Data security is the next evolution of public safety debate

President Barack Obama recommitted to improving public safety and reducing crime with his recent executive actions on gun control. Increasingly, Americans are worried about crime because of recent high-profile mass shootings and incidents of police abuse.

These public policy challenges are unlikely to disappear any time before the 2016 election. Typically, presidential candidates focus on the physical safety of Americans when they debate crime and the role of police, but this emphasis is no longer...

READ MORE

President Barack Obama recommitted to improving public safety and reducing crime with his recent executive actions on gun control. Increasingly, Americans are worried about crime because of recent high-profile mass shootings and incidents of police abuse.

These public policy challenges are unlikely to disappear any time before the 2016 election. Typically, presidential candidates focus on the physical safety of Americans when they debate crime and the role of police, but this emphasis is no longer sufficient in the 21st century.

Today, law enforcement agencies look to technologies, such as body-worn cameras, to reduce crime. However, while body-worn cameras provide public safety benefits, they also create a new type of public safety challenge: data security.

Julie Anderson is principal at AG Strategy Group.
Julie Anderson is principal at AG Strategy Group.

Although the overall rate of violent crime has declined tremendously in the past 25 years, Americans perceive the opposite trend. This unease, paired with recent attention to police misconduct, has shaped the national dialogue. As the nation learned of alleged police misconduct in such cities as Baltimore, Chicago and Cleveland, policymakers and community leaders demanded increased transparency, pointing to police body-worn cameras as a means to prevent future incidents. In recent years, local officials in San Diego; Topeka, Kansas; Houston and Washington, D.C. have decided to outfit police officers with the technology. And President Obama made more federal resources available to law enforcement agencies to help defray the costs of deploying body-worn cameras.

Law enforcement agencies that use body-worn cameras increase the stakes for communities using this technology with regards to storage and privacy.

  • First, law enforcement agencies using body-worn cameras must deal with storing and managing vast amounts of data collected by the devices, which is increasingly stored in the cloud. To put this in context, the Seattle Police Department alone produced more than 360 terabytes of data from dashboard cameras since its program’s inception.
  • Second, citizens and police officers remain concerned about their personal privacy when recorded by cameras not protected from leaks or hacks. A hacker can easily penetrate an unsophisticated cloud-based storage system to access sensitive law enforcement data. This risk is particularly concerning when footage includes victims of domestic violence or child abuse.

For these reasons, law enforcement must secure the video surveillance data using the highest standards available.

Recently, a group of law enforcement stakeholders discussed creating and managing body-worn camera programs that ensure data security and protect privacy for all those affected. Participants from International Association of Chiefs of Police, the National District Attorneys Association, American Civil Liberties Union and other law enforcement groups examined how standards and best practices can be implemented to balance privacy and security when deploying body-worn cameras. Their participation made it clear that we need a consensus on the policy that will most strongly protect the critical information that these cameras will gather daily.

Fortunately, the FBI created a new Criminal Justice Information System (CJIS) security policy that addresses the challenge of securing law enforcement video surveillance data. This policy prescribes methods of data collection, transmission, storage and destruction, providing a standard level of data protection for all criminal justice information.

The International Association of Chiefs of Police (IACP) also issued guidance about how these standards apply to cloud-based technology used by state and local police departments. The standards are designed to protect the security of criminal justice information in cloud systems. Under the guidelines, all levels of law enforcement are required to protect information held in the cloud such as fingerprints and facial recognition data. Police departments that use CJIS-compliant cloud technology — whether provided by the FBI or a private vendor — will take an important step in minimizing the risk of keeping video data safe.

For almost 20 years, all law enforcement agencies that want access to FBI data must comply with the CJIS security policy. Similarly, as police departments turn to using cloud-based technology to store data, cloud service providers will also need to comply with CJIS. The recent updates to CJIS security policy are intended to help state and local law enforcement ensure CJIS compliance when using the cloud.

Contrary to what many experts believe, encryption alone is not the answer. In reality, many police departments rely on automated software that cannot process encrypted data to manage body-worn camera video. Police departments that use CJIS-compliant cloud technology — whether provided by the FBI or a private vendor — will take an important step toward minimizing the risk of keeping that video data safe and usable.

Law enforcement agencies today shoulder a greater responsibility to get it right when deploying body-worn cameras. They face high expectations regarding transparency and even higher stakes when it comes to protecting Americans’ privacy. The next president’s administration must be prepared to meet expectations of both physical and data security, and the CJIS security policy is an important first step for our new leadership to address Americans’ privacy and security concerns.

Julie Anderson is an expert in the management of government and organizational transformation. Prior to forming AG Strategy Group, she was managing director of the Civitas Group. Before that, she served as the acting assistant secretary for policy and planning and deputy assistant secretary for planning and evaluation at the Department of Veterans Affairs in the Obama administration.