Audit Your System
Uncontrolled access to data, with no audit trail of activity and no oversight would be going too far.
Audit programs serve a crucial oversight role in determining compliance with guidelines, analyzing effectiveness, and improving practices. They identify deviations from the standards required by law and other problematic practices. Without a clear accountability program in place, surveillance systems are destined to be misused and civil liberties violated.
A robust audit program should use a variety of mechanisms to ensure that the surveillance policies and procedures are followed. These include utilizing internal personnel to evaluate compliance with policies, employing independent external oversight, and specifying legally enforceable sanctions for violations. Recordkeeping must include the reason for each use of surveillance or access to information collected by the technology. Technical measures such as access controls and audit logs also must be in place, and they should be reinforced by automated audit mechanisms to monitor for misuse. Placing oversight authority with a city council or public oversight board may also increase the accountability of surveillance programs.
Strong oversight and auditing can help identify both isolated and ongoing abuses of surveillance technology, and legally enforceable sanctions can deter both. Audits should cover everything from data retention compliance to contractual requirements with third party recipients of surveillance information and internal technical controls. Audit reports should be available to the public, along with plans of action that are taken in response to any findings.
QUESTIONS TO ASK
- Have audit mechanisms been prepared for a given surveillance system?
- Will there be independent oversight and accountability processes?
- Are protections in place to ensure that audits be routinely updated to account for any changes to the surveillance system or its use?
Examples of Use
- Location::Fresno, CAAuditor helps Fresno enforce its surveillance policies
When the Fresno Police Department proposed a system of surveillance cameras, the city council required a periodic third-party audit to ensure compliance with internal surveillance guidelines. The city appointed a retired federal district court judge as auditor, who then examined the surveillance uses and made specific policy recommendations.