Today, badges convey that the bearer is granted the authority to enforce laws established by a governmental or quasi-governmental entity and are cherished by law enforcement officers. The issue is that there are over 17,000 law enforcement agencies in the United States all with different badges and credentials issued to their personnel. This is not including, the over 70 different federal law enforcement agencies that issue badges and/or credentials. And in there lies the problem. How do you know a cop is a cop?
The most common response to that question is usually, if they walk like a cop. Talk like a cop. And look like a cop, then they are a cop. The assumption is further built upon when being presented with a badge and identification card. But that is not always the case.
It’s probably not surprising that they found it easy to obtain, cheaply, fake badges, and that those badges then allowed them pretty much unimpeded access to whatever they wanted. In other words, real badges provide little real security.
As someone who’s worked in secured facilities, where badges are required for access, I can say that how well all of this works very much depends upon how the badges are used, and the bottom line is that it’s useless to expect reasonable enforcement by having people look at others’ badges. They will too often fail to look, and when they do look they will be unable to detect the fakes.
But not all setups rely only on visual inspection. At one facility, a guard eyed your badge at the gate, but that was designed only to block
tourists — to keep arbitrary curious people from wandering onto the premises. But to actually get into the building, everyone had to pass a badge reader and enter an identification code on a keypad, a two-factor authentication process (something I have, and something I know). The reader validated the badge, making it harder to get a fake through. The identification code made sure that I matched the badge — not just that I bore a passing resemblance to the guy in the photo, but that I actually knew the code that was stored in the database for that particular badge.
That defeats attempts to clone a badge, or to put arbitrary information (or none at all) on the magnetic strip. Getting through that system would require compromising an individual and specifically stealing or copying his credentials and obtaining the corresponding identification code... or, alternatively, finding a way to get in that bypasses the badge readers. There might have been such a way, but none was apparent to me.
Once inside, we’re back to the visual checks again, so one can wander unimpeded through much of the building. But the process at the entrances repeats for access to certain areas of the building, again requiring either badging in (with reader and ID code) or opening a lock with a combination unique to that area.
I don’t think there’s any way to completely get rid of visual inspection of credentials, but we have to minimize it. The public is especially vulnerable, in cases where someone dresses like a cop and has something that looks like a badge. But for official buildings and other secured areas we do have alternatives, and we should be using them rigorously.