A data breach exposes confidential, personally identifiable information (PII), or sensitive information to an unauthorized person. The files obtained during a data breach are then viewed and shared without permission.
There has been an increase in cyberattacks and data breaches around the world, including in the US. Many organizations have been impacted by this increase, including law enforcement agencies.
In 2019, the Los Angeles Police Department (LAPD), was the target of a data breach, which exposed the personal information of at least 20,000 people. This included 2,500 active officers and 17,500 job applicants. Information obtained during the breach included names, dates of birth, email addresses, passwords, as well as the last four digits of social security numbers.
Then in 2020, the North Miami Beach Police Department was hit with a ransomware attack—where malware is used to deny an employee or organization access to files on their computer or drive unless they pay a fee—and the attackers demanded a ransom of $5 million from the police department to get their information back online.
Law enforcement agencies today store an increasing amount of digital evidence, including video, audio, photographs, social media posts, chat group messages, and much more—all of which needs to be kept private and confidential. This means agencies need a way to store all this data safely when saved on external hard drives, which occurs when data must be shared, especially with other agencies.
In addition, some evidence must be preserved for very long periods of time (e.g., 65 years in some cases), which makes storage even more challenging. One solution is WinZip® SafeMedia™.
WinZip SafeMedia enables end users and entire agencies to quickly and safely store, manage, and transport files on removable media (e.g., removable storage devices such as CDs, DVDs, and USB drives and sticks), empowering IT administrators to uphold protocols and standards that defend organizations against online and offline threats.
In this article, we’ll discuss the top data security pain points law enforcement agencies face, how chain of custody data logging comes into play, the stringent security procedures law enforcement must adhere to, and how WinZip SafeMedia can help.
Top 4 Data Security Pain Points Law Enforcement Agencies Face
There are many pain points and challenges related to data security that plague law enforcement agencies everywhere. Let’s look at four of the most common.
1. The Growing Amount of Digital Evidence
The main problem for agencies is that there is simply too much digital evidence to handle.
Since law enforcement agencies now must collect and analyze digital evidence from multiple sources in almost every investigation they oversee, police departments need to invest in systems to store this data. This includes tools that enable long-term storage, controlled distribution of evidence, and integration with record management systems.
For example, although evidence collection tools such as body-worn cameras and dash cam video are invaluable, footage from these cameras requires a considerable amount of work to store, protect from cyberattacks and data breaches, and maintain according to stringent digital evidence security requirements.
To resolve this issue, agencies should invest in dedicated data storage and security solutions. This solution must enable officers to follow proper protocol/procedure for storing and managing evidence (which may require this evidence to be accessed by the public for transparency).
2. Difficulty Accessing Data
Finding and accessing data relevant to a police investigation is one of the first steps taken by law enforcement officials and administrative staff. Depending on how data is stored, this can be a complex and tedious process.
According to a report by McKinsey Global Institute, the average law enforcement employee spends around 20% of their day just searching for the information they need.
Key factors that hinder data accessibility include:
Data is stored in silos and disparate places rather than centralized locations.
Multiple logins and user access rights are required to view data.
External data (e.g., call data records, device downloads, and automatic number plate recognition, or ANPR) is often obtained in stages from different sources, making it hard to keep track of.
Competence and knowledge among staff members can vary considerably, which means data storage best practices are not followed consistently.
3. Storing and Sharing Data Across Agencies
The need to share data across law enforcement agencies is increasing. Crimes often happen at more than one location, which means the ability to gather and share information with agencies in other counties, states, or even countries, can be critical when working on a criminal investigation.
The data sharing process can be quite difficult. First, there needs to be a centralized digital location that can safely store a variety of information, including timelines, reports, digital evidence, and more—all of which may be in multiple file formats—and that can be accessed by all approved users.
In addition, access to this data needs to be audited to ensure it has not been tampered with in any way. The information shared also must be searchable so that it can be located to inform other investigations if needed.
4. Lack of Proper Technology
Law enforcement agencies need to have the right technology in place to both store and analyze the massive amounts of data they collect every day.
For example, even in a routine investigation, there are hundreds of thousands of lines of data that come from call data records and electronic devices alone. Trying to decipher this information without the proper technology can be daunting and may interfere with the progress and timeline of an investigation.
Examples of technology used by law enforcement include:
Artificial intelligence (AI). AI is a much more cost-effective solution than having humans derive actionable insights from immense amounts of data. AI is also used for crime mapping, where analysts and researchers use location information about different crimes to detect spatial patterns in criminal activity (e.g., sifting through data to more accurately pinpoint high-crime areas).
In addition, AI is also used in crime forecasting, which attempts to predict crimes before they occur, using deep learning algorithms to train computers to analyze data from many different sources.
Predictive policing. Technology known as predictive policing involves the use of algorithms to analyze large amounts of data to help predict and prevent future crimes.
Place-based predictive policing uses preexisting crime data to identify places and times that have a high risk of crime, while person-based predictive policing works to identify individuals or groups who are at risk of committing a crime—or who may be the victim of a crime—by analyzing certain risk factors, such as prior arrests.
Digital Evidence Chain of Custody Logging
Chain of custody is the process used to gather and track the movement and control of an asset or piece of evidence through its lifecycle. This process documents each person and organization who handles any asset, the date and time it was collected or transferred, and the purpose of the transfer. An asset includes digital activity records, data, and equipment.
Chain of custody documentation helps mitigate risk by decreasing the opportunity for would-be hackers to tamper with the asset.
Anyone involved in the chain of custody must ensure they follow best practices when collecting data, any misstep can lead to the asset being compromised, and therefore challenged and ruled inadmissible in court, which can lead to a wrongful conviction or someone guilty walking free.
The best way to ensure that chain of custody is always followed is for law enforcement agencies to enforce stringent security procedures. These procedures include:
Data collection. This is where the chain of custody process begins. This step includes gathering, identifying, labeling, and recording data from relevant and credible sources in a way that preserves the integrity of the data and evidence collected.
Data examination. During the examination process, chain of custody information is documented to outline the forensic process that is being undertaken. With digital evidence, for example, officers must capture screenshots as they make their way through the examination process to show the tasks that are being completed and the evidence uncovered. As this step is carried out, the results of the investigation are recorded.
Data analysis. The analysis is the result of the examination stage. In this stage, legally justifiable methods and techniques are used to derive useful information from evidence gathered to address questions posed in the investigation.
Reporting. This is the documentation phase of both the examination and analysis stages. Reporting includes the following tasks:
A statement regarding the chain of custody, which can include a form that lists the details of how the evidence was handled every step of the way.
An explanation of the tools used to collect, examine, and analyze the data.
A description of the analysis conducted using various data sources.
Any vulnerabilities identified.
Any additional recommended forensic steps.
One way to enforce these procedures in your law enforcement agency is by using the WinZip SafeMedia IT control and activity log. These powerful administrative features enable you to tailor security policies to your agency’s needs.
For example, you can customize settings for different departments or user groups and monitor activity as needed using the activity log. Approved users can access the logged information using Windows Event Viewer or by using a log server solution.
4 Critical Digital Evidence Security Requirements
Courts require digital evidence to be sound, untampered with, and provided without any alteration, which means protecting digital evidence is critical. As such, law enforcement agencies must follow storage requirements to ensure all digital evidence is properly handled.
These security requirements include:
1. Maintaining the Original Digital Evidence File
This requirement involves retaining the original digital evidence file. This enables officers to refer to the original, unaltered evidence if needed.
Officials must keep this file separate from the one they are working on and not perform any analysis on the original file. Every action performed on the original file needs to be limited to protect the original digital evidence file for the evidence within to be admissible in court.
2. Ensuring Data Integrity with Hash Values
Cryptographic hash values verify the integrity and authenticity of digital evidence. Hash values provide proof that the digital evidence used in an investigation is the same as the original that was uploaded. If any alteration has been made to the evidence, the system will generate a new hash value that does not match the original one.
This security requirement makes it much easier for officers to detect any kind of alteration made to the asset. If no alterations are detected, the integrity of the digital evidence is preserved.
3. Protecting Removable Storage Devices
Losing a portable storage device or having it stolen can lead to huge risks and potential consequences for a police agency, especially if this results in a data breach. It’s likely that a lost device will fall into the wrong hands, thus risking the privacy and security of what is stored on that device.
The minimal costs of purchasing encrypted USB drives are far less than that of the average data breach, along with other consequences such as loss of trust and negative public perception.
When using any kind of storage device, police officials must ensure they protect all data every step of the way. This means setting strong, unique passwords for every storage solution used and enabling a password on their computer so no one can access files on their laptop or desktop while they are away from their desk.
4. Encrypting Data on Removable Media
Although encryption on removable storage devices is not yet a security requirement for most law enforcement agencies, it’s a pain point for most police forces. Key challenges related to encryption include determining what data security option is best, how to implement a solution across an entire agency, and who is responsible for leading this initiative.
WinZip SafeMedia Empowers Law Enforcement Agencies with Seamless, Fail-Safe Data Security
WinZip SafeMedia equips law enforcement agencies and police departments with a simple, centralized solution that can be used to safely store, manage, transport, and share sensitive investigation data with authorized personnel.
With WinZip SafeMedia, agencies can empower authorized staff to securely collect and access important evidence on removable media anytime, anywhere, while ensuring all data is protected against unauthorized access through features such as forced burn encryption, activity monitoring, and advanced permission control.
Additional benefits of WinZip SafeMedia include:
Safeguard digital evidence and metadata integrity by copying and automatically encrypting duplications of data assets on external drives.
Automatically encrypt and compress evidence and investigation data to easily drag and drop it onto external drives for secure storage.
Quickly access data on authorized law enforcement agency systems and software via automatic file decryption.
Customize and enforce user permissions and log access to ensure all evidence is processed using approved legal chain of custody compliance and security protocols.