“Bad boys, bad boys, whatcha gonna do?” In 1989, the TV show COPS made its debut with a unique concept: have a camera crew follow around police officers as they take down thieves, drug dealers, and other criminals. Fast-forward nearly 30 years, and today approximately 95% of large police departments are using body-worn cameras (BWCs) or have committed to using them soon to record police officers’ day-to-day activities. While these innovative devices are improving police and community relations, even resulting in a 90% decrease in citizen’s “use of force” complaints, they’ve also created a mountain of seemingly unmanageable surveillance footage. Now, the question facing law enforcement agencies is, how is body camera footage stored?
Police Body-Worn Camera Usage Soars
Today, 34 states and the District of Columbia have created police camera laws, and they continue to be a focus of state lawmakers who are increasing funding through state and federal grants. That’s not all. Lawmakers now want recordings to be on high-definition video to enhance clarity, and protect officers from false accusations of misconduct. They also want to implement minimum retention time for BWC, dash cam, and static surveillance video (in Texas, for example, police camera video must be retained for at least 90 days). That’s a lot of video, requiring a lot of storage space. Think about it: with dash cams alone, police were dealing with terabytes of data; add BWC footage into the mix, and now they’re forced to manage petabytes.
Cloud Computing in Law Enforcement
Along with the influx of new video footage, agencies also need to store police reports, photographs, crime mapping, analytics, fingerprints, and other classified and sensitive information. To manage all this data, law enforcement agencies are increasingly turning to cloud computing. Most clouds are highly scalable, and able to increase storage capacity with the flip of a switch to accommodate increasing data needs. But when moving to the cloud, organizations need to keep in mind security and compliance laws and regulations that they are bound to.
Cloud Computing Laws and Regulations
The International Association of Chiefs of Police (IACP) has set up some Guiding Principles on Cloud Computing in Law Enforcement. Think of them as a CJIS checklist; most are pretty straightforward, and we’ve simplified many below (you can view the IACP’s more in-depth guidelines here).
1. FBI CJIS cloud compliance must be met.
Cloud providers must comply with the requirements of the Criminal Justice Information Service (CJIS) Security Policy and acknowledge that the policy places restrictions and limitations on the access, use, storage, and dissemination of CJI and must comply with them.
2. All data storage systems must meet the highest common denominator of security.
With the increase of locally-collected data such as body-worn cameras, law enforcement agencies should store all collected data at the highest level of security (often the FBI CJIS standard).
3. Data ownership and data mining.
Almost all cloud service providers specify that the client owns the data, but the IACP requires it in writing—along with the procedure for migrating data to another service, or back to in-house servers (this is known as cloud repatriation). The IACO also advises agencies to make it clear that data is off limits for any data mining or ancillary operations of that cloud provider.
Cloud service providers must allow law enforcement agencies to conduct audits of performance, use, access, and compliance.
Providers must maintain physical or logical integrity of CJI by separating law enforcement agency storage and services from other customers.
6. Availability, Reliability, and Performance.
The degree to which the cloud service provider is required to ensure availability and the performance of data and services is dependent on the criticality of the service provided. For some services, such as the retrieval of archived data or email, lower levels of availability may be acceptable, but for more critical services like Computer-Aided Dispatch, levels of 99.9% or greater are required.
Security and CJIS Compliance on the G-Cloud
The cloud offers a whole new way for law enforcement agencies to securely store valuable footage and files while remaining CJIS compliant and following IACP guidelines. DSM works with state and local organizations and can help you make a seamless move to the cloud. Our G-Cloud is the first—and only—Florida-based virtual private cloud solution designed for national, state, regional, and local government agencies. We ensure strict security protocols, 99.99%+ uptime, and a complete compliance package; meeting the requirements of CJIS, HIPAA, PCI, SOC, and SSAE16. Contact DSM today to learn more about G-Cloud—now available through the GSA contract!