Law Enforcement Digital Evidence | Open Source & Access Policy
As the data and software industry for law enforcement continues to evolve, there are some old practices by some vendors that are jeopardizing government obligations, like transparency, public records access, court submissions, and many other aspects of evidence and records management and handling. These problems that vendors are creating for law enforcement are wrong, and there is no reason for continuing the practice. Today we’re going to explore what law enforcement needs to do in response to these issues, for the sake of evidence and court proceedings.
Vendors Do Not Own “Your” Data
We hear these stories so often that this one issue inspired this article. It’s terribly disheartening to hear every version of this story, but to sum it up, we’ll pose a question. When you have video of an assault, does your agency, your video management software vendor, or taxpayers own that video data? The answer is taxpayers. You are the “trustee” or custodian of that data, and we empower you to collect, handle, store, and manage that data on our behalf (from the perspective of a taxpayer). The software vendor provides you tools to manage that data, that are to be compliant with applicable laws, and responsive to the needs of your agency. Taxpayers own that data, and they rely upon the relationship between vendors and agencies to ensure that data is handled properly to its logical conclusion.
However, we are reminded almost weekly just how much this principle is not at work on the end of vendors. We routinely are contacted by agencies who are fed up, distraught, and questioning their vendors. They call us after trying to retrieve video, or audio, or some other important evidentiary data from their vendor’s software solution, and they get met with an error message depicting that they’ve met a “maximum” or a “threshold” or that files are “temporary unavailable.” When they call the vendor’s representative, about a day later they get an email back saying they’ve reached the limit of their bandwidth with the vendor, and they can’t access anymore files.
In some cases, when that agency stipulates that it’s their rightful data to access (which is correct), the response is, “actually, it’s OUR data.” You shouldn’t be ok with this, and we can tell you we are not either. This has to be one of the biggest crimes going on right now in the age of data, and it’s not being addressed summarily because there too many data breaches on the consumer end of the spectrum to keep up with the problems formed in that industry. This is a symptom of the fact that we are in the “Wild West Era” of data. This is when innovation tends to be at its strongest, but regulation lags behind. We don’t believe regulation is an answer to everything, but there is certainly a need for specific language that addresses some pitfalls that can be sat upon agencies trying to manage data in a world that produces tools and solutions at rapid fire rates.
All Vendor Solutions Must Provide Open Access
This is paramount to the problem we just explained. And because you can’t expect a law to be filled, it comes down to agency, and perhaps an interlocal policy. A side note to all this, remember strength in numbers. Even if there are 23 agencies in your immediate area, and they all use different solutions, banding together with a policy that says that all solutions will provide unlimited access to all data stored or managed without additional costs associated with access means that you as an agency dictate the relationship as it should be between you, the custodian, the data you manage on behalf of taxpayers, and what vendors should be providing out of the public interest.
There can be no alternative to this. Costs have to be predictable, and contracts that provide vague definitions and have manipulated costs on paper that balloon in reality is not an appropriate contract for any agency to be bound to, nor is it appropriate for a vendor to proffer such a contract, and yet we know so many do. Remember, we’re talking about taxpayer’s data. They are counting on all of us to do right by them. Surely, businesses must make money, vendors can’t be charities. But they don’t have to gouge agencies to make a bottom line.
Open access should be automatic.
All Vendor Solutions Must Provide Open Source File Types
There are still two competing schools of thought on this, and some law enforcement agencies are against it, simply because they’ve been doing business in this old fashion for a long time. A problem with many vendors is that the content that comes from their devices is wrapped in proprietary file formats. These are file formats that they create through the use of coding staff, which are unique to that vendor. Further, they design the file so that it can only be accessed through their specific player for those files. Generally, these proprietary files are capable of producing high quality content (think video quality), at a lower file size than open source formats (like .MP4, .AVI, .MOV, etc.) The problem is in the player itself. Usually, the player has so much information stored in it so that it can operate the files that it takes up a third of your traditional external hard drive. When you’re a law enforcement agency who has many data storage racks, you may only need one instance of this player existing in your infrastructure, so for you this isn’t a big deal. But, you are required to share evidence with defense, prosecutors, court staff, other agencies, and even other types of government agencies. If you’re dealing in proprietary files, you’re going to have to transfer that player to all these partners, and they may not have the space for that size of a player, or the infrastructure that could absorb it from a communal perspective. And let’s not forget that all of them may have their way of doing business when it comes to reviewing evidence, and you are now forcing your way onto them. It’s not good practice, especially with defense.
Finally, the last major problem with these files is that they can only be opened by that vendor’s player, or any related software they develop. If they don’t offer a full range of tools (management software, evidence software, redaction/enhancement tools, etc.) then you are limiting all access to that player, and the software you use from the vendor. If a prosecutor needs to redact a video for court, they can’t accomplish it. If a court clerk has to provide the file for a public records request, they now can’t prepare it for that request. If defense needs the video, no one can work on that file to eliminate information in it that is not relevant to the case at hand. By using proprietary file formats, you are truly handcuffing the entire criminal justice system. Imagine telling a Judge that you can’t play a file because the player is not available? Do you think they’ll continue the case, or will they dismiss?
Open source file formats are those formats most common to consumer products. We mentioned some video file types earlier, but it also applies to photographs (.jpg), audio (.mp3, .wav), and documents (.pdf, .doc). Storing many of these files are relatively simple, and don’t cause a lot of problems. Some video files can be very big, and can cause problems when transferring between locations, but you should be employing software that minimizes that issue. Software can make the transfer of large files more efficient, without altering the file, saving the limits of your network bandwidth in most situations. But it can’t solve the actual limits of your agency’s network bandwidth (your network speed). If your agency routinely experiences bandwidth freezes of slowdowns during file transfers, you need to tell your IT staff that they need to increase the network’s speed. No vendor can solve for that issue, unless they are the one’s installing network hardware, and that’s a wholly different conversation from this topic.
This is yet again where having agency or interlocal agreement policy in place is a strong way of forcing vendors to do the right thing. If a vendor wants to do business within your jurisdiction, they will not provide proprietary file formats, but instead provide open source file formats. That way, when you are evaluating potential vendors, you can ask that question upfront, and if they can’t give you a direct answer, then it’s probably best to say thanks, but no thanks. By agreeing to proprietary file formats, while there may be a perceived benefit for your agency, you create nothing but headaches for everyone else you ultimately have to share files with. And that can have bigger implications than your overall storage capacity.
And, from a business perspective, proprietary file types are nothing more than a version of protectionism employed by vendors. By placing you in a unique file type no one else has, they get to field questions from you about the things you need to do with files. That means they get data on what they should build next, keeping you stuck in their half-built solution that’s not really a solution, but more a sand trap. In just about every other industry, this type of tactic has been outlawed, and yet certain technology vendors get away with doing it.
Conclusions
This topic is not done being debated, but it was time we said something about it. Agencies need to understand that vendors do not always have their best interest in mind, and tight, vague language, and file types you’ve never heard of are the two main methods they use to try and pigeon hole clients to their solutions.
You need to have unrestricted access to the data you are custodian over, and you need it in open source file formats, whether it digital evidence, or managed content, so that it’s easy to share with all partners, easy to manage, enhance, or otherwise produce for the various stages of the criminal justice process. Don’t let vendors tell you otherwise. You have to answer to taxpayers, not vendors.
Be safe out there!