The Cowardly, Greedy "Leaders" of Video Surveillance - SIA
By John Honovich, Published Nov 19, 2019, 10:35am ESTThe video surveillance industry suffers from cowardly, greedy 'leaders' focused on maximizing easy money while undermining public trust.
The explosive arrests of industry executives and human rights sanctions underscore these issues and the central role that the US Security Industry Association (SIA) plays in providing cover for them.
Fake Manufacturing Ally
Last year, SIA refused to answer IPVM's simple question about fake manufacturing:
In SIA's expert opinion, if a product is produced in China but then an American company applies their label and their colors to the UI of a product, does SIA consider that product still produced in China or produced in America?
How could IPVM have known to ask SIA about the exact same scenario that Aventura execs were arrested on a year later?
Simple. Every real insider knows this has been going on widely for many, many years.
The fact SIA cowardly refused to answer is driven by the greed of our 'leaders' to let the easy money flow.
Suspended Aventura
Just 2 business days after the US government alleged Aventura committed fraud, SIA suspended Aventura.
Yet more than a month after the US government alleged Dahua and Hikvision committed human rights abuses and violations, both PRC companies remain in good standing with SIA.
The difference - Aventura is finished but Dahua and Hikvision are still spending with SIA.
Insider Aventura - SIA Executive Council Member
While SIA and other industry 'leaders' would like Aventura to be a sole rogue bad actor, Aventura's Managing Director is a member of the SIA executive council.
SIA Endorsed Aventura
Moreover, just 2 years ago, amidst the crime spree the US government alleges, SIA firmly endorsed Aventura as having a "strong history as an innovative manufacturer":
And, yet, hours after the US government announced criminal charges against Aventura, SIA cowardly deleted their endorsement of Aventura.
The reality is that SIA does not really care who is actually 'innovative' so long as they are paying SIA money. Indeed, Aventura is not even the only Long Island SIA member who is a deceptive 'manufacturer', see: The Embarrassing Story of ISC West's Best New IP Camera.
Silent on Human Rights Abuses
SIA has been silent on Dahua and Hikvision human rights abuses:
On October 8th, when the sanctions first were announced, SIA gave a generic statement:
Being placed on the Entity List is a serious development for any individual, business, or organization. SIA will be communicating this decision to our members. We will communicate any decision about membership status as appropriate.
More than a month later, nothing. No decision, no stance, no explanation.
Silent on Racial Profiling Analytics
SIA has been silent on Hikvision's Uyghur ethnicity racial profiling analytics. We asked SIA repeatedly, both as media and as SIA members. Nothing.
This is an organization that cannot take a stand even against racial profiling of a group (Uyghurs) that last month SIA's own government declared were having their human rights abused by Hikvision.
Hikvision Sponsor of Honors Night
Where you can find SIA and Hikvision is hobnobbing tomorrow night as one of the sponsors of "SIA Honors Night". And from SIA's perspective what is more honorable than paying them money so they can be quiet about human rights abuses and racial profiling.
NSA Sponsor Cancelled
Dahua and Hikvision are two of SIA's largest revenue sources. These companies buy big booths, banners, and ongoing sponsorships.
The most absurd example was earlier this year when SIA accepted Dahua and Hikvision sponsorship to their Cybersecurity Forum, 11 months after the US government passed a law banning those companies for US government use for cybersecurity risks.
SIA justified it thusly:
nothing under Section 889 of the NDAA restricts the ability of affected companies to participate in any educational conferences as sponsors. We welcome the participation of SIA members and businesses which support the goal of educating the industry about cybersecurity.
Yes, Dahua and Hikvision provided an education - that SIA puts greed over US government security concerns.
SIA was so brazen that they tried to get an NSA Director to keynote the Dahua and Hikvision sponsored cybersecurity conference but the NSA Director canceled, finding a 'scheduling conflict' after he was informed of the sponsorship:
Of course, the NSA does not buy ISC booths like Dahua or Hikvision. And the Cyber Secured Forum is now shutdown.
Short-Sighted, Damaging To Trust
All of this is happening amidst an unprecedented surge in both government and privacy advocate's concerns about surveillance technology including fake manufacturing, supply chain integrity, racial profiling, etc.
Our 'leaders' like SIA's approach is incredibly short-sighted. The industry should strongly condemn these practices and build trust with the government and critics.
Positive Outlook
The future looks good, not for those like SIA who want to make money off fake manufacturing and ignoring human rights abuses, but for a better video surveillance industry that can be more committed to ethics and truth. We should be thankful for government and privacy advocate criticism that helps spur the industry to better contribute to society and be less cowardly and greedy.
UPDATE 2020 SIA Failing Fight Against NDAA
While SIA continues to fight for easy money, SIA continues to fail. SIA demanded that the NDAA 889 Part B must be delayed, failed at that, and, showing their true intentions, are now coaching sellers to use questionably legal workarounds.
4 reports cite this report:
.jpg)
Comments (35)
I'm not in the US but i think the same sort of thing exists all over the world. I have zero respect for SIA or any security institutes or assicioations as they are all just money peddeling opertions by industry old timers that have managed to rope the insurance companies into thinking they actaully mean something when all they are is badly run marketing companies that portray to be experts or regulators.
There is an oppertuinity for somebody (IPVM for example?) to compleatly rip up the script and create an actual bonafide security institute where menbers are actually audited and manufacturers earn endorsement as pposed to buying it!
| 11/20/19 09:26am
Is that something integrators would really want though?
Say I decided to rip up the script and start a competing entity. What value would my organization offer the world. I can think of a few things:
A repository of objective performance measurements and performance (endorsements). To provide that information I would need to acquire and test the equipment and software. Buying the devices would not be feasible, so I would be relying on manufacturers to provide the cameras for tests. This puts me in a situation where I am dependent on the good grace of the manufacturer AND I would have substantial staffing costs as I ran the tests. One option would be to crowd source the tests, but that sort of thing is susceptible to manipulation where people "test" a competitor and uploads bad results. On top of that, getting people to actually DO something (voluntarily) is incredibly hard.
A repository of security issues, bugs and problems. There's already a CVE database that you can search through, but most people probably don't. For this to be valuable, an integrator would have to actually relay bad information to their clients. E.g. you just installed 200 cameras, and now a critical CVE entry pops up. Do you tell your customer? Would you get pissed if I told your customer, and flagged you as dishonest for not doing so? Would you report a vulnerability in the cameras you're selling, and have been selling for the last 4 years?
And what would it mean to get an endorsement? Surely I do not have the ability or resources to do deep pen-testing on cameras and VMS's to the point where I can say "this is secure", so if I did, it would be based on "as far as we know", and that knowledge is probably not as deep as it should be. If it turns out that we missed a hole, our endorsements would quickly lose their value. Even more annoying: If Camera Model N gets a new firmware, we'd need to do a full retest, and bad companies could just rebrand their cameras to escape the flag. It's a never ending battle, and one you are too poorly funded to win.
It's also worth noting that a "bad" camera can be sufficient, and actually good, depending on the use-case and cost, therefore I don't believe in saying "this is good" and "this is bad". A camera that dies is a bad camera, but did it die because of a bad integrator didn't know what he was doing, or because it was just poorly made (I've seen both). Likewise "good" a VMS will prove useless if it stopped recording 4 months ago. No-one noticed because it was not looked after accessed. If an some poor fool argued spending $100K on such a VMS, most likely they are not interested in being exposed as incompetent hacks, and thus won't report such incidents. Especially if a $5000 system would have kept running for years w/o constant manual supervision and nursing. Crowd sourcing - once again - can't be trusted (Wikipedia is an exception).
But should I offer a repository on "crimes by association"? I think this is problematic, and it kind of deviates from the core value proposition of such an organization. For example, IPVM yells at just about everyone, but China gets a lot of "attention" from IPVM (and I applaud the effort). I am just concerned that it can get a little arbitrary and becomes a reflection on the beliefs of individuals rather than some objective metric (and how could it ever be). If I went off on a year-long crusade against American, Russian or Israeli companies you'd probably have some trust issues on my objective tests too.
When you join IPVM, you pretty quickly realize what soft of forum/medium it is, and so you can stay or go (and suffer the FOMO). IPVM decided against endorsements a long time ago, and I think it was a wise choice as it would mean that IPVM's brand would be tainted as it would (no doubt) be shown alongside endorsements from bullshit organizations, and if IPVM endorsed the "wrong" company it would be easy to say "oh, IPVM, don't you know they endorsed so-and-so".
Inevitably, your new organization would be taken over by smooth, money-grabbing a-holes, and then you'd just be another SIA.
Remember what happened to Googles motto.
All very valid points and your conclusion is probably correct!
I agree that if IPVM took on paid endiresments my estimation of them would drop drasticially and I probably wouldnt renew my supscriotion. I'll also say that as an integrator IPVM is a valuble tool to me for reviews and industry news and also for discussions like this one!
I wonder what precedent there is in other industries, our industry is a mish mash of broadcast, IT, electrical etc so there must be bodies in those industries that do this better than the SIA?
I'll aso iterate again that I'm not in the US and am far more expierenced with NSI in the UK who are a joke also.
I dont know if this compares but manufacturers of all electronics pay to get lab certifications for EMC to get CE approvals on their products. Th labe operate as for profit companies but all subscribe to the same industry test scenarios and the tests and documentation are standardised, i assume the lab companies then feed back into the standard agencies how the tests should be updated and iterated.
Lets say IPVM have a published set of tests for an internal dome camera for example. A company pays them dollars to run their product through the test and if the product passes IPVM give the company the test report (which the company can distirbute to their customers) and permission to display an IPVM certified logo on their product, or maybe there is a grading system like IPVM grede A\B\C etc.
A manufacturer then markets their product and can say look out camera in IPVM grade a in the internal dome camea category? They do this anyway, if you meet a rep they will always say did you see that we did really well in thet IPVm test last month, its already a sort of unofficial standard!
What do you think of a model like that?
| 11/20/19 07:35pm
I think the issue is that there are metrics that are easy to measure; as you know, there are several (government bodies) that have requirements as to devices that are sold in their territories. As I understand it, certain independent labs are approved to make the tests, and issue the stamps needed. This allows competition (which is a good thing), and ideally the threat of losing the certification privileges will keep the labs honest.
This works relatively well when you have clear cut metrics - like the signal strength in a radio-based device. The labs don't care HOW the the radio works, as long as the signal strength is within spec.
So, there'd be a task to define what we are measuring and how to standardize it. This would make apples to apples comparisons trivial, but it would not be able to endorse or validate the more alternative claims you sometimes see. Another issue is that manufacturers might game the tests, and optimize for the tests instead of improving real-world performance. I suppose that the test could be designed such that good metrics in the test would always translate to good real-world performance.
In such tests, I think you'd find that Hikvision and Dahua etc. performs quite well and at a lower cost.
So there are 2 metrics that are quite difficult to quantify.
The first is trust - can you "trust" a Hikvision camera? Should you trust it more than one from another vendor? My take is that trust, based on vendor nationality, is nonsense. It's much, much cheaper and easier to bribe a disgruntled employee, or just go for the easy targets and leave the protected ones alone. Some high end cameras made in the US were hacked to bits at blackhat some time ago (2014 I think it was) - not because they wanted to spy on us, but because people are stupid and lazy, and make mistakes. Therefore, the proper approach is to assume that the camera is vulnerable - REGARDLESS of where it comes from.
The other is to attempt to gauge which company is more "moral". It might be that Hikvision makes the best, most secure cameras in the world. But if the Hikvision engineers are working tirelessly to create a device that can automatically alert the operator when a member of a religious minority is detected (for some sick purpose), then well... maybe you should consider sacrificing just a little of your profit to avoid strengthening this company. But how do you quantify morality? I think it's perfectly fine to both review the products AND take a critical stance on what the company is doing, but should "bad morality" affect the score?
Theoretically (and technically), what you are proposing could be done - but take a look at ONVIF, from a technical standpoint its a pile of dogshit, and for many years it seemed as if the ONVIF founders were actually quite content with the total chaos that surrounded it. I suspect that if we tried to get this off the ground, you'd very, very quickly see a powerful, well funded, organization pop up with another (possibly useless) "standard test" quickly destroying any chance of survival. It's the FUD strategy that IBM used for many years.
Yeah... I'm a misanthrope AND a pessimist.
And the first article under this headline is “Hikvision Dual Lens Face Recognition Camera Tested”. It seems that taking Hik and Dahua’s money directly (SIA) is the like IPVM draws here. I don’t see it the same way, constantly promoting their products and keeping them on the front page for things other than their blatant criminal activities is just as bad. The most recent low light color shootout had 7 of their cameras featured.
This SIA post doesn’t pull any punches. To me the irony is heavy as this blog keeps the offending manufacturers front and center.
This article is going to hurt all the feelings of these captains of industry:
Board of Directors | Security Industry Association
and the 19 people whose livelihood is dependent upon monies coming into this organization.
How does that make you feel? <grin>
Someday there will be a landmark publication about charities and institutions and the life of their own they take on in order to persist and grow -- something akin to Darwin's theory about the survival of the fittest.
(Thank you for observing the rule re: acronyms. Not being an "insider", I did not know what SIA stands for.)
You could have added Tinman and Scarecrow, too. They seem to be missing brain and heart as well
This attack on SIA is very uncalled for. SIA is a professional association, not political, and as such do not take a stand on political views. Kicking out members who committed a criminal act, such as Aventura, is different than making decision based on political views of other countries behavior and punishing manufacturers based on that.
SIA goal is to provide tools and standards for the benefit of the whole security industry. In order to do it effectively, it has to be non-political Professional organization. Many of the standards developed by collaborations of dozens of companies and industry experts focusing on the industry benefits and putting rivalry aside. Having the largest companies together with the smallest companies sitting together is a paramount factor to ensure successful standards and best practices development.
SIA is silent on the matter of HIK Vision and Dahua because there is nothing in SIA bylaws that make any stands in the matter. There is no law preventing anyone from purchasing HIK Vision or Dahua products, except Federal entities. It does raise significant concerns, but, it does not ban the sales of these products in the USA. FYI, it is the USA government policy for many years to not purchase Chinese made products regardless. (in many cases for good reasons)
Something to think about; Is a manufacturer responsible for the way its products are used and the user morals or criminal actions?
In that case, does a vehicle manufacturer is responsible for the actions of criminal enterprise that bought their vehicles from them? maybe even had them customized? Is an Intercom manufacturer and installer are responsible for the use of their equipment in a building used for Human Traffic ?
I do not condone the actions done by any government against any group based on religion, race, gender or political views. But, should we hold that government's suppliers responsible? than, the whole US weapons manufacturers are in trouble, their customers used their products in some point were used for such violations.
Full disclosure, I am a SIA member and participate in several committees, as well as member of other security industry associations and contributing to them as well.
"Is a manufacturer responsible for the way its products are used and the user morals or criminal actions?"
Normally no, but when the manufacturer/owner is also the one using the products the answer is yes.
"But, should we hold that government's suppliers responsible?" Again, when the government is the supplier itself, yes we should.
Full disclosure, I am a SIA member and participate in several committees
For a SIA member who participates in several committees, your fundamental failure to understand the basic facts involved is embarrassing but expected.
Is a manufacturer responsible for the way its products are used and the user morals or criminal actions?
Dahua built and operates police stations in Xinjiang that are used to persecute Uyghurs on an ongoing basis. They are directly involved. At least Don Erickson knows this and is smart enough to say nothing rather than use such an obvious fallacious defense.
And when Hikvision develops and markets Uyghur analytic software, are we really going to argue, with a straight face that there is any moral way to use that?
It's hysterical that SIA cannot come out against racial profiling software and you are defending them for that.
Kicking out members who committed a criminal act, such as Aventura
Aventura has been charged but not convicted. You do understand the difference?
Sure, Aventura should be suspended on such serious allegations but the same should be applied to even more serious allegations against Dahua and Hikvision.
And you do understand who Aventura's largest partner and conspirator were in the alleged criminal acts? Hikvision.
The above philosophical argument
Is a manufacturer responsible for the way its products are used and the user morals or criminal actions?
encompasses the soul of the National Rifle Association ("NRA") successful slogan:
guns don't kill people, people kill people.
Source: Why the NRA Is Still Winning the War on Guns - The Atlantic
The genius behind this slogan has served the NRA well. The Security Industry Council is wise clever to adopt a proven argument to dismiss its moral responsibility.
This is my opinion only, and worth precisely what you paid for it.
Is IPVM a blog as some like to claim, or a news reporting site? Ad hominems like "greedy" and "cowardly" demonstrate a bias and level of emotion that suggest the author has a personal axe to grind and detracts from the quality and professionalism of the article.
If someone has done something wrong, report on it in a professional manner. Leave the sensationalism for the tabloids.
I think we are asking too much from SIA. SIA is in the business to make money. Does the commitment to revenue generation override a moral obligation to do the right thing? In this case yes. Thank you SIA, duly noted. Now it is up to us, the industry, to take that knowledge forward. SIA will not take a stand until it hurts them financially. Is anyone out there, manufacturer for dealer alike, not going to attend ISC for instance because SIA will not take a stand? Probably not. So for SIA it is business as usual.
But I think there is another element at play here. And again, it is financial in nature. Until dealers are ready to stop chasing the price to the bottom and can sell on value not lowest price this is going to continue. It is up to the dealers and their customers to keep the honest dealers honest. And some manufacturers, dealers and end users just don't care and low cost is the overriding factor. Here is an example: if I am walking down the street in NYC and someone offers to sell me a gold Rolex watch my first reaction would be to decline the offer especially if it has quartz movement. But there will be a segment of the populace that will purchase the watch knowing it is a knock off simply because it is close enough. At a glance most people will think that it is a genuine Rolex. The buyer has turned a blind eye to the fact that it is not what is represented to be. The security video world is really about Laissez Faire; buyer (dealer) beware. It is up to each of us to do our homework and determine if the products we are using are what the manufacturers they say they are. We can not depend on SIA to do this as they are a business and have an agenda to be profitable. What we are really talking about would have to be government regulation of the industry.
So at the end of the day are security dealers willing to do their homework and sell products based on a moral concern for country of origin, cyber security, racial profiling and value knowing that they will lose some projects due to being higher priced? The only way that the industry will change is when the dealers make choices that affect manufacturers positively or negatively.
The bright side is that there are a host of manufacturers that are doing business the right way. Many have listed the true country of origin for their products on their websites. Many are truly Made in the USA yet are competitively priced and offer a very high value to the dealer and end user. You just need to do your own homework.
There are a couple of comments on here alleging that SIA is not political. I'm not advocating for or against them. But, this from the SIA website sure sounds political to me.
Advocating pro-industry policies and legislation on Capitol Hill and throughout the 50 states
advocates for policies and legislation that drive business opportunities in a wide range of vertical markets, including health care, ports, transit and education.
Update: SIA is still silent on Dahua and Hikvision.
Now, SIA's "market leaders" reception at ISC West is being sponsored by Dahua and Hikvision:
Nothing like human rights abusers being celebrated as industry leaders!
Oh puhleaaasseee, they are celebrated here every damned day. IPVM has been Hik’s product showcase since I’ve been a member. You demand action out of SIA yet throw their hardware into every test article? And not just one camera either.
We have been over and covered that argument numerous times already.
"they are celebrated here every damned day".... What???? What universe is this coming from? Things must have REALLY changed since the last time I was on IPVM....lol.
