Bloomberg News reports another seeming victory for sousveillance, or the attempt by private citizens to strike back against widespread surveillance: A hacker group has boasted of gaining access to live feeds from 150,000 cameras — at corporate workplaces, hospitals, police stations, prisons and schools — collected by the Silicon Valley start-up Verkada Inc.
The victory is bittersweet, though. In modern society, the legal concept of a reasonable expectation of privacy is increasingly meaningless. Instead, the reasonable expectation is that of zero privacy, and that expectation may already be affecting our public behavior in insidious ways.
According to a 2020 study by the tech research firm Comparitech, some 770 million public cameras operate globally, and even though 54% of them are in China, that leaves plenty for the rest of the world. Then there are the non-public ones, of the kind that Verkada operates at various facilities, and those that people install to secure their homes.
No matter how providers of video surveillance services swear by their clients’ security, breaches are commonplace, even if not all of them receive the publicity of the 2019 hack of Ring, the Amazon-owned home security camera company, or the camera hijacking in Washington, during Donald Trump’s 2016 inauguration. Last year, when IFSEC Global, the organizer of international security trade fairs, surveyed corporate video surveillance users, 76% said they were “quite concerned” or “very concerned” about the vulnerability of the equipment they used, mostly because of the backdoors left by the manufacturers for servicing the cameras or because of inadequate protection elsewhere within the network.
After the huge 2017 hack of Hikvision WiFi cameras, which involved a service backdoor, Verkada warned users that simply changing their camera brand won’t make them safer. “By working with vendors that put security at the top of their agenda, you can rest easier knowing that both the indoor and outdoor security cameras in your facilities won’t be the subject of the next trending social media topic,” the post on the company’s website went. It hasn’t aged well. The Bloomberg report of the Verkada hack has been shared thousands of times on Twitter. “Your regular reminder that security cameras are insecurity cameras,” tweeted cybersecurity expert Robert Graham.
The ubiquity of such devices and their well-known vulnerability make it likely that, while any of us may be watched without being aware of it multiple times a day, the watchers themselves can come under hackers’ surveillance at any given moment. A 2020 Japanese study showed that the presence of cameras in a neighborhood enhances trust in others but reduces the perceived social cohesion.
Both may well be misplaced. Comparitech didn’t discover any noteworthy correlation between the prevalence of cameras and crime levels in big cities. And if hackers — or, through them, other malefactors — might be watching the camera footage, that’s cause for more insecurity rather than trust. On the other hand, the hackers’ efforts could be seen as benefiting community cohesion: These people are fighting back against surveillance on behalf of those without their skills.
In the U.S., legal practice has established that a person can only reasonably expect privacy in their home, hotel room, private portion of a jailhouse and a few other places, such as public toilets. That already shrinks the private space — into which the government has the right to intrude under special — to a fraction of our daily habitat. Given that some people put highly hackable security cameras in their own homes and that prison officials — to take just one example — aren’t always concerned about inmates’ privacy (Bloomberg’s Verkada report mentions cameras hidden in vents, thermostats and defibrillators), one should reasonably expect being watched pretty much anywhere and by pretty much anyone. The famous 1999 quote by Sun Microsystems co-founder Scott McNealy — “You have zero privacy anyway, get over it” — has aged much better than that Verkada blog post.
It’s a lot like being on a theater stage and not knowing who is in the audience, why they’re watching and what they’re hoping to see. If a worker does something for the camera to please their boss, will he end up as YouTube’s laughingstock? If a security officer gives a video file a funny name, as the Verkada hack revealed some did, will she have spiced up a boring workday or bring about her firing?
The playhouse effect doesn’t have to be a bad thing, though, does it? Most people try to control their emotions and urges in public. So if we’re always in public, why not exercise better self-control and show calm civility all the time?
Back in 2009, a group of researchers at Twente University in the Netherlands discovered that, under the eye of a camera, people — especially those with a greater need for public approval — try to appear more helpful toward others, but only insofar as their helpfulness is visible to the camera. It also has been shown that all forms of digital surveillance in the workplace make employees less interested in learning, trying new things and speaking out. That’s more or less consistent with George Orwell’s assumptions of how people would behave in the presence of the ubiquitous telescreens in “1984.”
It’s also possible, however, that, as we get used to being seen, recorded, recognized and categorized by the artificial intelligence that the cameras feed, these effects will fade, as stage fright does for experienced actors. According to a recent meta-analysis of studies dealing with police body cameras, the contraptions aren’t affecting the behavior of the officers or the citizens with whom they interact in any clear way.
Contrary to early expectations, the cameras can’t be said to reduce the use of force by the cops or inspire people on the street to be nicer to them. You can see surveillance fatigue settling in, and people reverting to just being themselves again despite their awareness of the ever-present prying eye.
So in that respect, it’s harder to imagine hackers like the anti-surveillance group that broke into the Verkada system achieving anything tangible: No amount of embarrassment is going to make the watchers stop.
Leonid Bershidsky is a member of the Bloomberg News Automation team based in Berlin.
In a time of both misinformation and too much information, quality journalism is more crucial than ever.
By subscribing, you can help us get the story right.