96 N.C. L. Rev. 1475 (2018)
Prepared for the North Carolina Law Review symposium on police body-worn cameras (“BWCs”), this Article shows that BWCs can be conceptualized as an example of the Internet of Things (“IoT”). By combining the previously separate literatures on BWCs and IoT, this Article shows how insights from each literature apply to the other.
Part I adopts the IoT definition of (1) a sensor connected to the Internet that (2) stores and/or processes data remotely, typically in the cloud. Applied to BWCs, the camera is a sensor, and the video footage and related data are stored outside of the original camera, often in the cloud.
Building on this equivalence of BWCs and IoT, Part II examines lessons from the substantial IoT literature for BWC privacy and cybersecurity. Part II systematically examines leading industry standards and Federal Trade Commission guidance that could be used to develop applicable criteria for good practice for BWCs. Analysis of this literature suggests three themes for operationalizing these best practices. First, police departments can and should learn from the IoT literature to improve privacy and cybersecurity for BWCs. Second, police departments should use their bargaining power to demand security and privacy best practices from their vendors. Third, where departments lack the in-house expertise to handle BWC security and privacy they should seek it from outside institutions or consultants, including from outside experts in IoT security and privacy.
Part III examines two areas where study of BWCs might offer lessons for the broader domain of IoT. First, to protect police officer privacy during breaks and for other reasons, BWCs are not always on. By contrast, IoT best practices to date have not emphasized the implications of toggling the sensor on and off. Second, an important debate for BWCs is how to promote transparency—to provide accountability while protecting individual privacy. In this respect, BWCs are an application of technology where public disclosure of the entire data feed is a higher priority than for most other IoT applications to date. Studying this debate can inform other IoT debates about when to open full data feeds to the public, consistent with privacy and cybersecurity concerns.
Privacy and cybersecurity risks will continue to evolve for both IoT generally and BWCs more specifically. Recognizing the overlap of these two usually distinct discourses can offer assistance to those in both realms as they face the new risks.