Learn how organizations can protect premises without overstepping legal boundaries — ensuring security while upholding constitutional rights.
A First Amendment auditor is a person who seeks to test whether their Constitutional rights will be wrongfully infringed. A trend by these self-appointed auditors is to record videos in public and semipublic places. The First Amendment of the United States Constitution protects the right to record public activities in public spaces with certain limitations. One such limitation is if the action is prohibiting legitimate business activity. Laws vary between states and local areas, and it is recommended that you seek legal advice specific to your area.
Auditors often target facilities and personnel associated with public services, including utility providers and workers at critical infrastructure sites. Quite often two or more self-appointed auditors work together to vehemently question personnel and attempt to cause irritation. Their goal is to instigate and record a response that is unprofessional and violates their rights.
YouTube and other media outlets contain numerous videos with people conducting themselves unprofessionally during encounters with auditors. Resulting in court battles, payment of monetary damages, exposure of sensitive information, and a negative impact on the affected organization’s public image. Additionally, these auditors receive monetary payments based on their video subscribers. The more eventful the video the more views it will garner, and the more money the auditor makes. If the test is uneventful and the auditor is allowed to legally exercise their rights appropriately then the site or organization “passes” their test.
Inadvertent Consequences
Spillage of sensitive information may be an inadvertent consequence from an encounter with a First Amendment auditor. Not only can the auditor utilize social engineering to garner information and additional access from unsuspecting personnel, but they can also record pertinent information such as access processes, employee badge details, detection device locations, and security response times. This information is then widely distributed online to every viewer. The viewers who see this information could be a thrill-seeking local teenager interested in sneaking into a power plant, a local criminal interested in stealing copper for monetary gain, or a more heinous adversary such as a domestic violent extremist whose ideologies are motivating them to cause a prolonged electricity outage.
Legal Protection
Critical infrastructure refers to the systems and assets that are crucial for the functioning of our modern society, such as water treatment plants, transit services, and electric generating plants. Due to the importance of critical infrastructure, and in the interest of security and reliability, the Homeland Security Act of 2002 was enacted. This Act provides a basis for critical infrastructure physical security protections such as restricting public access.
Effective physical security measures can ensure safety and security without infringing on the legal activities of First Amendment auditors.
The Critical Infrastructure Information Act of 2002 protects sensitive information related to the security of critical infrastructure and protected systems from being released in the public domain.
Additionally, several states have laws that are specific to the protection of critical infrastructure and related information.
Physical Security Measures and First Amendment Auditors
Effective physical security measures can ensure safety and security without infringing on the legal activities of First Amendment auditors. Some simple physical security measures can greatly mitigate the occurrence of an unwanted incident.
- Deter: Effectively placed “No Trespassing” signage demonstrates territorial reinforcement and property boundaries. Some areas have specifications regarding spacing, dimension, as well as height placement requirements that must be met to facilitate legal charges. Interior and exterior building signage that reads “Authorized Access Only” is also effective at demonstrating areas not available to the public. Landscaping and structural design can also create transition zones indicating a change from public to semipublic and restricted areas.
- Detect: A person video recording around a critical infrastructure site should be observed and reported by employees and contractors. A failure to do so warrants additional security awareness training or a reassessment of video surveillance systems and operations.
- Deny: Barriers such as walls, fences, and locked doors designate areas that are not open to the public without permission and escort according to policies and procedures.
- Respond: Depending on the situation a response by security personnel may be warranted. The interaction should remain professional, and the request for law enforcement should be considered if: the auditor attempts entry into unauthorized areas, makes it impossible to conduct business, makes harassing or discriminatory statements. Training regarding First Amendment auditor interaction should be included in security awareness programs as well as policies and procedures to raise awareness and prepare employees to manage these occurrences appropriately.
General tips for dealing with First Amendment auditors:
- Remain professional.
- Act according to the law.
- Don’t provide unnecessary sensitive information.
- Enforce legally supported boundaries to protect employees and assets.
- Document the incident and collect any evidence that may be useful in legal matters.
It is likely that a First Amendment auditor will visit a critical infrastructure site and contact personnel. This probability emphasizes the need for stakeholders to take proactive measures. When an occurrence does happen, leaders should utilize the opportunity to assess the functions of the physical security system and improve the organization’s security program.
Source: Security Magazine