By Emmanuel Cliff Muganhwa
When President Museveni started passionately speaking about Kampala becoming a smart city, and particularly about installation of security cameras in his last security address, my interest suddenly went up because I too subscribe to the notion that technological solutions far supersede human control in efficiency and reliability.
Of course the borrowed 400 billion capital outlay and sourcing or procurement plans will concern many wanainchi, but I shall not dwell on that because the greater good is that the benefit accrued from any security option when it is implemented and used right tramps the cost.
My worries though are far from the cost, so I shall choose to concern myself about the security of the cameras and other smart devices to be installed around the city or country. Part of what the smart city speech alluded to is what is technologically known as the internet of things (IoT); interconnected devices that are supposed to ‘speak to each other’ and synchronize things like traffic flow, lighting, and other funky things I shall not bore you with. And these come with massive advantages, but one they major risk; being hacked (or misused).
According to the president’s speech the government intends to build a technological eco system that will include security cameras installed around strategic locations and highways, and these will be beefed up with facial recognition and apparent number plate recognition capabilities and they will relay back to a fully-fledged data centre that will also contain DNA and picture-based databases to authenticate individuals.
Since these are interconnected systems, has government put in place criteria to seriously audit these systems for any backdoors that exist, inadvertently or otherwise? Cameras world over are susceptible to being hacked because of the value of information one can collect from tracking, the more interconnected the better.
As a matter of fact, there are several websites that sell access to hacked cameras all over the world. Most of these are easy hacks from a few clever individuals who sell them to mostly criminals and twisted minded people (voyeurs), and they exploit things like using default manufacturer passwords that ship with the cameras, or weak passwords, or indeed they hack the actual camera control servers and plant backdoor access to them.
There is also the issue of personal privacy to think about. Some of the people in security circles have been known to deal with criminals using their access to critical information. With these cameras, tracking of individuals and vehicles will be much easier, but what controls have been put in place to ensure that the privacy of citizens will be respected, and their rights not violated by the powers that be? Is there a law in the offing being tabled to take care of this or the end will justify the means? Have the actual operators been trained on privacy related issues and levels of access to information worked out, so that one only accesses what they really need to access?
Some known authoritarian countries that have installed cameras use them as a tool to clamp down on the rights of their citizens, they use these gadgets more for tracking and oppression than security.
In terms of physically securing the gadgets and ensuring that they are working as intended, has the government catered for failover connections for the cables being laid? Somehow in Kampala on a daily basis there is someone digging up a tunnel or ditch along the roads to lay cables, water pipes or drainage and this therefore has resulted into so many service cable cuts than I can care to count.
What therefore is the plan for ensuring the uptime of these cameras is at least 99% so that police or whoever will man these cameras will not have excuses when crimes are committed but cameras in range do not capture them, and ensure that criminals do not first cut the cables then proceed to do whatever they want to do? There surely has to be a well-constructed fibre ring to ensure that a single cut does not take down the bulk of the cameras.
Privacy, protection, control and access to the generated data are key in this endeavour and government surely needs to ensure that the whole setup is seriously audited right from the beginning by experienced individuals and cyber security-leaning companies else we run a huge risk of becoming more insecure if things are not done right.
Writer is a certified systems auditor