Slashdot Mirror
Ritz Disposable Digital Camera Hacked
morgue-ann writes "The $10.99 Dakota reusable digital camera announced in July was usefully hacked on November 6. First attempts to extract picture data took 10 hours to read out 16MB, but new code for Linux and Mac and Windows lets you get pictures quickly over USB and view or print them without Ritz's help (and with fewer of your $$)."
That would truely be funny, using the DMCA to stop you from transfering pictures that you have taken and hence own the copyright to.
Example, rather than use, say, USB cabling, use some proprietory GPIO system that only Ritz controls
Too much effort and cost. This problem can be handled in software; much cheaper.
How? I haven't seen these cameras, so I don't know for sure, but for $11 I really doubt they have an LCD display, which means that the camera has no need to be able to read the images it has taken.
Since that's the case, Ritz could just add a little bit of code to their camera and encrypt each image as it's written to flash. Simplest case, just give each camera a DES key, stored in ROM or NVRAM, and have it encrypt each while writing. DES is fast enough that it can be implemented in software on itty bitty microprocessors with no problem. AES is even faster, but DES is simpler (and there are a zillion PD implementations in whatever language you like). Users can feel free to find ways to download the images, but they'll get nothing useful.
Of course, if you could hack your camera to dig out the encryption key, you could get your pictures out without paying for "developing", but that's way too much effort.
If that's not secure enough, Ritz should just have the camera generate a random 3DES key for each image, encrypt with it, encrypt the 3DES key with a Ritz RSA public key and store the key with the photo. To break that one, someone would have to either break RSA or find a way to monitor the internals of the camera and extract the 3DES key while it's still in cleartext. Doable, but you'd pretty much have to have your camera hooked up to a bunch of equipment while taking the photos. So you could get "free" pictures of your basement... Might actually be easier just to hook inside and read the image out before it gets encrypted.
All of the code for either solution (on-camera code, manufacturing code for injecting keys, download and decrypt code for the printing) can easily be written, tested and debugged in two weeks by a competent programmer familiar with such things.
Shoot, I should apply to be a corporate consultant!
Me too!
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Maybe I shouldn't reply to this, but it sounds like a sincere statement, so...
... the same DVD. Which I can't use. However, fortunately for me, other people have found themselves in the same boat. And they have the smarts to be able to figure out how to make this work. Unfortunately, the DMCA makes it illegal for them to tell me this information.
Here's some food for thought (and I admit that this may be a philosophically weak argument, but I've yet to find anybody to help debate this and make it better), and in particular, this is a basis for some sort of morality (yes, an attempt at a universal right and wrong, good and evil, etc).
When a person is born into this world, that person has a fixed amount of time until death. That person is then able to trade their time (eventually) for stuff which is either desired or needed, such as food, shelter, entertainment, etc. In our society, we tend to use money to represent the value of said time (quite literally, time is money). Yes, there is much more to this, and I need to write it all down someday, but this summary will do for this discussion.
Now, where does this idea tie in with the discussion? Well, anything which takes time from me without giving me back something that I value equally could be considered to be wrong or evil. For instance, if somebody steals $20 from me, then I have lost the time it took me to earn that $20, and it cannot be recovered. Hence, stealing is wrong in this system.
Now, put it in terms of the DMCA and the limitations which are placed on those subject to its rule. I buy a DVD with the expectation that I will be able to enjoy the contents on that DVD. I have equipment which is sufficient to allow me to do so (to wit: A computer equipped with a DVD-ROM drive), and so this would seem to be a reasonable expectation. I bring it home, pop it in, and find out that, for no better reason than I choose to use Linux (instead of Windows), I am unable to play the contents of this media.
Now, nobody will give me a refund on this opened DVD. The best I can do is exchange it for
Under the DMCA, it is very possible for me to find myself out the money for a DVD which I might actually enjoy. Somebody has stolen some time from me, and I have no recourse. Now, before you tell me to use Windows, keep in mind that I must buy Windows, somehow, some way. Which means that I am out even more time. Or a stand-alone DVD player, which has the same issue.
The DMCA steals from me the ability to help others make use of the items which they have rightfully purchased with their time.
Now, for the counter-argument: The DMCA is meant to stop mass copyright infringement as has been enabled by the internet. I'll simply point out that mass infringers are already convictable under other laws. The DMCA gives no other benefits to help prevent actual infringment. None. It only allows producers of content to steal from me (and yes, they are stealing my time, by virtue of requiring potentially pricy extras that I may not already have to enjoy what they produce).
Gah, it's getting late here, and my brain is shutting down as I type this (I think the first part is more coherent than the second part). Thoughts from you?
GPL made simple: What was my stuff is now our stuff. If you improve our stuff, please keep it our stuff.