If, 20 years ago, you’d tried to predict how law enforcement would change over time, it’s unlikely you’d have put ‘managing and storing large amounts of sensitive data’ at the top of your list. And yet modern police departments are having to do just that. Along with hospitals and government agencies, they are continually tasked with taking in massive amounts of data and keeping it secure from hacking, tampering and prying eyes.
Dash Cam video, body worn camera footage and LIDAR data, in particular, are invaluable forms of digital evidence that need to be properly secured. Here are some best practices when it comes to secure storage of digital evidence.
Perhaps the most obvious solution is to encrypt all sensitive data. At the most basic level, this means password-protecting any data storage. However, passwords can be guessed or cracked by brute-force algorithms. Safer still is to use an encryption key reserved for authorized personnel.
Kustom Signals’ products, for example, use 128-bit hash value MD5 functions. This form of encryption breaks data up into chunks of 512-bit blocks, which can’t be read without the appropriate decryption key.
But what exactly should you be encrypting? In essence, everything. Hard drives, external drives including USB sticks, backup drives and cloud storage, the department should consider all the different places their data may be held, and make sure that each one is encrypted.
Cloud storage has come into its own over the past few years, and is being relied on more and more for safe, convenient off-site storage. Some departments are reluctant to store important information on the cloud, as they worry about security. So the question is: just how safe is cloud storage? The answer is far from straightforward, as cloud storage is not a single thing.
There are many cloud storage services, each with their own approach to handling security. So while some are extremely safe, others may be less so. For this reason any cloud storage solution should be researched thoroughly in terms of encryption protocols, backup policies and firewalls before committing.
SOPHISTICATED AUTHENTICATION PROTOCOLS
Authentication can be as simple as a password, but as mentioned above, basic passwords have their drawbacks. Some departments use pass-phrases which are longer than passwords and therefore harder to guess.
Ideally, though, authentication should be even more sophisticated than that. Some departments have invested in bio-identification, such as facial recognition, which is far more difficult to hack. Another, simpler option is to follow multi-factor authentication protocols which double or triple the complexity of hacking the system.
Most police departments are very secure places, which means that physically securing data storage shouldn’t be too difficult with a little forethought. Servers should be in a secure location, and any access points should be locked.
Keeping a low profile is also helpful in keeping servers safe from outsiders. Clearly marked server rooms may act as a target for interference. Physical security should also extend to staff-owned storage devices. Many departments have BYOD policies, standing for ‘Bring Your Own Device’. In some cases departments may restrict or ban the use of personal USB sticks in order to keep all data securely in-house.
Digital evidence is especially important to guard against any kind of tampering. For data to be trusted in the courtroom, there needs to be no doubt that it has not been altered in any way. Data collection devices and management software use metadata, or “data that provides information about other data” in order to show the source of the information, and to show that it has not been altered in any way during its lifespan.
In other words, metadata creates an audit trail that counts as substantive evidence as to the validity of the data, and so having software that can read and verify digital media metadata is crucial.
CHOOSING THE RIGHT MANAGEMENT SOFTWARE
Of course, data can’t just sit in storage forever. At some point it will need to be uploaded, managed and retrieved by back-office software. A key step, then, in keeping information safe is to make sure the department is using an efficient data management software system.
Most departments will need a variety of users to access the data, so having it stored centrally and then accessible from a variety of devices is crucial. These users will also need a range of permissions, as some people will only need to view the data without needing the rights to move or tag it. Still others will need to audit the data, requiring further permissions to see log files.
In terms of managing and storing speed-enforcement video evidence, we strongly recommend ProLog. Not only does ProLog include custom-designed data analysis tools, but the ProLog Standard Client package includes data storage on a centralized storage server.
For bodycam and in-car video, the preferred solution is Eyewitness Data Vault, which is a powerful digital video management solution that automatically and securely manages in-car and other digital assets locally or across a network. The Eyewitness Data Vault can also be used with Hybrid Kloud Storage, which allows users to only store those evidentiary files they need in the cloud, with non-evidentiary files stored on-site.