By Mark Rasch You are browsing the Web when a pop-up ad appears advertising a COLOR video
camera. IT'S FUN screams the ad -- for less than $200 you can set up a
network of cameras throughout the house, the office, or other places, which
will transmit video images from a wireless, self powered miniature camera
either to a central receiver, or even through that receiver to the Internet.
Video surveillance itself raises a series of questions: what is the
appropriate role of surveillance; should parents be spying on children or
nannies; should employers be spying on employees; are there any reasonable
expectations of privacy invaded by the use of these tiny cameras? However,
when wireless technologies are added to the mix, a new legal, moral and
ethical question is raised: what happens when the camera you've set up is
intercepted by an third party?
As the New York Times recently reported, if the camera is wireless, or
connected to a wireless network, its signal is vulnerable to being
intercepted. As a result, the subject (the person depicted in the camera)
has their privacy invaded not only by the operator of the camera, but also
by the person intercepting the video.
And it is likely completely legal. Loopholes in current law probably do not
prohibit an outsider from seeing exactly what you can see, from watching
you, or more significantly, watching whatever you are watching. This is
true because the law has traditionally distinguished between the
interception of electronic "communications" -- email, and audio
surveillance -- and the capture of video.
THE CORDLESS PHONE PRECEDENT. Prior to 1968, most of the laws regarding electronic surveillance were at
the state level, and dealt with things like wiretapping (physical taps of
telephones), bugging (placing listening devices in private areas) and
consent surveillance (putting a wire on an informant.) In 1968, Congress
passed the first comprehensive federal law regulating electronic
surveillance -- Title III of the Omnibus Crime Control and Safe Streets Act,
which made it presumptively illegal to "intercept" communications."
Unfortunately, the law regulated only "the aural acquisition" of
communications, and did not, by its terms, regulate the acquisition of video
images. The problem was complicated further by the fact that the law
excluded from its coverage the acquisition of "radio" transmissions. In the
early 1980s, with the advent of cordless and cellular telephones, law
enforcement agencies and others took advantage of the latter loophole, and
"intercepted" cordless phone calls, analog cell calls, and even
conversations overheard on baby monitors or other "radio" transmitters.
Courts allowed such surveillance, either because of the radio exclusion in
the law, or under the theory that nobody could have a "reasonable
expectations of privacy" in such "broadcast" technologies.
In response to public pressure, Congress eventually amended Title III to
include in the definition of "interception" the capture of such audio
transmission. Congress also amended the law to specifically include in its
coverage "electronic communications" -- like the content of Internet
browsing and electronic mail.
Nevertheless, Title III by its terms regulates only the interception of
wire, oral and electronic communications. The video portion of surveillance
is not covered by the federal wiretap law (the audio portion, if any, is
It is precisely this loophole that permits companies and police agencies to
videotape in the first place; otherwise they would have to obtain consent to
conduct video surveillance (general Fourth Amendment principles apply to
such surveillance if conducted by or with the participation of government
agencies in an area where the subject has a "reasonable expectation of
privacy.") We see the results today. It is estimated that, from the moment
you wake up, to the moment you go to sleep, your image may be captured by as
many as seven video cameras -- or more, depending on where you work.
INVASION OF PRIVACY. "Security" cameras are located in malls, stores, offices, airports, train
stations, parking lots, and increasingly at intersections and street
corners. Webcams capture bathers on South Beach Miami and tourists at the
Empire State Building. Governments and law enforcement agencies monitor
automotive traffic by remote video, and individuals set up cameras in their
homes to act as motion sensors, or to engage in surveillance of cheating
spouses, belligerent children, or domestic employees.
The same gap in the law that permits all of this, would permit a person to
intercept a wireless transmission of the video portion of surveillance.
That's not say there's no legal risk for the interceptor; such activity
could give rise to a cause of action for "invasion of privacy." A court
considering such a privacy suit would have to determine whether the target
of the surveillance had a subjective expectation of privacy in the place
they were recorded, and whether that expectation is reasonable. Where an
employer is using a camera to record employee's activities, it may be
difficult to establish either or both of these prongs.
More difficult is the family that places a camera in the house to record the
activities of a nanny, and find their own activities surreptitiously
broadcast over the Internet -- hoist by their own petard! Of course, while
they expected some intrusion into their privacy, they never expected that
the 900 Mhz camera would permit others to peer inside their home. Applying
the original cordless phone analogy, the ignorance defense would likely be
Congress and state legislatures should take up the challenge and extend the
scope of Title III to cover the "interception" of video broadcasts. This
would permit camera use to continue, but outlaw things like someone trying
to tap into the video portion of, for example, the McVeigh execution, and
protect owners of wireless webcams from police and hacker interference, with
little cost to society. It's a small step for privacy, but a necessary one.
Now if we could only do something about those pesky red light cameras. SecurityFocus Online columnist Mark D. Rasch, J.D., is an independent
computer security and privacy consultant in Bethesda, Maryland, and a former
attorney with the U.S. Department of Justice Computer Crime Unit.