Article

Protecting Your Video Surveillance From Leaks

While there are a number of opinions and methods as to the best ways to capture and manage video images for investigation and evidence, we tend to focus on the technical aspects.

What’s the best resolution, frame rate, compression method, or retention time for a given application? How will we get images off of the system as evidence? How do we restrict access to our system while making sure that the images we collect are usable in a variety of venues?

These are all valid topics, and there’s no shortage of opinions and experiences that can help us. But one area where we see little emphasis is on the social engineering and human aspect of your system.

With the proliferation of websites showing video clips and intense pressure from media outlets for “newsworthy” footage, there’s a real danger to the owner of a system, in terms of both liability and damage to reputation, and it may all be hinging on a security officer with too much time on their hands, too little money in the bank, a warped sense of humor, or an axe to grind.

Any one of these can be a recipe for disaster.

Leaked video surveillance images
Case in point: In May of 2007, the New Jersey (USA) Turnpike Authority sued to force YouTube and two other companies to remove the video of a horrific Garden State Parkway car crash from their websites.

The video showed a fiery one-car crash at the Great Egg Toll Plaza, which claimed the life of a 52-year-old Cape May County man. The video was captured on a Turnpike Authority surveillance camera, leaked to the public, and eventually posted on YouTube, LiveLeak.com, and Break.com, according the authority’s complaint.

While this case was particularly well publicized, less spectacular incidents are commonplace. From drunken dancers in water fountain to inappropriate images of attractive patrons, the proliferation of high-quality video images often makes distribution of footage child’s play for those so inclined.

Preventing unauthorized video exports
In response to this, our firm strongly recommends that systems be locked down to prevent unauthorized distribution of video images.

The simplest way to do this is to install a Master Evidence Server, a shared network drive accessible only from the digital video workstations.

When an incident is noted, any operator can take it offline (removing it from the location where it will be overwritten over time), and place it on this central drive. The ability for the operator to burn clips to removable media is also removed, allowing this capability only for authorized personnel.

This also allows local storage and retrieval of recorded incidents without risk of unauthorized distribution of these images to internet or media sites.

Side benefits are the orderly storage of these incidents in an easily reviewable folder, and a higher level of data redundancy for these images. While 98 percent of the video recorded in a system is typically discarded, the video on the Master Evidence Server is more critical, and can be configured for automatic backups, drive redundancy, and other safeguards.

Finally, in the grand scheme of things, this option is fairly affordable as a huge storage array isn’t required — a video evidence clip is typically less than seven minutes in length.

We offer this as an option in our system designs, but I can’t recall that anyone has ever declined to take it.

Click here to read full article on IFSEC Global

This entry was posted in Product Evaluation, Project Management, Published Articles, Specifications, System Auditing, System Documentation, Video Surveillance. Bookmark the permalink.