Your Video Surveillance Camera Feed May be a National Security Risk

The Federal Communications Commission recently voted unanimously on a rule that could make it illegal to turn on 60% of video surveillance cameras currently installed in the United States.

The rule could lead to a ban on all future authorizations for sale and use in the U.S. of any new and potentially all previously authorized products manufactured by a growing number of Chinese companies.

Why? They have been designated as threats to national security and placed on the so-called “Covered List” (a.k.a. Blacklist), which is published by the commission’s Public Safety and Homeland Security Bureau. This includes the world’s largest manufacturers of video surveillance cameras.

These companies have been added to the Blacklist for various reasons including being suspected of installing “back doors” on video chips that could allow them to “hack” into feeds from millions of security cameras.

Read: Patch These Heavily Exploited Vulnerabilities Now

This vote is in concert with the National Defense Authorization Act (NDAA), which is a set of federal laws that receives unwavering bipartisan support due to its focus on national security and protecting the lives and livelihoods of the American people. It is updated each year by Congress to address new threats and outline the annual budget for the U.S. Department of Defense.

Video surveillance cameras became part of the NDAA with the John S. McCain National Defense Authorization Act for Fiscal Year 2019. Section 889, “Prohibition on certain telecommunications and video surveillance services or equipment,” spells out some fairly wide-reaching implications.

(a) PROHIBITION ON USE OR PROCUREMENT

—(1) The head of an executive agency may not— (A) procure or obtain or extend or renew a contract to procure or obtain any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system; or (B) enter into a contract (or extend or renew a contract) with an entity that uses any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system.

—(2) Nothing in paragraph (1) shall be construed to— (A) prohibit the head of an executive agency from procuring with an entity to provide a service that connects to the facilities of a third-party, such as backhaul, roaming, or interconnection arrangements; or (B) cover telecommunications equipment that cannot route or redirect user data traffic or permit visibility into any user data or packets that such equipment transmits or otherwise handles.

Essentially, this means federal agencies cannot purchase or use any equipment, system, or service that uses even components or technology that is part of a system from any of the companies on the Blacklist.

This also applies to any federally funded entity such as schools or city buildings that has received federal grant funding. The net gets even wider with the statement that they are prohibited from contracting with any entity, such as a company, that uses any technology from a banned manufacturer.

The prohibition may apply to anyone from not only a major defense contractor and manufacturer designing battleships, but also all the companies, partners and suppliers they work with along the entire supply chain.

The full act can be read here.

Far-Reaching Implications

While the NDAA does not specifically spell out why the manufacturers are on the Blacklist, it is clear from congressional testimony that they have reason to believe the Chinese government could use the technology produced by the manufacturers for any number of nefarious purposes from cyber security espionage to intelligence gathering.

For example, if a video feed from a military installation were to be viewed by a foreign government, they would have access to not only troop numbers and positions, but also specific amounts and types of weapons, food and other supplies, which could be devastating in a conflict.

Blackmail and the personal health and safety of individuals is also a concern. Imagine if a bad actor could employ facial recognition on “hacked” video feeds from surveillance cameras all over town. They could easily track a government official or business leader from place to place, regardless of whether they were at the office or enjoying personal time.

This would enable them to establish patterns and collect data and images that could be used outright or taken out of context to blackmail or otherwise compromise the individual.

Individuals and organizations outside of the federal government who are not strictly under the NDAA regulations are being impacted.

This threat is being taken seriously by global companies with highly sophisticated security systems … all the way down to mom n’ pop sandwich shops with a single surveillance camera trained on their cash register and front door.

Company leaders and even homeowners need to have confidence that their conversations, strategies, plans, blueprints, processes and intellectual property in sight of surveillance cameras can be protected from the prying eyes of unauthorized individuals and bad actors.

As such, they are proactively seeking providers who have secure, NDAA-compliant video surveillance cameras and systems. Several security camera providers are recognizing this issue and are not honoring warranties or exchanges on the millions of cameras manufactured by banned companies that are currently installed across America.

Even though the law does not (yet) require companies and consumers to swap out their current surveillance equipment with cameras that are NDAA-compliant, they are waking up to the fact that the threat is significant.

The concern among government officials is high enough that it may one day be illegal to even power on a non-NDAA-compliant surveillance system on American soil.