James Comey, who heads up the Federal Bureau of
Investigation (FBI), recently made an interesting remark during his
presentation about encryption and technology at a college in Ohio, US. He
admitted that, in order to protect his privacy, he puts tape over his laptop’s camera.
The FBI director’s revelation created a buzz among
information security professionals. Some have accused
Mr. Comey of creating a “warrant-proof webcam” – preventing himself from being
able to deliver evidence, should he be investigated.
“I saw something in the
news, so I copied it. I put a piece of tape — I have obviously a laptop,
personal laptop — over the camera.”
“Although in this case the sentiment was pretty
lighthearted, the mood echoes the efforts of the authorities of several
countries’ to adopt legislation mandating that service providers and
equipment manufacturers maintain the ability for police and security services
to access any communication.
(Of course, putting a tape over a webcam prevents
evidence from coming into existence, which is different from making the
evidence inaccessible through end-to-end encryption.)
Jokes aside, the FBI director’s security measure is
well-informed. The FBI has long known about the technology needed to remotely activate a
computer’s camera without the user’s knowledge. If software called a remote administration
tool (RAT) is installed on a system that has a camera, it can capture video —
without triggering the recording light — and subsequently send that video out
over internet. ESET researchers have been studying police use of this type of
malware for many years. For example, see this 2009 white paper (PDF link) and this 2014 article which discusses an FBI takedown of a RAT.
In order to prevent a webcam from being turned into
a tool for spying, appropriate measures should be taken. For most scenarios,
quality security software – if kept updated – should be enough. These programs
work to block any unauthorized installation of software on your machines
regardless of whether it is coming from criminals or law enforcement. And for
those who wish to eliminate even the smallest remaining risk, Mr. Comey’s
solution does make sense.