UK joins others in banning Chinese-made security cameras

Chinese-made security cameras have been banned by the UK Government. It has joined the US, India, EU, Australia, and many more in banning their use, especially in sensitive areas where AI and facial recognition may be surreptitiously used.

The US issued a blanket ban in 2019 to immediately rip-and-replace specific brands of Chinese-made security cameras and 5G network infrastructure.

In a statement to the UK parliament, Cabinet Office Minister Oliver Dowden said that after a security review, Government Departments had been instructed to immediately stop deploying equipment produced by companies subject to the National Intelligence Law.

They have been advised to remove and replace such equipment where it is deployed on sensitive sites and remove them entirely from core computer networks rather than awaiting any scheduled upgrades.

Cabinet Office Minister Oliver Dowden

Dowden cited “the threat to the UK and the increasing capability and connectivity of these systems” without specifying further.

Many Australian Federal, State, and Local governments, Education and Military have also removed them.

What is banning Chinese-made security cameras all about?

Two strong allegations.

First, Chinese-owed security camera makers must comply with the country’s law to cooperate with its intelligence and security services. Any images or control software stored in Chinese-owned clouds must be given to the government on request.

Second, some of the cameras allegedly have facial/gender/race/key suspect recognition, thermal imaging capabilities, license plate recognition, geo-zoning (why are you outside your house/zone?) and AI-driven predictive computer algorithms (likelihood of offending) for surveillance capabilities – refer to the first reason.

There are many other reasons, but one stands out. These cameras are running software that can be surreptitiously subjugated and used by Nation-states and third-parties (hacking is too nice a word) for reasons outside their intended use.

This is about trust and confidence. Once you lose trust in a company, as we have declared is the case with the Chinese CCTV companies, there is no place for them in any surveillance role. In which case, now that we’ve established some companies can’t be trusted, we shouldn’t be using them.

Professor Fraser Sampson, the outgoing UK Biometrics and Surveillance Cameras Commissioner

Why were Chinese-made cameras used in the first place?

Other makers could not compete with Chinese-made, low-cost, high-tech security cameras. The exact reasons Telco networks selected the now-banned Huawei and ZTE 5G (and 4G) network equipment.

You must ask if the Chinese Government was subsidising the cost. Is the Pope a Catholic😊?

Can we name names?

Yes. But first, you need to know that over 600 Chinese-owned companies are on the US Entities banned list (starts page 29). These have thousands of brand names, so it is not always evident.

Hikvision and Dahua have ethnicity profiling tools on their CCTV cameras in Xinjiang. Both companies have contracts to provide surveillance equipment for cities and concentration camps in the region and globally.

Hikvision is partly owned by the Chinese government and is the largest CCTV provider in the world, serving schools, public institutions, and secret laboratories in the UK. It supplies up to 60% of UK public bodies with CCTV cameras and software. Its consumer brands include Ezviz, HiLook, and HiWatch. But more disturbingly, the products have been extensively white-labelled for brands, including Panasonic, Dunlop, Grundig, Hitachi, Honeywell, Hyundai, and Toshiba, to name but a few of the 90+ brands using its cameras and technology.

Hikvision said its cameras complied with UK laws and were subject to strict security requirements. But Hikvision also pays its lobbyists, dealers and social media influencers handsomely to promote a positive, safe image stating, “If we look good, you will look good with your customer.”

Dahua, another partly Chinese government-owned manufacturer, is in use by 73% of the UK’s local authorities, 35% of police forces and 63% of schools. Similarly, Dahua has 50+ companies that it white-labels for, including Honeywell, Bosch, and Panasonic. It has not commented.

Another company called Uniview is also under the microscope.

These companies white-label thousands of consumer camera models/brands running the same unpatched operating system and software.

What consumer cameras are safe?

Despite 99% of consumer security cameras being made in China, a few brands use their own operating systems/firmware and have local or regional cloud storage outside the reach of the Chinese government.

  • Arlo is the most secure and back this with a privacy pledge that other makers are yet to offer. It has pulled out of Chinese manufacturing and sales completely.
  • Google Nest only lets Google know your account details (so it can advertise to you). Your data is safe even if you use Google Assistant to manage Nest.
  • D-Link is a Taiwan-owned company and uses an Oceania-based cloud. It has had its share of software vulnerabilities, but as far as we know, current products are fine.
  • Swann was an Aussie company that is now owned by a 100% Chinese government corporation. We are unaware of where the cloud is.
  • Uniden is a Japanese-owned company, and much of its manufacturing is in Vietnam.
  • Ring is an Amazon-owned company that provides account data to it, Facebook, and others. It has had several security scandals’ mainly about sharing Ring camera images with law enforcement, euphemistically called ‘Neighbours’, and for software vulnerabilities allowing hackers to take over cameras. As far as we are aware, the software has been patched.
  • Eufy is owned by a private Chinese company, Anker. We have reviewed its privacy policy, which is benign and uses local AWS cloud servers. It actively promotes secure local micro-SD storage.
  • TP-Link (Tapo and Kasa) is a private Chinese-owned company. It is on our approved list as it makes the hardware and software and offers a choice of cloud storage locations. It is a huge brand in the US, and due diligence shows it is a safe company.

CyberShack’s view – Chinese-made security cameras are insecure in government, education, military, police, infrastructure, and public places.

It comes down to the potential threat to harm – whether real or not. If the Chinese Communist Party hijacked Hikvision, Dahua and the tens of thousands of white-labelled cameras (as they have in Hong Kong, India, Italy, mainland China and who knows where else), it would give them a distinct advantage.

It is the same with Huawei and ZTE and, in fact, any Chinese-designed and made tech. Read Made in China 2025 – a policy with intended consequences (opinion) and Are Chinese-made smartphones spying on me?

The reality is that global brands (Apple, OPPO, Motorola, HP, Dell and many more) of Chinese-made IT like cameras, phones, and computers are aware of the potential to kill their business and are taking steps.

Joe and Jane Average need not be too concerned unless they work in sensitive areas and must keep secrets.  At worst, your Chinese-made device may phone home or cease working. When vital infrastructure like the internet, phone, water, power, shipping, finance, air space control, etc., goes down, we are stuffed. I hope the Government of the day is protecting our interests.