Turning Our Home into a Castle: Cameras - Part Two
Turning Our Home into a Castle: Cameras - Part One discussed the different types of cameras and their effectiveness in the real world. We’re now going to talk about keeping and storing that data, and ways to keep your privacy safe in the big world of IOT (Internet of Things).
There are three basic ways to store the footage that your security camera records – locally, cloud-based, and hybrid. Let’s talk about these three methods:
1. Storing your camera footage locally is exactly what it sounds like. You have a device, with some sort of media that stores the footage on-site. This means unless you’re backing it up, the only copy of that data rests in that device. Old school methods of this are basically a VCR that required you to change tapes every day as they filled up. Today, we’re using a different kind of magnetic media, the hard disk and the digital video recorder. These HDD (hard disk drives) consist of a spinning disk of usually large capacity, that are always on and spinning. HDDs have come a long way over the years, and it’s now possible to get a hold of large disks in the multi-terabyte range, allowing you to store a huge amount of data – remember, the bigger the HDD, the more footage you can store.
Since disk size dictates how much footage you can store, I try and have a general rule of thumb that bigger is better. The bigger the HDD, the longer your retention period.
There are several issues with storing your information locally. First and foremost, it is vulnerable to theft or destruction in a burglary or home invasion situation. If you lose the footage of the burglar, the cameras don’t do you much good. Given the reality that most home users really don’t have a way to back this data up locally and store it offsite, this is a real problem that requires consideration. Secondly, like all things, spinning HDDs fail – most today have a mean time between failure measured in years, but you never know how that disk was handled before it arrived at your home, or whether you end up with the Monday/Friday disk, assembled by workers who were either hung over, or looking forward to being hung over. Be sure to check your camera system on a basis that you’re comfortable with to make sure that it’s recording.
2. Cloud-based storage is sending your data across the internet to a cloud provider’s location. This requires an internet connection, and will not work without one. Let’s talk about the cloud for a second, because a lot of people get confused when we talk about cloud-based storage.
When you push things to the cloud, you’re using your internet connection to send your data to another provider to be stored. This provider will most likely be run and supported by the manufacturer of the device you purchased. This stores your data offsite in the event of some sort of disaster (theft, destruction, natural disaster, etc.), and in general, is a good thing. Keep in mind, however, that the cloud provider is generally just a front end, and the actual storage is sourced from a 3rd party – Amazon or Microsoft for example. This is because the back end infrastructure associated with storing this data can be very expensive and time intensive to install and maintain. This adds an additional link between you and your data, and odds are good you’ll never know exactly where your data is living, and what the other two parties can DO with your data.
The popular Ring doorbell for instance, was recently called out for sharing your personal data (age, sex, etc.) with 3rd parties like Facebook and google. The method they used was the app included with the doorbell – it gathers your PII (personally identifiable information) like IP addresses, network carriers, etc. to paint a picture of where you are and what you do – it then packages that data for sale to marketing and analytics companies for using in things such as targeted advertising. Ring is not the only app out there to do that, but it’s important to remember.
Ring also shares its camera footage (with the user’s consent) to over 600 police departments in the country, who can view that footage and keep it forever, even if there’s no indication of a crime. This means that once they have your footage, they can keep it and view it forever – that embarrassing video of you slipping on the ice is now police record. Now does that mean they’re going to request it without cause? No, probably not – but without knowing how the data is stored, it’s possible they could receive hours or days of footage, even when requesting a set point in time.
Finally, remember this – if it’s on the internet, it can be taken control of by a 3rd party. We really don’t have any way of seeing into the code of the device you’ve chosen, so we have no idea how secure it really is – which means an enterprising bad actor can find a vulnerability, and exploit it to some degree. With the Nest camera system, for instance, it was discovered that it was possible for a 3rd party take over the cameras (and microphones, in one instance), and control them remotely. This is obviously NOT what you want, so keeping your network secure becomes even more of a priority with a cloud-based system.
3. Hybrid system – There are a couple of different ways a system can be a hybrid – being able to work with multiple camera connectivity types, for instance. In this instance, I’m talking about a camera system that has multiple storage types – not just a spinning disk or the cloud. An inexpensive method of achieving this would be to purchase a system that has both the hardware and software to transfer your footage to another storage device – like a USB drive. This would enable you to either perform a manual or scheduled backup of your data, and store it someplace safe. Another method would be to track down a system that has local storage, with a cloud backup option that allows you to continuously replicate your footage offsite. Again, be aware that when choosing a solution like that, that you’re now potentially exposing yourself to attacks from the outside.
So what type of camera system should you choose? Personally, I prefer to have as little connected to the internet as possible when it comes to camera systems – we all know that our Alexa’s and Smart TV’s are listening to every word we say, so why add something else to the mix? It also prevents your data or device from being hijacked by an outside party. I have an older, local system that I’m planning to upgrade to a system with backup capabilities – I’ll then store the backup someplace safe. Is this perfect? No, not really, because I’ll have to refresh that backup on a regular basis, and ensure that it’s replaced in its safe space. It does, however, ensure that only I have access to this data, and won’t be exposing my PII to yet another outside source.
Hopefully this helps navigate the world of security cameras a little bit for you – unfortunately, it can be complex, particularly with the use of IT buzz words that in many cases are completely incomprehensible – as with all things, remember the most important thing is to keep safe – keep your personal information safe, keep your home safe, and keep your data safe.
-Kirk