Security camera makers urged to beef up privacy after school streaming incident
Canada's privacy commissioner wrote security camera companies in 2015 about strenghthening security
Canada's privacy commissioner will once again press companies that make security cameras to strengthen privacy on their devices so users don't unwittingly stream personal images on the internet.
"We are actually going to be sending letters and reaching out the manufacturers in the very near future," said Jennifer Rees-Jones, a senior advisor at the Office of the Privacy Commissioner of Canada.
The office wants all manufacturers to make devices that require users to change the default password when they plug the surveillance camera in. It also said the boxes the cameras come in should have strongly worded warnings about the privacy risks if the device is not secure.
Rees-Jones said the action was inspired by a CBC News story last week about Rankin School of the Narrows in Iona, Cape Breton, where a surveillance camera was streaming images of students outside a bathroom live to the internet.
Rees-Jones said the privacy commissioner sent similar letters in early 2015, but the threat to Canadians' privacy is still acute, since the IP addresses of the cameras can point to the province or even the community where the cameras are located.
"The combination of live feeds in individuals' homes, without them being aware that this is available online, and then add to that the geographical location as well, it's an incredibly serious and concerning issue," she said.
CBC News followed Canadian links on the Russian-registered website insecam.org to find insecure webcams broadcasting inside several Canadian homes.
People unknowingly broadcast
Reporters were able to see a senior citizen in B.C. watching TV in her housecoat, and a family in Alberta eating breakfast in their pyjamas.
A security expert told CBC News there are between 100 million and 200 million digital security cameras in Canada with varying levels of security.
"Some of them have very strong security. Some have no security at all. Some have very weak and hackable security settings," said Robert Currie, director of the Law and Technology Institute at the Schulich School of Law at Dalhousie University.
Manufacturers need to do more
Currie thinks manufacturers could do a better job by programming better security in the cameras, and by putting warnings on camera packaging to encourage consumers to create proper passwords.
He thinks renewed action by the privacy commissioner will work.
"The suasion power of the Privacy Commissioner of Canada has increased a great deal in recent years," he said.
Currie said manufacturers "don't want the government passing laws to fix this problem if they can fix it internally in the industry."
Don't leave on factory default
Tom Redford of Wilson's Security in Dartmouth said since CBC News broke the story of the public camera in the Rankin School of the Narrows, he's had clients calling about the security of their own systems.
But he said Wilson's has never had a camera breach because it secures the cameras before they are installed in clients' homes.
He said if someone buys and installs their own wireless security cameras, they need to be vigilant.
"If it's just left at factory default, you're leaving yourself susceptible to being hacked," he said.
'Isolated incident' in Cape Breton school board
Nova Scotia's privacy commissioner and the Cape Breton-Victoria Regional School Board have launched investigations into how the security camera was left open to the internet.
School officials have not revealed the results of their inquiry, but are calling it an "isolated incident."
Redford suspects a lack of passwords may be to blame.
"The first thing I thought was that somebody installed a camera and probably didn't set up proper security protocols in respect to logins and passwords on the camera," he said.