Security fears arise over body-worn plodcam footage

'But is it secure?' experts ask, as forces prepare to sign contracts worth millions

British Transport Police cop. Pic: Gordon Joly

Fears have been raised over the security of information from the new police bodycam recordings held in the public cloud by US company Taser.

Many police forces are increasingly opting for body-worn video as a way to increase transparency and evidence gathering. The Metropolitan Police had been trialling 1,000 Taser cameras. It has since committed to buying 30,000 over the next year, but has not yet confirmed a supplier.

Helge Janicke, a cyber-security expert at De Montfort University, said: "Police being bad at security does not necessarily mean they should give the data away. Whenever data is held by a company subject to another jurisdiction, the ability to hold that entity to account is limited."

He continued: "The argument is that the customer still has control of the data. While that is true, the point is they may not have exclusive control. The people who are maintaining, processing and backing up that data may also have access to it."

He said that in the public cloud environment, the devices the information is distributed to also need to be secured.

The comments follow an investigation by Sky News into the the use of body-worn police cameras sold by US firm Taser, which connect to privately owned servers.

Three police forces told Sky they had security concerns over their storage of highly sensitive crime videos on computers owned by a private company.

The Metropolitan Police said it planned to move to using its own computers, after cyber-security experts told Sky News the safety of the system cannot be guaranteed.

Mike Penning, Minister for Policing, Crime and Criminal Justice ,said in a statement: "The operational usage, testing and procurement of police equipment is a matter for Chief Officers and PCCs [Police and Crime Commissioners]."

A spokeswoman said any data collected during the use of police equipment must adhere to clear requirements set out under the Data Protection Act (DPA) for the processing of personal data, ensuring privacy is respected. ®


Biting the hand that feeds IT © 1998–2017