No. 50: Bringing you the news that matters in video privacy and security

A note from our Editor

Hi all,

We live in a heavily globalised world with many industries, sectors and governments that collaborate across borders. With this, respecting national data laws and the individual citizen rights of every country to have their data protected is fundamental. Surveillance is not just a response to the overarching need for security and safety - it's about actively listening and balancing this with the growing awareness and need for data privacy. In turn, there is a fundamental obligation for ethical technology - where the use of biometric data is managed in a way that puts data protection and citizen rights first.

The UK is currently finalising its data adequacy agreement with South Korea, with completion due by the end of December. This move comes after the UK government has concluded that the Republic of Korea has a strong enough data protection system to guarantee UK citizens’ data will be secured.

Several Chinese surveillance cameras face bans in UK government departments amid security fears. The Chancellor of the Duchy of Lancaster, Oliver Dowden, has stated that these additional controls are required in light of the increased capability and connectivity of these systems, as well as concerns that surveillance data gathered in the UK will be shared with security services in Beijing. In the same vein, the company Hikvision was recently found to be advertising sensitive biometric identification through their cameras, including ethnicity recognition in the UK and Europe. The company, already banned in the US, has been controversial in recent years, particularly regarding human rights concerns as its cameras have been used to surveil Uyghur Muslims in China.

Additionally, the company Eufy has recently come under scrutiny after their doorbell cameras shared biometric data to the cloud without user consent, and remained on servers even after the app was deleted. 

Data sharing across borders can be incredibly beneficial and will only continue to increase in the coming years, but it needs to be done responsibly. For citizens to feel comfortable with their data being shared, they need specific legal protections in place, as well as confidence that their data remains safe when it moves internationally. 

As always, please send any feedback or topics of interest you would like to be covered. 

Seena

News

Doorbell cameras uploaded facial recognition data to the cloud without consent

The company Eufy has come under fire after their doorbell cameras have been found to be sending unencrypted biometric information to the cloud without consent, despite assurances that the data was kept locally. The system uploaded face biometrics in the form of thumbnail captures and user identifier information to the cloud and kept the data on company servers even after they were deleted from the app.

Biometric Update: Eufy doorbell cameras uploading facial recognition data to the cloud without consent

CNET: Eufy Cameras Caught Sending Local-Only Data to Cloud Servers

London firefighters to be issued with bodyworn cameras following culture report

The London Fire Brigade will be the first firefighting department in the UK to be issued with bodyworn cameras, following a report citing institutional racism and misogyny within the organisation. Since the report, it has been recommended that firefighters should wear cameras during home visits to help protect staff, as well as ensure public reassurance.

The Evening Standard: London firefighters to be issued body-worn cameras following damning review

BBC: London Fire Brigade: Firefighters first to get body-worn cameras

US university students push back against covert and non-consensual under-desk surveillance

Students at Northeastern University’s Interdisciplinary Science & Engineering Complex have removed dozens of heat and motion sensors placed under desks, fighting back against “intimidating” classroom surveillance. They argue the sensors were secretly installed overnight without consent and serve no scientific purpose at the university. The students have since repurposed the sensors for a public art project drawing attention to workplace surveillance.

The Independent: Students uncover under-desk surveillance devices designed to track them

VICE: ‘NO’: Grad Students Analyze, Hack, and Remove Under-Desk Surveillance Devices Designed to Track Them

CCTV camera provider, Hikvision, advertised ethnicity recognition technology in UK

The security camera company, Hikvision, has been advertising ethnicity recognition features in the UK and EU, alarming privacy advocates. A brochure on its website advertised a number of features such as “optional demographic profiling facial analysis algorithms”, including “gender, race/ethnicity, age”. 

The Guardian: Chinese security firm advertises ethnicity recognition technology while facing UK ban

Digital Camera World: Why the UK Government is banning Chinese security cameras in some sites

Password manager, LastPass, suffers second major security breach in three months 

The password manager, LastPass, has suffered its second major breach in three months by the same party. The company announced that an unauthorised party gained access to customer information stored in a third-party cloud service. The company assured that customer passwords remained safe and encrypted. 

NPR: Major password manager LastPass suffered a breach — again

Tech Crunch: LastPass says it was breached — again

AI Snippet of the Week

AI facilitates the biggest brain tumour study to date without compromising patient data privacy

Researchers at Penn Medicine and Intel Corporation have led the largest machine-learning-based study to obtain insight from over 6,000 glioblastoma patients across 71 institutions, improving brain tumour detection by 33%. Privacy legislation such as HIPAA and the GDPR can sometimes be an obstacle for healthcare researchers looking to share data but this newer machine learning system, called federal learning, allows for collaboration across institutions without sharing any personal patient data.

Science Daily: AI enables large-scale brain tumor study, without sharing patient data

Penn Medicine News: AI Enables the Largest Brain Tumor Study To-Date, Led by Penn

Policy Updates

UK finalises data transfer agreement with South Korea

The UK DCMS has announced the government is finalising its first independent post-Brexit data adequacy agreement with South Korea, with the agreement looking to be concluded by the end of the year. This decision means data will be allowed to freely travel between the two countries without restriction and help facilitate economic growth.  

Gov.uk: UK finalises landmark data decision with South Korea to help unlock millions in economic growth

CSO: ​​UK finalizes first independent post-Brexit data transfer deal with South Korea

To subscribe to our fortnightly newsletter, please click here

Thanks for reading, if you have any suggestions for topics or content that you want to see covered in future please drop a note to: info@secureredact.co.uk