January 4, 2015
Digital Forensic & InfoSec Implications in Police Body Cams
As has been detailed ad infinitum in previous articles, Pro
Digital Consulting Owner and the primary Author of this blog is a former law enforcement
veteran of 15 years. The experience
gained in this amount of time spans the realms of campus policing, community
policing, school safety, patrol, supervision, narcotics, high tech and major
criminal investigations (not to mention digital forensics). With all the recent conversations in current
events calling for police officers everywhere to wear body cameras in the spirit
of “accountability”, it seems prudent to detail a few important implications of
these proposals that directly relate to digital forensics. Some of the implications will be mentioned,
but not in detail. Others will be more
thoroughly examined as they have a direct relation to modern technology and
digital forensics.
Some of the obvious issues with regard to equipping the police
with body cams are cost and policy. Any
major program within an agency requires these considerations 1) is the cost
worth the benefit to the customer or, in this case, the citizens (who are also
paying for it) and 2) what policies and procedures should be implemented for their
use? These considerations are more
applicable to an article targeted toward police administrators and won’t be
detailed much further here, only to say we realize these two major hurdles with
regard to program implementation.
But after the program is implemented and the body cams are
issued to individual officers, how to we maintain tight controls on that
data? How much access do individual
officers have to their own videos and what, if any, best practices for
preservation and evidence-handling are in place to ensure authenticity of the
video footage and associated data? Many
of these are secondary concerns, but very important nonetheless.
Background
It bears mentioning that videotaping of the police is not a
new phenomenon. For years, we’ve watched
police car dashboard camera footage of traffic stops, DUI field sobriety tests
and critical incidents involving the police.
When they were first implemented, the technology was little more than a
camera mounted in the front of the vehicle with a VHS VCR in the trunk. Many agencies held policies that maintained
tight control over the videos and only supervisors and/or investigators could
access the tapes. They were activated
when an officer turned on his emergency lights and the video stopped when the
lights were turned off. There were/are
manual controls for the officer to activate the cameras as well.
As time and technology progressed, the videotaping methods
included DVD recording and finally with the emergence of various current
technologies, they are now phasing in hard disk or solid-state digital video
recording in police vehicles, which would undoubtedly be the same form of
recording utilized on wearable police cameras.
In case you’re wondering where all of the police dash camera
videos came from, many times media outlets file Freedom of Information Act
(FOIA) requests to obtain the videos and, depending on the jurisdiction, their
resources and the circumstances of the particular video, the media would obtain
the videos with little or no trouble.
Body Cam Utilization as Evidence
It could be argued that virtually everything a police
officer does on-duty (and sometimes off-duty) is of some sort of evidentiary
value. From the simplest traffic stop
all the way up to responding to a homicide or active shooter. That being said, it makes the potential use
of police body cams an intriguing legal issue.
No doubt, the camera footage can be used as evidence in a formal
investigation, but at what point does the call for accountability turn into “big
brother” keeping an eye on our public servants?
If much of what the police do at work is of some sort of
evidentiary value, it therefore follows that the video footage should be
treated the same way as any other evidence.
However, it’s been long-held as a matter of best practices in evidence
handling that a police officer should not carry around evidence with him while
on-duty for any longer than is absolutely necessary. Indeed, many agencies prohibit an officer from
proceeding to the next assignment before properly securing any evidence they
may have from their current assignment. This
unique circumstance of digital video evidence potentially being collected
possibly thousands of times a day brings up some very interesting questions…
Evidence Data Storage & Retention
One of the biggest problems we’ve encountered in the past
with regard to setting up and operating a digital forensic lab is data
storage. While stand-alone hard drives
are getting cheaper by the day, mass storage in the form of servers are still
very expensive. Video files are not
small and not very compressible, so where will all this digital video evidence
be stored? Who will have access to
it? And how long will the data be
retained? In theory, a citizen could
make a complaint upon an officer from an encounter months or even years prior,
so what is the “standard” by which we will dictate how long to retain this
evidence? Evidence also normally requires
a court order for destruction. Will a
court order be issued every time a digital video file is destroyed, wiped or
over-written? These are all very
important considerations that don’t get much play in politics or media.
Evidence Data Security
Whether or not you’re aware, local and state governments are
probably one of the biggest warehouses of personal data, beyond medical care facilities
and banks. Every time an officer has an encounter
with a citizen and checks their driver’s license information or uses their
name, date of birth or social security number in a police report, that data is
stored in databases at the local level and many times is uploaded to other databases
for access by other agencies in subsequent investigations. With the ever-present data security issues
permeating virtually all of our daily lives, it begs the question exactly how
secure some of these local and state databases of personal information may
be. The implementation of a police body
cam program adds another layer to that security concern because now, not only is
a citizen’s personal information recorded in text format within the local
and/or state system, but that information is also now part of a video file
which necessitates additional information security measures. Granted, each file may only have a handful of
personal data, but most hackers steal data in bulk, and not only would that
potentially compromise personal information, but potentially privileged information
about criminal investigations, including those involving juveniles. The bottom line is, the police deal with very
sensitive matters on a daily basis and the spoliation of that data would not be
measured by simply issuing the concerned parties a new debit card, as we have
seen when retail outlets get hacked. The
potential damage of this type of data being leaked could be much more costly,
both to the citizens involved and to the governments in the form of subsequent
civil or criminal legal action.
Data Validation & Authenticity
One final point about the use of police body cameras is one
that is a tried and true practice in digital forensics when analyzing data of
evidentiary value – validation and authentication of the evidentiary data. With every digital forensic case that may be
involved in some sort of legal action, one of the early steps a trained
examiner takes is to validate and authenticate the data as original. It’s one of the steps that helps us avoid
questions later on in legal proceedings.
It begs the question: how do we validate the data stored on a police
body camera? How do we know the data wasn’t
altered or the tape wasn’t cut-off or trimmed in some fashion? Who has had access to it before any type of
digital forensic exam or validation attempt?
The best way to ensure data authenticity in this practice is to have a
trained digital forensic expert not only oversee the acquisition of the data
when it is to be turned over, but immediately create an evidentiary, read-only data
file of the video, analogous to a photo negative. The file should be verified by hash value (a.k.a: digital fingerprint) that can then be documented and used for later validation,
should the video be needed in a later formal proceeding. As stated earlier, incorporating this best
practice of digital forensics would go a long way to avoiding questions later
on down the road.
Conclusions
Considerations such as these should most definitely be
explored and settled before implementation of a body camera program, not when
an issue arises requiring any of the above-mentioned. So while the use of police body cameras may
sound good in theory, the implications go far beyond simple cost and acceptable
use policy. And while these
considerations may only be a few of many, they already have added implications
insofar as cost, procedure and manpower that many agencies may not be equipped
to bear. It helps to think critically and
thoroughly about these programs prior to implementation. Only then can we take a huge step toward not
only doing the right thing, but doing the right thing correctly.
Author:
Patrick J.
Siewert
Owner, Lead
Forensic Examiner
Professional
Digital Forensic Consulting, LLC
Based in
Richmond, Virginia
Available
Globally
