No. 37: Bringing you the news that matters in video privacy and security

A note from our Editor

Hi all,

Large scale biometric data collection is increasing across the world. On top of the ever growing rollout of CCTV cameras; body-worn, vehicle mounted and even private home video camera systems are becoming part of normal life. By going out on the street or into a store we are giving up biometric data in an unwritten, and in many cases unconscious, pact to allow for our greater security / safety and to allow businesses and infrastructure to operate more efficiently. It seems as if we are all blindly giving up our privacy in the physical world.

Law enforcement is one particular sector that is coming under the spotlight - not just in the UK but in the US in particular. Alabama is setting up a scheme to be able to pair with local police to share camera footage as and when - and up to the camera owner's discretion - to help fight against crime in local areas.

In Europe, lawmakers are looking to allow law enforcement agencies to link their individual databases of faces. This will put cross border data sharing and facial recognition in the cross hairs of modern policing - making many EU data regulators unhappy with the potential for a cross-national data management.

In other news, popular camera company Wyze has had some security vulnerabilities exploited to access video from within private homes - which allowed hackers the chance to access footage of private homes. Despite them now discontinuing the product, it highlights the privacy risks inherent in connected camera devices.

As always, please let me know if you have any feedback on this newsletter or want to see any other topics covered.

Emma

News

Wyze cameras were hacker-accessible for three years - and they knew

The camera company Wyze has been fully aware of a key vulnerability in their home security cameras that could, and has, let hackers access cameras' SD cards to view and steal video. This has apparently been an issue for the last 3 years, and it is only this past January where they have discontinued the camera in question.

The Verge: I’m done with Wyze

Engadget: Wyze was aware of a major camera security flaw for three years

Apple and Meta gave up user data due to fake Police requests

Hackers have recently managed to forge Emergency data requests (EDRs) to gain access to users' data from Apple and Meta, via gaining access to police systems. EDRs are what police use to urgently access data when someone is potentially in immediate danger - making it particularly difficult for tech companies to verify.

WIRED: Security News This Week: Fake Cops Scammed Apple and Meta to Get User Data

Bloomberg: Apple and Meta Gave User Data to Hackers Who Used Forged Legal Requests

The Guardian: How can US law enforcement agencies access your data? Let’s count the ways

US Law enforcement use of surveillance footage: a cause for concern or working on public trust?

The United States Postal Inspection Service was found to be monitoring certain keyword searches on social media which have no connection to post office or mail. Meanwhile, Alabama is building a database of private security cameras with the public's help - who volunteer the option to share footage to help fight crime.

VICE: Post Office Cops Used Social Media Surveillance Program Illegally

The News & Observer: Alabama police collecting data on private security cameras

NFTs lack major privacy and security measures

Even though NFTs are a one of a kind, when tied to any kind of identifying information (such as a profile photo on Twitter or maintaining a profile on an NFT marketplace), it means that privacy is completely undermined. From there, it is easy to see what that specific crypto wallet has also been up to, making it a risk to home security and medical records - which many crypto wallets are encouraged to be used for.

WIRED: NFTs are a privacy and security nightmare

Europe's building a huge international facial recognition system

Along with fingerprints, DNA and vehicle data, European lawmakers are now creating a huge database for faces to be included in this system, so that all European countries can have access for law enforcement purposes. This would mean that facial recognition will be used at an unprecedented scale.

WIRED: Europe Is Building a Huge International Facial Recognition System

AI Snippet of the Week

Footballers suffering online abuse to tackle the issue with AI software

Australian footballers have teamed up with British company GoBubble to use their machine learning platform to monitor the social media accounts of every A-League male and female player, to help filter out offensive content including words, images and emojis.

The Guardian: Online abuse targeting footballers to be tackled by ‘world first’ AI software

Forbes: Australian Football Uses Machine Learning To Block Abusive Social Media Posts

Policy Updates

US and EU make steps forward to secure a new cross-border data privacy framework

After Schrems II and "temporary" SCCs having been put in place, it seems that the US and EU have finally managed to agree on a Trans-Atlantic Data Privacy framework (Privacy Shield 2.0). It would essentially revive the Privacy Shield but for compliant companies.

National Law Review: EDPB Adopts Statement on the Announcement of an Enhanced EU-U.S. Privacy Shield

To subscribe to our fortnightly newsletter, please click here

Thanks for reading, if you have any suggestions for topics or content that you want to see covered in future please drop a note to: info@secureredact.co.uk