[an error occurred while processing this directive]

Privacy Issues
and the Virginia Tech Massacre

By Eric J. Weinberg


The killings at Virginia Tech, where a young man with a documented mental health history unleashed mass carnage, demonstrate the tragic challenges faced by law enforcement today.

Sadly, this scenario is more common than most realize. Take, for example, a sworn police officer in California who arrests a suspect during a domestic disturbance call.

A suspect is manifesting unusual behavior - threatening his wife and speaking in an incongruous manner. The officer exercises the statutory authority he has, and transports the individual for psychiatric evaluation. The officer fills out a Welfare Institutions Code Form WIC-5150, as thousands of police officers in California do each year. They are required by state statute to do so and they attach the form to their standard incident reports. Thereafter, the disposition of the suspect and the decision of the doctor or health care professional treating him becomes a private matter.

The arresting officer and the police department for which he works are never notified of the outcome of the evaluation and the suspect's treatment record becomes a protected and privileged file, shielded from everyone, including law enforcement, by state statutes, federal law and, in some cases, local ordinance. Should the suspect be released and return to his home to kill his wife the next day, the police chief in the town where the suspect was arrested would need to stand before the media and account for how such a terrible thing could be allowed to happen. The chief would do this with no more information than the arresting officer's initial report.

Although the Virginia Tech killer was known to law enforcement before the tragedy, and although he may have had court ordered mental health evaluations, privacy laws like The Health Insurance Portability and Accountability Act (HIPAA), enacted by Congress in 1996, prevented police from being alerted to a potential threat or even making an inquiry about his tendencies or intentions.

You see, laws like HIPPA have sweeping and absolute provisions that protect the security and privacy of the individual's health - mental, physical or otherwise. So when the time came to account for the actions of the shooter, the police chief stood alone at the podium, unaccompanied and uninformed as to the shooter's past mental evaluations, prognosis or treatment - a tragic and perhaps an unintended construct of a well intentioned law like HIPPA.

The events at Virginia Tech echo other challenges to law enforcement today. These professionals have spent a great deal of time since September 11, 2001, struggling with the challenges of better information sharing and how to balance privacy and civil liberty concerns while at the same time leveraging existing technology tools and business process solutions that will better enable them to connect the dots and prevent attacks - whether from international terrorists or small town criminals, or even a deranged homicidal college student.

Data and tools to do this type of predicative analysis and preventative policing do exist. The seamless execution of what could be an elegant and simple intelligence function for police is impeded in the practical application by complex and competing laws that govern the methods by which information is shared, or more often not shared. This over-compensation and lack of coordination in our policies and laws, and the practical application thereof, dangerously limits the effectiveness of how we could more easily prevent the next Virginia Tech tragedy or the next 9/11 - or worse.

Many of the existing legal requirements attempt in some way to guide law enforcement in their conduct. Sadly over time, these rules intended and designed to protect our civil liberties, become so imbalanced with one another in their application that their effect is to inhibit police from further investigation. They may even punish police criminally for making further inquiries about the mental state of a person like the Virginia Tech shooter.

Lawmakers, the media and even the general public must stop looking to law enforcement for answers at the press conference after the tragedy has occurred and should look carefully at how the myriad laws in these domains could be better aligned to protect our liberties while at once empowering our police to best protect not just our freedoms, but our physical selves.

The challenge is not how to do this functionally - technology tools that conduct data mining, business processes and analytics exist in commercial markets to tackle the mountains of information - rather, the question is how we do such things within the confines of constitutional protections, state statutes and federal privacy rules. The answer is intellect and coordinated leadership in our legislatures and a stated willingness to not wait for the next tragedy.


About the Author
Eric J. Weinberg is Managing Director of KROLL, Inc., and its KROLL Security Group. He can be reached at (540) 657-4120, or at eweinberg@kroll.com

[an error occurred while processing this directive]