1 / 14

Peter Swire & Jesse Woo North Carolina Law Review Symposium November 3, 2017

Privacy and Cybersecurity Lessons at the Intersection of the Internet of Things and Police Body Worn Cameras. Peter Swire & Jesse Woo North Carolina Law Review Symposium November 3, 2017. This paper. Why Body Worn Cameras (BWCs) are part of the Internet of Things (IoT)

mitchelljames
Download Presentation

Peter Swire & Jesse Woo North Carolina Law Review Symposium November 3, 2017

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Privacy and Cybersecurity Lessons at the Intersection of the Internet of Things and Police Body Worn Cameras Peter Swire & Jesse Woo North Carolina Law Review Symposium November 3, 2017

  2. This paper • Why Body Worn Cameras (BWCs) are part of the Internet of Things (IoT) • Lessons from the IoT for privacy and cybersecurity, for BWCs • Lessons from BWCs for privacy and cybersecurity, for the IoT

  3. Background of the Authors • Peter Swire: • Now professor of Law and Ethics in Scheller College of Business • Jesse Woo: • Research faculty at GT • “Smart Cities Pose Privacy Risks and Other Problems, But That Doesn't Mean We Shouldn't Build Them,” 85 UMKC L. Rev. 953 (2017)

  4. I. BWCs as IoT • Definition of IoT: • A sensor • Connected to the Internet • Data stored remotely, typically in the cloud • Our claim: for purposes of identifying and mitigating privacy and cybersecurity issues, BWCs are an example of the IoT • No previous literature on this (but, Adam Thierer)

  5. BWCs as IoT • “Sensor”: a camera, yes • ”Data stored remotely, typically in cloud” • Storage of the video footage is remote, not on the camera itself • Storage may be in the cloud, or else database maintained separately by police department • If stored separately, then often greater security risks, unless police department is unusually skilled at cybersecurity • “Connected to the Internet” • Depends on configuration • If it is, then have the worry about remote attacks on the BWCs and their software • If not, then those specific risks do not apply, but the rest of the lifecycle of protecting data is the same

  6. II. Lessons from IoT for BWCs • Large and growing literature on IoT cybersecurity and privacy • IoT is becoming enormous, $1 trillion/year in coming years • Numerous types of IoT have similarities to BWCs: smart cities, gunshot locators, fixed video surveillance, many more • Emergence of standards for good cybersecurity and privacy • How to use the IoT literature to help BWCs? • Cities and police departments face challenges in discovering good practices • If they discover good practices, in politically fraught settings, helpful to have neutral/authoritative set of practices • If practices are not yet good, then basis for critiquing and improving practices

  7. Sources on IoT • Broadband Internet Technology Advisory Group, IoT Security and Privacy Recommendations (2016) • Microsoft Azure, Internet of Things Security Best Practices (2017) • Federal Trade Commission • Internet of Things: Privacy and Security in a Connected World (2015) • Other privacy and security reports and enforcement actions • Privacy by design/privacy-enhancing technologies

  8. Some themes from the IoT literature • Well-known organizing principles for cybersecurity and privacy: • Life cycle of data – collection, storage, use, dissemination, destruction • Technical, physical, and administrative measures • CIA: Confidentiality, integrity, and availability • “Integrity” – preserve evidentiary integrity • Secondary use: • Primary use (collect as evidence in a particular case) • Secondary uses – when is it lawful/appropriate to use for other purposes • Biometrics example from this morning

  9. Conclusions on Part II • IoT: have well developed approaches for hardware, software, and system protections for IoT • Rich literature and experience on numerous issues • BWC systems and policy debates can draw on these approaches

  10. III. Possible lessons from BWCs for IoT • Always on • Transparency • Jesse Woo

  11. “Always on” • Existing IoT standards usually assume the device is “always on” • For BWCs, that will not be true • Bathroom breaks • Sitting in car • Others • This could become a checklist item for IoT security and privacy • Technical issues – set default on/off; mechanism for switching between on/off • Administrative issues – how to develop on/off policy and create compliance • Privacy design principle of “minimization” can lead to “sometimes off”

  12. Transparency • Transparency an enormous issue for BWC • Complex First Amendment, privacy, accountability, and other issues • IoT best practices have not addressed transparency at this level of detail • Great majority of IoT deployment done by the private sector, with minimal FOIA or First Amendment issues • Much discussion in the symposium on proper approach to transparency • When must the camera be on • Who should get access

  13. Transparency • Conclusion for IoT: rich BWC discussion on transparency can inform the broad IoT literature • Suggestion for BWC community: • Study the decade-long conferences on “Privacy and Public Access to Court Records” from William & Mary’s Center for Legal and Court Technology • Huge tradition of public access to court records • Huge privacy issues when juvenile, financial, and other records available on the Internet

  14. Conclusion • Link BWC discussions to the broader IoT literature • Can move the BWC community up the learning curve from the larger IoT discussions • Can inform the IoT community of under-appreciated issues such as “always on” and transparency

More Related