Police body worn cameras raise security and privacy concerns

Body worn camera CC-BY-SA 2.0 West Midlands Police

Sky has reported that UK police are using body worn cameras from the company Evidence.com, which automatically uploads the footage online. This company is a subsidiary of TASER, makers of the well known electric shock devices. Their piece says that questions have been raised about the safety and security of the footage, with shadow Labour minister for policing, Jack Dromey, asking for reassurances from the Home Secretary.

The criticism has focused on Evidence.com’s use of third party cloud computing, Amazon Web Services. This has led to concerns about the location of the footage, and the possibility that employees of the companies involved could be accessing confidential information.

Looking at their stated security practices, Evidence.com seem to have taken some reasonable basic precautions, such as encrypting the footage during transmission and in storage. Encryption is particularly important in cloud computing, and not just due to concerns about access. The same mechanisms that provide resilience against data loss — e.g. multiple copies combined with the development of more persistent data storage technologies — make it very hard to ensure that data is ever fully deleted.

Destroying the keys to scrambled data would be easier than trying to securely wipe sections of multiple disks scattered around a global network of data centres.

In this context control over the encryption becomes critical, and this system may not be secure enough. Evidence.com’s approach to protecting the footage makes access very difficult for third parties, including Amazon (unless they also store the encryption keys in their systems). But is less clear whether employees of Evidence.com themselves can decode the encrypted footage. Strong end-to-end encryption where only police and their auditors can access the materials should be required.

In addition to these technical issues, there are other questions for Evidence.com. Open Rights Group first learnt about their role in May 2015, and immediately contacted the company asking for information about their legal compliance with data protection. We received a reply from TASER stating that this it was a matter for the police forces involved:

“As you may expect, TASER International Inc as a company and also its international subsidiaries are well aware of the complex and variety of the issues surrounding data safety, data management, data transport and data protection laws.

Due to the fact that TASER does not write these laws, we comply with the highest world class standards of data safety. With regard to data protection, our customers are writing the specs. All we do, is providing software as a service. In other words, Taser works very closely with its customers to comply with local legal requirements and laws.

This being our very clear position, only our customers can answer your question.”

We pressed the issue — without further reply — asking specifically about their compliance with legal requirements for the transfer of personal information to an organisation based outside the EU. This normally requires that the organisation hosting the data can assure that the information will remain protected to a similar level as if it had never left the EU. We received a response from TASER International in the Netherlands, but Evidence.com is based in the US and it is unclear who exactly has received the data. Legal assurances can be achieved through contract clauses, or in the case of US companies, via the “safe harbor” scheme arranged by the US Dept. of Commerce. It appears that Evidence.com may be using Amazon’s EU cloud servers, but in itself this is not enough to provide assurances.

The police statements asking for assurances about the destruction of the data from the pilot — quoted in the article — are quite worrying, as they imply that the police may not have a legally binding agreement for how the data is handled. We expect the Information Commissioner will be looking into this.

The use of CCTV is regulated under the Protection of Freedoms Act 2012. The Surveillance Camera Code of Practice pursuant to the Protection of Freedoms Act 2012 provides operational guidance to public authorities, but is thin on body worn cameras.

The Information Commissioner has also published guidance on CCTV, with a specific section on body worn cameras. This tells police that the footage should be stored “in a way that remains under your sole control”, which may not be the case with TASER.

The use of police body worn cameras is a thorny issue. It could have some positive effects from a civil liberties perspective. Continual recording would mean that all of a police officer’s daily activities would be recorded and they would be fully accountable for their actions. But it would also mean that many members of the public, who are not involved in crimes, would be captured on film and this would be an unnecessary intrusion on their privacy.

If cameras are under the control of the officer, selective recording could lead to accusations that video footage is misleading, has been taken out of context, or deliberately manipulated to secure a conviction.

But constant recording could have perverse effects and remove the ability for police officers to use their discretion. If they were wearing cameras, they might feel obliged to pursue minor infractions, which they might deal with differently otherwise.

A particularly problematic aspect is wearing cameras at demonstrations. This may deter heavy handed dispersal tactics by the police – or provide evidence of them if they occur. But cameras would also give the police a visual record of everyone who attended a particular demonstration. How might that footage be used afterwards? Could facial recognition software be used to identify people to keep a note for future demonstrations or investigations?

Given the appetite for footage of real criminals being arrested, there are also risks of videos being leaked, hacked or shared inappropriately and this would be a severe breach of privacy.