Just that it's a file layout. Or even if you strictly define a file layout as say an ext4, NTFS, or FAT file tree, that revealing the schema is revealing the file layout.
I don't know why they don't want to reveal file layouts, but for whatever reason, they decided it was "per se" exempt regardless of the security implications.
It's obviously not a file format. The same SQL schema can generate N different files, with N different layouts, for N different databases. By the logic you're using ("schema" + "database vendor" = "file format"), a Word document outline is also a file format.
Not quite, and the details get hairier the closer you look. The database in-question here is an IBM system. The database itself is used for government functions, making it FOIA'able, despite it being managed by a third party company. IBM even tried to argue that the schema was trade secret, but the statute isn't straight forward. Here's my (successful) response when they tried:
You mentioned on Thursday over the phone that IBM is not too keen on having its database schema released, and, between IBM and Chicago, is seeking an exemption under 5 ILCS 140/7(1)(g) - an exemption that is only valid if the release of records would cause competitive harm. This email preemptively seeks to address that exemption within the context of this request in the hopes of a speedier release of records. It is FOI's belief that there is little room for the case for the valid use of 5 ILCS 140/7(1)(g) when considering the insignificance of the records in conjunction with the release of past documents:
1. Chicago released CANVAS's technical specification [1] seven years ago. To the extent that the specification's continued publication does not cause competitive harm, it is very unlikely that the release of CANVAS's database schema would cause any harm.
2. The claim that the release of a database schema would cause competitive harm is not unlike suggesting that the release of filing cabinets' labels can cause competitive harm.
Furthermore, in your response, please be mindful that the burden of proving competitive harm rests on the public body [2].
Yep, that was done in the FOIA request related to this lawsuit:
select utc.column_name as colname, uo.object_name as tablename, utc.data_type as type
from user_objects uo
join user_tab_columns utc on uo.object_name = utc.table_name
where uo.object_type = 'TABLE'
Because they know that eventually the data contained in that table is going to be used to support some sort of lawsuit that their parking enforcement activity is biased, and is targeting people of color.
It's already ridiculous that they spent several years blocking this request while it went through court. If the plaintiffs spoke to pretty much anyone involved in maintaining the system, or with any of their internal infosec people, they would know that there's no real security risk to releasing this information.
They've already spent orders of magnitude more time and money litigating the issue than it would take to just release the information in the first place, so this is clearly not a cost or resourcing issue.
They don't want to release it because they'd prefer it's secret, because secrecy makes it harder for the public to hold them accountable. That's all.
There is an explanation for the fight that doesn't involve something nefarious with CANVAS (though I think CANVAS is dodgy from talking with Matt).
The precedent set here will let data journalists (like Matt) setup effectively automated FOIA workflows on _any_ database they can get the name of for a FOIA request. So even if _this_ db isn't dodgy it enables any of them that are to be found quickly.
Or even less cynically, its just going to cost a ton of resources to respond to all those automated FOIA requests.
I said in another comment but I suspect the column names themselves are incriminating (basically saying this person doesn't get a ticket because they are in a special club, that's probably not technically legal)
Public bodies tend to just want to resist FOIAs for the sake of resisting them. I've never really been able to fully understand the motivations, even after a decade of FOIA litigation.
I think it is likely to ne about budgets. That is, sure, FOIA and similar state laws usually allow the agency to collect something related to actual costs, but that's mostly meaningless since even if actually covers staff time it doesn't retroactively give them staff to cover it in the impacts areas, and often the FOIA volume doesn't effectively feedback into legislative budget processes for future staffing either, while their litigation needs are more likely to feed back into the legal staffing levels, so approving FOIA requests drains working resources in the area covering them in a way that fighting them does not in the immediate term, while fighting them also has the longer term benefit (from an agency perspective) of discouraging future requests.
Hi everyone, I'm the plaintiff in this lawsuit. I'm still working on my companion post for tptacek's post! I'll have it ready Soon TM, but feel free to me any questions in the meantime here.
I don't understand the argument that knowing the column names doesn't help an attacker? Especially in a database that doesn't allow wildcards, doesn't it make things much easier if you know you can do '); SELECT col FROM logins, as opposed to having to guess the column name?
And I don't think I disagree with the court on schema vs. file layouts either. It's not the file layout, but it's analogous: it tells you how the "files" (records) are laid out on the "file system" (database tables). For example, denormalization is very analogous to inlining of data in a file record. The notion that filesystems are effectively databases itself is a well known one too. How do you argue they aren't analogous?
Plus, generally if you have SQL injection, you have multiple tries. You're not going to be locked out after one shot. And there's only so many combinations of `SELECT {id,userid,user_id,uid} FROM {user,users,login,logins,customer,customer}` before you find something useful.
That's a good point, has anyone hardened a database by locking out users who select columns that don't exist? Or run other dubious queries? This would obviously interrupt production but if someone is running queries on your db it's probably worth it?
I once did an security assessment for a product such as what you describe. Among other problems with it, the product itself had SQL injection vulnerabilities
Zane Lackey (with Dan Kaminsky) gave a talk that discussed doing literally that sort of things, back in 2013. Zane went on to found Signal Sciences (acquired by Fastly), doing this sort of stuff in the 'WAF' space.
I guess the main difference is that a WAF attempts to spot things like injection (unbalanced delimiters, SQL keywords in HTTP payloads where SQL shouldn't exist, etc.) typically without knowledge of the schema, whereas GP is talking about the DBMS spotting queries where queries must exist but disagree with the schema. Might as well do both, I suppose.
In the very early 2000’s I worked at a company building something along those lines. We could analyze SQL and SMB traffic on the fly and spot anomalous access to tables/columns/files, etc. Dynamic firewalling would have been the next progression if the company didn’t have other issues.
So if you deploy code before you run the associated db migration, or misspell a column name, you magnify the impact from whichever code paths (& application tier nodes) are running the broken SQL, to your entire production environment.
Simple variation to a hard shutoff: immediately page "significant risk a successful sql exploit was found", and then slow down attackers:
If an SQL query requests an unknown table, log the error, but have that query time out instead of responding with an error. Or, even better, the offending query appears to succeed, but returns fake table data, turning it into a honeypot built-in to the DB. This could be done at the application layer, or in the DB.
The goal is to buy an hour for defenders to determine how to respond, or if its a red herring. There are a variety of ways of doing this without significant user impact.
Yeah it's definitely something that could do more harm than good to a company long term. But I'm sure there are instances where this tradeoff is worth it. They would invest more heavily in runbooks or maybe even ci that runs migrations on deploy. Deleting columns would need to be done on your deploy + 1. Probably no rollback at all.
A good DBA would restrict the account so that it can't access the information schema. It's easy to imagine an environment with a vigilant DBA and less vigilant web developers.
> And I don't think I disagree with the court on schema vs. file layouts either.
I disagree that the law should prohibit disclosing "file layouts" but it's pretty clear that the law does block that, and I fundamentally agree with you that schemas are directly analogous to file layouts and thus restricted.
A SQL schema literally does not indicate the locations of data inside of a file. In fact, the whole reason schemas exist is to decouple the relationships between table rows and the pages and indexes that store that data. We had relational databases before SQL, and there are non-SQL relational (and non-relational) databases today, but you program them, at the query level, with code that is aware of what tables live where.
A schema is the opposite of a file layout. A schema is to a file layout what a Google search is to an IP address.
I agree with you. Knowing the exact column names can speed up an attack and, in some cases, make it more feasible.
Why don’t they just request disclosure of what’s actually stored and allow renaming of the columns? It seems odd that knowing the exact column names would be necessary if the goal is simply to understand what data is being stored and its intended purpose.
> Attackers like me use SQL injection attacks to recover SQL schemas. The schema is the product of an attack, not one of its predicates”.
If it's the product of an attack, but not the end goal, surely it's of value to the attacker?
It seems clear to me that the statute does, as worded, in principle allow the city not to disclose the database schema - it would compromise the security of the system, or at the very least, it would for some systems, so each request needs to be litigated individually.
The proposed amendment sounds like a good way to fix this - is it likely that will pass?
Lots of things are "of value". That's not the bar the statute sets. To the extent something isn't per se exempted by the statute (as the outcome of the case established schemas are), the burden is on the public body to demonstrate that disclosure Would jeopardize the security of the system.
It still seems like a massively gray area: despite the distinction between "would jeopardize" and "could jeopardize" as explained by TFA, the definition of "jeopardize" includes "danger" which means "could lead to harm" not "would lead to harm" at which point it hardly matters whether a thing "could endanger" or "would endanger" the security of the system.
"Would" versus "could" has nothing to do with why your analysis doesn't hold. If something doesn't enable people to attack a system, but is merely one of the valuable things you could get from that system, it does not jeopardize that system under Illinois law. The standard of proof for the jeopardy doesn't enter into it, because no claim of jeopardy has been made.
Again: this part of the case is settled. We didn't lose at the State Supreme Court because the court was worried there was jeopardy, but because they re-read the statute as per se exempting schemas as "file layouts".
Maybe for this case, but it sounds like enough hinges on the details of the system that in another database, a court could uphold that there "would" be jeopardy instead of there "could" be. So you won on the more fragile part of the ruling.
On the other hand, interpreting the law as exempting database schemas is something that can be applied to any computer system, and it presumably sets a binding precedent (I'm not familiar with Illinois jurisprudence, but that's how I'd expect something called the State Supreme Court to work) so losing on that point is worse for future cases.
Losing on what point? Everybody agrees it is bad schemas are per se exempt from FOIA. On the security concerns of releasing schemas, we won in basically every court.
> If it's the product of an attack, but not the end goal, surely it's of value to the attacker?
Well sure, but it doesn't help them attack. That's like arguing that since the bank robber wants dollar bills, dollar bills must be a useful tool for breaking into bank vaults.
If both sides agreed to the analogy of giving the bank robber the blueprints to the vault, I think any lay judge would agree that endangers the bank's security.
I'd say it's more like knowing the layout of the drawers inside the cage. If a robber is inside the cage, they've already won. And if an auditor is checking the bank has what it says it does, they've got legitimate grounds to ask which money is in which drawer, and "no, it's a security risk" is not a good answer.
This fails if either the UI sanitizes wildcards, or if the database prohibits them, or if it produces so much data that you can't ingest it in time, etc.
If you do it wrong, yes. Sure, there is no 100% security, but honestly, it's 2025. We already know the techniques how to prevent SQL injection of any kind. I wrote about this here: https://valentin.willscher.de/posts/sql-api/
Bear in mind that Matt technically lost this, even with the backing of some of the absolute best civil rights lawyers in the country, Loevy and Loevy, fighting on his behalf. This shows you the absurd difficulty in fighting city hall, especially if you're crazy enough to do it without representation.
The one thing working in our favor is what is proposed in TFA: change the law. Once the state Supreme Court has ruled you're hosed unless you can get an amendment. Illinois has a very strong history of amending its FOIA statute, although a proportion of those changes are to further protect information from disclosure, not always on the side of sunshine.
Another change that needs to happen is strong punishment for bodies who lose these fights. In Illinois this is limited to a "$5000 civil penalty" against the body. What is a civil penalty? It's vaguely defined. They used to throw the money to the plaintiff, but in the later cases I fought they simply awarded the money to the county. As one State's Attorney said to me "I don't care if I lose every case, I just write a check out to myself."
(one final note: be careful what you wish for when you litigate, you can end up with an appellate decision like this that solidifying in law the exact thing you were fighting. It's nobody's fault, but it happens. I ended up with one absurd decision that removed prisoners' rights rather than enhanced them.)
A losing public body is also generally on the hook for attorney's fees, which can be considerable. But the general problem here is that the public bodies are all spending someone else's money, so the real deterrent you have is how much of their time you can credibly threaten to eat up with legal actions.
That's true, as long as you are represented. I knew one lawyer in Illinois who would sit in FOIA court and take all the non-represented persons aside and offer to take their cases and split the attorney fees 50/50. I believe it isn't strictly above-board, but it is a solution to a problem.
People don't like being put under oath, so you can somewhat temper a public body's future refusals by deposing them or sticking as many of them on the stand. Especially with depositions, if you aren't represented then you can't be giving any attorney discipline for asking completely outrageous questions to force the deponent to admit crimes etc under oath.
I went up against my muni over their refusal to release their police General Orders (which seems real dumb in retrospect; we got the General Orders from most of Chicagoland with no protest†). I reached out to Matt Topic, who offered to sue for free, or send a nastygram for a billable hour.
I ended up doing the latter, because I gotta work in this town, but one consequence of fee recovery is that it's much easier to get representation for a FOIA suit.
This is a technical solution to a people problem. My reading is that the city doesn’t want to give up this information. If that’s the case, a technical solution wouldn’t work, no matter how easy it is. And given that this has already gone to the Illinois Supreme Court (and lost), the only solution is what is discussed at the end: updating the law.
I agree this is something of a technical solution, but the court wasn't interpreting whether you could ask for rows from a database, but whether you could ask for the schema directly. I don't think the court had the option of saying "you can't ask for the schema, but asking for a sample row is ok".
The short answer is yes, you can do this. I've seen this work for emails, where the request is basically, "Give me the most recent email of blah@gov.com".
And yeah, the plan was to eventually submit a batch of requests using the table names, similar to `SELECT * FROM {table_name_from_schema_request} LIMIT 1`, but one FOIA request per-table.
I have once wrote a script that translated sql requests into proper Ukrainian legalize invoking the equivalent of FOI to quite citizenship statistics from the agency. It worked, but they were not very happy when I had to get to them on the phone.
Seems like you could asked for a verbally masked description? Like an enigma coda specific to the FOIA.
"Describe to me the columns, in simple non-programmatic english, and what the purpose of the table is for, for each table related to parking tickets"
Essentially a human to schema DSL That is only technically decipherable by the admin of the database. Then you're not having actual code and only the admin could decipher.
But yah, as you said, if the humans don't want to disclose their foibles, how the request is filled is technically meaningless.
I wish it were that easy easy. I'll go more into this specific question in my post, but the short answer is that FOIA does not statutorily require the creation of new records in response to a request. The gov agency creating a description of the data in response to the FOIA request would be creating new records. It's silly.
Yeah I can see that, seems like masking isn't creating a new record, but obviously that's not how it's interpreted, because you're using the human filling out the form to interpret then return the data. FOIA typically allow for redactions and that seemingly creates new records because they have to redact things and knowing what to redact is providing masked information and that's a new record.
As such, they could claim all FOIAs that require redactions shouldn't be fulfilled because a redacted record is a new record.
Have you tried looking for information from the developer about CANVAS? With any luck the developer has support documentation online that describes CANVAS and maybe you'll be able to narrow down your FOIA request.
I think the point of the lawsuit is less about CANVAS schema itself and more about the ability of the government to hide this kind of information from FOIA requests.
Damn, this is impressive. I've been fighting with a state agency since December for 17,000 emails. I don't think I've ever tried to request emails and received zero push-back, but a $33 million estimate just, chef's kiss
> Normally, a flustered public records officer would just reject a giant request for being for “unduly burdensome”… but this sort of estimate is practically unheard of. So much so that other FOIA nerds have told me that this is the second biggest request they've ever seen. The passive aggression is thick. Needless to say, it's not something I'm willing to pay for!
Very interesting case! Just one question: to what extent do changes in database schemata fall under FOIA in Illinois? That is, if they should change the database schema to conceal whatever it is they're fighting tooth and nail to hide, are they compelled to retain detailed information about that change? Or can they later present you (should the legislation pass) with a cleaned-up, nothing-to-see-here updated version?
Hard to say. One of my personal drivers for this lawsuit is a tip I received that said that Chicago has a list of vendors whose tickets are dropped in the back-end. When I requested that info, the city said they had no such list. I trust my source, so having schema information could help figure out the extent and if they were lying.
Earnest question: If you suspect them of lying on the issue, why would you trust them to release the full schema in response to the FOIA request, and not just omit any possibly incriminating columns?
It's always a possibility that some low level official not in on the scam sees the FOIA request before management tells them not to work on it. The more you ask for, the less filtering there is going to be, simply because of how people work.
If you're running the scam, you don't want to tell low level employees about it, because they have no incentive not to blow the whistle.
By that logic there's no point investigating any crime or doing any kind of audit. You increase the costs of covering up, and put them in a dilemma - remember this is exactly what brought down Nixon.
What is the theory then for why they do not want to release this schema? Don’t misunderstand me I appreciate how important it is that people push the boundaries of FOIA.
The statute says they're not required to. For a couple years, the statute did say that they had to, as we won multiple cases in lower courts, but Chicago appealed to the Illinois Supreme Court, and the outcome was that now the statute exempts schemas.
Because this is not how government works. Most of the time it's not a heavily entranched conspiracy. Once the request is approved to go through by the legal department, some technician will happily give you everything you want and it won't be censored or tampered with in process.
Many times the people answering the requests aren't part of the conspiracy to commit random acts of malice. Sometimes they're roped into it under threat of termination.
And often times, the denials eventually lead to significant reorg once judges and Congress can revise laws to fix the ambiguities.
Well that certainly sounds suspicious. But it could also provide more damming evidence of targeting groups, people skimming the till, bribes to make tickets go away, all sort of fun shenanigans.
Bribes are most certainly not logged in the system under the "bribes" column or codified in any way. The data discovered through foi could show some patterns which are suggestive of bribes, but the actual thing is negotiated "off chain".
That’s what I meant. For example, people who have a suspicious number of tickets dismissed. Or perhaps certain employees that dismiss a suspicious number.
Anecdotally, around 40-55% of my DoorDash (YC S13) delivery drivers can only speak Spanish (I set my deliveries to require a PIN so I meet them), and the style of Spanish they speak is a Central American register (I think Honduran, El Salvadoran, and Guatemalan) based on accent and word choice.
I'm not sure if they are "officially" illegal, but they are most likely waiting on an Asylum or Immigration hearing.
This is in SF.
I can also provide FB groups that sell DoorDash (YC S13) and Uber Eats delivery driver accounts to those who lack documentation if needed.
> "they only speak spanish" to, "there's a very high chance that they're here illegally"
Because you cannot get a Work Visa to work for DoorDash or Uber Eats, nor are most Central Americans eligible for Diversity Visas (excluding Guatemalans and Nicaraguans), nor is it family reunification as that has financial assistance requirements, nor are students on student visas legally allowed to work gig work roles.
That only leaves Asylees waiting on immigration hearings (Venezolanos, Colombianos) or TPS (Honduras, El Salvador) - which isn't illegal immigration in formal terms.
While TPS is a legally protected form of immigration, as the kid of immigrants who had to wait 16 years just to get a Green Card and were ineligible for a number of social service programs as naturalization includes proof of income sustainability, it grinds my gears because millions of immigrants have to prove employment or financial feasibility to come here.
There's a reason why Latiné and Asian American voters saw a significant shift to Trump in 2024 (not me - dislike his admin - but I get where those swing voters were coming from).
There needs to be immigration reform, but I absolutely don't have sympathy for economic migrants from Central America gumming up the works for an Afghan or Burmese asylee who will now get deported to countries in the midst of civil wars. And our inability to do so in the Biden admin is what allowed Trump to win in 2024.
You still don't have enough information to really know; there are plenty of ways to legally be in a country.
They could be on spouse visas, they could be natural-born citizens, born on american soil, but still haven't learned english. They could have been born to an american-citizen-parent abroad, making them american citizens.
Even though family reunification requires financial assistance, that doesn't preclude the dependent doing gig work for extra money beyond the minimum requirements.
There are far more possibilities than "work visa, student visa, asylee".
> They could be on spouse visas, they could be natural-born citizens, born on american soil, but still haven't learned english. They could have been born to an american-citizen-parent abroad, making them american citizens.
Absolutely, but the population of Salvadoran Americans growing from 710,000 to 2,500,000 and the population of Honduran Americans growing from 240,000 to 1,100,000 in 20 years, despite El Salvador's population remaining stagnant (Honduras's grew significantly over 20 years).
While not every worker is undocumented or abusing the TPS program, the cases you mentioned above cannot account for that scale of growth for a community.
I sympathize as a 1.5 gen immigrant, but at some point it does feel like a slap in the face when there are millions of us who spent decades stuck in immigration limbo due to visa backlogs AND were inelligible for social services like SNAP, free school lunches, etc as those could disqualify you from naturalization.
And that's why a significant portion of Latiné and Asian Americans flipped in 2024.
I really appreciate this response, thank you. I still think you're making some assumptions about quite a lot of people, eg, a friend of an asylum seekers might join an app together where both friends have vastly different legal situations.
Agreed about the lack of immigration reform from Biden's camp being a significant factor towards Latiné swing voters. DACA has always left me with a feeling that, while it was amazing in letting many folk live safely and able to fulfill themselves, it felt like the patchwork that would lead to zero action, followed by disaster. And it feels like the disaster is manifesting its head.
> I still think you're making some assumptions about quite a lot of people, eg, a friend of an asylum seekers might join an app together where both friends have vastly different legal situations
Absolutely! My heuristic is lossy, and the case you provide is probably happening.
> DACA has always left me with a feeling that, while it was amazing in letting many folk live safely and able to fulfill themselves, it felt like the patchwork that would lead to zero action, followed by disaster
Yep. I was working on the Hill for the Ds during DACA and immigration reform.
I had high hopes that we could have found a happy path to help humanize the immigration process, give documented status to law abiding individuals who lacked that, and prosecute and remove the minority of bad actors who give us immigrants (documented and undocumented) a bad reputation.
Sadly, neither the Rs (wanted to dunk on Obama 2) or the Ds cared enough because, to quote the LegAide who I reported to "immigrants can't vote", and this festered into the horrible situation that now exists.
We could have used DACA as a framework to build a more streamlined and ethical legal immigration process, but no one cared.
And so I became a jaded and very well compensated techie
Most of them are even on F1 visa working on someone else account. I know because many of indian students do that in NY and I used to ask them when I give tips.
Agreed, it’s not allowed and is gross violation of F1 requirement. Thats the reason they purchase account and give like 30% of income to person who sells doordash account. Many of them work at gas stations and motels, which is kinda sad. TBH, they don’t have many options because I’m sure most can’t afford tuition fees.
I wish the U.S. government would let them work 20 hours outside of university jobs, since most universities can’t provide enough work for them. The government should also ensure students have enough funds to study in the U.S.—for example, by checking their bank balance for the entire year, not just one day.
Hardly brand new, but at least done by an actual publication. Uber will never want to publish stats for this kind of thing, so I suspect this is the best we'll get for awhile
I've been documenting this data on my own with screenshots after seeing a degradation in DoorDash (YC S13) deliveries around 2022, and getting annoyed at having to escalate to customer service or peers at mid-level roles internally.
It's not at all scientific, but it's helped me get my escalations resolved fairly quickly after bringing up some of the data collection and potential liability issues (that cannot be resolved by arbitration ;) ) to their Safety teams.
I don't blame the drivers though. Fundamentally, it's product and operation leadership in Mission Bay (Uber) and Rincon Hill (DoorDash - YC S13) that is causing this - and I'm sure a lot of those guys are on HN as well.
Nothing will happen though, plenty of our peers are tight with this Admin. A16Z, YC, and a number of other funds became close to the Trump admin after the Biden admin poked the bear by proposing changes to unrealized capital gains tax brackets [0][1] along with the OECD Global Tax Deal [2]
Yes, but you have to submit a request to every single one of those places. And then they have to review and redact them. I've had these policies denied in public records requests because the 800 page document would take many hours of review to complete. Had to submit the requests in piecemeal and it was very time consuming for me and the agency. That's just for one place.
"the department is happy to be both rid of a problem officer and not have to put it in the public record just how bad the problem officer was."
...have you not seen the extents that LE agencies and the FOP will go to make sure these folk aren't fired? There's a reason LE have FOP cards in their wallets that include a statement to be read verbatim into a transcript for disciplinary meetings.
- When something bad happens and it makes it into a courtroom with sufficient evidence that it happened, they want every officer in the department to testify that the action in question is definitely not common practice and completely contrary to training. Such testimony would be greatly undermined by a subpoena that revealed several investigations finding officers to have engaged in such behavior in the past. Again anything that stops the investigation before it can find anything material could potentially save the department millions of dollars in future liability.
You have a very rose-stained perception into these things. I highly recommend you do some court watching to really understand how these systems work. These sorts of retrospective analyses of misconduct truly don't exist as deeply or as strong as you think they are.
As a US outsider (Australia) I see the Tulsi Gabbard hearing has stirred a barely tangential can of worms re: disclosure and keeping secrets.
It's national security related, Was Snowden a traitor or a whistleblower and pokes the bear on whistleblowers and duty to disclose poor and outright illegal behaviour.
Not sure if that's your beat or interest as a reporer .. but it goes to a core issue wt public institutions.
In Chicago there are two means of holding individuals accountable to this sort of thing. The first is the local records act, which carries a misdemeanor for intentionally violating the act (ie, destroying documents). The other is the city's ethics policy which includes something similar to what you've said -- in that there's a legal obligation to report any observed illegal/fraudulent activity.
From conversations I've had, neither have been used for the sort of corruption you're referring to. Partially because the definitions in these things are intentionally vague. Another part because the local records act misdemeanor I mentioned would have to go through criminal court rather than civil court.
> in that there's a legal obligation to report any observed illegal/fraudulent activity.
It might be interesting (not say challenging with a real risk of pushback into your RealLife) to get off the record comment about police ranks closing and reacting to anybody that threatened to or actually did spill beans about questionable activity.
The challenge to keeping a clean house is having an open and easy (and anonymous) path to acceptably highlighting the dirt.
For your general curiousity; from my part of the world (there are many stories, this is the bare surface of just one)
* Quigley was the lawyer for the Western Australian Police Union for 25 years. In 1983, he represented officers at the inquest into the death of John Pat, a 16-year-old Aboriginal boy. He became an honorary life member of the union in 2000 before entering state parliament in 2001.
Lawyer defends police who openly and racially kerb stomped a kid to death in a rough outback town. Police love him and draw him into the fold.
* In 2007, his life membership of the Western Australian Police Union was withdrawn after his parliamentary attack on police involved with the Andrew Mallard case, where he named a former undercover policeman who had a role in Mallard's unjust conviction. He planned to melt down his life membership badge, have it made into a tiepin with the words Veritas Vincit— "Truth Conquers", the motto of the school he attended—and present it to Mallard.
Eventually the daily exposure to defending corrupt police weighs heavy and a heart starts to beat.
* In 2011, he was accused of bringing the legal profession into disrepute, a charge stemming from his campaign to expose the wrongful jailing of Andrew Mallard for murder, to which he replied "...if you take on corrupt police you will be pursued and they will try and destroy you."
* He became the [ State ] Attorney-General on 16 March 2017.
- Neither GP nor I were talking about officers being fired.
- GP was talking about a dynamic of officers resigning to avoid disciplinary actions on their record and working elsewhere.
- GP suggests this is due to union pressure.
- Indiana has much less strong police unions compared to Chicago
- My point is that there is still an incentive for departments to allow problem officers to retire before any investigation can confirm allegations of wrongdoing.
- I am more than willing to believe that lots of wrongdoing is enabled by the actions of unions, I just think that a policy allowing problem officers to resign with a clean record rather than be investigated is not solely motivated by union pressure.
Police unions are not really unions in the traditional sense and wield alot of influence because of the nature of the job. But they aren’t a boogeyman.
All politics is local, and the creative expression of discretion is a source of power for many different stakeholders.
The reality is that giving a mulligan to some jackass cop who fucks up has benefits to many stakeholders. Investigations involve looking at things, and sometimes you see things when you bother to look.
This type of behavior is typical in close groups of people with power… see corporate boards, Catholic Church, etc.
> The reality is that giving a mulligan to some jackass cop who fucks up has benefits to many stakeholders. Investigations involve looking at things, and sometimes you see things when you bother to look.
Thanks; that paragraph sums up a lot of what I was trying to say.
I think you're failing to realize just how few complaints and misconduct are actually looked into in any sort of depth. It's not that "when they look they see things". It's that misconduct happens so frequently that it's trivial to find once you start looking.
https://cpdp.co is a good site to review these sorts of questions for. Disclaimer again, though - I'm a contributor to the project.
You're not talking about officers being fired because it doesn't happen very often :). Your lens is from the now-world where, in any other job, you would be fired 100 times over for actions done by police on a routine basis. It's firing-adjacent, yeah?
reply