Hendon Publishing - Article Archive Details
Records Management and USB Drives
The management of law enforcement records has always been a sort of the anti-climactic event that required officers to take time away from “doing the job” and take time to write about what they just did. Typically, an officer would go to an office and fill out a report, which would then be reviewed and eventually filed in a cabinet in a room with a lot of other cabinets full of similar reports.
Previously, the reports themselves were created in a room in a secure facility. Today’s reports can be created on mobile work stations in units and cruisers far from the station. Previously, a report was created on a physical sheet of paper and filed in a cabinet. Today’s reports are almost entirely digital, some of them will never be printed on actual paper, and while they are accessible from a desktop computer, they are likely stored in another location altogether.
The most recent technological trend to impact law enforcement agencies large and small is the USB drive. Its compact size and universal nature have in only a few years made it a must have device for all personnel who actively use computers to accomplish their daily duties. But with any new technology, there is a growing period in which people decide how a device or system should be utilized and what protocols and standards should be established to govern those uses.
The USB drive is the latest step in the progression of data storage for public agencies, which began in antiquity with bones and wood. Understanding how these drives work, how they are being utilized by personnel, how they can be secured and how long they will last provides administrators valuable information when making decisions about their use within their agencies. This information will also help administrators avoid the mistakes of other departments that failed to understand the technology and its use.
The USB drive, or thumb drive as it has become known, is an example of the ever-changing and persistent effect of technology on the public safety records management landscape. Basically a flash memory chip connected to a USB connector, a USB drive represents a small conveniently portable solid state storage device. Originally available in 8MB and 16MB in 2000, they are currently available in sizes up to 32GB of storage.
Just 20 years ago it would have been technologically impossible for a single individual to walk out of a department with the sum of all of the records created by his agency that day. Even with the improvements in photocopying technology, absconding with a day’s worth of data would be challenging. And even if the copies of the documents could be obtained, physically carrying them out the door would proved to be ambitious at best. But not so today. Now, anyone with access to the right computer directory can utilize a USB thumb drive and walk out with the records created by a single agency on any given day. A person could walk out with all of the records ever created.
Several years ago when USB drives were first being utilized by “early adopters,” several agencies tried and to prevent this “walking out with all the records” scenario from actually occurring. They weren’t successful. Once USB thumb drives had arrived and were beginning to gain popularity among the technically savvy officers, some people noticed that it would indeed be possible to download huge numbers of files onto a small portable drive and leave the secure facilities of a law enforcement office. What was needed was a way to disable the USB ports on the computers being accessed.
What seemed like a good idea, disabling USB ports, was short lived as IT personnel in several agencies began to stop the ports through physically and software procedures. Used exclusively on Macs, USB ports were still gaining popularity among PC manufactures and consumers alike in the late 1990s, so it seemed reasonable to disable them from the heart of the computer since most agencies used PCs to access proprietary agency software.
Unfortunately, disabling USB ports was only treating the symptoms of the yet unapparent disease and not the cause. And disabling USB ports from computers en masse also had the deleterious effect of killing a wide variety of optional devices that were necessary for daily operations: mice, scanners, cameras, printers, storage devices.
In the ensuing years since their arrival, USB drives have become commonplace in the law enforcement work environment, and the protocols that governed their use were found to already exist in most departments with regard to standard operating procedures and agency policies relating written documentation. If an officer was allowed to access and remove paper files, the same policy perhaps modified should suffice for electronic files as well. Agency administrators who have not specifically reviewed their policies regarding the storage and transfer of electronic data should do so.
If a survey were taken of how many law enforcement officers use USB thumb drives in the course of their daily duties, the percentage would likely be well over 50% with the majority of users being younger officers. And if one were to ask what type of files were stored on these devices, one would likely find material pertaining to their day-to-day tasks and duties. This should not be surprising, but it should call for a pause.
A common thumb drive weighs less than an ounce and is smaller by far than a ring of keys. They can also be much smaller and less obvious. Micro Vault USB drives from SONY are all roughly the size of a quarter and about as thin. USB drives also need not even look like a typical drive. Several manufacturers have incorporated them into phones and watches.
Regardless of their appearance, they are easily concealed and just as easily discarded or lost. Let’s take the issue of loss first before discussing drive lifespan and final disposition of the devices themselves.
We have already discussed the nature of the material most personnel store on their personal thumb drives, the information most useful to their day-to-day activities, sometimes a backup to files on another computer, sometimes the primary (and only copy) of the files themselves. Regardless of whether or not the files are only copies, they are likely to be considered “law enforcement sensitive.”
When an existing policy regarding agency data storage on USB drives is vague, the following litmus test can provide a practical guide: If your thumb drive were lost and subsequently found by a high school student who opened it and posted the information found within on the Internet, would that be a problem?
If the answer is “no,” then your information is mundane, likely available from the agency Web site and not in need of any more security than is commonly practiced for a wallet or other personal item. On the other hand, if it would be problematic for a high school student to release autopsy photographs, active case files, interrogation video, and sexually explicit evidence on the Internet, then some added level of security should be used to safeguard the drive and the data itself.
One of the reasons most personnel like their USB thumb drives so well is the same reason they should be wary of them. They are easy to use, small, portable, and they generally work on every computer they are plugged into. If a drive can be placed into any computer and work, it has the potential of sharing information with someone who shouldn’t have it. Still many people don’t take full advantage of the plentiful security features available on today’s USB drives.
Many people are familiar with the process of user name and password to secure and access data. Many drives come with software that incorporates this level of security, although these tools are usually disabled and require users to activate them. But at least one company has created a USB drive that will essentially self-destruct if the correct user name and password aren’t entered after a set number of tries. The Data Traveler Secure by Kingston includes a formatting feature built into the drive’s hardware. If 10 incorrect passwords are entered, the drive will disable itself and require reformatting (which deletes all the drive’s data) before becoming functional again.
Other security features in drives are also available from various companies including: encryption keys and the process of a person physically entering a PIN number on a series of keys on the drive itself. Several biometric options are also available, which require users to run a finger or thumb over a scanner built into the drive before being allowed access to the data.
Every mechanical device has a rated life expectancy, even devices without obvious moving parts, including USB drives. This should be a cause for notice if not alarm for some public safety personnel. USB thumb drives are still prone to writing errors after about 100,000 write cycles. While these minor errors can usually be overlooked by the drive, if enough of them occur, they have the ability to render the drive unusable and the data lost. So how long is 100,000 write cycles? This depends on the user and the drive use. If a device is only being used occasionally for data storage and retrieval, adding a document or presentation here or there, one could expect the device to exist trouble free for several years. Many manufacturers list 10 years as their standard.
But if the USB drive is being used to store application data such as a computer program that is accessed several times a second, the life expectancy could be much shorter. Physical hard drives like the ones running in a desktop or laptop are rated at around 5 to 7 years under normal circumstances and use. USB drives benefit from have fewer parts but lose from being smaller and more often transported in harsher environments like bags, drawers and pants pockets.
Taking into consideration the wear and tear most people put on work components and the ever-increasing storage capacity and diminishing cost of USD drives themselves, a reasonable standard of using a drive for no more than two years would be a generous life for a USB drive.
After a two-year lifecycle, the contents of the old drive can be copied to another source and then onto a new drive or device. The old drive should never be discarded, even after removing and deleting the data. The old data is usually retrievable regardless of what system or process was used to eliminate it in the first place. Physically destroying the drive and its components is the only true
way to assure the data will not be transferred to another source.
USB drives will not be the last advancement in terms of data storage for government documentation. History is replete with the examples of how we have maintained our most valuable data. And while there have been many diverse options throughout the ages, there have been more mediums available to us in the past 20 years than in all of the preceding years combined. This pace of change should be noted and reflected upon. In less than the course of a single officer’s career, computers have developed from vacuum tubes to tape drives to diskettes to optical drives to solid state storage. The progress will not stop there.
Administrators who do not understand these technologies, their use or necessity to the officer’s in their command are doomed to make poor decisions when establishing policies and procedures, reducing their agency and officer’s effectiveness. Agencies who collectively understand how these storage devices, and those to come, are being utilized by their personnel (not to be confused with how they feel they should be utilized) are already one step ahead of the technology curve.
Thomas M. Manson is the owner of Police Technical LLC and the technology editor for LAW and ORDER magazine. He speaks nationally on technology and law enforcement. He can be reached at firstname.lastname@example.org.
Published in Law and Order, Apr 2008
Rating : 9.6
Click to enlarge images.