Cybersecurity and Infrastructure Security Agency

The “Ghost Data” Phenomenon: How Your Doorbell Camera Might Be Holding Secrets

The disappearance of Nancy Guthrie, mother of “Today” co-host Savannah Guthrie, has brought a surprising technological detail to light: seemingly deleted video footage from a Google Nest doorbell camera was recovered by investigators. This raises critical questions about data retention, privacy and the potential for law enforcement to access information users believe is no longer stored. The recovery, described as “like finding a needle in a haystack” by retired FBI special agent Jason Pack, was achieved by extracting “residual data located in backend systems.”

Beyond the Delete Button: The Reality of Data Storage

Many users assume that when they delete video from a doorbell camera, it’s gone. However, cybersecurity experts explain that these devices employ a “lazy deletion” mechanism. While the video is marked for deletion, the actual files may linger for days, even weeks, before being overwritten. Alex Stamos, a cybersecurity expert, explained to CBS News that data for non-subscribers is “marked for deletion, but depending on the exact implementation details, the actual files might not be deleted for days.” This means even with a free Google Nest plan, which typically deletes video within 3-6 hours, data can persist.

Tamper Detection and Extended Retention

The situation is further complicated by “tamper mode,” a security feature designed to alert users if a device is disconnected or damaged. Patrick Jackson, a former NSA data researcher, suggests that tamper detection could trigger extended data retention. “From Google’s server perspective, it knows if that device goes offline,” Jackson said. “And so if the last event was tamper detected, and it’s a motion event, it could tag it in a way where Google may not delete that and may know that this could have some value to some law enforcement.” There’s currently nothing in Google’s terms of service preventing this type of extended retention.

A New Capability for Law Enforcement?

The recovery of footage in the Guthrie case has prompted speculation that Google may have previously undisclosed capabilities. Jackson believes this incident “is Google tipping their hand for potentially a capability that maybe they’ve never disclosed.” FBI Director Kash Patel confirmed that authorities are actively leveraging private sector companies to “expedite results and then go into their systems and actually excavate material that people would think would normally be deleted.” This suggests a growing trend of collaboration between law enforcement and tech companies to access data previously considered inaccessible.

Implications for Privacy and Future Investigations

This case has significant implications for consumer privacy. If doorbell camera footage can be recovered even after deletion, users may have less control over their data than they believe. Law enforcement agencies are likely to take note, potentially leading to an increase in requests for data from these devices. Jackson predicts that law enforcement will view this as “a new capability that we could add to our pipeline for when we’re trying to source video footage.” Google’s transparency report outlines its process for responding to legal requests for user information, emphasizing a careful review and adherence to legal and policy guidelines.

Pro Tip:

Review the privacy settings of your smart home devices regularly. Understand what data is being collected, how long it’s stored, and how to request its deletion. Consider the implications of tamper detection features and whether they might affect data retention.

FAQ

Q: Does deleting video from my doorbell camera guarantee it’s gone?
A: Not necessarily. Data may persist for days or weeks due to “lazy deletion” mechanisms.

Q: Can law enforcement access my doorbell camera footage without my knowledge?
A: Law enforcement can request data from companies like Google with a valid legal order. The company will typically notify users unless prohibited by law.

Q: What is “tamper mode” and how does it affect data retention?
A: Tamper mode alerts the user if the device is disconnected or damaged. This may trigger extended data retention by the manufacturer.

Q: What can I do to protect my privacy?
A: Review your device’s privacy settings, understand data retention policies, and consider using strong passwords and two-factor authentication.

Seek to learn more about smart home security and privacy? Explore additional resources on Nest’s transparency report and cybersecurity best practices.

Mexico Leads the Charge: Cybersecurity Trends Reshaping Latin America

Mexico is rapidly becoming a focal point for cybersecurity innovation and policy in Latin America. Recent developments – from a nationwide Zero Trust mandate to collaborative efforts with Estonia – signal a proactive approach to protecting digital infrastructure and citizens’ data. These moves, coupled with alarming figures on cryptocurrency theft, paint a picture of a region grappling with escalating threats and embracing advanced security measures.

The Rise of Zero Trust in Government

Mexico’s Digital Transformation and Telecommunications Agency (ATDT) recently formalized a General Cybersecurity Policy mandating the adoption of a Zero Trust architecture across all federal entities. This isn’t simply a technological upgrade; it’s a fundamental shift in security philosophy. Zero Trust operates on the principle of “never trust, always verify,” meaning every user and device, both inside and outside the network perimeter, must be authenticated and authorized before gaining access to resources.

The impetus behind this decision is stark. Mexico faced approximately 324 billion attempted cyberattacks in 2024, highlighting the urgent need for robust defenses. Zero Trust isn’t a silver bullet, but it significantly reduces the attack surface and limits the blast radius of potential breaches. Expect to see other Latin American nations follow suit, adapting the Zero Trust model to their specific needs and infrastructure.

Pro Tip: Implementing Zero Trust isn’t just about technology. It requires a cultural shift within organizations, emphasizing continuous monitoring, strong identity management, and least privilege access.

Mexico & Estonia: A Digital Partnership

The newly formed Mexico–Estonia Friendship Group represents a strategic alliance focused on bolstering cybersecurity capabilities. Estonia, a global leader in digital governance and cybersecurity, offers a wealth of experience that Mexico can leverage. Areas of collaboration include digital government implementation, cybersecurity training, technology development, and e-commerce security.

Estonia’s success stems from its proactive approach to digital security following a series of cyberattacks in 2007. They rebuilt their digital infrastructure with security baked in from the ground up. This partnership could see Mexico benefit from Estonia’s expertise in areas like blockchain technology for secure data storage and digital identity solutions. This collaboration isn’t isolated; expect to see more partnerships between nations seeking to enhance their cybersecurity posture through knowledge sharing.

The Cryptocurrency Crime Wave: A Global Concern

A recent Chainalysis report revealed a staggering US$3.4 billion lost to cryptocurrency theft in 2025. This figure underscores the growing sophistication of cybercriminals targeting the digital asset space. While the report doesn’t break down losses by region, Latin America is increasingly becoming a target due to the rapid adoption of cryptocurrencies and, often, weaker regulatory frameworks.

Common cryptocurrency theft methods include phishing scams, malware attacks, and exploits of vulnerabilities in decentralized finance (DeFi) platforms. The rise of ransomware attacks targeting cryptocurrency exchanges and individual wallets is also a major concern. Increased regulation, enhanced security protocols for exchanges, and user education are crucial to mitigating these risks.

Did you know? The majority of cryptocurrency theft originates from just a handful of known threat actors, often linked to North Korea and Russia, according to the U.S. Department of Justice.

MFA: The New Baseline for Security

Thales’ decision to position multi-factor authentication (MFA) as a core security standard aligns with the Cybersecurity and Infrastructure Security Agency’s (CISA) Secure-by-Design pledge. This move acknowledges that passwords alone are no longer sufficient to protect against modern cyber threats. MFA adds an extra layer of security by requiring users to verify their identity through a second factor, such as a one-time code sent to their phone or a biometric scan.

The adoption of MFA is accelerating across industries, driven by regulatory requirements and the increasing frequency of data breaches. However, implementation challenges remain, including user resistance and the complexity of managing MFA solutions. Expect to see advancements in MFA technologies, such as passwordless authentication and risk-based authentication, to address these challenges.

Looking Ahead: Future Trends in Latin American Cybersecurity

Several key trends are poised to shape the future of cybersecurity in Latin America:

Increased Investment in AI-Powered Security: Artificial intelligence (AI) and machine learning (ML) are becoming essential tools for threat detection, incident response, and vulnerability management.
Cloud Security Dominance: As more organizations migrate to the cloud, securing cloud environments will be a top priority.
Focus on Supply Chain Security: Cyberattacks targeting supply chains are on the rise, prompting organizations to assess and mitigate risks throughout their vendor ecosystems.
Cybersecurity Skills Gap: The demand for skilled cybersecurity professionals continues to outpace supply, creating a critical skills gap that needs to be addressed through education and training programs.
Greater Regional Collaboration: Increased cooperation between Latin American nations on cybersecurity issues will be crucial to combating cross-border cyber threats.

FAQ

What is Zero Trust?: A security framework based on the principle of “never trust, always verify,” requiring all users and devices to be authenticated before accessing resources.
Why is MFA important?: MFA adds an extra layer of security beyond passwords, making it significantly harder for attackers to gain unauthorized access.
What is the biggest cybersecurity threat facing Latin America?: The increasing sophistication of cybercriminals targeting cryptocurrency, coupled with a growing number of attempted attacks on government and private sector infrastructure.
How can businesses improve their cybersecurity posture?: Implement Zero Trust principles, adopt MFA, invest in AI-powered security solutions, and provide cybersecurity training to employees.

Explore more insights on cybersecurity trends in Mexico and stay informed about the latest developments in digital security. Share your thoughts on these emerging trends in the comments below!