Slashdot Mirror
Ask Slashdot: Encrypted Digital Camera/Recording Devices?
Ransak writes "As we hear more and more about dashboard cameras catching unplanned events, I've thought of equipping my vehicles with them just in case that 'one in a billion' moment happens. But given the level of overreach law enforcement has shown, I'd only consider one if I could be assured that the data was secure from prying eyes (e.g., a camera that writes to encrypted SD memory). Are there any solutions for the niche market of the paranoid photographer/videographer?"
"Hrm. Well there, this SD card looks blank. Format."
And it's tossed in the trash because it was broken.
What you need is something that streams to off site.
I don't know of any off the shelf solution, but to anyone going with a homebrew solution to this, I'd consider going with asymetric cryptography. Take the picture, encrypt it using the public key, then keep the private key at home (or somewhere else.) When you need the data, you can decrypt it seperately later. If law enforcment demands it, "oh, looks like the data got corrupted, oh well."
To use video as evidence you have to play the whole thing. Usually what happens is the video is deleted. Consider a delivery system that co-locates within your vehicle.
Are there any solutions for the niche market of the paranoid photographer/videographer?"
Why yes, yes there is. It's called building it yourself. While encryption isn't illegal, you may have noticed despite the obvious benefits and lack of drawbacks to the consumer, it isn't found pretty much anywhere. This is deliberate: Various law enforcement agencies that don't want to be found out make backroom deals to keep companies from providing this most useful of features because it would make their job more difficult. Or at least, so they say. In truth, they just want access to "ALL THE THINGZ!" regardless of whether there's a legitimate judiciary need for it. And encryption means they'd have to serve warrants and stuff to get the keys, not just go clandestine copy-pasta on your personal data.
So your niche market isn't niche at all -- it would already be out there, if not for the authoritarian governments of the world (I'm looking at you "free" western society). Now with that out of the way, you can roll your own easily. Embedded devices with a USB connector and linux are a dime a dozen, and most sport the ability to store data to an SD or CF card, as well as boot off of them. It's possible to create one-way encryption so something can be written to using a public key, but only decrypted using a private key not located on the same physical device. This would provide you with a tamper-evident system, and simultaniously provide full protection for your privacy; You can't recover the data without the key, and the data cannot be modified without it either.
#fuckbeta #iamslashdot #dicemustdie
Hmm, an SD card plugged into your camera, sticking out in plain view, with nothing on it. A second card, installed under the dash, that does the recording. "Why no, officer, I don't believe the camera was turned on".
And the worms ate into his brain.
With cheap, small computers like the Raspberry Pi, why not make your own using a webcam? For less than the cost of most consumer "action cams" you could have a fully encrypted and customized solution.
In the UK you are required to decrypt files that may contain evidence of a crime under the RIP act.
of securing the data from prying eyes, duh
This sounds like an excellent opportunity for a tiny computer like an arduino or raspberry pi or the like. Just plug the camera into one and have it periodically offload the pictures from the camera, encrypt them, and dump them to a hard drive in the trunk. Once there, they can be deleted from the camera itself. In fact, you could probably just use a webcam and ditch the on-camera storage altogether.
When our name is on the back of your car, we're behind you all the way!
Do you want to prevent anyone from accessing the information without your approval or are you merely concerned about the device being physically confiscated? If it's the latter, how about just streaming the audio/video to remote storage?
Android (at least Samsung's variant of Android does) has the capability to encrypt both the internal and external storage.
The only actual solution is to stream the video to off-site hosted storage, preferably in an inconvenient foreign jurisdiction. If it's stored on the device, it's subject to seizure - whether encrypted or not. Losing the video is often worse than having it viewed by someone against your will. And rest assured, if you record something really bad, there's a good chance someone will destroy the recording device (whether the perpetrator is government or non-government).
I am a geek attorney, but not your geek attorney unless you've already retained me. This is not legal advice.
Check your local legislation to see if you can be jailed indefinitely for not providing police with passwords to your encrypted device.
If you get a device that can upload via wifi to an FTP site (which is normally a feature of home cctv rather than dashcams, admittedly), then that FTP site could be a raspberrypi that looks for images in the upload directory, encrypts each one, and deletes anything older than a certain time.
Get an eye-fi SD car for $50.
It transfers your photos/video from your camera to your laptop/tablet/smartphone and then deletes it from its local storage.
So you can show an empty SD card. And your laptop/tablet/smartphone is password protected and/or encrypted.
My God can beat up your God. Just kidding...don't take offense. I know there's no God.
Obivously not.
Now knock it off. You're managing to be more obnoxious than your impersonator.
Have it upload it's data to a remote location via ethernet.
Cranky educator.
The scenario I'm more interested in is having a camera running at all times that catch the various idiot drivers all over the place. Hit a button and the last 5 minutes and anything until the next press are permanently stored. Then send the file to the traffic cops.
The challenge is making the video admissible in court with sufficient weight to be enough to actually convict somebody of the traffic violation they're on tape performing. Currently "we" consider a cops' word as overwhelming evidence in such a case, with police dashboard cameras being a "bonus".
If there's some way to ensure that *I* don't tamper with the recording at a level that the courts would trust, I'd install one in a heartbeat.
GStreamer - The only way to stream!
I think the OP wants to have the data encrypted so that in the event he inadvertently captures video that could implicate himself in a crime (e.g. speeding, running a red light, etc), that this information can only be unencrypted and accessed with his consent if the data is confiscated.
I think the best solution (although I am not sure if this product exists), is an SD card that has hardware encryption built in to it. This would be ideal because it wouldn't require the camcorder to know anything about the encryption and you could use any camcorder. Also, the process for decrypting is the same regardless of which OS it is interfacing with (camcorder or desktop). This might be something like an Ironkey, but with a different way to enter the decryption key. Since there "OS" on the camcorder is probably can't run 3rd party applications, you'd need to enter the key from you would need some physical way to start and terminate an authenticated session like a removable dongle with an LCD and buttons.
I could not find anything like this after a quick google search, but no doubt, such an "invention" is already patented by someone or something even though it is completely obvious and I just thought of it in less than a minute.
The bigger question is we've gotten to a point in society that we mistrust law enforcement and see our freedoms torn away in an ever expanding police state that is growing more apparent with every passing month and passing news story reinforcing it.
I second the Eye-Fi SD card idea to a tiny hidden linux box.
Typical Slashdot response. Everyone answers the question they wish the poster asked and not the question he actually asked. Stay focused kids!
What about something as simple as locking (or encrypting) your smartphone and using a simple dashmount for it.
Turn video capture on and away you go.
The cops will just confiscate and "lose" your encrypted memory card.
I have a camera built into the front license plate bracket rather than sitting on the dashboard. This particular one has the recording device elsewhere on the vehicle, but I suspect with today's technology the entire thing could fit in the license plate bracket. Just sayin'.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
Encryption being on, or not on, devices is not because of any kind of backroom dealings and is all up to what a company feels it useful, and what they want to spend on it. There are popular devices out there with very good, as in the police can't bypass it, encryption. You can do it on an Android phone, the full device encryption is extremely robust. It is just a pain in the butt to use so most don't.
When a company considers providing encryption, and in what capacity, there is a few things they have to evaluate:
1) What does it cost? It isn't free. There is implementation and support time, if nothing else. Often there is more cost then that in that an additional chip has to be added to handle said encryption at a fast enough pace. While AES might not seem like much load on a desktop processor, it can hit a tiny embedded microcontroller hard.
2) How hard will it be for users to use it? The more difficult something is to use, the less people that will want it. If the encryption is something transparent that just happens as a natural function of the device, then cool. However if it requires entering a complex password every time you turn it on (as encryption like this would) then most users are not interested.
3) How easily can they fuck it up, and how badly? Remember that good crypto has no back door, no key recovery. So if someone forgets their password, and people do, all the time, they are fucked. This then can lead to rage against the company that made the product, hence why some companies will use a weak implementation with a backdoor they have to get people in.
4) How many people will give a shit? In a given market, this can vary. For some markets, security is important and people will deal with it. For others, they really don't care.
They then look at all that and decide if it is worth doing or not.
However there's lot of products out there with good crypto. If the government is preventing it through "backroom deals" they are doing a shitty job. As I said Android phones have a great implementation, as to Blackberries. Windows Pro and Enterprise editions have a solid FDE solution included, as well as per file encryption, and you can buy other solutions for a lot of the big vendors (Symantec, Sophos, etc). Lots of hardware is getting it implemented internally. You find many SAS disks can do on-disk encryption and LTO-5 units all do it.
In the case of dash cams? People don't want it. They don't want to have to key in a password each time they power on the camera (which is the only way it'd be secure). They WANT the footage to be accessible.
To me, it sounds like this guy is like the police themselves: He wants recordings, but only for the things he wants. He wants to be able to break the law, and not have people able to get that recording, but then get at other parts of the recording.
Encryption would help against corrupt law enforcement since they'd just take the camera/card. You'd want a backup, not encryption, unless the objective was for you and only you to be able to choose what people can see.
Either it isn't thought through, or it is chimera. The thing is if you what you are worried about it corrupt cop does something you record, they stop you, and take the recording away, encryption does fuck-all to stop that. The cops steal the gear, that is that.
The solution to that is a backup, or a fake item. A setup where the obvious camera isn't the one that records, or that there is a second SD card elsewhere that has a copy or something.
Encryption is only useful if he wants to be able to cover his tracks, and selectively release video. This is precisely what corrupt police like to do with their dash cams. They use them to protect themselves, but turn them off or "lose" the video when they are breaking the law.
So to me it implies that he probably like breaking traffic law, and doesn't want the evidence of that around, but still wants to be able to record things.
While encryption isn't illegal, you may have noticed despite the obvious benefits and lack of drawbacks to the consumer, it isn't found pretty much anywhere.
That is utter bullshit. Every iPhone for example has the whole device storage encrypted. Use of SSH for web traffic is everywhere.
The reason why you don't see it more overtly is not because of your paranoid "law enforcement issues", it's because a lot of other uses of it end up sucking for the user.
I would be OK with encrypting and signing my email but the practical reality of it sucks, and is annoying to use. It's not worth the time and effort to even try.
Zoom out to the broader market and people that are not technical at all, and it's no wonder encryption has mostly not taken hold in visible areas because it can complicate life a lot, and lead to things like little Timmy's photos being permanently lost just because you forgot a key.
As for this particular use case, it's a stupid use of encryption. Why do you want to make it harder for as many people as possible to see the video you are making? If you are worried about it getting into police hands then rig a switch into the device/app to dump the video in an instant... of course why you would do that when it proves your are innocent is beyond me.
It seems like you should care way more about replication than encryption. Like, are there are dash cams that store a video locally but ALSO to a hard drive hidden under the dash, or your smart phone to have it automatically uploaded whenever you stop....
"There is more worth loving than we have strength to love." - Brian Jay Stanley
The way I understand it, you could offload the data before the corrupt cop could seize the glasses. That is, if he even figures out what the glasses are for.
How long before Google Glass-type technology shows up in a pair of glasses that don't look any different from a regular pair of specs?
I know, I know, they're creepy. But they may also be something of an equalizer in the coming surveillance wars.
You are welcome on my lawn.
It'll be more cost effective be Google Glass that copies to encrypted storage or uploads to a server. The OS will probably be open enough for a modification like this. When you leave the car, wear it. If you need to record things that happen in your car when you're gone, get a better insurance policy or a bodyguard. Any other device with this capability would cost $500+ anyway and you wouldn't leave it on the dashboard.
Well you know that they can get a warrant to force you to decrytpt it and to be honest if you driving on the public highway is there any reasonable reason why you would want to deny law enforcement access to it?
Dashcams are by design to protect you from faked accident scams - try to hide your footage implies that you have been doing something naughty driving wise.
every few minutes do:
pick a bulk cipher key. encrypt video with that. encrypt bulk key with public key and log that.
when you get home, decrypt with private key and watch.
If you clean up old bulk keys from memory, the worst forensics can get is the last few minutes.
SD card stands for Secure Digital card. it's called Secure Digital because the card includes onboard circuitry to do encryption. That encryption hasn't yet been broken. It can be used either to passphrase protect the card, or for DRM on preloaded cards.
Most cameras don't have a keyboard to enter the password of course, so use an old phone as a camera. Some phones support locking and unlocking the card with a passphrase.
Slashdot normally has good answers for TECHNICAL issues. I'm amazed that apparently nobody replying sooner knew what SD stands for.
How can you die of food AND starvation?
Will deleting of the imaginary cashless implant somehow make all food you come in contact spoiled, or will it make you intolerant to all food so it will all go straight trough you?
Wouldn't that actually be death by dehydration?
Are unmarked black helicopters hovering over your trailer loud?
Are UFOs that keep chasing you too flashy?
Do reptilians keep calling you only to hiss at you and hang up?
Enquiring minds want to know!
No one was ever debating the need or value of the actual devices. The OP was referring to a market for image/video capture devices that encrypt the data. My response was to that perceived market for encrypting devices, not the market for image/video capture devices as a whole. Actually, my post was arguing that people want to post images/videos of themselves so I don't see how you could even infer that I was arguing that there was no market for video cameras.
Sounds like a good project for a Raspberry Pi.
Get a Raspberry Pi and install Fedora or Debian on it so you can have standard OSS software and drivers for USB Webcams, microphones, a USB hard drive, and you might as well through in a cheap GPS unit for good measure. Using standard linux tools/scripts have the system mount the HDD as an encrypted disk with LUKS/encfs /etc. and have the USB+Microphone+GPS stream to the disk using log rotate to ensure there is enough space on the disk every time the system boots up.
Once you have the whole thing working install it into the vehicle so that the Cams/Mic/HDD is in the dash as part of the car. Wire up the Ethernet port to the dash so you can connect to the RaspberryPi via Samba/NFS to get the files if you need them. Then wire-up the system to a little on/off switch.
This way you should be able to record what ever you want securely, and have lots of storage space in case you need to leave it on for a long while or record multiple things. If the cops find out that you are recording them they cannot just take the disk from you since it is built into the car. In order to get at it they would need to impound the car, have someone open the dash, take the drive, and then erase it. All this would be a big hassle and create a paper trail which they would have to justify in court. Since the videos are encrypted they would have to get the password from you, again creating a paper trail to prove that there is video evidence. You can't stop them from destroying the disk once they get their hands on it. But destroying the disk after having someone at the shop remove it would look awfully suspicious, especially since the boot up log on the SD card would show that it mounted correctly.
If some attacker (here: law enforcement) wants to take your recordings openly and look at them, they will find a way to coerce you to give them the keys. Encryption does not help at all and just may make them angry. I suggest hiding camera and recorder and if they find it nonetheless, to hand over everything immediately and without discussion, just stating that you do so under their orders and under protest, but do not offer any resistance.
Yes, these are instructions for a police state, but in many ways, the US has now reached that distinction.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Traffic accidents are not one-in-a-billion event. Last year there were over 10,000,000 in the US, and that rate has been steady for 20 years. You certainly could need that footage someday for a very practical reason.
Even the meteor strike shouldn't be counted that way. Spectacular natural phenomena occur all the time.
John
Surely there's more to this. What could be on a dashcam that he doesn't want people to see?
Is anything really secure nowadays anyhow? http://xkcd.com/538/ Do you really trust the government NOT to be this shady?
I have been doing time lapse photography with an HD webcam on a RaspberryPi for a couple of months and it has worked very smoothly.
It is nice since the RaspPi puts the pics on an SD card just like a camera would.
Adding encryption to the photo store is not hard to do, but like most encryption systems -- handling the keys is the tricky part.
This is a great use case for an asymmetric data store. A python script on the RaspPi could capture the images from the webcam and use pycrypto to encrypt them asymmetrically using an RSA public key before it saves them.
A script on your desktop computer can generate the key pairs, save the public key on the RaspPi, and retrieve and decrypt the photos (using the private key) when you connect the RaspPi (or it's SD card) to your desktop. You would want to do something to either clean up the oldest pictures when you run low on space, or blink a light to let you know when your SD card is full (or both).
Nice weekend programming project !
You have to get a camera that skips any internal recording and allows you to use an external only type of system, then you use an encrypted drive as your external.
Suppose you just ran through a red light. The police officer did not see the traffic light, but he guesses that you might have run a light. If he stop you, sees the recording dashcam, he might take the SD card out of it to proof you just did it.
But basically this is no point: if it is your word against the word of a police officer, you loose anyway. That is why in russia there are so many dashcams, the people do not trust a lot of police (or some government drivers that act like police).
I would think that data replication is more important. e.g. let the dashcam automatically sync events to your smartphone, so simply capturing and "accidentally" wiping the dashcam will not remove the evidence.
And the smartphone already has the option to protect directories if that is important to you. (IT SHOULD)
Not only is it an easy job but it'll do 1080p and most will hold 8GB of DDR 3 while using even less power than my Sempron, its really a sweet little unit.
Just an FYI: the maximum throughput of an E-350 to an SSD encrypted with AES-128 CBC (4K sectors) is on the order of 30 megabytes/sec... and that's with full CPU use for the crypto (i.e. the system is doing nothing else).
These really suffer from their lack of AES-NI support; it's their one major downfall.
Perhaps the next gen systems will be better (read: AES-NI). At least these support 2x the RAM that Atoms do.
If you wish not to be impersonated, perhaps you would avoid posting anonymously?
www.wavefront-av.com
You should try the #privatecamera from #ncryptedcloud (www.ncryptedcloud.com) . Full disclosure, I work for the company. The app is a Privacy, Security and Collaboration application layered on top of Dropbox (Skydrive and Googledrive coming in 2 month) . We are on OSX, Windows and IOS. Android coming in 6 weeks. It is free for consumers and you can take Private Encrypted Photos that are NOT stored on the Camera roll. They are stored encrypted in the cloud and encrypted on a private camera roll accessible only through our PIN protected application.
You ideally want a private camera app that secures/encrypted captured images directly from memory to local storage, digitally signs images with evidenciary chain of control/custody (otherwise, they will not be admissible in a court of law), automatically synchronizes that secured captured images to the cloud (so they are backed up and available on other devices) and of course convenient (ideally free). The picture file should be encrypted by a strong standards based public algorithm, such as 256-BIT AES. The symmetric key used for encrypting the file should be unique per file, and should be protected through asymmetric encryption using the public part of a key pair. Both the private and public portions of the key, should be protected through another derived personal key from something like an account ID and your password (ideally again using well known, proven algorithms such as ones used in WPA2 for wifi). This will emulates a TPM like approach for local key storage, and prevents brute force dictionary attacks on your private keys, while still having the convenience of not only creating private secure pictures, but also viewing them. Here is a YouTube link, describing this approach by an engineer: http://www.youtube.com/watch?v=sh8U7hgwLQg
I'd prefer to have a wireless access point that is a 4G bridge Then have a Wifi SD card ( hopefully using 802.11.n )
and have anythign on the camera be sent remotely elsewhere incase my data gets "lost" by "accident".
Encryption isn't important to me... what ever happened is what happened. That shouldn't be the issue. It's preserving what really happened that's important.
Now that HD Video can be edited without authenticity then videos & pictures in court will be a thing of the past. Just need one rich guy with some slick lawyers to prove that case that the video can be edited without anyone knowing it's been tampered with.
This conversation resonates with a topic I've been looking into for some time now: wireless security cameras.
DLink, among others, sells wireless security cameras; they were pretty cheap ($60 before rebate) at Fry's.
Supposedly these are easy to set up: you put one at home, let it hook up to your home wireless router, and it will take pictures which it will upload to DLink; then while you are vacationing in the alps or Bahamas, you can get on the internet and look at how the thieves are (or, more hopefully, are not) breaking into your empty house.
The thing is, not only am I basically telling the Internet world that I have an empty house to break into, but there is a device in my home which could be trying to root my other devices on my network, and which would have a legitimate reason to be talking to some outside agency. For all I know, there could be malware on the camera under the control of DLink, or some renegade (former?) employee at DLink, or not at all related to DLink (the way some iPods came preinstalled with Windows malware).
Is there some sort of encryption and security that can be put into/around these cameras to keep it from doing anything underhanded? The only thing I can think of is to stop it from phoning home altogether (ie. don't use the DLink SeeYourOwnHome.Dlink.com type video upload service and just store stuff on my home server), but maybe other Slashdotters can come up with something more creative.
I admit this is not exactly the type of "Encrypted Digital Camera/Recording Devices" that the OP was talking about (the original question is more about protecting the camera from the outside), but I thought I'd use the opportunity to draw on the Slashdot wisdom about protecting the rest of my home from the camera.
Thanks for any ideas or links you can provide.
404555974007725459910684486621289147856453481154 in hex is "You sank my Battleship?"
[GPG key in journal]
If the cops want what's on the encrypted SD card, they will just beat you until you give it to them.
Why provide them something they could want to beat you to get?
Why would you care if the police have access to the recorded video from the dash camera? Are you buying drugs and picking up prostitutes from ur car?
In the rare case wear the police do try to obtain your recordings, you should be worried about the weeks or years of recorded content that you move to your storage server... like a desktop with terrabyte of drive space. This should be encrypted in cases of search and seizure. So you really should have full hard drive encryption for your main storage backup device. A good solution for this is to simply use linux. Ubuntu and others have a simple full hard drive encryption installation, so you just click a button during installation and then you know all of your applications and data and the whole operating system are secure from view should someone take your computers. This also works well on laptops.
The obvious solution is to just carry a laptop with encryption software on it. Move the SD card to the laptop and transfer an encrypt the content.
i have been mildly interested in cameras with encryption... or even better is a camera that is modifed to perform "fake deletes" of pictures and videos. Because 90% of the time, the police are not going to be concerned with charging you based on the content on your camera, but instead will simply delete photos and videos that may make them look bad or unprofessional. Sometimes citizens will demand that you delete photos or videos as well even though they have no rights to enforce it.
Oh, in case it wasn't clear in my ranting elsewhere about AES-NI: it generally improves crypto filesystem throughput by 4x to 10x while simultaneously reducing the CPU utilization by 80%.
Therefore, I would expect the E-350 successor to be able to handle 100+ MB/sec of simple, lowest-grade AES-CBC disk crypto while only having a 20% CPU utilization compared to the E-350's ~30 MB/sec at 100% CPU utilization for the same configuration. Furthermore, AES-NI doesn't adversely affect power budget because "all it does" is to provide silicon support for a few opcodes to conduct certain low-level AES operations in a single instruction vs. the multiple instructions/memory accesses required to do it in software. Meta-operations, if you will.
So, if you are using even basic/simplistic crypto then having AES-NI support contributes far more to performance than even a simple, non-AES-NI CPU upgrade would deliver. This would leave the "camera solution" in this thread's subject more capable of handling camera image capture/processing/higher resolution/whatever while meeting the same basic security goals.
I believe we are on the same page about desired features: simple, basic security, low power, able to be powered via something like an M3-ATX-HV in a vehicle, capable of handling video capture, and low cost. I think the E-350 would run hot for this (due to CPU overhead for basic crypto), but its successor likely would not. For example, I am deliberately running my E-350 NAS in passive/fanless mode, and sustained ~30 MB/sec basic crypto fs throughput will push its CPU up to about 70 C... I think an automotive application would ideally be passive/fanless with no moving parts, and would be operating in a wider-temperature environment than my home NAS.