In SIA's expert opinion, if a product is produced in China but then an American company applies their label and their colors to the UI of a product, does SIA consider that product still produced in China or produced in America?
How could IPVM have known to ask SIA about the exact same scenario that Aventura execs were arrested on a year later?
Simple. Every real insider knows this has been going on widely for many, many years.
The fact SIA cowardly refused to answer is driven by the greed of our 'leaders' to let the easy money flow.
The difference - Aventura is finished but Dahua and Hikvision are still spending with SIA.
Insider Aventura - SIA Executive Council Member
While SIA and other industry 'leaders' would like Aventura to be a sole rogue bad actor, Aventura's Managing Director is a member of the SIA executive council.
SIA Endorsed Aventura
Moreover, just 2 years ago, amidst the crime spree the US government alleges, SIA firmly endorsed Aventura as having a "strong history as an innovative manufacturer":
And, yet, hours after the US government announced criminal charges against Aventura, SIA cowardly deleted their endorsement of Aventura.
The reality is that SIA does not really care who is actually 'innovative' so long as they are paying SIA money. Indeed, Aventura is not even the only Long Island SIA member who is a deceptive 'manufacturer', see: The Embarrassing Story of ISC West's Best New IP Camera.
Silent on Human Rights Abuses
SIA has been silent on Dahua and Hikvision human rights abuses:
Being placed on the Entity List is a serious development for any individual, business, or organization. SIA will be communicating this decision to our members. We will communicate any decision about membership status as appropriate.
More than a month later, nothing. No decision, no stance, no explanation.
Silent on Racial Profiling Analytics
SIA has been silent on Hikvision's Uyghur ethnicity racial profiling analytics. We asked SIA repeatedly, both as media and as SIA members. Nothing.
This is an organization that cannot take a stand even against racial profiling of a group (Uyghurs) that last month SIA's own government declared were having their human rights abused by Hikvision.
Hikvision Sponsor of Honors Night
Where you can find SIA and Hikvision is hobnobbing tomorrow night as one of the sponsors of "SIA Honors Night". And from SIA's perspective what is more honorable than paying them money so they can be quiet about human rights abuses and racial profiling.
NSA Sponsor Cancelled
Dahua and Hikvision are two of SIA's largest revenue sources. These companies buy big booths, banners, and ongoing sponsorships.
nothing under Section 889 of the NDAA restricts the ability of affected companies to participate in any educational conferences as sponsors. We welcome the participation of SIA members and businesses which support the goal of educating the industry about cybersecurity.
Yes, Dahua and Hikvision provided an education - that SIA puts greed over US government security concerns.
SIA was so brazen that they tried to get an NSA Director to keynote the Dahua and Hikvision sponsored cybersecurity conference but the NSA Director canceled, finding a 'scheduling conflict' after he was informed of the sponsorship:
All of this is happening amidst an unprecedented surge in both government and privacy advocate's concerns about surveillance technology including fake manufacturing, supply chain integrity, racial profiling, etc.
Our 'leaders' like SIA's approach is incredibly short-sighted. The industry should strongly condemn these practices and build trust with the government and critics.
Positive Outlook
The future looks good, not for those like SIA who want to make money off fake manufacturing and ignoring human rights abuses, but for a better video surveillance industry that can be more committed to ethics and truth. We should be thankful for government and privacy advocate criticism that helps spur the industry to better contribute to society and be less cowardly and greedy.
UPDATE 2020 SIA Failing Fight Against NDAA
While SIA continues to fight for easy money, SIA continues to fail. SIA demanded that the NDAA 889 Part B must be delayed, failed at that, and, showing their true intentions, are now coaching sellers to use questionably legal workarounds.
I'm not in the US but i think the same sort of thing exists all over the world. I have zero respect for SIA or any security institutes or assicioations as they are all just money peddeling opertions by industry old timers that have managed to rope the insurance companies into thinking they actaully mean something when all they are is badly run marketing companies that portray to be experts or regulators.
There is an oppertuinity for somebody (IPVM for example?) to compleatly rip up the script and create an actual bonafide security institute where menbers are actually audited and manufacturers earn endorsement as pposed to buying it!
Is that something integrators would really want though?
Say I decided to rip up the script and start a competing entity. What value would my organization offer the world. I can think of a few things:
A repository of objective performance measurements and performance (endorsements). To provide that information I would need to acquire and test the equipment and software. Buying the devices would not be feasible, so I would be relying on manufacturers to provide the cameras for tests. This puts me in a situation where I am dependent on the good grace of the manufacturer AND I would have substantial staffing costs as I ran the tests. One option would be to crowd source the tests, but that sort of thing is susceptible to manipulation where people "test" a competitor and uploads bad results. On top of that, getting people to actually DO something (voluntarily) is incredibly hard.
A repository of security issues, bugs and problems. There's already a CVE database that you can search through, but most people probably don't. For this to be valuable, an integrator would have to actually relay bad information to their clients. E.g. you just installed 200 cameras, and now a critical CVE entry pops up. Do you tell your customer? Would you get pissed if I told your customer, and flagged you as dishonest for not doing so? Would you report a vulnerability in the cameras you're selling, and have been selling for the last 4 years?
And what would it mean to get an endorsement? Surely I do not have the ability or resources to do deep pen-testing on cameras and VMS's to the point where I can say "this is secure", so if I did, it would be based on "as far as we know", and that knowledge is probably not as deep as it should be. If it turns out that we missed a hole, our endorsements would quickly lose their value. Even more annoying: If Camera Model N gets a new firmware, we'd need to do a full retest, and bad companies could just rebrand their cameras to escape the flag. It's a never ending battle, and one you are too poorly funded to win.
It's also worth noting that a "bad" camera can be sufficient, and actually good, depending on the use-case and cost, therefore I don't believe in saying "this is good" and "this is bad". A camera that dies is a bad camera, but did it die because of a bad integrator didn't know what he was doing, or because it was just poorly made (I've seen both). Likewise "good" a VMS will prove useless if it stopped recording 4 months ago. No-one noticed because it was not looked after accessed. If an some poor fool argued spending $100K on such a VMS, most likely they are not interested in being exposed as incompetent hacks, and thus won't report such incidents. Especially if a $5000 system would have kept running for years w/o constant manual supervision and nursing. Crowd sourcing - once again - can't be trusted (Wikipedia is an exception).
But should I offer a repository on "crimes by association"? I think this is problematic, and it kind of deviates from the core value proposition of such an organization. For example, IPVM yells at just about everyone, but China gets a lot of "attention" from IPVM (and I applaud the effort). I am just concerned that it can get a little arbitrary and becomes a reflection on the beliefs of individuals rather than some objective metric (and how could it ever be). If I went off on a year-long crusade against American, Russian or Israeli companies you'd probably have some trust issues on my objective tests too.
When you join IPVM, you pretty quickly realize what soft of forum/medium it is, and so you can stay or go (and suffer the FOMO). IPVM decided against endorsements a long time ago, and I think it was a wise choice as it would mean that IPVM's brand would be tainted as it would (no doubt) be shown alongside endorsements from bullshit organizations, and if IPVM endorsed the "wrong" company it would be easy to say "oh, IPVM, don't you know they endorsed so-and-so".
Inevitably, your new organization would be taken over by smooth, money-grabbing a-holes, and then you'd just be another SIA.
All very valid points and your conclusion is probably correct!
I agree that if IPVM took on paid endiresments my estimation of them would drop drasticially and I probably wouldnt renew my supscriotion. I'll also say that as an integrator IPVM is a valuble tool to me for reviews and industry news and also for discussions like this one!
I wonder what precedent there is in other industries, our industry is a mish mash of broadcast, IT, electrical etc so there must be bodies in those industries that do this better than the SIA?
I'll aso iterate again that I'm not in the US and am far more expierenced with NSI in the UK who are a joke also.
I dont know if this compares but manufacturers of all electronics pay to get lab certifications for EMC to get CE approvals on their products. Th labe operate as for profit companies but all subscribe to the same industry test scenarios and the tests and documentation are standardised, i assume the lab companies then feed back into the standard agencies how the tests should be updated and iterated.
Lets say IPVM have a published set of tests for an internal dome camera for example. A company pays them dollars to run their product through the test and if the product passes IPVM give the company the test report (which the company can distirbute to their customers) and permission to display an IPVM certified logo on their product, or maybe there is a grading system like IPVM grede A\B\C etc.
A manufacturer then markets their product and can say look out camera in IPVM grade a in the internal dome camea category? They do this anyway, if you meet a rep they will always say did you see that we did really well in thet IPVm test last month, its already a sort of unofficial standard!
I think the issue is that there are metrics that are easy to measure; as you know, there are several (government bodies) that have requirements as to devices that are sold in their territories. As I understand it, certain independent labs are approved to make the tests, and issue the stamps needed. This allows competition (which is a good thing), and ideally the threat of losing the certification privileges will keep the labs honest.
This works relatively well when you have clear cut metrics - like the signal strength in a radio-based device. The labs don't care HOW the the radio works, as long as the signal strength is within spec.
So, there'd be a task to define what we are measuring and how to standardize it. This would make apples to apples comparisons trivial, but it would not be able to endorse or validate the more alternative claims you sometimes see. Another issue is that manufacturers might game the tests, and optimize for the tests instead of improving real-world performance. I suppose that the test could be designed such that good metrics in the test would always translate to good real-world performance.
In such tests, I think you'd find that Hikvision and Dahua etc. performs quite well and at a lower cost.
So there are 2 metrics that are quite difficult to quantify.
The first is trust - can you "trust" a Hikvision camera? Should you trust it more than one from another vendor? My take is that trust, based on vendor nationality, is nonsense. It's much, much cheaper and easier to bribe a disgruntled employee, or just go for the easy targets and leave the protected ones alone. Some high end cameras made in the US were hacked to bits at blackhat some time ago (2014 I think it was) - not because they wanted to spy on us, but because people are stupid and lazy, and make mistakes. Therefore, the proper approach is to assume that the camera is vulnerable - REGARDLESS of where it comes from.
The other is to attempt to gauge which company is more "moral". It might be that Hikvision makes the best, most secure cameras in the world. But if the Hikvision engineers are working tirelessly to create a device that can automatically alert the operator when a member of a religious minority is detected (for some sick purpose), then well... maybe you should consider sacrificing just a little of your profit to avoid strengthening this company. But how do you quantify morality? I think it's perfectly fine to both review the products AND take a critical stance on what the company is doing, but should "bad morality" affect the score?
Theoretically (and technically), what you are proposing could be done - but take a look at ONVIF, from a technical standpoint its a pile of dogshit, and for many years it seemed as if the ONVIF founders were actually quite content with the total chaos that surrounded it. I suspect that if we tried to get this off the ground, you'd very, very quickly see a powerful, well funded, organization pop up with another (possibly useless) "standard test" quickly destroying any chance of survival. It's the FUD strategy that IBM used for many years.
And the first article under this headline is “Hikvision Dual Lens Face Recognition Camera Tested”. It seems that taking Hik and Dahua’s money directly (SIA) is the like IPVM draws here. I don’t see it the same way, constantly promoting their products and keeping them on the front page for things other than their blatant criminal activities is just as bad. The most recent low light color shootout had 7 of their cameras featured.
This SIA post doesn’t pull any punches. To me the irony is heavy as this blog keeps the offending manufacturers front and center.
Short version - we have to report fairly and accurately. IPVM doing independent tests on Hikvision where the results may be positive or negative are fundamentally different than Hikvision paying SIA for promotion and validation.
Appreciate the civil response. The irony is still strong in your response, fair and balanced duty to report on one end, putting devil horns and straight up torching SIA on the other. I’m fine with the latter as you well know, but I don’t put on the halo in the next breath as IPVM in this case. The bad PRC guys get wayyyy to much positive or here. Headed to ISC this am maybe you and I can run by the Hik booth together?
fair and balanced duty to report on one end, putting devil horns and straight up torching SIA on the other
Speaking of ISC East, and to your point, if ISC East has strong traffic and exhibits, IPVM will say positive things about ISC East. We are not going to not cover ISC or attack ISC just because it's SIA's event.
and the 19 people whose livelihood is dependent upon monies coming into this organization.
How does that make you feel? <grin>
Someday there will be a landmark publication about charities and institutions and the life of their own they take on in order to persist and grow -- something akin to Darwin's theory about the survival of the fittest.
(Thank you for observing the rule re: acronyms. Not being an "insider", I did not know what SIA stands for.)
This attack on SIA is very uncalled for. SIA is a professional association, not political, and as such do not take a stand on political views. Kicking out members who committed a criminal act, such as Aventura, is different than making decision based on political views of other countries behavior and punishing manufacturers based on that.
SIA goal is to provide tools and standards for the benefit of the whole security industry. In order to do it effectively, it has to be non-political Professional organization. Many of the standards developed by collaborations of dozens of companies and industry experts focusing on the industry benefits and putting rivalry aside. Having the largest companies together with the smallest companies sitting together is a paramount factor to ensure successful standards and best practices development.
SIA is silent on the matter of HIK Vision and Dahua because there is nothing in SIA bylaws that make any stands in the matter. There is no law preventing anyone from purchasing HIK Vision or Dahua products, except Federal entities. It does raise significant concerns, but, it does not ban the sales of these products in the USA. FYI, it is the USA government policy for many years to not purchase Chinese made products regardless. (in many cases for good reasons)
Something to think about; Is a manufacturer responsible for the way its products are used and the user morals or criminal actions?
In that case, does a vehicle manufacturer is responsible for the actions of criminal enterprise that bought their vehicles from them? maybe even had them customized? Is an Intercom manufacturer and installer are responsible for the use of their equipment in a building used for Human Traffic ?
I do not condone the actions done by any government against any group based on religion, race, gender or political views. But, should we hold that government's suppliers responsible? than, the whole US weapons manufacturers are in trouble, their customers used their products in some point were used for such violations.
Full disclosure, I am a SIA member and participate in several committees, as well as member of other security industry associations and contributing to them as well.
this reasoning goes no where. American armed forces, supplied by subsidiaries of UTC and Raytheon killed hundreds of muslims a year for decades. did you ever boycott Lenel ? kidde ? interlogix ?
Why would we do that? They did a fantastic job, their products worked fantastically especially targeting systems, weapons tracking, radars. What’s gives?
Full disclosure, I am a SIA member and participate in several committees
For a SIA member who participates in several committees, your fundamental failure to understand the basic facts involved is embarrassing but expected.
Is a manufacturer responsible for the way its products are used and the user morals or criminal actions?
Dahua built and operates police stations in Xinjiang that are used to persecute Uyghurs on an ongoing basis. They are directly involved. At least Don Erickson knows this and is smart enough to say nothing rather than use such an obvious fallacious defense.
And when Hikvision develops and markets Uyghur analytic software, are we really going to argue, with a straight face that there is any moral way to use that?
It's hysterical that SIA cannot come out against racial profiling software and you are defending them for that.
Kicking out members who committed a criminal act, such as Aventura
Aventura has been charged but not convicted. You do understand the difference?
Sure, Aventura should be suspended on such serious allegations but the same should be applied to even more serious allegations against Dahua and Hikvision.
Again, the actions of a government against it's own people is a political issue, as bad as they are, and are handled by the bodies responsible for politics (USA government, Senate, Congress, state department, UN and many others). Professional organization should not deal with politics, especially if it is an international organization like SIA. This is not minimizing the actions done by say government.
Anyone has the right to choose his provider, and fortunately, unlike China, we do get a lot of information to make concious decision.
Avantura, allegedly, was lying and misleading its customers. this, by itself, is criminal. Most "OEM"s do not hide their "source" when asked.
As of HIK Vision cooperation with the government, we know who own them, can you say no to your boss? Dahua is privately held and like any business, want to make as much sales as possible.
BTW, I just came back from China and I noticed Axis cameras, so, now we are going to ban Axis?
There are many Lennel systems in Chinese government buildings, so now we ban Lennel?
It is your right, and it is great that you have it, to decide if you want to ban a product or prefer products based on any parameters you decide, including political views. But, you can not enforce YOUR views on other people or organizations. If you do so, this is not democracy, this is Fascism.
Democracy is a great system, but, also very fragile. We all need to make sure everyone has the right for their own opinion (including no opinion) and no one is forced into statements they do not agree with or not willing to make.
SIA do not want to make a statement, it is it's right!!
Stop looking for a fight where there is no interested party. You want to fight? there are many other venues. ... WWF, UFC, etc.
Avantura, allegedly, was lying and misleading its customers. this, by itself, is criminal. Most "OEM"s do not hide their "source" when asked.
Lying and misleading about OEM 'sources' has been the norm for many, many years. Also, funny that you qualify it "when asked'. So it's ok to mislead and deceive publicly about your product source as long if someone happens to ask directly, they tell the truth? That's quite a tact. And I will tell you I have talked to various Honeywell and UTC employees (to name bigger company examples) over the years that hide their source when asked.
BTW, I just came back from China and I noticed Axis cameras, so, now we are going to ban Axis?
#3, you cannot seriously be using this as an argument? It's a complete strawman. No one is arguing that just because a device is deployed in China, it should be banned. Moreover, this post is not even talking about banning Dahua or Hikvision, if SIA had the guts to even comment on these very high profile situations, they could at least claim some moral ground and 'thought leadership' as they like to brag.
SIA do not want to make a statement, it is it's right!!
Agreed, it is their 'right' to say nothing. It is also other people's rights to call them out for it.
As I think about this, the concept of trade associations doing what corporations dare not do becomes more crystallized in my view. It's like the trade association can be a corporation's hench man and then the corporation can exercise plausible deniability when it is expedient to do so. This on-going debate John Honovich is having with other participants about this topic has been enlightening. Thank you, John, and Anonymous participant!
The genius behind this slogan has served the NRA well. The Security Industry Council is wise clever to adopt a proven argument to dismiss its moral responsibility.
This is my opinion only, and worth precisely what you paid for it.
Is IPVM a blog as some like to claim, or a news reporting site? Ad hominems like "greedy" and "cowardly" demonstrate a bias and level of emotion that suggest the author has a personal axe to grind and detracts from the quality and professionalism of the article.
If someone has done something wrong, report on it in a professional manner. Leave the sensationalism for the tabloids.
Now that's where you're wrong. I bet you several CCP bigwigs and Hikua executives have significant monitoring of IPVM so they know when to deep-six their racial profiling analytics from the product features list....
#5, thanks for the thoughtful feedback and question. This is definitely meant as a criticism on their business character. We've been engaging with SIA for years and been a SIA member for more than a year and I've directly interacted with them dozens of times and spoken with numerous SIA 'leaders'.
One, I think that the characterization of them as 'cowards' and 'greedy' is an accurate representation of how they make decisions (or don't as the case may be).
Two, using those words and the pictures selected much more powerfully conveys that message than a simple facts report.
That said, your point is well made. There is the downside that some will find it biased or unprofessional. However, I think overall the choice of title, imagery, and characterization was key to more effectively conveying what is wrong with SIA and industry 'leaders'.
We need to face that we are not simply dealing with mistakes from our 'leaders' but an underlying culture of 'greed' and 'cowardice' that is focused on the easy money to the expense of long-term ethics.
Thanks for the reply John. I fully submit this is your site to run as you please, and so my observations (and opinions) were just a perspective I thought you might want to consider. I appreciate the cordial discourse! :)
I think we are asking too much from SIA. SIA is in the business to make money. Does the commitment to revenue generation override a moral obligation to do the right thing? In this case yes. Thank you SIA, duly noted. Now it is up to us, the industry, to take that knowledge forward. SIA will not take a stand until it hurts them financially. Is anyone out there, manufacturer for dealer alike, not going to attend ISC for instance because SIA will not take a stand? Probably not. So for SIA it is business as usual.
But I think there is another element at play here. And again, it is financial in nature. Until dealers are ready to stop chasing the price to the bottom and can sell on value not lowest price this is going to continue. It is up to the dealers and their customers to keep the honest dealers honest. And some manufacturers, dealers and end users just don't care and low cost is the overriding factor. Here is an example: if I am walking down the street in NYC and someone offers to sell me a gold Rolex watch my first reaction would be to decline the offer especially if it has quartz movement. But there will be a segment of the populace that will purchase the watch knowing it is a knock off simply because it is close enough. At a glance most people will think that it is a genuine Rolex. The buyer has turned a blind eye to the fact that it is not what is represented to be. The security video world is really about Laissez Faire; buyer (dealer) beware. It is up to each of us to do our homework and determine if the products we are using are what the manufacturers they say they are. We can not depend on SIA to do this as they are a business and have an agenda to be profitable. What we are really talking about would have to be government regulation of the industry.
So at the end of the day are security dealers willing to do their homework and sell products based on a moral concern for country of origin, cyber security, racial profiling and value knowing that they will lose some projects due to being higher priced? The only way that the industry will change is when the dealers make choices that affect manufacturers positively or negatively.
The bright side is that there are a host of manufacturers that are doing business the right way. Many have listed the true country of origin for their products on their websites. Many are truly Made in the USA yet are competitively priced and offer a very high value to the dealer and end user. You just need to do your own homework.
not going to attend ISC for instance because SIA will not take a stand? Probably not. So for SIA it is business as usual.
Agreed, most people attend or exhibit at ISC for its direct benefits and rarely even think about SIA's involvement. But in fairness, SIA is not simply seeking to maximize revenue from shows. The SIA 'leaders' from what I have seen really pride themselves in the belief that they are 'leaders'. I do think the more they see pushback, the more they will try to grapple with how to really handle the situation rather than avoid it, to try to justify their self-proclaimed 'leadership'.
It is up to each of us to do our homework and determine if the products we are using are what the manufacturers they say they are. We can not depend on SIA to do this as they are a business and have an agenda to be profitable. What we are really talking about would have to be government regulation of the industry.
I agree about the homework side and an area we spend a lot of time exposing OEMs, relabelling, product issues, etc. Ultimately, though, I think some of these things need government regulation. Things like relabelling Dahua or Hikvision products. People need to know directly, just like you could easily glance at a packaged food item and see the ingredients, buyers should be able to scan a datasheet and know #itsarelabeledhikvision, etc.
There are a couple of comments on here alleging that SIA is not political. I'm not advocating for or against them. But, this from the SIA website sure sounds political to me.
Advocating pro-industry policies and legislation on Capitol Hill and throughout the 50 states
advocates for policies and legislation that drive business opportunities in a wide range of vertical markets, including health care, ports, transit and education.
Certainly. SIA is 'political' but they are 'political' for 'pro-industry' goals, which they interpret as selling more security systems in the short term. Things that risk undercutting such sales - whether it be tariffs or human right sanctions or regulations against unethical use - are things that SIA inherently resists.
Oh puhleaaasseee, they are celebrated here every damned day. IPVM has been Hik’s product showcase since I’ve been a member. You demand action out of SIA yet throw their hardware into every test article? And not just one camera either.
"they are celebrated here every damned day".... What???? What universe is this coming from? Things must have REALLY changed since the last time I was on IPVM....lol.
