Here's the scoping doc:
<a href="https://iowacourts.gov/static/media/cms/Rules_of_Engag_E9D807B3D13D3.pdf" rel="nofollow">https://iowacourts.gov/static/media/cms/Rules_of_Engag_E9D80...</a><p>Some highlights include authorization to attempt entry by tail gating, lock picking, place devices once access has been gained, etc. It's a total vindication for Coalfire (IMO).
There is a legend from the time of my Uncle's tenure at the US DOJ. During the Clinton administration, he hired so-called hackers he met at DEF CON to conduct a pen test of an immigration processing center somewhere around New England. The hackers were given some form of "get out of jail free card" for use during the pen test. In spite of it, they were arrested anyway by the overzealous administrator of the center. My uncle's group in the DOJ had a hard time getting those hackers out of jail, and when they finally came out, they were quite mad, since the whole fiasco had put their permanent records at risk of a bad mark. The pen test project was still on, and it seems they went to extra lengths to exact their revenge on that overzealous administrator. As proof of their total compromise of the immigration processing center, the then Attorney General Janet Reno received in the mail from a green card for a Kang G. Roo. Subsequently, said administrator was demoted and reassigned to some cold desolate part of Alaska. (So the story goes, anyway.)<p>Edit: The "reassignment" may have led to an almost-immediate resignation.
This article [1] seems to imply the reason for the arrest is a disagreement between the county sheriff's department and the state as to who has the authority to sign off on them attempting to break in to the building.<p>[1] <a href="https://www.desmoinesregister.com/story/news/crime-and-courts/2019/09/18/iowa-courts-dallas-county-courthouse-coalfire-contract-judicial-branch-test-security-ia-crime-arrest/2356047001/" rel="nofollow">https://www.desmoinesregister.com/story/news/crime-and-court...</a>
Why is this still going on? It made sense before when there was a possibility of confusion, but at this point it is <i>at worst</i> a mistake, not someone with intent to commit a crime. Are charges still being pressed?
One of the many books on CIA training describes how they handle this. The CIA has written agreements with law enforcement in the areas where they do training exercises. Trainees are given a number to call. If they call it, someone from CIA HQ comes over, with, as one trainee put it, the "rumored but never seen get out of jail free letter".<p>This usually means the trainee failed the exercise.
>> It's a total vindication for Coalfire (IMO)<p>But think about this from the perspective of the cops. The contract can get coalfire out of any liability for damage done to the building and any potential break and enter. That is consent between contracting parties. But an alarm was set off. The police were called. This isn't exactly a case of them filing a false police report, but the police were indeed called under false pretenses.<p>I used to work in a building with remote monitoring and extensive security, including armed response (military). We did these tests monthly. But as soon as the alarm was triggered, someone was on the phone to the military police. If their supervisor decided to roll the cars and test his officer's response time that was with his permission. We would never, ever, have insist that cops stop what they were doing, possibly something dangerous/real/important, and physically respond to our not-real security test.
Are these bot comments? Looks like a simple contractual misunderstanding, probably exasperated by a bureaucratic communication issue of some sort. I'm sure we'll discover that coalfire had ducks in a row and Iowa didn't know what they bought. Nobody communicated it and here we are.