4+ Years in Prison for Home Security Worker Who Accessed Security Cameras to Spy on Women

A security camera installation worker for ADT was sentenced Wednesday to a little more than four years in federal prison for illegally accessing the security cameras of more than 200 North Texas customers, reports the Dallas Morning News: Telesforo Aviles, age 35, faced a maximum of five years in prison for computer fraud under the terms of his plea agreement, in which he admitted to accessing customer accounts over 9,600 times since 2015.

He was cuffed and taken into custody to begin serving his sentence after the hearing.

The quiet and introverted technician, a senior supervisor with 17 years at ADT, was caught last year after the company was alerted by a customer to suspicious activity, said his lawyer, Tom Pappas. Aviles, who is married with five children, turned himself in when he was asked to, Pappas said. "He's mortified by what he did," Pappas said. "He sees what he did as a betrayal of himself, too." Of the nearly 10,000 images Aviles accessed, about 40 were "sexual in nature" and none involved children, Pappas said.

An ADT spokesman said the company had no comment.

Assistant U.S. Attorney Sid Mody had asked Starr to give Aviles the maximum sentence, saying that while 217 accounts were accessed, the total number of victims is much higher given that each household had multiple family members. That violation, he said, destroyed "in the worst way" their sense of feeling safe and secure at home... Starr said he considered Aviles' cooperation with authorities and lack of a criminal history as well as the fact that the conduct involved a "lengthy period of time." Aviles noted the homes that had "attractive women" and repeatedly logged into their accounts to view the footage, prosecutors said...

ADT has since been hit with class-action lawsuits from customers over the breach.
The article also notes the story of one woman who filed a federal lawsuit last month against ADT. She'd told the court Aviles persuaded her to install cameras in her bedrooms after she'd specifically questioned whether it was truly necessary. "Aviles told her that it was necessary because a burglar could enter the house through the bedroom windows, and the cameras would monitor that," her lawsuit says. "Of course, Aviles' placement of the cameras had nothing to do with potential burglars."

In a statement filed with the court, one female homeowner reportedly wrote that "This deliberate and calculated invasion of privacy is arguably more harmful than if I had installed no security system and my house had been burglarized."

didn't ...

[PinkyGigglebrain]

... and none involved children,...

but could have.

I can't help but wonder how many other ADT employees might be betraying their customer's trust and using those cameras for less than noble purposes.

And that also goes for any security service where you put cameras in your home that someone else can monitor "for your safety".

Main thing to remember is this, the people you are relying on to watch over you, be they techs at a security firm or the Police, they are still Humans, and that means they are as imperfect and prone to temptation/corruption as anyone else. So be careful who you trust without good cause.

Re:

[evanh]

Boy, is that an understatement! The company is being paid to spy on their customers. That's the explicit job requirement here. Every activity in view of the cameras is for consumption. I wonder if there is mics too?

Re:

[Joce640k]

Yep. What about all those google/amazon/apple devices that are listening to children? Isn't anybody going to do protect us from those?

Re:

[markdavis]

>"Yep. What about all those google/amazon/apple devices that are listening to children? Isn't anybody going to do protect us from those?"

I am sure there is fine print somewhere to cover that, in the agreement. As if some agreement will be honored or is security. The problem is that these devices are designed to be accessed remotely and by third-parties. So the design has abuse BUILT-IN to them. This is exactly why some people still don't have a security system, even though they want one- the market i

Insert SD card to Raspberry Pi, boot, done

[raymorris]

> Trying to put something together that is either non-connected or only by the owner is very difficult and much, much more expensive

It doesn't need to be difficult or expensive. Definitely not expensive to get generic cameras that don't involve a subscription to any service.

There are a number of good open source management systems, some very easy and some extremely powerful.
https://kerberos.io/ [kerberos.io] is easy, Zoneminder is very powerful.
There are several options that are just "download and run" on either Raspb

Re:

[b0s0z0ku]

The camera can also live "behind" the Zoneminder box (via a second LAN port on the box and a switch) and never have access to the Internet at all. They'll just talk to the Zoneminder box, which will handle any external access requests.

Re:

[markdavis]

>"It doesn't need to be difficult or expensive. Definitely not expensive to get generic cameras that don't involve a subscription to any service."

That is true, but there is software in the cameras, too. And if they are on an unprotected/restricted network, they can do nefarious things. But your points are all valid- still, setting up such a system is well beyond the scope of the typical consumer, who doesn't even really know what a network is, much less a vlan. That is what I mean by "difficult and e

Re:

[b0s0z0ku]

You don't need a vlan -- vlans are isolated at the software layer. You really want/need a separate hardware LAN, basically a PoE switch plugged into a second port on the "DVR" device that doesn't talk to the Internet at large.

Re:

[JumboMessiah]

Agreed, don't need a vlan. Most cameras don't support vlan tagging anyway. Plus managed PoE switches may blow a budget. As someone who setup an 8 camera setup for a rural property recently, here's how I did it.

Get a signage computer like this [shuttle.com]. Find a model that has dual ethernet. They can be found on ebay for $150 USD or less. You don't need a lot of horse power here. I went with a CeleronU model with low power requirements (AND all devices can be accessed from a VPN since they share the same default gatewa

Re:

[JumboMessiah]

Slashdot mutilated that post?

Agreed, don't need a vlan. Most cameras don't support vlan tagging anyway. Plus managed PoE switches may blow a budget. As someone who setup an 8 camera setup for a rural property recently, here's how I did it.

Get a signage computer like this [shuttle.com]. Find a model that has dual ethernet. They can be found on ebay for $150 USD or less. You don't need a lot of horse power here. I went with a CeleronU model with low power requirements (30W). One port goes to the dsl/cable mod

Re:

[b0s0z0ku]

Why split the subnet at all?

You can get the DVR to provide DHCP to the cameras on a port that's isolated from the Internet and only talks to the DVR. Make that port 192.168.66.x and connect an unmanaged PoE switch.

Put the other "public facing" port of the DVR on your "normal" subnet, say 10.0.1.x.

Re:

[JumboMessiah]

Correct, instead of splitting the subnet, you can cable the cameras direct to the NVR if a) you have one (the cameras will record to sd cards) b) you can reach them all via cable. Additionally you could just allocate another subnet on the same physical segment. The end results is the same. No VLANs required. Many ways to skin this cat. I went with the split at the firewall to simplify, no other reason.

My setup had an NVR for 24/7 recording, but I did not cable the cameras direct to the NVR. They were on sur

That's why I said the way one first :)

[raymorris]

> And if they are on an unprotected/restricted network, they can do nefarious things. But your points are all valid- still, setting up such a system is well beyond the scope of the typical consumer

Which is why I said the easy way to not bother with any of that and just do "the cameras connect to the DVR (RPi)".

There are lots of ways to "don't connect the cameras to the internet", including some pretty stinkin' easy ones.

Yeah the cameras and their connections aren't secure. Just like your speaker wires a

Re:

[aaarrrgggh]

Zone Minder is great for 2-4 cameras on old hardware, but beyond that you are really begging for more horsepower. I ended up with a Ubiquiti system (at the time it didn’t need any cloud nonsense, but does currently for the iDevice apps). They claim that you will be able to use it on an isolated network with VPN sometime but it has been 6 months with no real improvement there. But, it is a bit cheaper than what I could have done with cheap cameras and building a ZoneMinder system, and so much easier

Re:

[Ostracus]

Main thing to remember is this, the people you are relying on to watch over you, be they techs at a security firm or the Police, they are still Humans, and that means they are as imperfect and prone to temptation/corruption as anyone else.

Skynet didn't have this problem. A vote for Skynet as security monitor.

Re:

[AmiMoJo]

In the UK the police generally won't attend things like burglar alarms unless there is also CCTV and someone is monitoring it and can confirm to them that there is in fact a break-in. So if you want the police to turn up when your property is being burgled you need CCTV and a remote monitoring contract.

That's not such an issue for businesses but obviously for home users... Well, maybe they could have cameras on the outside of their house, but even then they probably expect some privacy in their garden (with

Victimless crime

[mi]

but could have [involved children]

Still a victimless crime, strictly speaking...

bedroom cameras for safety? only in TX

[lpq]

How many believe cameras in their bedroom would make them safer?

You've got to be kidding.

How can they be monitored in their bedroom such that someone entering via a bedroom window could be responded to quickly enough unless you had someone watching every minute while they were in their bedroom?

I can't imagine any way they could be safely monitored without someone constantly watching the camera output. How can you provide real-time
safety without real-time monitoring?

Drawing the line.

[Ostracus]

Cameras inside? No.
Cameras outside? Yes.

Re:

[Rockoon]

a downward facing toilet cam might grow a steady group of followers

Re:

[JaredOfEuropa]

We have cameras inside the house, so we can keep an eye on things when we're away. However they are disconnected from power when we are in. They each have a red LED to indicate that they are on, physically wired to the camera's power cable. Works well enough to give us privacy and peace of mind.

Re:

[markdavis]

>"We have cameras inside the house, so we can keep an eye on things when we're away. However they are disconnected from power when we are in. They each have a red LED to indicate that they are on, physically wired to the camera's power cable. Works well enough to give us privacy and peace of mind."

1) If you are sure that is how they are designed and implemented (and remain so- one update and "poof"). We discover all the time that devices that claim one thing turn out to be either just marketing fluff or

Re:Drawing the line.

[JaredOfEuropa]

1) The cameras don't come with the red LEDs, I added those, and soldered them directly onto the power cables. The cameras are not turned off by software either, therer's a physical switch to cut power to them.
2) The LEDs sit behind the cameras (not inside the housing), and they illuminate the wall on which they are mounted. It is instantly clear whether a camera is on or off.
As an extra security measure, they live on a separate VLAN, no outside access, the only thing they can access is the DVR that records the footage. (That should be standard operating procedure for any IoT device. Don't ever buy stuff that requires some cloud service)

Re:

[markdavis]

Well, it sounds like you did everything you reasonably could to mitigate the risk! Good job.

Re:

[Oligonicella]

Kudos. Regard my previous comment as a warning to others, not an admonition.

Re:

[thegarbz]

Don't ever buy stuff that requires some cloud service

I love the enthusiasm, but in the modern world you could have just stopped by saying "don't ever buy stuff". The cloud service exists because stuff itself is out of the reach technically for most individuals.

We the tech community are to blame for this. The world expects plug and play, and we broke the end-to-end concept of the internet by NATing the fucking world. End result consumers either have a choice of a phone home cloud service, or a heavily convoluted setup process relying entirely on experts or an

Re:

[b0s0z0ku]

It doesn't have to be based on trust. It can be by design. Many homes have a light switch connected to an outlet near the entrance door for something like a lamp. Connect the PoE switch feeding the cameras to that power feed, flip the switch on only when you leave the house.

Re:

[Oligonicella]

If there is no *physical* switch betwixt the system and the power, it's on, regardless of a friggin' LED.

Re:

[b0s0z0ku]

It seems like OP did use a physical switch, hence the light on the power cable. It would be trivial to cut off power to a PoE switch powering the cameras, so they get neither power nor a data link.

Re:

[larwe]

But (speaking as someone who used to be in product management in the security arena) there are absolutely scenarios where I want an indoor camera. I want to know when someone is coming to my liquor cabinet/gun locker/jewelry box/etc. I want to be able to look in on baby's room from my phone in bed. I want to see that the cleaners go in every room of the house to clean it while I'm out at work. One that is personally relevant to me: If I'm traveling, I want to see that my cat is coming to her food and water

I want to see where I put my wallet

[raymorris]

Half the reason I want to have cameras is so I can check the footage to see what the heck my dumb self did. Things like where did I put my wallet?

They would also be helpful for burglaries and other crimes. The most likely use would be me looking at what I did. :)

Re:

[b0s0z0ku]

You can have cameras that record to a local device, with the device only accessible to someone (you or family) that has the correct private key on their phone or computer.

Re:

[larwe]

This type of comment (and I'm not being snarky here, BTW) always comes up when tech people are discussing home security systems. In the security industry, we [used to, I've been out of it for a long time] categorize homeowners, one of the categories was "guns, baseball bats and fierce dogs" (won't be buying a home security system), another was "Techy self-monitored" - I'm highly technical, I can roll my own solution from COTS parts, and I don't need a UL-listed central station to monitor and respond. Having

Re:

[b0s0z0ku]

The insurance companies pushing privacy-robbing tech on homeowners (we'll let you not have it, but only at an exorbitant premium) is why lawyer jokes also apply to insurance company execs and actuaries.

What do you call 1000 actuaries chained together at the bottom of the ocean? A good start.

What looks good on an insurance company CEO? A rabid pit bull with a bad temper.

Re:

[larwe]

Yes, yes, I understand, the struggle against The Man is real. However, the significant discounts are for fire protection (smoke/rate-of-temp-rise detectors) and water leak protection, scarcely "privacy robbing tech". Burg discounts aren't significant unless you have some really specific expensive portable property with its own policy rider. Of all the things to get up in arms about, this doesn't rate high on the list for me. If I'm paying someone a premium to replace my goods if burned/flooded/stolen, it do

Re:

[raymorris]

> (though it would be a stinging pain in the butt if someone stole my fire-safe box with various papers in it)

This is why my fire safe is kept unlocked (but closed) with a note on top that says "paperwork only - this box contains nothing valuable and isn't locked".

Re:

[larwe]

Same, but I don't have the note on it. I am not sure that the local meth addicts would read it, TBH. I really need to get a safety deposit box... except that they aren't safe either: https://nypost.com/2021/06/12/fbi-aims-to-keep-valuables-86m-cash-found-in-safe-deposit-store-raid/ [nypost.com]

5 years seems excessive

[iamhassi]

What he did was horrible, but 5 years for watching someone on camera seems excessive. No one was physically hurt, no money was stolen, he’s essentially a peeping tom.

Re:

[ShanghaiBill]

5 years for watching someone on camera seems excessive.

Nitpick: It was four years.

He'll go to a minimum-security facility, and if he behaves, he'll serve less than half the sentence.

It's federal - he'll serve 3 1/2 to 4

[raymorris]

In some states people may serve half their sentence.
This guy got federal charges. Inmates in federal prison can get up to 54 days per year reduction for good behavior.

The average federal convict who is eligible serves 87% of their sentence.

I agree with GP - four years in federal prison is hefty punishment. Four years of not being there while his kids grow up.

I'm in no way excusing what he did. Obviously it was wrong and he should do some time.

Re:

[Oligonicella]

four years in federal prison is hefty punishment.

Not for 5,600 crimes against 200 people.

Re:

[ShanghaiBill]

Not for 5,600 crimes against 200 people.

Number of those people who suffered actual harm: 0.

Re:

[aberglas]

Indeed. Tough on crime nonsense.

Re:

[ShanghaiBill]

Obviously it was wrong and he should do some time.

But is prison the best option for a non-violent offender?

Why not put an ankle tracker on him and sentence him to 8,000 hours of cleaning bedpans in nursing homes?

Re:

[Ostracus]

Every surveillance state is composed of peeping tom's and jane's. No one is physically hurt, and money isn't stolen. Some of you may even get turned on being part of the voyeuristic experience.

Re:

[Anonymous Coward]

If you're going to write " peeping tom's and jane's", then why isn't your user name Ostracu's?

Look's wonky, huh? You don't pluralize with an apo'strophe.

Re:

[rogersc]

Yes, this poor guy is just the scapegoat. ADT should have had some safeguards in place, and customers should have been given more awareness of how the system worked.

Re:5 years seems excessive

[The Evil Atheist]

He's the scapegoat for his own actions?

Re:

[hey!]

Responsibility doesn't divide that way. ADT being lax in supervising its employees is not a license for those employees to do whatever they can get away with. In this case the employee does the time, the company pays the settlements. Seems reasonable to me.

Re:5 years seems excessive

[kmoser]

He wasn't charged with being a perv. He was charged with computer fraud, which in America is way worse than being a perv.

Re:

[sound+vision]

Not really. End up on the sex offender list and you won't be able to get a job at most fast food places, won't be allowed housing outside outside of the ghetto, or to drive through a school zone.

Being a fraudster might only bar you from some higher-end jobs. (Or, if you do it right, could land you in an executive suite or the oval office.)

Re:

[Anonymous Coward]

He was charged with computer fraud, which in America is way worse than being a perv.

The problem is, any crime committed with any kind of aid of a computer is enough to qualify as computer fraud. Similarly, use a phone and it's wire fraud. These charges are very frequently abused to give much harsher sentences. No wonder the US has the highest percentage of incarceration in the world.

Re:5 years seems excessive

[PinkyGigglebrain]

You might not be saying that if you found that he had been jacking off to pictures of your wife or underage daughter, or that those pictures had ended up on some porn site. Or someone else ends up posting pictures of you looking at your "Lolita Teens gone wild" magazines to Facebook.

What he did was more than just a betrayal of trust, it was an invasion of privacy for worse that coming home from work and finding your home had been robbed. The feeling of having your private life invaded is truly horrible, you stop feeling safe within your own home, If you've ever had your home robbed and don't feel like that you are more that a little outside of the emotional norms for such cases.

You may feel the punishment was excessive but as someone whom has had their home robbed I feel that he was let off with a very lenient sentence.

Re:

[Joce640k]

The feeling of having your private life invaded is truly horrible, you stop feeling safe within your own home, If you've ever had your home robbed and don't feel like that you are more that a little outside of the emotional norms for such cases.

Not the same thing at all. Being "burgled" (correct term) is completely out of your control. Installing cameras isn't.

Re:

[markdavis]

>"Not the same thing at all. Being "burgled"

Indeed. Why people confuse these entirely different crimes is a mystery to me.

Burglary is a just property crime. Sure, it is bad, and your privacy and sanctity is violated, and you lose valuables, but you never encounter the offender.

Robbery is a far, far more serious crime- it is a violent crime against a person. You will ENCOUNTER the offender, who uses fear/threat/violence against you. That is much more life-changing.

Re:

[stabiesoft]

I've had my house broken into 3 times in my lifetime. The latest time I actually came home as it was in progress. I can say without reservation I'd prefer to have a camera watched. Not that I'd have one, but the feeling of having someone in your house is very unsettling. In the first case, my roommate slept with a baseball bat under his bed for months after the burglary, and that was with no one in the house when it was broken into. Worse, I found this article on slate https://slate.com/news-and-pol... [slate.com] wher

Re:

[b0s0z0ku]

Sure, but he was watching when homes were NOT being broken into.

The ideal system would be something that physically disables the cameras until a breakin event (glass shattering, noise, door being opened without code) is detected. Only then would footage be available to anyone outside the home.

Re:

[stabiesoft]

I'd say the best is to just not feed video out, but that is me. My point was, the person did not put video out, so really you have one person who has images in their mind only, getting 5 years in prison. Crazy to me. People post video as bad as what this guy was watching and nothing happens. Again if it was me, I'd rather have one person seen me naked doing whatever than a posting with millions able to.

Re:

[Beryllium Sphere(tm)]

Even people who agree with the sentence might have reservations about the lifetime of wreckage that follows a conviction. Occupational licenses may be unavailable after a felony conviction, and job hunting is at a severe handicap. Even finding a place to live can be hard.

He's wrecked his whole life, for nothing. If he wanted to see naked women, presumably he had an Internet connection.

Re:

[coopertempleclause]

"The lifetime of wreckage" = The guy who abused the trust of both employer and customers to spy on women without consent for his own sexual gratification might not be able to get a job where he's in the position to do that again.

Re:5 years seems excessive

[Ed Tice]

Thank you. The OP points out that there are plenty of images of naked women available. He didn't do this to see naked women. He did it for the satisfaction of violating another human being. I am not a psychologist so I have no idea *why* he would take delight in such a thing. But he clearly did. 217 times or however many it was. Even the TFS talks about how the victim felt violated. There was no discrepancy between intent and impact. The intent was to violate and it was successful. The penalty is relatively light.

Re:

[larwe]

Even people who agree with the sentence might have reservations about the lifetime of wreckage that follows a conviction

I hear this sort of thing a lot on Facebook in the responses to various local crime reports. "How can you ruin a life for {crime}?", as if it is some failure of society that people who commit criminal acts are thereafter barred from positions of trust.

There are crimes for which cookie-cutter life-affecting punishments are, indeed, arguably too severe - one that comes to mind is teen/preteen kids who send inappropriate pictures to each other, or even people who are seen urinating in a public place, and who t

Re:

[bferrell]

Had he been charged as a peeping tom, he'd be a registered sex offender

Re:

[stephanruby]

No one was physically hurt, no money was stolen, he’s essentially a peeping tom.

Except, a corporation did get hurt in this case, his employer. Who's going to trust them now? A good portion of their customer base is already paranoid. This is not going to help.

His act alone probably cost the entire monitoring industry more than a billion dollars in the next few years.

Re:

[larwe]

A good portion of their customer base is already paranoid.

Not so much. Do you know how the vast majority of lick-and-stick home security systems are sold? It's not through ads in Guns'n'Ammo or Survivalist Monthly. It's through summer programs. High school kids walk down the street knocking on doors in reasonably affluent-looking neighborhoods, pitching initially a lawn sign, then quickly upgrading that pitch to sell a quick install of a security system to "protect your valuables". A truck(s) is following behind to do the installs - typically one truck can do betw

Re:

[wisnoskij]

Well, like the epilogue points out, this single event sort of makes everything ADT has been doing for years worse that useless. They are a multi billion dollar company, with tens of thousands of employees, and they deserve to be litigated to bankruptcy and very well might be.

So not only do we have the suffering of every ADT customer, but widespread suffering in the entire ADT company.

This guy seriously screwed up the lives of a small country of people.

Re:

[omnichad]

Right. Imagine if this same person were instead acting as an informant for a criminal enterprise. Leaking data about who is home and where the valuables are. It's a fundamental compromise of the service being offered, and a proof of the lack of security awareness in their entire platform.

Re:

[b0s0z0ku]

Fuck him, but fuck ADT and Amazon with a glass-studded dildo as well.

The sooner ignorant people realize that having indoor cameras connected to an outside entity INSIDE THEIR FUCKING HOMES is a bad idea, the better.

Re:

[truedfx]

What he did was horrible, but 5 years for watching someone on camera seems excessive.

To put this into perspective, this is less than a day per offence, or just over a week per customer account violated, though.

No one was physically hurt, no money was stolen, he’s essentially a peeping tom.

The summary states that he persuaded at least one customer to have cameras installed that she had not wanted, which presumably she paid money for.

Re:

[b0s0z0ku]

The problem is that a little putz like him was punished, while the entities (corporate/government) that push ever more surveillance and data retention are getting off scot-free.

e.g. if a vaccine passport is scanned, it creates a name and DOB record that's tied to a scan time and location of scan. I'd support vaccine passports if the data collected has to be deleted after a short time (say no more than five minutes). Anyone who deliberately retains location data -- one year in prison or 10 lashes on the ar

Re:

[hey!]

Well, he's not going to serve *any* time for being a peeping tom. He's going to serve time for another crime -- computer fraud -- that he committed to make being a peeping tom possible.

I think scale and repetition matter here too. It's one thing to peep in on person's windows, you have to expect the punishment for peeping in *hundreds* of peoples' windows to be a little harsher.

Re:

[strikethree]

What he did was horrible, but 5 years for watching someone on camera seems excessive.

He cast doubt on the trustworthiness of a corporation. They will likely lose millions of dollars of revenue because of this. I am kind of surprised it wasn't a longer sentence. If the problem were really about being a peeping Tom then the sentence would have been considerably lighter and likely not even custodial since it is a first offense.

Re:

[b0s0z0ku]

The issue is that he did it without CONSENT, not that he did it. Sex isn't illegal or unethical. Sex without consent is rape and is very illegal and unethical.

Wonder if all these chinese cameras spy?

[iamhassi]

If this can happen with ADT, what about all these off brand knockoff cameras? Is it all streaming to a chinese server and we’ll never know? How would you know?

Re:

[Ostracus]

How would you know?

Sure you're a geek, right? Geeks know this kind of stuff.

Re:

[Calydor]

Well, a packet sniffer would be a good start, but if it's completely random you might have to investigate dozens of cameras just to find one that sends a picture now and then.

And if it does on occasion, you know what the company will say? "Our cameras occasionally send a sample image to a verification server as a self-test to ensure they are still functional. They only do this after not detecting movement for X minutes to make sure no persons are shown in the image." Now prove that's a lie.

Re:

[The Evil Atheist]

"Our cameras occasionally send a sample image to a verification server as a self-test to ensure they are still functional. They only do this after not detecting movement for X minutes to make sure no persons are shown in the image." Now prove that's a lie.

Don't need to prove that it's a lie. They don't need to send a sample image, just a message digest of the camera's internal test results. Sending full (or even low-res) images is unnecessary, and so anything that does that would rightfully be regarded as having an ulterior motive.

Re:

[Rockoon]

I'd be a bit more worried about tiny little cell modems. Just because the device you use is hardwired into the router or whatever, or uses wifi, does not mean that that is its method of communicating back to the mothership.

Cell service providers make deals to carry packets for corporate customers all the time. Just ask whoever made your automobile about that. The modems themselves are now small chips, and thanks to mass manufacturing for cell phones, these chips cost very little to make. Warehouses are fu

Re:

[stabiesoft]

I doubt it, costs too much. Based on what I pay for stuff that has data connections, figure around 5 a month. Way too much for a chinese camera maker to pay AT&T or VZ for a subscription to every camera they produce.

Re:

[larwe]

M2M connections in bulk quantities (cars, security systems) aren't priced that way, though. The manufacturer of the widget will tell the carrier "I expect this widget to generate on average x bytes down and y bytes up of traffic per year, with a peak burst usage of z kbps, and I will be buying n IMEIs per year from you". For low bandwidth telemetry applications, the cost can be as low as a couple of dollars a year, especially if they are data-only SIMs (if they are provisioned for voice as well, there are a

Re:

[larwe]

.. and obviously I meant IMSIs there not IMEIs. Today has been a long week.

Re:

[stabiesoft]

Yes, but sending video is not a few bytes of telemetry.

Re:

[larwe]

Totally. My point is that the SIMs are essentially free from the connectivity provider (especially if they're eSIM data blobs) and they can be shipped in an inactive state, costing nothing. And the usage for bulk-negotiated plans is not _always_ "x MB per month", it is an _aggregate_ figure, often across multiple SIMs. In large-scale (low number of millions of devices) M2M applications I've observed, it is not unusual for the billing to work something like this: "You currently have 1M active SIMs. We agreed

Re:

[markdavis]

>"If this can happen with ADT, what about all these off brand knockoff cameras? Is it all streaming to a chinese server and weâ(TM)ll never know? How would you know?"

1) You don't. And really, it probably doesn't matter which brand or source.

2) You have to be just as worried about someone else hacking such a system- both black hat AND white hat.

If the design includes ability to connect to the Internet (or some Intranet), and you don't have complete access and control over the code running it all, al

Re:

[Oligonicella]

It's been interesting to see how /. has evolved from a home for IoT fanbois to skeptics as reality came about, eh? Check my history, I *always* thought it was a stupid idea.

Re:

[b0s0z0ku]

IDK - Slashdot has always had a hard-core pro-privacy crowd that would have abhorred putting a "clown" connected camera in one's own home. I don't think much has changed, though I think more people are waking up to the stupidity of a lot of IoT crap.

Re:

[markdavis]

>"It's been interesting to see how /. has evolved from a home for IoT fanbois to skeptics as reality came about, eh? Check my history, I *always* thought it was a stupid idea."

Check mine, too. I have always warned people about IoT and things outside our own control. But it is good that many are FINALLY "waking up" about the dangers/risks. Just because something CAN be done, doesn't make it a great idea.

Re:

[b0s0z0ku]

Set them up for local recording, they stay in their own padded little private subnet with only access to each other and the local side of a DVR.

"He's mortified by what he did"

[Anonymous Coward]

No, he's mortified that he got caught and everyone now knows he's a perv. He did this 9,600 times, which is 9,599 times more than he would have done had he actually been moritified by what he did.

The problem is fundamental

[ytene]

In Season 3 of Babylon 5, in an episode called "Messages from Earth", there is a scene where the station leader of a fascistic little Earth Government outfit called "NightWatch" enters a security station to speak with the 2nd in command of Station Security. After a little conversation, the NightWatch representative, preparing to leave, looks up at a wall of surveillance monitors that are showing scenes of people throughout the station, eyes gleaming.

"You know sometimes, watching them like this, without them even knowing we're here, it makes you feel a little like God, doesn't it?" he asks, before leaving...

The incidents involving Mr Aviles all took place because his employer, ADT, created a situation with a significant power imbalance. In this case, that imbalance enabled and empowered Mr Aviles to abuse the trust and invade the privacy of literally thousands of ADT customers.

But this is no different from the cop who runs a background check on his daughter's boyfriend. It's no different from the tekkie at work who has admin access to your company mail server and who reads all the emails of the girl he fancies, to see if she has a boyfriend. It's no different from the President who orders his Justice Department to obtain the phone records of his political opponents because he believes without proof that they must have been responsible for a leak that harmed his reputation.

What do all these scenarios have in common?

They involve two key ingredients: the first is an operating model or configuration or setup in which one party is granted or takes significant, overwhelming power or authority or control over another party. The second is darkness - the absence of light that would be shone if the operating model or configuration had robust, effective and transparent oversight.

I make these observations not because I'm trying to equate the actions of Mr Aviles spying on women with the former President spying on his political opponents - both are obviously very wrong, but they are different classes of wrong because of the nature of the activity. I make them because they reveal something critical to our understanding of the problem. This is a significant, dark aspect of human nature at work. Now, some people might take a little convincing that humanity can be like this "given half a chance". In support of this view, I'd ask you to consider publications like "National Enquirer" - i.e. the "Gutter Press" - outlets where scandal and long-lens photographs and salacious tell-all stories from "check-book journalism" can be found. If that darker aspect of human nature did not exist, there would be no market for the National Enquirer.

If we can accept, then, that this (is/may well be) the case, then we can move on to asking ourselves what needs to be done about this.

To get that discussion started, I'll suggest that all of the examples I've cited could be addressed through really tough, effective privacy legislation. In some cases - particularly where power is used asymmetrically by someone holding public office [the example I offered was the former President, but it could be mayors, police chiefs, city councillors, school heads, commanding officers] then there could also be "abuse of office" considerations.

But there are at least a couple of things we need to do, if we're willing to accept that this darker side of human nature exists. The first is to actively recognize scenarios in which that aspect of personalities could acquire the potential to abuse. The second is to learn how to design operational practices that enforce checks and balances, so that everyone knows that abuse will be detected and will be dealt with.

As a society, we recognize that there will be times and circumstances in which we need to grant some people extraordinary authority. But that authority doesn't have to be granted "in darkness". We can demand that it is conditionally granted only with "light" - with oversight and supervision. As the US

Re:

[Type44Q]

But this is no different from the cop who runs a background check on his daughter's boyfriend.

I spotted the one without any kids...

Re:

[Oligonicella]

Having a child does not remove any moral obligation to not act like Stasi. I have a daughter.

Re:The problem is fundamental

[b0s0z0ku]

But sadly, a lot of cool, nice, interesting people DO turn into petty fascists once they breed. I think it's a fundamental human instinct to hold the welfare of your cheeldren over privacy for others and even moral good. Which is why I think that declining birth rates are actually GOOD for society: fewer breeders voting.

Re:

[b0s0z0ku]

The cop who abuses his power and access to confidential data should also go to prison, ideally with "former cop" tattooed on his forehead. We should hold people in authority to HIGHER standards, not lower.

Remember jail sentences for corporate data leaks?

[ffkom]

No week is passing without a number of reports on what company exposed what sensitive personal customer data to criminals or business-partners (often both). Yet I cannot remember a single jail sentence for any high ranking person responsible for those data leaks. As if the only true crime regarding data theft / abuse is when some lonely peeping tom peeps.

The good news is...

[h33t l4x0r]

He's got at least 4 years worth of material in the old spank bank.

How ignorant/dumb could the homeowners be?

[b0s0z0ku]

He deserves to be jailed, but this doesn't speak well for the customers. How dumb can you be to install a camera INSIDE YOUR HOME that's accessible to an outside company like ADT or Amazon? I understand cloud recording for outdoor cameras, but inside cameras should either use local recording that's not Internet accessible, or the stream should be encrypted with a key only known to the homeowner before it leaves the premises.

He sees what he did as a betrayal of himself, too.

[Oligonicella]

Yeah, bullshit. "Betrayed" himself 9,600 times over 6 years. He's just humiliated he was caught.

Pronoun

[groobly]

He has now declared that his preferred pronouns are she/her, and she has now demanded to be remanded to a women's prison.

Seems like this could be overturned

[bdenton42]

Isn't this essentially the same as the recently decided Van Buren v United States? https://m.slashdot.org/story/3... [slashdot.org]