I have a tidbit but can’t find the early early original reporting so will refrain from sharing.
But I will say that with the prevalence of DIY security/surveillance equipment on sale nowadays there’s probably a less than 0% chance (IMO) that they don’t have more…
BUT…I haven’t done one of these tech dives in awhile so bare with me
One interesting thing is that when I look at the devices that are most likely to be the ones officially cited in the PCA (neighbor camera that caught thumps) or that are most likely to have been cited (apt cam that Gray H reported on the leak) they are both prosumer cameras. I’m using prosumer lightly here. Essentially meaning they take some level of expertise as they typically require wiring runs and power over Ethernet. In the video that Gray reported on you can tell by the UI on screen. I actually found the official model but don’t have it handy. And the likely “thump” neighbor camera that shares the cited address can be seen in newspaper pictures and news clips in the early days.
People buy them for their reliability and its ability to record even when the internet is down or non existent. All of the videos they capture are first and foremost recorded to a local hard drive. And the viewer is usually a Windows App that runs on your desktop computer. Though they can be viewed live over the internet for free and in a pinch,there typically aren’t dedicated apps and you have to visit an IP address in your web browser and deal with a clunky UI. Cloud backup is a paid option if you want. But not required.
It’s a one time payment for the cameras and you are done. Forever if you’d like. They don’t get your credit card or even your email address if you don’t want them to. You never have to plug it into the internet if you don’t care for cloud backup or live viewing. You can run it 100% locally completely disconnected at all times on Mars if you want. They are extremely popular with commercial companies and while 10 years ago you would have seen them in the homes of the tech savvy and people with money…now they are largely relegated to people who don’t want their business (of the non monetary variety) in the cloud with the Googles of the world.
So those specific cameras being amongst the ones cited early and in the PCA makes sense. As they would be most easily accessible to LE. Assuming the owner is cooperative. They just give them access to the device and the hard drive and they can pull it directly off. Easy peazy.
On the other hand…with few exceptions, the off the shelf smart home cameras like Arlo and Ring are all cloud recording only (Arlo offered a local option but discontinued it). They require an email address and an account to give you access to a free service that just barely covers basic functionality. And then try to upsell you and hook you into paying a monthly fee with more/longer storage and other services. Which is recurring revenue for them. They tend to be more popular in homes than the aforementioned prosumer local cameras because installation is plug and play (WiFi), the UI/UX is easy and you don’t have to maintain much hardware. They also offer a local like “feeling” with a snappy and responsive streaming experience. Utilizing buffering and cache tricks.
I know that in Ring and Arlo you’re able to download a copy of the video off the cloud, to your device and do whatever you want to do with it from there. But you don’t technically own it until you do that
One notable difference between the two that’s worth mentioning again, but in a slightly different way: the ‘prosumer’ local cameras will record as long as it has hard drive space. If you want to keep 10 years of recordings of your cat. You can do that. Just buy more hard drives so you don’t have to record over it. But with Ring and other solutions you’re going to pay extra $$$$$$$$$$ for the ability to maintain backups. And if you want 10 years of cat videos then it’s not the device for you.
My point is if LE would have found these videos from these plug and play smart home devices we should have seen subpoenas from LE to get access to the cloud recordings. Particularly the ones that go further back than what’s available via a customers account. As I believe most of these companies will keep 30 days worth of recordings as dictated by most data retention policies.
We haven’t seen any of those subpoenas surface so a few musings on that…
- Did LE rely on these cameras first as they were most accessible? And anything more was gravy and not necessary? Is this why they were cited in the PCA?
- If BK passed either of those cameras in the days/weeks/months proceeding then LE has those videos. Assuming that the customers data retention policy (set inside of the Windows App) allows for video to be stored that far back. From what I remember the most common out of the setting is record until you can record anymore and then start to record over the oldest video once we are out of space.
- On the missing subpoenas….Google owns Nest. I’m too lazy to see if the Google subpoena is broad enough to include all cloud files associated with a customer/user.
- Amazon owns Ring and Blink. So ditto on the above.
- Ring has been known to cooperate with law enforcement given them free access to anyone’s video who’s opted into their LE sharing program.
- While Amazon does own AWS and the S3 service that 90% of camera companies likely use for their cloud storage..I’m pretty sure the subpoena would still have to go through those companies first as they technically own the only keys to those storage buckets.
- Maybe the subpoenas have been unreleased as of yet or held back for some reason.
MOO