Predictive Policing Tool’s Website Exposes Login Pages for 17 US Police Departments

A predictive policing tool that has been criticized for encouraging cops to spend time targeting petty crimes in heavily surveilled, low-income communities of color may have accidentally exposed 17 communities and police departments that it is working with because of its user login portals.

The tool, Predpol, has at least 17 subdomains associated with American cities and communities, which suggests that PredPol has been quietly implemented in the police departments for these areas, or will be introduced in these communities in the future.

The existence of the subdomains were first reported by BoingBoing this morning, and was discovered by a researcher using a tactic known as DNS brute forcing in order to find common versions of the Predpol.com domain. Motherboard verified the BoingBoing report with its own subdomain scanning technique, which verified that the login portals mentioned in the BoingBoing report exist. Motherboard did not scan for every single city in the US, meaning that it’s possible that additional subdomains exist. Predpol did not return Motherboard’s request for comment, but we will update this article if we hear back.

The subdomains are login portals for police officers, presumably to use the tool, which analyzes the history of crime in an area on a scale as small as 500 by 500 feet. Then, the Predpol algorithm generates predictions as to where similar crimes could occur next. Predpol does not consider white-collar crimes such as mortgage fraud, and only considers street crimes such as assault or robbery.

Motherboard was able to verify the following subdomains associated with seventeen US cities:

• Southjordan.predpol.com
• Berkeley.predpol.com
• Frederick.predpol.com
• Albany.predpol.com
• Tacoma.predpol.com
• Indianapolis.predpol.com
• Elmonte.predpol.com
• Longbeach.predpol.com
• Reading.predpol.com
• Haverhill.predpol.com
• Pleasanton.predpol.com
• Hollywood.predpol.com
• Baltimore.predpol.com
• Elgin.predpol.com
• Livermore.predpol.com
• Modesto.predpol.com
• Merced.predpol.com

When visited by Motherboard, many of the login portals contain a banner in the upper-left hand corner that identifies the city or region that corresponds to the subdomain (for example, the Hollywood login mentions the Los Angeles Police Department.) This banner feature is not something that’s automatically generated, adding weight to the idea these are deliberately created login portals.

Although the login portals for Longbeach, Pleasanton, and Baltimore exist, they do not appear to be publicly accessible at the time of writing. While we don’t know why they are not accessible, it is possible that these cities are no longer customers, that these subdomains exist as placeholders for future use, or the login portals were taken down.

Some of the cities with Predpol subdomains, such as Baltimore, have come under fire by the Department of Justice for racial discrimination and widespread excessive use of force.

However, not all of the subdomains in this list correspond to city police departments. For instance, according to the page banner, the subdomain Berkeley.predpol.com corresponds to the University of California Berkeley police department.

Predictive policing has been criticized by civil and digital rights groups such as the ACLU and the EFF for racial profiling by targeting areas that are disproportionately home to people of color, which are already heavily surveilled. The practice has also been criticized for a widespread a lack of algorithmic transparency, and for giving disparate attention to petty crime.

Police training documents made public earlier this year through a freedom of information request by digital rights group Lucy Parsons Labs reveal that the company enables a "broken windows" policing strategy, which argues that petty crimes should be heavily policed and prosecuted. There is little evidence that a broken windows policing strategy—which is based on a non-scientific editorial published in The Atlantic in 1982—is effective in widespread crime reductions in cities.

As reported by Motherboard, the Oakland police department was previously considering bringing Predpol into the city. However, the police department ultimately opted not to use Predpol, citing concerns about algorithmic targeting and citizen privacy alongside limited evidence supporting Predpol’s effectiveness in reducing crime. There is no Predpol subdomain for the city of Oakland.

Joseph Cox contributed reporting.