Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Sony Encryption Security Hardware

150 Filmmakers and Photojournalists Call On Nikon, Sony, and Canon To Build in Encryption (zdnet.com) 229

Some of the world's leading photojournalists and filmmakers are calling on the manufacturers of the cameras they use to add encryption to their products, as the number of threats they face from having their devices seized is "literally too high to count." From a ZDNet report: Over 150 documentary makers and reporters signed an open letter by the Freedom of the Press Foundation, asking for camera makers -- including Nikon, Sony, and Canon -- to ensure that their work is protected while often "attempting to uncover wrongdoing in the interests of justice." "Documentary filmmakers and photojournalists work in some of the most dangerous parts of the world, often risking their lives to get footage of newsworthy events to the public," said Trevor Timm, the foundation's executive director. But, he said, "they face a variety of threats from border security guards, local police, intelligence agents, terrorists, and criminals when attempting to safely return their footage so that it can be edited and published." The filmmakers say that camera security has lagged behind the rest of the industry, leaving their work "dangerously vulnerable."
This discussion has been archived. No new comments can be posted.

150 Filmmakers and Photojournalists Call On Nikon, Sony, and Canon To Build in Encryption

Comments Filter:
  • Custom firmware (Score:2, Insightful)

    by Dan East ( 318230 )

    Customer firmware is available for many cameras. Seems to me this can be addressed (or maybe it has already?) by 3rd parties. It might not be universal to every brand and model camera, but it should be possible to achieve this on specific models, which the photographers would then select from for use in these kinds of situations.

    • Re:Custom firmware (Score:4, Insightful)

      by Verdatum ( 1257828 ) on Wednesday December 14, 2016 @11:17AM (#53483585)
      That could certainly be a stopgap solution. But pros want something that "just works", so it does make sense to urge the big manufacturers to officially support such a feature right out of the box.
    • Re:Custom firmware (Score:4, Informative)

      by darkain ( 749283 ) on Wednesday December 14, 2016 @12:04PM (#53484003) Homepage

      Cameras use ASIC chips. The "firmware" in question is simply there to tell the ASIC which functions to enable/disable from what is already available. Encryption would break the existing data chain of sensor > ASIC > storage. It would then need to go sensor > ASIC > CPU > storage. Think of the amount of CPU power required to handle data encryption in the first place, these CPUs simply could not keep up. So to add the functionality of encryption, it would have to be implemented in a new generation of their ASIC image processors.

      • Re:Custom firmware (Score:5, Insightful)

        by dargaud ( 518470 ) <<ten.duagradg> <ta> <2todhsals>> on Wednesday December 14, 2016 @12:14PM (#53484081) Homepage
        The encryption does not necessarily need to happen on the fly. You can save the images and videos as usual, and then pipe it for the camera to process slowly, even when it's been turned off. Making it use little power is more important than speed IMHO. Although I see no reason why encryption cannot be added to the ASIC.
        • I'm kind of surprised this isn't really a thing already. Even given all the crazy reasons listed in the summary, there are probably a lot of people that would prefer that it not be super easy to have someone root through their camera. I know I had a girl accidentally leave her Nikon camera at my house when she left the next morning, and you bet I went though that thing (mostly boring). Even thought about leaving her a few surprises on it (didn't) before I took it back!

          Remember we're not talking about triple

        • The encryption does not necessarily need to happen on the fly. You can save the images and videos as usual, and then pipe it for the camera to process slowly, even when it's been turned off. Making it use little power is more important than speed IMHO. Although I see no reason why encryption cannot be added to the ASIC.

          For that matter, encryption doesn't necessarily even need to be in the camera. There are already SD cards out there with wifi builtin. It should be almost trivial to setup the receiving computer (or smartphone/tablet for mobile use) to encrypt the received images upon receipt and optionally delete the original files. The use cases they are describing don't require instant encryption ... just as long as the files are secured before they reach the next security checkpoint.

          • Sure, but you try uploading your images to your computer when there are literally bombs raining around you.

      • by blueg3 ( 192743 )

        Cameras already use processors that have nearly the feature set of a general-purpose CPU. (Canon's DIGIC is x86, and DIGIC II is ARM.) They run actual firmware. In fact, they often run an embedded operating system (e.g., VxWorks). That firmware can implement arbitrary features. Take as an example. You can see in the source code that it is not, in fact, simply enabling and disabling existing functions. [bitbucket.org]

        CPUs are slow to perform encryption because it's a lot of bit-level modification. CPUs don't have the instr

    • Just adopt legislation that requires anyone in the possession of an encrypted camera to provide the encryption key to any police officer who asks, on pain of ... say ... 2 years of jail time for each offense.

      Like in the UK.

      That should teach tech-obsessed journos who is boss.

      Any questions ?

    • Unless the hardware is vastly overqualified, just fixing it in software probably isn't an option. Doing encryption in software isn't too painful on a real computer; but cameras tend to have fairly feeble, power constrained, processors with any special-purpose hardware dedicated either to image processing or shovelling data from the sensor to the SD card as fast as possible. I'm sure you could fit an encryption implementation within the limits of a reasonably modern camera's hardware; but actually using it w
  • Blanket policy at the border... confiscate all cameras.

    Duh.

    • by TWX ( 665546 )
      Don't even have to do that.

      You just inspect their cameras and media on the way out and if either you find content that you cannot access, or you find a discrepancy between the size of the content reported plus the free space when compared against the size of the media, you take steps anywhere from seizing the offending device to tying them to a chair, putting a football helmet on their head, and then beating their helmeted head with a baseball bat until they tell you how to access the content.

      Unfortun
      • Unfortunately I cannot think of any good way to smuggle video or picture content that a photojournalist or video journalist will be able to do in the field in adverse conditions like this that couldn't somehow be detected if the investigator is committed enough to being thorough. In some ways the presence of strong encryption might actually make it more dangerous as it means to look closely at this person because they've got that strong encryption...

        Put it on a microsd card and shove it up your arse.

        • Unfortunately I cannot think of any good way to smuggle video or picture content that a photojournalist or video journalist will be able to do in the field in adverse conditions like this that couldn't somehow be detected if the investigator is committed enough to being thorough. In some ways the presence of strong encryption might actually make it more dangerous as it means to look closely at this person because they've got that strong encryption...

          Put it on a microsd card and shove it up your arse.

          New blanket policy; anyone with a camera is cavity-searched.

      • That might actually be why pros would like the manufacturers to implement encryption, especially as a default. You could mod your own camera to encrypt the data, but that makes you suspicious.

        But if *everyone's* camera contains encrypted data, then it's no longer suspicious. And policies that work fine when directed at the few become far more problematic when directed at the many - you can only push the populace so far before getting troublesome backlash, so the administration has to choose their battles

      • sure, that's so much easier - and more practical for stupid border police - than confiscating every journalist's media. or you could just move them through a really strong magnetic field...
      • The encryption may not be so much for protecting the journalist, but rather protecting the journalist's sources.

  • If you're a photojournalist and your memory card is encrypted, you're just never going to get it back intact. And if you really need the data to go straight to encrypted storage, well, there's a way to do that. Although I'm not sure if those Wi-Fi memory cards (you know what I mean, I forget what the brand is) use meaningful encryption anyway...

    Are journalists actually not just having storage devices seized in those situations?

    • by AmiMoJo ( 196126 ) on Wednesday December 14, 2016 @11:14AM (#53483537) Homepage Journal

      Imagine you interview someone and they say something that might incriminate themselves. On the way back to the office the corrupt police take your camera. If the video is encrypted at least they don't have video of your source incriminating themselves.

      • Wouldn't the corrupt police ask you (politely of course) for your encryption key? Or is the thinking here that they wouldn't take that step? If people are so concerned about that, they could transfer the data to an encrypted storage drive and not leave it in the camera. Seems silly to build it into the camera itself.
        • by Anonymous Coward on Wednesday December 14, 2016 @11:39AM (#53483775)

          I think anyone with half a brain sees the benefit of having something encrypted vs. no encryption. With encryption your opponents may know you have something they don't want to see but they don't know what that something is. If you don't think it is worth that much you can give it up to them - no harm no foul. If it is something you might be murdered for having then I think you would want that hidden, even if it means eventually losing it or being subject to enhanced interrogation.

          It also reduces the risk of "smuggling". Its exactly why Clinton ran her own e-mail server.

          1) There is a chance you just get away with it
          2) If you do get "caught" you have options; without encryption, if you get caught, for instance, exposing massive corruption, the outcome is entirely up to the corrupt.
          3) The options are a) reveal what you have if it is not that bad b) deny you have anything but offer to delete or destroy the data or the camera c) you try to keep the data or they don't accept a or b and then you are in the same situation as no encryption but they still don't have the data.

          Encryption is a tactical WIN WIN WIN.

          • by eth1 ( 94901 )

            Why store it on the camera at all. In a situation where you or a source is risking their life/freedom, it seems like some kind of satellite-based relay that sends stuff off ASAP would be worth investigating. You could even make it look to the camera like a flash card, so it works with any camera.

            Probably doesn't matter much, though. Any jurisdiction where that would be an issue would just make possession of such a device (or encryption-capable recording devices) carry similar penalties.

        • by AmiMoJo ( 196126 )

          They may well ask for your key, but actually arresting and especially beating the key out of a journalist carries much more risk than simply taking the camera. Especially with foreign journalists, where the journalists's country will inevitably become involved, there will be media coverage etc.

      • Imagine you interview someone and they say something that might incriminate themselves. On the way back to the office the corrupt police take your camera. If the video is encrypted at least they don't have video of your source incriminating themselves.

        Imagine that this happens. Then you return to a free country, and publish the interview.

        The police back in Bumfuckistan see the interview on TV/internet/smoke signals/whatever. Guess what they're going to do now?

        If you guessed they'd say "Damn, but he pull

      • by PPH ( 736903 )

        Imagine you interview someone and they say something that might incriminate themselves.

        This is why the smart people disguise themselves before going on camera. You can't trust the reporter. They might be idiots, in bed with local LE, or just want to leave your country with all of their appendages intact.

        From this point on, it's not so much a matter of hiding the raw footage from the police as it is getting it to a neutral jurisdiction for later publication. If they (LE) want to see it, just tell them to watch 60 Minutes next week.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      And if you really need the data to go straight to encrypted storage, well, there's a way to do that.

      Are you thinking of Eye-Fi? It doesn't work that way(*). It's a regular 32GB SD card with the wireless-copy-off agent read-only spying on the filesystem, so the photos are still written unencrypted to the card.

      Once you write something unencrypted to blackbox flash like an sdcard, you can never really delete it because blocks are just "marked free". A very simple form of encryption would be:
      - put a USB port on the camera that acts like an SD card reader
      - put a TPM in the camera that is "ef

    • If you're a photojournalist and your memory card is encrypted, you're just never going to get it back intact. And if you really need the data to go straight to encrypted storage, well, there's a way to do that. Although I'm not sure if those Wi-Fi memory cards (you know what I mean, I forget what the brand is) use meaningful encryption anyway...

      You missed the point entirely. The point isn't that the card will be seized. It could be. The point is that the when they are seized, anyone can read the files on them. Now if you are documenting something that the state doesn't want to be seen, they have evidence that you are a threat. Sometimes you might be documenting something you don't think is sensitive.

      Contrast that with the situation if there is encryption. The state can't read it. It could be photos and videos of flowers and wildlife. It could be o

      • The moment they see encryption or something "not right" with that camera, it's not going to go well for the camera's presumed owner.

        • And if it's a standard feature? The photographer could feign complete ignorance of how it works because they don't care about the details; they know how to shoot pictures.
    • Re: (Score:3, Insightful)

      by Excelcia ( 906188 )

      Photo journalists do already have their devices seized. All the time. And they are often stripped of their memory card before before having it given back to them (if it is given back). The problem encryption is meant to solve is not to prevent the device from being seized, it's to prevent the seizing agency from having access to what you've been photographing. Photo journalists going behind enemy lines, taking pictures of rebels groups or doing interviews with people who want their faces blurred later.

      • Congratulations, the "journalist" will be seized along with their camera and storage.

        You just made it that much worse for the individuals out there.

  • Re: (Score:2, Insightful)

    Comment removed based on user account deletion
    • Given that many DSLRs nowadays feature Wi-Fi tethering, it should be possible to have a mobile phone download the images off the camera immediately after exposure and delete them from there after uploading them to ${CLOUD}. There's still the issue that such tethering usually is done unencrypted, though, so they'd need to add TLS and preferably a way for the user to install/change/generate the keys/certs and use client cert authentication.

      • Nope. Won't work. First, it won't work for video (except perhaps some low quality variants). Secondly, modern DLSRs take 10-40 megabyte files every tenth of a second. You need an awfully robust wireless network to support this. Something not typically found in a trench in the middle of a war zone.

        • by hjf ( 703092 )

          modern DSLRs also can write smaller sized JPGs along with the RAW files that could be sent over a "background worker" sync method. Something like dropbox

    • It's not encryption. They need a sim card and a good antenna that can let them either stream data out live or immediately push data to DropBox or Google Drive.

      In the meantime they can use a USB MicroSD adapter and an OTG adapter on an Android phone to get their files into the Cloud. It's a bit cumbersome, it won't work in all locations / jurisdictions, and it requires sending a bunch of files at once rather than sending each picture as it's taken. But it's better than nothing.

      On a different note, I wouldn't trust the camera manufacturers to not backdoor their encryption and provide access any government that asks. A better solution would be a memory card that con

    • It's not encryption. They need a sim card and a good antenna that can let them either stream data out live or immediately push data to DropBox or Google Drive.

      That's not always a practical solution. There are places in industrialized countries where can't get a good cell signal much less in remote regions.

  • Custom firmware (Score:5, Insightful)

    by Anonymous Coward on Wednesday December 14, 2016 @11:13AM (#53483523)

    *sigh*

    https://xkcd.com/538/

    Much better to have a camera that autoloads the pictures onto a website far, far away, so that even if they are forcefully erased by the authorities, there is a copy somewhere anyway.

    Or a camera with a kill switch that would act like the digital equivalent of "opening the film tray" and blanking it in a second... Could fry the microSD card, or wipe it clean.

  • I really like my Nikon. It's only about two years old, and I made sure to get one with all the bells and whistles, so it still works delightfully for my needs. But if one of the major SLR manufacturers built in decent encryption, I do believe this would make me go out and buy a new one. And if it isn't Nikon, I'd still make the switch and get all new lenses for it.
  • I have a high-end camera, which you can program to put your pictures in different folders (you can increment the folder number with a very simple 3 button press operation), which is extremely handy to classify photos.

    Another feature restricts playback to a single folder, rather than all the folders in chronological order.

    It became very handy when I was abusively threatened with arrest unless I deleted the pictures I took of an abusive train ticket inspector...

    Afterwards, I climbed the few stories to the transit authority headquarters to lodge a complaint against that inspector, who eventually got fired...

    • If your main source of threat is an angry train ticket inspector then you're not the type of person who needs these features. The people who need these features are those at risk of being forcefully separated from their camera.

  • by Ronin Developer ( 67677 ) on Wednesday December 14, 2016 @11:31AM (#53483699)

    Why not simply employ a Sat-phone-like device to upload the data on the fly (assuming they can get a signal)? The data can be transmitted before the SD is compromised. Then, it won't matter if the SD is compromised.

    In a similar fashion, have an SD card reader for a cellphone for instances where a cell signal can be received (i.e. domestic use).

    Alternatively, simply build cell / encryption capability into the camera itself.

    -- RD

    • Cameras lack a secure erase.
      Cameras lack a decent secure upload if they have wifi at all. Secure wifi drivers are probably a problem.
      Cameras lack encrypted storage (which should be done in a way that does not indicate the user trashed the key.)
      Cameras give off forensic information identifying the brand and possibly the model camera (I'm not talking about metadata but analysis of the CCD noise at full resolution, which I read exists even after jpeg compression; plus dead pixels could be a fingerprint.)
      Camera

    • Well for one they are ridiculously expensive unless you already have one. Even if you do, the "plans" are exorbitantly expensive. They make the worst cell phone plans look like [insert some cheap analog here]. Particularly when dealing with video and large image files it just isn't feasible.

  • by Orgasmatron ( 8103 ) on Wednesday December 14, 2016 @11:37AM (#53483753)

    For all of you quoting XKCD or talking about rubber hose cryptography, I have three words: Public Key Cryptography

    There is no reason why a keypair can't be generated on a safe computer in a safe country and only the public key gets loaded into the camera, while the private key remains safe. The border people could still eat the memory card, and they could add new encrypted photos/videos to it using the public key, but they couldn't view old stuff.

    You could even set the system up so that the encryption key gets encrypted twice, once with the NV public key, and once with a volatile key that gets erased after a few minutes, or at the press of a button. That way the photographer would have time to make sure they got the shot they wanted.

    • by OzPeter ( 195038 )

      and they could add new encrypted photos/videos to it using the public key, but they couldn't view old stuff.

      [Setting: A border crossing station in a nondescript, corrupt nation. Definitely not the US. No sir, not the USA]
      Border Guard: Is this your camera?
      Photog: Yes it is.
      BG: I just have to take it to this back room to inspect it.
      Ph: ... OK
      [5 mins later]
      BoG: You are under arrest!
      Ph: What for?
      BG: For the possession of child pornography that we found on your camera.

    • The border people would detain you until you coughed up the key. Besides, there is no reason you can't encrypt today if you just copy the files over to a computer. You don't need buggy implementations on cameras.
    • Good idea in terms of key management, but by itself it doesn't entirely solve the rubber hose problem, it just makes sure they'll beat you until they're sure you really can't decrypt the files, leaving you without the photos and with extensive injuries.

      Combined with deniable encryption it's a pretty good solution though. The only trouble is keeping your adversary from finding the key which would blow your deniability out of the water. I had the idea to use symmetric-key encryption with a user-entered key he [slashdot.org]

  • While this request has DRM implications I really don't like (lense to screen encryption) and is no doubt an MPAA wet-dream, I unfortunately have to support this, as the clear and present danger to journalists, and the potential for regimes like the Trump Administration, Putin, et. al. to distort or destroy evidence of wrongdoing, demand something like this. At least with encryption journalists can keep their data safe, and if done properly, we can detect changes to the raw video/audio data. Both of which

  • Wifi upload is the best.  But failing that, steganography is second best.  Take lots of photo of parades and landscape.  There should be ample extra bits to save the photo/video that you wish to hide amongst the bland photos. 
    • by PPH ( 736903 )

      Wifi upload is the best.

      This.

      You can upload to a small Raspberry Pi (or similar) device concealed somewhere nearby. From there, you can implement whole disk encryption and/or forward it to The Cloud. If law enforcement stops you, you can offer to show them how many views their current activity is getting on YouTube.

    • by AHuxley ( 892839 )
      Re "Take lots of photo of parades and landscape. There should be ample extra bits to save the photo/video that you wish to hide amongst the bland photos. "
      Add an extra 5-10 % of data onto each larger RAW file size depending on the brands average RAW file size? Split the hidden files so the RAW files can hold part of another hidden RAW or a few hidden jpegs. Over the many 10's of gb on average consumer storage cards that could spread an extra percentage of of images in the parades and landscapes.
      Some hidd
  • ... why are we talking about professionals?

    LEO wants to ban encryption period [rietta.com]

  • by fishscene ( 3662081 ) on Wednesday December 14, 2016 @12:25PM (#53484169)
    If Nikon, Sony, and Canon (for example) handled it like the MPAA, we'd end up with: the encryption can only legally be unlocked on licensed products (in certain countries) and don't allow making copies of the files. Instead, you'll need to buy a license per-format to export it to the file you want, such as an iPhone or an HD TV. Ensure that the file can only be exported in the country the license was purchased in and may not be moved to another country. Make some kind of claim of "you're not really buying our camera's - you're buying a license to use them" - then sue for 10x the actual damages for any studio/reporter/etc that makes copies, backups, or anything else related to making a film that infringes on the license.
    • by tlhIngan ( 30335 )

      If Nikon, Sony, and Canon (for example) handled it like the MPAA, we'd end up with: the encryption can only legally be unlocked on licensed products (in certain countries) and don't allow making copies of the files. Instead, you'll need to buy a license per-format to export it to the file you want, such as an iPhone or an HD TV. Ensure that the file can only be exported in the country the license was purchased in and may not be moved to another country. Make some kind of claim of "you're not really buying o

  • I doubt there's a good way to encrypt and write RAW to an SD card in real-time and maintain the rapid capture rates everyone wants. You'd need a relatively large processor and cache, which would then become the new point of attack.
    • by blueg3 ( 192743 )

      Encryption implemented in hardware is fast. Note that there are plenty of embedded devices that do encryption and decryption at high bit rates (Blu-ray player, HDCP endpoint, encrypted hard disk, link-layer network encryption).

      A fast flash storage card for a camera has a write speed of about 100 MB/s. It's pretty easy to get hardware AES implementations that are around a gigabit/sec.

  • A rubber hose and a few other things will make short work of whatever is done.

    • by fnj ( 64210 )

      Suppose you encrypt it with the public key for which you DO NOT HAVE the corresponding private key? Hmmmm? Maybe the private key is known only to a third party with whom you have a secret canary agreement. Maybe this third party is in a safe jurisdiction. The rubber hose about which you boast will not be worth shit then.

  • Why camera makers? (Score:2, Insightful)

    by p51d007 ( 656414 )
    Do it on your own! You want to secure the photos on the memory card (which most camera makers DO NOT include), then it should be up to the end user, to secure those files, not the camera maker. What I fear, is they will bow down and do it, and even in RAW mode, it could somehow have an impact on the file, and could corrupt it and then where will you be?
  • Seems to me this would be better|easier solved via a custom SD-card, as opposed to the camera itself.

    I'm sure Sandisk, Samsung and co could come up with a Compact-Flash or SD-Card that was more akin to a SSD (with TPM-like chip).

    Sounds more like the technically-challenged thinking something is a good idea. Like how so many people are replacing all their old audio-gear to get something with bluetooth... when you could just add a $20 bluetooth dongle to your existing kit.
  • I can count pretty damn high, since I know basic math, my ability to count only stops when I get tired.
    So, "literally too high to count" (from the summary) is BS.

    • by Mal-2 ( 675116 )

      You're walking through a train station. The train pulls up and all the passengers pile out. If you could somehow stop time, you could easily count them all, but how can you handle it in real time? You can't even see all of them, let alone count that fast.

      It's not the quantity that is uncountable. It is concealment, and the rate at which events are happening, that makes them uncountable.

  • It only leaves the public key on the phone, and the private key on your computer (which presumably is in a safe environment), and encrypts the files one-way. You can't even review them on the phone itself. Needless to say, nobody understood what the app was for... so I pulled it.

  • Encryption takes time. When you're shooting photos or video you need something that works now. You need to capture the moment, not 5 seconds later,
  • Do you know how much time encryption would add to the photo process ?

    Right now we have to buy the blistering fast cards in order to utilize extended shooting with fast frame rates.

    Even THEN, the cameras will eventually fill their buffers because we can't write to the cards fast enough.

    Imagine how long it would take to write a dozen 30MP+ shots to the card if we encrypted them first.

    Besides, your Smartphone is likely protected by a password and they have no issues with beating it out of you, using a hack to

    • by subk ( 551165 )

      Imagine how long it would take to write a dozen 30MP+ shots to the card if we encrypted them first.

      If you're doing AES chiper in realtime on the ASIC, the performance-hit to the write operation is going to be quite minimal. AES Encrypted data is the same size as the plain input + 1 block (16 bytes).

  • Bad idea. Why? (Score:4, Informative)

    by mveloso ( 325617 ) on Wednesday December 14, 2016 @03:47PM (#53485985)

    I'm not sure these guys understand what'll happen if there's in-camera encryption. I can see at least two possible outcomes:

    1. The device is encrypted, so the authorities just take and destroy it
    2. The device is encrypted, so the authorities just take and destroy it, and kill the jouro when they refuse to unlock it.

    I'm not sure either of these are really want the person in question wants. I can think of other issues (and you can too), but encrypting the device is probably not the right answer.

    • by AHuxley ( 892839 )
      Steganography https://en.wikipedia.org/wiki/... [wikipedia.org] is what would work. The ability to display a lot of normal images in RAW and with jpegs that hide a few RAW images hidden over slightly larger file sizes. It would need a lot of normal images to provide the extra file size for a few real images.
      With cheap media and a lot of sets of HDR images https://en.wikipedia.org/wiki/... [wikipedia.org] , a number of real images could be hidden.
      Anyone looking at a few 100 images would see art and allowed sites. Within that would be

He who has but four and spends five has no need for a wallet.

Working...