Subscribe to Monitor This! RSS Feed

Monitor This!

by: Leif Kothe - Wednesday, September 11, 2013

Hundreds of TrendNet customers found out the hard way that products they purchased, billed as home security cameras, weren’t all that secure. In January 2012, a hacker was able to breach TrendNet’s website, circumvent security credentials and access some 700 live-camera feeds monitoring inside customers' homes. Many of the videos were then disseminated on the Internet, a curious fact by itself in light of the complaint filed by the Federal Trade Commission, which said security flaws in the cameras allowed for the “unauthorized surveillance of infants sleeping in their cribs, young children playing, and adults engaging in typical daily activities.” The online community continues to recover from the trauma of being exposed to such tedium.

But for obvious reasons, customers were unnerved. The FTC wasn't happy either. The oversight committee’s complaint alleging that TrendNet misrepresented its software as secure and failed to adequately protect its customers resulted in a settlement, which was reached last week, according to multiple reports.

The story reached mainstream news. Unsurprisingly, it’s on the alarm monitoring industry’s radar as well, as I discovered in a short conversation with Stephen Doyle, executive vice president and CEO of CSAA. Doyle said he just returned from an Alarm Industry Communications Committee meeting in which 65 industry members were briefed by an industry lawyer on the legal ins and outs of the TrendNet snafu.

In terms of pertinence to the industry, the case seems fringy in some respects, relevant in others. It’s true, after all, that TrendNet cameras are unattached to alarms, and designed specifically for remote monitoring of homes via smartphones and other mobile devices. But it's relevant to the industry insofar as it deals with a few topics in the forefront of people's minds.

One of those topics is the viability and security of do-it-yourself monitoring systems. Another is cloud security, a topic that stands to grow in significance with the spread of IP panels, and as more companies migrate information and services to the cloud. Whether a company’s data becomes more or less secure when it’s transferred to the cloud is a hot-button industry debate with little consensus. Cloud adoption is likely to expand, but that doesn’t mean there won’t be skeptics. Either way, the TrendNet case perhaps intensifies the debate.

At TechSec 2014, Jeremy Brecher, VP of technology, electronic security at Diebold, will tackle some issues in this vein as part of the educational program, while also exploring ways security companies can thrive in an increasingly cloud-based environment.

by: Leif Kothe - Friday, September 6, 2013

This morning I had the opportunity to chat with Stan Martin, executive director of the Security Industry Alarm Coalition. He proved to be a valuable font of information about the current state of the alarm industry, in particular the three-pronged relationship involving alarm monitoring companies, law enforcement and municipal governments—all of which play huge collaborative roles in responding to legitimate alarms and mitigating false ones.

When I asked him what he considers an ideal alarm ordinance, it became abundantly clear just what kind of challenges an effective alarm ordinance has to address. A whole constellation of considerations go into curbing false alarms. 

“We’ve studied alarm management issues for twenty plus years, and we know what best practices will reduce these unnecessary dispatches,” Martin said. “We list them in our model ordinance.”

A model ordinance, Martin said, should require all alarm systems to be registered with local police. It should mandate the use of Enhanced Call Verification, or two-call verification, a protocol that requires alarm monitoring stations to attempt to confirm a signal is valid before requesting dispatch. It should require that panels feature the newest equipment standards, meaning they are compliant with the ANSI/SIA CP-01 Control Panel Standard – Features for false alarms—a standard that minimizes the single biggest cause of false alarms: human error.

Martin also emphasized the tremendous importance of strict enforcement of an alarm ordinance, but acknowledged that enforcement measures vary by municipality, and are often dictated by local politics—particularly with respect to the number of free responses permitted. The SIAC recommends no more than one or two free responses. It also recommends suspending response once a fixed number, generally between the range of six and 10, has been surpassed. 

Martin says this curtails chronic abuse and holds some of the larger commercial entities accountable. “You do need to stop responses,” he said. “Otherwise, the higher-end clients, commercial clients, banks in particular, will just write the check. They consider that easier. It’s the cost of doing business. But when police say they’re not going to come any longer, they have to take some kind of corrective action.”

by: Leif Kothe - Wednesday, September 4, 2013

Today, Ken Kirschenbaum, an industry attorney, broached the topic of valuation in the alarm industry in his email to subscribers. In the monitoring space, a company’s valuation is based “exclusively on a multiple of RMR,” Kirschenbaum explains. A reason for this is that, in a sale, an alarm company isn't selling its ongoing business so much as its subscriber accounts. 

While the RMR multiple can shed light on the value of a company on the verge of a sale, it doesn’t tell everything. In fact, as Kirschenbaum explains in the preface to an article by Dorsie Mosher of the Davis Group, RMR multiples can fall into a wide range based on several variables, such as contract stipulations, as well as financing and accounting decisions within the company. 

This is why investors and financial institutions tend to prefer EBITDA—earnings before interest, taxes, depreciation and amortization—to RMR. They regard the former as the more telling valuation metric, says Mosher, because, simply put, the figure is less prone to flux due to uncontrollable variables. Through EBITDA, investors can get a better idea of how much cash will be generated to pay debts and finance future growth. 

“A company can have $1 million in RMR and still be losing money, which is certainly not what the investor is looking for,” Mosher writes.

Kirschenbaum, for his part, believes EBITDA is not about to replace RMR multiples as the primary valuation metric in the alarm monitoring space. But when it comes to mergers, acquisitions and financing, it’s worth keeping in mind that RMR isn’t the only valuation category all parties are taking into account. 

by: Leif Kothe - Tuesday, August 27, 2013

Over the weekend, the Partnership for Priority Video Alarm Response, a public-private partnership comprising stakeholders in property crime, announced the addition of a major manufacturer to its membership ranks. The company? Honeywell Security.

After speaking with some in the industry involved with PPVAR, including Keith Jentoft, president of Videofied and RSI Video Technologies, it is increasingly clear to me why this carries major implications for the future of video monitored alarm systems. A recurring theme I’m hearing is that Honeywell’s decision to come on board with PPVAR reflects significant progress toward “mainstreaming” such systems.

In a PPVAR statement, Donald Young, president of PPVAR and chief information officer at Protection 1, said the following: “Honeywell will help us in our efforts to strengthen our partnerships with law enforcement using monitored video alarm as a mainstream solution.” In the same statement, Scott Harkins, president of Honeywell Security Products Americas, stated: “Honeywell is pleased that the PPVAR supports continued police response to all burglar alarms. We also recognize that video verification is an important product category as we look to the future of security.”

If you synthesize these two statements, PPVAR’s message becomes clear. The organization encourages the mainstream adoption of video verification alarm systems in both commercial and residential settings, since this appears to be the trajectory monitored alarms are on. But what’s also apparent in the statement, particularly through Harkins’ quote, is that both the organization and its members remain firmly positioned as allies of the monitored alarm industry and its stakeholders in general—whether we’re talking about video monitored alarm systems or traditional ones. PPVAR's emphasis is on priority response. 

With monitored video alarm systems becoming more affordable, it may only be a matter of time before video verified alarm systems reach a tipping point in their adoption. It’s a development that some in the industry, as well as in law enforcement, will hail—especially as municipalities across the country continue to search for ways to mitigate false alarms.

Honeywell’s membership status with PPVAR only helps advance the industry closer to that adoption tipping point. On that front it is a major illustration of progress. Equally instrumental for achieving broader adoption, however, could be PPVAR’s positioning itself not as a threat to the existing, largely non-video installer base, but as an ally. 

by: Leif Kothe - Monday, August 19, 2013

Over the course of June and July, fourteen companies renewed their eligibility with IQ Certification, an installation quality certification program for alarm companies. The group of re-certifiers includes COPS Monitoring, based in Williamstown, N.J., Monitoring America Alarm Co-op of Tulsa, Okla., and General Monitoring Services, based in Huntington Beach, Calif.

Founded in 1997, the IQ Certification Program, headquartered in Erie, Pa., is based on one fundamental principle: security systems that are properly designed, professionally installed, feature the best equipment, and are monitored correctly tend to function free of failure or false alarms. A fifth component of a sound security system, according to the website, is providing users with education and training as well. 

To earn IQ Certification, alarm companies must undergo a rigorous evaluation by the IQ Certification Board, which is comprised of law enforcement, fire, state regulatory and insurance industry representatives, the program’s website notes. The certification standards are extensive and specific. The website features a code of ethics and PDFs on program bylaws and polices and guidelines. To become re-certified, companies must demonstrate to the board on an annual basis that they meet the required standards.

The expansion of a program like IQ Certified, first and foremost, reflects the industry’s dual commitment to mitigating flaws, such as false alarms, and making users better attuned to managing their systems. The guidelines expounded on the website also demonstrate a concerted push for cohesiveness and standardization in the interest of quality and functionality.

Interestingly enough, I began learning about the IQ Certification Program mere minutes after reading an opinion piece, published on MSN Money, titled “14 reasons monitored home security isn’t worth it.” The article, while somewhat disconcerting, is nevertheless worth a read, if only because it offers a window into certain non-industry attitudes about home security.

Yes, the opinion piece is critical of monitored systems, often unduly so. The tone is one of exasperation and hyperbole. But few things can better counteract the negative perceptions detailed in this piece than a rigorous, quality-focused program like IQ Certification, an organization aimed at rectifying problems rather than dwelling on them. 

Topic:
by: Leif Kothe - Wednesday, August 14, 2013

More than a year after opening its fifth central station in Dallas, COPS Monitoring continues to enhance its presence in the region. The Williamstown, N.J.-based wholesale monitoring is expanding support of the 8,000-square-foot facility by adding two new account executives, Julie Jordan and T.J. Cornwall. Jordan will manage East Texas and Louisiana, while Cornwall will cover West Texas, Oklahoma, Kansas and Nebraska.

While the account regions are obviously large, covering large swathes of urban and rural areas, the most important dealer markets are likely to be in the Dallas-Fort Worth metro area, along with some of the other major urban areas of Texas, including Houston, Austin and San Antonio.

David Smith, director of marketing and communication for COPS, said the new additions represent part of the company’s broader “hometown” strategy of providing a personable level of professional service.

“While we can’t be local to every alarm dealer, we do try to select strategic geographic regions to better serve our dealers and to strengthen the reliability of our network of central stations,” Smith said. “By operating regional central stations, we also have the ability to become more involved in local associations and with local dealers so we can better understand how we can help them overcome regional challenges and capitalize on opportunities.”

Because of the sheer sprawl of the Dallas-Fort Worth area (it’s the fourth most populous urban area in the U.S.), Cornwall will manage the Fort Worth dealers, while Jordan will work with Dallas-based accounts. 

Topic:
by: Leif Kothe - Friday, August 9, 2013

A topic surfaced today on the Security Industry Group’s LinkedIn forum that piqued my interest at first on a particular level, but then on a broader, more general one.

The topic was initiated by a link to an instructional sequence relating how some ne’er-do-well can erect homemade spray paint contraptions to blot out hard-to-reach surveillance cameras, rendering them ineffective. The device appears laughably crude, but that’s not to say it couldn’t achieve its ends. Assembling it requires a hodgepodge of junk, including but not limited to a tree pruner, a bicycle brake bar and a wine bottle opener.

The link was clearly offered as a launching pad for discussion about a potential industry-related problem. It proved instead to be the source of some acrimony. The respondent who posted the link was charged by critics with being irresponsible for disseminating the information and, by extension, aiding the hooligans who might be inclined to undertake in the destruction of surveillance property.

While I might not agree with the criticism, I can see the rationale. The harm in taking part in the transfer of this kind information, so the reasoning goes, ultimately outweighs the good that might result from an open discussion about it. But here’s the thing about the Internet: The information’s already out there. It’s already totally accessible to whomever cares to find it. Another respondent, defending the original poster, correctly pointed this out.

The web is an ambiguous medium. It has the capacity to facilitate the transfer of information both good and bad. But there’s also some danger in merely dismissing a problem on the grounds that doing the opposite—confronting it head-on—could somehow help siphon the information to the wrong people. Speaking only in whispers about a problem could prove even more counterproductive.

At its core the web is a medium that wants to be open, not closed. It wants to include, share, inform, engage, improve, discuss, inquire. From a professional standpoint, industry-based forums like the many on LinkedIn can be a valuable stage for these kinds of discussions. If someone in the industry identifies a problem or vulnerability, what simpler or faster way to get a broad industry perspective on that topic than by crowdsourcing other professionals online? 

by: Leif Kothe - Monday, August 5, 2013

As promised in my last blog, I’m going to touch on another service discussed in Ken Kirschenbaum’s new technology seminar, held last Friday, that could offer some significant benefits to monitoring companies.

The company, called Keep Your IP, is an IP forwarding service that allows dealers to retain their IP addresses, giving companies the ability to move from one central station to another without sacrificing the value they’ve built within their organization. Davin Roos, president of Keep Your IP, discussed several benefits of maintaining IP continuity. The crucial word? Control.

If, for instance, a dealer wants to partition some accounts, or even sell the entire organization, the fact of selling to a company that uses a different central station can devalue the sale, Roos explained. Having your own IP address (and, by extension, your own server) can help companies avoid incurring costs that result from the man hours required to make necessary changes. Roos added that the company is working with some of the major central stations to bundle packages that feature the service to dealers.

Some additional benefits for dealers include having the luxury to move central stations if a current one is under-performing, greater RMR consistency (especially during times of economic crisis), and the freedom to make changes after a central station switches their Internet service provider. 

by: Leif Kothe - Thursday, August 1, 2013

Earlier today I listened in on a technology webinar, hosted by Ken Kirschenbaum, an industry attorney, that featured several voices both in the industry and in intersecting fields. Many of the speakers are at the forefront of technological innovation as it pertains to the central station space, so naturally the discussion dealt primarily with how to stay competitive by leveraging new technology that can improve retention and carve out new sources of RMR.

A recurring theme of the talk, unsurprisingly, was the emergence of the cableco and telecom giants, and what the competitive implications are with respect to their entry.

In 10-minute intervals, panelists presented commentary on a range of products and services. Some were pretty compelling, not only from a novelty standpoint, but also because many of the products seem like they could have some allure for monitoring companies and their distributors.

One of the more non-traditional services was presented by John Hoffe, president and CEO of Linked24, a product suite with several applications for mobile devices. Designed for dealers, the service features a GPS locator which, depending on the mobile device, can report an updated location of a loved one every three minutes. But that may actually be the company’s least buzzworthy product.

Another offering from Linked24 is its “Safe Text” service, which monitors incoming and outgoing messages for anything untoward, such as “inappropriate language and acronyms,” according to the website. If it detects any one of more than 750 pre-selected words, the text is uploaded to a customer portal for review. It’s a helicopter parent’s dream, and, brave new world though it is, it’s tough to imagine this product won’t find a home somewhere. But we’ll have to wait and see if that home will be among the dealer networks of wholesale monitoring companies.  

That’s not all. There’s also an “Emergency Shake” product that allows a customer in dire straits to open a Linked24 application then shake or drop their phone, whereupon a camera is engaged to shoot a 10-second video clip. The administrator of the account is then automatically notified.

Some of these offerings may come across as a bit intense from a personal privacy position, but there’s no question some have the potential to thwart an unforeseen problem, particularly the phone shake feature. And, with the mobile surge in full swing, it’s not unrealistic to imagine dealers giving strong consideration to products of this ilk to help boost their RMR.

It dawned on me just now that I’ve alluded to one speaker thus far, despite the fact there were several more who offered insight and product commentary that were more than worthy of mention. In my next blog or two, I’ll be sure to highlight the most resonant points offered by some of the other knowledgeable panelists. Stay tuned...

Topic:
by: Leif Kothe - Wednesday, July 31, 2013

A few weeks ago, in response to a Georgia appellate court decision upholding a verdict against Monitronics in a multi-million dollar case, Ken Kirschenbaum, an industry attorney, posed a simple question on his email newsletter to subscribers: "Why should an alarm contract be drafted so that judges find so much confusion?" 

It's a fair question. There was little consensus among the appellate court judges, and some of the judges who concurred with the original verdict cited different reasons for doing so. While the case is not yet settled (it may yet move to a higher court), the implication seems to be that the exculpatory and limitation of liability provisions in the contract were not established in a manner that could provide adequate protection.

This is an issue that stands to remain relevant for central station alarm monitoring companies everywhere. The case, too, is a big enough deal that Kirschenbaum himself updated some of his standard form contracts to make the protective provisions more enforceable, and account for some of the worst case scenarios which surfaced in the Veasley v. Monitronics case.

From Kirschenbaum’s newsletter:

“Why did I make the changes even though the Monitronics case is likely to be appealed and hopefully reversed? Because the same issues raised in Monitronics have been and will continue to be addressed in courts all over the country. Courts are looking for ways to impose duties on the alarm companies and avoid contract enforcement.”

Part of what makes the Monitronics case so legally murky, and even intimidating from a contractual standpoint, is that the end result, as Kirschenbaum points out, was personal injury. What’s more, the injury was caused by service rather than equipment negligence, the court determined.

Kirschenbaum’s piece is worth a read in its entirety because it discusses the sheer breadth of considerations that have to be made when designing a contract with clear and enforceable protections. You can subscribe to his newsletter here.

Pages