Can We Trust the Cloud to Protect Sensitive Law Enforcement Information?

Can we trust the cloud to protect sensitive law enforcement information? Today, the best answer to this question is - no pun intended - very cloudy.

There are good reasons to consider cloud storage - storage of large amounts of electronic information on servers hosted by third parties and located in one or more physical locations beyond those controlled by the party responsible for the data. The potential benefits are certainly there. Cost savings, outsourcing the tasks of keeping hardware and software operating and up-to-date, and relieving data owners of responsibility for constant backups, and additional on-site storage capacity are all clear benefits of a move to the cloud. Because of these benefits, law enforcement, like many other industries, will be attracted to the immediate benefits of a shift to the cloud, particularly during times of austerity.   

However, unlike many private businesses, prosecutors and law enforcement officers have moral and practical duties to protect the accuracy, reliability, security, availability and discoverability of data they control. The risks are far from hypothetical, as the publicly reported, August 2011 hack of 76 American law enforcement websites hosted by a private service provider reminds us. Stories like this highlight the real risks of law enforcement data breaches and amplify the need for responsible and secure choices in information management.    

But what is right for law enforcement officials and what are the challenges they face? Simply stated, justice, in a law enforcement context, largely depends upon certainty. Varying levels of certainty are required depending upon what the government wants to do to an individual - search, arrest, or send the person to prison. Evidence, in turn, must have a measure of reliability in order to be considered by a judge or a jury against their fellow citizens.  How likely is that evidence to be accurate, unaltered, and truthful?  Benefits, privileges, fortunes and even lives turn on the reliability of evidence. 

The system has never been perfect. Long before the Internet, sensitive law enforcement information was lost or tampered with, locked files and even safes were compromised, corrupt officers occasionally falsified evidence, and accidents happened.  Today, with the growth and global proliferation of the Internet, we have entered a new era of information management with cloud solutions at the forefront. How we move to the cloud - that is, how responsible we are with shifting large amounts of citizen data to cloud solutions? - is of paramount concern.

Luckily, we can identify some logical and pragmatic concepts that can help guide our decision making when considering the cloud for law enforcement information. 

Type of Information. Broadly speaking, law enforcement collects two types of information. The first is data created by others but collected and stored by law enforcement. Such information often will be used as evidence in investigations or at trial.  For these records, it is important for law enforcement to be able to authenticate the record or show that the record is what it purports to be and has not been altered from its original content. 

The second type of information is information created in the first instance by law enforcement officers themselves, where the authors can independently verify that the record accurately reflects the underlying information. 

Some types of electronic records will include both types of information.  Constitutionally protected information, sensitive law enforcement sources and methods, and the private information of individuals should be stored in ways that leave such information within the control of law enforcement officials accountable to courts. To the extent law enforcement steps into cloud storage, the law enforcement-generated information might provide a good testing ground to evaluate the feasibility of cloud storage for at least some of this type of information, and to develop and test controls and protections for cloud storage.

Importance. Not all issues in criminal proceedings are equally important and not all records are equally vital to deciding an issue. The more important an electronic record is to a prosecutor's case - or a defendant's innocence - the more rigorous the storage, handling and access-tracking requirements should be. This is true not only for constitutional, statutory and fairness reasons but because judges and juries will rightly demand more certainty where the stakes are higher.

Sensitivity. Some types of law enforcement data, such as grand jury information or communications intercepts are protected for constitutional reasons. Other information - e.g., banking, tax, healthcare, associational records, video and audio recordings, and DNA evidence - is at least as sensitive, not just for defendants, but for victims, witnesses and innocent third parties. Any potential cloud storage solutions must include strict limitations, enforced by technology on how this information can be accessed and used. But for now, these kinds of information should be kept under strict law enforcement control likely not available with most types of cloud storage.    

The permissibility of, and conditions for, law enforcement cloud storage likely cannot be resolved by law enforcement alone, through "opt-in" notice approaches, or other solutions frequently used in commercial contexts. These complex and evolving issues will require sustained legislative and judicial decision-making and oversight. We cannot wait until significant harm occurs before we act - we must get it right from the start. Getting it right means ensuring that the cloud solutions we choose are giving us the requisite certainty and security we need to truly achieve justice.