To avoid a future shaped by today’s likely candidates and their inherent flaws, I advocate the establishment of a socialized multinational AI research project that is subject to public input and oversight and is less constrained by capitalist and political forces. A unified global public project strikes me as the best opportunity to cultivate sufficient resources to surpass the efforts of Big Tech and national governments.

Even if such a project were initiated imminently, the hour is late and the competition is fierce. Thus, drastic action must be considered. Legislation granting data portability rights could be extremely helpful, allowing individuals to obtain their personal data from service providers and, in turn, share that information with the socialized project. Similarly, legislation that protects adversarial interoperability in the software industry could catalyze transitions away from predatory products upon which the public has become dependent. If necessary to achieve competitive dominance, further data collection on a consensual basis may be pursued.

While the collection and processing of behavioral information is inherently risky, an international socialized model may greatly reduce the risks of our present private and national models.

I do not advocate any surrender in the fight for privacy. I simply support the development of contingency plans. An arms race is afoot in both the private and public sector with many convinced that surveillance is the key to future dominance. In humanity’s failure to denuclearize, I see an inability of modern society to relinquish powerful tools of control and I fear that digital surveillance may be similarly destined to proliferate.

Constant parent surveillance started in my generation. Friends got busted for lying about their whereabouts when their parents tracked their phones. Sneak in after curfew? Good luck. Your phone, the “Ring,” the cameras inside are the nosiest neighbors. For concerned parents the gadgets of the internet age allow for a type of helicoptering like never before.

What if we told these concerned parents that with a few lines of python anyone can watch? Or that there are websites listing webcams that are set to the default passwords (or without passwords) that anyone on the internet can access?

Hacking is Easy

Accessing someone’s unsecured webcam isn’t difficult and sites like Shodan and Insecam make this easier. Bots randomly scan for unsecured devices, something that can be done across the entire internet in a matter of hours. If one runs a quick search on Shodan she can find a slew of web servers that use the username and password admin/admin or that can be accessed through a password found by googling “manufacturer default credentials.” These default credentials are conveniently assembled on ispyconnect.com’s “user guide.” Still other cameras can be accessed through known vulnerabilities such as Boa webcams. Boa has a vulnerability that allows you to reset the admin password. In 2015, security firm Rapid tested nine popular baby monitors for security. Eight of the nine got an F, the ninth a D minus. Despite the reporting on this in 2015, nothing has changed.

There have been accounts of mothers catching hackers hijacking the cameras. One mother noticed her baby monitor moving without anyone controlling it. She realized it was scanning the room and landing on her bed. Everyone who was supposed to have control was in the same room not moving the device. Others reported their baby monitors talking. One particularly disturbing case involves a hacker yelling at babies on baby cams.

If peeping Toms on the internet are watching through baby monitors, what comes next? Surely those who lived in Stalin’s Soviet Union would find bringing a device into your home that anyone can access foolish. Even if you aren’t worried about your own government, there is nothing stopping other countries from peeping too. This can allow for more targeted advertising, election campaigning, perfect price discrimination. Even if governments or companies aren’t themselves watching, the dangers of commodification of personal information are real.

The dangers of these insecure devices goes beyond concerns of creeps or the hypothetical 1984 sounding concerns of the government or companies watching, they can bring down the internet. In 2016 DNS provider Dyn was attacked by Mirai botnets which took down sites including Netflix, Twitter, and Spotify largely using IoT? devices (such as baby monitors) infected with malware. Hackers took complete control of the monitor. Further, baby monitors can grant a hacker access to the home network to get information from computers.

The Law

As is common with the law and the internet, the law hasn’t caught up with the baby monitors. Some have noted the right to privacy should apply here. What is more of a violation of privacy than someone watching you in your bedroom? Seeming natural applications of existing laws don’t go far enough to solve the problem. While applying peeping Tom laws to those watching over baby monitors could prosecute some people and give some justice to victims, avoiding prosecution wouldn’t be hard and it wouldn’t solve the problem. Security experts have proposed other solutions including regulation of baby monitors, allowing victims to sue the baby monitor companies, and hacking back.

Security experts have called on the government to get involved by regulating IoT? devices. Mikko Hypponen, chief research officer for F-Secure, for example, compared leaking WiFi? passwords to devices catching on fire: it shouldn’t happen and the government should make sure it doesn’t. Experts have proposed civil and criminal penalties for creating unsecure devices and laws requiring buyers to change the default password before the device can be used. Others, however, believe regulation would be useless because U.S. regulations won’t affect other countries.

Some have proposed allowing victims of baby monitor hacks to sue manufacturers or sellers of the monitors. The Mirai attack shows the widespread hacking of these devices and suggests the possibility of a class action suit. If companies are hit with hefty fines they would be incentivized to send shoddy security for IoT? devices the way of lead paint.

Still others have proposed a more radical solution: hacking back. Rob Graham, security researcher and hacker, suggested the NSA launch a proactive strike to knock compromised IoT? devices offline. Graham sees this as a solution to U.S. legislation being useless overseas. While that may be true, there are likely other Constitutional concerns with the NSA hacking into people’s devices to knock them offline.

Conclusion

This paper discussed the security concerns of hackers accessing baby monitors and what this could mean for commodification of personal data and access by companies and governments as well as widespread attacks. Other concerns with baby monitors go beyond the scope of this paper: children growing up constantly surveilled and the ethics of spying on your babysitter, to name a couple. Parents have begun to worry about sharing about their children on Instagram. A class action suit is currently going against Disney for scraping data from children’s video games. It is time parents become concerned about the safety devices they bring into their homes.