Weak on Security: Emergency Alerts from Village Don’t Specify They’re Officially from Arlington Heights

 SUPPORT UKRAINE  or   SIGN UP AMAZON PRIME  

Arlington Heights sent out a mass notification to residents and citizens that have signed up for their Mass Notification System from Everbridge today. The system, which is specified to send out important messages regarding natural disasters, missing persons and other crises affecting the community, today alerted subscribers that this day wasn’t the day to take out the garbage — hardly a crisis notification or natural disaster. The use of a mass notification system for a message about taking out the garbage is a questionable use of the service, especially since the description of the service doesn’t specify such use.

UPDATE: Since publishing this report we have received a report that in-patient bedside telephones at Northwest Community Hospital received the Mass Notification calls for garbage service delay — in the Intensive Care Unit.

The message system itself has several serious deficiencies in security.

1. The opening message from the automated telephone call states that there is an important message from “your community” — hardly an official sounding message from an accountable authority. From “your community” sounds reminiscent of any of the hundreds of spam telemarketing calls selling security systems or “savings” on your electric bill, etc.

The message should say something like this:
“Here is an important official message from the Village of Arlington Heights.”

A message from “your community” sounds vague and could lead to questioning of its validity. The message should have a specific source that offers accountability, such as “Here is an important message from “the Arlington Heights Police Department” or “the Arlington Heights Fire Department” or “the Arlington Heights Public Works Department” or “the Village of Arlington Heights.”

2. The mass notification system tells the subscriber answering the automated call to “dial one” to hear the message.

For general security practices, someone answering the phone should never press a number when asked by a caller — especially if the caller’s identity can’t be confirmed. Such a request, if performed, is sometimes used by telemarketers to connect people to live telemarketers. There is also an uncommon telephone scam that works on some workplace phones on PBX systems that can permit an offender to cause the person answering the phone to give the offender access to an outside line in order to make a phone call billed on the company’s dime. This scam does NOT work on home phones or cell phones.

As a point of inconvenience, let’s say today you were actually taking out the garbage with big mittens on and you could barely answer the phone, you might have a hard time pressing “one” to hear your critical message from “your community.”

Bottom line is that if we receive a call from the mass notification system, it should proceed with the message after a reasonably authenticated introduction without requiring the person answering the phone to dial a number.

By the way regarding today’s message, if you waited and didn’t press the number “one” the message began anyway.

3. The mass notification system doesn’t have a referral notification to the official website and social media for the Village of Arlington Heights to cross-check the validity of the message.

Malicious callers could use caller ID spoofing to prank citizens or to urge citizens to act in ways that would make the citizens more vulnerable to harmful criminal activities or hazardous situations (terrorism). In caller ID spoofing, offenders with special digital telephone technology could cause the Village of Arlington Heights switchboard telephone number to show up on a citizen’s caller ID, even though the offenders are calling from another number. A variety of nefarious activities could be acted out on this vulnerability. The caller ID for mass notification message actually showed a series of numbers that were obviously not a phone number.

All mass notification system messages should refer to a reference message on the Village of Arlington Heights website, the official village Facebook page, and the official village Twitter account. The reference message posted on vah.com, the official facebook page, and the village Twitter account should identify the mass notification message with the identical message that was presented on the phone call, and if possible should provide additional information — minimally the date the mass notification message was delivered. This way residents can check with the Internet resources to confirm the notification, and avoid falling victim to a prank, or criminal act, or terrorist act.

Here is a recent promotional information article from the Village of Arlington Heights about the mass notification system (bold added for emphasis).

Residents and businesses have an opportunity to enroll in Arlington Heights’ Mass Notification System that enables the Village to quickly disseminate critical information during emergencies. The Everbridge Mass Emergency Notification System allows Village Officials to send out important messages regarding natural disasters, missing persons and other crises affecting the community.

The Emergency Alert System is capable of delivering messages across several communication medium including; cell phone, e-mail, instant messaging, etc. Emergency Alerts are automatically sent to all listed land line phone numbers in the Village that have AT&T service. However, residents with phone service provided through cable or internet providers need to opt into this program to receive alerts. Those opting into the system can also add additional contact information, in order of preference, into the system. This will ensure that residents receive important messages at any time, no matter where you are.

In order to receive messages by cell phone or other electronic device, residents must OPT IN their personal contact information by clicking on the “Citizen Alert” banner located on the right side of the Home Page. Residents that do not have internet access at home may still register either at the Arlington Heights Library or through a family member or friend. After following the step-by-step instructions and selecting their preferred methods of notification residents will be ready to receive information in an emergency. Click here if you are ready to register now!

Through the registration process, residents can also choose to “opt-out” and remove their contact information from the notification system. Those who opt-out will no longer receive emergency notifications.

The Everbridge Mass Notification System allows several useful features, which include configuring multiple locations you care about, priority methods of notification (phone, cell phone, SMS Text, e-mail), and choice of the community alerts that you want to select. Emergency alerts and water boil alerts are mandatory. Optional alerts a known as community alerts.

Community alerts include …
Water Boil Orders (manadatory)
Crime Bulletin
Flooding
Road Closure
Hydrant Flushing
Community Events

Since Water Boil Orders are mandatory it seems they should be grouped with Emergency Alerts, not community alerts.

Also Crime Bulletins instructions should be explained in better detail. For example, notification about a standoff/barricade situation in your neighborhood is probably an Emergency Alert, not a Crime Bulletin alert under the Community Alert classification. This clarification is needed to improve the details available to the public about the mass notification system.


Stay informed with news from The Cardinal’s Emergencies Behind the Scenes Facebook page — Facebook.com/CardinalEmergencies. Includes links to favorite public safety and emergency rescuers and product manufacturers and safety companies that have facebook pages. Submit your pictures or just stay up-to-date on with fire, rescue, EMS and police photo galleries. Please add your public safety photo to the wall album — go direct to the Arlington Cardinal Emergencies Behind the Scenes photos. For a list of all of The Cardinal Facebook fan pages, go to Arlingtoncardinal.com/about/facebook …

Arlingtoncardinal.com is an Amazon Associate website, which means that a small percentage of your purchases gets paid to Arlingtoncardinal.com at no extra cost to you. When you use the search boxes above, any Amazon banner ad, or any product associated with an Amazon banner on this website, you help pay expenses related to maintaining Arlingtoncardinal.com and creating new services and ideas for a resourceful website. See more info at Arlingtoncardinal.com/AdDisclosure