UK Boroughs £1.3 Million, 900-Camera End-to-End Dahua Project
Two London boroughs entered into a £1.3 million (~$1.8 million USD) contract to upgrade 900+ existing cameras to Dahua and to establish a joint control room to remotely view the cameras using Dahua DSS.
A project this large is significant for Dahua, particularly outside of China, but risky for the local councils, given Dahua's poor human rights and cybersecurity track records. Indeed, an end-to-end Dahua system creates both front and back-end security concerns.
In this report, IPVM examines the contract details and risks involved, based on 1,000+ pages of documentation that we received directly from the two borough councils involved via a Freedom of Information request.
Executive *******
******** **** *******************, *** ****** ********, *** ******** £1.3 ******* (~$*.* ******* ***) ** build * ***** ******* **** *** establish ** ***-**-*** ***** ******, * particularly ******** ******* ***** ***** ******* of *****. **** ******** ** ******* of ***+ ******* ** ***** ******** as **** ** *** *** ** Dahua's ***, ***. *** *******, ********* by ***** *****************, **** ********* ** ****** ** housing ******* ********** **********, *** ***** police **** ******** ** **** ****** to *** ******.
*******, *** ******** **** ************* *** ethical ***** ** ******** ** ******* their ********' ******* ** ***** ********. Dahua **** ***** ****** ** ****** ************* vulnerabilities**** **** *** ** **** ***** of *****' *******. *******, ***** ********* to ************ ** ***** ****** ****** ******* Uyghurs ** *****, *********** ******* ****** ***** ***********.
**** ******** *,***+ ***** ** ********* about **** ******* ***** **** *** PDF ***** (*,*) **** *** ******** *** ********** councils.
£1.3 ******* ******** ** ********* ******* **** *** ******* *******
*** ******** ****** ******** ** ******** Upon ****** *** ********** ******* **** a £*.* ******* ******** ** ******* 2020, ********* ********** *******'* ******** ********. **** ******** *********** * ****** CCTV ******* **** *** *** *** boroughs *** ******* ~*** ******** ******* in ********** ******* ** *****:
*** ******* **** ** ******* ******** cameras *** ***** *** "****** ****** to ******** ****" **** *** *** control ****:
*** ****** ****** ** *** ******** did *** ******* ******* ** **** brand ** ******* *** ********* ***** used. **** ******** ** *** ** end ** ******** **** *** **** be ** *** ****** ** **** 2023.
Richmond *** ********** ******** ***** ******* ****
******* ** ***** ***** *********, *** boroughs *** ******* *** **** ******* room, ***** **** ** ** *** Wandsworth **** ****. *** *** ******** plan ** ****** * ***** ******** structure ** ******** *** *** **** will ** *******.
London ************ ****** ***** ****** ** *******
*** *******'* ****** ********* **** ******** links ** *****-***** ***** **** **** to ** ********** ** **-*********** **** building *** *** ******* ****:
*** **** *********** ***** ***** **** is ***** ****** ** **********'* ******* is *** ************ ******, *** ****** force *********** *** *** ******* ****** area. *** ***** ****** ******* *** "full ******* *** ******* ** [**********'*] cameras." *******, ******* ******* *** ****** recordings **** *** **** *** **** access ** **** *******.
*** ********* *** *** ***** ******* the ****** **** ********* **** ****** to ********'* ****** ******.
Dahua ********* **** *** ********** *******
******** ******* **** ** ******** **** Dahua *******, ** ***** ** * "CCTV ********** *******" *********, *** ***** ** ********** *** won *** ********. ******, ***** ** listed ** *** *** ********** ******* in *** ************* **** ********, ********* explicit ******* ** ***, *****'* ***:
*******, *** ********* ******** ***** ******* and *** **** ** ****:
********'* ******** ****** *** ******* ***:
******, ******* **** **** ** ******** **% ** *** ******* ***** from *** *****, ********* ** *******, *** ********** of **** *******. "******* *** ****** closely **** *****, ********* *** *** Global *** *** ********** **** ********* integration ******* ‘****** *** *******’ **********,"**** * **** ************ ******* ******* ***+ ****** ******* in *******, **.
******* *** **** * ******** ******* of ********. *** ******* *** ********** a **** *********** ******** **** *** borough ***** ****:
*******'* "******* ********" ********* *** **** ******** ** ***** and ******* (***):
*************'* **** ************* ******** * ****** ** ***** products, ********* ***** *******, "*****-****** *******" and * ***** ****/*** ******:
No ******* ***** ******** ******
*** *,***+ ***** ** ********* **** received *** *** ******* ******* ***** the ******** ***** ****** ****** ***** used.
*** ******* *** *** ******* ***** analytics ** ** * **** ** the ********, *** * ********* *** the *** ******** ********* ** ****** recognition **** ** ********:
***** *** ******* ****** ********* ****** recognition *** ***** ***** ********* ******* has **** ********.
900+ ******* *******
************* *** ******* **** ** ******* to ***** ** **** *******, ********* ~240 ** *** ********** **** ******:
*** ***** *** *** ******* ******* throughout **********:
***** *** ********* *,***+ ******** ******* in ******** *** ********** ** ********* in *** ***** *****:
*******, *** ********' ****** **** ********* an ******* ** **********'* **** ****** and ******* ******* ** ****** *** scope ** **** *******, **** ** mention ** ******* ********'* ******* **** be ********:
Wandsworth ******* ******* ********
** ******* ******* ********** ********** **** identified ** ********* **** ******* **** needed ** ** ********. ** ** the ** ******* ******* *** ********** as"*********" *******, ***** ***** *** ******* *** elderly ***/** ******** *** *** ********* owned *** ********** ** *** ***** council.
***** *** ******* ******** * **** of *** ******* ******* **** ****** camera ********, *** ****** ***** **** the "***** **** **** ** ********* on *** ****** ***** **********":
Cybersecurity ***** ******
***** ***** ******** ******* * ************* risk *** *** ******** *** *** the ********* *** ******* *** ******** to *******. ***** *** * ***** record ** **** ************* *********, ********** ******** ** *****'* ******** **** resulted ** **** ***** ** ****. **** ********, ** ********* ****, Dahua******** * *** ***** ******************* ***** ***** *** ******* ***** access ** ***** *******. *******, *** project ***** ** *** *****'* ***, Dahua ***, * ***-*** ****** **** opens ** *** ****** ** ****-*** security ******.
******, ** *** **, ******** *** already ***** ****** ********* ****** ********* ***, *** ********* *********** *** *** **** *** ** November ****. *** **** ** *** *** is ********* ** ******* *** ** from ******** ******** ***** ***** ** various ***** *********, ********* *****.
******** ** *** ** ** **** action *** **** *****, *** **' Secure ********* *** ** * ****** of **** ******* ********* **** ***** be *********** ** ***** ******* ********* in *** ******.
Ethical ***** ******* ** ********** ********
******* ***** ******** **** ***** *** been ******** ******** ** ************ ***** rights ****** ******* ******* ** ********, the ** ************* ******** ** ********** ********* * ban ******* *** *******. *****, ***** *****'* ********* ******** involvement *** **** ** *** ********** human ****** ****** *****, *** ****** of ******* ******** ** ************ *******.
*****, ***** **** *********, *** ******** won************ ******** ***** **** $* ********* ********, *** *** *************** "****-**** ****** ********" ** *** police. ************, ***** ********** ********** ***** ** ****** ****** *** ********* ** *** US "****** ****" ************ *******, "***** entities **** **** ********** ** ***** rights ********** *** ****** ** *** implementation ** *****'* ******** ** **********."
******, *** ** ******* ******* ******************** * **** ****** *** ** July ****,*** *** ** **** **** *********** ** *******, *********, ************, *** technical ******** ***** *** ******** ** *** Hikhua ********. ** ****** ***** *********** to ******** ** *** **.
Videcom ********
**** ****, ******** ******** ** *******, ********* to ****'* ********* ** *** *************/******* risks ** ********** *****, ****** **** the ** ********** *** ******** ** ban ***** *********:
Richmond *** ********** ******** *******
**** ***** ***** *** ***** ********, a ********* *** *** ******** *** Wandsworth ******** **** **** **** "** least **** ** ******’* ********" *** UK ********** **** ***** *** **** technology:
** *********** ***** *********** ** **** the ****** *** ******** ** *** residents *** ********** ********* ********* ***** is *** ** **** ********* ******** of **** ******* – ********* *** residents **** ** ***** *** ***** they ***** ******. *** ********** ** are ***** ** **** **** ** at ***** **** ** ******’* ******** as **** ** ***** *** ****** across *** ** *** **** ** some ********** ********** ********* *** **** Office.