[MLB-WIRELESS] Anyone want to go warnappychanging?

Barry Park bpark at theage.fairfax.com.au
Mon Apr 15 16:27:20 EST 2002


Hmm.
- Barry

http://www.nytimes.com/2002/04/14/technology/14SPY.html

April 14, 2002

Nanny-Cam May Leave a Home Exposed

By JOHN SCHWARTZ

[T] housands of people who have installed a popular wireless video camera,
intending to increase the security of their homes and offices, have instead
unknowingly opened a window on their activities to anyone equipped with a
cheap receiver.

The wireless video camera, which is heavily advertised on the Internet, is
intended to send its video signal to a nearby base station, allowing it to
be viewed on a computer or a television. But its signal can be intercepted
from more than a quarter-mile away by off-the-shelf electronic equipment
costing less than $250.

A recent drive around the New Jersey suburbs with two security experts
underscored the ease with which a digital eavesdropper can peek into homes
where the cameras are put to use as video baby monitors and inexpensive
security cameras.

The rangy young driver pulled his truck around a corner in the well-to-do
suburban town of Chatham and stopped in front of an unpretentious house. A
window on his laptop's screen that had been flickering suddenly showed a
crisp black-and-white video image: a living room, seen from somewhere near
the floor. Baby toys were strewn across the floor, and a woman sat on a
couch.

After showing the nanny-cam images, the man, a privacy advocate who asked
that his name not be used, drove on, scanning other houses and finding a
view from above a back door and of an empty crib.

In the nearby town of Madison, from the parking lot of a Staples store,
workers could be observed behind the cash register. The driver walked into
the store and pointed up at a corner of the room. "Take a look," he said.
Above the folded-back steel security shutters was a nubbin of technology: a
barely perceptible video camera looking down on the employees.

"I can only imagine driving around the Bay Area with one of these," said
Aviel D. Rubin, a security researcher at AT&T Labs, which identified the
problem.

Around San Francisco, high-technology toys like security cameras are likely
to be far more common. Mr. Rubin tries to help the business world recognize
security threats and address them. Although there is no evidence that video
snooping is widespread, it is so easy and the opportunity to do it is so
great that it is a cause for concern, said Mr. Rubin, who was along for the
ride.

Such digital peeping is apparently legal, said Clifford S. Fishman, a law
professor at the Catholic University of America and the author of a leading
work on surveillance law, "Wiretapping and Eavesdropping."

When told of the novel form of high-technology prying, Professor Fishman
said, "That is astonishing and appalling." But he said that wiretap laws
generally applied to intercepting sound, not video. Legal prohibitions on
telephone eavesdropping, he said, were passed at the urging of the
telecommunications industry, which wanted to make consumers feel safe using
its products. "There's no corresponding lobby out there protecting people
from digital surveillance," he said.

Some states have passed laws that prohibit placing surreptitious cameras in
places like dressing rooms, but legislatures have generally not considered
the legality of intercepting those signals. Nor have they considered that
the signals would be intercepted from cameras that people planted
themselves. "There's no clear law that protects us," Professor Fishman said.
"You put it all together, the implications are pretty horrifying."

With no federal law and no consensus among the states on the legality of
tapping video signals, Professor Fishman said, "The nanny who decided to
take off her dress and clean up the house in her underwear would probably
have no recourse" against someone tapping the signal. Police officers with
search warrants could use the technology for investigative purposes, as
well, he suggested.

Surveillance has been a growing part of American life, especially since
Sept. 11. Video cameras have been installed on city streets, and some cities
and airports have tried to tie cameras into facial recognition systems, with
mixed results. Privacy advocates argue that the benefit to security is
questionable and the intrusiveness is high. But the cameras continue to
proliferate -- with many people buying them for personal use. Surveillance
cameras have also sprouted at intersections to catch drivers who speed or
run red lights and as a part of many voyeur-oriented pornographic Web sites.

Ads for the "Amazing X10 Camera" have been popping up all over the World
Wide Web for months. The ads for the device, the XCam2, carry a taste of
cheesecake -- usually a photo of a glamorous-looking woman in a swimming
pool or on the edge of a couch. But, in fact, many people have bought the
cameras for far more pedestrian purposes.

"Frankly, a lot of it is kind of dull," and most of the women being
surreptitiously observed are probably nannies, said Marc Rotenberg, the
executive director of the Electronic Privacy Information Center in
Washington. He calls the X10 ads "one of the weird artifacts of the Internet
age."

The company that sells the cameras, X10 Wireless Technology Inc. of Seattle,
was created in 1999 by an American subsidiary of X10 Ltd., a Hong Kong
company. It is privately held and does not release sales figures. A
spokesman, Jeff Denenholz, said the company had no comment for this article.

Filings with the Securities and Exchange Commission for an initial public
stock offering that was later withdrawn provide some figures, however. X10
lost $8.1 million on revenue of $21.3 million for the nine months ended
Sept. 30, 2000, and said that 52 percent of its revenue came from wireless
camera kits. At the camera's current retail price of about $80, that would
translate to sales of more than 138,000 cameras in those nine months alone.

Rob Enderle, an analyst at the Giga Information Group, a technology
consulting business, said he was a big fan of X10 -- which sells the most
popular wireless cameras on the consumer market -- and its wares. "Theirs is
the least expensive option out there, and they actually do a good job," he
said.

Mr. Enderle was surprised to hear of the cameras' lack of security, but said
he did not see a cause for great concern. "Clearly, if you are pointing that
at areas like your bathroom or shower, there may be people enjoying that
view with you," he said. "But fundamentally, you shouldn't be pointing it
that way anyway."

The vulnerability of wireless products has been well understood for decades.
The radio spectrum is crowded, and broadcast is an inherently leaky medium;
baby monitors would sometimes receive signals from early cordless phones
(most are scrambled today to prevent monitoring). A subculture of
enthusiasts grew up around inexpensive scanning equipment that could pick up
signals from cordless and cellular phones, as former Speaker Newt Gingrich
discovered when recordings of a 1996 conference call strategy session were
released by Democrats.

More recently, with the advent of wireless computer networks based on the
increasingly popular technology known as WiFi, yet another new subculture
has emerged: people known as "war drivers" who enter poorly safeguarded
wireless networks while driving or walking around with laptops.

In the case of the XCam2, the cameras transmit an unscrambled analog radio
signal that can be picked up by receivers sold with the cameras. Replacing
the receiver's small antenna with a more powerful one and adding a signal
amplifier to pick up transmissions over greater distances is a trivial task
for anyone who knows his way around a RadioShack and can use a soldering
iron.

Products intended for the consumer market rarely include strong security,
said Gary McGraw, the chief technology officer of Cigital, a software
risk-management company. That is because security costs money, and even
pennies of added expense eat into profits. "When you're talking about a
cheap thing that's consumer grade that you're supposed to sell lots and lots
of copies of, that really matters," he said.

Refitting an X10 camera with encryption technology would be beyond the
skills of most consumers. It is best for manufacturers to design security
features into products from the start, because adding them afterward is far
more difficult, Mr. McGraw said. The cameras are only the latest example of
systems that are too insecure in their first versions, he said, and cited
other examples, including Microsoft's Windows operating system. "It's going
to take a long time for consumer goods to have any security wedged into them
at all," he said.

Another wireless camera, the DCS-1000W from D-Link Systems Inc., does offer
encrypted transmission and ties into standard WiFi networks -- but it costs
at least $350.

As a security expert, Mr. Rubin said he was concerned about the kinds of
mischief that a criminal could carry out by substituting one video image for
another. In one scenario, a robber or kidnapper wanting to get past a
security camera at the front door could secretly record the video image of a
trusted neighbor knocking. Later, the robber could force that image into the
victim's receiver with a more powerful signal. "I have my computer
retransmit these images while I come by," he said, explaining the view of a
would-be robber.

Far-fetched, perhaps. That is the way security experts think. But those who
use the cameras and find out about the security hole seem to grasp the
implications quickly.

Back at the Staples store in Madison, employees said they did not know that
they were being watched by security monitors. The manager of the store, when
asked whether he knew that his cameras were broadcasting to the outside
world, seemed somewhat shaken, and excused himself to go into his office, he
said, to put down the small display carousel he was carrying.

He did not return.




*********************************************************************************
This email and any files transmitted with it may be legally privileged 
and confidential.  If you are not the intended recipient of this email,
you must not disclose or use the information contained in it.  If you 
have received this email in error, please notify us by return email and 
permanently delete the document.
*********************************************************************************

To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message



More information about the Melbwireless mailing list