The proliferation of digital CCTV systems on both sides of the Atlantic – and an increasing reliance on digital video evidence to support criminal prosecutions – makes it imperative that the worrying gap which currently exists in terms of the handling and admissibility of this evidence is bridged by the introduction of effective standards.
Here in the UK we're enthusiastic advocates of CCTV technology in all of its guises, and have long set the benchmarks for others across the globe. Today, there are an estimated 4.5 million cameras installed and operational across the country. Indeed, this pre-eminence in surveillance certainly shows no signs of abating. If anything, it's gaining momentum as the very latest fourth generation digital systems come on stream.

Most commentators would agree that the digital revolution sweeping through the CCTV world is capable of delivering substantial benefits for end users, encompassing all factors from flexibility of operation through to bottom line economies. Certainly, the technology is fast outstripping the potential of older analogue systems. Digital video recorders (DVRs) and video servers now consistently outperform multiplexer/VCR combinations. Less time is needed for maintenance (ie cleaning VCR heads) and end users no longer suffer from the headache of having to constantly change tapes.

In fact, with the advent of low cost, high capacity disk drives, the latest digital systems are more than capable of recording for as many days as a user's Data Protection policy stipulates before being overwritten... thus removing the need for any sort of tape library altogether.

Ensuring evidential validity
Sadly, where matters become confusing for end users is the time when data needs to be stored outside of the hard drive onto another medium such as CD or DVD in order to preserve incidents. There's currently no agreed method for ensuring the validity of such material. This factor is particularly critical given the widespread use of images captured for evidential purposes, the relative ease with which these digital images can be altered and the variety of authentication solutions offered by manufacturers. It's vital that this situation changes sooner rather than later so that there can be the same confidence in digital media as there is in a VHS tape extracted from a traditional VCR.

As an issue, the subject of authentication is simply not going to disappear. A new survey conducted by the Security Industry Association in the US has also served to underline the importance of clarity in this whole area. Of those involved in law enforcement that were surveyed, 79% said authentication of images was of 'paramount' importance (and 21% felt it to be 'important') that digital video images are admissible in Court, while 97% felt that there is a pressing need to establish standards for system users. In all likelihood, a survey of the police in the UK would throw up comparable results.

Until now, standards have simply not been in place to provide definitive guidance in this critical area. Not wholly surprising, given that digital CCTV is still a relatively young technology. However, matters are about to change, with a concerted effort being made through the British Security Industry Association (BSIA) to produce a recognised Code of Practice for Digital Recording Systems that's centrally focused on image review and the use of captured images as evidence.

The hope is that when it's eventually published, the Code should at least help to dispel some of the myths regarding the admissibility of digital evidence and provide an invaluable reference point for all interested parties – be they end users, the criminal justice system or security manufacturers and installers.

The actions we take on this issue in the UK are being closely watched in the US and elsewhere, a fact that was only too apparent to BSIA representatives at the recent meeting of the Security Industry Association held during the ISC West Exhibition in Las Vegas. Indeed, the Security Industry Association is also in the process of considering the way forward on digital evidence.

Those responsible for writing industry standards in America are taking a keen interest in progress on this side of the Atlantic, a point referenced by the Chair of the Scientific Working Group on Imaging Technology created by the FBI to provide effective guidance for the use of imaging technologies. The Group is looking at guidelines produced by our very own Police Scientific Development Branch.

CCTV: the move to digital
Until now, there's been a great deal of uncertainty surrounding the handling of digital video evidence. At this point, it's perhaps appropriate (and useful) to take a step back to the early days of CCTV in the late 1970s. CCTV has really gone through four distinct generations since it was adopted as a widespread tool for the security industry, with each of those stages offering greater flexibility and improved economics.

The first CCTV generation comprised extremely basic one-to-one systems. It was really the next generation where CCTV adopted a more familiar form, with the introduction of the now-ubiquitous analogue time lapse video recorder. A big step forward also came with the video multiplexer, a considerable number of which are still in operation today. For the first time, a multiplexer – in conjunction with a time lapse video recorder – could rapidly switch around all connected cameras. Information displayed was also greatly improved with the support of multiple image formats, including quad, 9-way and 16-way.

The third generation heralded the advent of digital, with the earliest digital hard disk recorders and the transmission of images across telephone networks. Something which was only feasible with new digital hardware – CODEC (COmpressor/DECompressor).

However, it's only in more recent times that the true potential of this type of technology has started to emerge in the fourth CCTV generation with the advent of large storage digital video recorders and network-based video servers combining multiplexer, digital recorder and transmission capabilities into one system.

Of course, as the uptake of digital CCTV technology has grown dramatically – it's expected to increase by one third during the next five years across Europe – it's perhaps not surprising that questions have been raised regarding image authentication. After all, given the history of CCTV, end users, the judiciary and the police service have all become accustomed to dealing with tape-based evidence over the past three decades. Naturally, then, there'll be a tendency to want to handle digital material in exactly the same way as the older analogue format.

With a standard VCR, ‘tape detectives’ had the reassurance of being able to physically touch the original as this was the medium used for direct recording. Not so with digital, as images have to be taken off the hard drive where the original evidence is

The weight of evidence
The reality is that digital evidence is different.

A difference which, if handled correctly, can deliver positive benefits. By their very nature digital images don't degrade, it being perfectly possible to make copies without eroding detail or quality. For the criminal justice system and the police, this obviously requires a change of approach.

With a standard VCR, 'tape detectives' had the reassurance of being able to physically touch the original as this was the medium used for direct recording. Not so with digital, as images have to be taken off the hard drive where the evidence is stored and copied onto removable media.

With the right verification measures in place, if an incident occurs there really should be no need to take the whole DVR unit away (as is often the wish of the police!). Instead, the police officers attending the Control Room should be able to bag and tag the evidence and treat the CD as a master copy which is then presented to the Court.

It's really all about having a verifiable audit trail. If this isn't in place then the weight of evidence may be less significant. Effective water-marking can add credence to evidential material, allowing images to be authenticated by way of proving they have not been tampered with.

Where digital video evidence is concerned, few could argue that there isn't a pressing need for a standardised authentication process such that there can be no question marks regarding the admissibility of such images in Court. Most manufacturers of DVRs will have their own methods of image verification. Usually, a proprietary key is used to verify images which is only known to that particular manufacturer and is normally packaged in authorised software.

Sadly, this is only as secure as the proprietary key itself. If this is successfully hacked into and unlocked then that protection will evaporate, leaving all evidence generated by that method open to being dismissed in Court. It's a bit like leaving a key in your front door which a criminal could then make a copy of and bring back at a later stage to gain entry to the premises. The security that your lock once gave to your house would have disappeared.

In the case of software-based protection, once the key is known it's perfectly possible to alter images, apply another digital signature and have this verified as if it were genuine.

MD5 watermarking explained
One authentication method which appears to be gaining ground (and seems to be the preferred option of the Scientific Working Group on Imaging Technology in the US) is MD5 watermarking. This widely-adopted algorithm is analogous to those systems used by banks for money transfer. When applied to digital images this type of coding is capable of producing a verifiable audit trail.

In practice, a unique 128-bit value is generated which represents a watermark or 'message digest' of the contents of the digital data stored in a file. If digital evidence is submitted to the police – on a CD, for example – the MD5 watermark data is documented in a watermark certificate in the form of a unique 32-character string of letters and numbers. The certificate can then be sealed in an evidence bag.

The key advantages of this approach include the fact that image data cannot be altered without detection. In addition, there's no need for a digital signature to be added to the image header (as is often the case with other types of proprietary system). As mentioned earlier, there's no reliance on a series of software keys which could conceivably be hacked into, and the end user is able to verify the authenticity of an image to ensure that it hasn't been changed in any way by running a second MD5 algorithm.

Thankfully, any doubts which remain over the validity of digital video evidence and the weight it can be given in Court should be alleviated as new standards on digital video evidence are brought into the public domain, both in the UK – through the BSIA – and in the US by way of the Security Industry Association and the Scientific Working Group on Imaging Technology.

As 'end users', the police (and the Courts) will have the guidance they need to make informed decisions regarding the validity of specific images delivered by digital CCTV. Effective prosecutions can be made, and the positive benefits of the very latest CCTV systems will come to the fore.

Source

SMT

Postscript

Pauline Norstrom is marketing manager at CCTV solutions developer Dedicated Micros, and is a member of the BSIA Working Group formed to write the Code of Practice for Digital Recording Systems