Let the Learning Begin
ON OCTOBER 12-15 IN DALLAS, the ASIS International 56th Annual Seminar and Exhibits will be the place to be for a focus on security. Security directors, managers, and practitioners; homeland security, law enforcement, and human resources professionals; and military, infrastructure, and business experts will converge at the massive Dallas Convention Center to hear keynote speeches by Chesley B. Sullenberger III and former President of Pakistan Pervez Musharraf and to choose from more than 180 educational sessions covering topics of interest across the security spectrum. In this article we look at a few of those sessions in-depth to give you a taste of what’s to come.
Lowdown on Lies
On Tuesday, October 12, from 1:45 to 3 p.m., Tim Reddick, CPP, PCI, director of fraud and special investigation for the City of Philadelphia Office of the Controller, will teach seminar attendees to tell the difference between truth and lies in “Do You Hear What I Hear? An Examination of Forensic Content Analysis of Verbal Statements.” Reddick will use actual recorded interview excerpts to illustrate his points.
“A big mistake that investigators make is thinking that the interview begins when the subject walks through the door and starts talking. But the interview actually starts when the subject chooses to commit the offense. He or she decides, ‘If someone asks me about this, this is what I will tell them. This will be my story,’” Reddick explains.
Fortunately, subjects usually drop clues that make a tall tale stand out from a truthful recollection. First, Reddick says, subjects who have a story already made up want to tell it—almost as if a force majeure compels them to speak. Reddick has a recorded example of this in which the subject rambles even as the investigator tries to stop him, saying, “You don’t need to tell me about that.”
For that reason, explains Reddick, investigators should learn to let the subjects talk. It’s time-honored advice, he notes, saying “There’s a quote by Plutarch, the Greek historian and essayist, ‘A sage thing is timely silence, and better than any speech.’ Sometimes investigators need to sit there, and be quiet, and let them go.”
Subjects who are telling a false story tend to include “a lot of whys instead of a lot of whats,” Reddick notes. “I call it the ‘Because, Because, Because Option.’ In fact, in one of my examples, during a short clip, a woman being interviewed says ‘because’ about 50 times.” On the other hand, a person telling the truth will portray events in a linear fashion, without jumping around in time and without a lot of background information. They also usually have questions for the investigator.
“A nondeceptive person generally will answer and be helpful, but not overtly so. When an investigator calls up a truthful subject, that person will usually ask ‘What’s this about?’ and ‘Is this something I should be worried about?’ The deceptive person will just say, ‘Oh. Okay. Sure. I’ll be there.’ On occasion, they go to the opposite extreme and are overly confrontational. Either extreme can be a sign of deception.”
Deceptive people tend to make statements that indicate a lack of definiteness by using qualifiers such as “I think” or “I believe.” They may try to distract the interviewer with sweeping general statements. For example, a subject may say, “I wasn’t raised that way” and while that may be true, they’re still guilty.
In addition, subjects often use omission or avoidance. “They’ll tell you what sounds like the answer, but it isn’t. They do that because it’s less stressful and leads to fewer behavioral clues,” says Reddick. These clues can include vocal changes, such as talking faster or slower when asked a specific question, as well as language errors and tripping over words. These are usually paired with shifting in their seats, picking at clothing, and other movements conveying agitation and personal discomfort.
Reddick plays an interview clip in which a woman is asked what seems to be a simple and straight-forward question: “How long have you been separated from your husband?” It is immediately noticeable that the woman both stumbles for words and tries to avoid an answer. Finally, she tells the investigator, “I can’t say the length of time we were separated but I just know that things were very not good.”
Reddick notes, in this case, “She’s avoided the question and omitted the answer… and expected that to be sufficient.” He adds that in interviews where the subject continues to provide vague, noncommittal answers, investigators must ask increasingly specific questions—even to the point of allowing yes or no answers only. And the more reduction in the subject’s range of response, the more behavioral indicators of lying tend to appear.
“Deception is an intentional act. It is not accidental. A skilled investigator or interviewer will focus questions in such a way that the people either have to out-and-out lie or out-and-out tell the truth,” he says.
Reddick does provide some caveats, however. For example, he notes that individuals have personality quirks that may give false positives for lying, and also that subjects may appear to be lying because they are worrying about something else. For instance, he says, “The investigator might be asking about a theft that occurred yesterday. The subject may have had a fight with a coworker yesterday, and so he really doesn’t want to talk about that day. By narrowing the questions down, you can discover what the sensitivity really is about.”
Othello error. Another important component of Reddick’s session will be a discussion of the “Othello Error.” In the play by William Shakespeare, Othello believes that his wife, Desdemona, is having an affair with a man named Cassio. Othello accuses her of adultery. When Desdemona asks that Cassio testify to their innocence, Othello tells her that he has had Cassio killed. Othello interprets her anguished reaction as an admission of guilt, rather than what it is—horror at realizing she cannot prove her innocence, no matter what she does. When people are placed into a situation where they decide they will not be believed when they tell the truth, they begin to exhibit all the “tells” of a person who is being genuinely deceptive.
Surprisingly, says Reddick, “I’ve been in many interviewing courses, and there are few people who talk about this error. What we will teach in the session is to be careful about confrontations and accusations. If you use a confrontational interview technique, then you do have the possibility of committing Othello’s Error.”
“It’s almost impossible to tell when people are speaking the truth,” says Reddick, “but it is easier to tell when they’re being deceptive. If you don’t see any deceptive behavior, then generally you can eliminate a subject from consideration.” This process of elimination is especially helpful in cases where there may be dozens of potential wrongdoers. “You will have saved time and increased your chances of success,” he states.
Apocalypse Now
On Tuesday, October 12 from 4:30 to 5:30 p.m., the ASIS Crisis Management and Business Continuity Council will sponsor “Disaster in Haiti and Chile: Lessons in Organizational Resilience.” The session speaker will be Richard Wright, CPP, project manager for Virtual Development and Defense International of Leesburg, Virginia, a provider of specialized security services.
Wright will discuss a client company’s experience earlier this year during the major earthquakes in Haiti and Chile. The company, which is a lending institution, was providing loan packages and grants in Haiti, a nation that had already been devastated by tropical storms and hurricanes in 2008. “An earthquake with an epicenter in a city [Port au Prince] of 3 million people has never happened anywhere we’re aware of—especially one where three-fourths of the city’s structures fall down and 10 percent of the population is dead almost instantly,” Wright states. “The scale was apocalyptic.”
On January 12, when the earthquake occurred, the company operated a branch in Port au Prince staffed with about 50 employees. “It was right next door to the United Nations headquarters that pancaked,” he says. The branch office was damaged badly enough that it must be entirely rebuilt, but it did not completely collapse at the time, allowing staff to escape with only minor injuries from falling debris.
Wright says, “What we needed to do was provide an immediate response to ensure life safety and then life support as well as security…. On the night of the earthquake, at about 2:30 a.m., I was in a relayed satellite phone conversation with our country representative and the president of the institution telling them what I thought we needed to do and getting green light to do it,” recalls Wright. “This allowed me to talk to our air broker, and since we have operations in the Dominican Republic, we were able to stage out of that country into Haiti.”
Getting a plane on the ground “took a lot of push and a lot of hours and time on the phone with various and sundry people, but we were able to send in a planeload of supplies,” he says. “Many of the nonessential international staff and families were then flown out of the country. During the next few weeks, we had relief flights in and out from the Dominican Republic to bring out the local staff and families as necessary and to bring in supplies for those who were staying.”
Wright says that the quick response allowed some supplies to arrive unmolested and for the international employees to leave Haiti safely. But the early conditions did not last. As the days went by, criminal activity in Port au Prince increased, making a bad situation even more challenging.
At first, recounts Wright, “Everyone was in shock. There was little threat to the supply convoys, but as time passed, the threat grew, and we needed to make sure that we could get things securely to and from the airport. We’re talking about tons of supplies loaded onto SUVs moving through neighborhoods where dogs were eating dead bodies, and people were standing with their hands out,” he recalls.
Lessons learned. Among the lessons from the disaster that Wright will discuss is the need during normal times to be mindful of the condition and location of emergency communication equipment. “You can’t leave your satellite phone in the closet and not charge it up every so often, because when the disaster happens, you’ve got no electricity and no place to charge the phones except for from a car battery. In our case, we also had problems because of the damage to the building. The storeroom where the phones were kept was inaccessible for several days,” he explains.
Another problem concerned in-country emergency supplies. “We’d always kept a couple of safe havens stocked with food and water and medical supplies. One of those was in a residence that was completely destroyed and another was at the office,” Wright says.
All told, the crisis management plan “actually did quite well,” he opines. “What we did learn, however, was that a nightmare scenario cancels all bets and calls for an agonizing reassessment, as they say in poker. Some of the things you would like to do and that make sense when you look at them on paper don’t necessarily work when things are really going crazy. When your building is destroyed and employees are scattered about and the city is falling down, you can’t care about inventorying equipment. We had to secure it until it could be extracted, of course, but…we had to make sure that the critical life support and operational issues were addressed immediately; the other things written in a plan were done when we got to them.”
Wright says that the business continuity aspect of the planning functioned well. “Within a week, we had people working in an annex building that wasn’t damaged, but to be back to being a fully operating lending institution onsite took about a month,” he says.
“We had to go into a damaged, fragile server room and extract the servers while hoping the roof wouldn’t fall in. We were able to do it and to ship the servers back to [offices in] Washington, D.C., although the vast majority of information was already saved through nightly backups there,” Wright notes.
“We did have issues during the first two weeks getting our people up and running on the company’s network again. All the communication towers had fallen down, as well as the relays, and even our satellite system had to be pulled off the roof of the damaged building and reinstalled elsewhere to give us access to our network,” he explains.
Wright’s presentation will also touch on the Chilean earthquake on February 27. “There, the epicenter of the quake was far enough away that there were cracks and fissures and bridges that fell down, but none of our people were badly injured. For us, it was a different kind of approach. We immediately provided support to the Chilean government in their reaction to the situation,” he states.
Build It In
Randy Atlas, Ph.D., CPP, vice president of Atlas Safety and Security Design of Fort Lauderdale, Florida, will speak on Crime Prevention through Environmental Design (CPTED), on Tuesday, October 12, from 4:30 to 5:30 p.m. The session, which is titled “21st Century CPTED and Infrastructure Protection,” is sponsored by the ASIS Security, Architecture, and Engineering Council. Atlas will discuss the successful record of CPTED.
One example of its success, Atlas notes, is public housing. “Public housing has been using CPTED and Defensible Space theory for 30 years, and it has worked. I do work for the U.S. Department of Housing and Urban Development, and I see that where we have implemented these principles, crime is minimal,” he says.
Atlas thinks that as we move deeper into the new millennium, the broader application of CPTED in all types of U.S. architectural design is paramount, including—perhaps most importantly—critical infrastructure, much of which is in private hands. He sees this situation as dangerous because of the lack of regulations requiring CPTED principles to be designed into architectural plans.
“The U.S. private sector has no guidance or requirements to do anything [with regard to CPTED], so largely, it is not,” he says. “On the other hand, European nations, which have been dealing with terrorism for the last 40 years or longer, have developed national standards that deal with CPTED, blast resistance, glazing, lighting, and more in every building sector,” he states.
“Recently, I [was hired to work on] a CPTED security building code for the Urban Regional Planning Commission of Abu Dhabi, United Arab Emirates—a new city rising out of the sand, and a new opportunity to design security into the architecture. I had to study all the European Union security standards—and they’re exactly what we need in the United States, but don’t have…these European Union security standards that apply to glazing, alarms, security lighting, and more in multifamily housing, commercial businesses, and critical infrastructure.”
According to Atlas, “In the U.S. architecture and construction sector, unless you must comply with code, [CPTED] won’t happen. If you tell me I have to do it, then I will and count it as the cost of doing business, but whether there is code or regulation is the line in the sand. If we can cross that threshold and adopt codes and regulations, then we can design security into our buildings, our parks, our plazas, streets, bridges, schools, universities, offices, and critical infrastructure.”
Held Hostage
Christopher Falkenberg, president of Insite Security, and Chris Voss, founder of the Black Swan Group, a strategic business advisory firm that focuses on negotiations, will be the copresenters of the session “Corporate Kidnapping: Preparing Management for the Unthinkable,” which will take place on Thursday, October 14, from 4:30 to 5:30 p.m.
Both firms are located in Washington, D.C. Voss is a 24-year FBI veteran who became a hostage negotiator in 1992. He was, at one time, the bureau’s lead international kidnapping negotiator.
“The purpose of this session will be to help companies develop these sorts of plans and make them aware of the really significant and meaningful pitfalls,” states Falkenberg.
Equally important is what the session will not be: “It is not a primer on hostage negotiations and how to keep your employees from being kidnapped. This will be a discussion of a really important and very nuanced area that a lot of security managers don’t focus on. The C-suite is going to be involved. If the security directors haven’t thought about this issue, telescoped it, and planned for it, it could be a big problem.”
Voss says that at any given time, two to four U.S. citizens are being held hostage overseas. Most of these kidnappings are not of executives but of mechanics, drivers, or other employees who are not perceived as targets. “The victims are often those who are confident they won’t be kidnapped. They get taken because they get careless.”
Falkenberg explains that many corporations and similar business entities “fail to place sufficient—or any—emphasis on how they will react or respond during a kidnapping emergency.” The issue, however, is one of importance because, he states, “the corporation’s initial response sometimes determines the outcome. And we’re not talking about the loss of a pallet of widgets. We’re talking about someone’s life or death.”
Unfortunately for most businesses caught up in a kidnapping, “almost every kidnapping-response security entity that is doing business today was set up on a model created prior to 2000,” states Voss.
Before that time, the Foreign Corrupt Practices Act (FCPA) of 1977 made it unlawful for certain classes of persons and entities to make payments to foreign government officials to assist in obtaining or retaining business, but it wasn’t strongly enforced when it came to hostage-related payments. “You can’t pay ransom [without transferring] the money into the country. You can’t do that without the involvement of a local government official. For the longest time, the U.S. government simply looked the other way, because it wasn’t that big of a deal and someone’s life was at stake, but it is no longer inclined to do that,” states Falkenberg.
In 2002, National Security Presidential Directive (NSPD) 12: United States Citizens Taken Hostage Abroad was signed. “In broad strokes, it prohibits U.S. entities from providing support to terrorism. That creates a real problem when terrorists kidnap your employee. You want to pay the ransom, but doing so could entangle you in some meaningful criminal charges,” Falkenberg explains.
“There is a way to [pay the ransom] legally following the guidelines of NSPD 12,” adds Voss, but if a kidnapping-response security provider isn’t following it, then the company can end up violating the law.
“In a crisis, you don’t rise to the occasion, you fall to your highest level of preparation. So it’s a matter of specific preparation for that type of an event with someone who knows what they are doing,” he says. To this end, it is essential that a company’s own legal counsel be familiar with all applicable U.S. laws.
Voss states that another area that must be probed is “what is going to happen to this company based on how we deal with this kidnapping. I think that some people find it almost amoral to consider the legal consequences to the company if an employee’s life is on the line…but it’s legitimate to consider because other people’s livelihoods are at stake based on the decisions made trying to save one person’s life. You can preserve the options for everyone without sacrificing the best interests of the victim. You can look out for the company and the victim at the same time,” he emphasizes.
As the highlights from only four of the 180-plus sessions to be found at the ASIS 56th Annual Seminar and Exhibits show, there’s much to be learned from a trip to Dallas this year. To find out more and to register, visit the Society’s Web site,www.asisonline.org.
Ann Longmore-Etheridge is an associate editor of Security Management and editor of ASIS Dynamics.