More than 600 hours of drone and helicopter surveillance footage from Dallas and Atlanta police departments was leaked last week.
After the story that was first reported by WIRED was published, many have been arguing the incident is an example of a major privacy rights violation.
Video of people in their backyards, unloading their cars, and more was uploaded online after a possible data breach took sensitive video information from the hands of law enforcement into those of the public.
The Dallas Police Department says the footage was in compliance with state laws and said some regions of the country have already been granted higher levels of surveillance rights by the Federal Aviation Administration (FAA).
The bigger questions in cybersecurity: How exactly was so much sensitive data leaked and what can we learn about security from this incident?
How did the Dallas Police Department drone data leak happen?
According to the article by WIRED, two police departments were allegedly storing surveillance data in "an unsecured cloud infrastructure."
Emma Best, a co-founder of Distributed Denial of Secrets (DDoSecrets), does not know who leaked the files, but she said DDoSecrets received the video footage through an anonymous source and then distributed it.
"This is exactly one of the things that people are constantly warning about, especially when it comes to government surveillance and corporate data mining. Not only is the surveillance itself problematic and worrisome, but the data is not handled in the ideal conditions we're always promised," Best said via text message.
Evan Greer, Deputy Director of Fight for the Future, criticized both private and public sector companies for their role in why surveillance techniques like these cannot be trusted.
"It's a crystal-clear example of why mass surveillance makes our society less safe, not more safe. Both corporations and governments are terrible at safeguarding the sensitive data that they collect," Greer said.
Mikael Thalen, a staff reporter for The Daily Dot, tweeted some of the video.
Dallas Police Department responds to surveillance data leak
The Dallas Police Department paints a much different picture. Supervising officers of the drone program say it is allowing for groundbreaking advancements in search and rescue efforts, missing persons cases, and more.
This reporter for SecureWorld News watched Dallas City Council's Public Safety Meeting, which was recorded on November 8th, shortly after the data leaks had occurred.
Sergeant Ross Stinson presented on matters related to the Police Force's use of Unmanned Aerial Systems (UAS) for investigations, adding the program has been successful for search and rescue operations and more.
According to Texas Government Code, UAS is only to be used for warrant search, in-progress felony offenses, or life and death situations.
Police did not address the data leak outright, but Councilmember Cara Mendelsohn questioned officers about how the video footage was being stored.
"Video currently is synced with evidence.com, so it's the same program that we're using with our body cams," answered one officer.
Evidence.com is linked to AXON Enterprises, an Arizona-based company that is widely known for manufacturing equipment such as police body cams.
No further details were revealed about the data leak at the meeting, though officers stated they were currently looking into whether they could receive permissions from the FAA that would allow for a more targeted technique called "tactical beyond visual line of sight."
Sgt. Stinson told the City Council:
"FAA allows what they refer to as tactical beyond visual line of sight. We have great partners in the FAA that have been more than willing to work with us. What we're trying to be is super conservative in the initial application of this program, and we're making sure that we cover all of our bases and so currently we are only operating within visual line of sight, but they do allow for that tactical beyond visual line of sight."
Sgt. Stinson also mentioned that Chula Vista, California, which he said set "gold star standards" for UAS operation, received permission to use tactical beyond line of vision sight. In other words, drone operations with more aggressive targeting are already being put in place in some regions of the country.
Further, Sgt. Stinson explained all officers who operate one of the drones must have a certification, which he says requires 40 hours of training. He did not delve into what kind of topics the training includes.
Melinda Gutierrez, Senior Corporal and Media Relations for Dallas Police Department, responded to queries by SecureWorld News in an email.
"The Dallas Police Department [The Department] has received multiple inquiries regarding a website's report about a potential data breach of 1.8 TB of the Department's Helicopter and Drone footage," Gutierrez wrote.
"The Department cannot confirm at this time how much video information was breached. It is important to note that this video data was not lost nor is it missing. The Department, City of Dallas IT Services, and the 3rd Party vendor are working closely together in support of resolving this potential breach. This is an ongoing investigation. The Department will provide a full response at the conclusion of the investigation."
SecureWorld News also reached out to AXON Enterprises by phone and email for commentary. A representative responded in an email.
"We are aware of the incident and can confirm that this breach does not involve Axon Evidence (evidence.com)."
Leave your comments below to further this discussion.
[RELATED: Aussie Parliament Just Leveled Up Police Hacking Powers]
[RELATED: Apple Delays Features to Flag Child Abuse]
Resource
Several conclusions can be made from this news story, but one element stands out the most: Why was law enforcement storing many private data files on an unsecured cloud network if this is true?
Attend SecureWorld Rockies virtual conference on November 17th for an expert panel discussion, Cloud: Power and Peril, which will shed light on security best practices related to cloud storage.
