Video surveillance and the rise of body-worn cameras have drawn attention to the many ways government creates records about its citizens. This growing volume of data – and concerns regarding its storage and use – has not gone unnoticed by law enforcement agencies and officials at the highest levels of the government. In March, the Obama administration released areport from the President's Task Force on 21st Century Policing. The report calls attention to the increased use of body-worn cameras and the associated privacy concerns. The report comes as the administration and Washington are focused on cybersecurity and the challenges and opportunities associated with the vast troves of data collected by government and technology companies alike.

However, neither the president's report nor the conversation in Washington have honed in on the need for law enforcement agencies to improve their ability to safeguard citizens' privacy and provide security for video data. Today, police body-worn camera programs are being rolled out across the country. The Washington Post recently reported that the Justice Department plans to spend $20 million on police body cameras nationwide. While video surveillance helps law enforcement to protect citizens, it's important to understand that video data also creates risks to citizens' privacy that we must address. This involves taking a look at the existing protocols and identifying new measures that need to be implemented.

The International Association of Chiefs of Police (IACP) is doing exactly that.

Video Surveillance and the Cloud: Opportunities and Challenges

The collection and analysis of video data has become the norm. However, storing sensitive information is currently regulated by outdated security standards—or by no standards at all—that do not offer the necessary protections to prevent hackers or bad actors. Law enforcement, led by the IACP, is addressing this issue head-on with its recently released guidance on video data and cloud computing. The guidelines focus on law enforcement's operational needs and, most importantly, ensure the security of systems and video data.

As the updated guidelines state: "Recent calls for the expansion of data collection by law enforcement officers through, for example, the use of body-worn cameras and other sensor devices, only serve to reemphasize the need for clearly articulated policies regarding cloud-based data storage."

As the volume of video surveillance data stored by law enforcement grows, it is imperative that agencies establish the necessary legal and compliance framework for the storage and sharing of highly sensitive video data, including full compliance with the FBI's Criminal Justice Information Services (CJIS) security policy. Complying with CJIS standards provides an added layer of security to support the processes already in place, such as routine audits and vigilant background checks for data center employees. Moving forward, IACP's updated guidelines are particularly important given the risk of rogue insiders, as evidenced by actors such as Edward Snowden.

Hacking, unauthorized access, or even the misuse of video data has staggering implications for the privacy and safety of victims, perpetrators and law enforcement officials. At a local level, there have been instances of unauthorized access. For example, the city of Redlands, California had its city-wide surveillance system accessed and compromised through an unsecured wireless network. The use of video surveillance, while deemed necessary, must not jeopardize citizens' privacy.

A Look at FedRAMP, NIEM, and Video Surveillance

Law enforcement and the IACP understand the need to address these concerns, and the recently released IACP guidance helps drive the debate on the need to address privacy and data security concerns at all levels of law enforcement by addressing the shortcomings of security policies today. While existing security policies have established a set of standards within silos of the federal government, there is still a need to safeguard sensitive information stored and shared across agencies via the cloud.

To that end, two existing frameworks should look to incorporate IACP's new video data guidelines. This includes:

·National Information Exchange Model (NIEM): A framework voluntarily used by all 50 states and many federal agencies that establishes a common language and set of rules to govern information exchange; and

·Federal Risk Authorization and Management Program (FedRAMP): A program that provides a standard approach to securing cloud computing.

NIEM and FedRAMP can serve as the much-needed platform to implement necessary changes across the government. The adoption of the IACP's guidance on video data by these institutional actors would establish the necessary protections for the sharing and use of video data across federal agencies and states.

A Call to Action

The Obama administration fully understands the ubiquity of big data and the risks and rewards. And since all signs point toward the increased use of video surveillance and analysis, this may need to be the focus of the administration's next report on 21stCentury Policing. Ultimately, the adoption of the updated IACP guidelines by NIEM and FedRAMP would provide important safeguards to bolster law enforcement agencies' security, protect citizens' privacy, and mitigate the risks associated with video data.

News Source: 

Karen Evans, U.S. Cyber Challenge, 19 June 19 2015, Federal Times, http://www.federaltimes.com/story/government/management/blog/2015/06/18/privacy-video-security-karen-evans/28927531/Karen S. Evans is national director of the U.S. Cyber Challenge, a nationwide talent search and skills development program focused specifically on the cyber workforce. She served as administrator for e-government and IT at the Office of Management and Budget under President George W. Bush