A visionary perspective

Back in November 1999, the forward-thinking British Bankers' Association's Security Liaison Group decided to form a Working Group. Its short-term aim? To address the potential end user-related issues arising from digital CCTV.

System management and the use of digital images in court were but two of the technical strands up for consideration. Longer-term, the aim was to produce a set of guidelines for businesses and retail organisations. A reference point for the correct installation, management and use of digital CCTV.

The Group – comprising representatives from the Metropolitan Police (Flying Squad), Lloyds TSB, the HSBC Bank, Barclays Bank, the Royal Bank of Scotland and the Building Societies' Association, and chaired by Alan Townsend of the Flying Squad – has just produced its initial report. It makes for very interesting reading.

When considering digital CCTV, the Working Group first identified areas of concern highlighted by both end users and the police alike. These centred on the term 'original image', the integrity of digital images (ie admissibility and weight of evidence, and continuity of evidence) and how digital recording fits in with the Data Protection Act.

Original and reference images
As is the case with any computer-based record, it's pretty much impossible to state which of any number of copies is indeed the 'original'. The House of Lords report 'Digital CCTV As Evidence', published in 1997, states that: "The original is the data first recorded in memory. Thus any printed or displayed image created from these data is a copy. Consequently, digital recording technology provides no original that could be used in evidence. All that is available for use in evidence is a copy of the first – probably temporary – recording in memory. This will be admissible as evidence."

End users should be clear on this issue. The fact that there is no so-called original image does not disqualify a digital image (or series of images) being admissible as evidence. The issue at stake, however, is the weight carried as evidence that can be ascribed to an image. Ultimately, the trial judge must be the arbiter here. In essence, to prevent an image's evidential weight being seriously challenged by the defence, the industry at large must be able to prove the reliability of the referenced image presented at all stages.

In the first of its recommendations, the Working Group report states that: "A 'reference' digital image for investigative and evidential purposes is the first copy of the camera-captured image written from the initial capture storage medium of a digital image CCTV system to some form of non-volatile storage medium, such as a CD-Rom drive. It is this image which represents 'best evidence'".

Preferably, this process should be carried out simultaneously to more than one such media, states the Working Group's report, "with two separate audited paths to substantiate the camera captured evidence in a court of law where one of the reference image(s) corroborates the other(s)".

One of these images will then become the official image to be used as evidence, the second acting as the 'working copy'. Security managers and control room supervisors take note, here... If you are the one doing the copying, you will have to make a statement to that effect for continuity of evidence.

A question of integrity
The integrity of a given digital image is another thorny area. To maximise an image's weight in evidential terms, end users must ensure that certain data is captured along with that image. The date and time of image capture is most important, for instance.

It's also imperative that the physical, geographic location of where the CCTV system is installed (bank and building society security managers should include the sort code here), details of operating mode (systems can be set up to be 'always on', on raid or motion settings) and image height, width and number of pixels are all captured.

All of this data should be captured at the same time as the image itself, and uniquely associated with the captured image in some way. Importantly, states the Joint Working Group report, the data should also be written to a distinctly separate audit log (which must be secured such that it cannot be edited). Audit trails may be generated automatically by the system or manually through typical documentation. The former is the preferred option for end users (of which more anon).

Digital watermarks have been offered as a solution by some practitioners, but doubts remain as to how effective these would be if an image were reconstructed from a 'master' and data frame on a typical 'conditional refresh' system. Adding a mark of this kind would also mean tampering with the image, which could reduce its credibility in court.

The Working Group also recommends that, where dedicated software is needed to extract and display images, the evidential storage medium for the reference image(s) ought to contain viewing software that's appropriate to the CCTV system from which the images were initially captured.

Retaining your digital evidence
CCTV end users must make sure that they have in place procedures for the secure retention of evidential images. Procedures that are in accordance with the Criminal Procedures and Investigations Act 1996 Code of Practice (Duty to Retain Material, paragraphs 5.1, 5.7 and 5.8 of the Code). At the very least, these procedures must always be enforced:

• until a decision is made as to whether or not proceedings will be instituted;
• (if proceedings are instigated) until the accused is acquitted or convicted, or the prosecutor decides not to proceed;
• (where the accused is convicted) until released from custody or six months from the date of conviction in all other cases;
• if an appeal against conviction is in progress when the release or discharge occurs, or at the end of the six-month period until the appeal is finally determined;
• if the Criminal Cases Review Commission is considering an application at that point in time, until the Commission decides not to refer the case to the Court of Appeal – or until the Court determines the appeal resulting from the reference by the Commission.

The viewing of images on site can also be a major bone of contention. End users should note that, subject to the appropriate access and user authority levels – which, incidentally, you must document – there is no objection to images being viewed on site.

That said, witnesses to a crime (ie one of your officers) should not be allowed to see any pictures prior to them having made a police witness statement. On certain occasions it may be allowable for witnesses to view images under controlled conditions, as long as there has been consultation beforehand with either the police or the Crown Prosecution Service.

Audit trails are all-important
The Working Group's overriding conclusion is that a 'full and robust' audit trail must exist for any video images that are captured and subsequently used in court as evidence.

Such a trail must begin at the instant the image is captured by a given camera lens "and continue through every automated and non-automated process to the production of the image at any subsequent trial – and this applies to both the electronic and printed formats".

Remember, too, that your CCTV systems should always be operated in accordance with the conditions laid down in the Code of Practice produced by the Data Protection Commissioner's Office in relation to the Data Protection Act 1998.

Documented operational procedures must exist to cover regular checks of the system time and date, hierarchical controls and passwords for access to the operations within the system and end user controls and responsibilities regarding disclosure of data.