The story thwarted by the Milan postal police, in the “Window on the courtyard” operation, must make us reflect. Thousands of images taken, even live, from video cameras located in public and private places such as apartments, changing rooms, gyms, bathrooms, all for only 20 or 40 euros, payable in Bitcoin or via Paypal, to have unlimited access to life in return. of so many unsuspecting victims, adults and minors.
Yet, for years we have been bombarded with the message that more cameras mean more security. The mayors praise the installation of new cameras in parks, squares and streets while online home video surveillance systems can be bought for a few tens of euros, easily accessible remotely via smartphone. All to feel safer. Too bad that in many cases, as this story demonstrates, the truth is very different. Without detracting from the “merit” of the criminal activity carried out with quasi-entrepreneurial methods, many of these violations would not have been possible if two lessons had been kept in mind.
The case
Warning: in San Francisco there is a self-driving car that spies on you
by Vincenzo Borgomeo
Not a question of if, but of when
Any system or device connected to the network is hackable, with sufficient time and resources. If attackers have managed to gain access to the iPhone of Jeff Bezos, one of the richest men in the world and creator of Amazon, one of the best known big techs, recently also to sell private surveillance systems, access our devices cannot be considered such an unlikely event. But if it took time and money for Bezos to develop the right attack, as far as wi-fi routers, cameras, robot vacuums are concerned, the matter in some cases can take a few minutes.
Many of these devices have a very simple default installation password, usually “admin” or “0000”, to accommodate users. Password that is never changed, including that of the home wi-fi router, which allows easy access for more experienced users. If the idea of changing that password also comes up, the annual results of the passwords found in the leak attacks around the world confirm that the list of the top 20 most used passwords never changes too much from the classic “123456”, to “password” or “qwerty”.
This obviously happens for convenience, given the difficulty of remembering them and the still poor adoption of convenient tools such as password managers, capable of creating long and complex passwords and inserting them in the services we use almost automatically, when we need them and eliminating the problem of having to remember them.
It is no coincidence that Apple (but it is not the only one in this project) has recently announced that in the next update of its operating system it will eliminate passwords, allowing access to services using your device, with your fingerprint or the Facial recognition.
I study
Lights on at night, heating off in winter: connected houses become instruments of domestic violence
by Andrea Daniele Signorelli
If these problems are generalized enough, it must be added that Italy does not shine for even basic technological skills. For years, the European DESI index, on digital development in the countries of the Union, has delivered an unfortunate situation on the state of Italians. Despite being big tech lovers, too many fail to go beyond the use of WhatsApp and social networks. Added to this factor is a low enrollment of students in scientific disciplines and a lack of basic digital education that we use every day, now from an early age.
Lack of knowledge or application of the privacy legislation
According to what was reported by the prosecutor, many of the cameras installed, especially housewives, were very cheap, from which it can be deduced that perhaps they did not guarantee the same safety offered by the counterparts produced by the most famous brands. Yet, especially when working in such an invasive and risky sector, in which a lot of personal data is processed, the highest standard levels of IT security and management of personal data must be respected. But it doesn’t stop there.
If so it will be appropriate to check the basic security level of the suppliers of these cameras at the same time questions should be asked about whether to install cameras in privacy sensitive places such as changing rooms and bathrooms. In one of the cases reported by the investigation, some cameras had been installed in the changing rooms to prevent possible thefts. The European Privacy Supervisor, in 2019, published guidelines on video surveillance with numerous examples. For the Guarantor, the use of video surveillance is justified only when the concrete circumstances and the impossibility of resorting to less invasive technical and organizational measures is not possible.
Therefore, if the camera that frames a swimming pool, in its entirety, could be useful to warn a distracted lifeguard in the event of drowning, the one placed in the changing rooms or in a bathroom could hardly find a justification, even in the presence of past thefts. The fact that these cameras could also be accessed remotely aggravates the situation. If remote access can be imagined as necessary in the case of cameras inside your home, to avoid surprises when you go on vacation, in the case of cameras installed in a bathroom this need is much more difficult to prove. It will therefore be appropriate that the manager of the building has made a risk assessment for the rights of the interested parties and at the same time has chosen cameras and a security system suitable for preventing easy external intrusions.
With artificial intelligence, the situation could get worse
All this is happening while in Brussels there is a debate on whether or not to make illegal the possibility of using biometric recognition technologies remotely, even by law enforcement. If so far we have talked about simple cameras, those that also allow facial recognition could, in the absence of adequate regulation, spread in public and private spaces, justified by the need for prevention and security. In recent months it is being discussed in Brussels in relation to the proposal for a European regulation on artificial intelligence.
In the position of the European Parliament there is the intention to prevent its use also by the police, for which there are not too stringent exceptions. It is also worth remembering that in the past the Privacy Guarantor has already had to pronounce on the use of video surveillance with facial recognition by the police, when they proceeded with the installation without having conducted an impact assessment or having requested a prior consultation from the Guarantor.
Returning to the news case, access to these cameras would allow any stalkers to also know the identity of the people portrayed. Danger not completely averted even today, when software is available on the market that allows you to identify other photos from the network and from social networks, and the consequent information, by uploading the photo of the person you want to identify. The Privacy Guarantor has recently sanctioned Clearview AI with 20 million euros, an American company that has also taken images of Italians from the web, without consent, to feed its database of over 10 billion photos.
The Big Brother risk
The combination of a strong propensity to equip themselves with technological devices, combined with poor IT and security skills, even basic ones, and a still not widespread culture of privacy protection, is the perfect formula for episodes like the one described to be on the agenda. Thinking that installing video cameras anywhere is the easiest way to guarantee our safety is the result of a distorted vision of an increasingly tech-solutionist society, where every problem is solved with a gadget.
The truth is that the world and technology are more complex than they appear. If you really want to prevent and guarantee greater security, it is necessary to spread the culture of privacy and information security in schools and in the workplace on an ongoing basis, and not only on the occasion of an event such as a data breach. The Privacy Guarantor has been doing it for some time but politics must also pursue this idea otherwise what Orwell imagined in 1948, when he wrote 1984, could become reality, no matter if behind the screen there is the police, a politician, or a voyeur who spies on you when he wants for 20 euros.