Digital Surveillance: Risk Control or Risk Enabler?

Jennifer A. Kurtz, MBA

Technology is essentially amoral; it lies outside ethics. The devil is in the details of how it is applied—and the situational Five Ws (who, what, why, where, when). Similarly, it is neither intrinsically good nor bad. For professions that attract individuals who take comfort in linear certitudes—physical and IT security professionals—the response "it depends" can be frustrating or obfuscating (at best), and insulting or ignorant at worse.

Technology cannot fix itself, even if hyped as being endowed with super-human potential. There is no silver bullet for security and no shortcut to systems-level planning. Blocking physical or digital doorways by stacking up security products can give a false sense of security and inattention to undetected digital fissures. Some of those risk controls can even act as risk enablers.

Consider digital surveillance cameras. An estimated 66 million will be shipped this year, as the trend continues to move from standard-definition (SD) analog to high-definition (HD) CCTV and network equipment. Storage requirements are increasing at about 40% per year, with heightened perception of asset value leading to longer storage requirements. One analyst group predicts that "we'll see more enterprise storage products for video surveillance from Chinese vendors."i (Does anyone else see a problem with this?) Another projects the global market for video surveillance storage by 2020 to be $18.2 billionii. How will those devices and that stored footage be protected, used, maintained, and eventually destroyed—and by whom?

End-users of digital camera systems are not necessarily IT experts and frequently received training on analog systems that were not internetworked. This can lead to suboptimal, even risky, implementation of equipment and supporting systems. The prevailing cultural and even organizational (in terms of reporting hierarchy) rift between physical security and IT security teams creates a security gapiii that is illustrated by the vulnerabilities created by digital surveillance cameras installed in shopping malls. Although the proliferation of cameras (hundreds in a large mall) gives the illusion of security, insufficiently hardened camera systems can actually be exploited for criminal activity, including distributed denial of service (DDoS) attacksiv. The two-edged aspect of technology reveals itself.

The desire to promote safe cities led to US Department of Justice grant funding for body-worn cameras (BWC) to local law enforcement agencies that totaled about $22 million for 21,000 cameras in 2015v. Implementing cameras is credited with a 60% reduction in the use of force by officers in one California cityvi, a behavioral outcome attributed to both parties (officer and suspect) being observed. Still, the long-term pros and cons, in particular the management of the data collected by the cameras, needs further evaluation. Scholars from Rasmussen College asked law enforcement experts to weigh in on the pros and cons with these results:vii

Clear picture Upfront costs
Improved behavior Privacy concerns
Relatively unobtrusive equipment Evidence storage (cost and chain of custody)
Reduction in complaints & related expense Retraining of experienced officers

The above uses of digital surveillance cameras are directly controlled, but would benefit from further study. Perhaps learning from such study could inform the exubernat pursuit of indirectly controlled uses of digital surveillance cameras like drones.

Interested in learning about the MS in information assurance program at Regis? Request additional information or call 877-820-0581.

iIHS. "Top Video Surveillance Trends for 2016," IHS White Paper. Retrieved from https://technology.ihs.com/api/binary/572252
iiMarkets and Markets (October 2015), "Video Surveillance Storage Market: Global Forecast to 2020," Markets and Markets. Retrieved from http://www.marketsandmarkets.com/Market-Reports/video-surveillance-storage-market-11432874.html
iiiVictor Wheatman (27 January 2014), "Blending Two Cultures: Management Perspectives on Converging Physical and Information Security," Security Current. Retrieved from http://www.securitycurrent.com/en/writers/victor-wheatman/blending-two-cultures-physical-and-information-security-convergence
ivGraham Cluley (27 October 2015), "Hacked Shopping Mall CCTV Cameras Are Launching DDoS Attacks," Tripwire. Retrieved from http://www.tripwire.com/state-of-security/security-data-protection/hacked-shopping-mall-cctv-cameras-are-launching-ddos-attacks/
vBureau of Justice Assistance (2015), "Body-Worn Camera Program Fact Sheet." US Department of Justice. Retrieved from https://www.bja.gov/bwc/pdfs/BWCPIP-Award-Fact-Sheet.pdf
viChristopher Mims (18 August 2014), "What Happens When Police Officers Wear Body Cameras," The Wall Street Journal. Retrieved from http://www.wsj.com/articles/what-happens-when-police-officers-wear-body-cameras-1408320244
viiWill Erstad (25 January 2016), "Police Perspective: The Pros and Cons of Police Body Cameras," Rasmussen College School of Justice Studies. Retrieved from http://www.rasmussen.edu/degrees/justice-studies/blog/pros-and-cons-of-police-body-cameras/