Privacy and cybersecurity go hand and hand. Therefore, it is imperative that policy makers on the local, state, and federal level adopt policies and enforce practices that promote these principles. This is especially important due to the increased amount of data that governments are collecting.
During the past decade, law enforcement agencies around the world have begun to implement police body cameras to assist in evidence gathering, transparency, and accountability. In the United States, several incidents during the past year have prompted local police departments to test and begin utilizing body cameras. While this technology brings great promise it also creates new privacy and cyber security challenges.
To help alleviate these concerns, the International Association of Chiefs of Police (IACP) recently published their "Guiding Principles on Cloud Computing in Law Enforcement". These principles are much needed because as more digital video evidence is created by law enforcement, the proper safeguards must be in place to ensure that the data is stored in an appropriate manner for the legal justice system.
The IACP's principles state:
1) FBI CJIS Security Policy
Compliance – Services
provided by a cloud service
provider must comply with the requirements of the Criminal
Justice Information Services (CJIS) Security Policy (current
version 5.3, dated August 4, 2014), as it may be amended.
2) All Data Storage Systems
Should Meet the Highest Common
Denominator of Security.
3) Data Storage Technology Can Be Disaggregated From Collection.
4) Data Ownership-Law enforcement agencies should ensure that they retain ownership of all data.
5) Impermissibility of data mining-Law enforcement agencies should ensure that the cloud service provider does not mine or otherwise process or analyze data for any purpose not explicitly authorized by the law enforcement agency.
6) Auditing - Upon request, or at regularly scheduled intervals mutually agreed, the cloud service provider should conduct, or allow the law enforcement agency to conduct audits of the cloud service provider's performance, use, access, and compliance with the terms of any agreement.
7) Portability and interoperability - The cloud service provider should ensure that that CJI maintained by the providers is portable to other systems and interoperable with other operating systems to an extent that does not compromise the security and integrity of the data.
8) Integrity - The cloud service provider must maintain the physical or logical integrity of CJI.
9) Survivability - The terms of any agreement with cloud service providers should recognize potential changes in business structure, operations, and/or organization of the cloud service provider, and ensure continuity of operations and the security, confidentiality, integrity, access and utility of the data.
10) Confidentiality - The cloud service provider should ensure the confidentiality of CJI it maintains on behalf of a law enforcement agency.
11) Availability, Reliability, and Performance - The cloud service provider must ensure that CJI will be available to the law enforcement agency when it is required within agreed performance metrics.
12) Cost - Law enforcement agencies should focus cloud acquisition decisions on the Total Cost of Ownership model.
The recent multiple hacks into the federal government's networks have demonstrated the importance of updating and implementing the proper digital policies and technologies. With access comes responsibility. It is imperative that law enforcement agencies that utilize bodyworn cameras and other digital data collection technologies follow these principles to protect law enforcement agencies, the general public, and the criminal justice system. The IACP's cloud computing principles will help ensure that justice stays blind in the age of police body cameras.
Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.
No comments:
Post a Comment