Articles by David Brent
48% of U.S. judges say they are not adequately prepared to deal with the range of “scientific or technical evidence” presented in court Over the last decade, the video surveillance security industry has morphed drastically in attempts to keep pace with both the consumer electronics and enterprise IT markets. This has created a steep learning curve for law enforcement as well as individuals in the judicial system. A 2012 survey titled “A national survey of judges on judging expert evidence in a post-Daubert world: 2012” states that: 48% of U.S. judges say they are not adequately prepared to deal with the range of “scientific or technical evidence” presented in court 96% could not demonstrate two of the four Daubert Standard criteria. Daubert, named for a specific legal case in 1993, refers to the rules of evidence regarding the admissibility of expert witnesses' testimony during United States federal legal proceedings. Digital evidence By definition, any probative information stored or transmitted in a digital format (1s and 0s) falls under the rules of Digital Evidence, as it pertains to the Federal Rules of Evidence; this includes information on computers, audio files, video recordings, and digital images. Over 95% of all video systems sold and deployed today consist of IP edge devices running an operating system, servers, and some form of network accessible storage Currently, when video from a video surveillance system is obtained as evidence, it is treated with the old school analogue mentality of “What you see is what you get.” Over 95% of all video systems sold and deployed today consist of IP edge devices running an operating system, servers, and some form of network accessible storage. This places almost all pieces of today’s video systems into the same vector of cyber and data security threats that any other device attached to a network is subject to. With this in mind, let’s look at the U.S. Federal Rules of Evidence (FRE) that pertain to digital evidence, and examine how “digital” video is affected. FRE 401-403: Relevance FRE 401: Definition of “Relevant Evidence” FRE 402: Relevant Evidence Generally Admissible; Irrelevant Evidence Inadmissible FRE 403: Exclusion of Relevant Evidence on Grounds of Prejudice, Confusion, or Waste of Time To reduce storage consumption and increase retention times, some integrators and owners will reduce the frame rate along with the resolution to better leverage their storage. Reducing frames per second (FPS) or resolution can produce video that could be misinterpreted by missing key actions within an event. Do a comparison of 15 FPS to 3.75 FPS video in an active scene and see what is missing. FRE 901 (and 902): Authentication To satisfy the requirement of authenticating or identifying an item of evidence, the proponent must produce evidence sufficient to support a finding that the item is what the proponent claims it is This rule plays the most crucial role when dealing with digital video evidence in today’s network environment. Typical Network Video Recorder (NVR) manufacturers record and store video in a basic file format such as *. G64 or *.AVI. While this varies from vendor to vendor, recorded files usually follow a naming convention based on time, date, and camera ID. Video files stored in this fashion can be searched, played back, and or tampered with by simply accessing the network share that in most cases is readily available by simple browsing. Besides cyber threats, one of today’s biggest concerns is incident video being leaked or posted on social media by an internal source, and this can still be accomplished without an individual having video system privileges. If the correct codecs are installed, video can be manipulated and reloaded via a simple network connection. Most NVR vendors also utilise classic “watermarking” as their only form of video authentication. As specified by the Scientific Working Group Imaging Technology (SWGIT), watermarking is considered video tampering: “Watermarking is a potentially irreversible process of embedding information into a digital signal. It modifies the content of the files and can persist as a part of the file. This process may change the image content as it was captured by the camera. Watermarking may occur at the time of recording, at the time the video or images are exported from the system, or during post- processing. Watermarking is not recommended” (Section 17 Digital Imaging Technology Issues for the Courts) Probably the greatest challenge facing law enforcement today is the process in which digital evidence is collected FRE 901 B9: Collection process If an expert can testify about the validity of the process used to image or collect the digital evidence, then it can be deemed admissible Probably the greatest challenge facing law enforcement today is the process in which digital evidence is collected, and maintaining a reliable chain of custody. Typically, first-responding officers to an incident do not know how to secure and/or gather digital evidence to preserve chain of custody; this can affect admissibility in court. As of 2012, there were between 2500 and 3000 different video file formats and codecs associated with as many vendors and products. To expect law enforcement to be familiar with even a fraction of the devices is unreasonable. Law Enforcement typically has to rely on the manufacturer or an integrator to assist in retrieval of incident video. If responding law enforcement personnel are confronted with equipment they are not familiar with, SWGIT suggests the following: Section 24_ Best Practices for Retrieval of Digital Video (2013) “Otherwise, searching the vendor’s website or contacting the vendor directly may be necessary” “If the request is for 30 days of video, the best, or only, option may be producing a forensic clone of the hard drive(s) and/or removing the recording unit from the scene” What if a DVR is from an overseas vendor? Who does the officer call? Is the integrator or installer trained in handling digital forensic evidence? When dealing with enterprise systems, the second point noted in the SWGIT documentation is impractical as video information can be located anywhere within the system’s storage, be it iSCSI, DAS, SAN, or NAS. In some cases, video may be located off the physical site, on the customer’s cloud for instance. If you have 1,000 cameras and 80 TB of storage configured in RAID 6, what drives contain the 45 seconds of incident video? Does the officer take all 80 TB plus RAID controllers? Best evidence rule FRE 1002 The best evidence rule stipulates that “original” evidence must be maintained, and if requested by either the defence or the prosecution, the “original” authenticated evidence must be produced. Due to the fact that digital evidence of any kind can be easily manipulated today, this particular rule is critical, and when performing image enhancements of any kind, they must be done using forensic copies or duplicates. Comparing the average time, it takes for a major case to go to trial and the typical DVR retention, in most instances, all original video has been overwritten The critical issues that arise concerning FRE 1002 and video relate back to FRE 901 and the collection process. If we are dealing with a basic DVR event, and video is retrieved by law enforcement, all DVR devices record in a First-In-First-Out (FIFO) fashion. Comparing the average time, it takes for a major case to go to trial and the typical DVR retention, in most instances, all original video has been overwritten. Now consider scenarios when video or image enhancement is needed with the assistance of a forensics lab. As of 2013, the average number of “Backlog” cases per U.S. forensic lab was 1,213 (163,806 total nationwide). Conclusion With the ease of which video can be edited and manipulated with today’s technology, it is only a matter of time before the focus of the legal system as it pertains to digital video evidence is redirected to the video itself. Are your video devices subject to cyber threats? Can your video system protect video beyond its retention time if needed? Can your video be authenticated by hashing instead of watermarking? A video system is an investment, what will your investment be worth in the future? This article is an excerpt from a dissertation paper written by David Brent. For more details, register to attend David’s upcoming webinar on the topic hosted by the U.S. Security Industry Association.
PSA the systems integrator consortium, announces it will host an education track with sessions during ISC West in Las Vegas, NV on April 9-11, 2019. The PSA education track will be held exclusively on Tuesday, April 9. Members of PSA Committees, PSA executive leadership team, and other industry experts will lead the six sessions that are included in the PSA Track. The sessions being offered will include: The Emerging Leader: The Change Agent in the Security Industry April 09, 2019, 8:30 AM - 10:00 AM, Sands 308/309 In today’s fast-paced business environment, organisations are in need of innovative and flexible leaders In today’s fast-paced business environment, organisations are in need of innovative and flexible leaders. Emerging leaders should be the agents of change needed to lead their organisations to success. Emerging leaders must rapidly learn and implement fundamental management skills, develop wide-ranging strategic perspectives, and take their leadership to the next level. Attendees will discover key behaviors and essential skills needed in today’s marketplace for the evolving leaders of tomorrow. Moderator: Chris Salazar-Mangrum, USAV Presenters: Anthony Berticelli, PSA; Henry Hoyne, Northland Controls; Sharon Shaw, Google, LLC. Succession Planning: Hiring, Retaining, and Developing Teams To Keep Your Business Running Smoothly April 09, 2019, 10:15 AM - 11:15 AM, Sands 308/309 We’ve all felt the pain of having a key position unfilled for months, getting bogged down behind training plans, or even postponing retirement because there is no identified backfill. Whether you are an owner, manager, or an individual contributor, open positions can have an impact on your productivity. Succession planning for all positions is critical to the continuity of business, employee retention, and short and long-term success for companies large and small. In this session, panelists will identify how to succession plan for all positions, methods to stay on top of the process, and how to keep your company running on all cylinders through change. Moderator: Chris Salazar-Mangrum, USAV Presenters: Anthony Berticelli, PSA; Paul Boucherle, Matterhorn Consulting LLC Building a Culture of Accountability April 09, 2019, 11:30 AM - 12:30 PM, Sands 308/309 How do you get your employees to be more engaged and to take ownership How do you improve the culture of your business? How do you get your employees to be more engaged and to take ownership? To create a culture of accountability where employees are engaged and seek ownership, you start by practicing what you preach. Join leaders in the industry to hear how they work with their teams, discuss best practices, and describe the components that build a culture of accountability. Moderator: Paul Boucherle, Matterhorn Consulting LLC Presenters: Christine Lanning, Integrated Security Technologies; Shad McPheters, Northland Controls; Ric McCullough, PSA RMR: Transforming the Security Integrator April 09, 2019, 1:30 PM - 2:30 PM, Sands 308/309 Now more than ever, it is imperative for security companies to be successful at generating recurring monthly revenue (RMR). Security companies without an RMR component miss out on the steady, long-term monthly income that can be generated from service contracts, remote monitoring services, and other automated features and components end users are increasingly looking for. In this session, attendees will discover how to increase stability in their security company’s cash flow. Additionally, end users will learn about the value of having ongoing support and smooth, reliable operation of their systems. Presenter: Bill Bozeman, PSA Marketing Strategies for Small to Medium Sized Security Companies April 09, 2019, 2:45 PM - 3:45 PM, Sands 308/309 The goal of marketing is to connect your business’ value to the right customer base. Marketing to potential customers is the lifeblood of your security company. It is a simple concept but can take on many different shades. There is no magic bullet. In this session, attendees will examine which strategies may be viable and which could potentially be a waste of company resources. Session attendees will identify which marketing strategies and techniques to utilise and adapt to align within their business and company budget. Moderator: Tim Brooks, PSA Presenters: Robbie Danko, LVC Companies; David Morgan, Security Dealer Marketing; Jamie Goswieler, Vector Firm The Convergence of Cyber and Physical Security- A Shared Responsibility The IP-enablement of security technology has created an ever-growing cyber impact on the physical security industry April 09, 2019, 4:00 PM - 5:00 PM, Sands 308/309 The IP-enablement of security technology has created an ever-growing cyber impact on the physical security industry. While well intended, this convergence has created a new security threat that both public and private organisations are struggling to combat. In this session, attendees will hear about the shared responsibility of the manufacturer, integrator, and end user and the protections that are being implemented to harden physical security systems, along with the challenges that both the integrators and end users face with the implementation of technologies and the convergence of cyber and physical security. Moderator: Gary Hoffner, Photo-Scan of Los Angeles, Inc. Presenters: Andrew Lanning, Integrated Security Technologies; David Brent, Bosch Security