Loss of Dallas Police evidence could have been easily avoided, experts say

As local and federal authorities investigate loss of at least 22.5 terabytes of data, Primarily from Dallas Police investigation files, the probes seek to answer two basic questions: How could an employee have caused the massive loss, and what could be done to prevent something similar from happening. reproduce?

IT and cybersecurity experts who spoke with The morning news from Dallas said a loss of this magnitude could have been easily mitigated – or avoided altogether – if basic safeguards had been in place to protect sensitive data.

“I am disappointed with the lack of controls, disappointed that this is happening and surprised that such a big mistake could have happened,” said Dr Costis Toregas, director of the Cybersecurity and Privacy Research Institute at George Washington University. “If this was a small community with a part-time IT guy, I could understand, but we’re talking about the city of Dallas. “

The the city said the employee responsible for missing evidence lost data on at least three occasions, prompting the FBI to launch its own investigation into whether was intentional. The Dallas Police Department previously cleared the employee of intentional wrongdoing.

The employee, who declined to comment The news, has not been charged with a felony.

“Did not follow the established procedure”

The first known deletion occurred after the employee, who has since been fired, “failed to follow proper and established procedures,” the city said in a written statement.

The loss occurred in late March, when the employee was supposed to move 35 terabytes of data from online storage to a physical drive in the city. The procedure was to take about five days.

But the employee “didn’t follow proper procedures” and ended up deleting the files from the city’s network drive, Dallas Chief Information Officer Bill Zielenski told city officials at the meeting. a meeting last month.

The employee canceled the deletion when co-workers told him files were missing. By that time, 22 terabytes had been lost.

Officials said 14 terabytes were recovered from that first batch of data. But at the end of last month, officials discovered an additional 15 terabytes of missing data. Officials say the current loss is about 22.5 terabytes of data, the equivalent of about 7,500 hours of HD video; about 6 million photos; or 150 million pages of Microsoft Word documents. But the ongoing audit, which is expected to be completed later this month, may reveal more.

The city did not alert the Dallas County District Attorney’s Office of the loss until early August. District Attorney John Creuzot then wrote a note to defense attorneys about the missing evidence, which informed the public of what had happened.

The audit also found that the employee had an “error pattern” and had lost data on at least two other occasions.

In a note last month, Dallas City Manager TC Broadnax outlined new policies, including notifying city officials of any data breach within two hours of becoming aware of it. Two IT staff will now oversee the movement of all data. In addition, a 14-day waiting period will be instituted before the data is permanently deleted, and a review will take place to analyze how the city stores and archives the data.

The data must have already been backed up several times

Toregas said having two employees overseeing the movement of all data should have been a procedure to start. Other procedures that could have mitigated the loss, Toregas said, include aggressively managing the directory of people with access to the data and segmenting the data so that large areas cannot be affected at once.

Andrew Wildrix, chief information officer of INTRUSION, a Plano-based cybersecurity firm, said that if he had to guess, the employee was moving the data instead of copying it. If that is what happened, Wildrix said, it was a fundamental mistake.

“I imagine that an organization of this history and of this size would have put in place safeguards, but obviously those were ignored,” he said.

The storage of large amounts of evidence, files and police body camera footage on dilapidated physical hard drives has been overtaken by the volume of digital evidence, said Johnny Nhan, professor of criminal justice at Texas Christian University.

Almost all police investigations now have a digital component, whether it is a laptop or cell phone recovered from a crime scene or digital evidence, which must be copied to police servers and retained, Nhan said.

“Any kind of crime scene requires some sort of data storage, so it’s becoming more and more important,” he said. “As there are more IT requirements, storage is going to be a problem, just preserving digital data is going to be a problem in the future. “

Nhan said modernized data storage practices include paid “cloud storage services”, which automatically back up data and upload large amounts of footage like video from the police body camera. These systems create copies and “multiple levels of redundancy” of data, which helps restore files in the event of loss.

“If (the police) have a diligent IT department, then this data would be backed up more than once,” Nhan said.

Ed Claughton, managing director of PRI Management Group, a company that provides criminal justice, computer and data management services to criminal justice agencies, said data loss typically occurs when data is downloaded or migrated to a new system or server, but it’s’ I’ve never seen so much data go missing.

Claughton said the best data loss mitigation effort is to have a “two-part validation process,” where two people must approve or review each step of data transfer or deletion. He also suggested that departments “map” where data is stored and back up any critical data before deleting it from somewhere.

The city said it was conducting a “top-down assessment” to improve its systems and processes, and now requires two people, not one, to handle file transfers to ensure that no steps are taken. is missed – in accordance with Claughton’s recommendations.