Securing video surveillance data: A three step approach
The possibility of governments collecting and analyzing personal data changed dramatically after the enactment of The Patriot Act in 2001. The public outcry following WikiLeaks and the NSA PRISM program has kept controversial data collection methods in the headlines over the past few years. The legality of this type of data collection is still in question.
Protecting private data becomes particularly complex when considering the numerous regional, state, and local law enforcement agencies that collect, manage, and share surveillance data in a distributed fashion. This dispersed approach creates more points of vulnerability for malicious actors to access data. With these challenges in mind, there is a need to outline actions that government entities should take to better manage and protect large amounts of personal data and maximize security.
The Security issues at play today
While the increased use of video surveillance systems may aid the law enforcement community in reducing crime, it also creates mass amounts of data for them to manage, store and secure. The city of Redlands, California, for example, recently learned this the hard way, after discovering that unauthorized individuals were accessing the live feed from its 140-camera city surveillance system through unsecured wireless network nodes.
With new crime deterrent methods comes greater responsibility. And as public safety organizations justify the use of more advanced and potentially invasive technologies, they must also ensure they are adequately protected.
CJIS & managing video surveillance: A three step approach
Last month, the FBI updated the Federal Criminal Justice Information Services Security Policy (CJIS), which prescribes methods to keep data creation, collection, transmission, storage, and destruction to establish a standard level of data protection among all governmental bodies.
State and local law enforcement agencies should build on CJIS standards and incorporate three additional measures to improve security when managing its video surveillance data.
Implementing these three measures, in concert, will maximize the security of storing that data:
- First, law enforcement bodies must store these large amounts of data in a safe and secure cloud environment. Cloud storage allows agencies to better secure data by minimizing points of vulnerability and deploying end-to-end solutions to protect and monitor the network. The cloud will also accommodate the need to store vast amounts of data.
- Second, law enforcement agencies should transition to a “thin client” construct for employees’ computing needs. A thin client is a computer terminal that runs off a central server and does not maintain its own software, decreasing the chance of an unwanted incursion, preventing data from being saved to any location other than the server, and improving data privacy because no data is stored on the client itself. Similar to the way divisions of the United States Marine Corps have implemented a thin client approach to enhance information security, police departments can create a virtual barrier between sensitive data and individuals who are not authorized to access it. Thin clients can also reduce the opportunity for employees to access images and distribute footage inappropriately.
- Third, law enforcement agencies should consider using an encrypted solution that can be decrypted with the use of multiple keys held by independent authorities, such as a law enforcement agencies or the courts. Bryan Ford and Joan Feigenbaum of Yale University recently proposed a technologically feasible solution that relies on modern cryptography to protect the security and privacy of data collected by police departments and federal agencies. Although their approach emphasizes the privacy protection provided by encryption technology, the security of data is also improved by following their model.
The questions of appropriate data collection methods are unlikely to be resolved in the short term. In the meantime, however, law enforcement agencies can fulfill their responsibility to protect the data they manage and store in the name of public safety and all of us they serve.
Julie M. Anderson is the managing director of the Civitas Group and an expert at SafeGov.org, an online IT forum dedicated to promoting trusted and responsible cloud computing solutions for the public sector.