Presentation is loading. Please wait.

Presentation is loading. Please wait.

North Carolina Law Review Symposium

Published byBennett Perkins Modified over 6 years ago

Similar presentations

Presentation on theme: "North Carolina Law Review Symposium"— Presentation transcript:

1 North Carolina Law Review Symposium
Privacy and Cybersecurity Lessons at the Intersection of the Internet of Things and Police Body Worn Cameras Peter Swire & Jesse Woo North Carolina Law Review Symposium November 3, 2017

2 This paper Why Body Worn Cameras (BWCs) are part of the Internet of Things (IoT) Lessons from the IoT for privacy and cybersecurity, for BWCs Lessons from BWCs for privacy and cybersecurity, for the IoT

3 Background of the Authors
Peter Swire: Now professor of Law and Ethics in Scheller College of Business Jesse Woo: Research faculty at GT “Smart Cities Pose Privacy Risks and Other Problems, But That Doesn't Mean We Shouldn't Build Them,” 85 UMKC L. Rev. 953 (2017)

4 I. BWCs as IoT Definition of IoT: A sensor Connected to the Internet
Data stored remotely, typically in the cloud Our claim: for purposes of identifying and mitigating privacy and cybersecurity issues, BWCs are an example of the IoT No previous literature on this (but, Adam Thierer)

5 BWCs as IoT “Sensor”: a camera, yes
”Data stored remotely, typically in cloud” Storage of the video footage is remote, not on the camera itself Storage may be in the cloud, or else database maintained separately by police department If stored separately, then often greater security risks, unless police department is unusually skilled at cybersecurity “Connected to the Internet” Depends on configuration If it is, then have the worry about remote attacks on the BWCs and their software If not, then those specific risks do not apply, but the rest of the lifecycle of protecting data is the same

6 II. Lessons from IoT for BWCs
Large and growing literature on IoT cybersecurity and privacy IoT is becoming enormous, $1 trillion/year in coming years Numerous types of IoT have similarities to BWCs: smart cities, gunshot locators, fixed video surveillance, many more Emergence of standards for good cybersecurity and privacy How to use the IoT literature to help BWCs? Cities and police departments face challenges in discovering good practices If they discover good practices, in politically fraught settings, helpful to have neutral/authoritative set of practices If practices are not yet good, then basis for critiquing and improving practices

7 Sources on IoT Broadband Internet Technology Advisory Group, IoT Security and Privacy Recommendations (2016) Microsoft Azure, Internet of Things Security Best Practices (2017) Federal Trade Commission Internet of Things: Privacy and Security in a Connected World (2015) Other privacy and security reports and enforcement actions Privacy by design/privacy-enhancing technologies

8 Some themes from the IoT literature
Well-known organizing principles for cybersecurity and privacy: Life cycle of data – collection, storage, use, dissemination, destruction Technical, physical, and administrative measures CIA: Confidentiality, integrity, and availability “Integrity” – preserve evidentiary integrity Secondary use: Primary use (collect as evidence in a particular case) Secondary uses – when is it lawful/appropriate to use for other purposes Biometrics example from this morning

9 Conclusions on Part II IoT: have well developed approaches for hardware, software, and system protections for IoT Rich literature and experience on numerous issues BWC systems and policy debates can draw on these approaches

10 III. Possible lessons from BWCs for IoT
Always on Transparency Jesse Woo

11 “Always on” Existing IoT standards usually assume the device is “always on” For BWCs, that will not be true Bathroom breaks Sitting in car Others This could become a checklist item for IoT security and privacy Technical issues – set default on/off; mechanism for switching between on/off Administrative issues – how to develop on/off policy and create compliance Privacy design principle of “minimization” can lead to “sometimes off”

12 Transparency Transparency an enormous issue for BWC
Complex First Amendment, privacy, accountability, and other issues IoT best practices have not addressed transparency at this level of detail Great majority of IoT deployment done by the private sector, with minimal FOIA or First Amendment issues Much discussion in the symposium on proper approach to transparency When must the camera be on Who should get access

13 Transparency Conclusion for IoT: rich BWC discussion on transparency can inform the broad IoT literature Suggestion for BWC community: Study the decade-long conferences on “Privacy and Public Access to Court Records” from William & Mary’s Center for Legal and Court Technology Huge tradition of public access to court records Huge privacy issues when juvenile, financial, and other records available on the Internet

14 Conclusion Link BWC discussions to the broader IoT literature
Can move the BWC community up the learning curve from the larger IoT discussions Can inform the IoT community of under-appreciated issues such as “always on” and transparency

Download ppt "North Carolina Law Review Symposium"

Similar presentations

Why the Financial Privacy Law is Better than People Think Professor Peter P. Swire Ohio State University University of Minnesota Symposium February 9,

Why the Financial Privacy Law is Better than People Think Professor Peter P. Swire Ohio State University University of Minnesota Symposium February 9,
Better Security and Privacy for Home Broadband Peter P. Swire Moritz College of Law The Ohio State University Morrison & Foerster LLP Privacy 2002 Conference.

Better Security and Privacy for Home Broadband Peter P. Swire Moritz College of Law The Ohio State University Morrison & Foerster LLP Privacy 2002 Conference.
The Strategy of Using Security to Protect Privacy Peter P. Swire Ohio State University Consultant, Morrison & Foerster, LLP Data Protection Commissioner.

The Strategy of Using Security to Protect Privacy Peter P. Swire Ohio State University Consultant, Morrison & Foerster, LLP Data Protection Commissioner.
Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
Database Woes Plague Homeland Security and Law Enforcement.

Database Woes Plague Homeland Security and Law Enforcement.
The art of requesting and negotiating for data NICAR 2012 David Hunn, St. Louis Post-Dispatch Jennifer LaFleur, ProPublica.

The art of requesting and negotiating for data NICAR 2012 David Hunn, St. Louis Post-Dispatch Jennifer LaFleur, ProPublica.
1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,

1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,
Managing Compliance & Risk in a Complex Legal Environment: The new regulatory framework for public sector recordkeeping in Victoria Kathy Sinclair, Policy.

Managing Compliance & Risk in a Complex Legal Environment: The new regulatory framework for public sector recordkeeping in Victoria Kathy Sinclair, Policy.
National Update: The information revolution and the 2012 Caldicott Review Simon Richardson – Information Rights Manager.

National Update: The information revolution and the 2012 Caldicott Review Simon Richardson – Information Rights Manager.
Privacy and Sensor Networks: Do Sensor Networks fit with Fair Information Practices Deirdre K. Mulligan Acting Clinical Professor of Law Director, Samuelson.

Privacy and Sensor Networks: Do Sensor Networks fit with Fair Information Practices Deirdre K. Mulligan Acting Clinical Professor of Law Director, Samuelson.
1 Record Management Medical Center Administrative Group Fall Symposium November 15, 2000 University Audit.

1 Record Management Medical Center Administrative Group Fall Symposium November 15, 2000 University Audit.
The Role of Computers in Surveillance ~ Katie Hatland.

The Role of Computers in Surveillance ~ Katie Hatland.
Peter Swire Computing Community Consortium/CRA Workshop On Privacy By Design Berkeley February 6, 2015 Privacy by Design: More than Compliance with the.

Peter Swire Computing Community Consortium/CRA Workshop On Privacy By Design Berkeley February 6, 2015 Privacy by Design: More than Compliance with the.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Designing Smart Cities Conference University of Strathclyde, Glasgow 31 st March 2015 “Regulating Smart Cities: Policing & Privacy” Paul Mackie Chief Executive.

Designing Smart Cities Conference University of Strathclyde, Glasgow 31 st March 2015 “Regulating Smart Cities: Policing & Privacy” Paul Mackie Chief Executive.
Security and Privacy Strategic Global Partners, LLC.

Security and Privacy Strategic Global Partners, LLC.
CSE/ISE 312 Privacy (Part 1). What We Will Cover Privacy risks and principles 4 th Amendment, expectations, and surveillance Business and social sectors.

CSE/ISE 312 Privacy (Part 1). What We Will Cover Privacy risks and principles 4 th Amendment, expectations, and surveillance Business and social sectors.
VIDEO SURVEILLANCE AND DATA PROTECTION 8th Meeting of the Central and Eastern European Commissioners Euxinograde (Varna), 25-26 May 2006 Neringa Kaktaviciute.

VIDEO SURVEILLANCE AND DATA PROTECTION 8th Meeting of the Central and Eastern European Commissioners Euxinograde (Varna), May 2006 Neringa Kaktaviciute.
Federal Trade Commission U.S. Rules on Privacy and Data Security Organization for International Investment General Counsel Conference October 16, 2009.

Federal Trade Commission U.S. Rules on Privacy and Data Security Organization for International Investment General Counsel Conference October 16, 2009.
The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.

The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.

Similar presentations

Ads by Google