Security risk rising from the camera

Turvakaamera vahendab kõigile huvilistele videopilti ühe lõbustusasutuse naistöötajate riietusruumist.

PHOTO: Kaader turvavideost

Without awareness of owner, faulty settings of security camera may send images into Internet for all the world to see. In Tallinn, such systems are at least a hundred.

As you stand at the alcohol counter, Internet viewers will see what you buy and how much. Another camera is evidently showing an Old Town business dealing with souvenirs sales and currency exchange. While you eat in a restaurant or pizza place, again, curious eyes may examine your table manners.

Also, wrongly set cameras are showing a school, an animal clinic, a doctor’s reception, a hotel foyer, office staff sitting at their tables, and employees at a smaller-type factory.

True, about half of such cameras are directed towards parking lots or construction sites and these images ought not to disturb anyone.

The other half should set alarm bells ringing. For instance, there’s a view of a new housing area playground, entrances to houses, a gate to a lot, and stuff like that. Quite a gift to a burglar, or a paedophile lusting after kids.

According to Republic of Estonia Information System Authority (RIA) cyber security expert Anto Veldre, this is a broader problem on the comfort vs security line. «With any IT-solution there’s always the risk that if the device is beyond the owner and it is switched on in default – read: unsecure – configuration, some stuff has been made so easy for the user they cannot be secure,» said Mr Veldre.

«Probably, a part of the problem belongs to the data protection domain, especially the cases where people’s privacy, inviolability of the home, or transactions secrets have been infringed – as, even if this happens due to incompetence of owner, rights of others are violated. Except for the cases where public «TV screen» was the original and legal intent, no IP security camera may ever be connected to Internet without a decent password,» he added.

Partly, the IP-camera security is in producers equipping these on sale with one and the same password. The buyer should change the password as he installs the camera, as the factory usernames and passwords are common knowledge and easily found by Internet search.

Alas, that will not always help. Till yesterday, Internet displayed security camera images of a Tallinn shopping mall. According to their security chief, usernames and passwords were changed upon instalment. For some reason, the picture was still out there on the Internet. So they switched the cameras off till a solution is found.

According to senior Data Protection Inspectorate inspector Sirje Biin, the camera security issue is a serious problem for them. Namely, not all owners of unsecure cameras can be identified by the picture transmitted. Whether or not laws are broken by such cameras, has to be assessed case by case.

«We may initiate surveillance and find out the basis for showing the picture in such and such locations. As we are able, we are trying to find out who these cameras belong to, and then to let the owners know – or, if laws are being violated, we will call then to order,» said Ms Biin.

She added that while an owner may knowingly showcase his terrace or garage, a medical facility security image may not be seen by any unrelated eye.