Allegheny County Judge Terrence O'Brien heard arguments Friday in a dispute over more than 1,000 security cameras operated by District Attorney Stephen Zappala's office in and around Pittsburgh.
The Harrisburg-based newspaper The Caucus first reported in August that at least some of the cameras were made by the Chinese companies Dahua Technology Co. and Hangzhou Hikvision Digital Technology Co., which were both deemed to be so vulnerable to domestic and foreign hacking that the Department of Defense blacklisted them in 2019.
The case Friday concerned whether journalists should get access to the make and model of all the devices, as well as the identity of the third-party firm that monitors the regional network. The state Office of Open Records has ruled twice in the newspaper's favor. On Friday, Zappala's office mounted its appeal.
“If we’re required to make this public, we’re losing seven years of a working (camera) system,” said attorney Charles J. Porter, who represented the district attorney's office in court. He said any further disclosure would increase the risk of hacking, which attorneys representing The Caucus said could be a good thing, and even help galvanize partnerships with people at the forefront of cybersecurity.
Porter acknowledged that experts at Carnegie Mellon University or elsewhere might be able to help plug vulnerabilities, but opening information to some would mean opening it to all.
“This isn’t a system where we can say the white hats can have it and the black hats can’t,” he said. “You’re in a never-ending battle to not get hacked.”
Aemon Dowd, a third-year law student at the University of Virginia and a member of its First Amendment Clinic, argued on behalf of The Caucus that greater scrutiny could include not only the make and model of the network’s devices, but also whether the third-party firm contracted by Zappala is a safe and appropriate choice, if that firm is fairly compensated and how and why the county is collecting data on its citizenry.
Porter told the judge that the surveillance network, which he said went online in 2013, has never been breached.