Zach Campbell and Chris Jones have an important new story up at the Intercept, which if the Twitterverse reaction is any guide, hasn’t gotten remotely the attention it warrants. Perhaps it is because the Twitterati, which has a heavy representation of journalists, also skews strongly towards those who favor convenience over privacy.
The newest example of further intrusion into homes, which were once fancied as castles, as in well protected, is home surveillance cameras in all sorts of Internet of Things appliances, particularly kitchen items. Sadly, the latest perp is Bosch, which is not only good at upscale equipment, but is also good at cameras, so the refusniks (as in ones who are not keen about the risk of being snooped upon if you visit a friend at home for a coffee or dinner) can’t hide behind the hope that Bosch won’t be very good at this new mission.
Here is the unholy alliance: Bosch, the maker of cameras and video analytics, has is surveillance cameras connect to its apps store, Azena, which sells various video analytics tools. Bosch undertakes only basic checks of app security and execution.
But a big cause for concern with the Bosch-funded exercise, known as Azena, is that it managing to make Google look like a paragon of virtue. Bosch aspires to Google-level dominance of spy cameras….while being less attentive to security. From the Intercept:
Apps currently available in the Azena store offer ethnicity detection, gender recognition, face recognition, emotion analysis, and suspicious behavior detection, among other things, despite well-documented concerns about the discriminatory and intrusive nature of such technologies.
Unlike its parent company, Azena doesn’t produce cameras or develop video analytics tools. Instead, it provides a platform for companies and individual developers to distribute their own applications and takes a cut of the sales — much like the Apple and Google app stores, but for surveillance software. According to [Azena CEO Hartmut] Schaper, Google’s app store is the direct inspiration for Azena: Within just a few years of releasing the Android operating system, Schaper noted, Google had revolutionized how smartphones were used and achieved domination over the market. With their new surveillance app store, Azena and Bosch hope to do the same.
Shaper anticipates that the spy camera market will soon have only a very few operating systems and points to signs that Bosch/Azena will be one of the winners, such has having over 100 apps now and launching “the first face mask detection app within two weeks of the COVID-19 pandemic beginning.”
Here’s where it gets messy:
Applications for video analytics can broadly be divided into two categories, explained Gemma Galdon Clavell, a technologist and director of the Eticas Foundation. The more basic applications involve identifying people, objects, barriers like doors or fences, and locations, then sending an alarm when certain conditions apply: someone passing an object to another person, leaving a bag on a train platform, or entering a restricted area.
It’s the second category — applications that allegedly detect emotions, potential aggression, suspicious behavior, or criminality — that Galdon Clavell said can be impossible to do accurately and is often based on junk science. “Identifying a person in a space where they shouldn’t be — that works. But that’s very low-tech.” With the more advanced applications, she said, developers often promise more than they deliver: “From what I’ve seen, it basically doesn’t work.”
“When you move from protecting closed-off areas to actually doing movement detection and wanting to derive behavior or suspicion from how you move or what you do,” Galdon Clavell said, “then you enter a really problematic area. Because what constitutes normal behavior?”
In fact, the Intercept authors then get Azena staffers to fall right into that trap:.
Brent Jacot, a senior business development manager at Azena, gave an example of how this might work during a 2020 webinar. Imagine you have a camera app that is good at measuring demographics such as age or gender, Jacot said, and you connect it to another app that controls a gate. “You want to, say, open a gate only if they’re above the age of 18. Then you can take the data from this one app and feed it into the next and create this logical chain to make a whole new use case.”
Help me. In this age of gender fluidity, there’s already too much risk of making bad calls, before getting to active deception using clothes, makeup, wigs, beards, fat suits…And identifying age correctly? Prisons are full of men who had sex with underage teens they thought were adults….and those are only the ones who got caught.
Azena uses a modified version of Android. One might assume that piggybacking on a presumably well-hardened OS would provide a lot of safety. Not necessarily:
Internet of Things devices often run old software that users don’t think to update, explained Christoph Hebeisen, head of security intelligence research at the mobile security firm Lookout. “That’s why routers get hacked, that’s why security cameras get hacked, and often in very large numbers.”
There are also cases where human error is at fault: Last March, after locating a username and password that were publicly accessible on the internet, a hacking group said it gained access to tens of thousands of cameras produced by the California-based security startup Verkada, some of which were hooked up to video analytics software.
The hackers were able to view footage from prisons, hospitals, factories, police departments, and schools, among other places. A member of the group that claimed responsibility told Bloomberg that the breach exposed “just how broadly we’re being surveilled, and how little care is put into at least securing the platforms used to do so.”
On many platforms, including Android, when developers patch a potential vulnerability, they publish a notice in the form of a Common Vulnerability and Exposures list. Azena, Hebeisen said, appears to be years behind on patching CVEs: Its current operating system only addresses Android CVEs as late as 2019, judging from the webpage where it summarizes system updates.
There’s a great deal more of the Intercept poking holes in Azena’s security practices and the company offering not terribly convincing defenses. I urge you to read it if Internet security or the Internet of Things is important to you.
One bit of good news is that Azena and any other operator that was mainly engaged in security posturing is likely to run hard into regulators in Europe, sooner rather than later. Recall that EU privacy laws make ours look like a joke. And this Intercept article was published jointly with Der Spiegel, which pretty much guarantees official notice. However, the story explains that the regulations may behind the technology, and they also may not hold distributors like apps stores sufficiently liable.
The story concludes:
Echoing this concern, Jay Stanley, a senior policy analyst at the American Civil Liberties Union, said that the technology is not yet able to live up to its claims. Emotion detection technology is like selling “snake oil.” But the implications are still concerning. “Things like emotion detection are an easy sell for many people,” Stanley said. “You have all these cameras around your building and [developers] think, for example, who wouldn’t want to get a notification if there was an extremely angry person in the area?”
But Stanley is just as worried about the rapid expansion of simple applications of video analytics. “There’s a real concern here that even on the most effective end of the spectrum, where a video analytics system is trying to detect just the raw physical motion or attributes or objects,” he said, “every time you hand a backpack to a friend or something like that, an alarm gets set off and you get approached.”
“That’s going to have a real chilling effect. We’re going to come to feel like we’re being watched 24/7, and every time we engage in anything that is at all out of the ordinary, we’re going to wonder whether it’ll trip some alarm,” Stanley said.
“That’s no way to live. And yet, it’s right around the corner.”
The horse is probably too far outside the barn for conservatives to be deployed, even charitably assuming they could be directed productively. One huge obsession on the right wing is kiddie porn. Lots of surveillance cameras in homes = lots video of children, who at least some of the time will be underdressed and undressed. Predictably lousy IoT security = ample opportunity to grab lots of footage and harvest the most salacious bits. Welcome a cottage industry of kiddie porn producers who don’t even have to go to the risk of sex trafficking or other abuses to find child stars. Admittedly, the home camera version will (hopefully) all be soft porn. But that will be satisfying for some, plus Photoshop is getting better and better all the time….
But in the US, no one has a expectation of privacy in public. How many have the energy to occasionally mess up their profile with a good fake nose or even expertly applied natural makeup. I also wonder about mere football mouthguards, since they cover the upper lips, force the mouth further open (mildly distorting face length) and push out the area above the lip, changing some of the below the nose markers.
The problem is the overwhelming majority of people don’t have then energy to fight. But worse, some actively enable this technology by adopting it themselves. Maybe we need to get doctors to remind patients that sitting is bad, and even getting up now and then to change TV stations and fiddle with the lights is much healthier that extreme couch potato-dom.
_____
1 So say at a party, Alexa recognizes ten voices. It knows two are the hosts and tags the rest as Voice 1, Voice 2, etc.
Then the NSA finds Voice 1 at other places…in a doctors’ lounge where the staff uses Alexa to manage the playlist. In a hotel that has Alexa in the room unless you ask for it to be removed. On YouTube as a presenter at a conference.
“Proles and animals are free.”
Leads to an aftermarket of products and services, so now kitchen, rest of house and garage will be covered.
Auto buffs look for older cars without the added computer chips, both for the design charm of older vehicles and for the freedom of avoiding some added maintenance costs, surveillance or bricking.
Will house buffs, or people seeking shelter who can afford to be concerned about surveillance, soon look for non-smart houses?
I’m not throwing away any.legacy electronics. Going to be a goldmine.
Anything one can operate without going on line will be absolutely precious.
And money saving!!
I’m already about to invest in a camera so that I don’t have to use the phone camera.
And external strorage divices…collecting those too.
Will there be a house aftermarket in services and technicians able to strip the digital cooties out of a smart house and make it dumm again?
” This house is a no-chip zone”.
Since gas, electric, water, etc. utilities will try to force smart-gas, smart-electric, smart-water delivery upon every single house-dweller who receives gas, electric, water, etc. over a grid, it will also drive a renaissance in stand-alone one-house-at-a-time photo-electric systems, roofwater-harvesting systems, passive-heating systems and design, and etc. ( Part of making roofwater harvesting viable will be the broad-scale adoption of zero-water composting toilets and methods for sterilizing the compostoilet product).
It’s going to be tough unless you live a l.o.n.g. way from the next house. Amazon’s up and coming mesh network Sidewalk will be licensed for 3rd party access to the mesh. Your telly will phone home via your neighbour’s neighbour, despite you not having internet.
https://en.wikipedia.org/wiki/Amazon_Sidewalk
“Amazon Echo devices have Sidewalk enabled by default and do not inform their owner about it.”
Yes, it will be tough. But every eye blinded is an eye blinded. If we can’t put out all their eyes, does that mean we won’t even try putting out some of them?
But unservailed houses are smart houses.
This will end when Thoas the Supreme Court. Thomas as a verb? Yes. Don’t you remember when sombody released Clarence Thomas’ video rental record so we know what kind of soft-core porn he and the wife watched. The law on that got changed real fast.
So all you voiceprint mavens… get busy. Can businesses screen for Supreme Court membership?
If life hands you lemons, make lemonade.
If life hands you melons, make melonade.
If life hands you demons, make demonade.
This will spark new interest in strictly analog technology with zero digital cooties in it. It will also spark interest ( as noted above) in pre-internet and internet-free digital technology with at least zero spy-cooties hidden inside it, anyway.
The Amish and the Rapturanian Armagedonites and other hi-tech resisters and refusers will also be able to offer cultural techno-guidance to those mainstream people who wish to avoid the Internet of Spies.
And facial confusion styles and makeup will become a fantastic growth area.
And maybe thousands and then millions of rebellious young people will start milling randomly around, walking back and forth in front of possible cameras, handing eachother things back and forth and around and around, etc.; in order to flood the Internet of Bosch with unsortable volumes of fake data.
Getting into some electronics repair studies coyld be a move.
Even electronics parts salvage could be an interesting career move.
The point of maximum leverage would be the server farms where the “cloud” resides. An EMP attack against the huge data farm in Utah would be a good opening gambit against the Surveillance State.
We could also, as a last resort, pray for a modern Carrington Event. That would be a Techno-Scorched Earth level ‘happening.’
Then we will welcome the Grey Alien Overlords as saviours.
Could amateur home-hobbyist electrical technophiles make a HERF gone or an EMP-ty balm big enough and powerful enough to wipe the Surveillance State’s server castles?
great, now my toaster not only doesn’t perform its proper function with regularity (either over or underdone at all times), but it’s also listening to me and my coffeepot is watching me. me before coffee is not something the NSA nor any other living creature, aside hungry housecats, wants to see.
i think i’ll go do campfire cooking on my neighbor’s fire pit from now on.
I’m hopeful that the current model of surveillance marketing will collapse before it filters down to the proles. The demand for various metrics will go away with lucrative internet advertising.
But it seems like people with a high net worth will increasingly be subject to intrusive forms of surveillance.
Small fry is where the money is. Lots of us, less protection. Those with real money are more protected by the system and by themselves.
It would serve them right. Let them make a fortune from their own misfortune, for a change.
Almost every appliance in my house can connect to the internet… oven, fridge, washer & dryer, coffee machine… but none of them are connected. I haven’t checked, but I wonder if that means the warranty is voided?
We just bought a Bosch fridge a few weeks ago. If I’m understanding this post correctly, this doesn’t mean these cameras are installed in appliances, at least not yet. But my new fridge did have wifi capability for reasons I can’t fathom, and we deliberately did not connect it. Now I’m wondering if Bosch can somehow link to my wifi outside my control. There must be a way too see what’s connected to a given wifi system, but I’m not tech savvy enough to know…
Thanks for this post though. Wish this article had come out a month ago- if it had I would have refused to buy Bosch on principle even if there were no cameras on the appliance itself. The fridge was our 3rd Bosch appliance since they do make quality stuff compared to other options, but they will no longer be getting money from our household.
I wonder if skilled digital technologists and skilled refrigeration technologists could team up to strip the digital cooties out of your Bosch fridge and get it to run in a strictly analog manner . . . . responding to thermostat input on how cold the “chillbox” is to decide when to turn on and off and on and off.
If it were possible to blind every digital eye and cut every digital nerve fiber inside a Bosch refrigerator and put in the analog parts needed to make it run as a purely stand-alone analog refrigerator, digi-spy resisters could have their cake both ways and eat it too. Buy the Bosch for Bosch quality, and then strip out every digital thing in it or on it, put in analog thermostat, connections, etc. and make it analog. If skilled people could do that, they could perhaps create businesses to do that sort of thing.
They could call themselves ” Chip Busters”. Their logo could be a chip made to look like the Ghost Busters’ logo ghost while still looking just enough like a chip so people could know what it was. Think of the cultural referrence connections.
But you have not necessarily bought the software if you bought the Bosch. So you might not have the legal right to mess with the connected cameras, etc.
The camera lens itself is “hardware” and not “software”. If you cover up the lens, you are not messing with the “software”.
I wonder if the same logic could be applied to cutting physical wires leading to the various other little digital brain-cooties inside the Bosch fridge? A wire is “hardware”. If you cut it, you have not messed with the “software”, you are merely stopping the “hardware” from sending “initial impressions” to the digital brain-cootie.
If that is so, then a digital disinfection engineer could cut all the wires and plug up all the lenses and microphones in a Bosch fridge and leave all the software right there in place with nothing to do. He/she could then install analog thermostats and wires to analogified on-off duty cycle machinery which does the cooling.
If someone can make a rotary dial cellphone, someone can surely encyst and “wall off” the digital brain-cooties inside a Bosch fridge without touching the “software” in any legal sense.
Irritating that you have to join the intercept now to read their stuff. Doesn’t that slimy owner, Omidyar, or whatever have enough money? I wonder if you have to join to have them inadvertently give your personal info to the feds if you leak a story to them. Things like that don’t make me any more hot (about at the wet noodle level now) to be a “member” either, especially if they are as careful with their membership list as they are with leaker’s identity traces.
Back when it was open, the articles in general were not so great that I felt a compelling need to subscribe when they decided to be like all the rest. But there are occasions when it’s a nuisance.
The plain vanilla internet is not the problem. The weaponised Internet of Spy Shit is the problem.
All the spies, finks and fartsmellers cruising the internet for their own power, money and amusement is the problem.
But the physical technology which makes something like “Naked Capitalism” thinkable and possible is not in itself the problem.
You could perhaps xerox the story to them and send it to them in the mail. Or if it is your original writing, write it by hand and send it to them in the mail. With a fake name from a fake address, if needed.
The problem is that the more this stuff is pushed, the more it will be impossible to opt out, as I am sure that the non-survelliance equivalents will stop being made so you will soon have no choice but to buy a television that sends your viewing habits to a tech company, which then sells your data to the NSA. The only way to stop it is to have some sort of privacy revolution, but that is not happening in the US anytime soon, as the US is now where working class movements go to die.
Wait until they outfit cars with equipment that will automatically broadcast your driving habits to your insurance company with every time you go one mile over the speed limit, rolling stop at a stop sign, or fail to signal when turning so they can raise your premiums instantly.
Make no mistake, I am not an anti-technologist, as things did not have to be this way, just that I live in a country which largely ignores the 4th Amendment in its own constitution.
Again, this could be a job / career opportunity for aftermarket fix-it-up entrepeneurs for stripping out or encysting these features inside a TV set so that it can still receive whatever things are still sent to un-infested TV sets.
I don’t know that because I have no technological background. I merely hope it may be so.
It may lead to the rise of millions and then tens of millions of “techno-Amish” who simply do without those technologies which are irreversibly digi-cootified.
I’m carless anyway, and so far all my appliances are still analog. I keep the Internet switched off except when I need to read NC (or links) and my emails.
But the article inspired me to create a door sign – the red anti-circle with a slash (or bend dexter in heraldry, meaning “of greater honour”) over the initials IoT.
I would post it in comments, but here’s a chance for you to use your imagination.
It’s simple, don’t give your IOT devices to your router. If they require it to function, return them or don’t buy them to begin with.
There was a huge outcry in the US when some Chinese company made a camera chip that could detect ethnicity (i.e. Uigher), even though that feature was only mentioned in the middle of a manual written in Chinese. The manual was online and Google translateable though. They withdrew that feature from the product. But now Bosch is doing it out in the open. Maybe if the camera can image infrared, it can even see through our clothes to detect whether we are circumcised. Just what we need.
I suspect IoT will eventually be promoted as our #1 political solution to environmental problems and energy shortages. We’ll be told that “smart cities” will conserve large amounts of energy and that all the sensors and cameras will help to achieve the conservation goal. Per the “Limits to Green Energy” thread there is no clear and immediate way for renewables (whether or not in combination with nuclear) to immediately meet the need as oil and gas reserves continue to decline. The efficiency of smart cities will be put forward as the only solution. Loss of privacy will be considered acceptable collateral damage by the proponents of smart cities. So a dystopian solution to our current problems.
Yes, we will be told that. Conservation lifestylers might start right now learning how to use least feasible energy by using their analog stuff in the smartest way possible. If they can post lower personal energy use levels using dumm appliances in smart ways than what the Smart Everything hasbarists promise a houseload of smart appliances will use, then the Smart Everything hasbarists will be seen to have zero argument. That will make their mass mind-molding brain-control lobbying efforts harder.
Disable the cameras in all your appliances and other devices. Maybe more importantly, disable the microphones in your appliances and devices. Why anyone would out their home under surveillance with “security” systems confuses me.