Seems crazy to me that they don't encrypt the videos on the device given how much personal information about other people can be on there. There is a full video of the inside of someone's house in that feed. Couldn't they just have some kind of public/private key encryption, where they put the public key on the bodycam and have it encrypt all the videos it takes? Then you could just decrypt them at the station with the private key.
PKI is insufficient protection in this case. If someone obtains the hardware and has a few years to sit on it, it is possible that private keys can eventually be broken (or compromised via other channels).
Hardware security. These devices should have been built from day 1 with the idea that they would eventually need to be retired from service. They could be designed to self-destruct their own memories if a certain signal is not received within a certain timeframe. Procedures would be built around this such that cameras would need to be periodically checked-in for audit and refresh of the hardware kill timer. If an officer fails to check in a certain camera (presumably with the intent to expire the hardware timer), you could assume malicious intent and have whatever arbitrary penalties to discourage this behavior. Set the timer at 48~72 hours and it would be virtually impossible for even the most sophisticated attacker to physically breach the HSM in time for extraction of the data/symmetric key.
Combine this with a PKI and you should then have a solid solution. If you want maximum traceability, you could throw in LTE or satellite connectivity for logging major audit events or triggering certain device features remotely.
You could spin any bullshit story around any device. If you do not have some degree of discipline with your meatspace domain, there's no hope for the hardware domain either. Even the most secure devices on earth can eventually be compromised if you allow all policy to fall away and just let the hardware fend for itself.
The police can and should be held to a higher standard regarding evidence and chain of custody. The tools are only half of this picture. It is a synergistic approach.
I think symmetric encryption would be fine here for simplicity. When it's time to wipe the drive, securely erase the key.
I'm curious as to who is responsible for not properly erasing the files: the IT department, or the manufacturer. It could be that the station didn't wipe/reset the cameras before selling them. Or they only reinitialized the file system. Or the firmware's reset function only reinitializes the file system rather than shredding the contents.
I just sat a sales presentation for a competitor's body cameras a few days ago. The cameras, in that case, are completely "black box" and no mention of threat models associated with the authenticity, confidentiality, or integrity of the data on the cameras was made. The particular cameras I saw pitched record continuously, and a "supervisor" is capable of accessing the raw buffer to extract video that an officer didn't otherwise flag as an "event" by way of a "password".
I can only imagine that the information security story around all of this kind of hardware is probably pretty awful.
