Categories: Security

New technologies raise serious doubts on privacy & security

Today a colleague alerted me on a news published on-line related to a patent obtained by Microsoft titled “CONTENT DISTRIBUTION REGULATION BY VIEWING USER”

The patent could, according to some experts, a clear violation of privacy because it uses technology to gather information on user’s consumption of video content.

The major concerns are related to the use of cameras of video devices such as PC, mobile devices and TVs to identify the user and verify its rights for vision and of course to determine his habits with the purpose to pack it for the best offer in terms of contents.

How does Microsoft will use the cameras?

There are several technologies that can serve the purpose, probably using “facial recognition techniques” combining with analysis of video and audio input.

The patent states:

“[0028] In an alternative embodiment, a fee can be charged for each viewer of the content for each view. In another alternative, at 225 and 240, a per-viewer license may comprise counting the number of viewers in a viewing area and directly charging for each identified user in the viewing area. Viewers may be uniquely identified and a count of the viewers determined, with the licensee then charged for each viewer accessing the content. Age and identity restrictions can be applied in this embodiment as well. “

The cameras could be used to validate user’s license and enabling content vision, they must be able to count the number of users present in front of video. The patent authorizes a private company to get so invasive in our homes and maybe this is the first of different similar cases.

TV, PC and gaming console are object technological extremely evolved that thanks to sensors, cameras and microphones are able to operate a meticulous control of the surroundings.

Last year I presented a project funded by the U.S. government to acquire information through the analysis of gaming console on the network.

There are several problems with patents like the one under discussion.

Who will govern the information obtained and how?
Are these devices secure from external attacks?
Who guarantees the security of information collected?

The doubts are raised mainly by the implementation of the content of the patent, let’s image for example what could happen if an hacker takes control of such devices. It will be able to spy on victims, and similar attacks represent serious risks from different perspective.

Governments, but also cybercriminals could be interested to exploit the devices, same interest is from a commercial perspective to gather information on user’s habits.

The patent applies to both streaming content as well as downloaded material, and it is sure that many other companies are interested in the technology.

I personally think the technology is ripe for several similar uses but to be really useful it always have to compare with the demands of privacy and safety of users … unfortunately the trade goes in the opposite direction.

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.