Sunday, January 4, 2015

Digital Forensic & Information Security Considerations in Police Body Cams



January 4, 2015

Digital Forensic & InfoSec Implications in Police Body Cams

As has been detailed ad infinitum in previous articles, Pro Digital Consulting Owner and the primary Author of this blog is a former law enforcement veteran of 15 years.  The experience gained in this amount of time spans the realms of campus policing, community policing, school safety, patrol, supervision, narcotics, high tech and major criminal investigations (not to mention digital forensics).  With all the recent conversations in current events calling for police officers everywhere to wear body cameras in the spirit of “accountability”, it seems prudent to detail a few important implications of these proposals that directly relate to digital forensics.  Some of the implications will be mentioned, but not in detail.  Others will be more thoroughly examined as they have a direct relation to modern technology and digital forensics.

Some of the obvious issues with regard to equipping the police with body cams are cost and policy.  Any major program within an agency requires these considerations 1) is the cost worth the benefit to the customer or, in this case, the citizens (who are also paying for it) and 2) what policies and procedures should be implemented for their use?  These considerations are more applicable to an article targeted toward police administrators and won’t be detailed much further here, only to say we realize these two major hurdles with regard to program implementation.

But after the program is implemented and the body cams are issued to individual officers, how to we maintain tight controls on that data?  How much access do individual officers have to their own videos and what, if any, best practices for preservation and evidence-handling are in place to ensure authenticity of the video footage and associated data?  Many of these are secondary concerns, but very important nonetheless.

Background

It bears mentioning that videotaping of the police is not a new phenomenon.  For years, we’ve watched police car dashboard camera footage of traffic stops, DUI field sobriety tests and critical incidents involving the police.  When they were first implemented, the technology was little more than a camera mounted in the front of the vehicle with a VHS VCR in the trunk.  Many agencies held policies that maintained tight control over the videos and only supervisors and/or investigators could access the tapes.  They were activated when an officer turned on his emergency lights and the video stopped when the lights were turned off.  There were/are manual controls for the officer to activate the cameras as well.
As time and technology progressed, the videotaping methods included DVD recording and finally with the emergence of various current technologies, they are now phasing in hard disk or solid-state digital video recording in police vehicles, which would undoubtedly be the same form of recording utilized on wearable police cameras. 
In case you’re wondering where all of the police dash camera videos came from, many times media outlets file Freedom of Information Act (FOIA) requests to obtain the videos and, depending on the jurisdiction, their resources and the circumstances of the particular video, the media would obtain the videos with little or no trouble.

Body Cam Utilization as Evidence

It could be argued that virtually everything a police officer does on-duty (and sometimes off-duty) is of some sort of evidentiary value.  From the simplest traffic stop all the way up to responding to a homicide or active shooter.  That being said, it makes the potential use of police body cams an intriguing legal issue.  No doubt, the camera footage can be used as evidence in a formal investigation, but at what point does the call for accountability turn into “big brother” keeping an eye on our public servants?
If much of what the police do at work is of some sort of evidentiary value, it therefore follows that the video footage should be treated the same way as any other evidence.  However, it’s been long-held as a matter of best practices in evidence handling that a police officer should not carry around evidence with him while on-duty for any longer than is absolutely necessary.  Indeed, many agencies prohibit an officer from proceeding to the next assignment before properly securing any evidence they may have from their current assignment.  This unique circumstance of digital video evidence potentially being collected possibly thousands of times a day brings up some very interesting questions…

Evidence Data Storage & Retention

One of the biggest problems we’ve encountered in the past with regard to setting up and operating a digital forensic lab is data storage.  While stand-alone hard drives are getting cheaper by the day, mass storage in the form of servers are still very expensive.  Video files are not small and not very compressible, so where will all this digital video evidence be stored?  Who will have access to it?  And how long will the data be retained?   In theory, a citizen could make a complaint upon an officer from an encounter months or even years prior, so what is the “standard” by which we will dictate how long to retain this evidence?  Evidence also normally requires a court order for destruction.  Will a court order be issued every time a digital video file is destroyed, wiped or over-written?  These are all very important considerations that don’t get much play in politics or media.

Evidence Data Security

Whether or not you’re aware, local and state governments are probably one of the biggest warehouses of personal data, beyond medical care facilities and banks.  Every time an officer has an encounter with a citizen and checks their driver’s license information or uses their name, date of birth or social security number in a police report, that data is stored in databases at the local level and many times is uploaded to other databases for access by other agencies in subsequent investigations.  With the ever-present data security issues permeating virtually all of our daily lives, it begs the question exactly how secure some of these local and state databases of personal information may be.  The implementation of a police body cam program adds another layer to that security concern because now, not only is a citizen’s personal information recorded in text format within the local and/or state system, but that information is also now part of a video file which necessitates additional information security measures.  Granted, each file may only have a handful of personal data, but most hackers steal data in bulk, and not only would that potentially compromise personal information, but potentially privileged information about criminal investigations, including those involving juveniles.  The bottom line is, the police deal with very sensitive matters on a daily basis and the spoliation of that data would not be measured by simply issuing the concerned parties a new debit card, as we have seen when retail outlets get hacked.  The potential damage of this type of data being leaked could be much more costly, both to the citizens involved and to the governments in the form of subsequent civil or criminal legal action.

Data Validation & Authenticity

One final point about the use of police body cameras is one that is a tried and true practice in digital forensics when analyzing data of evidentiary value – validation and authentication of the evidentiary data.  With every digital forensic case that may be involved in some sort of legal action, one of the early steps a trained examiner takes is to validate and authenticate the data as original.  It’s one of the steps that helps us avoid questions later on in legal proceedings.  It begs the question: how do we validate the data stored on a police body camera?  How do we know the data wasn’t altered or the tape wasn’t cut-off or trimmed in some fashion?  Who has had access to it before any type of digital forensic exam or validation attempt?  The best way to ensure data authenticity in this practice is to have a trained digital forensic expert not only oversee the acquisition of the data when it is to be turned over, but immediately create an evidentiary, read-only data file of the video, analogous to a photo negative. The file should be verified by hash value (a.k.a: digital fingerprint) that can then be documented and used for later validation, should the video be needed in a later formal proceeding.  As stated earlier, incorporating this best practice of digital forensics would go a long way to avoiding questions later on down the road. 

Conclusions

Considerations such as these should most definitely be explored and settled before implementation of a body camera program, not when an issue arises requiring any of the above-mentioned.  So while the use of police body cameras may sound good in theory, the implications go far beyond simple cost and acceptable use policy.  And while these considerations may only be a few of many, they already have added implications insofar as cost, procedure and manpower that many agencies may not be equipped to bear.  It helps to think critically and thoroughly about these programs prior to implementation.  Only then can we take a huge step toward not only doing the right thing, but doing the right thing correctly.

Author:
Patrick J. Siewert
Owner, Lead Forensic Examiner
Professional Digital Forensic Consulting, LLC
Based in Richmond, Virginia
Available Globally