clock menu more-arrow no yes

Filed under:

Report questions security of Chicago surveillance camera network

A new report from the city's inspector general warns about the need for security involving the city's network of surveillance cameras. | Associated Press file photo

Chicago has spent nearly $140 million over the last decade to build a Big Brother network of 2,700 public safety surveillance cameras but has not taken steps either to limit access to authorized personnel or ensure that the system is properly maintained, the inspector general concluded Tuesday.

Mayor Rahm Emanuel did not dispute the findings of Joe Ferguson’s latest audit. Instead, the mayor promised to tighten things up.

“They have valid points about the need for oversight in the sense of access, etc.,” the mayor said.

Emanuel said there is no questions that surveillance cameras have been “extremely helpful” in fighting crime, particularly on the CTA.

But, he said, “What it highlighted was as it relates to access to those cameras. There wasn’t a uniform type of oversight. They brought up good points….We have made changes and we’re gonna make more changes. It highlighted some of the weak spots.”

Ferguson noted that the 2,700 public safety cameras in Chicago that are part of a broader network of 27,000 private and governed-owned surveillance cameras are a “powerful tool that requires diligent management” to make certain the network is fulfilling its “operational mission.”

The cameras are also a “vital component” of Chicago’s “security portfolio.” They enable public safety personnel to “monitor incidents, including criminal activity, car accidents and terrorist threats,” the inspector general said.

But the audit released Tuesday concluded that the city’s Office of Emergency Management and Communications had no “reasonable assurance that only approved personnel had accessed the surveillance system and used it appropriately.”

As evidence, Ferguson noted that Chicago Police officers at district stations used group log-ins at shared computer terminals to access all 27,000 cameras in the broader network and to make “directional and focus changes” to the 2,683 city cameras able to make such adjustments.

That helps to explain why, in 2012, the inspector general’s attempt to investigate allegations that a public safety camera was manipulated to avoid recording a police arrest was “impeded” because OEMC was “unable to trace camera access to a specific person,” Ferguson wrote.

The risk of such an impediment to both administrative and criminal investigations of wrongdoing “persists for all terminals with group log-ins,” the inspector general said.

“Any deficiency in the network’s operation creates a potentially serious safety risk, both to the public and to the first responders who rely on the cameras to provide information that often plays a vital role in assessing the scene of an incident prior to arrival,” Ferguson wrote in a letter that accompanied his latest audit.

“In addition, ineffective management leaves open the possibility of unauthorized and other inappropriate use of the cameras. Therefore, we encourage OEMC to adopt management techniques aimed at ensuring optimal performance of the public safety camera network and maintain the public trust.”

As troubling as OEMC’s inability to “verify that each user had the appropriate level of access” was the fact that OEMC could not “confirm the identifies of all persons with access to the public safety surveillance network.”

Ferguson said he asked OEMC to provide the criteria it uses to determine the level of access granted to incividual users.

“OEMC responded that it had no documented criteria,” the inspector general wrote. “Regarding the user lists OEMC used to conduct quarterly access review, neither the office nor [contractor] Motorola had the technical capacity to electronically generate a report of all existing user ID’s.”

Ed Yohnka, a spokesman for the American Civil Liberties Union, said the audit findings underscore the need for “publicly-adopted privacy standards that are debated and approved by the City Council.”

Chicago also needs “regular audits” to make certain those operating standards are being met and people’s privacy is being protected, Yohnka said.

“These cameras are a powerful surveillance tool with an ability of some of these cameras to zoom in and point and direct themselves in a way that could invade peoples’ private spaces,” Yohnka said.

“Other than public pronouncements, there has never been any assurance that privacy is being protected — and now we know they can’t guarantee it.”

Yohnka noted that Pittsburgh and Washington D.C. have “publicly-adopted privacy standards” that are audited every single year.

“That’s what should happen here. This shouldn’t have had to wait this many years for an audit to come out. The city should have been reporting on this. Not in some vague way, but in a specific way,” Yohnka said.

Yohnka noted that the first of Chicago’s so-called “blue-light” public safety cameras was installed in 2003. The network of city-owned cameras alone has system has grown to 2,700, even though OEMC officials told Ferguson the Police Department has “not installed a new POD camera for three-to-four years.”

“This system has grown up and been so pervasive without any kind of guidance about protecting peoples’ privacy. That’s a scary thing,” Yohnka said.

“You have this tool that has gotten increasingly more powerful and no structure in place to protect it from overreaching and looking into the private property, belongs and activities” of law-abiding citizens.

In a follow-up statement, the ACLU demanded a moratorium on new surveillance cameras until the city gets “a handle” on problems with the existing system.

OEMC agreed with the audit findings and has “already initiated corrective actions,” the inspector general wrote.

Late last year, OEMC began improving network access controls by replacing group log-ins with unique user names and passwords.

OEMC also plans to work with the Mayor Rahm Emanuel-chaired Public Building Commission to develop “performance measures for the camera network, improve contractor oversight” and explore “alternative arrangement for program management,” Ferguson wrote.

Since 2006, OEMC has spent $139.8 million to develop the surveillance network. The majority of funding has come from federal Urban Area Security Initiative grants doled out by the U.S. Department of Homeland Security, the audit states.

View this document on Scribd