There are an estimated 30 million video surveillance (CCTV) cameras in the United States, and some 1.5 million in the UK. An increasingly large number of these are connected to the internet, and constitute a major proportion of all devices that make up the Internet of Things (IoT). It now looks as though cops will soon be able to access any of these at will.
This may not come as a shock to many, who will likely view the news as an inevitable development of current technological trends. Privacy advocates everywhere, however, will do doubt weep onto the pages of their copy of George Orwell’s Nineteen Eighty-four.
The new system is the brainchild of computer scientists at Purdue University, and uses two key tools that were independently developed at the university:
1. The Continuous Analysis of Many CAMeras (CAM2) – this tool allows users to find and access public surveillance cameras in a given area. In this way it is much like Shodan – a Google-like search engine for the Internet of Things. CAM2, however, takes the concept further by allowing advanced video analysis methods to be deployed across thousands of remote cameras simultaneously.
2. The Visual Analytics Law Enforcement Toolkit (VALET) – “integrates large volumes of criminal, traffic and civil incident data into a single, interactive user interface to help law enforcement decision makers, analysts and officers identify crime trends and patterns, discover crime anomalies, and assist in allocating law enforcement resources.”Worryingly,
“According to a statistical analysis based on historical data, the software program includes temporal prediction algorithms to forecast future criminal, traffic and civil incident levels within a 95 percent confidence interval, meaning the estimates of the collected data could be reliably repeated and used to predict future behaviors or actions.”
So the new tool (which remains at proof of concept stage at the moment) allows police to hack into almost any of the millions of public CCTV cameras, and to usefully correlate the information it gains from thousands of simultaneous feeds.
The cameras are watching!
As David Maas from the electronic Frontier Foundation (EFF) told Wired,
“I can certainly see the utility for first responders. But it does open up the potential for some unseemly surveillance.”
In theory, the system is limited by the fact that it cannot access cameras that are password protected, but as a report on CNN Money report on Shodan (which is very similar in concept to CAM2) notes,
“What’s really noteworthy about Shodan’s ability to find all of this — and what makes Shodan so scary — is that very few of those devices have any kind of security built into them.
It’s a massive security failure,” said HD Moore, chief security officer of Rapid 7, who operates a private version of a Shodan-like database for his own research purposes.
A quick search for “default password” reveals countless printers, servers and system control devices that use “admin” as their user name and “1234” as their password. Many more connected systems require no credentials at all — all you need is a Web browser to connect to them.”
The system also does not tap into private video feeds (such as home security camera), but there is little either conceptually or technically to prevent it from doing so.
When you consider that systems such as this will almost certainly become wed to facial recognition technology such as that pioneered by FaceFind, the possibilities for pervasive mass surveillance take on a truly Orwellian tone…