Americans Reject Chinese and US Government Cloud Video Recording

Published Feb 17, 2016 05:00 AM

Americans overwhelmingly rejected both Chinese and US government owned cloud video recording, in Google consumer surveys run by IPVM. This is especially noteworthy as Hikvision continues its rapid, deceptive expansion to get US consumers to unknowingly put Chinese government controlled products into their homes.

In this note, we examine the survey results and the meaning for the market.

**********

**** ******* *** ********** *******, * majority ** ********* *** *** ** with ***** ******** *****:

*** ******* ****** ******* ****.

US **** **********

********* *** **** **** ******* ** the ** ********** **** *** ******* recording *** *****, **** ~**% ******* and **** **** **% ***:

*** ******* ** **** ****** ******* ****.

****: ***** *** ** ********* ***** by *** ** ********** ******** ***** video *********. **** ******** *** ******** simply ** ********** ******** ********** ***** potential ********** ***********.

Chinese **** **********

********* *** **** ******* ** *** Chinese ********** ****** ********* ********* *** video, **** ~**% *******:

*** ******* ******* **** ****** ******* ****.

Hikvision's ******

*********'* ***** ********** ***** **** ********* has ****** ****** ** *** ***** from ******** ** *******, ******* ***** day. *****, **************** ******** **** ***** ** * US ***** ********* ***** *********, ********* **** ** idea ***** **** ******** ***** ** being ********* ** *** ***** ** Chinese ********** ***** *******.

Government ******

**** *** ******* *** ** ********** have **** ***** ******* ** ******* / ********* ******** *******. ***** ******** continue ** **** ** **** *****, with *** ******* **********'* ****** ****-********* law ******* ********* [**** ** ****** available] *** *** ** ********** ******* for ********* (******** ***'* ****** ****** ******* *** FBI).

** ***** ***** ************ ** ****** going ** ****, *** *********, *** especially ***** ******** ********** ** *********** (Hikvision), *** ***** ** **** ** prove **** **** *** ****** *** protect ***** ********* **** *** ********* of ***********. ****** ****, ** ******** people **** * ***** **** *** is ***** *** ******** ** ****** ************ *******/* ****-** **********.

Comments (27)
EP
Eddie Perry
Feb 17, 2016

Disclosure: I work for the government

just say no to cloud storage you dont own. try really hard to avoid putting your cams on the internet if you can, and we all work for the NSA some of us just get paid to do so.

(3)
(1)
(4)
UM
Undisclosed Manufacturer #1
Feb 17, 2016

The scary part is that most users installing these cameras into their homes or businesses aren't informed enough to understand that even though they are recording directly to an SD card and not recording their video to the cloud, that if they are accessing live video, that video is still being uploaded to a server somewhere in the world. People think they are protected in their own homes when in reality they have opened their home up to anyone in that company who has access to those servers. When users install these cameras, they typically have to sign up and provide personal information. Can you imagine the implications that could arise if any government was granted access to these records and video access? I'm surprised with all the concerns related to privacy, there hasn't been more media attention on this topic.

(1)
JH
John Honovich
Feb 17, 2016
IPVM

"People think they are protected in their own homes when in reality they have opened their home up to anyone in that company who has access to those servers."

Yep, it's any aggressive government's dream. Live access inside of anyone's home.

(2)
UM
Undisclosed Manufacturer #2
Feb 17, 2016

"The scary part is that most users installing these cameras into their homes or businesses aren't informed enough...."

Sometimes when they are informed, they don't seem to care. I think sometimes it's willful ignorance or turning the blind eye... you got such a great, cheap deal out of this camera, you don't want to know what you might be giving up or away to get it. Kind of like when you buy those cheap clothes made in countries known for using slave like labor, you don't want to think about it, you just want to enjoy the cheap price. Ignorance is bliss.

(2)
JH
John Honovich
Feb 17, 2016
IPVM

"Kind of like when you buy those cheap clothes made in countries known for using slave like labor, you don't want to think about it, you just want to enjoy the cheap price."

In that case, though, the person is supporting something bad happening to someone else.

In the case of cloud accessible home video, the person is supporting something bad happening to themselves.

In the latter case, once they understood the potential risk to themselves, the more likely they would object.

(4)
U
Undisclosed #3
Feb 17, 2016
Why on earth who Why on earth would anyone not be sure of keeping China out of your private videos?
UM
Undisclosed Manufacturer #4
Feb 17, 2016

I feel like this is just feeding into the already misinformed base.

Is there a US owned Government agency running a residential VSaaS play? Or are any of the VSaaS providers running in US owned government owned data centers?

Is this even a real thing?

JH
John Honovich
Feb 17, 2016
IPVM

"Is there a US owned Government agency running a residential VSaaS play?"

No. That question was included to understand opinions / perceptions about governments and since this poll was done of Americans, we wanted to see how Americans would feel of their own government vs a foreign.

Point is well noted and I have clarified that in the report above.

UM
Undisclosed Manufacturer #1
Feb 17, 2016

Case in point - In the news today, Apple is opposing a judge's order to help the FBI break into the iPhone of one of the San Bernardino, California, shooters, calling the directive "an overreach by the U.S. government." Imagine if the FBI found out that the shooters had home security cameras installed, you can be certain they would be requesting access to those videos as well.

UM
Undisclosed Manufacturer #4
Feb 17, 2016

Continue down that path. You have a home DVR, the FBI shows up at your home to take it. You say "No" - you go to jail and they take your DVR anyway.

Or its hosted in the cloud. They show up at a Microsoft data center to get the data, Microsoft says "No". They don't get the data, and you aren't in jail.

Who has a better legal team, you, or Microsoft?


Here is even a better one - your DVR at home probably isn't encrypted data, and your residential internet, probably isn't keeping the NSA out if they want in. Short of not having it on the network, do you really think there is anything inside of a Hikvision box that can stop them? Do you even monitor your network to see if anyone is poking around?

Leveraging security on AWS / Azure / Google - these are the same "Cloud First" platforms that the government is utilizing, they set the bar and raise it, daily, on security.

Who has a better IT / Security Detection Department - You or Google?

(1)
Avatar
Nick Giannakis
Feb 17, 2016

Undisclosed 4 has nailed it. The question "Are you OK with your home security video being stored in the cloud?" is loaded with the preconceived notion that the general public understands the architectural difference between cloud storage and remote access, related to network security. Since there aren't any US government owned products in the VSaaS market (that I'm aware of), adding that variable to the question only further pollutes the conversation.

I suspect nearly all of the respondents who answered "NO" to this survey AND have a home video system, likely have remote access to there home system either through a phone app or a web client. Remote access in the residential market is basically a must-have and expected feature. I highly doubt many of those respondents have taken any additional steps to secure their network. In this scenario I believe the VSaaS option provides a more secure solution.

(3)
JH
John Honovich
Feb 17, 2016
IPVM

"I highly doubt many of those respondents have taken any additional steps to secure their network. In this scenario I believe the VSaaS option provides a more secure solution."

Nick, good feedback.

I agree people opening up holes in their firewalls are certainly exposing themselves to risk.

There are risks on both sides. In the pure DIY unsecure approach, you risk being hacked by someone probing / scanning the Internet. In the Chinese government cloud video approach, you risk someone internally having immediate access to all the devices / video.

(1)
Avatar
Nick Giannakis
Feb 17, 2016

John,

Notice I didn't reference Hikvision's product in my previous response. Working for a privately held domestic company, it is tempting to bash the foreign government owned competition but frankly that would only serve to fuel the fear of cloud solutions within the physical security industry. That would be counterproductive for me.

I believe the survey was intended to gauge the comfort level of cloud products for physical security. Perhaps the responses would have been different if the question was phrased like this. "Do you believe data is more secure in devices on your home network or with cloud providers?". Maybe I'm wrong, maybe the responses would be exactly the same but at least it would force the respondents to remove the personal attachment when answering.

I get it, when gauging the general public's comfort level, maybe nothing is more intimate then video from inside you're home. However, most of us already use cloud services for financial purposes (shopping, banking) a far greater risk exists if that data were to become compromised. In a few high profile examples, it has. Yet those breaches have done little to slow the use of cloud services in those industries.

(1)
(1)
JH
John Honovich
Feb 18, 2016
IPVM

"Perhaps the responses would have been different if the question was phrased like this. "Do you believe data is more secure in devices on your home network or with cloud providers?"."

Bad news, Nick.

We bought / did another Google survey. Here's the results:

Cloud is in last place, by a lot. Even worse, younger people were even more concerned. Those 34 and under, the preference for home computer was even more pronounced. Full results here.

Get the Brivo marketing team to rig do a survey! :)

(2)
Avatar
Nick Giannakis
Feb 19, 2016

John,

Thank you for running this survey. I'm not sure I see this as bad news. Only 1 and 3 people believe their personal data is safer on their home PC. I think it's clear this issue boils down to education.

Additionally, the "Don't Know / Not Sure" category could include some highly educated respondents that would have more questions about the cloud solution before determining if the cloud solution in question is more secure than their personal network.

Not all clouds are created equally. Each cloud provider has a different approach and focus on security. It is certainly a good exercise for a potential buyer to ask the cloud provider about their cloud environment.

The Information Technology Security Council (ITSC) and Physical Security Council (PSC) published a great whitepaper on this subject. In particular I like the section on "Questions to ask" (page 21).

http://www.brivo.com/wp-content/uploads/2014/08/CloudComputing_ASIS_WP.pdf

JH
John Honovich
Feb 19, 2016
IPVM

"I'm not sure I see this as bad news."

It gets worse. Another survey:

Either way, it's pretty clear people generally find their home more secure than the cloud. Full results link.

I am awaiting the Brivo 'whitepaper' debunking this!

(1)
U
Undisclosed
Feb 19, 2016

You infer Microsoft now provides VSaaS – this is real news; but so far as I can find, they don’t. In your scenario the FBI will not go to MS but rather to the company that owns the data and software that is running on the rented VM server; and it is that company you are relying on to defend your data and rights, not MS as you suggest. But let’s be real, while the alphabet soup of government agencies are known to over step the boundaries when it comes to data collection, the danger, the real danger are the crooks and criminals who are up to no good. When you store your vital data and AV content in the clouds, more often than not, you are storing it on a VM server that is sponsored (rented) by someone other than the company (for example MS) that provides and rents out the cloud infrastructure and it is those “renters” you are relying on to secure your data. When you put your stuff on someone else’s server (the cloud) then you are making your stuff available to them, to their employees, to their contractors, to their affiliates and to anyone who can break through the security barriers setup by the VM renter. And as we have witnessed time and time again, those barriers are weak, extremely weak.

(1)
(1)
U
Undisclosed #5
Feb 17, 2016
IPVMU Certified

Can anyone please articulate what the actual danger posed by Chinese Cloud video storage is to the average U.S. citizen?

Surely someone can concoct some scenario!

(1)
UM
Undisclosed Manufacturer #1
Feb 17, 2016

I'm sure multiple scenarios could be concocted. But, if we want to come up with a scenario, what if an average U.S.citizen who works for the U.S. government that has access to classified documents was recorded on his home camera cheating on his wife or doing illegal drugs? This video could be used as blackmail to get that citizen to divulge those documents or passwords in order to access those classified files. This scenario might seem preposterous, but it could happen. Not to mention there are other scenarios that could involve high-profile people or people of interest by the Chinese government that could use personal videos and audio to exploit those people if they so deemed.

(1)
U
Undisclosed #5
Feb 17, 2016
IPVMU Certified

... an average U.S.citizen who works for the U.S. government that has access to classified documents.

Any scenarios involving people without top-secret clearance?

UM
Undisclosed Manufacturer #1
Feb 17, 2016

I don't recall ever seeing a label on the box of the camera that states, "Not to be used by citizens who have access to classified information."

U
Undisclosed #5
Feb 17, 2016
IPVMU Certified

I don't ever recall seeing a label on the box of the camera...

If you had clearance though you might remember seeing this:

(a) The concern.

Noncompliance with rules, procedures, guidelines, or regulations pertaining to information technology systems may raise security concerns about an individual's trustworthiness, willingness, and ability to properly protect classified systems, networks, and information. Information Technology Systems include all related equipment used for the communication, transmission, processing, manipulation, and storage of classified or sensitive information....
(3) Removal (or use) of hardware, software, or media from any information technology system without authorization, when specifically prohibited by rules, procedures, guidelines or regulations;
(4) Introduction of hardware, software, or media into any information technology system without authorization, when specifically prohibited by rules, procedures, guidelines or regulations.

as well as

(4) Personal conduct or concealment of information that may increase an individual's vulnerability to coercion, exploitation, or duties, such as engaging in activities which, if known, may affect the person's personal, professional, or community standing or render the person susceptible to blackmail;

U
Undisclosed #5
Feb 18, 2016
IPVMU Certified

Let's take a look at how the 'video blackmail' scenario would work.

  1. Chinese intelligence identifies U.S. person of interest.
  2. Chinese intelligence then decides to see if that person has an account in the China cloud. This requires some manpower, since names are hardly unique and systems may be registered to other people in the home. Moreover, the cost of making a mistake here and monitoring or trying to extort the wrong person could be great, so a high confidence match is required.
  3. Once a match is determined, the video footage is pulled for review.
  4. No analytic exists for adulterous behavior, so manpower is again necessary to review hours of footage trying to determine if someone is having an affair or has a drug problem.
  5. If actionable evidence is found, do whatever blackmailers do etc.

IMHO, the cost of steps 1 thru 4, are costly and unlikely to be used against even corporate level persons of interest, e.g. "You will tell us everything you know about HDSM 2.0 or else.".

And even when the potential payoff is there, what would you estimate the odds are of someone having an affair AND it being unimpeachably documented on home video?

1 in 1000, 1 in 10,000, more?

Oh sure, there's a lot of drug use caught on cameras, but when you are looking for evidence not against anyone, but against a specific person doing something they know is illegal, I don't think you are very likely to find it.

Now compare that scenario to just the act of giving your credit card number to the cloud provider.

The odds, IMHO, are a million times greater that your credit card number gets used illicitly then the Chinese state hatches a plan to blackmail you.

U
Undisclosed #5
Feb 17, 2016
IPVMU Certified

Are these 3 questions answered by the same people in the same poll session?

(1)
JH
John Honovich
Feb 17, 2016
IPVM

Different people, different sessions, all run by Google. Links to full results and details are included for each above.

U
Undisclosed #5
Feb 17, 2016
IPVMU Certified

Who disagrees with an honest question?

I've taken polls where they ask you a whole mess of related questions. Subconsciously there is a pressure to be consistent with your previous answers.

I find it hard to believe that among the same exact group of Americans that more people would say Yes to Chinese government recording than American.

Because that would actually require individual people to answer 'Yes' to Chinese and 'Not Yes' to American in the same session.

Since these were independent runs though, this small difference can be attributed to statistic sampling.

(1)
U
Undisclosed #5
Mar 01, 2016
IPVMU Certified

FWIW, I think there IS a significant danger in using foreign based Cloud services.

I just don't think the danger is the use of home video to extort someone.

Here's the real problem:

Botnet Of 900 IP Cameras Launch DDOS Attack

Basically, every foreign controlled camera could be used against the US in various forms of cyberwarfare. 1 million forward hosts at the disposal of the PRC is a sobering thought.

(1)