Two years ago, the Surveillance Camera Commissioner launched the National Surveillance Camera Strategy for England and Wales. It’s broad in reach with no less than 11 work strands drawing in expertise from across the surveillance camera industry from different backgrounds – policing, local authorities, manufacturing, installation, academia and so on. This month sees the inaugural Surveillance Camera Day, which is running on Thursday 20 June. Here, in an exclusive article for Risk Xtra, Tony Porter outlines the reason behind this move and what will be happening on the day.
The National Surveillance Camera Strategy supports the Surveillance Camera Code of Practice, taking a ‘whole system’ approach towards how surveillance camera systems are used in public places to protect and keep people and communities safe, while at the same time respecting individuals’ right to privacy. For surveillance cameras to be used effectively, it’s fair to state that every part of the system needs to work together – manufacturers, installers, operators and the person who’s using the footage gathered by the cameras (often a member of the police service).
Two years on, I like to think of the strategy as a toddler. It’s growing in confidence, but it’s still a bit shaky at times and beginning to ask difficult questions.
The ‘voice’ of the National Surveillance Camera Strategy is the civil engagement strand led by Professor William Webster, director of the Centre for Research into Information, Surveillance and Privacy (CRISP) and Professor of Public Policy and Management at the University of Stirling.
Civil engagement is key to the deployment of any surveillance camera system. There needs to be discussions with the people the cameras are pointed towards to ensure that the system remains legitimate and justified. It’s a key principle of the Surveillance Camera Code of Practice.
Surveillance Camera Day 2019
The purpose of the day is to raise public awareness about the provision and operation of surveillance cameras and enhance public debate. In doing so, it will encourage conversations that will help inform policy-makers and service providers regarding societally acceptable surveillance practices and legitimacy for surveillance camera systems that are delivered in line with society’s needs.
Why is this important? In modern society a surveillance camera isn’t just a CCTV camera nailed to a pole. We live in a society where we have a police Automatic Number Plate Recognition system that captures 50 million number plate reads every day and where that data can be mined to track journeys. We’re on the cusp of a possible explosion of facial recognition technology which biometrically scans the face of anyone who happens to walk by a given camera.
Who knows what’s around the corner in terms of algorithms and analytics? Look at gait analysis, lip reading technology and cameras that can sense explosives or weapons. All designed to keep us safe and secure, but in order to do that there’s an impact on our Human Rights – the rights to privacy, assembly and expression.
Overt surveillance is now arguably becoming as intrusive as covert surveillance techniques. As a society, it’s important that we talk about whether we want to be surveilled in this way and, if we do, what safeguards do we need wrap around it?
Surveillance Camera Day is the start of the conversation. It’s about anyone involved with surveillance cameras or with a view on this subject to be able to air their opinions in what will be a balanced debate. I certainly don’t view myself as a luddite and believe that, where new technology can help and improve society, it should be used to do so.
Open your doors
So what can you do to become involved? I’m encouraging surveillance camera Control Room managers to throw their doors open so that the public can see, first hand, how they operate. Quite a few organisations have already come forward to do this. How this is managed is for individual organisations to decide. Some may want to open their doors to anyone. Others may wish for more control and only open up to certain groups such as school children.
To complement the ‘doors open’ initiative, I’m asking Control Room managers to develop a fact sheet setting out the basic facts of their CCTV systems, including what they’re designed to do and the number of cameras. I will be asking operators to make their fact sheets available to the public on their websites. The aim here is to demystify how and why surveillance cameras are used.
Surveillance Camera Day will be accompanied by a flurry of media activity, including newspaper articles, speeches, radio discussions and social media conversations. As a security/risk management professional, I want you to be involved on social media and comment on the use of surveillance cameras. Everyone is welcome to contribute to the discussion. A number of organisations with an interest in surveillance cameras will be joining the conversation. Indeed, every viewpoint and opinion is welcomed and encouraged such that the conversation is balanced.
Minimum requirements for manufacturers
A key element of the day will be the launch at IFSEC International of some minimum requirements to ensure that surveillance cameras and devices are ‘secure by default’.
In recent years, there have been several high-profile and well-publicised compromises of video surveillance systems demonstrating that they’ve been left vulnerable to cyber attacks due to unacceptable security configurations. Some of these compromises – such as the one involving the Mirai botnet that took out social media and financial websites across the globe – also showed that the root cause was down to poor design and manufacturing.
Led by Mike Gillespie at Advent IM and Buzz Coates from Norbain, a group of manufacturers/solution developers including Axis Communications, Bosch, Hanhwa Techwin, Hikvision and Milestone Systems have been giving up their time for this very important piece of work. The requirements have been designed by manufacturers for manufacturers.
Where manufacturers meet the requirements, their products will be badged as being ‘Secure by Default’. This means the default configuration settings of a product are the most secure settings possible. The requirements include a set of minimum specifications that will provide a baseline level of ‘Secure by Default’, while still balancing the needs for a user-friendly experience for the installer and system integrator.
‘Secure by Default’ has an added benefit of removing the burden of knowledge away from the installer or system integrator on how to lock a system down, providing them with an already secure product.
No barrier to entry
Rather than opt for ‘The Gold Standard’ we have instead sought to develop requirements that should provide no barrier to entry for any competent and responsible manufacturer. This includes ensuring that passwords have to be changed from the manufacturer default at start-up, and that the chosen passwords should be of sufficient complexity so as to provide a degree of assurance and places controls around how and when remote access should be provisioned. Not only will some of these requirements help to protect the surveillance system itself, but they will also reduce the risk of compromise of other systems where onward connections exist.
Running alongside these requirements I’m operating a self-certification scheme whereby manufacturers will need to self-assess their products against set criteria and apply for the ‘Secure by Default’ certification mark. If successful, they will be able to list the component or device as ‘Surveillance Camera Commissioner Approved’ and display the ‘Secure by Default’ certification mark.
This new certification scheme complements the third party certification scheme that was put in place for surveillance camera operators across the past few years. There are also more schemes planned for installers, integrators, designers and consultants.
Join the conversation
The UK is sometimes referred to as ‘the most surveilled country on the planet’. Through the inaugural Surveillance Camera Day, I want to start a conversation about how surveillance cameras are used, why they’re used and who’s using them. Cameras are used to keep people safe, but as I stated we need to remember that new and emerging technology can lead to greater infringements to our civil liberties.
Civil engagement is a key strand of the National Surveillance Camera Strategy and I want people who use cameras to shine a light on what they do. How are they using cameras to protect communities and not spy on them?
Tony Porter QPM LLB is the Surveillance Camera Commissioner for England and Wales at the Home Office