Information Blog

Monday, June 29, 2026

Chatrie v. United States: Implications for Law Enforcement

Core holding and immediate implications

In Chatrie v. United States (2026), the Supreme Court held that police officers conduct a Fourth Amendment “search” when they obtain detailed cell‑phone location data, such as Google’s Location History, via geofence warrants, because individuals have a reasonable expectation of privacy in records of their physical movements even if those records are held by a third‑party company (Kagan, 2026; The Guardian, 2026). The Court concluded that this applies even when the time window is short and the data is obtained from a technology provider, and remanded for the Fourth Circuit to evaluate whether the particular geofence warrant at issue was reasonable in terms of probable cause and particularity and how the good‑faith exception to the exclusionary rule applies (Kagan, 2026; Justia, 2024).

Practically, this means that law enforcement must treat geofence‑based access to smartphone location data as a constitutionally significant search, with warrant requirements and exceptions similar to those recognized in Carpenter v. United States for cell‑site location information (Kagan, 2026; Paul, Weiss, Rifkind, Wharton & Garrison LLP, 2026).

Ramifications for police and law enforcement practices

Geofence warrants as high‑scrutiny tools

Geofence warrants compel a provider like Google to disclose location data for every device estimated to be within a defined geographic area during a specified time frame, typically through a multi‑step process that begins with anonymized device data and proceeds to disclosure of subscriber identities (Kagan, 2026; American Civil Liberties Union, 2026; Paul, Weiss, Rifkind, Wharton & Garrison LLP, 2026). The Court’s opinion emphasizes the breadth of such warrants and their potential to resemble “general warrants,” particularly when they encompass residences, churches, schools, and hospitals within the radius (Kagan, 2026; American Civil Liberties Union, 2026).

For police practice, this implies:

Agencies will need to narrow the geographic scope, time window, and criteria for device selection at each step of a geofence warrant to withstand probable‑cause and particularity scrutiny (Kagan, 2026).
Internal review by legal advisors or prosecutors before seeking geofence warrants will likely become standard to reduce the risk of suppression and civil liability (Paul, Weiss, Rifkind, Wharton & Garrison LLP, 2026).

Limits on short‑term and “targeted” location requests

The government had argued that accessing two hours of Location History data around a crime scene should be treated differently from long‑term tracking; the Court rejected this distinction, observing that even short‑term monitoring can reveal highly sensitive movements, such as visits to medical, legal, or political locations (Kagan, 2026). The opinion also states that Fourth Amendment protections do not hinge on the quantity of information obtained once the category of information is protected, and that the ability to select limited time slices from a comprehensive database does not diminish the constitutional intrusion (Kagan, 2026).

Consequently, law enforcement cannot justify bypassing warrant requirements solely by limiting the duration of location data requested, and must be prepared to show probable cause and necessity even for relatively narrow time windows (Kagan, 2026; The Guardian, 2026).

Restriction of the traditional third‑party doctrine

The Court explicitly declines to apply the traditional third‑party doctrine from United States v. Miller and Smith v. Maryland to Location History data, echoing its earlier approach in Carpenter (Kagan, 2026). It reasoned that location records are “qualitatively different,” uniquely revealing, and not truly “voluntarily shared” in the conventional sense, because modern smartphone use and repeated prompts to enable Location History make the generation of such data a pervasive feature of daily life rather than a discrete business transaction (Kagan, 2026; Paul, Weiss, Rifkind, Wharton & Garrison LLP, 2026).

For police practice, this indicates that subpoena‑like tools directed to providers for historical smartphone location data will generally be constitutionally inadequate absent a warrant, and agencies must distinguish carefully between traditional business records and digital diaries of movement (Kagan, 2026; American Civil Liberties Union, 2026).

Multi‑step digital warrants and judicial oversight

The geofence warrant in Chatrie used a three‑stage process: (1) anonymized data for all devices in the geofence during the one‑hour window; (2) extended movement data inside and outside the geofence for selected devices; and (3) disclosure of identifying information for a further subset of devices (Kagan, 2026; Justia, 2024). Justice Jackson’s concurrence stresses that steps two and three were not subject to detailed judicial standards in the warrant and allowed officers to broaden the search and de‑anonymize users without additional judicial findings of probable cause, which she characterizes as granting a “roving commission” inconsistent with warrant requirements (Jackson, 2026).

Police departments will therefore need to ensure that:

Warrants explicitly define the criteria for narrowing devices at each stage and the basis for moving from anonymized data to identifying information (Kagan, 2026; Jackson, 2026).
Magistrates, not officers alone, determine the scope and sequence of data access, potentially by requiring new or amended warrants for subsequent stages in complex digital searches (Jackson, 2026).

Exigent circumstances and recognized exceptions

The Court notes that its holding does not foreclose warrantless access to location data in true emergencies, consistent with existing exigent‑circumstances doctrine (Kagan, 2026). However, the opinion suggests that such situations must involve compelling needs of law enforcement and be narrowly tailored to the emergency at hand, which implies that routine investigations will rarely qualify (Kagan, 2026; American Civil Liberties Union, 2026).

Ramifications for prosecutions and criminal cases

Suppression litigation and the good‑faith exception

In the underlying federal case, the district court and the Fourth Circuit both upheld admission of the geofence‑derived evidence based on the good‑faith exception, even while expressing serious concerns about the warrant’s breadth and constitutional validity (United States v. Chatrie, 2024; American Civil Liberties Union, 2026). Justice Alito’s dissent in the Supreme Court emphasizes that many past cases involving geofence warrants are likely to survive suppression challenges because officers relied on warrants in an unsettled legal environment (Alito, 2026).

For prosecutors, this means:

Past convictions based on similar geofence warrants will likely be defended by arguing that officers acted in objective reliance on judicially issued warrants and pre‑Chatrie case law (United States v. Chatrie, 2024; Alito, 2026).
New investigations after Chatrie will face tighter standards; the ability to invoke good‑faith will weaken over time as the constitutional limits become settled and widely known (Alito, 2026).

Strategic use of location evidence

Because the Court describes Location History as akin to a personal journal—similar to emails, documents, photos, and calendars stored in the cloud—such evidence will attract strong privacy‑based challenges and may be perceived by juries as intrusive surveillance (Kagan, 2026; American Civil Liberties Union, 2026). Prosecutors may respond by using geofence‑derived information primarily to generate leads and corroborate other evidence, rather than as the sole or central proof of identity or guilt (Paul, Weiss, Rifkind, Wharton & Garrison LLP, 2026).

Broader implications for policing and surveillance

Shift away from dragnet surveillance techniques

The Court’s reasoning, along with advocacy from organizations such as the ACLU and EFF, signals skepticism toward investigatory methods that start with an area and time and then identify potential suspects from the entire population present, rather than focusing on specific individuals for whom probable cause already exists (American Civil Liberties Union, 2026; Electronic Frontier Foundation, 2026). This has implications not only for geofence warrants but for other “reverse” techniques, such as reverse keyword searches and broad social‑media data pulls.

Law enforcement agencies are likely to:

Emphasize suspect‑specific investigative methods and use reverse‑location or reverse‑keyword tools only when narrowly tailored and backed by strong justifications that can satisfy courts under Chatrie’s framework (Paul, Weiss, Rifkind, Wharton & Garrison LLP, 2026).
Develop minimization procedures to discard information about non‑suspects quickly after initial screening whenever reverse‑search methods are used (American Civil Liberties Union, 2026).

Data architecture and provider practices

Google has indicated in its Supreme Court filings and public statements that, as of mid‑2025, it moved Location History storage from centralized servers to user devices and no longer maintains data in a form that would allow responding to geofence warrants for Location History (Kagan, 2026; Bloomberg Law, 2026). Commentary notes that other technology and telecommunications companies may consider similar approaches, such as on‑device storage and shorter retention periods, to reduce exposure to broad law‑enforcement demands and privacy criticism (Paul, Weiss, Rifkind, Wharton & Garrison LLP, 2026).

This evolution will force police and prosecutors to:

Rely more heavily on carrier‑held cell‑site data (still governed by Carpenter) and on traditional device searches, rather than cloud‑based geofences (Kagan, 2026; Bloomberg Law, 2026).
Maintain ongoing dialogue with provider legal and compliance teams to understand what data exists, how it is stored, and what legal processes can realistically reach it (Paul, Weiss, Rifkind, Wharton & Garrison LLP, 2026).

References

American Civil Liberties Union. (2026, March 4). United States v. Chatrie. ACLU. https://www.aclu.org/cases/united-states-v-chatrie

Alito, S. A. (2026). Dissenting opinion in Chatrie v. United States, 609 U.S. ___ (No. 25‑112). (Included in slip opinion PDF attached by the Court Reporter.)

Bloomberg Law. (2026, April 26). Supreme Court weighs warrants tied to phone location data. Bloomberg Law. https://news.bloomberglaw.com/us-law-week/justices-weigh-legality-of-warrants-tied-to-phone-location-data

Electronic Frontier Foundation. (2026, March 2). Brief of Amicus Curiae Electronic Frontier Foundation in support of petitioner, Chatrie v. United States (No. 25‑112). Electronic Frontier Foundation. https://www.eff.org/files/2026/03/02/chatrie-v-us-eff-scotus-brief.pdf

Jackson, K. B. (2026). Concurring opinion in Chatrie v. United States, 609 U.S. ___ (No. 25‑112). (Included in slip opinion PDF attached by the Court Reporter.)

Justia. (2024, July 8). United States v. Chatrie, No. 22‑4489 (4th Cir. 2024). Justia. https://law.justia.com/cases/federal/appellate-courts/ca4/22-4489/22-4489-2024-07-09.html

Kagan, E. (2026). Opinion of the Court in Chatrie v. United States, 609 U.S. ___ (No. 25‑112). (Slip opinion, October Term 2025, as provided in 25‑112_0am4.pdf.)

Paul, Weiss, Rifkind, Wharton & Garrison LLP. (2026, February 2). Supreme Court to address constitutionality of geofence warrants for the first time. Paul, Weiss Publications. https://www.paulweiss.com/insights/client-memos/supreme-court-to-address-constitutionality-of-geofence-warrants-for-the-first-time

The Guardian. (2026, June 29). US supreme court rules geofence warrants require constitutional privacy protections. The Guardian. https://www.theguardian.com/us-news/2026/jun/29/supreme-court-geofence-warrants-case-decision

United States v. Chatrie, 590 F. Supp. 3d 901 (E.D. Va. 2022). (District court decision discussing geofence warrant, Fourth Amendment, and good‑faith exception.)

Perplexity AI. (2026). Perplexity AI system documentation and capabilities (GPT‑5.1). Perplexity AI. https://www.perplexity.ai (general product and system information page).

Use of Artificial Intelligence (Perplexity AI)

Artificial Intelligence, specifically Perplexity AI (powered by GPT‑5.1), was used to assist in assembling, synthesizing, and summarizing the information above. The AI system accessed, read, and integrated content from the official Supreme Court opinion in Chatrie v. United States, lower‑court decisions, and reputable secondary analyses (news, advocacy organizations, and law‑firm commentaries). The final text was then structured to conform to APA‑style in‑text citations and references.

Sunday, June 28, 2026

IoT and Stolen Cars: Thieves May Use Tech to Grab Your Ride

The 10 Most Stolen Vehicles in America in 2025

Vehicle theft declined in the United States in 2025, but several models remained frequent targets because of their popularity, availability, and persistent appeal to thieves (National Insurance Crime Bureau [NICB], 2025; Car and Driver, 2026). According to NICB data, the most stolen vehicle in America in 2025 was the Hyundai Elantra, followed by the Honda Accord and the Hyundai Sonata (NICB, 2025; Car and Driver, 2026).
Ranked Vehicles

The 10 most stolen vehicles in America in 2025 were the following:

Hyundai Elantra (21,732)
Honda Accord (17,797)
Hyundai Sonata (17,687)
Chevrolet Silverado 1500 (16,764)Honda Civic (12,725)
Kia Optima (11,521)
Ford F-150 (10,102)
Toyota Camry (9,833)
Honda CR-V (9,809)
Nissan Altima (8,445)

Theft Trends

NICB reported that U.S. vehicle thefts experienced a decline in 2025, yet the same report still identified specific models that were stolen far more often than others. NICB specifically stated that the Hyundai Elantra remained the most stolen vehicle model in 2025 with 21,732 thefts, followed by the Honda Accord with 17,797 thefts and the Hyundai Sonata with 17,687 thefts (NICB, 2025).

Car and Driver’s report on the NICB figures confirms the same ranking and shows that the list included a mix of sedans, pickups, and one SUV, suggesting that theft risk in 2025 was not limited to one body style or market segment (Car and Driver, 2026). The presence of the Chevrolet Silverado 1500 and Ford F-150 on the same list as the Honda Civic, Toyota Camry, and Nissan Altima shows that both high-volume passenger cars and high-demand trucks remained attractive targets (Car and Driver, 2026).

Internet of Things

Modern connected vehicles increasingly function like Internet of Things systems because they rely on wireless connectivity, cloud services, software-driven features, and communication between in-vehicle components and outside networks (Trend Micro, 2021). Trend Micro explains that connected cars use technologies such as 5G, cloud-connected applications, over-the-air updates, and vehicle-to-network communication, all of which expand what vehicles can do while also increasing cybersecurity exposure (Trend Micro, 2021).

Trend Micro also notes that the modern connected car is becoming similar to a “smartphone-on-wheels,” with applications communicating through middleware, gateway electronic control units, and cloud services. These systems can introduce risks such as denial-of-service attacks, man-in-the-middle attacks, hijacking of services, data privacy issues, authentication and management issues, incorrect data, and misconfiguration problems (Trend Micro, 2021). As the costs and resale values for car computers, collision avoidance systems, and other tech devices increase, thieves now also disassemble vehicles to steal those items.

Radio frequency interception and transmission devices are sometimes used to capture the codes transmitted by key fobs on some vehicles. The codes are then used to reprogram devices that the thieves emply to unlock, start, and steal a vehicle.

This means connected technology can create additional pathways that thieves or cybercriminals may try to exploit. If remote services, app connections, or cloud-linked vehicle functions are not properly secured, the same connectivity designed for convenience may also increase opportunities for unauthorized access or interference (Trend Micro, 2021).

Prevention Methods

NICB advises vehicle owners to use layered theft-prevention practices rather than relying on a single measure. Its prevention guidance recommends removing keys or fobs from the vehicle, locking doors and windows, parking in well-lit areas, and using anti-theft technology such as steering wheel locks, audible alarms, and aftermarket tracking devices (NICB, n.d.).

These recommendations support the use of steering wheel locking devices, alarm systems, and location-tracking tools as practical deterrents. They also fit well with additional protective measures such as ignition kill switches or fuel-system shutoff devices, which are commonly used to make a stolen vehicle harder to start or move, although the verified NICB source specifically highlights locks, alarms, and tracking devices rather than detailing those other devices individually (NICB, n.d.).

For connected vehicles, owners must recognize that digital security matters alongside physical security. Because connected cars increasingly depend on cloud services, APIs, and networked vehicle systems, keeping manufacturer software current and treating app-based vehicle access cautiously are sensible precautions consistent with the risks described by Trend Micro (Trend Micro, 2021).

References

Car and Driver. (2026, March 23). What cars were stolen most last year? The top 10 may surprise you. https://www.caranddriver.com/news/a70833130/top-10-most-stolen-cars-2025/

National Insurance Crime Bureau. (2025). U.S. vehicle thefts experience historic decline. https://www.nicb.org/news/news-releases/us-vehicle-thefts-experience-historic-decline

National Insurance Crime Bureau. (n.d.). Prevent vehicle theft. https://www.nicb.org/prevent-vehicle-theft

Trend Micro. (2021, February 15). Connected cars, 5G, the cloud: Opportunities and risks. https://www.trendmicro.com/en_us/research/21/b/connected-cars-5g-the-cloud-opportunities-and-risks.html

Wednesday, June 24, 2026

IoT Internet of Things: Checklist for First Responders and Investigators

1. Initial safety and legal checks

Confirm scene safety (weapons, hazards, live electricity, gas, fire, chemical risks). interpol
Verify legal authority: warrant, consent, exigent circumstances; note any device that may be altering or deleting data in real time (e.g., cameras, cloud‑connected devices). ojp
Limit unnecessary handling of electronic/IoT devices until guidance from a digital evidence specialist is obtained. nij.ojp

2. Global scan for IoT indicators

Look for network infrastructure: wireless routers, mesh nodes, range extenders, cellular hotspots, powerline network adapters. swgde
Identify hubs and bridges: smart home hubs (e.g., branded home automation boxes), Zigbee/Z‑Wave hubs, security system control panels, smart TV boxes, game consoles. ojp
Note voice assistants and smart speakers: cylindrical or puck‑shaped devices with microphones and LEDs, often near kitchens, living rooms, bedrooms, or offices. nij.ojp

3. Exterior and perimeter (near the scene)

Survey exterior for cameras: doorbell cameras, floodlight cameras, bullet/dome cameras under eaves, in trees, or on fences; check neighboring properties with line‑of‑sight. swgde
Look for vehicle‑related IoT: connected vehicles, aftermarket GPS trackers under bumpers/dash, OBD‑II plug‑in devices, dashcams, telematics boxes in fleet or rental vehicles. interpol
Note infrastructure and environmental sensors: smart meters, irrigation controllers, connected thermostats on exterior walls, access control panels, smart locks and gates. ojp

4. Interior premises – obvious IoT

Smart TVs and streaming boxes: TVs with network ports or Wi‑Fi, streaming sticks/boxes near HDMI ports or power outlets. nij.ojp
Security and automation: alarm keypads, wireless motion sensors, door/window sensors, glass‑break sensors, smart locks, garage door openers, smart light switches and bulbs. swgde
Voice/video devices: smart displays, nanny cams, baby monitors, intercoms, talking toys, pet cams or feeders that connect via Wi‑Fi. nij.ojp

5. Interior premises – less obvious IoT

Household appliances: smart refrigerators, ovens, microwaves, washing machines, dryers, robotic vacuums, smart air purifiers, connected HVAC thermostats and vents. swgde
Health and fitness IoT: smart scales, connected blood pressure cuffs, glucometers, pulse oximeters, pill dispensers, CPAP/BiPAP machines with Wi‑Fi/cellular modules. interpol
Other embedded devices: smart plugs, power strips, light strips, smart picture frames, connected coffee makers, smart blinds/curtain controllers. nij.ojp

6. On the victim and suspect – body‑worn IoT

Wearables: smartwatches, fitness bands, smart rings, body‑worn GPS trackers, health monitoring patches or pendants. interpol
Medical devices (if present and safe to handle): insulin pumps, neurostimulators, cardiac devices with companion hubs, fall‑detection pendants; coordinate with medical personnel before seizure. interpol
Clothing and accessories: Bluetooth‑enabled headphones, smart glasses, smart helmets, connected work gear, key fobs for vehicles with telematics apps. swgde

7. Personal devices that control IoT

Smartphones and tablets: these often serve as the main controller for home or vehicle IoT; identify all phones and tablets in the environment. ojp
Laptops and computers: desktops, laptops, mini‑PCs, and NAS devices that may run automation software or store logs/video from IoT devices. nij.ojp
Remote controls and dedicated controllers: proprietary handheld controllers for drones, alarm systems, garage doors, home automation, and industrial equipment. interpol

8. Network and connectivity information to document

Network identifiers: SSID names seen on labels of routers, mesh nodes, or written on notes; any visible default passwords or QR codes for Wi‑Fi setup. swgde
Hardware identifiers: photograph and record make, model, serial number, and MAC address for routers, hubs, cameras, and other IoT devices. ojp
Connectivity types: note whether devices use Wi‑Fi, Ethernet, cellular, Bluetooth, Zigbee, Z‑Wave, LoRa, or proprietary RF; photograph any external antennas or gateway boxes. interpol

9. Quick documentation at the scene

Overall scene: wide photographs and video showing locations of IoT devices relative to key areas (entry points, victim, suspect, evidence). nij.ojp
Device close‑ups: power state, status lights, display screens, connected cables, network labels, ports, and any visible notifications or alerts. ojp
Configuration clues: screenshots or photos of posted passwords, QR codes, written router settings, printed user manuals, or quick‑start guides left near devices. swgde

10. Handling and seizure considerations (high‑level)

Do not power off or disconnect IoT devices until consulting with a digital forensics point of contact, unless necessary for safety (fire, shock, life‑threatening risk). crime-scene-investigator
Preserve volatile data when authorized and trained personnel are available: consider photographing live screens and indicators before any power change. interpol
Package IoT devices carefully: label power supplies, cables, and associated controllers; avoid stacking items that may damage small sensors or alter switches. crime-scene-investigator

11. Questions first responders should answer for investigators

What IoT‑capable devices are present, where are they located, and who appears to control or own them (victim, suspect, third party, business)? nij.ojp
What networks are visible (names, apparent ISP, presence of guest networks, visible extenders or hotspots)? ojp
Are there neighboring or third‑party devices (next‑door cameras, commercial systems, vehicle telematics, employer‑owned devices) that might capture relevant data or logs? swgde

12. Information to capture for follow‑up subpoenas/warrants

Account‑level info: usernames, email addresses, phone numbers, and service provider names visible in device interfaces or paperwork. interpol
Service providers: identify cloud platforms (e.g., camera, home automation, health, or vehicle OEM services) linked to devices and note any visible subscription info. nij.ojp
Time references: capture any device timestamps, time‑zone settings, or indications of last sync/last activity visible on screens at the scene. ojp

Monday, June 22, 2026

Technology in Public Administration and Justice Studies

OECD: ‘institutional incoherence’ undermining digital ambitions

The Organisation for Economic Co-operation and Development (OECD) Digital Government Outlook report finds that governments have made progress in building digital capabilities, but a gap remains between ambition and actual performance. The core issue is “institutional incoherence,” meaning digital initiatives exist but are not well connected, coordinated, or reinforced across government systems.

The Five Key Challenges

The report highlights five challenges that explain why progress stalls:

Data systems that cannot be shared: Weak data foundations and poor interoperability prevent effective data reuse across agencies.
Infrastructure that is built but not adopted: Governments invest in digital platforms that are underused due to fragmentation or lack of integration.
Investments that are approved but not evaluated: Funding decisions are made, but follow-through, performance tracking, and adaptability are weak.
AI that is deployed but not governed: AI adoption is widespread, but governance (risk assessment, audits, oversight) is inconsistent and underdeveloped.
Services that are designed but not connected: Digital services exist but are not integrated into seamless, user-centered systems.

A common thread across all five is lack of coordination—individual components exist, but they do not work together effectively.

Other Important Findings

Data strategy gaps: While 94% of countries have data strategies, many function as policy statements rather than operational tools. Data quality and long-term, cross-border planning remain weak.
AI governance imbalance: Governments often have “guardrails” (rules) but lack “enablers” (tools and infrastructure), which slows innovation and adoption in high-impact areas like policymaking.
Digital identity unevenness: Most countries have governance structures, but adoption and integration vary widely. Trust, usability, and inclusion remain barriers.
Skills shortage: Only 17% of countries have a dedicated digital skills strategy for public servants, limiting the ability to execute digital transformation.
Investment rigidity: Governments struggle with inflexible funding, weak evaluation mechanisms, and procurement systems not suited to modern digital development.

Bottom Line

The OECD’s central message is that digital transformation is no longer about building new tools—it is about making systems work together coherently. Without this alignment, even well-funded and well-designed initiatives will underperform.

Implications

For justice systems and public administration, these findings carry particular weight. Fragmented data, disconnected services, and weak interoperability can directly affect access to justice, case management, law enforcement, and public trust. Digital transformation in these sectors must prioritize integration, accountability, and user-centered design—not just technology deployment.

Reference

Aldane, Jack. (6, June 2026). OECD: ‘institutional incoherence’ undermining digital ambitions https://www.globalgovernmentforum.com/oecd-warns-institutional-incoherence-undermining-members-digital-ambitions/

Infographic by Perplexity AI

IoT: Growth and Projections

IoT crossed the trillion‑dollar threshold:

Recent analyses value the IoT industry at 1.3 trillion dollars in 2026, with 20–25 billion connected devices worldwide. One research firm projects the dedicated IoT market segment growing from about 547 billion dollars in 2025 to around 865 billion dollars by 2030.

Device counts are rising steadily: there were about 16.6 billion connected IoT devices at the end of 2023, growing to an estimated 18.8 billion by the end of 2024 and around 21.1 billion by the end of 2025, with forecasts of roughly 39 billion devices by 2030. In industrial and infrastructure settings, IoT is expected to contribute up to 14.2 trillion dollars to the global economy by 2030.

Sources:
https://iot-analytics.com/number-connected-iot-devices/
https://fabrity.com/blog/industrial-internet-of-things-iot-trends-for-2026/

Infographic from Notebook LM Google

Infographic from Perplexity AI

=-=-=-=-=-=

https://kardasz.blogspot.com/2026/06/iot-growth-and-projections.html

Wednesday, June 03, 2026

AI: Executive Order: Promoting Advanced Artificial Intelligence Innovation and Security

The June 2026 executive order on “Promoting Advanced Artificial Intelligence Innovation and Security” doubles down on AI‑enabled cyber defense while signaling that existing criminal statutes will be used against AI‑enabled cybercrime. For law enforcement and digital forensics, it turns AI into both a critical investigative tool and a clearly identified aggravating factor in computer crime prosecutions. whitehouse

Why this matters for policing and forensics

The order frames AI as a strategic asset that must be protected through stronger cyber defenses rather than broad new AI‑specific criminal statutes. connectontech.bakermckenzie
Instead of creating new AI crimes, it directs DOJ to treat AI as a means or modality—prioritizing enforcement of existing laws when AI is used to breach systems, steal data, or facilitate other offenses. whitehouse
This approach preserves doctrinal continuity for prosecutors and courts while still addressing AI‑enabled intrusion, fraud, and data exfiltration scenarios. lawfaremedia

Upgrading systems: more digital evidence, more complex cases

The order requires rapid cyber‑hardening for national security, defense, and civilian systems and pushes agencies to deploy AI‑enabled defensive tools at scale. bankingjournal.aba
CISA is instructed to issue Binding Operational Directives and guidance to accelerate protection of civilian federal systems and to expand programs that make AI‑powered cybersecurity tools available to agencies, state and local governments, and critical infrastructure operators. bankingjournal.aba
For investigators, that means: more pervasive logging, anomaly‑detection telemetry, and machine‑generated alerts that become discoverable evidence in intrusion, fraud, and insider‑threat cases. exterro

Practical implications for digital forensics:

Expect more cases where the key artifacts include model‑generated alerts, AI‑driven risk scores, and automated incident‑response decisions—each of which may need to be interpreted and explained in reports and testimony. europol.europa
AI‑assisted intrusion‑detection systems will increasingly shape timelines (first detection, escalation, containment), which must be carefully preserved and correlated with traditional host and network logs. marymount

AI cybersecurity clearinghouse: a new intelligence feed

The Treasury Department, working with NSA and CISA, is directed to establish an “AI cybersecurity clearinghouse” in voluntary collaboration with the private sector and critical infrastructure operators. airia
This clearinghouse will coordinate vulnerability scanning, vulnerability validation, remediation prioritization, and patch distribution—using AI to scale detection and response. connectontech.bakermckenzie

For law enforcement and forensics:

Shared vulnerability intelligence and patching timelines will strengthen attributions around “known exploited vulnerabilities,” which can be important in proving negligence, willful blindness, or deliberate exploitation of disclosed flaws. hstoday
Coordinated AI‑driven scanning and remediation produce standardized logs and artifacts, which can improve cross‑case pattern analysis and make it easier to link intrusions that reuse the same techniques, infrastructure, or tooling. exterro

Frontier models and pre‑release access: opportunities and risks

The order instructs Treasury, the Department of War (via NSA), and DHS (via CISA) to develop a classified benchmarking process that determines when an AI system is a “covered frontier model” based on advanced cyber capabilities. airia
Developers can opt into a voluntary framework where government gets up to 30 days of early access to these high‑risk models under strict cybersecurity, confidentiality, and IP‑protection conditions. whitehouse

From an investigative and forensic perspective:

Pre‑release access to powerful cyber‑capable models gives federal experts an opportunity to understand offensive capabilities before criminals weaponize them, potentially informing proactive threat models, signatures, and training sets for defensive tools. gigazine
If criminals later use these models to automate discovery of vulnerabilities, generate payloads, or script lateral movement, law enforcement may be able to draw on government test data and red‑team findings when building expert testimony on foreseeability and risk. gigazine
Because the framework is explicitly voluntary and the order rejects any mandatory licensing or preclearance regime, law enforcement should assume some highly capable models will remain opaque, increasing the value of independent forensic reverse‑engineering and open‑source intelligence. axios

DOJ enforcement focus: AI as an aggravating factor

Section 4 directs the Attorney General to prioritize enforcement of 18 U.S.C. 1028 (identity documents and related fraud), 18 U.S.C. 1030 (Computer Fraud and Abuse Act), 18 U.S.C. 1343 (wire fraud), and other applicable federal laws against anyone who uses AI to illegally access or damage a computer, or who uses AI while engaged in such illegal access to further any other crime. lawfaremedia
The order explicitly covers breaches of public or private systems and the use of AI “agents” to unlawfully access data or information that is then used for criminal purposes. aha

Implications for prosecutors and digital forensics:

AI‑assisted activity (for example, using an LLM to generate exploit code or an agent to automate scanning and lateral movement) is now clearly within the enforcement crosshairs, even though the underlying charges are traditional CFAA, fraud, and identity‑crime counts. lawfaremedia
Forensic reports that can distinguish between human‑authored and model‑generated scripts or communications—based on artifacts like API call logs, prompt histories, or distinctive code patterns—will become important in showing the role AI played in scale, sophistication, or concealment of the offense. marymount
Demonstrating that a suspect deployed AI to industrialize attacks (e.g., mass credential‑stuffing, automated spear‑phishing, or high‑volume scanning) may help DOJ argue for higher culpability, upward departures, or leadership enhancements at sentencing. counciloncj

Evidence, chain of custody, and explainability

As agencies deploy AI‑enabled defensive tools, more “evidence” will originate as model outputs: anomaly scores, automated risk classifications, and suggested response actions. exterro
For digital forensic practitioners, this raises questions about validation, reproducibility, and explainability of AI‑driven detections used to justify warrants, arrests, or prosecutions. facebook

Key points:

You will increasingly need to document not only what a system recorded, but also how its embedded models were configured at the time: model version, training/finetuning status, confidence thresholds, and any custom rules layered on top. marymount
Chain of custody should explicitly include configuration snapshots of AI‑based tools, since model updates or retraining could change outputs later and undermine reproducibility of forensic claims. europol.europa
When AI tools are used inside the lab (e.g., for triage, pattern detection, or media analysis), logs of prompts, parameters, and outputs should be preserved as part of the forensic record to allow peer review and cross‑examination. exterro

State and local implications

The order explicitly calls out support for critical infrastructure such as community banks, rural hospitals, and local utilities, and directs agencies to facilitate access to AI‑enabled defensive tools for these entities. bankingjournal.aba
For state, local, and tribal law enforcement, that means more investigations where small agencies face sophisticated, AI‑enabled intrusions into local critical infrastructure, but also more access to federal tools, threat intelligence, and training. hstoday

Digital forensics impact at the local level:

Local cases (e.g., ransomware at a rural hospital or compromise of a small city’s SCADA network) are more likely to involve federal–local joint investigations, coordinated incident response, and shared evidence derived from federally provided AI‑security platforms. papers.govtech
Harmonizing policies on log retention, evidence export, and privacy across federal and local systems will be increasingly important to avoid losing critical AI‑generated indicators in the gap between IT operations and criminal investigations. papers.govtech

What this means for your work

For law enforcement and digital forensics professionals, this order:

Confirms that AI‑enabled intrusions and fraud will be prioritized for prosecution under existing federal laws, not a new AI‑criminal code. whitehouse
Signals a sharp increase in AI‑generated security telemetry, alerts, and reports that must be preserved, validated, and explained as evidence. bankingjournal.aba
Creates a new federal interface with frontier AI developers that can feed threat intelligence and expert knowledge into complex investigations involving advanced AI tools. airia
Raises the bar on forensic methodology, requiring explicit consideration of how AI models used in both crime and defense affect the reliability, interpretability, and admissibility of digital evidence. facebook

Monday, June 01, 2026

IoT: CISA Infographic - Communities Risks & Mitigations

Below are two informative info-graphics from the Cybersecurity and Infrastructure Security Agency (CISA). They depict the IoT risk landscape and IoT device data flow.

https://www.cisa.gov/sites/default/files/2024-12/PDM24069_CCI_IoT_Device_Risk_and_Mitigation_Infographic_Final_508.pdf

IoT Devices: A Growing Security Challenge

Internet of Things (IoT) devices are central to how organizations deliver services and manage infrastructure. As devices proliferate, they expand the digital attack surface.

Data from Verizon’s 2024 Mobile Security Index report indicates that 70% of public sector respondents said their organization had experienced a security incident involving a mobile or IoT device (Verizon, 2024). These endpoints are no longer peripheral risks—they are often at the center of modern cyber incidents.

Even organizations that have not yet experienced a known incident face serious challenges managing their IoT systems. Devices are frequently deployed across departments and facilities, added rapidly to support new initiatives, and not always inventoried or governed by consistent security standards. The result is classic “device sprawl”: too many devices, in too many places, with too little centralized visibility. For the public sector, where systems often support critical services, this sprawl can translate directly into operational and safety risks.

To respond, users need to treat mobile and IoT security as a core element of their cybersecurity posture. That means maintaining asset inventories, enforcing configuration baselines, segmenting networks to limit blast radius, and integrating mobile/IoT telemetry into existing monitoring and incident response workflows. With attacks increasingly targeting these devices, proactive governance can be the difference between a contained incident and a larger crisis.

Reference

Verizon. (2024). 2024 Mobile Security Index (MSI). Verizon.

Sunday, May 17, 2026

IoT: Cyberthreats to Automatic Tank Gauge (ATG) Systems

Automatic tank gauge (ATG) systems are a cybersecurity concern because they are often internet-connected industrial control systems that monitor fuel storage, leak detection, and tank inventory at gas stations and other critical facilities (BitSight, 2024; Dutch Institute for Vulnerability Disclosure [DIVD], 2025). Reporting in 2026 indicates that attackers have actively targeted exposed ATG systems in the United States, reinforcing long-standing warnings from researchers that these devices can be manipulated when they are placed online without adequate access controls (Energy Marketers of America, 2026; In Food & Fuel, 2026).

What is an Automatic Tank Gauge (ATG)?

An automatic tank gauge is an electronic monitoring system used to measure fuel levels, detect leaks, and support inventory management in underground or aboveground fuel storage systems (U.S. Environmental Protection Agency [EPA], n.d.; DIVD, 2025). In practice, ATGs help operators track tank conditions and support release detection obligations that are part of underground storage tank compliance and environmental protection programs (EPA, n.d.).

Who Controls ATGs?

ATGs are generally controlled by the owners and operators of fuel storage systems, such as gas stations, convenience stores, fuel distributors, and operators of facilities that store petroleum or hazardous substances (EPA, n.d.). State, territorial, tribal, and federal regulators do not typically operate the devices directly, but they regulate the broader underground storage tank environment and compliance expectations surrounding release detection and environmental protection (EPA, n.d.). Vendors, service contractors, and remote monitoring providers may also play a role when they install, configure, maintain, or remotely access the systems (DIVD, 2025; Veeder-Root, 2024).

How Many ATGs Are There in the United States?

A precise national count of ATG devices in the United States is uncertain. The EPA states that approximately 542,000 underground storage tanks nationwide store petroleum or hazardous substances, but that figure refers to tanks rather than ATG units, and one facility may have multiple tanks while not every tank count translates directly into a one-to-one ATG count (EPA, n.d.). The closest verifiable contextual figure is the EPA’s estimate of approximately 542,000 underground storage tanks in the United States (EPA, n.d.).

What Are the Vulnerabilities of ATGs?

The clearest recurring vulnerability is direct exposure of ATG interfaces to the public internet without proper authentication or network isolation (DIVD, 2025; BitSight, 2024). DIVD reported that exposed systems from multiple manufacturers, especially certain Veeder-Root models, could be accessed through serial interfaces commonly reachable on TCP port 10001, allowing unauthorized parties to view fuel levels, change tank labels, alter alarm thresholds, and modify monitoring parameters (DIVD, 2025). BitSight reported multiple critical vulnerabilities across six ATG systems from five vendors and warned that internet-exposed ATGs remain attractive targets for sabotage and cyberwarfare scenarios (BitSight, 2024).

Other weaknesses include poor password practices, insecure remote connectivity, weak segmentation between operational technology and business networks, and overreliance on remote polling designs that require open network paths into the ATG environment (DIVD, 2025; PAS, 2025). Veeder-Root’s guidance also emphasizes controls such as firewalls, access restrictions, and secure remote connectivity, which indirectly confirms that misconfiguration and unnecessary exposure are central risk factors (Veeder-Root, 2024).

What Are the Threats to ATGs?

The threat landscape includes unauthorized access, reconnaissance, tampering, denial-of-service activity, and operational disruption (DIVD, 2025). Researchers and industry alerts have described attackers changing passwords, modifying system information, deleting data, and interfering with remote access and fuel operations when gauges are exposed online (In Food & Fuel, 2026; DIVD, 2025). In addition to opportunistic criminal exploitation, researchers have warned that ATGs could be targeted in sabotage or cyberwarfare contexts because they are part of the fuel distribution ecosystem and are present at critical facilities beyond retail gas stations (BitSight, 2024; DIVD, 2025).

What Harm Could Come from a Cyberattack on an ATG?

Potential harm from an ATG cyberattack includes environmental damage, operational shutdowns, business interruption, false inventory readings, disabled alarms, and impaired leak detection (BitSight, 2024; DIVD, 2025). BitSight reported that attackers may be able to change critical parameters such as tank geometry and capacity, disable alarms, and interfere with automatic or manual responses, creating the possibility of fuel leaks, safety incidents, and economic losses (BitSight, 2024). Industry reporting in 2026 also described incidents in which stations could not pump gas until affected devices were reset or restored, showing that even attacks short of physical damage can disrupt daily commerce and fuel availability (In Food & Fuel, 2026).

Who Would Want to Threaten an ATG and Why?

Several categories of adversaries could have an interest in ATG systems. Cybercriminals may target them for disruption, extortion, vandalism, or opportunistic exploitation of poorly secured systems (DIVD, 2025; In Food & Fuel, 2026). Nation-state or state-aligned actors may view ATGs as a soft target within critical infrastructure, particularly because fuel distribution has economic and public safety significance and ATGs are often locally managed rather than defended through a uniform national architecture (BitSight, 2024; CNN, 2026). Hacktivists or malicious insiders could also target ATGs to cause embarrassment, interrupt fuel sales, or manipulate records and alarms for ideological, retaliatory, or personal reasons, although specific motive patterns vary by incident and are not always publicly confirmed (DIVD, 2025).

What Are the Recent Reports of Attacks on ATGs?

Industry and media reporting from 2026 indicates that attacks against ATGs were not merely theoretical. Energy Marketers of America circulated a cybersecurity advisory in April 2026 stating that known cyberattacks were targeting ATGs in Tennessee and that cybercriminals were targeting systems nationwide, including at least 15 affected tanks at one convenience store chain (Energy Marketers of America, 2026). In Food & Fuel reported that the Utah Department of Public Safety had identified 76 vulnerable ATGs in Utah and more than 4,000 across the United States, while also describing confirmed incidents involving unauthorized access to tank and sensor data, false alarms, and deletion of system information (In Food & Fuel, 2026).

Mainstream reporting also linked the 2026 campaign to suspected Iranian actors. CNN reported that U.S. officials believed Iranian hackers had breached fuel tank monitoring systems at gas stations across multiple states by accessing internet-connected ATGs that lacked password protection (Bertrand et al., 2026). Because attribution in fast-moving cyber incidents can evolve, that point should be treated as a reported government assessment rather than a final judicial finding (Bertrand et al., 2026).

What Measures Should Be in Place to Protect ATGs?

The strongest protective measure is to avoid exposing ATGs directly to the public internet (DIVD, 2025; Veeder-Root, 2024). Recommendations include placing ATGs behind properly configured firewalls, using VPN gateways or dedicated hardware interfaces for remote connectivity, applying source IP filtering, and setting passwords on serial ports where the feature is supported (DIVD, 2025; Veeder-Root, 2024). Operators should also audit their network configurations regularly to identify exposed systems, restrict third-party remote access to only what is necessary, and separate ATG environments from broader corporate or payment networks (DIVD, 2025; PAS, 2025).

Additional protective measures include maintaining documented incident response procedures, validating alarm and leak-detection settings, coordinating with qualified service vendors, and promptly applying vendor guidance or security updates when available (DIVD, 2025; Veeder-Root, 2024). Because some ATG risk stems from insecure deployment rather than a single patchable flaw, sound architecture, restricted connectivity, and administrative discipline remain as important as software maintenance (DIVD, 2025).

References

Bertrand, N., Lillis, K. B., & Marquardt, A. (2026, May 15). Iranian hackers have breached fuel tank readers at gas stations across multiple U.S. states, sources say. CNN. https://www.cnn.com/2026/05/15/politics/iran-hackers-tank-readers-gas-stations

BitSight. (2024, September 23). Critical vulnerabilities discovered in automated tank gauge systems. https://www.bitsight.com/blog/critical-vulnerabilities-discovered-automated-tank-gauge-systems

Dutch Institute for Vulnerability Disclosure. (2025, August 25). DIVD-2025-00005 - Exposed automated tank gauge systems. https://csirt.divd.nl/cases/DIVD-2025-00005/

Energy Marketers of America. (2026, April 13). Urgent cybersecurity advisory: Nationwide cyberattacks targeting automatic tank gauges (ATGs). https://www.fueliowa.com/latest-news.cfm/Article/INDUSTRY-NEWS/Urgent-Cybersecurity-Advisory-Nationwide-Cyberattacks-Targeting-Automatic-Tank-Gauges-ATGs/2026-4-14

In Food & Fuel. (2026, April 23). Cybersecurity alert: Automatic tank gauge systems targeted. https://www.infoodandfuel.org/news/cybersecurity-alert-automatic-tank-gauge-systems-targeted

PAS. (2025, April 24). Securing your Veeder-Root ATG: Protecting against vulnerabilities in remote connectivity. https://passtesting.com/news/securing-your-veeder-root-atg-protecting-against-vulnerabilities-in-remote-connectivity

Perplexity AI. (2026). Perplexity AI [Large language model]. https://www.perplexity.ai/

U.S. Environmental Protection Agency. (n.d.). Underground storage tanks (USTs). https://www.epa.gov/ust

Veeder-Root. (2024, August 14). Ensuring automatic tank gauge security compliance. https://www.veeder.com/us/ensuring-automatic-tank-gauge-security-compliance

AI Use Statement

Perplexity AI was employed in the research and development of this information.

=-=-=-=-=-=

Video: https://youtu.be/HbBIadarg60

Sunday, May 03, 2026

AI: Prompts to Prevent AI Hallucinations

Dr. Frank Kardasz, MPA, Ed.D.

May 3, 2026

Here is a guide, ironically mostly AI generated, to prompts researchers can use to help prevent AI from misquoting or fabricating reference sources:

Why AI Misquotes Sources

AI language models generate text by predicting plausible patterns, not by retrieving verified facts. When asked for citations, they produce text that looks like legitimate academic references because they've seen similar patterns during training. This phenomenon — sometimes called "vibe citing" — affects an estimated 17–55% of AI-generated references. Prestigious conferences like NeurIPS 2025 have discovered over 100 hallucinated citations in accepted papers.^[1]^[2]

Category 1: Guardrail Prompts (Forbid Fabrication)

These prompts set hard rules before the AI generates any content:^[3]

· The Non-Invention Constraint:

"You must not generate any citation, reference, or source that is not verifiable. If you cannot find a source for a specific claim, state: 'I could not find a verifiable source for this specific claim.' Never invent a source."

· The Epistemic Accuracy System Prompt:

"You are a fact-conscious assistant. Your core principle is: 'If it is not verifiable, do not claim it.' Do not fabricate data, names, dates, events, studies, or quotes. Do not simulate sources or cite imaginary articles. When unsure, say: 'I don't know' or 'This cannot be confirmed.'"^[4]

· The Boundary Constraint:

"Use only the sources I provide. If the answer isn't there, say: 'I could not find that in my knowledge sources.'"^[5]

Category 2: Source-Grounded Prompts (Anchor AI to Real Text)

The most reliable strategy is to paste the actual source text into the prompt, forcing the AI to work only from what you provide:^[6]

· The Context-Lock Prompt:

"Generate a synthesis based ONLY on these papers: [paste full abstract or text]. Do NOT invent citations. Do NOT cite papers not in this list. Include exact quotes with page numbers."^[1]

· The Verbatim Excerpt Prompt:

"Extract a verbatim excerpt — not a paraphrase — from the text I have pasted below that supports [claim]. If no direct excerpt supports this claim, say so explicitly."^[5]
(Note: Using the word "verbatim" and asking for an "excerpt" rather than a "quote" dramatically improves copy-paste accuracy, as "quote" tends to invite paraphrase.)^[5]

· The RTCF Structured Citation Prompt (Role–Task–Context–Format):

"You are an academic citation specialist [Role]. Generate a complete APA 7th edition citation [Task] for the following source: [paste all known bibliographic details — author, year, title, journal, DOI] [Context]. Output a single reference entry in APA 7th edition format [Format]."^[6]

Category 3: Chain-of-Verification (CoVe) Prompts

This is a four-stage method developed by Meta researchers that forces the AI to self-check its own output independently before finalizing it:^[7]^[8]

1. Stage 1 – Draft: Generate the initial claim or citation.

2. Stage 2 – Plan verification questions: "List the specific questions you would need to answer to verify each claim you just made."

3. Stage 3 – Answer independently: "Now answer each verification question independently, without referencing your earlier response."

4. Stage 4 – Reconcile: "Compare your verification answers to your original draft. Correct any claims that are not fully supported. If a citation cannot be verified, remove it."

A condensed single-prompt version of CoVe is:^[3]

"First, generate the claim. Second, search your knowledge base for the supporting source. Third, compare the claim to the source. Fourth, only if verified, output the claim and citation. If unverified, omit."

Research confirms CoVe decreases hallucinations across list-based, closed-book, and long-form generation tasks.^[8]

Category 4: Cross-Model Fact-Check Prompts

A practical technique is to pipe one AI's output into a second AI for verification:^[9]

"Fact-check the following claim against its cited sources. For each source: (1) Confirm the URL is real and reachable; (2) Determine whether the source directly supports, contradicts, or is unrelated to the claim; (3) Spot any misrepresentation, selective quoting, or omitted context; (4) Give a verdict: well-supported, partially supported, unsupported, or contradicted."^[9]

You can also use a follow-up verification prompt directly with the same AI:^[6]

"For the citation you just gave me, is [Journal Name] a real peer-reviewed journal? What is its ISSN? Can you confirm that DOI [DOI number] leads to the article titled [Article Title]?"

Category 5: Structural Accountability Prompts

These prompts build traceability into the AI's output format:^[10]^[5]

· Chunk-referencing prompt (useful when you provide a document):

"I have numbered my source text in chunks,, … For every claim you make, reference the chunk number you pulled it from in brackets."^[11]^[12]^[9]

· Forced citation format prompt:

"Provide legal/factual statements ONLY with a citation in this format: [Author, Year, Title, DOI/URL, page number]. If you cannot supply all fields, do not include the claim."^[10]

· Confidence-flagging prompt:

"For each claim, label it as: (A) Verified from provided text, (B) From general training knowledge — needs verification, or (C) Uncertain — do not use. Do not present (B) or (C) claims as established facts."^[11]

Quick-Reference Prompt Table

Goal	Prompt Keyword/Technique	Source
Prevent fabricated citations	"Never invent a source" + honesty instruction	^[3]
Lock AI to provided text	Paste source text + "based ONLY on these papers"	^[1]
Force verbatim quotes	Use "verbatim" + ask for "excerpt" not "quote"	^[5]
Self-verification	Chain-of-Verification (CoVe) 4-step prompt	^[8]
Cross-model checking	Pipe output to second AI with fact-check prompt	^[9]
Structural traceability	Numbered chunks + bracket referencing	^[5]
Confidence transparency	Label claims A/B/C by verification status	^[11]
Citation format accuracy	RTCF method (Role, Task, Context, Format)	^[6]

The Non-Negotiable Rule

No prompt fully eliminates the risk. Even with all techniques applied, manual verification against the original source remains mandatory. Tools like Elicit, Consensus, Scite.ai, and Zotero are specifically designed for scholarly citation retrieval and validation and should be used alongside AI writing tools. The architecturally safest approach is Retrieval-Augmented Generation (RAG), which reduces hallucination rates by up to 71% by forcing the AI to generate only from pre-verified, retrieved documents.^[12]^[13]^[2]^[14]^[15]^[9]^[1]