The privacy commissioners of Australia, Canada, the United Kingdom and Macao, China have all sent an email to Insecam – the operator of a website that broadcasts footage from private webcams – asking it to take down its website.
Insecam has been showing footage from security cameras used by businesses and in people's homes, including CCTV networks that secure buildings and cameras built into baby monitors. Default passwords and logins on webcams mean the cameras can easily be hacked by outsiders.
The email is signed by Australian Privacy Commissioner Timothy Pilgrim, Canadian Privacy Commissioner Daniel Therrien, UK Information Commissioner’s Office Deputy Commissioner David Smith, Macao Office for Personal Data Protection co-ordinator Chan Hoi Fan, Commission d’accès à l’information du Québec President Me Jean Chartier, Alberta Information and Privacy Commissioner Jill Clayton and British Columbia Information and Privacy Commissioner Elizabeth Denham.
“We have strong concerns about your website and its aggregation of live video footage from Internet connected cameras operating with the manufacturer’s default username and password. Such cameras can be found in household, public and commercial spaces, including places of employment around the world,” states the email.
“Your website states that it carries out this practice with the intention of demonstrating the importance of security settings for surveillance cameras. We recognise in principle the importance of bringing to light potential security issues; however this should be done in a way that is not harmful to individuals.”
Because Insecam is actively disclosing personal information without the knowledge of the individuals, the commissioners said this poses a “serious threat” to individuals’ privacy around the world.
“This threat is further heightened by the inclusion of precise geographical location information,” read the email.
“As such, we are calling on you to take immediate action to take down this website. We furthermore request that you refrain from re-establishing the website under its current domain name or any other domain name in the future if it continues to show any kind of camera footage featuring individuals where those individuals are not aware of the disclosure taking place.”
If Insecam fails to take down the website by November 26, the commissioners warned that this will result in the consideration of “additional enforcement action”.
On November 21, the United States Federal Trade Commission warned users to ensure video feeds are encrypted and that wireless routers are protected by passwords.
"Once you've bought your IP camera, check its security settings and keep its software up-to-date," wrote Nicole Vincent Fleming, a consumer education specialist with the FTC, in a blog post.
Follow Hamish Barwick on Twitter: @HamishBarwick
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.