Video surveillance and the rise of body-worn cameras have drawn
attention to the many ways government creates records about its
citizens. This growing volume of data – and concerns regarding its
storage and use – has not gone unnoticed by law enforcement agencies and
officials at the highest levels of the government. In March, the Obama
administration released a report from the President's Task Force on 21st
Century Policing. The report calls attention to the increased use of
body-worn cameras and the associated privacy concerns. The report comes
as the administration and Washington are focused on cybersecurity and
the challenges and opportunities associated with the vast troves of data
collected by government and technology companies alike.
However,
neither the president's report nor the conversation in Washington have
honed in on the need for law enforcement agencies to improve their
ability to safeguard citizens' privacy and provide security for video
data. Today, police body-worn camera programs are being rolled out
across the country. The Washington Post recently reported that the Justice Department plans to spend $20 million on police body cameras nationwide.
While video surveillance helps law enforcement to protect citizens,
it's important to understand that video data also creates risks to
citizens' privacy that we must address. This involves taking a look at
the existing protocols and identifying new measures that need to be
implemented.
The International Association of Chiefs of Police (IACP) is doing exactly that.
Video Surveillance and the Cloud: Opportunities and Challenges
The
collection and analysis of video data has become the norm. However,
storing sensitive information is currently regulated by outdated
security standards—or by no standards at all—that do not offer the
necessary protections to prevent hackers or bad actors. Law enforcement,
led by the IACP, is addressing this issue head-on with its recently
released guidance
on video data and cloud computing. The guidelines focus on law
enforcement's operational needs and, most importantly, ensure the
security of systems and video data.
As the updated
guidelines state: "Recent calls for the expansion of data collection by
law enforcement officers through, for example, the use of body-worn
cameras and other sensor devices, only serve to reemphasize the need for
clearly articulated policies regarding cloud-based data storage."
As
the volume of video surveillance data stored by law enforcement grows,
it is imperative that agencies establish the necessary legal and
compliance framework for the storage and sharing of highly sensitive
video data, including full compliance with the FBI's Criminal Justice
Information Services (CJIS) security policy. Complying with CJIS
standards provides an added layer of security to support the processes
already in place, such as routine audits and vigilant background checks
for data center employees. Moving forward, IACP's updated guidelines are
particularly important given the risk of rogue insiders, as evidenced
by actors such as Edward Snowden.
Hacking,
unauthorized access, or even the misuse of video data has staggering
implications for the privacy and safety of victims, perpetrators and law
enforcement officials. At a local level, there have been instances of
unauthorized access. For example, the city of Redlands, California
had its city-wide surveillance system accessed and compromised through
an unsecured wireless network. The use of video surveillance, while
deemed necessary, must not jeopardize citizens' privacy.
A Look at FedRAMP, NIEM, and Video Surveillance
Law
enforcement and the IACP understand the need to address these concerns,
and the recently released IACP guidance helps drive the debate on the
need to address privacy and data security concerns at all levels of law
enforcement by addressing the shortcomings of security policies today.
While existing security policies have established a set of standards
within silos of the federal government, there is still a need to
safeguard sensitive information stored and shared across agencies via
the cloud.
To that end, two existing frameworks should look to incorporate IACP's new video data guidelines. This includes:
·National Information Exchange Model (NIEM):
A framework voluntarily used by all 50 states and many federal agencies
that establishes a common language and set of rules to govern
information exchange; and
·Federal Risk Authorization and Management Program (FedRAMP): A program that provides a standard approach to securing cloud computing.
NIEM
and FedRAMP can serve as the much-needed platform to implement
necessary changes across the government. The adoption of the IACP's
guidance on video data by these institutional actors would establish the
necessary protections for the sharing and use of video data across
federal agencies and states.
A Call to Action
The
Obama administration fully understands the ubiquity of big data and the
risks and rewards. And since all signs point toward the increased use
of video surveillance and analysis, this may need to be the focus of the
administration's next report on 21st Century Policing.
Ultimately, the adoption of the updated IACP guidelines by NIEM and
FedRAMP would provide important safeguards to bolster law enforcement
agencies' security, protect citizens' privacy, and mitigate the risks
associated with video data.
No comments:
Post a Comment