Opinion: Privacy could be the victim if police body cameras aren't more hack-proof
The Obama administration's push to outfit police officers with body cameras needs to be accompanied by strong standards to ensure those video systems are secure.
President Obama's request that Congress spend $75 million to outfit police with body cameras after the Michael Brown shooting reflected a consensus that the technology will provide a clear record of interaction between the public and law enforcement.
But while civil rights and police groups agree that video can protect citizens and officers, the security within these systems needs to be addressed long before some 50,000 police strap cameras to their uniforms.
After all, the information collected on video will be incredibly sensitive, and the impact of a hacker accessing this data could be extraordinary. Imagine a hacker who edits the data to change the identity of an assailant or leaks the footage of a victim immediately following a violent crime. The concern is not speculative – at least one white hat hacker has shown he can break into a police video system and criminals have demonstrated the ability to penetrate police department networks.
While the cameras themselves are relatively cheap and easy to use, one of the biggest challenges will be properly managing the technology and the massive trove of video being collected.
Legal requirements and privacy concerns complicate implementation of camera programs while the volumes of data they generate threaten to overwhelm the limited IT resources often available to local and state law enforcement agencies. What's more, data from body cameras adds to the myriad dash-cameras and other video systems that local police already manage.
Departments in cities such as Washington, New York, and Los Angeles already have pilot body-camera programs. But they are a minority. In 2013, only 25 percent of departments in a Police Executive Research Forum survey indicated they were using body-worn cameras.
Concern about the cost of these systems is already rising. Chief Hassan Aden of the Greenville Police Department described data storage costs as potentially “devastating,” while Captain Thomas Roberts of the Las Vegas Metropolitan Police Department warned that the “storing [of] videos over the long term is an ongoing, extreme cost that agencies have to anticipate.”
As a result, many departments have turned to cloud computing solutions to meet their video data storage needs. Cloud technology is more adaptable to the storage needs of body camera data. But, its very nature presents security risks. As many companies, celebrities, and average citizens have found, “the cloud” isn’t always a particularly secure place to store data.
While these threats are real, the law enforcement community already has security standards designed to protect highly sensitive data collected by law enforcement. These standards are issued by the FBI through its Criminal Justice Information Services (CJIS) Security Policy and are designed to secure sensitive federal criminal justice information by providing law enforcement with a state-of-the-art security standard for sensitive categories of data, like body-worn camera video.
The policy includes guidance on important issues, including access control, data security, data mining, information sharing, and accountability. While these rules do not apply to all law enforcement video data, local and state law enforcement agencies can protect their constituents by implementing cloud-storage solutions that adhere to the high standards of the FBI’s policy.
While nothing can ensure absolute security in the cloud, the CJIS standards offer law enforcement an ideal starting point as they begin to implement cloud storage for body-worn cameras.
The camera is no panacea for improving fraught relations between the public and police after the death of Mr. Brown and Eric Garner. But without incorporating security standards at the beginning, a security breach or hack could harm the body camera initiative before it has a chance to prove its effectiveness.
Paul Rosenzweig previously served as deputy assistant secretary for policy at the Department of Homeland Security. He is currently a senior adviser to The Chertoff Group, a global security advisory firm that advises clients on information security including cloud computing.