Technology

Closing the Spycam Sniffer Loophole


By Mark Rasch You are browsing the Web when a pop-up ad appears advertising a COLOR video

camera. IT'S FUN screams the ad -- for less than $200 you can set up a

network of cameras throughout the house, the office, or other places, which

will transmit video images from a wireless, self powered miniature camera

either to a central receiver, or even through that receiver to the Internet.

Video surveillance itself raises a series of questions: what is the

appropriate role of surveillance; should parents be spying on children or

nannies; should employers be spying on employees; are there any reasonable

expectations of privacy invaded by the use of these tiny cameras? However,

when wireless technologies are added to the mix, a new legal, moral and

ethical question is raised: what happens when the camera you've set up is

intercepted by an third party?

As the New York Times recently reported, if the camera is wireless, or

connected to a wireless network, its signal is vulnerable to being

intercepted. As a result, the subject (the person depicted in the camera)

has their privacy invaded not only by the operator of the camera, but also

by the person intercepting the video.

And it is likely completely legal. Loopholes in current law probably do not

prohibit an outsider from seeing exactly what you can see, from watching

you, or more significantly, watching whatever you are watching. This is

true because the law has traditionally distinguished between the

interception of electronic "communications" -- email, and audio

surveillance -- and the capture of video.

THE CORDLESS PHONE PRECEDENT. Prior to 1968, most of the laws regarding electronic surveillance were at

the state level, and dealt with things like wiretapping (physical taps of

telephones), bugging (placing listening devices in private areas) and

consent surveillance (putting a wire on an informant.) In 1968, Congress

passed the first comprehensive federal law regulating electronic

surveillance -- Title III of the Omnibus Crime Control and Safe Streets Act,

which made it presumptively illegal to "intercept" communications."

Unfortunately, the law regulated only "the aural acquisition" of

communications, and did not, by its terms, regulate the acquisition of video

images. The problem was complicated further by the fact that the law

excluded from its coverage the acquisition of "radio" transmissions. In the

early 1980s, with the advent of cordless and cellular telephones, law

enforcement agencies and others took advantage of the latter loophole, and

"intercepted" cordless phone calls, analog cell calls, and even

conversations overheard on baby monitors or other "radio" transmitters.

Courts allowed such surveillance, either because of the radio exclusion in

the law, or under the theory that nobody could have a "reasonable

expectations of privacy" in such "broadcast" technologies.

In response to public pressure, Congress eventually amended Title III to

include in the definition of "interception" the capture of such audio

transmission. Congress also amended the law to specifically include in its

coverage "electronic communications" -- like the content of Internet

browsing and electronic mail.

Nevertheless, Title III by its terms regulates only the interception of

wire, oral and electronic communications. The video portion of surveillance

is not covered by the federal wiretap law (the audio portion, if any, is

covered).

It is precisely this loophole that permits companies and police agencies to

videotape in the first place; otherwise they would have to obtain consent to

conduct video surveillance (general Fourth Amendment principles apply to

such surveillance if conducted by or with the participation of government

agencies in an area where the subject has a "reasonable expectation of

privacy.") We see the results today. It is estimated that, from the moment

you wake up, to the moment you go to sleep, your image may be captured by as

many as seven video cameras -- or more, depending on where you work.

INVASION OF PRIVACY. "Security" cameras are located in malls, stores, offices, airports, train

stations, parking lots, and increasingly at intersections and street

corners. Webcams capture bathers on South Beach Miami and tourists at the

Empire State Building. Governments and law enforcement agencies monitor

automotive traffic by remote video, and individuals set up cameras in their

homes to act as motion sensors, or to engage in surveillance of cheating

spouses, belligerent children, or domestic employees.

The same gap in the law that permits all of this, would permit a person to

intercept a wireless transmission of the video portion of surveillance.

That's not say there's no legal risk for the interceptor; such activity

could give rise to a cause of action for "invasion of privacy." A court

considering such a privacy suit would have to determine whether the target

of the surveillance had a subjective expectation of privacy in the place

they were recorded, and whether that expectation is reasonable. Where an

employer is using a camera to record employee's activities, it may be

difficult to establish either or both of these prongs.

More difficult is the family that places a camera in the house to record the

activities of a nanny, and find their own activities surreptitiously

broadcast over the Internet -- hoist by their own petard! Of course, while

they expected some intrusion into their privacy, they never expected that

the 900 Mhz camera would permit others to peer inside their home. Applying

the original cordless phone analogy, the ignorance defense would likely be

unavailing.

Congress and state legislatures should take up the challenge and extend the

scope of Title III to cover the "interception" of video broadcasts. This

would permit camera use to continue, but outlaw things like someone trying

to tap into the video portion of, for example, the McVeigh execution, and

protect owners of wireless webcams from police and hacker interference, with

little cost to society. It's a small step for privacy, but a necessary one.

Now if we could only do something about those pesky red light cameras. SecurityFocus Online columnist Mark D. Rasch, J.D., is an independent

computer security and privacy consultant in Bethesda, Maryland, and a former

attorney with the U.S. Department of Justice Computer Crime Unit.


American Apparel's Future
LIMITED-TIME OFFER SUBSCRIBE NOW

(enter your email)
(enter up to 5 email addresses, separated by commas)

Max 250 characters

Sponsored Links

Buy a link now!

 
blog comments powered by Disqus