foreseeable at a specific place.  And a reasonable consideration of foreseeability has been determined to include the nature of the premises; the history of incidents at the premises; the history of incidents in geographic surroundings; and  any relevant industry standards.

Adequacy of security is legally defensible only when  vulnerabilities and risks are assessed via some conscious or formalized process to determine foreseeability, and commensurate security measures then  implemented to reasonably address those identified foreseeable risks (this is the usual standard by which adequacy and sufficiency of security is determined by courts).

 
A good process for developing a sound security strategy has dual benefits:  The program will be designed to protect the organization’s assets; and the program will be legally defensible should it be challenged in court.
 

 

SOMETIMES...

SOMETIMES...

 good security means doing things that are not politically correct – you can’t always have it both ways;

doing the right thing is more important than following the rules or being politically correct;

the perception of good security is as good as or better than the reality;

there isn’t a good choice – sometimes you must choose between the best of the bad choices;

the end does justify the means;

it’s better to be judged by 12 than carried by 6;

popularity of an issue does not equate to fairness or justice;

a verdict has nothing to do with a good or bad prosecution strategy or a good or bad defense strategy –sometimes a verdict is based simply on facts and evidence;

“justice” fueled by public opinion and media and political pressure is not really justice;

“justice” is not what someone wants it to be – sometimes justice is simply what is;

the cutest puppy has the meanest growl and the sharpest teeth;

you get what you want, but sometimes you get what you deserve.

 

AND ALWAYS…

there is virtually nothing that is purely or simply black or white.
 

Value In “Dummy” Surveillance Cameras?

As both a former Director of Security and now an independent security consultant, I have rarely been a proponent of using “dummy” cameras as part of a security strategy.

 

Real cameras are used for several general purposes:  To monitor areas/events in real time to (hopefully) initiate appropriate response as needed; and/or to record areas/events for investigative/documentation purposes; and/or to provide a visible deterrent to inappropriate activities;  and/or to provide a heightened sense of security to the area’s legitimate users.

 

With that being the case for real cameras, here are the operational downsides of using “dummy” cameras:  Obviously, there is no real-time monitoring of areas/events possible, so appropriate response to problems is not possible (and it would be cost-prohibitive – and economically foolish – to try to replace cameras with personnel); and obviously, there is no recording of events for investigative/documentation purposes (the chances of personnel being able to provide comparable information are slim).   On the plus side, there might be a comparable visible deterrent to inappropriate activity, especially if the cost savings of “dummy” cameras vs. real cameras is used to provide additional “dummies.”  But even that deterrent value might be negated if poor-quality “dummy” cameras (an oxymoron?) are used which are easily identified as “dummies” because of no lights or wiring connections.  (NOTE:  the only time I have ever used “dummy” cameras was to add the impression of even more cameras to an application of real cameras which already covered everything I wanted covered.

 

 

But to me, the primary problem with the use of “dummy” cameras is an unnecessary and thus unacceptable  increase in liability.   The heightened sense of security for legitimate area users is totally negated when it is learned that there is no real protection being afforded. Legitimate users will feel betrayed and tricked when the truth is learned (and it will be – someone will find out somehow). And the worse-case scenario will be when an incident occurs and a victim questions and learns why there was no ready response or at least visual documentation of the event.  I have been involved in such cases as an expert witness (this would most probably evolve as a premises security liability lawsuit based on inadequate security) and have been able to opine that the “dummy” cameras created a false sense of security that did not truly exist, and this is actually worse than having no cameras of any kind:  at least if there are no cameras present, legitimate users will not have any expectations as to the level of security and may thus be more aware of their own responsibility for personal security; where on the contrary a legitimate user may be less aware of personal security issues since he believes that he is being “helped” by real cameras.

 

Bottom line for me:  “Dummy” cameras have the potential to cause more problems than they solve.

 

 

 

“Predicting” Violent Behavior

We currently live in a society that is “an environment conducive to criminality:”  virtually all aspects of the most popular forms of entertainment involve violence and anti-social behavior (movies, television, video games, etc.); the news media thrives on violence and anti-social behavior (count the number of such stories versus “good” or “nice” news); society by and large has come to accept violence and anti-social behavior (we abide such behaviors in our neighborhoods and schools, our criminal justice system is virtually an ineffective revolving door, etc.); and we expend resources to protect ourselves usually only after a tragic event has occurred.  In other words, we may not like it, but we actually do – or can do – little about it.

 

We try to find reasons for violent behavior, and try to find ways to “predict” it in hopes of preventing it.  But is such a lofty goal even possible?   Or does the concept of preventing problems exist only in theory, not reality or practicality?  Consider:

 

“Behavior modification” is a great term and concept – provided that we have some idea as to whose behavior we are attempting to modify.  When the threat is external to an organization, how can we begin to know which of the next 732 persons to enter a facility is the one whose behavior needs modifying?  How can we begin to know if the “behavior modification” techniques that might work on 731 of those persons will work on the 1 who will actually be the next shooter?  If none of those 732 go on a shooting rampage today, does that mean that our “behavior modification” techniques were successful – or that none of them simply chose today as the day to shoot?   Etc. etc. etc.

 

We see examples of our efforts to find a new way to predict the next shooter every time another incident occurs (and by the way, nothing PREDICTS behavior – certain behaviors may be indicated, but none can be PREDICTED).  But the reality is that there is virtually nothing we can do because, even when some people see the signs, nothing is done because “if you see something, say something” is not socially acceptable, or is contrary to HIPAA (when the see-er is a mental or medical health professional), or is something that “…I was going to do later…” or whatever.  Families, bosses, co-workers, fellow classmates, etc. see things every day that are indicators of potential violent behavior, but do nothing because it is simply not politically correct or they’re busy or they did not realize what they were seeing or a million other excuses.

 

After every new incident comes another discussion of the same things, and the results are always the same – nothing gets changed, because nothing can really be changed.  Because even when problems are indicated before they occur, we still almost never do anything about them until after they have occurred.

 

Security professionals do not control organizational purse strings or the magic key to the CEO’s psyche, so we cannot implement the things which we know will pretty much stop the bad guys from doing most bad things most of the time.  And all of the studies and nice terminology and fancy graphs will never change that fact.  (And while agencies such as the U.S. Secret Service do a great job of behavioral analysis, remember that they have an entire division of professionals who do nothing but behavioral analysis and have the resources to investigate and check out their findings and leads and have to “only” protect a handful of key assets.)

 

So in the end,  all we as security professionals can really DO (as opposed to discussing theory and hypothesis) is do the best we can with resources our bosses choose to expend – that is, protect to the best of our abilities, with whatever resources we have been allotted, whatever our bosses have decided are our key assets. Period.

 

Academic vs. Practical Security Knowledge

Regardless of the extent of knowledge acquired via formal education or academic pursuit, it is almost always most beneficial to retain a security consultant or expert witness who has practical, hands-on experience in the subject matter at hand.

When a particular situation or case needs someone to interpret or present information that is based solely on scientific or theoretical fact, an expert with only an educational or academic background might be most suitable.  But in circumstances requiring expert OPINION – knowledge of specialized information and its application to a specific scenario – an expert with practical experience is most valuable.  In such cases, an expert who has been personally involved in the application of the relevant subject matter to a variety of diverse situations will be best able to provide the comprehensive insight that is needed to best assist the organization or attorney because he has had to not only know the subject matter, but has had to apply that knowledge to the situational nuances of the real world (a skill not generally found in experts who only possess academic or theoretical knowledge).

The primary value that a security consultant or expert witness brings to an organizational situation or legal case is his ability to apply general security principles to a specific situation because he has been there and done that.

Business Size And The Need For Security

Regardless of the size and sophistication of a business – from the sole proprietor of the neighborhood bar to the international conglomerate – the concept of providing a reasonably safe premises remains the same:   namely, a business must provide reasonable security commensurate with reasonably foreseeable threats and risks; and reasonable foreseeability is generally determined by a conscious analysis of the inherent nature of the business and the history of general criminal acts at and around the business.

 

While large organizations may meet their obligation to provide a safe environment via sophisticated security programs with designated personnel and formalized policies and procedures, even small businesses must do something proactively to meet their obligation – they must still take into account the kinds of problems that they will likely encounter given their particular situation (i.e., location, nature of business, clientele, prior problems, etc.).

 

Many small businesses erroneously presume that their small size will somehow either preclude problems or somehow absolve them of their legal obligation to provide a safe environment.  But statistics continue to show that small businesses – bars, apartment buildings, retail stores, etc. – are the venues where criminal activities are most likely to occur and consequently the kinds of places most likely to be sued for inadequate security.  And the settlements and awards stemming from these lawsuits should give business owners and operators cause for concern.

 

This information is important for 2 reasons:  First, it is prudent for businesses to understand that proactive attention to security matters is better and ultimately less expensive than after-the-fact litigation; and businesses that may find themselves involved in premises security liability cases need to remember that the criteria by which security is assessed will be the same regardless of the size of the business at which an incident has occurred.

Preparing for Testimony

Practitioners in the security industry may occasionally be called on to provide testimony in some legal proceeding (either a criminal or civil case; during a deposition or at trial; as a fact witness or an expert). While those practitioners who have served as case consultants and/or expert witnesses will probably have had testimony experience, other security personnel may be faced with giving testimony for the first time. Regardless of the inherent knowledge or expertise of a witness, he/she still needs to be credible, effective and persuasive to the Judge and/or jury. To this end, preparation of the witness is very important.

Each attorney has a unique style and strategy and will undoubtedly have an established procedure for prepping witnesses. But here are a few issues that should be considered by anyone preparing to testify:

(1)  One issue that is sometimes overlooked in the preparation of a witness is the fact that he can only respond to the questions asked (a good witness can sometimes find a way to include additional information, but not always). So close collaboration with counsel is very important, not only to prepare for testimony expected during direct examination at trial, but for anticipated cross-examination. There needs to be a clear understanding and agreement of what information needs to be conveyed, the best manner to convey it, and the best manner to counteract aggressive cross examination, including attacks on both personal credibility and the credibility of testimony.

(2)  Even if not specifically demanded in the deposition or trial subpoena, availability of any relevant case materials/files is a good idea. Specific information such as dates, times and/or other technical information is likely to be a subject at issue, so it is better to refer to notes than to give erroneous information which may later be challenged or used to impeach the witness.

(3)  Answering questions “yes” or “no,” or at least as briefly as possible, is always a good idea. But when such a brief answer is not sufficient – such as when additional clarification or expansion is necessary – it is often best not to begin the answer with “yes” or “no” (such as “Yes, but…”) because an experienced attorney may not allow the “but” portion. Rather, it is sometimes better to begin a longer answer with a qualifying statement such as “Unfortunately, that question cannot be answered with a simple ‘yes’ or ‘no’, ” then go on with the full answer.

(4)  It is usually helpful for a witness to be advised of the personality and usual strategies/tactics of the opposing attorney. This helps the witness to better prepare for the demeanor and “personality” of the anticipated proceeding (for example, knowing that a particular attorney focuses just as much on the witness’s background as he does on specific case issues). Knowing what to expect from a particular attorney is a great asset for testimony preparation.

(5)  A witnesses should pause briefly before giving any answer, to allow his attorney the opportunity to object before potentially damaging or unnecessary information is inadvertently given.

Testifying in any legal proceeding is often a stressful and challenging ordeal. So having as much information as possible about what to expect, and being as prepared as possible, goes a long way towards doing a thorough, competent and professional job.

Foreseeability In Premises Liability Cases

Civil lawsuits resulting from security-related incidents on both public and private property generally are classified as “premises liability” cases. The basic concept of premises liability is that owners/landlords have a legal obligation to provide reasonable security based on foreseeability. But many persons with an interest in providing or assessing “reasonable security” – security and loss prevention practitioners, and attorneys – are sometimes misinformed about the concept of foreseeability.

“Foreseeability” as defined by most courts in the U.S. (with only few minor exceptions, most notably Michigan) is a broader concept than is recognized by many. Foreseeability is usually determined by a formal assessment of 4 distinct criteria:

The inherent nature of the premises: Every premises has a distinct nature, each with its inherent problems and risks. Bars, for example, have different inherent risks than do shopping malls, just as schools have different inherent risks than do hospitals. The intrinsic nature of the premises is the first factor to be considered in determining foreseeability.

The history of security incidents at the premises: History does have a tendency to repeat itself. A premises with a history of crime and security incidents can probably expect more crime and incidents in the future. The history of events at a premises is the second factor to be considered in determining foreseeability.

And with regard to the history of incidents at a premises, Courts have not necessarily held that criminal or security incidents of a specific nature are a determining factor. For example, a parking lot with a history of thefts and robberies will probably not be able to successfully claim that it was unaware of security issues when a carjacking occurs. Criminal and security incidents in general are considered, because security measures are usually not implemented to prevent or deter only one type of incident (the CCTV surveilling the parking lot is not only scanning for thieves and robbers).

The history of security incidents in the immediate geographic surroundings: Crime usually does not limit itself to specific sites. Criminals engaged in inappropriate activities are usually opportunists who are always looking for an easy target. So security problems that occur in a neighborhood will frequently find their way to and impact any given premises in that neighborhood. The history of events in the neighborhood is the third factor to be considered in determining foreseeability.

Industry security standards for the premises: Any organization whose industry has established some formalized standards or practices for security has an obligation to at least consider those security measures. Industry standards, guidelines and practices are usually not developed until and unless there is significant commonality among the members of the industry. So standards and practices that have been developed, especially for security, are probably relevant and must be considered. Industry security standards are the fourth factor to be considered in determining foreseeability.


So a quick review of past incident reports will not be sufficient for an organization to successfully argue that it has met its obligation with regard to foreseeability. And why is foreseeability so important? Because it is the results of the foreseeability assessment that determine what security measures are reasonable under the circumstances.