29 January 2021

ADT Pulse Home Security Pulse Gets Hacked Into > Perv Peeper Technician Caught After 4 Years Spying on Private Moments

This story has "hit the news" cycle for one more sensational security scandal - this time it's closer to home. As reported by Karl Bode writing on Techdirt, it might have gone un-noticed except for just one individual subscriber who happened to get suspicious.
 
One of the interesting bits is that he appeared to have only been caught by accident, and could easily still be engaging in the same behavior today if not for one attentive subscriber:

"The lawsuit also claims the flagrant security breach was discovered not by the company, but 'by luck and happenstance.' A customer, reporting a technical issue, inadvertently revealed the unwanted third-party access," the lawsuit claims. "But for that event, ADT would be unaware of this invasive conduct."

So no basic security measures to prevent employees from abusing their authority.

No system to notify users when somebody new was added to the email access list for video cameras they provide.

ADT didn't even know this was going on -- and if not for a customer being attentive it probably still would be.

And this is a security company!

It's notably worse for the parade of "internet of thing" companies that decided we needed to hook every home device up to the internet with zero willingness to embrace or fund basic privacy and security standards.

ADT Tech Spied On Women For Four Years Before Getting Caught By Accident

from the what's-the-opposite-of-security dept

Another day, another example of why we might want to actually pass at least a basic privacy law for the internet era. The latest problem bubbled up over at home security vendor ADT, after a technician was caught using home security cameras to spy on people for years. More specifically, the tech accessed customer video cameras in 200 homes some 9,600+ times over a period of four years. His preferred targets were attractive women he spied on while they were having sex, bathing, or getting dressed. This was, as US Attorney Prerak Shah was quick to note, a grotesque abuse of trust:

"This defendant, entrusted with safeguarding customers’ homes, instead intruded on their most intimate moments,” said Acting U.S. Attorney Prerak Shah. “We are glad to hold him accountable for this disgusting betrayal of trust."

More >
In ADT's case, the company is busy trying to dodge responsibility by throwing complaining customers into binding arbitration, a lopsided process that pretends to be better than traditional class actions, but usually winds up with the companies in question getting little more than a wrist slap. When you know that repeated privacy and security violations can be brushed aside with a modicum of billable legal hours, you're not inclined to try very hard. It's far easier, and less expensive, to half-ass it, then have your lawyers water down already flimsy after-the-fact penalties.

It's why properly staffing and funding our privacy regulators, and having a basic privacy law where the expectations are clear and the penalties are notable (and consistently enforced) seems like a no brainer. Though it's still amazingly not clear how many national privacy scandals are necessary before we finally figure out that our existing "solution" of apathy, wrist slaps, binding arbitration, and intentional policy gridlock aren't working very well.

Filed Under: doj, iot, privacy, security, surveillance
Companies: adt

 

No comments: