Consumer surveillance cameras are everywhere now, and they’re capturing moments we otherwise would never have known happened.
The computers are watching.
Imagine if you lost your keys and instead of fishing around in the couch cushions, you could just pull out your phone and search for them. Just a quick, textual query with a quick response that they’re on your desk, you doofus. This is not only possible; it’s possible now, and it’s almost as intriguing as it is terrifying.
Today at Microsoft Build, the software giant’s annual conference for developers, Microsoft showed off exactly this sort of tech. By melding things that have already been around for a few years—machine-learning powered image recognition and consumer-grade cameras—with the ludicrous computing horsepower in the cloud, Microsoft is able to index people and things in a room in real time. What that means, practically, is that if you can point a camera at it, you can search it:
Once you can identify people and objects by feeding the computers images of Bob and jackhammers so they can learn what each of those things look like, you can start applying a framework of rules and triggers on top of the real world. Only [Certified Employees] can carry the [Jackhammer] and [Bob] is a [Certified Employee] so [Bob] is allowed to carry the [Jackhammer]. The limits to what kind of rules you can make are effectively arbitrary.
It’s extremely impressive, and Microsoft’s pitch for using this technology on factory floors and in hospitals belies another truth: it’s also extremely terrifying. The cliché here is to gesture at notions of Skynet, but the real dangers are far more grounded than some kill-all-humans fantasy.
The privacy implications, which Microsoft didn’t venture to mention on stage, are chilling even in a hospital or factory floor or other workplace. Yes, systems like this could ensure no patient collapses on a floor out of sight or that new hires aren’t juggling chainsaws for fun. But it also would make it trivial to pull up statistics on how any employee spends her day—down to the second. Even if it is ostensibly about efficiency, this sort of data can betray all sorts of private information like health conditions or employees interpersonal relationships, all that with incredible precision and at a push of a button. And if the system’s not secure from outside snooping? Woof. The concerns explode exponentially.
And of course the creepiness only increases if you imagine the spread of this technology to places like the home,though at least there users would theoretically have to opt in. That is, unless a hacker or company decides to surreptitiously apply this sort of computer vision to the cameras already in your home or just steal the footage and apply the machine eyes after the fact.
it’s a sort of instant, god-like omnipotence
Perhaps most concerning though, is the idea of this tech in the public sphere, where relative privacy is a given but only thanks to obscurity. You can be effectively “alone” in a mall or coffee shop only because it is difficult to look for you. If applied to security systems and other live video feeds, this sort of technology gives those with the power to search through it a sort of instant, god-like omnipotence. That has chilling implications whether that power is in the hands of a disgruntled IT guy or the FBI. All that’s to say nothing of the implications for ad-targeting, and all the companies that would have a vested interest on building a dossier about you specifically, not because you are particularly interesting but just because you buy things sometimes.
Artists and technologists have been grappling with this coming privacy nightmare for years with anti-surveillance gear that runs the gamut from makeup to glasses to gadgets. It’s been easy to dismiss these measures as art or dystopian fantasy, but it’s getting more difficult not to take them seriously.
There’s no doubt, of course, that dynamic image recognition would have huge benefits and could save countless lives much in the way Microsoft’s demo indicates. But without strict rules or regulations, these smart cameras could cross all kinds of privacy lines before we even know it.
The tech is moving fast, and sooner or later, cameras like this are undoubtedly coming to a workplace near you, and Skynet is the least of our worries.
ACCESSING INFO BY HACKING INTO CCTV SYSTEMS
A US security expert says he has identified ways to remotely attack high-end surveillance cameras used by industrial plants, prisons, banks and the military, something that could potentially allow hackers to spy on facilities or gain access to sensitive computer networks.
Craig Heffner, a former software developer with the National Security Agency (NSA) who now works for a private security firm, said he discovered the previously unreported bugs in digital video surveillance equipment from firms including Cisco, D-Link and TRENDnet.
They could use it as a pivot point, an initial foothold, to get into the network and start attacking internal systems.
Craig Heffner, security expert
“It’s a significant threat,” he said. “Somebody could potentially access a camera and view it. Or they could also use it as a pivot point, an initial foothold, to get into the network and start attacking internal systems.”
He plans to demonstrate techniques for exploiting these bugs at the Black Hat hacking conference, which starts on July 31 in Las Vegas.
Heffner, who now works as a vulnerability researcher with Tactical Network Solutions in Columbia, Maryland, said he has discovered hundreds of thousands of surveillance cameras that can be accessed via the public internet.
In 2011, the $7 million security camera system at Parliament House in Canberra was found to have ”critical” security deficienciesthat left the building vulnerable to attack, according to a whistleblower’s report.
Heffner said he has figured out a real-life version of the familiar “Hollywood-style” attack that has become a fixture in action films. He can freeze a picture on a surveillance camera to help thieves break into facilities without detection.
He has not discussed his research with the camera makers, he said, and does not plan to do so ahead of his presentation at the hacking conference.
Cisco, D-Link and TRENDnet said they would take any appropriate action that might be needed to secure their equipment after the Black Hat presentation.
Heffner’s presentation is one of more than 100 talks at the annual gathering, which is expected to attract 6500 security professionals who will learn about the growing threat hackers pose to businesses, consumers and national security.
Other talks will explore threats to Microsoft Windows and Apple systems, mobile phone networks, medical devices and systems that control industrial plants.
All research presented at the conference is vetted by a review board of 22 security experts.