Among state and local law enforcement agencies in the United States and Canada, information sharing and remote access to mission-critical information and databases have come a long way in recent years.
These advancements have also raised a number of questions around privacy and how to properly safeguard confidential information and records. The challenge is to balance the need for officers to have access to the most relevant and up-to-date information against the right for every individual to ensure their information remains confidential.
Never has this been more evident that privacy is critical than in the recent wave of regulatory requirements aimed at safeguarding local and national databases, prompting IT security transformations and upgrades across the board. In particular, federal regulations in the United States and Canada regarding two-factor authentication requirements are impacting the security landscape for law enforcement agencies. Two-factor authentication provides a significant increase in security, requiring a username and password to be used in conjunction with tokens or smart-cards that provide a PIN, which users must enter for an added layer of security.
The need for secure equipment is growing as governments share data with an increasing number of organizations and constituencies. In the United States, the Justice Department is expanding a pilot program this year to implement joint identity management capabilities for databases, which will allow different agencies to access law enforcement databases through a single portal. The Justice Department’s Criminal Justice Information Services (CJIS) is taking the lead on expanding the program, which will enable better data access and optimized cyber security as the single sign-on requires a two-factor authentication. Federal, state and local agencies will be required to sign a memorandum to abide by the two-factor authentication policies in order to join the federation. This is already the case in Canada, where the Canadian Police Information Centre (CPIC) policy requires officers to use two-factor authentication to access and alter secure data in the national database.
While such regulations ultimately allow for better, more secure information sharing among law enforcement agencies, the onus is on IT administrators within those agencies to continue to integrate policy and technology to protect privileged data and information without limiting useful access and efficiencies. A number of agencies throughout the United States and Canada have already implemented systems, solutions and infrastructures that are striking that crucial balance. Baltimore Police use SafeNet Technology
One prime example of advanced law enforcement technology in action is the deployment of the PocketCop hardware by the Baltimore Police Department in Maryland. After a successful pilot program, the department is arming its entire patrol division with technology that brings secure mobile law enforcement data communications to smartphones and other handhelds. The devices are secured by two-factor authentication via an e-token. The technology is ideal for officers who cannot carry bulky laptops and allows them to be in constant contact with supervisors and co-workers. An officer can access records immediately to look at background information on a person of interest, eliminating the need for a call to the dispatch center. This ultimately frees dispatch center personnel for emergencies and cuts laptop costs. Since PocketCop is secured by Federal Information Processing Standards (FIPS) certified e-tokens, the Baltimore Police Department realizes the efficiency and cost-saving benefits of mobilizing its force, while ensuring the protection of confidential data and information.
In the United States, pending regulations by the Criminal Justice Information Services are influencing security measures deployed by organizations such as the Baltimore Police Department, while in Canada a federal mandate prompted Canadian police agencies to strengthen their networks and security to allow access to the nation’s criminal records and data. The York Regional Police (YRP), based in Ontario, Canada, implemented a customized two-factor authentication system to protect stored and shared records on the Canadian law enforcement database to comply with this Canadian Police Information Centre (CPIC) regulation. The YRP uses a smartcard-based, key-like device to ensure the identity of officers accessing mission-critical information from the national database and protect the information on already fully encrypted laptops and other computers. York’s authentication solution has limited system lockouts, improved the department’s overall efficiency and productivity, lowered IT costs, and provided added protection to critical data.
Another compliance success story involving Canadian Police Information Centre (CPIC) regulations is the Montreal Police, the second largest municipal police force in Canada. The Montreal Police Department has implemented a comprehensive certificate-based two-factor authentication infrastructure that ensures access controls to all computers, data and networks. The Montreal Police Force’s security infrastructure supports secure VPN remote access, pre-boot authentication, secure remote access to network resources, and confidential data for officers on patrol using non-managed machines from cruise cars, motorcycles or bicycles. The system gives the department the ability to customize user profiles and access controls based on their roles and responsibilities within the force. Via its secure infrastructure, Montreal Police officers on patrol in cruise cars or at their desks at police headquarters are able to carry out their responsibilities from any location, 24 hours a day, without compromising security or the privacy of the city’s citizens.
“Thanks to SafeNet
’s multi-factor authentication and life-cycle management solutions, a group of our officers and employees are able to carry out their jobs while meeting the security standards of the Canadian Police Information Centre,” said Rhéal Masse, Systems Information Security, VP, CISSP. “Whether on patrol in cruise cars, or at their desks at police headquarters, 300 of ours officers are now able to carry out their law enforcement responsibilities from any location, 24 hours a day, without compromising security or the privacy of our citizens,” Masse added. Securing the Future: Key Learnings for Law Enforcement Organizations Upgrading Security Solutions
All of these police departments, as well as the other organizations adopting similar technology, are reaping the benefits of added security implementation. The extra layers of security enable individual law enforcement officers to better serve and protect their communities in a cost efficient way.
•The technology is suitable for officers without regular access to a laptop or cruiser, whether working undercover or as part of a mounted or bicycle patrol. It also allows an officer to surreptitiously gather timely and critical information.
•Police can access information anywhere and anytime, allowing for quicker response times, less travel and a larger pool of data. Within police cars, the VPN network is an added layer of security that also assists in reaching regulatory and compliance goals.
•If lost or stolen, there is no risk of someone accessing sensitive data such as personal information, since the hardware requires an encrypted token as well as a password that only the owner would know. Both factors are necessary to log into any of the databases. Citizens can rest assured their private information is safe and secure.
All of these benefits, from time and cost savings to putting better informed officers on patrol, are simply an expansion of the best technologies that are used in the private and public sector. By applying these protocols in the field, the information is now secured throughout its entire life cycle. The future of policing will see a continued expansion of technology in the industry to aid and support the officers in the field. This advancement, in partnership with the sharp mind and determination of a police officer, presents a formidable weapon in the battle to secure public safety. As police head into the field each day, it won’t be long before taking an e-token and a secure mobile device will become as second nature as carrying a badge and a gun. Chen Arbel is the Director, Business Development, Authentication, SafeNet.