By David J. Roberts, Senior Program Manager, IACP Technology Center
ontemporary law enforcement executives, caught between the competing forces of dwindling resources and growing demands for service, are increasingly turning to technology to achieve greater efficiency and effectiveness. New and emerging technologies are playing a crucial role in the daily work of frontline police officers, equipping them with enforcement and investigative tools that have the potential of making them better informed, more efficient, safer, and more effective. Developing and enforcing comprehensive agency policies regarding deployment and use are critical steps in realizing the value that technologies promise.
Law Enforcement Technology
Chiefs today are confronted with a bewildering array of technologies to support planning, deployment, and operations. Advances have made it possible to monitor and record nearly every interaction between police and the public through the use of in-car and body-worn video, access to an expanding network of public and private video surveillance systems, and citizens and officers alike equipped with smartphones with digital recording capabilities. Patrol officers can track suspects with the use of GPS tracking technologies, and officers themselves can be tracked with automated vehicle location (AVL) systems. Automated license plate recognition (ALPR) systems can scan the license plates of vehicles within sight of the officer in the field and quickly alert them if the vehicle is stolen or wanted. Identity can be remotely verified or established with biometric precision using handheld fingerprint scanners and facial recognition software. Crimes can be mapped as they are reported, gunshot detection technology can alert law enforcement almost instantaneously when a firearm is discharged, and surveillance cameras can be programmed to focus in on the gunshot location and stream live video to both dispatchers and responding officers.
The law enforcement agency must manage an increasingly complex array of technologies while ensuring effective planning, procurement, and implementation. The technical challenge is further amplified as the agency integrates diverse technologies across different platforms, builds a robust and secure technical infrastructure, provides initial and ongoing training, plans technology upgrades and refreshes, and organizes round-the-clock technical support for mission critical systems. Implementing technology in law enforcement requires that agencies clearly articulate their strategic goals and tactical objectives for the technology. This strategy should be tightly aligned with the broader strategic plans of the agency.
The Policy Mandate
Creating and enforcing comprehensive agency policies that govern the deployment and use of technology is a critical component to ensuring effective and sustainable implementation. Thorough and ongoing training of all users is required to ensure that the technology performs effectively. Policies function to reinforce that training and to establish an operational baseline to guide officers in proper procedures. Moreover, policies work to ensure uniformity in practice across the agency and to enforce accountability for performance. Policies should reflect the mission and values of the agency, as well as close alignment with applicable local, state, and federal laws, regulations, and judicial rulings.
Policies also function to establish transparency of operations, enabling agencies to allay public fears and misperceptions by demonstrating a policy framework to ensure responsible use, accountability, and legal and constitutional compliance. Law enforcement use of ALPR technologies, unmanned aircraft, and body-worn video, for example, have generated substantial public discussion, increased scrutiny, and legislative action in recent years.1 Privacy advocates, elected officials, and members of the general public have raised important questions about how and under what circumstances these technologies are deployed, for what purposes, and how long the data gathered are retained, used, and shared. Having and enforcing a strong policy framework enables the law enforcement executive to structure the discussion and to demonstrate responsible planning, implementation, and management. Failure to have and enforce policies can erode public confidence, promote widespread fears of privacy violations, invite potential misuse and possible civil liability, and may provoke external limitations on the adoption or use of technologies.2
Agencies will be well-served by building a technology policy framework that addresses technology objectives, deployment, records management, data quality, systems security, data retention and purging, access and use of stored data, information sharing, and accountability. Sanctions for non-compliance can help to ensure that technology is used effectively and that data are properly collected, used, and managed. The following universal principles should be addressed in developing effective policies for a host of technologies, including ALPR, in-car cameras, body-worn video, surveillance cameras, facial recognition technologies, unmanned aircraft, and so forth.
The principles should address a number of key issues, including the following:
- Operational Factors
- Align the technology with specific strategic and tactical deployment objectives of the agency (e.g., the Parking Enforcement Unit may use ALPR technology very differently and retain data for different periods of time than Patrol or Investigations).
- Indicate that the technology is to be used for official use only (FOUO).
- Identify who is authorized to officially approve the deployment and use of the technology, and perhaps the conditions necessary for deployment and use.
- Require training, and perhaps certification or other documented proficiency, if applicable, of all personnel who will be managing, maintaining, and/or using the technology.
- Require regular maintenance, support, upgrades, calibration, and refreshes of the technology to ensure that it functions properly.
- Identify specific operational factors that must be addressed in deployment and use of the technology (e.g., for ALPR, the officer should (1) verify that the system has correctly “read” the license plate tag; (2) verify the state of issue of the license plate record; (3) verify that the “hot list” record that triggered the alert is still active; and (4) recognize that the driver of the vehicle may not be the registered owner).
- Policy Factors
- Complete a privacy impact assessment (PIA)3 on relevant systems and the data they gather.
- Define information systems security requirements of the technology and access to the data to ensure the integrity of the systems and confidentiality of the data.
- Clarify data classification based on its level of sensitivity (e.g., top secret, secret, confidential, restricted, unclassified, private, public), whether the data gathered or generated are considered public information, whether they are subject to freedom of information act (FOIA) requests, and under what circumstances.
- Audit all access to data gathered or generated through use of the technology to ensure that only authorized users are accessing the data for legitimate, authorized purposes and include consequences for unauthorized use, access, or dissemination.
- Differentiate between data that are part of an ongoing or continuing investigation and information that is gathered and retained without specific suspicion or direct investigative focus.
- Establish data retention schedules, access privileges, purge criteria, and sharing practices.4
Realizing the business value that technologies promise law enforcement can be achieved only through proper planning, implementation, training, deployment, use, and management of the technology and the information it provides. Like all tools available to law enforcement, technology must be carefully managed. Agencies must clearly articulate their strategic goals and tactical objectives for the technology, and this strategy should be tightly aligned with the broader strategic plans of the agency. Thorough and ongoing training is required to ensure that the technology performs effectively and that users are well versed in the operational policies and procedures defined and enforced by the agency. Policies must be developed and strictly enforced to ensure the quality of the data, the security of the system, compliance with applicable laws and regulations, and the privacy of information gathered. Building robust auditing requirements into agency policies will help enforce proper use of the system and reassure the public that their privacy interests are recognized and respected.
The IACP National Law Enforcement Policy Center has developed a wide variety of model policies to guide and support law enforcement in establishing effective operations and management.5 Model policies dealing with law enforcement technologies include digital cameras, electronic control weapons, electronic messaging, electronic recording of interrogations and confessions, identity crime, mobile communication devices, mobile video recording equipment, ALPR, and social media, among others. IACP continues to review, expand, and refresh these model policies, and create new policies as technologies and agency practices evolve. ♦
1 The American Civil Liberties Union (ACLU) has recently released two reports addressing law enforcement technologies—ALPR and body-worn video. Both reports discuss the operational value of the technology to law enforcement operations and investigations, and both call for policies associated with deployment, operations, data retention, access, and sharing. Catherine Crump, You Are Being Tracked: How License Plate Readers Are Being Used to Record Americans’ Movements (New York: ACLU, July 2013), https://www.aclu.org/technology-and-liberty/you-are-being-tracked-how-license-plate-readers-are-being-used-record; Jay Stanley, Police Body-Mounted Cameras: With Right Policies in Place, a Win for All (New York: ACLU, October 2013), https://www.aclu.org/technology-and-liberty/police-body-mounted-cameras-right-policies-place-win-all (both accessed October 11, 2013).
2 A number of jurisdictions throughout the United States are considering limiting or banning entirely a variety of law enforcement technologies. Somini Sengupta, “Rise of Drones in U.S. Drives Efforts to Limit Police Use,” New York Times, February 15, 2013, http://www.nytimes.com/2013/02/16/technology/rise-of-drones-in-us-spurs-efforts-to-limit-uses.html?pagewanted=all; Associated Press, “State Senator Hopes to Pass Bill, Ban Police from Using Drones,” The Daytona Beach News-Journal, December 9, 2012, http://www.news-journalonline.com/article/20121209/NEWS/121209749; and Katrina Lamansky, “Iowa City Moves to Ban Traffic Cameras, Drones, and License Plate Recognition,” WQAD, http://wqad.com/2013/06/05/iowa-city-moves-to-ban-traffic-cameras-drones-and-license-plate-recognition. Maine has limited the use of automated license plate recognition (ALPR) technology and limited storage to no more than 21 days. Me. Rev. Stat. Ann. 29-A, §2117-A (Use of automated license plate recognition systems), http://www.mainelegislature.org/legis/statutes/29-A/title29-Asec2117-A.html, An upcoming bill in the Michigan legislature would limit data retention to 48 hours, unless the license plate read is associated with criminal activity. Jonathan Oosting, “Proposal Would Regulate License Plate Readers in Michigan, Limit Data Stored by Police Agencies,” http://www.mlive.com/politics/index.ssf/2013/09/proposal_would_regulate_licens.html (all accessed October 11, 2013).
3 A privacy impact assessment (PIA) is “a systematic process for evaluating the potential effects on privacy of a project, initiative or proposed system or scheme.” Roger Clarke, “Privacy Impact Assessment: Its Origins and Development,” Computer Law & Security Review 25, no. 2 (April 2009): 123-135, http://www.rogerclarke.com/DV/PIAHist-08.html. IACP, Privacy Impact Assessment Report for the Utilization of License Plate Readers (Alexandria, Va.: IACP, September 2009), http://www.theiacp.org/LinkClick.aspx?fileticket=N%2bE2wvY%2f1QU%3d&tabid=87. For a list of PIAs completed by the U.S. Department of Justice, see http://www.justice.gov/opcl/pia.htm; Department of Homeland Security, see https://www.dhs.gov/privacy-office-privacy-impact-assessments-pia (all accessed October 14, 2013).
4 The Home Office recently issued the Surveillance Camera Code of Practice, which includes 12 guiding principles governing the effective and appropriate use and deployment of this technology, many of which align with the principles suggested above. Home Office, Surveillance Camera Code of Practice Comes into Force (London, UK: Home Office, June 2013) https://www.gov.uk/government/news/surveillance-camera-code-of-practice-comes-into-force (accessed October 14, 2013).
5 The IACP National Law Enforcement Policy Center website can be found here http://www.theiacp.org/PublicationsGuides/ModelPolicy/tabid/135/Default.aspx.
Please cite as:
David J. Roberts, “The Policy Foundation of Technology Implementation,” Technology Talk, The Police Chief 80 (November 2013): 64–65.