Julie Anderson is principal of AG Strategy Group.
As the nation debates recent incidents of alleged police misconduct in Baltimore and across the country, one proposed solution is offered repeatedly: equip officers with body-worn cameras. In an important step toward this goal, the Department of Justice announced in early May that the first $20 million of the proposed $75 million in federal funding will be made available through a body-worn camera pilot program. The program will match state funding for 50,000 cameras nationwide. Many cities, such as Topeka, Daytona Beach, and San Diego, have already deployed body-worn cameras. But capturing footage of police interactions with the public isn't enough. Another major challenge facing police departments, beyond financing the programs, is keeping the footage and data safe and secure. With that in mind, local and state authorities should look to recently updated FBI Criminal Justice Information Services (CJIS) policies for guidance on these significant issues.
These body cameras – along with the increase of video surveillance systems – are creating mass amounts of data that agencies need to manage, store and secure. The Seattle Police Department alone produced over 360 terabytes of data from dashboard cameras. And much of the concern about deploying cameras focuses on funding for purchasing and maintaining storage. The police department in Duluth, Minnesota was able to afford the $5,000 purchase price of
In addition to financing these data storage systems, law enforcement agencies have other critical responsibilities when deploying a safe and responsible body-worn camera program. The way data is stored should not be overlooked. With cyber hacking on the rise, law enforcement agencies and citizens should be particularly wary of protecting sensitive video footage from unwanted incursions and bad actors.
For example, in response to calls for increased transparency, the Seattle Police Department created an official YouTube channel to make their footage publicly available. As it currently stands, Washington State's open record laws allow any person to request copies of dashboard camera video footage. A volunteer redacts the footage to protect the privacy of individuals who are recorded in sensitive situations such as interviewing victims or witnesses of a crime. Later findings revealed that an individual in Washington State, operating under the same state disclosure laws, had been uploading non-redacted video footage to his own YouTube channel. While some states are in the process of seeking to exempt police video footage from their corresponding open records acts, is that measure enough to ensure individuals' privacy?
Law enforcement agencies must secure the data more effectively in order to protect the privacy of individuals. Legislatures and city councils should require police departments to address privacy issues at the outset. While safe and secure data storage comes with a cost, it is an investment we need to make. Some authorities are already looking to cloud technology as a way to store the vast amounts of data and we need to continue this momentum to ensure video surveillance data is protected with the utmost cloud security.
The good news is that the FBI has done a lot of work in this area by updating its CJIS guidelines last fall. The policies prescribe methods of data collection, transmission, storage, and destruction to establish a standard level of data protection. The security standards are designed to protect the security of criminal justice information in cloud systems. Under the guidelines, cloud providers are required to protect information such as fingerprints and facial recognition data as it is shared among law enforcement agencies at the federal, state and local levels.
Moving forward, law enforcement should keep these standards top of mind when implementing new body camera programs. Additionally, a new cloud privacy standard established by the International Organization for Standardization, ISO 27018, offers parallels to CJIS. To achieve compliance with the standard, cloud service providers must abide by many of the same requirements to protect Personally Identifiable Information (PII), which includes facial identity. Law enforcement agencies that consider compliance with ISO 27018 as a factor in cloud procurement will have additional assurances that this data is stored with the highest level of privacy protections in place. Police-worn body cameras may be what this nation needs to keep citizens safe, but law enforcement must keep data secure and ensure our personal privacy as well.
