Slashdot Mirror
Ask Slashdot: Encrypted Digital Camera/Recording Devices?
Ransak writes "As we hear more and more about dashboard cameras catching unplanned events, I've thought of equipping my vehicles with them just in case that 'one in a billion' moment happens. But given the level of overreach law enforcement has shown, I'd only consider one if I could be assured that the data was secure from prying eyes (e.g., a camera that writes to encrypted SD memory). Are there any solutions for the niche market of the paranoid photographer/videographer?"
"Hrm. Well there, this SD card looks blank. Format."
And it's tossed in the trash because it was broken.
What you need is something that streams to off site.
I don't know of any off the shelf solution, but to anyone going with a homebrew solution to this, I'd consider going with asymetric cryptography. Take the picture, encrypt it using the public key, then keep the private key at home (or somewhere else.) When you need the data, you can decrypt it seperately later. If law enforcment demands it, "oh, looks like the data got corrupted, oh well."
Are there any solutions for the niche market of the paranoid photographer/videographer?"
Why yes, yes there is. It's called building it yourself. While encryption isn't illegal, you may have noticed despite the obvious benefits and lack of drawbacks to the consumer, it isn't found pretty much anywhere. This is deliberate: Various law enforcement agencies that don't want to be found out make backroom deals to keep companies from providing this most useful of features because it would make their job more difficult. Or at least, so they say. In truth, they just want access to "ALL THE THINGZ!" regardless of whether there's a legitimate judiciary need for it. And encryption means they'd have to serve warrants and stuff to get the keys, not just go clandestine copy-pasta on your personal data.
So your niche market isn't niche at all -- it would already be out there, if not for the authoritarian governments of the world (I'm looking at you "free" western society). Now with that out of the way, you can roll your own easily. Embedded devices with a USB connector and linux are a dime a dozen, and most sport the ability to store data to an SD or CF card, as well as boot off of them. It's possible to create one-way encryption so something can be written to using a public key, but only decrypted using a private key not located on the same physical device. This would provide you with a tamper-evident system, and simultaniously provide full protection for your privacy; You can't recover the data without the key, and the data cannot be modified without it either.
#fuckbeta #iamslashdot #dicemustdie
Hmm, an SD card plugged into your camera, sticking out in plain view, with nothing on it. A second card, installed under the dash, that does the recording. "Why no, officer, I don't believe the camera was turned on".
And the worms ate into his brain.
In the UK you are required to decrypt files that may contain evidence of a crime under the RIP act.
This sounds like an excellent opportunity for a tiny computer like an arduino or raspberry pi or the like. Just plug the camera into one and have it periodically offload the pictures from the camera, encrypt them, and dump them to a hard drive in the trunk. Once there, they can be deleted from the camera itself. In fact, you could probably just use a webcam and ditch the on-camera storage altogether.
When our name is on the back of your car, we're behind you all the way!
Do you want to prevent anyone from accessing the information without your approval or are you merely concerned about the device being physically confiscated? If it's the latter, how about just streaming the audio/video to remote storage?
The only actual solution is to stream the video to off-site hosted storage, preferably in an inconvenient foreign jurisdiction. If it's stored on the device, it's subject to seizure - whether encrypted or not. Losing the video is often worse than having it viewed by someone against your will. And rest assured, if you record something really bad, there's a good chance someone will destroy the recording device (whether the perpetrator is government or non-government).
I am a geek attorney, but not your geek attorney unless you've already retained me. This is not legal advice.
If in the United States, the answer is universally "NO". Decryption cannot be mandated. There have been a couple close calls over the years under some unusual circumstances, but the general principle stands.
I am a geek attorney, but not your geek attorney unless you've already retained me. This is not legal advice.
Get an eye-fi SD car for $50.
It transfers your photos/video from your camera to your laptop/tablet/smartphone and then deletes it from its local storage.
So you can show an empty SD card. And your laptop/tablet/smartphone is password protected and/or encrypted.
My God can beat up your God. Just kidding...don't take offense. I know there's no God.
I don't use passwords, you insensitive clod.
now we need to go OSS in diesel cars
I'd rather use HTTP PUT to store the files. I'd rather it just delete from the upload directory as soon as encryption is done. I'd rather use a file system with a security erase feature. I'd rather then further upload the encrypted directory to my server instance which allows some otner server instances elsewhere to pull the files, without any logging.
now we need to go OSS in diesel cars
Are you sure there is no back door in it?
now we need to go OSS in diesel cars
Have it upload it's data to a remote location via ethernet.
Cranky educator.
The scenario I'm more interested in is having a camera running at all times that catch the various idiot drivers all over the place. Hit a button and the last 5 minutes and anything until the next press are permanently stored. Then send the file to the traffic cops.
The challenge is making the video admissible in court with sufficient weight to be enough to actually convict somebody of the traffic violation they're on tape performing. Currently "we" consider a cops' word as overwhelming evidence in such a case, with police dashboard cameras being a "bonus".
If there's some way to ensure that *I* don't tamper with the recording at a level that the courts would trust, I'd install one in a heartbeat.
GStreamer - The only way to stream!
I think the OP wants to have the data encrypted so that in the event he inadvertently captures video that could implicate himself in a crime (e.g. speeding, running a red light, etc), that this information can only be unencrypted and accessed with his consent if the data is confiscated.
I think the best solution (although I am not sure if this product exists), is an SD card that has hardware encryption built in to it. This would be ideal because it wouldn't require the camcorder to know anything about the encryption and you could use any camcorder. Also, the process for decrypting is the same regardless of which OS it is interfacing with (camcorder or desktop). This might be something like an Ironkey, but with a different way to enter the decryption key. Since there "OS" on the camcorder is probably can't run 3rd party applications, you'd need to enter the key from you would need some physical way to start and terminate an authenticated session like a removable dongle with an LCD and buttons.
I could not find anything like this after a quick google search, but no doubt, such an "invention" is already patented by someone or something even though it is completely obvious and I just thought of it in less than a minute.
The cops will just confiscate and "lose" your encrypted memory card.
I have a camera built into the front license plate bracket rather than sitting on the dashboard. This particular one has the recording device elsewhere on the vehicle, but I suspect with today's technology the entire thing could fit in the license plate bracket. Just sayin'.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
Encryption being on, or not on, devices is not because of any kind of backroom dealings and is all up to what a company feels it useful, and what they want to spend on it. There are popular devices out there with very good, as in the police can't bypass it, encryption. You can do it on an Android phone, the full device encryption is extremely robust. It is just a pain in the butt to use so most don't.
When a company considers providing encryption, and in what capacity, there is a few things they have to evaluate:
1) What does it cost? It isn't free. There is implementation and support time, if nothing else. Often there is more cost then that in that an additional chip has to be added to handle said encryption at a fast enough pace. While AES might not seem like much load on a desktop processor, it can hit a tiny embedded microcontroller hard.
2) How hard will it be for users to use it? The more difficult something is to use, the less people that will want it. If the encryption is something transparent that just happens as a natural function of the device, then cool. However if it requires entering a complex password every time you turn it on (as encryption like this would) then most users are not interested.
3) How easily can they fuck it up, and how badly? Remember that good crypto has no back door, no key recovery. So if someone forgets their password, and people do, all the time, they are fucked. This then can lead to rage against the company that made the product, hence why some companies will use a weak implementation with a backdoor they have to get people in.
4) How many people will give a shit? In a given market, this can vary. For some markets, security is important and people will deal with it. For others, they really don't care.
They then look at all that and decide if it is worth doing or not.
However there's lot of products out there with good crypto. If the government is preventing it through "backroom deals" they are doing a shitty job. As I said Android phones have a great implementation, as to Blackberries. Windows Pro and Enterprise editions have a solid FDE solution included, as well as per file encryption, and you can buy other solutions for a lot of the big vendors (Symantec, Sophos, etc). Lots of hardware is getting it implemented internally. You find many SAS disks can do on-disk encryption and LTO-5 units all do it.
In the case of dash cams? People don't want it. They don't want to have to key in a password each time they power on the camera (which is the only way it'd be secure). They WANT the footage to be accessible.
To me, it sounds like this guy is like the police themselves: He wants recordings, but only for the things he wants. He wants to be able to break the law, and not have people able to get that recording, but then get at other parts of the recording.
Encryption would help against corrupt law enforcement since they'd just take the camera/card. You'd want a backup, not encryption, unless the objective was for you and only you to be able to choose what people can see.
Either it isn't thought through, or it is chimera. The thing is if you what you are worried about it corrupt cop does something you record, they stop you, and take the recording away, encryption does fuck-all to stop that. The cops steal the gear, that is that.
The solution to that is a backup, or a fake item. A setup where the obvious camera isn't the one that records, or that there is a second SD card elsewhere that has a copy or something.
Encryption is only useful if he wants to be able to cover his tracks, and selectively release video. This is precisely what corrupt police like to do with their dash cams. They use them to protect themselves, but turn them off or "lose" the video when they are breaking the law.
So to me it implies that he probably like breaking traffic law, and doesn't want the evidence of that around, but still wants to be able to record things.
yes, something small LIKE the raspberry Pi, but something that has enough power to encode and encrypt a real time video stream. I don't think rPI has hardware assisted encryption or encoding, so I doubt it could do the job.
The video camera for the Raspberry Pi is reported to be able to record 1080p at 30 frames/second:
http://venturebeat.com/2013/02/06/raspberry-pi-camera-module/
I don't know if there's enough left over to do encryption at the same time, but maybe you could cut the frame rate in half and record 15 frames/second to allow more time for encryption. 15fps (or 1 frame eery 66ms) is probably good enough for a car cam.
While encryption isn't illegal, you may have noticed despite the obvious benefits and lack of drawbacks to the consumer, it isn't found pretty much anywhere.
That is utter bullshit. Every iPhone for example has the whole device storage encrypted. Use of SSH for web traffic is everywhere.
The reason why you don't see it more overtly is not because of your paranoid "law enforcement issues", it's because a lot of other uses of it end up sucking for the user.
I would be OK with encrypting and signing my email but the practical reality of it sucks, and is annoying to use. It's not worth the time and effort to even try.
Zoom out to the broader market and people that are not technical at all, and it's no wonder encryption has mostly not taken hold in visible areas because it can complicate life a lot, and lead to things like little Timmy's photos being permanently lost just because you forgot a key.
As for this particular use case, it's a stupid use of encryption. Why do you want to make it harder for as many people as possible to see the video you are making? If you are worried about it getting into police hands then rig a switch into the device/app to dump the video in an instant... of course why you would do that when it proves your are innocent is beyond me.
It seems like you should care way more about replication than encryption. Like, are there are dash cams that store a video locally but ALSO to a hard drive hidden under the dash, or your smart phone to have it automatically uploaded whenever you stop....
"There is more worth loving than we have strength to love." - Brian Jay Stanley
The way I understand it, you could offload the data before the corrupt cop could seize the glasses. That is, if he even figures out what the glasses are for.
How long before Google Glass-type technology shows up in a pair of glasses that don't look any different from a regular pair of specs?
I know, I know, they're creepy. But they may also be something of an equalizer in the coming surveillance wars.
You are welcome on my lawn.
Well you know that they can get a warrant to force you to decrytpt it and to be honest if you driving on the public highway is there any reasonable reason why you would want to deny law enforcement access to it?
Dashcams are by design to protect you from faked accident scams - try to hide your footage implies that you have been doing something naughty driving wise.
every few minutes do:
pick a bulk cipher key. encrypt video with that. encrypt bulk key with public key and log that.
when you get home, decrypt with private key and watch.
If you clean up old bulk keys from memory, the worst forensics can get is the last few minutes.
SD card stands for Secure Digital card. it's called Secure Digital because the card includes onboard circuitry to do encryption. That encryption hasn't yet been broken. It can be used either to passphrase protect the card, or for DRM on preloaded cards.
Most cameras don't have a keyboard to enter the password of course, so use an old phone as a camera. Some phones support locking and unlocking the card with a passphrase.
Slashdot normally has good answers for TECHNICAL issues. I'm amazed that apparently nobody replying sooner knew what SD stands for.
No one was ever debating the need or value of the actual devices. The OP was referring to a market for image/video capture devices that encrypt the data. My response was to that perceived market for encrypting devices, not the market for image/video capture devices as a whole. Actually, my post was arguing that people want to post images/videos of themselves so I don't see how you could even infer that I was arguing that there was no market for video cameras.
Sounds like a good project for a Raspberry Pi.
Get a Raspberry Pi and install Fedora or Debian on it so you can have standard OSS software and drivers for USB Webcams, microphones, a USB hard drive, and you might as well through in a cheap GPS unit for good measure. Using standard linux tools/scripts have the system mount the HDD as an encrypted disk with LUKS/encfs /etc. and have the USB+Microphone+GPS stream to the disk using log rotate to ensure there is enough space on the disk every time the system boots up.
Once you have the whole thing working install it into the vehicle so that the Cams/Mic/HDD is in the dash as part of the car. Wire up the Ethernet port to the dash so you can connect to the RaspberryPi via Samba/NFS to get the files if you need them. Then wire-up the system to a little on/off switch.
This way you should be able to record what ever you want securely, and have lots of storage space in case you need to leave it on for a long while or record multiple things. If the cops find out that you are recording them they cannot just take the disk from you since it is built into the car. In order to get at it they would need to impound the car, have someone open the dash, take the drive, and then erase it. All this would be a big hassle and create a paper trail which they would have to justify in court. Since the videos are encrypted they would have to get the password from you, again creating a paper trail to prove that there is video evidence. You can't stop them from destroying the disk once they get their hands on it. But destroying the disk after having someone at the shop remove it would look awfully suspicious, especially since the boot up log on the SD card would show that it mounted correctly.
If some attacker (here: law enforcement) wants to take your recordings openly and look at them, they will find a way to coerce you to give them the keys. Encryption does not help at all and just may make them angry. I suggest hiding camera and recorder and if they find it nonetheless, to hand over everything immediately and without discussion, just stating that you do so under their orders and under protest, but do not offer any resistance.
Yes, these are instructions for a police state, but in many ways, the US has now reached that distinction.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Traffic accidents are not one-in-a-billion event. Last year there were over 10,000,000 in the US, and that rate has been steady for 20 years. You certainly could need that footage someday for a very practical reason.
Even the meteor strike shouldn't be counted that way. Spectacular natural phenomena occur all the time.
John
Is anything really secure nowadays anyhow? http://xkcd.com/538/ Do you really trust the government NOT to be this shady?
I have been doing time lapse photography with an HD webcam on a RaspberryPi for a couple of months and it has worked very smoothly.
It is nice since the RaspPi puts the pics on an SD card just like a camera would.
Adding encryption to the photo store is not hard to do, but like most encryption systems -- handling the keys is the tricky part.
This is a great use case for an asymmetric data store. A python script on the RaspPi could capture the images from the webcam and use pycrypto to encrypt them asymmetrically using an RSA public key before it saves them.
A script on your desktop computer can generate the key pairs, save the public key on the RaspPi, and retrieve and decrypt the photos (using the private key) when you connect the RaspPi (or it's SD card) to your desktop. You would want to do something to either clean up the oldest pictures when you run low on space, or blink a light to let you know when your SD card is full (or both).
Nice weekend programming project !
Suppose you just ran through a red light. The police officer did not see the traffic light, but he guesses that you might have run a light. If he stop you, sees the recording dashcam, he might take the SD card out of it to proof you just did it.
But basically this is no point: if it is your word against the word of a police officer, you loose anyway. That is why in russia there are so many dashcams, the people do not trust a lot of police (or some government drivers that act like police).
I would think that data replication is more important. e.g. let the dashcam automatically sync events to your smartphone, so simply capturing and "accidentally" wiping the dashcam will not remove the evidence.
And the smartphone already has the option to protect directories if that is important to you. (IT SHOULD)
Not only is it an easy job but it'll do 1080p and most will hold 8GB of DDR 3 while using even less power than my Sempron, its really a sweet little unit.
Just an FYI: the maximum throughput of an E-350 to an SSD encrypted with AES-128 CBC (4K sectors) is on the order of 30 megabytes/sec... and that's with full CPU use for the crypto (i.e. the system is doing nothing else).
These really suffer from their lack of AES-NI support; it's their one major downfall.
Perhaps the next gen systems will be better (read: AES-NI). At least these support 2x the RAM that Atoms do.
If you wish not to be impersonated, perhaps you would avoid posting anonymously?
www.wavefront-av.com
You should try the #privatecamera from #ncryptedcloud (www.ncryptedcloud.com) . Full disclosure, I work for the company. The app is a Privacy, Security and Collaboration application layered on top of Dropbox (Skydrive and Googledrive coming in 2 month) . We are on OSX, Windows and IOS. Android coming in 6 weeks. It is free for consumers and you can take Private Encrypted Photos that are NOT stored on the Camera roll. They are stored encrypted in the cloud and encrypted on a private camera roll accessible only through our PIN protected application.
You ideally want a private camera app that secures/encrypted captured images directly from memory to local storage, digitally signs images with evidenciary chain of control/custody (otherwise, they will not be admissible in a court of law), automatically synchronizes that secured captured images to the cloud (so they are backed up and available on other devices) and of course convenient (ideally free). The picture file should be encrypted by a strong standards based public algorithm, such as 256-BIT AES. The symmetric key used for encrypting the file should be unique per file, and should be protected through asymmetric encryption using the public part of a key pair. Both the private and public portions of the key, should be protected through another derived personal key from something like an account ID and your password (ideally again using well known, proven algorithms such as ones used in WPA2 for wifi). This will emulates a TPM like approach for local key storage, and prevents brute force dictionary attacks on your private keys, while still having the convenience of not only creating private secure pictures, but also viewing them. Here is a YouTube link, describing this approach by an engineer: http://www.youtube.com/watch?v=sh8U7hgwLQg
This conversation resonates with a topic I've been looking into for some time now: wireless security cameras.
DLink, among others, sells wireless security cameras; they were pretty cheap ($60 before rebate) at Fry's.
Supposedly these are easy to set up: you put one at home, let it hook up to your home wireless router, and it will take pictures which it will upload to DLink; then while you are vacationing in the alps or Bahamas, you can get on the internet and look at how the thieves are (or, more hopefully, are not) breaking into your empty house.
The thing is, not only am I basically telling the Internet world that I have an empty house to break into, but there is a device in my home which could be trying to root my other devices on my network, and which would have a legitimate reason to be talking to some outside agency. For all I know, there could be malware on the camera under the control of DLink, or some renegade (former?) employee at DLink, or not at all related to DLink (the way some iPods came preinstalled with Windows malware).
Is there some sort of encryption and security that can be put into/around these cameras to keep it from doing anything underhanded? The only thing I can think of is to stop it from phoning home altogether (ie. don't use the DLink SeeYourOwnHome.Dlink.com type video upload service and just store stuff on my home server), but maybe other Slashdotters can come up with something more creative.
I admit this is not exactly the type of "Encrypted Digital Camera/Recording Devices" that the OP was talking about (the original question is more about protecting the camera from the outside), but I thought I'd use the opportunity to draw on the Slashdot wisdom about protecting the rest of my home from the camera.
Thanks for any ideas or links you can provide.
404555974007725459910684486621289147856453481154 in hex is "You sank my Battleship?"
[GPG key in journal]
Oh, in case it wasn't clear in my ranting elsewhere about AES-NI: it generally improves crypto filesystem throughput by 4x to 10x while simultaneously reducing the CPU utilization by 80%.
Therefore, I would expect the E-350 successor to be able to handle 100+ MB/sec of simple, lowest-grade AES-CBC disk crypto while only having a 20% CPU utilization compared to the E-350's ~30 MB/sec at 100% CPU utilization for the same configuration. Furthermore, AES-NI doesn't adversely affect power budget because "all it does" is to provide silicon support for a few opcodes to conduct certain low-level AES operations in a single instruction vs. the multiple instructions/memory accesses required to do it in software. Meta-operations, if you will.
So, if you are using even basic/simplistic crypto then having AES-NI support contributes far more to performance than even a simple, non-AES-NI CPU upgrade would deliver. This would leave the "camera solution" in this thread's subject more capable of handling camera image capture/processing/higher resolution/whatever while meeting the same basic security goals.
I believe we are on the same page about desired features: simple, basic security, low power, able to be powered via something like an M3-ATX-HV in a vehicle, capable of handling video capture, and low cost. I think the E-350 would run hot for this (due to CPU overhead for basic crypto), but its successor likely would not. For example, I am deliberately running my E-350 NAS in passive/fanless mode, and sustained ~30 MB/sec basic crypto fs throughput will push its CPU up to about 70 C... I think an automotive application would ideally be passive/fanless with no moving parts, and would be operating in a wider-temperature environment than my home NAS.