The image of a University of Cincinnati campus police officer shooting student Samuel DuBose — for what started out as a simple traffic violation — has lodged itself in our national memory. This event, captured by a camera worn by the officer, comes at a time when body-worn cameras have been the latest push in the law enforcement space, representing the important intersection of technology, law, and civil liberties.
As with any new technology, body cameras disrupt existing norms around police interactions with students and faculty at colleges and universities, as well as their surrounding communities. As such, the debate about their implementation raises concerns about privacy in general and, for students in particular, compliance with the Family Education Rights Privacy Act (FERPA) and its provisions to protect student education records. How mortifying — and life impactful — would it be for an inebriated underage student detained by campus law enforcement to have the video footage of his or her encounter go viral? And how would parents feel toward the institution — to which it might pay tens of thousands of dollars a year in tuition — responsible for that video's release?
But such debates tend to assume an "all or nothing" attitude. Either the institution adopts body-worn cameras and all privacy and compliance standards are null, or the institution avoids camera deployment and turns a blind eye to the inherent benefits of law enforcement technology to civil rights. The latter attitude may result in legal liability and reputational harm for not operating under current recommended guidelines.
Stepping back from this image and others like it, we recognize the need for strong policies to balance technology and fundamental public interest in fairness and legality. Clearly footage of incidents like this is extremely sensitive and needs to be handled with the utmost security and data protections. For higher education institutions, it is time to take a leadership role to ensure the strongest security protocols are in place for proper management of data produced by body-worn and surveillance cameras. In law enforcement, this is the FBI's Criminal Justice Information Services (CJIS) security policy; higher education would be well-served to require CJIS compliance by cloud vendors as well. The CJIS security policy is designed to ensure that agencies dealing with highly sensitive data adhere to strict security requirements and guidelines.
The CJIS security policy is the most robust of its kind. The security policy establishes technical controls for the proper maintenance of evidence, both in collection and transit, to maintain its data integrity and the chain of custody. It also calls for security protocols, such as routine audits and background checks for individuals working with this sensitive data. Just as the Health Insurance Portability Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health Act (HITECH), and the Federal Information Security Management Act (FISMA) establish standards for healthcare, research, and government information, CJIS institutes rules for sensitive law enforcement information.
With the appropriate policies and standards, higher education institutions can avoid the controversy around the body-worn camera debate. Colleges and universities should notify their communities that body-worn cameras are being deployed to their law enforcement personnel for a specific reason — to balance law enforcement and individual rights. In other words, articulating the reason for the policy shift, as well as communicating that it is being implemented with privacy in mind, should be explicit. This is where the CJIS security policy is key to acceptance and effective implementation.
In the end, the CJIS security policy supports the ultimate goal of fairness. This is in line with other fair information-sharing practices on college campuses that require notice and signage. For example, this includes practices such as lecture capture, where video cameras are set up in classrooms to record professors' lectures. To the degree that footage personally identifies a student (i.e., if the professor calls on a student to answer a question and captures footage of it), that data should be considered an education record under FERPA.
The missions of teaching, research, and student development are hanging in the balance of debates on the use of body cameras by law enforcement. To maintain the integrity of its commitment to civil leadership, higher education should demonstrate how justice is served by using, not avoiding, new technologies such as body-worn cameras. The tragic death of Samuel Debose speaks to this point. It is the policies and standards attached to law enforcement data that maintain a focus on what is important: higher education's support of justice.
Tracy Mitrano is principal of consulting firm Mitrano & Associates LLC and an expert at SafeGov.org, a forum for cloud computing industry experts and decision makers to discuss, promote, and advance trusted solutions for the public and private sector. Mitrano formerly served as director of IT policy at Cornell University for 12 years. Beginning in January 2016, she will become the academic dean of UMass Cybersecurity Programs.
© 2016 Tracy Mitrano. This EDUCAUSE Review blog is licensed under Creative Commons BY-NC-ND 4.0 International.