Skip to main content

Hack Highlight #1: Secure evidence recording

This is the first in a series of blog posts where I'll be highlighting the hacks that came out of Hack the Police.

Tim Perry came to the hack with an open mind. He asked many people about where the opportunities were to build an app that would have the best impact on crime fighting and victim care - and then settled down to assemble a Secure Evidence Recorder.

Tim's app is a lightweight software alternative to taking paper notes, and waiting for a physical camera to arrive on scene to take photographs. It allows an officer to take their notes, photographs and video evidence with a mobile device - such as a smart-phone.

Some of the challenges of secure evidence recording are:
  • Where do you store the data once it has been recorded?
  • How do you show when and where that data was recorded?
  • Does the data stay on the device?
  • If so, will the device be seized as evidence?
  • How do you make these actions quicker and easier than pen, paper, and physical camera?
Tim's secure evidence recorder addresses many of these problems in a simple and elegant way. He stores the recorded data on a central server, and stamps the data with time and location information. This is then available to officers through a web-based interface back at the station where they can download and exhibit it however they need.

It means the data does not need to stay on the device, and it means the data itself is evidentially sound - as it cannot have been tampered with by the officer after its creation.

Tim spent the full weekend working on the app, and the result is something quick and easy to use. He demoed it to a room full of developers and police officers, who were all impressed by how swiftly he was able to take notes and store information using a mobile phone - including an audience photo. It was pretty clear how being able to take those photographs at the scene would save time and effort waiting for another officer to bring a camera down, and how easily his evidential notes could have been adapted to record a witness statement.

Tim won Best in Show for his secure evidence recorder, and has made the code for his solution available on github:

He's used HTML5 and Apache Cordova (also known as phonegap) to build the app which means it can be used across a range of devices.

For those who haven't already seen it, Tim's photograph with the Metropolitan Police Commissioner, Sir Bernard Hogan-Howe, is in the previous blog post on this topic: We hacked the Police!

So what's happening next?

That's a difficult question to answer. No police force in the UK yet has the infrastructure to support even simple apps. One of the goals of Hack the Police for the Commissioner's 100 was to show just how quick, cheap and easy this is to do. We've achieved that goal: and now we're working on proposals to help make the next steps happen.

The capability to deliver an app is understood by software developers and technicians to be a trivial problem with 3 parts: place the server inside your secure network, secure the connection between device and network, and distribute the app. 

(There are, additionally, requirements for managing the data we record - some of which is personal and must be protected. For those interested, the government's newest procurement programme: gCloud provides an excellent summary of Impact Levels and the requirement to protect services and data.)

App distribution can be handled through any existing private app store solution. The most challenging of those steps is the secure line between mobile device and network - but even that is well understood, and there exists excellent documentation and guidelines to allow this to be implemented very quickly by technical staff. 

However, to do this as a police force you need to overcome several challenges:
  • Complex contracts which hinder innovation, requiring lengthy procurement processes and expensive consultancy periods - even when the solution is already known. This makes it very  difficult to use a current provider to do the work.
  • The absence of staff who are able to perform unplanned technical work. This would render the entire project simple and affordable - but police forces have relied on 3rd-party contractors for a very long time, and as a result the skill base and knowledge required to take action for themselves has deteriorated to almost nothing.
Of course, once the infrastructure is in place, this opens the gateway for all manner of affordable improvements from small enterprises who can have a great impact on the cost and quality of policing.

Those are the issues we need to work around - and that's where we're working on creative solutions to help make these things happen - so we can help victims of crime the way we know we should.

Popular posts from this blog

Google Play Services with Android Studio

Edit: This post is extremely deprecated -- with prejudice! It was written in an era when Google Play Services were not well integrated with Android Studio project work, and Android Studio itself was in its infancy.

This is a very quick guide to incorporating Google Play Services with your new Android Studio project.

Edit: [16:20 22/05/2013] I'll investigate the runtime NoClassDefFound error reported in the comments, and follow up later!

Edit: [23:17 27/05/2013] I'm coming to the conclusion that - as many have already pointed out - you really do need to include the entire library project in your solution. I'll post an update once I've fully tested this. 

In the meantime, please consider the advice below to be deprecated!

The first thing to say is: I fully expect the advice and guidance about how to work in Android Studio to change over time. Android Studio is in early access preview right now, and I'll bet my bottom dollar (is that a thing?) that over time it becomes m…

What's the best way to handle the Android camera?

This article is adapted from a response I gave on Reddit to the question "What's the best way to handle the camera?" in r/androiddev...

The Camera and Camera2 APIs are far from painless to use. If you've ever written an app that uses the camera (embedded in an activity or not), you've almost certainly come up against orientation issues, stretched previews, or weird quirks that change from manufacturer to manufacturer...

There are three good libraries out there that can save you from many common pitfalls:
Google's (unofficial) CameraView library.Mark Murphy's CWAC-Cam2 library.Dylan McKintyre's CameraKit for Android library. Each has different strengths. If you don't have time to read this whole article, here's a quick rule of thumb:
If you want to capture photos in a full-screen preview, but you don't want to have to rely on the native camera app, then use CWAC-Cam2.If you want to embed a preview into your Activity, use CameraKit. It's f…

Manually Testing Web Services in Visual Studio

The first time you debug a web service after creating it, Visual Studio will launch the WCF Test Client - a very useful piece of kit - and preload it with the details of your service.

In this article, we'll look first at testing your WCF service, and then an all-too-familiar issue that might crop up and spoil your fun!

Using the WCF Test Client

The WCF Test Client looks a bit like SoapUI, and is pretty similar in purpose: It allows you to connect to a service, enter some parameters and submit them to any given service method to see what you get.

After the first time you run the WCF Client, Visual Studio will forget all about launching it again until you make significant changes to it - which means when you subsequently hit f5 or choose Debug, it won't run again. It's worth knowing how to bring it up...

You can find it again by launching the Visual Studio Command Prompt, and launching wcftestclient.exe from there.

Once connected, making use of it is as simple as filling in …