12 Mar 2018

While US market is being sensitive about cybersecurity through their popular camera products, European countries and the UK are preparing for the new privacy regulation to apply in two months’ time. But how would these challenges affect the global security market? What are the main problems in it for the manufacturers? What should investors in security industry look at right now?

We’ve all recently heard about acquisitions of market-leading companies by technological ‘monsters’ which have little experience in video security industry. Most of the market players would have thought: why don’t they give up when their businesses have just become ‘money-making machines’?

One obvious potential may be that they were not prepared for the changes that are only a few months away. They have ‘milked their cow’ for as long as they could, and now it’s time to slaughter the cow and sell the meat. For instance, very few market players prepared for the upcoming General Data Protection Regulation (GDPR), that are being applied to their key markets.

Manual GDPR functions will be still cheap, but you won’t be able to control massive amounts of data with them - though automated GDPR features may become very costly

Improved quality for CCTV owners

Development that could fix the ‘GDPR issue’ for a manufacturer may take 2-3 years and will require millions invested. As an alternative, they would have OEMed (Original Equipment Manufacturer) the required technology from competitive manufacturers. They probably made the decision to escape a few years back or just admitted the changes too late, and thus had to leave.

Meanwhile, GDPR looks like a logical step towards better human rights and privacy guarantees in Europe. Presumably, everybody wants to have a right to be forgotten or at least hidden in someone else’s footage. We never know how CCTV owners may use this information and how it would affect us.

No paranoia, it just doesn’t feel very comfortable if you are watched and stored, not knowing when and where. Life quality would improve much if people could have at least some control over it. Logically, considering this, GDPR is a clever and well-thought-out improvement. However, don’t forget that government will still have access to full storage.

Encrypted personal data

Having all personal data encrypted may let us get rid of some undesirable advertising and spam. The remarkable fact is that GDPR doesn’t mention any encryption standard to be used. This looks strange in view of the reliability of the applied regulation, though potentially leaves a ‘backdoor’ for local EU governments, so they may decide which encryption algorithm works best for them. Hopefully, they won’t ask for too many different ones, as it could be difficult to implement in every system that requires it.

 

Development that could fix the ‘GDPR issue’ for a manufacturer may take 2-3 years and will require millions invested


How about low-cost products, you may ask? Will the prices grow as GDPR starts? Most probably manual GDPR functions will be still cheap or free, but you won’t be able to control massive amounts of data with them - though automated GDPR features may become very costly as they require complex video analysis and even deep learning. It means that only those products which have effective analytics and neural engines will be desirable for the customers. Hence, smaller manufacturers would have a chance to OEM some of these technologies to stay in the EU market.

However, all of this will increase the prices in May’18. None of the manufacturers would give away analytic features. Prepare to pay for them if you have more than a hundred cameras. The more cameras you have the more features you need pay for, so overall security system cost may grow in geometrical progression.

Restricted footage access policies

But does privacy conflict with security? What if someone asks to be forgotten and then commits a crime? Here, another challenge comes in. Footage has to be available for police access only. So, you can just remove the part of your video archive in which privacy is requested by a citizen. You need to hide it from VMS/NVR users, but must be able to show in case the police ask for it.

Let’s imagine that instantly all manufacturers have managed to sort out the GDPR problem. Though doesn’t it look ridiculous to be able to hide faces in footage in Europe while US experts report, and others confirm massive backdoor issues with market-leading camera brands? Or is it just another infowar against successful market players? Unfortunately, yes, the backdoors exist and can be self-proven by following instructions that are publicly available online.

The problem is not being spied on; the problem is low cost. Safe products cost more. The choice is ours

Classification of security products

Conspiracy supporters claim that ‘The Product for them is our personal data!’ and ‘it’s all done only to collect data for their machine learning and learning our behavior’. Let’s be logical, would we expect low-cost products to be secure enough? Obviously, the problem is not being spied on; the problem is low cost. Safe products cost more. The choice is ours.

There must be some international – presumably approved by UN – certification for security products in critical and public infrastructure. Otherwise, each country should certify security products in order to avoid privacy or safety issues for their citizens. At the same time, all end users of critical and public security systems should be trained on how to use security products. Classification of security products for ‘hackability’ would be also great to have so we would know what we are paying and how much.