Originally published at: http://boingboing.net/2016/12/14/filmmakers-want-cameras-with-e.html
…
It strikes me that it may not be necessary to key in anything at all to get fully encrypted storage. If one can live without the ability to decrypt (view) on the device, then a key pair could be created on another device, say a laptop, and the public key loaded onto the camera via a variety of means. This public key could be used to encrypt all data written to storage which could then be decrypted later on another device using the private key.
How about uploading chunks of recorded data, like streaming but with allowances for interruption?
That still leaves the problem of securely wiping the data from the device after the camera confirms it’s been uploaded successfully. Plus, it’s vulnerable to signal jamming — if it doesn’t get uploaded, it doesn’t get erased.
I’ve wondered why this wasn’t an option in dash cams and otherwise.
I know I had security cams for a protected facility I use to work for – at first I was told what cameras to use, and then others were installed for me. But the first set that I actually had access to weren’t encrypted but signed. The output could be sent out and verified as unaltered – even with the fact that the storage would go from 240 frames per second down to one frame every few seconds when there was no movement (night time).
If you can sign it, cryptographically verifying it…why not encrypt it. It would seem to take similar amounts of power.
That said, even as a person who has little to hide, I really don’t want things like my dashcams along with audio (that I actually don’t record…but I could) – being taken and exposed to the world. I couldn’t imagine anything that actually was life and death.
I’d love to see CHDK used for this. Even just a simple setup where lovers want to take naked pictures of each other, don’t want anyone else to see them-could benefit from some judicious hacking.
The other useful ability I’d like from a related script, is hiding encrypted data inside the pixels of a photograph, that could then be posted online and only the intended recipient able to retrieve it. For this to all happen in-camera- without the photographer having to do a lot of fiddly post-processing- would be highly desirable.
For cell phones/etc the guardian project and witness.org have CameraV
I recall a project out of the University of Wisconsin that was working on a similar concept.
Edit: @anon47741163, guardian’s pixelknot will encode data into images.
Coming up next:
Encrypted storage on cameras found to be too weak
Zero day vulnerability used to exploit encrypted storage on cameras
Court orders backdoor to be installed on cameras with encrypted storage
Get your camera with encrypted storage on the BoingBoing Store today at 60% off
I get the desire for encryption here.
But I don’t get how it necessarily has much broader utility as 99% of the time those seizing the media simply want to destroy it, not look at it.
(Or am I missing something here? Do I need more coffee?)
It’s impossible to predict ahead of time when you are going to be a witness to some kind of police mischief. Or maybe you get a chance to record a meeting while bussing tables. Or… maybe your tabletop role playing game cuts a little too close to the bone for the FBI. If the software is already loaded and running on your camera to begin with, then no matter what the stakes become, you’re protected. The more encrypted data is sent through the system, the safer it is to send more.
Sure, they can still destroy or vanish an encrypted SD card, but it’s a hell of a lot safer for the owner of that card, if they can’t read it first. “That’s private images of myself and my lover” is a reasonable catch-all alibi for any time you don’t want the snoops spying. The more people who are willing to use it, the more effective it gets.
There are some dashcams that have passwords. My old VisionDrive needed a PW to use the viewer. Maybe it had a somewhat proprietary encoding scheme? But the problem was that there was a config file that stored the PW in the clear. Don’t know if the files actually were encrypted though…
ISTR that some others had a one touch erase feature. But I’m sure it didn’t securely erase things.
Another useful feature for either a dashcam or regular video camera would be a Truecrypt-like set of dummy videos, either stored in the clear and/or with a different password.
But yeah, if you don’t worry about decryption on the camera, then you could just store the public key on the camera/card and not have to worry about entering the private key. The great part is that the camera operator doesn’t even need to know anything- they get an SD card with the public key from their employer, shoot pictures and video, and send the files back, never having access to any of the unencrypted video.
One problem would be to properly tag the files so the user knows what to send back. They probably don’t want the files with timestamps in the clear, so they’ll need their own mnemonic to organize the files. Either that or they’d have to either send the whole SD card back or upload even the unimportant footage.
I assume that for journalists, encryption is also to protect the people who were being filmed (I believe that’s mentioned in the article). If they are identified by an adversary, they can then be brought in for interrogation and retaliation.
This is not for when the user is caught in the act of filming, but afterwards when they get back to their room or are attempting to leave (the country), and- as mentioned in the article- haven’t gotten it into their workflow to separately encrypt then delete their footage.
So, it does seem that in this case, there could be software for their laptop that, when the video camera (or its memory card) is plugged into the computer, automatically encrypts and copies the flash, then deletes it. It doesn’t need to delete the footage on the card if it is already encrypted, but the existence of encrypted files on the camera would be a red flag to anyone inspecting it.
Again, possibly leave innocuous unencrypted footage on the card so it’s not so suspicious.
Does Truecrypt do this? I’ve been meaning to search for something like this where depending on password, you get one set or another…even if it means getting a huge flashdrive and using only half of it so that there is plausable deniability. I really need to do some research because this has been something of interest for a long time.
I should have mentioned that TrueCrypt has been discontinued, though there are at least a couple of forks of it.
The way its plausible deniability hidden volumes are described, it looks like different passwords gets you different files/folders.
I haven’t really kept up to date with this, so yes, you need to do the research on these things yourself before jumping in.
Seems like one danger is that with encryption, cops don’t have to destroy any files on line to prevent their release, they only need to prevent the person who knows the key from passing it on. Could have some negative un-intended consequences.
Both very valid points, thank you for taking the time to write that all out!
I know a lot of higher end cameras can export to a recorder in real time (video capture) - perhaps a laptop with SGI/HDMI inputs with on-disc encryption? This would leave the unencrypted data on the camera, requiring a manual wipe. But perhaps an add-on is a more direct solution
I’m confused about something - if data stored on a flash drive is erased, how can it not be securely erased? I thought only HDDs left recoverable data after a delete.
Good point. The security triangle is confidently & integrity & availability. Too much of any one can break the other two.
All data can be securely erased, but it takes time so most systems will, by default, simply remove the file pointers. This means the space becomes available for re-allocation to some other set of files, but until it actually is re-allocated (and overwritten) the original content is still sitting out there can can be recovered easily.