Camera-Based Evidence Control
Written by Ted Hayduk   

YOUR AGENCY HAS INVESTED IN CAMERAS—whether body-worn, dash, or even fixed surveillance—but do you have the technological experience to properly manage the evidence that comes from that investment?

Many small- to medium-sized law enforcement organizations may feel they lack the professional IT resources to create an evidence management and governance system that makes the best use of that information. These organizations often rely on cloud-based solutions, assuming that a third party can handle government compliance issues at a reasonable cost.

For some agencies, that may be an option. It’s important to remember, though, that turning your camera-based data and evidence over to a cloud provider may not be enough to create an evidence system that’s secure and affordable. A better option might be “platform agnostic” (neither cloud nor on-premises, but a hybrid of both) to keep camera data under your control, and to avoid contract expenses that might not be immediately apparent.

Cloud Considerations

The overwhelming majority of agencies lack the IT capability to take full advantage of the cloud. Consider that agencies with fewer than 100 officers comprise approximately 94% of the market place. A typical 100-officer agency often does not have a dedicated IT person on staff; if they do, that person may feel they don’t have the time to manage camera-based data.

It’s not surprising that such agencies may turn to the cloud, especially if cloud providers are certified as compliant with Criminal Justice Information System (CJIS) guidelines from the Department of Justice.

CJIS guidelines do indicate that third parties can be used for some data governance and other functions. However, use of third parties does not reduce or eliminate an agency’s constitutional requirements to maintain and protect information.

A CJIS-compliant cloud offering designation is not sufficient. The regulations make it the agency's responsibility to ensure that the vendor is complying with requirements. The Department of Justice audits agencies, looking at procedures, policies, and capabilities. Penalties to agencies can be substantial, reaching $1 million or more when consent decrees are levied by the Department of Justice for out-of-compliance organizations.

If you lack the experience to manage a relationship with a cloud provider, it can directly affect your ability to execute data governance properly. Of course, some states pre-negotiate terms and conditions with cloud providers, and agencies can piggyback on those agreements. But that is the minority of agreements typically seen in the marketplace.

If you choose to use a cloud offering, here are a few tips to keep in mind:

• When was the last time you had an audit?

Data governance is often outside of the realm of expertise for smaller agencies. You need to know and qualify the systems administration process and personnel for your provider, along with security protocols.

Be prepared at any moment to provide an audit review of procedures, people, and capabilities. That type of audit may actually be easier to prepare for if you use an on-premises storage solution, where you develop, document and maintain your own procedures.

• Do you know all of the lifecycle costs related to your cloud-based solution?

Additional costs may not be readily apparent in cloud services contracts.

Don't assume that an agreement to store the data also includes the cost to view the data as needed. It may cost, for example, five cents per gigabyte per month to store data in the cloud—but it may cost 10 cents every time you want to look at it.

It’s incumbent on agencies themselves to understand what the true lifecycle cost of cloud storage may be—and whether there are any increases that may show up in successive years.

In fact, cloud storage can be considerably more expensive than securing on-premises capabilities and providing training to maintain the evidence from your cameras.

• What happens if you want to leave your cloud provider?

You need an independent methodology to understand how you will be able to get your data from the solution provider if you decide to terminate your agreement. Under many agreements, bulk downloading is the only alternative. That can be costly, and if you opt to end your relationship quickly, it may require more bandwidth than you have readily available.

Also, under some agreements, images stored in the cloud may become the property of the provider. Obviously, that should be avoided. Vendors should not be able to withhold technology required for the recording and management of your own images.

Make sure that your contract includes a provision to access vendor software to control and manage your camera-generated evidence.

• Do you understand your security risks?

Many agencies may not fully understand what security means in the cloud. It’s not likely that an organization will have a breach with a provider, but it is possible.

Management of physical evidence is almost never outsourced. It is typically handled by a sworn officer and contained in the building under specific security parameters to ensure best controls.

Why should video evidence be any different? Do you really want to keep it exclusively in the cloud?

Agencies should look for alternatives that are affordable and keep evidence in-house, under direct control, and supported by people who are vetted with controlled access.

Such a solution may include a software architecture and integrated hardware platform, allowing everything to be run under a manageable and isolated footprint on-premises. It should provide a common repository of camera-based evidence, including fixed surveillance information.

The IT staffing demands for a hybrid system are actually quite manageable, because of the upfront training and continuous maintenance and support available from providers. Over time, it may offer better continuity of operations than may be available from an exclusively cloud-based solution.

The cloud has its place in law enforcement and evidence management. But unless your organization has ample experience in managing cloud vendor contracts, your best bet might not be to rely solely on the cloud. A hybrid system, comprising the best of on-premises storage with cloud backup, can give you the most flexibility with your data, ensure regulatory compliance, and keep costs under control.

About the Author

Ted Hayduk is a global consulting solution architect specializing in video surveillance and intelligent video analytics architectures. He provides solution architecture and systems design for the worldwide Netapp team, its partners and clients.

This article appeared in the Summer 2018 issue of Evidence Technology Magazine.

< Prev   Next >

New Books

Bloodstain Pattern Analysis

Most forensic disciplines attempt to determine the “who” of a crime. But bloodstain pattern analysis focuses on the “what happened” part of a crime. This book is the third edition of Blood-stain Pattern Analysis. The authors explore the topic in depth, explaining what it is, how it is used, and the practical methodologies that are employed to achieve defensible results. It offers practical, common-sense advice and tips for both novices and professionals.