It only requires a $40 piece of software to turn someone’s laptop into a spy cam. Current laws provide little legal recourse for victims.
To protect the privacy of computer owners, federal and state laws should be updated to explicitly prohibit remote webcam activation, according to a new report published by the Chicago-Kent Privacy program at IIT Chicago-Kent College of Law. The researchers behind the Digital Peepholes project further argue that regulations should be enacted to provide a civil remedy for victims of webcam spying.
Most laptops now come equipped with webcams, which can be used to record videos, communicate with distant relatives, and conduct business meetings. However, hundreds of thousands of people have had their privacy invaded when third parties remotely accessed their devices without their knowledge.
As the report highlights, hackers known as “ratters” remotely activate webcams using remote access Trojans (RATs), film victims in compromising positions, and then seek to extort more pictures. However, invasions of privacy can also be committed by law enforcement, businesses, and educators. In one of the most well-known cases, a Pennsylvania school district was sued for surreptitiously collecting a total of 27,428 screenshots and 30,564 webcam photos from student-issued laptops.
In another egregious invasion of privacy detailed in Digital Peepholes, a company used remote activation technology installed on 400,000 of its rental computers to captures images of customers having sex, online gambling, and surfing the Internet. The researchers also note that government agencies, such as the FBI, can activate webcams undetected, sometimes without first obtaining a warrant.
As with many technological advances, cybersecurity and data privacy laws have failed to keep pace and are often unable to curb abuse. Under the federal Computer Fraud and Abuse Act, victims must suffer at least $5,000 in damages in order to file suit. In addition, outdated language in the Electronic Communications Privacy Act also prevents many victims from seeking legal recourse. Although the statute prohibits the “interception, use, or disclosure of electronic communications without the consent of at least one party,” courts have been reluctant to find remotely capturing screenshots or activating a webcam amounts to a violation.
The bottom-line, according to the researchers, is that the United States desperately needs to update its data privacy laws. Given its “questionable effectiveness and high level of intrusiveness,” the researchers argue that remote webcam activation should be clearly prohibited as an investigative technique for law enforcement as well as a theft prevention strategy for private businesses. They further maintain that federal and state law should be updated to provide a civil remedy for victims who have their privacy invaded.