Language:

Privacy-preserving video surveillance: how to build a truly secure CCTV with Ajax

Privacy-preserving video surveillance: how to build a truly secure CCTV with Ajax

Information is no less valuable than property and often even more so. While a burglar swiping stuff hurts, the damage caused by disclosing personal information from a home camera can be far more severe. Yet many existing CCTV systems do not allow users to be fully protected from both burglary and data theft. The vulnerabilities of such systems make users look for a compromise between privacy and security.

Ajax Systems offers a comprehensive CCTV solution protected at both hardware and software levels to guarantee privacy and robust surveillance. With Ajax cameras, an end user has full control over their sensitive data without jeopardizing their own security. Let’s take a look at how this is achieved.

Wired video devices are available for order

video

Personal data protection in the DNA

For the first time, Ajax Systems dealt with the question of privacy when working on photo verification for MotionCam detectors. In 2019, the first MotionCam detector with a photo verification feature was released. The goal was to reduce the number of unnecessary dispatches caused by false alarms, which can hinder efficiency of security companies. Thanks to the Photo by Scenario feature, the MotionCam detector takes a series of photos when some detector triggers. An end user and monitoring station see them in Ajax apps and verify the alarm. The possibility to take photos on demand was disabled on a hardware level.

Then, along with OS Malevich 2.13, we introduced a new MotionCam version with the Photo on Demand feature that enables authorized users and monitoring stations to check the situation at a facility when necessary. Let’s say a user is away, and their security system alerts them to the movement at a site. The authorized users with corresponding rights, as well as the security company, can request a photo and know how to respond.

photo by schedule

To give Ajax users control over these features and their sensitive data, we developed the Privacy menu in the Ajax system. This opened up new opportunities for system owners:

  • Enable or disable photo verification.
  • Set which detectors can take photos on demand.
  • Set up photo-taking on demand, either at any time or only when the system is armed.
  • Configure the security company’s access to on-demand photos and live streams from shared cameras.
privacy
The Privacy menu in Ajax apps helps accurately adjust access to visual data for users and security company operators.

To protect the Privacy menu against hacking, we worked out a precise distribution of rights for different users.  In common industry solutions, an installation engineer could remain in the system, potentially putting the user’s privacy at risk. Ajax offers a system where the installer cannot manage the privacy settings but can grant the right to any system user. They can set up access rights while standing next to the owner using their phone in the Privacy menu.

Once the setup is complete, access rights can only be configured by the system owner — the user who has connected the hub to a central monitoring station or use it for self-monitored security. Rights are granted separately for each device with a camera and granted specifically for each user. 

There are three types of users within the Ajax Security System app:

Option

Admin with full rights (system owner)

Admin with no rights to configure the system

User

Configure the system and test the devices

+

-

-

Add rooms and detectors

+

-

-

Arm/disarm the system

+

+

+

Configure the types of alarm notifications

+

+

-

Deactivate the alarm button

+

-

-

Deactivate video surveillance

+

-

-

Add and remove users

+

+

-

Assign users as admins with full rights

+

-

-

Add and remove PROs and/or installation companies

+

-

-

Grant access to the settings for PROs and/or installation companies

+

+

-

Revoke access to the settings for PROs and/or installation companies

+

-

-

PRO are professional installers or security company employees. There are two types of PRO users within Ajax PRO: Tool for Engineers and PRO Desktop: the PRO users with full rights and the PRO users with no access to the hub settings. Only the hub owners with admin rights and the PRO users with full rights can give access to the settings and additional options to a PRO. 

Despite a complex hierarchy of rights, the settings can be changed in just a few clicks. It does not require coding or downloading extra software. The assignment of rights to everyone at a facility, from the cleaning staff to the executive manager, is easy and intuitive.

Privacy taken to the next level: from motion detectors to IP cameras

The experience of ensuring privacy in MotionCam detectors and secure connecting of third-party cameras to the Ajax system became the strong foundation for Ajax IP cameras and NVRs. It grew into a backdoor-free system with multi-layer protection of sensitive data.

Evolution of the Privacy menu

To control access to camera recordings, Ajax users have a familiar Privacy menu with the same user roles. The end user can’t change crucial system settings or delete devices, which eliminates security threats caused by human error. Yet, they retain the authority to grant video viewing permissions, thus maintaining complete control over personal data1. The types of access can vary: full system access, audio-only access, or video-only access. This flexibility ensures that the engineer only has the necessary permissions to complete their tasks.

The ability to provide an installation engineer with temporary video access is an important new feature in the system. They can get fully unlimited access, or temporary access to the video for one, two, four, or eight hours. When that time elapses, the additional rights are automatically revoked.

The system is also protected against the abuse of rights by employees of security companies. In PRO Desktop, the integrated app for the installation and monitoring business, security companies can track an installer’s activity. The event log records all activities and cannot be edited. Should an Installer attempt to access the app from an unauthorized device, an immediate notification is triggered, alerting the Head of Installers to take necessary action.

prodesktop
In the Access rights menu, the company owner can adjust the access rights for employee roles.

Security and video perfectly synced

The Ajax system can be customized to suit the specific needs of users. One of the key features is the synchronization of the event log with video surveillance, ensuring a seamless integration of security events and video recordings. 

When a detector alarm is triggered, such as by fire, motion, or opening, users with the necessary permissions can immediately view the recorded video from the camera at that exact time. Thus, security companies can access recordings only when they are linked to an alarm event, ensuring that surveillance is effective without requiring constant live monitoring.

verification video

Total security: combining robust hardware and software in video

Ajax video surveillance systems integrate robust hardware and advanced software protections. This defense secures video transmission and storage, ensuring safety and reliability for users.

Secure data transmission

There exist video surveillance systems wherein the video stream is transmitted through the company’s server, leaving users compelled to depend solely on trust rather than the reliability of the system. Ajax took a different path.

Although the cameras use Ajax Cloud for authorization, the video is transmitted peer-to-peer (P2P), and no Ajax employee has access to it. Standard password vulnerabilities are neutralized through a password-free authentication system, which uses QR codes. Each connection uses mutual authentication protected by TLS encryption, bypassing the cloud entirely. The video feed remains safe from potential breaches. 

Proprietary Ajax protocol underpins the entire process of video transmission, storage, and management. The cloud server identifies every camera or NVR ever produced by Ajax and directs the video stream from the device to the user authorized to view it. 

jetsparrow
The video is in local storage, to which only the camera or NVR owner has access. All system data is securely stored within the EU and fully complies with European data protection standards.

Protection at the hardware level

Ajax cameras provide strong hardware protection, ensuring compliance with security standards. The built-in accelerometer reports dismantling and impacts. Also, security measures include simultaneous recording of video on both an SD card and a network video recorder. If someone inserts the SD card into another device, accessing the archive becomes impossible.

The storage can only be read under the owner’s account. For instance, if someone tries to remove the SD card from the network video recorder, the data remains inaccessible unless accessed through an authorized account in the Ajax app. This system cannot be bypassed.

Ajax cameras are NDAA-compliant and do not contain any hardware components from sub-sanctioned manufacturers. This means it’s a good idea to use our cameras if you’re doing a job for any high-risk facility.

Advanced authentication framework

All access rights and privacy management are handled through apps, so securing the app account is essential. Account protection in Ajax apps includes 2FA, session control, and options for password or biometric authentication. Once these measures are in place, only the end user has control over the privacy-aware surveillance system, making any workaround impossible. This account protection also ensures the protection of rights and archive management. That’s why only the user has the authority to manage and access their surveillance data, guaranteeing complete control and privacy over their system.

two factor

Conclusion

Ajax video surveillance products are designed based on a strong legacy, so they can keep sensitive data private and reinforce the security system. The advanced hardware and software features ensure that the video surveillance system is safe from being abused by hackers, dishonest installers, or unauthorized users. 

Ajax gives users full control over who can see their video, protecting personal information and making sure only the system owner decides who has access to the livestream or archive. This strong focus on privacy and security makes Ajax cameras a reliable choice for keeping data safe. And in the future, users can expect even more innovative features, all with the same high level of privacy protection.

1

Updated privacy settings are available in the Ajax Security System app version 3.4 or later and in the Ajax PRO Desktop app version 4.4 or later.