Camera Makers Resist Encryption, Despite Warnings From Photographers

An anonymous reader shares an article from the security editor of ZDNet: A year after photojournalists and filmmakers sent a critical letter to camera makers for failing to add a basic security feature to protect their work from searches and hacking, little progress has been made. The letter, sent in late 2016, called on camera makers to build encryption into their cameras after photojournalists said they face "a variety of threats..." Even when they're out in the field, collecting footage and documenting evidence, reporters have long argued that without encryption, police, the military, and border agents in countries where they work can examine and search their devices. "The consequences can be dire," the letter added.

Although iPhones and Android phones, computers, and instant messengers all come with encryption, camera makers have fallen behind. Not only does encryption protect reported work from prying eyes, it also protects sources -- many of whom put their lives at risk to expose corruption or wrongdoing... The lack of encryption means high-end camera makers are forcing their customers to choose between putting their sources at risk, or relying on encrypted, but less-capable devices, like iPhones. We asked the same camera manufacturers if they plan to add encryption to their cameras -- and if not, why. The short answer: don't expect much any time soon.

SD card feature?

not excusing the camera makers here, but couldn't this be designed into an SD card?

Re:SD card feature?

DSLR's save as jpg or whatever raw file type they use... no encryption whatsoever. Adding encryption to cameras will just slow them down and cause compatibility problems with photo editing software.

Re:SD card feature?

[jfdavis668]

I don't think SD cards have a whole lot of processing power. I may be wrong.

Re:SD card feature?

[BronsCon]

Why, yes it could. In fact, one of the things that supposedly made SD better than MMC, which it replaced, was this (emphasis mine):

Cards can protect their contents from erasure or modification, prevent access by non-authorized users, and protect copyrighted content using digital rights management.

Of course, no implementation that I've come across since the format was released over 18 years ago has implemented that highlighted bit.

Re:SD card feature?

Why? This could be pretty easy.
Just load up a small version of gpg that only encrypts.
Load in your public certificate, and have it encrypt every picture using that.
When you get home you decrypt them.
For all other users it will work as normal.
If that's too much get mbedtls or wolf ssl or some other embedded crypto library.
It takes you two or three days to whittle it down to the functionality you need, and another two or three days to reduce the stack usage to something manageable.
This isn't rocket surgery.
The photo editing software will never know the files were encrypted. Yes, saving will be a bit slower, but will the reporter care that much?
Surely having encryption is more important?

Re:SD card feature?

[Entrope]

The problem is key management. A camera does not have a good way to enter a long password or passphrase, and an SD card is worse. It seems just as feasible to plug the memory card into a laptop (or into an adapter attached to a phone) that can apply whatever encryption the photographer wants.

A country could, of course, outlaw the use of apps to do that -- but they could, and presumably would, do the same for cameras that incorporate strong encryption.

Re:SD card feature?

[I'm+New+Around+Here]

You might be surprised what SD cards can do.
http://www.toshiba-memory.com/...

Re:SD card feature?

[kenh]

Why? This could be pretty easy.
Just load up a small version of gpg that only encrypts.
Load in your public certificate, and have it encrypt every picture using that.
When you get home you decrypt them.

Except, how will this work if you want to see the photo you just took? Encrypt upon capture with encrypt-only software would prevent the camera user from being able to review the photo they just took until they get to a device that can decrypt them. if you implement encryption such that it is a process the photographer chooses to apply after taking the photo (think of it as a process similar to deleting a photo - you highlight it and select "encrypt", rendering it invisible on the camera), that will leave the photos vulnerable immediately after being taken - you know, like when the soldier grabs your camera right after you snap the photo of the soldier beating up a protester...

Re:SD card feature?

Canon camera hacking...:) For example:

http://chdk.wikia.com/wiki/CHDK

Re: SD card feature?

[c6gunner]

The problem is key management. A camera does not have a good way to enter a long password or passphrase, and an SD card is worse

This seems like a trivial problem. Have the camera look for a my.key file on the sdcard. If it's there, copy it to onboard and overwrite it on the card. All future pictures are encrypted using the key. Have a button which the user can push to wipe the key from onboard memory.

Re:SD card feature?

[kenh]

There is the eyefi SD card that includes a wifi implementation, allowing you to shoot photos from your camera to your smartphone without any interaction, turning your smartphone into a secure, encrypted photo vault, which can sync with a cloud data service.

Re:SD card feature?

There are SD cards on the market which contain an embedded WiFi chip which creates a portable hotspot to connect to and download pictures directly off the SD card via a built in webserver. They seem like they must be running some sort of embedded *nix OS.

So it would seem like it should be possible to create an SD card with a similar embedded system which automatically encrypts files as their written to the FS in a write-only fashion. Obviously this wouldn't allow previewing of images, which is sort of the point anyways.

Then the photographer could take the SD out, travel, pop it into a laptop and use some custom software that handshakes with the embedded software on the SD card which then allows the laptop to read back the encrypted files.

In theory anyways. Perhaps the microprocessor they use for the embedded WiFi isn't overly powerful but it seems like the concept could be possible.

Re: SD card feature?

That is achieved by the movable tab, like the 3.5" disquettes had

Re: SD card feature?

[Immerman]

Sadly not. First - that's not even remotely the point of a write-protect tab, it has nothing to do with read-access at all.

Secondly - unlike floppy drives where the write protection tab prevented the drive from writing to the disc, SD cards use software based write "protection" - i.e. the tab is only a request that the card not be written to, and offers absolutely no protection against faulty or malicious software.

Re:SD card feature?

I think a better solution is a dedicated "Lock" button on the camera that encrypts the SD card if pressed. Another tap on the lock button, it asks for a password and unlocks the card.

Re: SD card feature?

[Immerman]

You don't even need to do that - use asymmetric encryption and let the my.key file hold only the public encryption key and you can just leave it on the card - it can't be used for decryption, so it doesn't matter who else gets access to it.

Of course that would mean that you can't review your photos on the camera, but also means that the photos are protected even if someone takes your camera without giving you a chance to push the "wipe" button.

And really, there's very little need for on-camera reviewing in an evidence-collecting situation - at most you just need to be able to review the just-taken photo to be certain it clearly captures what you intended, and a professional photographer should have the skills and familiarity with their camera to make that unnecessary. Film cameras didn't have *any* on-camera review options, and did the job just fine for decades.

Re: SD card feature?

[c6gunner]

Being able to review is a handy feature, though, so it would be a shame to get rid of it completely.

But your suggestion is a good one, and there's no reason why both encryption schemes couldn't be implemented. Then the user would have the option to decide which scheme to use based on what level of usability/security they need.

Re:SD card feature?

The camera has a perfectly good image sensor, so the key could be entered as a barcode. A random key is better than a password anyway. Generate and store the key on your encrypted phone; point the camera at the phone's screen to unlock it.

Using public key encryption, you wouldn't need to "unlock" the camera in order to start taking pictures, either - you'd only need to unlock it to view or export old pictures. Depending on your workflow, you might not need to have the private key in your possession at all.

Whenever I see a story like this it just makes me think, this is why we need software freedom, everywhere (you nitwits.)

Re:SD card feature?

[aaarrrgggh]

There was an article (likely here) years ago about cameras with digital signing technology built in in order to satisfy evidence chain of custody requirements for police photographers.

It is odd that these types of features are not available in mass-market devices.

Re:SD card feature?

There are SD cards on the market which contain an embedded WiFi chip which creates a portable hotspot to connect to and download pictures directly off the SD card via a built in webserver. They seem like they must be running some sort of embedded *nix OS.

You don't say?
The person you replied to, who linked to exactly that, didn't have me convinced such a thing existed. But thankfully an anon came along to reply to that and confirm it!

(Sorry, but I couldn't help myself there)

So it would seem like it should be possible to create an SD card with a similar embedded system which automatically encrypts files as their written to the FS in a write-only fashion. Obviously this wouldn't allow previewing of images, which is sort of the point anyways.

Not "seem like", but that exists too.

There used to be an SD card under the brand and name "Trancend Wifi SD Card" containing a multi core ARM processor, flash, wifi hardware, and RAM - all running Linux, a wifi/tcp stack, hostap, Apache, and Samba.

You can easily gain root on these cards with physical access and from there and reprogram it to your hearts content, or if you prefer even reflash the entire ARM system with OpenWRT

This was documented back in 2013:
https://forum.openwrt.org/viewtopic.php?id=45820&p=1

One project I saw back then, but unfortunately can't find the github repo for now, was a daemon that ran on the SD card and watched for new files to be stored on the flash via the SD interface.
It would then use GPG to encrypt the file using an uploaded public-key and basically 'move' it into a subfolder.

The idea was that you left the private-key at home on your computer, so the files saved to it can only be decrypted there.

That exact code with slight changes could be used for this purpose and a camera.
Since cameras tend to write their data fairly slow, you'd want to bump up the timing check for new files such that it only 'kicks in' after the file hasn't been modified for a couple seconds, to ensure the integrity of the data being encrypted.

So on one hand, using fully existing hardware one can have this feature today.
On the other, the fact it is some one elses existing hardware is the only reason this can't be sold by a 3rd party right now. (Which isn't necessarily impossible either, but does require securing permission and contracts from the companies that make the things)

There would be a higher cost associated in 'reinventing the wheel' and designing your own version of those SD cards, but obviously that is very much within the realm of possible seeing as it has been done before.

Re:SD card feature?

[Applehu+Akbar]

How do you go about entering a password on a camera? Any virtual keyboard on a camera would be controlled by the arrow keys and Select button, like name entry on the early video games. No photographer would use such a scheme more than once.

I have my iPhone set to automatically Dropbox all pictures I take with it. Even if someone were to grab my phone on the scene I still have my shots.

Re:SD card feature?

[YrWrstNtmr]

Eye-Fi is pretty much defunct. And I say this as a long time user and previously ardent supporter of that tech.

I used it all the time to auto-download to a tablet in my backpack.

Re: SD card feature?

[Applehu+Akbar]

Encryption could also be built into online photo sync systems like Adobe Creative Cloud, so that encryption would take place when you upload the contents of an SD card to the service using a tablet or phone at the end of a shooting day. By the time you cross a border, all your SD cards can be reformatted in camera (not just erased) and your images are encrypted on a server until you get home. This keeps all of the encryption and decryption off the vulnerable camera.

Re:SD card feature?

[cfalcon]

> Adding encryption to cameras will just slow them down
Yes, and if this is a problem you need to add enough hardware to the phone to accomplish the encryption within the needed read/write time of the camera. Given how little power this takes relative to modern processing power, and given the specialized solutions available in most modern chips, this is exactly what is being added.

> and cause compatibility problems with photo editing software.
No, by the time software sees the files they are unencrypted. This is not a concern.

Phones tend to control the entire stack, so adding encrypting to them was mostly invisible to the user, except for the obvious passcode or password. Because cameras are meant to be much more functional, you would need to have a setting on them that allows for optional operation in encrypted mode, with the user being left with the hassle of extracting data from an encrypted SD card. This also means that there would need to be an agreed upon standard that all cameras and other things interfacing with their cards could use, which is probably the real reason this is taking awhile- there's no commonly understood standard for this sort of thing across filesystems in the real world.

Cameras getting encryption is a bit less important than phones getting encryption, as well- because many cameras don't store anything EXCEPT to removable media, whereas phones are a stack of everything all in one place. Still would be nice though.

Re:SD card feature?

[John.Banister]

Perhaps a card could have it's functionality oriented in the opposite direction and function based on what it receives. It could self encrypt the data with a resident public key, and play it back so long as it can receive a requested private key via WPA2 connection to an external device (eg your phone). People with phone confiscation worries could use the phone as a fragile conduit to a remote key server.

Re:SD card feature?

[RightwingNutjob]

Let's also point out the obvious flaw here: encryption takes time and writing to a flash memory device takes time.

This thread is turning into another "smart gun" debate. One side wants a technology that has to read minds and violate laws of math or physics in order to work as conceived, and the other side isn't interested in going down a rabbit hole of silly.

Re:SD card feature?

[ceoyoyo]

Except, how will this work if you want to see the photo you just took?

Who could do photography under those conditions!? ;)

Encrypt-only isn't the solution to everything, but it actually might be a better solution to the problem stated in the summary. If you leave the decryption key at home then you can't decrypt it, even under coercion. Plus, if it's in the card, you just swap cards between regular shots and things you think might be sensitive. Provides some plausible deniability too: yeah, here are the pictures I've taken; oh, haven't used that other card yet.

As for looking at the pictures, you couldn't do that in the field with film either. And documentary photographers might look at quiet times for interest sake, but they don't shoot, check the photo, ask the subjects to stand differently, shoot, rearrange.... At least they're not supposed to.

Re:SD card feature?

[magarity]

How do you go about entering a password on a camera? Any virtual keyboard on a camera would be controlled by the arrow keys and Select button, like name entry on the early video games. No photographer would use such a scheme more than once.

That's how one sets up camera WiFi and radio flashes. So, yes, the camera already has virtual keyboard. Its no worse than navigating such things as FireTV Stick, etc. If you're the 1 in a million photographer trying to get pictures out of North Korea or Burma then you'd be happy to have such a system. The rest of us wouldn't want to encrypt even if it was easy.

Re: SD card feature?

There's also no reason why there can't be an in-camera buffer of a few frames, or maybe a minute or so of video, that's flushed whenever you shut the camera off or within a minute or two of capture. With that kind of arrangement, only the last image or 2 would be available for someone else to look at, and only for a short time. Actual image storage would be on the SD card with encryption as described above.

If you're operating the camera as designed, and if the viewfinder and/or display screen is showing you the full frame (a problem with some cameras), review only serves a function if you may want to immediately delete an image that didn't work as expected. How often is it necessary or even desirable to do extensive review and in-camera editing?

Re:SD card feature?

Encryption using a hardware chip is extremely quick. Even a $5 RSA encryption chip could do the job in about 1/100 of a second.

Re:SD card feature?

[nospam007]

"This isn't rocket surgery."

As a rocket surgeon, I can tell you, it ain't as easy as it looks.

Re:SD card feature?

[The+MAZZTer]

Any such encryption would have to be invisible to the camera in order to work, so the camera would still be able to view the pictures, and this is how anyone would check your pictures anyway.

Re:SD card feature?

[mysidia]

Encrypt upon capture with encrypt-only software would prevent the camera user from being able to review the photo they just took

Encrypt all the photos on a particular card with the same 128-Bit AES "User Key" that is generated by applying a certain number rounds of Argon2id to a passphrase selected by the user. Save a strong hash of the key on the card alongside each file --- AND keep the key in RAM until the camera is shut off, or the user pushes a 'lock' button to allow picture review.

When the camera is turned on, the user will be prompted to enter that SD Card's "User Key".

Also, when the user loads the SD Card into a computer they will see on the SD Card a "Filesystem file" that the filename is the hash of the user key, and the content is an exFAT filesystem image file where each sector is encrypted using the user key, and the listing of files is embedded into the image.

Re:SD card feature?

[mysidia]

Encrypt-only isn't the solution to everything, but it actually might be a better solution to the problem stated in the summary.

Yeah.... even if you go encrypt-only; you could still use a unique symmetric key for each file, and just encrypt the symmetric key using GPG.

Hold the symmetric key for each photo in RAM for a short amount of time to allow the review process, and then when the camera is shut off, or the review is done --- purge the symmetric keys from RAM.

Re: SD card feature?

[Monster_user]

If you can't decypt it, the you can't take the photos out of the country.

Problem still exists, and now you've got built-in ransomware on your device, because the majority of you customers don't know a thing about encyption. I for one hate encryption of my personal devices, it makes it difficult to make unencrypted backups or to switch vendors.

Better to use encrypted LTE and upload to Dropbox, then delete the photos. That way the photos have already made it out, and there is less risk to the photographer.

Re: SD card feature?

The iPaq handheld implemented this with windows ce. The card was was encrypted with a device-specific key so it could not be read in any other devices

Re:SD card feature?

[CaptainBaseballbatBo]

Except, how will this work if you want to see the photo you just took? Encrypt upon capture with encrypt-only software would prevent the camera user from being able to review the photo they just took until they get to a device that can decrypt them

That problem could be solved by encrypting the photo only after a period of time; as a photographer I'm interested in the photo for about 1 minute anyway to be able to check it's not over / underexposed etc. Asynchronicity would also solve the problem of encrypting in real time.

Re: SD card feature?

SD - secure digital. They have stuff preventing illegal copies. Ie content protection. That can be made to work for photographers.

Not that it will help against border guards. If camera makers uses the drm capability of sd, they will know. "Enter the key, or we will keep both you and the camera for eternity"

Re: SD card feature?

Encrypt is easy. Still have to do key management which without cooperation with SD card and SoC manufacturers is hard (to be secure). Unless you are happy with security theater (eg TSA alike)

Re:SD card feature?

Why? This could be pretty easy.
Just load up a small version of gpg that only encrypts.
Load in your public certificate, and have it encrypt every picture using that.
When you get home you decrypt them.

Except, how will this work if you want to see the photo you just took?

The same way photography worked for decades? As in you wouldn't be able to see the picture you took until much later.

Re: SD card feature?

[viperidaenz]

When was the last time you managed to access Dropbox via LTE while in North Korea?

Re:SD card feature?

[ArchieBunker]

Hardware encryption won't slow anything down.

Re: SD card feature?

[viperidaenz]

Unless you're trying to get out a country with no internet.

Maybe you're a journalist in Iran, involved in the recent protests. Iran cut off the internet in entire parts of the country. They also block a lot of sites when you can get access.

Or maybe Syria?
Or North Korea?

Re: SD card feature?

Floppy write protection was software driven also.

Re:SD card feature?

[Teun]

There are reasons digital photography left the old analogue behind, immediate checking of the results is one of those reasons.

Re:SD card feature?

[beckett]

like film. we survived waiting to develop the emulsion back at the lab.

not suitable for all situations but it would be a welcome toggle setting that the ohtographer could pre-set for anticipated challenging situations.

Re:SD card feature?

[Teun]

The higher end camera's have a significant fast memory buffer from which the pictures are transferred to the slower removable media.
The manufacturers will have to devise a system whereby said buffer will not retain a tell-tale.

Re:SD card feature?

[Teun]

Thanks for the valuable information.

Re: SD card feature?

[Teun]

Or the USofA where all your rights are waved within a significant distance of the international borders?

Re: SD card feature?

Many newer cameras have touch screens, so unlock with a PIN.

Re:SD card feature?

[djbckr]

You are pointing out something that film photographers have dealt with for decades: Did I have my settings right? Was I underexposed/overexposed? etc. When I look at my pictures, I *mostly* look to see that it's an acceptable exposure - my histogram is beside the picture. If that looks reasonable, I move on. The encrypt-immediate process could leave the histogram un-encrypted. You can't surmise what the picture is about based on that, but at least you know you have a decent exposure.

Re:SD card feature?

[Teun]

The pictures of your parter in an undressed situation might be another cause for encryption.

Re:SD card feature?

[Teun]

A modern hi-end camera has a touch screen with a virtual keyboard.
Even a fingerprint sensor could be considered.

Re:SD card feature?

[ceoyoyo]

I thought the winky face made the sarcasm clear. Or did you mean to reply to the GP?

You could leave the histogram unencrypted yes. I doubt that would be a big selling feature though. Documentary photographers probably don't look at their images (or histograms) much while they're in the kinds of situations where you'd want to encrypt pictures. And those of us who learned with film often rarely look at the back of the camera any time.

By encrypting everything you could hide the pictures entirely on the card. If someone looks it just looks empty, or maybe you put a smattering of innocent photos on it.

Re:SD card feature?

[AHuxley]

Re "Hardware encryption won't slow anything down."
A consumer dslr can do 5 images in a set time before the hardware and media need time to catch up. The camera stops for a while as the buffer of set size and speed fills.
Call it say 30 images with a more expensive dslr. Then the much faster card has to saves the images.
Add encryption and that rate stays the same, gets not as good for that generation given the new encryption.
The competition selects not to offer encryption. Their lack of heat, power, working on the file in a new way with encryption allows their image per time number to look better.
Their buffer just works on images, not having to work on and wait for encryption. While one weather sealed camera slows to encrypt, uses more power to encrypt and gets warmer, the completion captures a few more images per set time.

Hardware encryption needs more battery support, makes more heat, slows the buffer. Less images per set time and thats one selling point that has to be better.
Selling a slower camera with less images per buffer size at the same price as next generation will be difficult given what new encryption will take away.

Re:SD card feature?

[K.+S.+Kyosuke]

Except, how will this work if you want to see the photo you just took?

Clearly photography could never work under such conditions...

you know, like when the soldier grabs your camera right after you snap the photo of the soldier beating up a protester...

If I'm not mistaken, there are cards that immediately send the data wirelessly into another device.

Re: SD card feature?

[ceoyoyo]

"If you can't decrypt it, the you can't take the photos out of the country."

Why? You leave your decryption key at home. When you get home, you decrypt it. If you get caught in-country, the pictures are unrecoverable, which is what you want.

The easiest way to implement it would be to use a standard encryption library. No problem decrypting with anything you care to pop your SD card into.

Re:SD card feature?

[EETech1]

http://www.toshiba-memory.com/...

Ever used these? I just bought one a few months ago.

Re:SD card feature?

You do not need to see it. Or you review the version that is in the camera RAM (one image only if need be).I suppose this could be made to work in a 'write only' SD card - which would show teh file system metadata, but turn all image block data into something undecodable on readout.
For most security, the key is only available at the photographer's home base.

Cameras have too small a market for this kind of feature. At leas in a memory card it can be amortized over more devices (secure logs anyone).

Re:SD card feature?

[Altrag]

The same way your iPhones does it? Sure there's some debate with regard to biometric vs passcode entry (especially in the US with respect to the 4th amendment) but aside from that, its pretty much a solved problem.

Camera makers are either being lazy, or being coerced. I suspect the former. Keep in mind it wasn't that long ago that people were bitching about camera makers not bothering to introduce digital processing features that iPhones had years earlier (to the point that some photographers were talking about just switching to using their phone flat out. Probably not seriously but I wouldn't be surprised if at least some of them chose to use their phone for certain pictures for a while, just so that they could see the filters and other processing applied on-the-fly rather than having to hope they get a good shot that they can photoshop later.)

Re:SD card feature?

Okay dumbass you laid out two contradictory scenarios.

a) If you're in a situation where you are afraid that your camera could be taken any second and they could see the photo you just took, turn off the image review feature.

b) If you're not, and you are just worried about photos being seen or copied later (e.g. in a normal journalistic scenario) then you leave review on so you can see that you got the shot you want.

Asymmetric encryption is a really fucking obvious solution that I as well as a dozen other people in this thread thought of while we were still reading the summary.

Re:SD card feature?

[Altrag]

Fingerprint scanner? Or change the screen to a touch device and put up a number pad? Hell they could get rid of the arrow keys and shit if they designed a decent on-screen interface. There's plenty of ways they could do it.

They're just being lazy and cheap and relying on the fact that there's only two major brands (Nikon and Canon.) Sure there's plenty of smaller names in the industry as well but there's also an insane amount of brand loyalty holy wars so the smaller brands have a hard time gaining market share even if their devices are objectively better in some way.

Imagine in Apple decided to enter the market. Perhaps an add-on that allowed you to attach professional lenses to your iPhone (which already has a pretty good CCD.) They could potentially demolish the market. Of course I don't know if the professional photography market is big enough for Apple to bother, but if they did it would at least force Canon and Nikon to start innovating again in areas other than megapixels or whatever the buzzword number of the year is these days.

Re:SD card feature?

[dgatwood]

Selling a slower camera with less images per buffer size at the same price as next generation will be difficult given what new encryption will take away.

The buffer size is an implementation detail. Nobody outside the manufacturer knows the actual amount of RAM (though we can roughly approximate it by multiplication), which means the manufacturer could easily bump up the RAM by 10-20% to support the crypto hardware, and the public would be none the wiser.

And at current flash card write speeds, I don't think you'll hit a wall in terms of performance or heat, either.

No, the reason they won't add this feature is that only a tiny percentage of users care, and it would probably add ten bucks to the BOM cost of the product — a cost that they will have to eat, because only a tiny percentage of users care. If it added ten cents to the BOM cost, it would be too much.

Realistically, the way you're going to get features like this is not through the manufacturer, but rather through custom firmware like Magic Lantern. They have some limited encryption (public-key crypto is likely impractical because of limited CPU speed), and it would be relatively easy turn it into nearly unbreakable encryption through careful use of a one-time pad:

• Write a random data file that is roughly the size of the flash card BEFORE you leave the U.S.
• Make a copy (or multiple copies) of that file and leave it (them) at home.
• XOR each block of new files with a block from the end of that file.
• Truncate the random file to discard the random blocks.
• Write the encrypted data to the flash card.
• Write a mapping table entry that says "file foo.jpg should be decrypted with blocks 794-796".

With that approach (truncating before writing), nearly all of the used random data blocks will get overwritten almost immediately by encrypted image data, making recovery of the original random data physically impossible for anyone without a copy of the original random data file.

For maximum safety/paranoia, you could add code so that when you switch the camera off, it creates a file as big as the remaining space on the flash card, zero-fills it, and deletes it a few times, but such a feature should be independently gated by a separate, user-controllable setting, because it would have a serious impact on the lifespan of flash cards.

Re:SD card feature?

So are these tits going to be satisfied that every time they turn on their camera they need to input a suitably strong passcode to unlock it? Without that it isn't really usefully encrypted if you want to protect your photos from prying eyes. At a minimum it would need to be enter key once until allocated button pressed to lock down device. Encrypting it is easy, making the device usable whilst having that functionality is slight more complex especially as you'd need a camera chip with AES-NI on it for speed and you still may take a hit to the FPS, responsiveness or battery life of the device.

Re: SD card feature?

[Monster_user]

Encryption on digital cameras is rare. Because it is rare; it is suspiscious. Unless you are a spy working for an intelligence agency, you're going to get the same punishment regardless of whether they can decrypt the photos.

Encrypting my photos means I can't decrypt them when I get home because I lost the decryption key. Furthermore, it means I have to remember to decrypt them before backing them up, because I will eventually lose the decryption key.

Re: SD card feature?

When was the last time you travelled around North Korea taking photos?

Re:SD card feature?

In any country ruled by a regime that would make this a desirable feature I can simply imagine the photographer getting the living shit tortured out of them and/or their gear/card confiscated. Either way you don't get the photo. If I'm a jackbooted security operative in a despotic country and I find a dude with a camera that I cannot see the photos on and/or the device requests a "user key" he's headed straight to defcon lead-acid meets testicles.

Re:SD card feature?

[pikine]

Here is an article about password protecting SD cards using custom hardware. It has some technical detail how it works. All SD cards should have the password feature, just that not all cameras let you enter a password to unlock the card for access. It may be at odds with the need to be able to pull out the camera and immediately start shooting an unanticipated fleeting moment. The camera might want to keep the card unlocked, but have a dedicated lock button to relock the card before encountering security searches.

Re:SD card feature?

I believe hi-end Canikons can perform that signing task. I seem to also recall having read an article about how such signing could be faked in the usual security concept meets implementation flaw manner.

Re: SD card feature?

[Immerman]

Possibly on some newer drives, but the original design was implemented in hardware/firmware - even with raw system control (no OS present) you couldn't write to a copy-protected floppy, the drive itself would return an error.

Re:SD card feature?

[AHuxley]

Re 'which means the manufacturer could easily bump up the RAM by 10-20% to support the crypto hardware"
In a weather sealed, small camera that needs 4K movies and a lot of other new useful features and has to support more and more images, have more resolution, capture more data per image?
The manufacturer has so many other heat producing, battery using systems to try and fit in without adding new costs of "bump up the RAM by 10-20%"
Then to "support the crypto hardware".

Consider the user side too. A user sets a code. They forget the code. They want their best images back... The brand gets asked to recover the images, they cannot. The once captive user who was fully invested in branded lens, branded hardware is unhappy with that brand.
A lack of encryption makes for lower costs, allows limited memory to work as expected for the costs, cpu, heat, power and other limitations to be used on features that make a product stand out from past generations.
Adding encryption would need more cooling, more power, a larger physical size of camera, more costs to pass on for design work to keep the existing size?
New special chips or slow the existing chips to now do encryption too?
The "cost that they will have to eat" is going to codecs, 4K, the next ten of camera. Not much room in the costs to add a new design for crypto. Unless the features are reduced, kept the same, costs are increased. Who wants a next ben camera thats like the last one with more costs and "crypto" as the only new feature. With the same/less images in a set time.

Re: SD card feature?

If you're going to put biometrics on a camera, I'd go with a 2-factor system.
1) face recognition, hey it's already a camera
2) a PIN so the TSA can't just get your own camera up in your face area to unlock it

Re: SD card feature?

[Immerman]

So, make it not rare, and not obvious. Standard option somewhere in the settings to turn encryption on and off, and encrypted files just get totally ignored by the browse/review interface - if all you've taken is encrypted photos, the camera appears to be empty. Take a bunch of non-encrypted vacation photos, and you have a nice decoy - unless the jackbooted thug actually pulls the card and examines it on a separate diagnostic device, the encrypted stuff is invisible.

For added convenience you might list the actual free space while in encrypted mode so you get some advanced warning before getting a "no space for photo" error. That's slightly less obfuscated in that the thug wouldn't need a separate diagnostic device so long as they knew what they were doing - but that calls for a somewhat higher grade of thug.

Moreover, the point of encryption is not so much to protect yourself - if that's your goal then you don't try to break stories where encryption would matter. The goal is to protect your sources.

Re:SD card feature?

[Immerman]

Actually, I suspect it was very far down the list - digital cameras were getting quite common before even really bad screens became standard. Digital took off because it was cheap and convenient, with basically zero incremental costs for each photo and no need to take it to somebody and wait a few hours/days to get it developed.

Screens are like the "instant" Polaroids of the photography world - quite popular among the hobbyists, but largely irrelevant to most professional photographers. If you have to look at the camera to tell whether you got a decent shot you don't know your camera.

Re:SD card feature?

[Immerman]

So be stealthy - encrypted photos are completely ignored by the on-camera browser. Take a few innocent unencrypted ones to allay suspicion.

More to the point, encrypting the photos isn't intended to stop you from getting caught - it's intended to protect your sources *if* you get caught. If you have the time you'll have already swapped out to a decoy SD card anyway, so that there's nothing suspicious in the camera. Encryption is for when you don't have the time, or they find your real card.

Re:SD card feature?

[Immerman]

Ram usually doesn't store a tell-tale for long without pretty extreme measures. And if you were concerned about it it wouldn't be terribly difficult to fill the entire memory with random noise whenever it's powered off - that should take care of it nicely.

Re:SD card feature?

[Immerman]

Easy solution - put the encryption on a toggle feature. Don't need it, don't use it. Need it, it slows down how fast you can take photos while it's turned on, and probably makes those photos impossible to review, if not outright invisible without separate hardware.

Re: SD card feature?

It works for cheap smartphones, why wouldn't it work for pro DSLRs and video cameras?

Re: SD card feature?

But you make it look soooo easy!! Easier than brain science.

Re: SD card feature?

So have two keys, one that unlocks the tourist vacation photos. Nothing to see here, move along.

Re: SD card feature?

Or you're a victim of good old fashioned police thuggery: "Delete those photos now, or you're spending a night in the cells".

Re: SD card feature?

[slazzy]

There are a lot more countries that will shit on you over photos, in fact almost every country will in some situations. Still, i agree that unreliable lte goes along with unfriendly governments, so uploading would not be an option for everyone.

Re:SD card feature?

[rally2xs]

"Yes, saving will be a bit slower,"

So the $6,500 camera that the sports photographer just bought and is using at 11 frames per second to capture all the action at the basketball goal that he just paid some local official to be able to position himself above is not going to be able to run his camera at 11 frames per second any more because it is screwing around encrypting his 42 megapixel files shot in "raw?" I'm sure he's going to buy a camera that works like that... not...

Re: SD card feature?

Not that easy. You cannot encrypt on FS level, as the SD cards will be formatted in FAT (which is the only widely spread FS.

So then each camera manufacturer would need to provide (badly maintained) decryption software running on multiple platforms. In addition you need to start deploying security updates to the cameras.

The only practical way would be if this became a standard feature in SD cards.

Re: SD card feature?

[BronsCon]

No, the movable tab achieves he first item on that list.

Cards can protect their contents from erasure or modification

Maybe read the linked article and some of its references? I mean hell, this tech has been around for over 18 years and is well documented.

Re: SD card feature?

[olof_k]

You're right. And it's being done already by a company called Zifra https://zifra.tech/ They have the hardware already and many clever ideas for how to make this easy and secure. I have talked to them quite a lot over the last year

Re:SD card feature?

[ZifraTech]

This is exactly the problem we at Zifra Tech (small new organisation in Sweden) are fixing. We are developing special memory cards that can perform the encryption directly in the camera (while still allowing the user to look at the images until turning off the camera). For more info, check out our webpage https://zifra.tech/ Cheers, Robin

Re:SD card feature?

[Cederic]

To be fair, he'd just turn off the encryption.

It's the guy shooting in a dodgy situation that will go, "Yeah, losing processing power and dropping to 4 frames per second is a reasonable trade-off if it stops people getting killed."

I'm just not sure that there are enough such people buying cameras to justify the cost of adding the feature.

Re:SD card feature?

[Cederic]

The camera stops for a while as the buffer of set size and speed fills.

Nah, not any more. The storage media is now bloody fast and can keep up. My camera can sustain 17fps for a couple of minutes.

Admittedly if I set it to capture at 60fps (the most it will do in RAW) that slows right down after the buffer is filled.

Re:SD card feature?

[Cederic]

Since cameras tend to write their data fairly slow

Are you shitting me? If you're shooting events (sports, combat, civil disruption) you're hitting the shutter frequently and/or using sequential capture at (up to) double-digit frames/second. The cameras are writing files in tenths of a second at most.

Re: SD card feature?

This entire discussion is not about beating tire iron decryption by sanctioned officials. Nothing stops that other than a body guard willing and able to murder you out of the scenario.
This is about nosy busybodies likely violating their own, self-enforced, laws because they are bored and feel like harassing someone at random. The photographer here is better off losing the pictures than revealing to the cop that he happened to have interviewed someone who is reporting that cop, or his bosses, Etc, in a flagrantly compromising bit of corruption.

This means that a six digit pass key is probably good. But a cheap chip and an "enable me" switch will allow the camera to format the Sd card, and thereafter write an encrypted DataStream instead. Decrypting requires the passcode on the camera (duress key optional and expensive pro option) and using usb instead of the card directly. You could add a decryption app on the PC as a pro license pure profit option of course.

Plenty of benefit to be available on both sides.

Want encryption, download this firmware upgrade for $999, bound to your camera serial number. Probably weakly hashed ad the secret key itself, but good enough outside of tooth pulling hose beating scenarios.

Re:SD card feature?

[Cederic]

They're a bit slow though. Don't get me wrong, a few years ago they'd have been top-end cards, but they're just not cutting it for modern cameras.

RAW file sizes are higher, capture rates are higher.. SD cards need to keep up.

Re:SD card feature?

Check this: https://zifra.tech/

It's exactly what you are looking for. An SD card that encrypts the data, with journalists as the prime use case.

Re:SD card feature?

[rally2xs]

Well, if you can turn off the encryption, then fine, there's no problem other than the presence of it probably making it cost more.

Re: SD card feature?

[sound+vision]

I believe you wouldn't use it more than once, and I also believe you're not a photojournalist in a warzone. Taking 60 seconds to decrypt your pictures once you get back to safety would be the quickest, easiest part of the job.

Re:SD card feature?

[olof_k]

There's a company called Zifra https://zifra.tech/ that does exactly this. They have the hardware ready and plenty of clever ideas for the software. I have talked to them quite a lot over the last year and they are doing a great job

Re:SD card feature?

[AlwinBarni]

It seems to me an important feature, which obviously should be optional (e.g. a special button, like now RAW format).

As for not being able to review the images, there was a time (not so long ago), when reviewing required sending your film to being processed first and somehow photo journalism existed. Please keep in mind that, as far as I understand this request, the feature is to protect lives of journalists in rogue states, where when being found with "forbidden" photos might put them to jail or even cost their lives, and usually such situations involve no time to copy the photos and encrypt with e.g. laptop, also no WIFI around.

In my opinion the option should make the photos completely undetectable on the camera, which in the worst case can cost a journalist his camera. Of course rogue states can still just ban cameras with such features, that's why it is important to have cooperation from all camera manufactures, but let's be honest here, when was the last time corporations stood for average human being freedom risking banning their products.

Re: SD card feature?

[jouassou]

Not necessarily. Just use an encrypted file system instead of encrypting each file. Ask the user if they wish to set an encryption password when they format a new SD card, leaving the ability to use legacy non-encrypted vfat if they so wish. Now, every time you turn on your device, it'll ask you for a pass code to decrypt the storage. If you're in trouble, turn off the device, and don't give away the code, assuming you're in a region where they can't just beat the pass code out of you (in which case you'd be screwed regardless of whether they see the contents of your camera or not). Sure, using that feature might make saving pictures slower, and drain the battery faster. But for many journalists that might be an acceptable tradeoff for their privacy, which is why the best option would be to implement the feature, tell the user about the tradeoffs, and let them decide. Note that encryption of whole SD cards has been a thing on phones for quite some time, and my encrypted phone still lasts a couple of days per charge, even though it does a lot more than take pictures. There's no reason that can't be ported to "proper" cameras too.

Re:SD card feature?

[Bob+the+Super+Hamste]

Perhaps an add-on that allowed you to attach professional lenses to your iPhone (which already has a pretty good CCD.)

People already do make add on lenses for iPhones and while they will give you some telephoto abilities they will never produce professional results. The reason is that the sensor in the iPhone and stock lens are already diffraction limited so any lens with a greater f-stop than the factory one will only make that worse. Also since no lens is perfect adding another one will only introduce additional optical defects and aberrations into the final image. Now some times this is acceptable (look at 1.4x and 2x telephoto converters) but the results are not as good as just using a larger lens to begin with. For example I have a very nice SMC Takumar 200mm lens and a really cheap 400mm lens, I get better results with the cheap 400mm lens than using the 200mm with a 2x telephoto converter. That said before I got the 400mm I would use the 200mm + 2x converter for that extra reach as the results were still better than a tighter crop of an image taken with just the 200mm lens. So don't expect adding more glass in front will work miracles.

Moving on to sensors the iPhone has a very good sensor for its size but it is still a tiny sensor (about 6mm x 5mm). Compare that to a professional full frame sensor that is 24mm x 36mm, APS-C 22mm x 14mm, medium format (43mm x 32mm or 53mm x 40mm) sensor. The light gathering ability of those larger sensors is substantially better that the tiny sensors in cellphones. The iPhone does use a back illuminated sensor which does help it out with high ISO noise but even then the high ISO performance of the larger sensors is vastly superior. It looks like the iPhone tops out at ISO 1250 which is pretty damn low compared to even an old DSLR (I have a 10 year old one that tops out at ISO 3200 and one less than 2 years old that tops out at ISO 51,200) and the amount of noise in the image from the iPhone is comparable to my newest camera at ISO 25,600 or the older one at ISO1600.

Then you have the combination of the existing lens plus sensor on the phone which produces a very deep depth of field, even with the "telephoto" lens on the iPhone. Yes software can fake it but there is a reason that professionals like a mild telephoto (in the 70mm to 150mm range) with a nice f/2 aperture on a full frame camera or better yet a 200mm on a medium format for portraits. The depth of field comes about because of the sensor size and focal length so a big sensor with a big lens will give you a shallower depth of field while the tiny sensor (crop factor of about 7) with tiny focal length (about 4mm) give a very deep depth of field. If I want that I will stick my 17mm fish-eye or 28mm wide angle on my full frame camera, set the f-stop to f/11 or f/16 spin the focusing ring over to about 2 meters and not bother focusing it again and go do some street photography. In looking at a lab test of the iPhone 8 image quality I'm not impressed with what it produces under ideal circumstances but there one is a pixel peeper.

All that aside a camera like what one finds on a modern good quality cell phone will be all most people, 99% of people fall in this category, will ever need and they will never find the camera being the limiting factor in their photography ability. The only area that these cameras could really improve would be in noise reduction, especially at high ISO, as they are at the limits of what can be done to improve image quality with optics and pixel densities. Even there they may be rapidly approaching the limits but I don't know much about that area of senso

Re: SD card feature?

[nwf]

If you are in North Korea taking pictures, you aren't going to get away with "they are encrypted!" They'll confiscate your camera and memory cards and destroy both. Then lock you in a second-century jail for the rest of your life.

Thank goodness for encryption.

Re:SD card feature?

[lucaq]

Canon has a product.

http://web.canon.jp/imaging/osk/osk-e3/index.html

Re:SD card feature?

[dgatwood]

Re 'which means the manufacturer could easily bump up the RAM by 10-20% to support the crypto hardware" In a weather sealed, small camera that needs 4K movies and a lot of other new useful features and has to support more and more images, have more resolution, capture more data per image? The manufacturer has so many other heat producing, battery using systems to try and fit in without adding new costs of "bump up the RAM by 10-20%" Then to "support the crypto hardware".

You're dragging cost in. If you'd read the rest of my post, you'd see that the very next thing I said was that the reason was cost, not technical challenges.

Heat is really not a factor in camera design, with the exception of the image sensor itself (which can't have a traditional heat sink for obvious reasons). A typical camera is huge by the standards of modern electronics, with lots of empty air space into which heat can be dissipated. An extra RAM chip isn't going to make enough difference to matter. I mean their CPUs typically run almost half a decade behind the state of the art in terms of their process size. If heat were a significant factor, don't you think they'd spend the extra money on improving that?

Battery power for RAM is a factor, but not a big one. The number of shots per battery charge is measured in the high hundreds to low thousands, most serious shooters carry multiple batteries, and most casual shooters can go two or three days on a charge unless they're shooting lots of video or have Wi-Fi turned on. And the number of shooters who care whether it's 900 shots to a charge or 800 is likely about the same size as the number of shooters who care about crypto.

No, those things are excuses. The reason is cost, period.

Re: SD card feature?

[cthulhu11]

In the film days one got by without review for multiple reasons, including:

o The bar for acceptable focus was much lower
o The bar for acceptable grain/sharpness was lower
o Film is more forgiving of the dynamic range of skin tones
o Film would be pushed / pulled more effectively

A compromise would be to buffer unencrypted previews for 30 seconds. Encrypted shots would go to storage, unencrypted previews would be gc'd after a a configured amount of time.

Re: SD card feature?

[JesseMcDonald]

If you are in North Korea taking pictures, you aren't going to get away with "they are encrypted!"

Missing the point. Encryption isn't primarily to protect you, it's to protect your sources. To protect yourself from discovery you'd need plausible deniability, and possibly steganography, which are outside the scope of this proposal.

Re: SD card feature?

[nwf]

Not sure I agree. If North Korea tortures you until you provide they key, what's the difference between that and no encryption as far as they are concerned? Sure you may not have a key, but then you die and your pictures never see the light of day. Keeps the source safe, but they've taken risks for no benefit. Or they install malware on all your devices and hack into your home computer and get the key. People suck with keeping things secure.

These are likely the issues as to why manufacturers won't ever do this. Either it gets someone killed (bad PR) or is an incomplete solution (especially since NK's pal China can likely break your cheap camera encryption anyway.) Doing nothing is the safest solution. The photographers can learn to hide the good pictures and gave lots of pictures of happy NK citizens for a cover.

Re: SD card feature?

[JesseMcDonald]

If North Korea tortures you until you provide they key, what's the difference between that and no encryption as far as they are concerned?

Well, there is the fact that they would actually have to torture you, which might cause more diplomatic problems for them than simply seizing your equipment. There is also the possibility that you don't have the decryption key in the first place; the photos could easily be encrypted such that only your superiors in whatever organization you're reporting to have access to the decryption keys.

... but then you die and your pictures never see the light of day. Keeps the source safe, but they've taken risks for no benefit.

They'd be taking far more risk for no benefit if the photos were intercepted without encryption. Of course, the goal is to get the photos out of the country undetected, and for that purpose a prudent photographer would take the steps others have reasonably suggested, like transferring the photos to a secure device—ideally a remote server in a "safe" country—wiping the camera's memory card, and filling it with innocuous "decoy" shots. The purpose of on-camera encryption is to plug the gap which exists between when the photos are taken and when they can be offloaded to more secure storage.

Re: SD card feature?

[Immerman]

It is, but if it's the price of absolute security then perhaps it's worth sacrificing. I would assume it would be a toggleable option, so you'd still get review on vacation and artistic photos, just not of anything taken in encrypted mode. Which is probably generally going to be evidence, and held to much lower standards of artistic quality.

As an added bonus, if the review feature simply ignored encrypted photos then it would add a little obfuscation - guard seizes camera, only sees your vacation photos. No prompt for password or anything. Nothing looks suspicious and you're probably on your way.

And as AC says, you could potentially still review the last few photos that are still in RAM, which lets you still verify exposure, focus, etc.

Re: SD card feature?

[Immerman]

True. But we're talking about documenting evidence, not taking award-winning artistic photos. For non-sensitive stuff I'd assume you'd turn off the encryption.

But yeah, buffering the last photo of two so you could at least verify proper focus, exposure, etc. would probably be relatively safe.

Re:SD card feature?

[torkus]

Not really...make saving the PIN/decrypt key optional. People in high risk situations would gladly forgo the ability to review pictures (it would be trivial to keep the 2-5 second preview) in order to be sure that no one can access their photos. Heck, if you keep the decrypt key secret from the photographer (i.e. for reporters) then it would be impossible to force them to give them up even.

This isn't a smart gun debate for so many reasons...death is not a likely outcome from the use of encryption on cameras for one. Plus this is available in levels and easy disable entirely. Plus, unlike a gun, most people who use a camera WILL have advance notice and are unlikely to die if they are unable to point a camera back at someone pointing one at them.

Way to bring unrelated but hotly debated topics into the discussion though.

Re:SD card feature?

[RespekMyAthorati]

is not going to be able to run his camera at 11 frames per second any more because it is screwing around encrypting his 42 megapixel files shot in "raw?"

Of course, if there is anything that oppressive governments don't want the world to see it is a basketball game.

Re:SD card feature?

[Altrag]

Yeah it would have to absolutely be something Apple designed and built for. I have no doubt that just tacking a third party lens on top of (rather than in place of) the existing lens would be less than ideal. I'm thinking something more in concept to those cheap 3D glasses where you drop your phone in to do most of the heavy lifting.. so the "camera" is just a foundation for holding the lenses, the tripod mount, etc.. and your phone acts as the camera's processing unit, replacing the often-terrible display, buttons, UI, etc with something designed by a company known for good (or at least reasonably decent) design.

Of course it would be optimal if the camera's CCD could be used as well, but its not 100% necessary for my idea. It would just save having to attach a plug or otherwise pairing the phone with the "camera" unit.. though that may be desirable anyway so that the phone could control things like zoom and focus and other features that require physically manipulating the lenses and other non-processing operations.

Re:SD card feature?

[Bob+the+Super+Hamste]

In that case something like what the new Pentax digitals have might be what one wants with their wireless tethering. I haven't used it as my camera is one generation back and so doesn't support it. I have found that digital camera controls range from just pisses me off to being somewhat intuitive with Pentax being the somewhat intuitive and Canon just pissing me off. Granted these are for high end DSLRs not point and shoots which I just get mad at because I want to do something the camera things I shouldn't. Up until late last year I was still exclusively using film in an old but very high end all manual 35mm camera so all I really want is a quality view finder, and an easy way to set aperture, ISO, and shutter speed for controls.

I think we have already seen the split with cameras and you are going to see brands like Nikon, Canon, Pentax, Sony, Minolta, Olympus, etc making very good cameras for serious amateurs and pros while the general population takes cat and food pics with their cellphone and can get a reasonable 8x10 under ideal circumstances. The point and shoot will likely disappear in the next few years and the superzooms will be a very small market. Likely just a stepping stone between the cellphone and high end DSLR or mirrorless, if those eat the DLSR market, likely within a decade. My wife loves her cellphone camera and 3 year old point and shoot digital because she just wants to push a button and get a not completely shitty picture (out of focus, under/over exposed) but wants nothing to do with my cameras. Yet if she needs some nice pictures of quilts for publication she will have me take some really nice ones with my camera to be sent off.

Even just using the sensor in a cellphone, if one could replace the lens, wouldn't provide much of an increase in quality or ability as the pixel pitch on those sensors is so tiny that you are diffraction limited basically at all f-stops, seriously anything smaller than f/1.4 and you are diffraction limited on an ideal lens. I own one lens that wouldn't be diffraction limited with that sensor and even then that lens would be wide open which means it would be fairly soft as would even today's best variable aperture lenses, unless you went and rented one of those Ziess f/0.7 lenses. That still doesn't address the depth of field issue with those tiny lenses (a 10mm focal length lens on an iPhone would be about the same field of view as a 70mm lens on a full frame or 35mm camera) but would have depth of filed of from infinity down to about 5 feet even at f/1.4 but you could get within 1/2 of an inch of something and be able to focus and then get a shallow DoF. There are a lot of cases where one wants to have a super shallow depth of field like in portrait or product photography which those cameras wouldn't be able to do. At the same time if one wanted to go ultra wide on one of those sensors how would one use and manipulate a 1 or 1.5 mm lens?

Then dump the "Camera Makers"...

With smartphones approaching 20MP, they are an alternative in a lot of situations.

(No, you dont have to argue that a 5mm Optic isn't the same as a 50mm Optic, i know. But if encryption is important for you, currently, the Camera Makers wont give you a choice)...

Re:Then dump the "Camera Makers"...

[admin7087]

Common, the article is about professional photographers. They also need to sell their photos on a highly competitive market.

Re:Then dump the "Camera Makers"...

And some Cameras now have dual lenses and high resolution. The Camera makers are lazy and stupid,encryption IS easy and cheap to implement. Firmware hackers have already improved woeful camera software. I would think a Camera that had one suite A and one suite B would command a premium. Also if the Camera makers are really dumb, even a picture of a QR code could be used to input keys and crypto selection, including AES or Samba and to be really smart write pictures backwards on the sd card so they still appear blank to casual inspections. Whirlpool is non-patented, so that may be a option.

Re: Then dump the "Camera Makers"...

There is a successful journalist using an iPhone. Got on the cover of Time at least once.

The main problem is that he gets jostled by other journalists because they don't think he's one of them because of the iPhone instead of a camera.

Re: Then dump the "Camera Makers"...

This is actually quite true. Take Sony for example. Everyone laughed about a Sony DSLR. Now they are light years ahead and better than Cannon or Nikon, because of their pure greed and laziness they lost a huge market share to Sony.

Re: Then dump the "Camera Makers"...

Yes, selling your photos ismuch harder if you only make them with an iPhone.

Re: Then dump the "Camera Makers"...

[Teun]

Uhh, Sony camera's make nice pictures but their operation is rather difficult, for one Sony decided to make them too small for many if not most hands.
Even though their price / quality is very good pro photographers need something more substantial.
Luckily the better Nikon camera's use the best Sony sensors.

Re:Then dump the "Camera Makers"...

[fafaforza]

It's not about megapixels.

Re:Then dump the "Camera Makers"...

[Cederic]

Yep. 20Mpx on a shitty small sensor is worse than 12Mpx, especially for photojournalism.

My phone can take some awesome photographs and has seriously good software helping with exposure and focus. It still can't get close to my proper camera in fast moving or low light situations.

Re: Then dump the "Camera Makers"...

The Sony camera operation is just fine. I'm 6'4" 210lbs and have normal to slightly big hands for my size and my new A7R3 is gorgeous and wonderful and I love using it. Used to have a Canon Rebel, my first DSLR. I hate the Sony flash system, all those exposed pins seem begging to get bent and flash ruined. But the camera itself is not too small. Though I would like it if it were bigger, too. I love my iPhone 6S+, my smaller iphone 5 wase OK but love the bigger ones even more. Don't preach hate, instead share what you like best.

Re: Then dump the "Camera Makers"...

Whoops. Change "I hate the Sony flash system" to "I am scared of the Sony flash system". Should probably practice more what I preach about not using the word "hate".

Encryption doesn't sell cameras

[PeeAitchPee]

High resolution, more stops of dynamic range, and the ability to use different lenses does. For really high end models, there are a few other things too, like full frame DSLR formats, high frame rates (for shooting sports etc.), the ability to shoot HD video, etc. The vast majority of people shooting with a camera other than the one on their phone (which is already a shrinking market) don't care about encryption (which would slow down their camera even more), so don't expect the Nikons, Canons, and Sonys of the world to invest a lot of R & D on a feature that there's really not much of a market for.

Re:Encryption doesn't sell cameras

[jfdavis668]

Correct. Camera companies are in competition to sell cameras. Adding an expensive option that very few people would want to use would just handicap that company in the sales competition.

Re:Encryption doesn't sell cameras

[ThomasBHardy]

Agreed. The number of folks who are interested in using encryption on a camera is a very very small slice of the consumer base.

I've worked as a photographer in a news organization. Even with my time there, never was there any case for encryption. Having the entire camera industry switch to encryption would be having the 1% of actual use cases drive the cost and performance factors for the 99%.

Lets see one company make a single camera that has encryption. If it sells like hotcakes to news organizations, fine. but I'll be willing to bet that it the sales will be minuscule because it's not a feature that needs to exist for realistic situations.

Re:Encryption doesn't sell cameras

[Bing+Tsher+E]

Further, camera companies don't have much value in painting a target on their back that says 'Customs agents and police: hassle people MORE if they are carrying our brand of camera.'

These 'journalists' need to just accept the reality that their activities are not risk-free.

Re:Encryption doesn't sell cameras

[Immerman]

How expensive would it be though? Cameras already have the necessary CPU power to do all sorts of image processing, encryption is no more difficult. All they need to do is load a public key from the SD card and, if in "encrypt mode" use it to encrypt the the photo rather than storing it unmodified on the SD card. Maybe that means it takes 5x longer to store each photo if the CPU is especially weak, but so what? If you're taking photos where encryption is important you should be willing to make compromises. And it doesn't have any impact at all if encryption mode is turned off.

Re:Encryption doesn't sell cameras

Agreed. The number of folks who are interested in using encryption on a camera is a very very small slice of the consumer base.

Which, I think, misses the forest for the trees. The clear point then is that people should be able to develop software for cameras, including things like encryption. Honestly, the current main selling point of cameras today is their relatively easy of use/speed and their high quality. The latter is being eaten up by higher and higher quality smart phones. Eventually, camera makes will only be there to sell the lens add-ons. For the former, things aren't getting better. It's one area where they have an edge over smart phones, but it's really only a matter of software improving on higher end smart phones (with a lot more CPU power) to eclipse cameras on that end.

To me, camera makers are in the same boat as Kodak. They need to evolve or they'll die. Currently, Kodak is still evolving, but I don't expect it to exist but in name. Why? The areas where it could really shine (tablets/phones and photo printing) aren't the same captured market they were once in. Either they have to accept that they'll not be an industry leader anymore or they'll need to speed a ton of money in R&D to try to be the cutting edge of tablets/phones/whatever. Innovation, though, is not an end but a means to an end. That requires drive towards a goal beyond "being #1". I don't see Kodak or most camera makers there. They're just going through the motions of what they know.

Re:Encryption doesn't sell cameras

You could say the same thing about using HTTPS instead of HTTP.

The "cost and performance" complaint is silly. The features requested are already *standard* in consumer-level devices. It's clearly something that's available at low cost with acceptable levels of performance.

Re:Encryption doesn't sell cameras

[Actually,+I+do+RTFA]

Not only that, but encruption fights those features. Recording more data faster to the card is consisdered a feature (I need to store that higher resolution, extra dnamic range, more frames per second, etc.) Already some cameras require CF cards because SD isn't fast enough. Encryption will invariably slow down the write speed.

Re:Encryption doesn't sell cameras

[idji]

Don't we already have self-encrypting SD cards, that could hide photos unless they were inserted into a safe device back home?

Re:Encryption doesn't sell cameras

[Cederic]

Cameras trade off processing power for capture speed, physical dimensions and battery life.

You want to add additional processing, it comes at a cost. You may consider it a low cost but cameras are already running on the edge so it's going to have a discernable impact.

Sure, it can be done - but just who the fuck is going to want and use it? Maybe the demand is there, but so far it hasn't been strong enough to encourage a manufacturer to implement the feature, and even if they did, making it fit neatly into a sensible photographer workflow is still going to be bloody hard.

Re:Encryption doesn't sell cameras

[ThomasBHardy]

I'm not sure that would work unless the camera itself had a firmware update to write out the image files encrypted and read them in as needed for previews. Can they build that into a standard SD card? Where would the encrypt/decrypt step occur? There's no processor on an SD card capable of handling giant RAW file encryption in a timely fashion that I'm aware of.

I know there's a firmware mod for a Nikon that provides encryption and there's a magic lantern project that I think targets Canons, but I'm not familiar with how reliable they are.

I I were trying to make a product for this, I'd think a potential route would be something like the wireless SD cards paired to a smartphone app in your pocket to transmit images to the phone as quickly as is reasonable, removing images from the SD card as they are completed. Smartphones offer all the encryption options necessary.

Encryption doesn't really solve this

[JoeyRox]

If you're a photojournalist leaving a dangerous field assignment then there's a high likelihood you will be stopped and searched. If you hand over your camera and it comes up with a prompt for an encryption password then your camera and its media will be confiscated or destroyed in front of you. There go your photos.

As for protecting sources, why would you photograph them if you didn't intend to publish the photos anyway, which would still put them in danger?

Re:Encryption doesn't really solve this

[kobaz]

There go your photos... but then the powers that be can't prove you were taking pictures of the super-secret-government-coverup and hopefully would be less likely to send journalists to a dark hole.

Think about it... If you were searched by border patrol in a fscked up country and you were taking pictures of things that "no one is supposed to know about". What would you prefer: a smashed camera, or blatant evidence of actions which would definitely put your life in danger.

Re:Encryption doesn't really solve this

[davecb]

Journalists have been aware of this problem since glass-plate cameras: they look for ways to hide their images from passing police, and only have harmless ones to display. Once they get home, they can crop and mask out persons at risk and still show, for example, the violent breakup of a protest by the military.

Re:Encryption doesn't really solve this

[DigiShaman]

but then the powers that be can't prove you were taking pictures

Depends on the host nation. Many don't adhere to the presumption of innocence in law.

Re:Encryption doesn't really solve this

[pots]

If they destroy your camera rather than killing you, that's a win. As for protecting sources: sometimes you take pictures with the intention of publishing some of the picture, and redacting the rest. It's very common to blur peoples' faces.

Re:Encryption doesn't really solve this

[mridoni]

Think about it... If you were searched by border patrol in a fscked up country and you were taking pictures of things that "no one is supposed to know about". What would you prefer: a smashed camera, or blatant evidence of actions which would definitely put your life in danger.

There's no win-win scenario here, a lot would be riding on the actual situation on the ground, and on the stakes at risk. This is why having the possibility of encryption would be a good thing.

The reason why we're not having it even on high-end SLRs (after the Nikon encryption fiasco in 2011 and the half-assed attempts years ago by Canon to implement it, along with digital signature) is completely clear: while professionals and their endorsement help to sell a camera (and a brand), they're only a tiny fraction of the whole market. And while you can sell "hyper-blazing fast autofocus with a megazillion focus points" to anyone with a enough cash to spare, even if that US$ 4000 camera is used for kids birthdays and picnics, encryption is still going to be a feature that only a small percentage of users will ever use. Add to that the fact: 1) it is not so easy to handle encryption reliably when you have non technical (in the IT-sense) users 2) you will have to keep restrictions to a minimum because encryption should not get in the way of doing one's job 3) cameras are not really designed for easy and quick software updates when (not if) a vulnerability is discovered, and, well, you get the picture (sorry for the pun, I couldn't resist).

Re:Encryption doesn't really solve this

[burtosis]

What would you prefer: a smashed camera, or blatant evidence of actions which would definitely put your life in danger.

I'm assuming if you are a journalist with that task then you don't value your safety much in the first place. It's really surprising more don't just end up "missing". Anyhow the best bet in this case is to have a satellite link and dummy photos on your camera. Because I agree with you and xkcd on the security of encryption.

Re:Encryption doesn't really solve this

[Immerman]

Why would the camera ask for an encryption password? Store the public key used to encrypt the photos on the card, and then just completely ignore any encrypted photos when browsing, since it can't decrypt them anyway.

A professional photographer has no particular need to look at the photos they just took - they didn't even have the option in the film days. It may be convenient for many things, but it's a small convenience to sacrifice to ensure their sources remain safe. Once they get back home, then they can use their private key to decrypt the photos. If they don't even take the private key with them, then there's no way it can be compromised.

Re:Encryption doesn't really solve this

[Bing+Tsher+E]

If you carry around images that you took during an 'incident' that you intend to later redact participants out of, you're an asshole who wants to earn 'acclaim' for your heroic photographic work. You're putting said participants at great risk during the phase where you are sneaking the unredacted images away from the danger zone.

Essentially, you're using them for your careerist adventures. You're being an opportunist creep.

Re:Encryption doesn't really solve this

If you hand over your camera and it comes up with a prompt for an encryption password then your camera and its media will be confiscated or destroyed in front of you. There go your photos.

Which is far, far better than going to jail, or the people you took photos of going to jail. To solve any coersion problems, or rubber-hose cryptanalysis, make sure the password is only in the posession of your editor back home.

Re:Encryption doesn't really solve this

There go your photos.

I can only imagine an encrypted, global satellite link as a partial solution for this, with no local storage for the sensitive photos and a local storage for the harmless photos. Or a real-time steganography on the camera. Even those wouldn't be enough in the certain cases.

As for protecting sources, why would you photograph them if you didn't intend to publish the photos anyway, which would still put them in danger?

This model of influencing the world works only if there are immediate consequences from the publication. In other words, it only works in places where there are a high level of rule of law and a clear separation of powers in place. Otherwise the sources will eventually end up in a bad place if they can't be extracted. That is how it appears to me, at least.

Re:Encryption doesn't really solve this

What a dumb ass comment. You have no idea what you're talking about. There are so many situations where a journalist might have photos that he doesn't want to publish publicly, or that may contain faces that will be blurred eventually. I can't even begin to explain how fucking dumb you are.

Re:Encryption doesn't really solve this

[Marxist+Hacker+42]

Agreed. What does solve it, is your camera connected by bluetooth to a satellite phone, which is connected to a cloud server. Once in the cloud the camera and its media can be destroyed (rather expensively, but that's part of the cost of doing business) and the pictures can be published all over the world.

Re:Encryption doesn't really solve this

[Marxist+Hacker+42]

Replace "encryption" with "automatic cloud upload" and you would not only have a selling point, but in places that have connectivity, you could produce an SLR that has only enough memory for 30 or so pictures- and that only temporary storage before they're uploaded.

Re:Encryption doesn't really solve this

If I were doing this shit, I would want a specially designed camera, one where as soon as it was turned on, if I didn't do the special command, it would default to "happy tourist mode". Nothing to see here, move along.

Hmm, come to think of it a good idea for a niche market Android phone (with a good camera) with special software...

Re:Encryption doesn't really solve this

6 encryption is proof of guilty on such countries. And Kerry's face it, if your taking pictures the authorities don't like, your probably committing other acts off insurrection or sedition. The camera isn't your problem

Re:Encryption doesn't really solve this

Border agent: "What is this 'Enter password to show encrypted files' on the screen? Can you please open this?"

You: "No"

Border agent: "Hey, Bob, get the rubber hose..."

Re:Encryption doesn't really solve this

[FrozenGeek]

OR you find yourself subjected to various forms of torture until you provide the decryption key. Followed by additional forms of torture because they're now POd that they had to work to get the decryption key.

Re:Encryption doesn't really solve this

Why not just have it push to the cloud immediately? Or to an encrypted/hidden place on your phone where they'd be less likely to find it?

Re:Encryption doesn't really solve this

Your encryption is a subversive anti-government activity and failing to provide the password will only make your stay in the hole longer.

Re:Encryption doesn't really solve this

In some circumstances that might be preferred. To have your photos destroyed over seen by people who stop you. So they can't confirm you of sedition or whatever. You can just say you were taking nudes or say nothing and htey can't prove you were trying to undermine the state. Your photos are only seen by you. that's something some people might find valuable.

Re:Encryption doesn't really solve this

[Joey+Vegetables]

If there is both cellular and VPN infrastructure available to you (I know, big "if" in many such places), you could upload frequently to servers you control, in a relatively free jursidiction; then, have a service or daemon encrypt there, then delete all unencrypted copies. That's what I'd try to do. One might even distribute parts of the public key to different individuals in relatively free jurisdictions so they can't rubber-hose it out of you, although that implies a commitment to truth above that to one's own life, which is a fairly high bar; yet, if one does not have such a commitment, one probably does not go to places where such commitment is required in the first place.

Re:Encryption doesn't really solve this

[RockDoctor]

286 comments and only one mention of this XKCD. Oh, Spashdot, where have your balls gone? Not because the XKCD is a startlingly or novel good description of the problem (Zimmerman's PGP release notes include it's essence) , but there just appears to be so much pathetically optimistic derangement in the hipster generations.

In the real world, on encountering a journalist-type (white, foreigner) with a memory device/ camera/ etc full of unreadable things ... you smash any phones and cameras and anything else that may hold a transmitter. Then you gut one of the locals helping the white foreigner and leave him screaming in the dust, "pour encourager les autres". This criminal will "die trying to escape". Then, you torture the other locals, who are also trying to escape when they die, until the white foreigner gives you the passwords. If you run out of local criminals and their families to torture in front of the untouchable privileged white foreigner, then you photograph him being infected with a disease by an underage criminal, pour whiskey down his neck until he can't walk, and send him driving back to the city on the rough road.

Do millennial children not know how politics works? Or do they rely on Hollywood?

buy a phone with attachable lenses

Just google. Their are attachments for many phones, and some of them even support it officially.

Download needed

[Geoffrey.landis]

Interesting.

The workaround, for photographers, has to be that if the pictures are sensitive they need to download their pictures to their laptop (or other device) which is encrypted as soon as they leave the photography site.

... then take a lot of pictures of the floor, to overwrite the images on the camera's storage...

Encryption doesn't help

You will simply be forced to turn over said password or have the device confiscated.

ObApple: What's a camera?

You are a guest in another nation

[DigiShaman]

...reporters have long argued that without encryption, police, the military, and border agents in countries where they work can examine and search their devices. "The consequences can be dire," the letter added.

Holy fuck! The ignorance in that statement is astounding!! To all reporters - when you're in another nation that doesn't have freedom of the press and/or other constitutional rights, you do as you're ordered by authorities. If a police officer in China for example tells you to hand over the password to decrypt the data, you better do it or risk being thrown into a cage!

Re:You are a guest in another nation

[admin7087]

Talking about ignorants... Journalists weigh personal risks vs. getting the story out since the profession exists and you think it's all a super-easy choice and you always should just obey the authority.

Re:You are a guest in another nation

[DigiShaman]

If they don't want to take the personal risk of getting caught doing something illegal, then it's self-evident that they shouldn't be walking into shithole nations.

Journalists are supposed to be reporting on the news. They're not there as some holy crusaders to change the world only later to cry about being caught. So excuse me while I play the worlds tiniest violin with regards to whether or not their photos are encrypted.

Re:You are a guest in another nation

[mark-t]

I've always wondered what would happen in such a regime if the password you give them doesn't work for them because it's biometrically keyed to work only for you?

And what would happen if further, the biometric protections utilize mechanisms that go so far as to examine your brain waves to evaluate your emotional state at the time you are attempting to unlock the device, and will not unlock, not even for you, while you are experiencing above average levels of stress or otherwise under any kind of duress to unlock it?

And of course, throwing you in a cage because you used such impenetrable encryption wouldn't change anything, and would in general only make it even *more* difficult for you to unlock the device for them.

Re:You are a guest in another nation

[admin7087]

You're presenting a false dichotomy and are apparently completely ignorant of the profession. Journalists reporting from crisis & war zones, on violent crime and from regimes with undue process have always been taking risks, and they have always weighed them against the obligation to report the story. It's part of the job, but only a small number of journalists work in this field and are willing to take the risks. Despite all that, dozens of journalists are killed every year while doing their work, just so you can get their news in your comfy living room. You should to tone down your attitude and show respect where it's due.

Re:You are a guest in another nation

[kenh]

Wow, I'd think the better approach would be a fingerprint reader that can store two fingerprints - one that operates normally, allowing access to all the images on the device, a second finger that only allow access to a curated area of storage, with pictures of puppies, children, and sunsets. A more aggressive option would be a third-finger that wipes the contents of the card...

For example:

• scanning your pointer finger opens the curated photo collection
• scanning your ring finger opens the entire contents
• scanning your middle finger erases the device

such an arrangement would allow the photojournalist the option of providing access as the situation warranted, choosing to either protect their subject's privacy/security or save their bacon if they are afraid for their life.

Re:You are a guest in another nation

[Bing+Tsher+E]

When they enter into the arena of conflict and choose to 'show the truth' in a way that one side in the conflict opposes, they are entering into the conflict as a participant on one side and are no longer being a journalist. They can suck air in prison if they're caught.

Re:You are a guest in another nation

[Immerman]

It's not themselves they're trying to protect - if they wanted to stay safe then they wouldn't be in that line of work. They're trying to protect their sources and their evidence.

Re:You are a guest in another nation

[Immerman]

An easier option - use asymmetric encryption, and leave your private key at home. You can't give them what you don't have, even if they break you and you really wish you could. Of course, if they break you then you can probably just *tell* them most of what they want to know, but it at least ensures that you are the weakest link.

Re:You are a guest in another nation

[admin7087]

Wow... just wow. In every conflict on earth you have a side that opposes covering aspects of the conflict at one time or another. According to your bizarre logic journalists could never get any footage from any war zone anywhere without 'taking sides' and 'no longer being journalists'. The world does not work the way you think it does.

By the way, in many cases war correspondents who miscalculate their risks can be happy if they end up in prison. Often they are killed. But I guess the beheading of James Foley by ISIS was just alright from your point of view, because he was 'taking side'. Retard.

Re:You are a guest in another nation

[SvnLyrBrto]

> I've always wondered what would happen in such a
> regime if the password you give them doesn't work
> for them because it's biometrically keyed to work
> only for you?

Similar issue: A company I used to work for always but ALWAYS required travel with loaner laptops only. (Didn't matter if it was just to LA, or all the way to China. And, by his own decree, the policy included everyone up to and including the CEO.). All of the important data was on an encrypted partition, with just the basic OS unencrypted. Tricky bit was: we used a split-key system where the traveling employee had to:

1) Plug in his USB key, input the PIN on the USB, and its password on the computer to unlock his half of the key.
then
2) Connect to the company VPN, from which he would fetch the other half of the key, which was only stored in RAM and never swapped to disk.

Only with both parts of the key could the encrypted partition be accessed. And we always suspended VPN access while the employee was en route; making it literally *impossible* for him/her to give up the secured data, even to "rubber hose decryption". If some airport security goon got the notion in his little head that he wanted to see the contents of the laptop, he could go tell it to a real LEO, who could tell it to a judge, who could issue a subpoena or warrant, which our lawyers could fight. The ASG itself could go get bent. That data was OURS, not the employee's, and certainly not the airport's.

It was an issue only once while I worked there. An employee was returning from Singapore & vicinity; and some ASG wanted to see the contents of his laptop. After explaining the situation that the data was privileged and protected to them, our guy actually called up InfoSec, put him on speaker with the airport goon, and reportedly grinned ludicrously as InfoSec told the ASG not just that we wouldn't be unlocking the laptop, but also exactly what we thought of him, his kind, his agency, his "mission", his manhood and the lack thereof, his family and it's canine/porcine pedigree, and so on (Said InfoSec guy had been an army drill instructor in his past. So he had the talent. And I understand that the looks on the faces of the other overhearing travelers was fairly priceless.); with an admonition to not-so-kindly go fuck himself sideways with some rusty farm implements and to call legal if he had a problem and could somehow conjure up the mental wherewithal to operate a telephone himself. The laptop did stay at the airport; but not for long. Legal wrote a nastygram, in blood, on asbestos paper, and delivered by a black raven. And I think it only took about a month or so to get it back.

Re:You are a guest in another nation

You aspy's need a helper, like Siri, to read your shit and let you know when it's time to turn off and let the non-aspy's discuss things in a rational common sense way.

Re:You are a guest in another nation

[Actually,+I+do+RTFA]

Leaving aside the legal costs, and the costs of the loaner laptops, that solution sounds pretty expensive. But very effective.

Re:You are a guest in another nation

[SvnLyrBrto]

It wasn't so bad as you might think. Our lawyers were mostly full-time on-staff. While we brought in dedicated specialists from law firms when needed; for routine matters like griefing ASGs, our salaried guys could generally keep the requite steady stream of bile flowing as part of their 9-5. Also, due to the nature of the business, a number of said lawyers in addition to many of our execs, had contacts in the federal government and knew exactly who to go over-their-heads to, so as to expedite the shit rolling downhill to the ASGs. (Our CEO had had a very bad experience with the TSA not long after it got started... circa 2003 or so... which left him with something of a burning hatred of the agency. So various surliness, circumvention, uncooperativeness, and outright hostility towards it, and the various TLS spinoffs comprising the rest of the ASGs, while not mandatory, was actively encouraged.). Finally, the laptops themselves were insured.

And at the end of the day, the laptop is nowhere near as valuable as the data; and not just for our own sake. For a decent number of our customers, including the part of the federal government we directly dealt with, we were contractually obligated to protect said data. And releasing it to some ASG yahoo was NOT part of those contracts (Not even with the feds.). And the penalties for leaking it would have been well in excess of the cost of eating a laptop, assuming we never got it back and insurance never paid out.

Re:You are a guest in another nation

ASG = American Sewing Guild?

Re:You are a guest in another nation

[Actually,+I+do+RTFA]

For a mid-to-large company, that's fine. A small company won't even have one lawyer on-staff to start the vitriol. And, as an individual, it's hard for me to imagine anywhere near as complete a system.

As I said, a great system. I wonder if there's some way to supply it as a service to the general population.

Re:You are a guest in another nation

[Bing+Tsher+E]

Thank goodness you've diagnosed the problem. All those years in fucking medical school have paid off.

Re:You are a guest in another nation

[Bing+Tsher+E]

Journalists from all sides in most conflicts have access. Usually under the escort of one side or the other. During World War II there were journalists reporting most everything as it happened, to the degree that the public needed to know. Credible professional journalists who work within the system to report the facts.

And then there are people who fancy themselves as being journalists who engage as renegades and pretend they don't need to take sides.

It's impossible not to take sides, and you're defrauding yourself, and whomever else you're reporting your 'journalism' to if you pretend you haven't taken sides.

why do ppl buy cameras

when all phones have cameras built in...?????????

Re:why do ppl buy cameras

Beeeecause phones are fucking shit when you want to take real photos?

Idiot

Magiclantern open-source firmware for Canon camera

[fennec]

It looks like it's possible using Magiclantern open-source firmware for Canon cameras: https://www.magiclantern.fm/fo...

Yeah, but you shouldn't have to beg.

Why aren't these expensive cameras programmable by their "owners"?

The people who really care about encryption should be able to easily program "their own" devices in order to support such encryption.

The core issue isn't economics; the core issue is, as always, ownership.

Re:Yeah, but you shouldn't have to beg.

The core issue is, as always, people who have no idea what they're talking about.

Look into the technical aspects of this before you go blathering on about ownership.

Re: Yeah, but you shouldn't have to beg.

Oh, cry me a river, just shoot on film. Soldier approaches, open back door, or modify your camera with a small battery, and led and a button and poof, pictures are gone.
If you are shooting something, want to hide it during search, yet still want to keep it, you are most likely doing something illegal

Canon's fingerprint scanner

[maxwave]

https://www.digitaltrends.com/... Wonder if this is one of the reasons for this patent.

Re:Canon's fingerprint scanner

[kenh]

Biometric security can be "compromised" if you have the hand the fingerprint came from... We're talking repressive regimes here, they would happily put a pistol to your head and tell you to put your thumb on the fingerprint scanner.

Re:Canon's fingerprint scanner

Why bother with the pistol? If you're a repressive regime, just cut off the finger and gain access any time you want.

Re: Canon's fingerprint scanner

With a 1 in 10 chance of getting the right finger

Is this a surprise?

[SwashbucklingCowboy]

Sure, it'd be a useful feature for a small number of people, but the vast majority of users of high end cameras (and there aren't that many) wouldn't need it. And doing it this would either require a special encryption chip, increasing the cost for all users, or would be so terribly so that it would make the camera effectively unusable.

Re:Is this a surprise?

[Entrope]

This would not require a special encryption chip. Most high-end cameras are built with ASICs that are designed by the manufacturer. There is an extensive market of reusable logic cores, including ones that perform encryption and decryption, that can be integrated into an ASIC. Most modern encryption algorithms are designed to need very little in terms of hardware resources, so it should not significantly increase the size of the ASICs in question.

They exist

[hcs_$reboot]

still, they're called film cameras. Nobody can see the pictures before the film is processed, and good luck to find a shop that still processes films nowadays.

Re:They exist

[jfdavis668]

Good idea!

Re:They exist

But the Police know all about dealing with film cameras. Simply confiscate all the film and pull it out and expose it. For good measure, destroy the camera. Then jail the photographer indefinitely on "suspicion" etc. because they were there with a camera with film. Many photographers in film days mailed each roll of film home immediately after exposure if they could.

Re:They exist

still, they're called film cameras. Nobody can see the pictures before the film is processed, and good luck to find a shop that still processes films nowadays.

Good luck? CVS and Walgreens still process 35mm ...

Real-time encryption of HD video is costly

it's just that simple.

Don't you hate it when...

[AndyKron]

If you're not doing anything wrong you shouldn't have anything to worry about. Don't you hate it when people say that?

Re:Don't you hate it when...

If you're not doing anything wrong you shouldn't have anything to worry about. Don't you hate it when people say that?

The _worry_ has nothing to do with right or wrong, it’s what other people will do to you.

Camera encryption vs.
Guy with rifle or
Spouse or
Judge

Which situation is it actually helpful? Not actually doing anything wrong doesn’t even REMOTELY clear you with any of these.
Encryption does not give you any security. Replace encryption with I’m hiding something, and try out different scenarios.

Not just encryption

[Dwedit]

It's not just encryption that cameras need, they also need a cryptographic signature to indicate that the image it took is fresh from the camera and has not been edited since the photo was taken. (Obviously this can be defeated by photographing a photoshopped image, but still...)

Re:Not just encryption

[Anonymice]

Like...RAW? It's routinely used in forensic science & is legally admissible in court as evidence.

Re:Not just encryption

It's not just encryption that cameras need, they also need a cryptographic signature to indicate that the image it took is fresh from the camera and has not been edited since the photo was taken. (Obviously this can be defeated by photographing a photoshopped image, but still...)

There's the problem of blurring, or better yet cutting out faces of people. Modified the image obviously.

Why must the camera be secure?

[kenh]

The lack of encryption means high-end camera makers are forcing their customers to choose between putting their sources at risk, or relying on encrypted, but less-capable devices, like iPhones.

Or, you know, pulling the memory card out of the camera and hiding it.

I've seen wifi SD cards for cameras, so it should be easy to have your high-end camera send it's pictures to your smart phone, tablet, etc. as soon as you take it, then the photojournalist can simply delete the local copy on the camera. when your camera is searched, no images are found, they are all on your secure, encrypted smartphone, and who knows, maybe the smartphone could sync with a cloud service to get the images out of the region moments after captured?

Re:Why must the camera be secure?

If you delete the image from the camera, you need a method of securely wiping the memory.

SD Wifi adapter

[jfdavis668]

Have your camera connected to your smart phone via an SD Wifi adapter. Automatically transfer the photos and delete them on the camera as they are taken.

Re:SD Wifi adapter

[Immerman]

You'd still need to actually wipe the camera - deleting typically only mangles the filename. And without hardware support, reliably wiping requires completely filling the card with other images - and even that may not do it if the flash storage is over-provisioned so that it can maintain its capacity as flash cells begin to fail (I have no idea if that's common with SD cards, but it's standard procedure for SSDs)

Re:SD Wifi adapter

[ceoyoyo]

An SD card doesn't technically have to have any memory at all. For the paranoid, make one that's just a wifi transmitter.

Re:SD Wifi adapter

Fake sized SD cards do this all the time. All you need is enough space to store a buffer prior to transmission. Then you can do a few zero passes when transmission is done.

picture in picture

[louden+obscure]

Would it take a rocket appliance to use steganography?

Re: picture in picture

Right, exactly.

And, use a photo for the random bits for the crypto

Rubber hose cryptanalysis

[stevegee58]

Good luck when you're stopped by the police/military in some shit-hole country. Encrypted files? No problem, just beat them until they decrypt.

Re:Rubber hose cryptanalysis

[magarity]

Good luck when you're stopped by the police/military in some shit-hole country. Encrypted files? No problem, just beat them until they decrypt.

Don't you know its racist to call countries where the police beat would-be free press photographers "shit-holes"?

Re:Rubber hose cryptanalysis

Don't you know its racist to call countries where the police beat would-be free press photographers "shit-holes"?

TIL redneck counties are shitholes.

Re:Rubber hose cryptanalysis

You can have a hidden encrypted partition and either have some non-controversial photos non-encrypted or even on a seperated encrypted partition. How many levels deep do we need to go?

Re:Rubber hose cryptanalysis

sounds just like what would happen in USA. anyway if the encription is useless like apple's don't even bother

Re:Rubber hose cryptanalysis

Good luck when you're stopped by the police/military in some shit-hole country. Encrypted files? No problem, just beat them until they decrypt.

So don't have the password. Give the password to your editor, wife, or friend in your home country.

Re:Rubber hose cryptanalysis

The amount of racism depends on the context -- if you included other examples to show that what you were talking about wasn't the politics of policing but the perhaps the individual people in those countries it would be much more racist -- but mostly Americans don't like you calling their country a shit-hole even if the police are out-of-control. And you know how they get shooty when they're angry.

Re:Rubber hose cryptanalysis

or... bear with me now... you use asymmetric encryption which means the files may not even be apparent to someone looking at the camera. if there are unencrypted photos as well (of sunsets, statues, food etc.) there's no reason to even be suspicious.

Re:Rubber hose cryptanalysis

[swillden]

Good luck when you're stopped by the police/military in some shit-hole country. Encrypted files? No problem, just beat them until they decrypt.

It's easy enough to use an asymmetric encryption algorithm, with the private key stored on a computer in another country. Won't save you the beating, but assuming they actually need proof to keep you in prison (a big, big "if" in the countries where you might feel like you need encryption, and in which the authorities are willing to use rubber hose cryptanalysis), they'll be unable to get it.

If necessary, you could even use jurisdictionally-diverse key splitting. The idea is to pick a handful of mutually-antagonistic countries who are unlikely to be willing to cooperate with one another to recover your key, then cryptographically split your private key (perhaps with an m-of-n technique to give yourself some redundancy) and store one piece in each of them.

Protecting your data from the authorities is totally feasible. Protecting yourself... maybe not so much.

Re:Rubber hose cryptanalysis

[blindseer]

I'm not sure how that helps. If you don't have the password but your spouse does then they'll just call the spouse and explain how they will torture and kill unless the password is handed over. What would your spouse do in that case? Allow you to be tortured? Hand over the password and hope they hold up their end of the deal?

This assumes they believe you that you do not in fact have the password. This assumes that they even care if they get the password, they might just beat you up for being in the wrong place at the wrong time.

Re:Rubber hose cryptanalysis

Hey, leave the USA alone! We're *not* a shit-hole country!

Re:Rubber hose cryptanalysis

Good luck when you're stopped by the police/military in some shit-hole country. Encrypted files? No problem, just beat them until they decrypt.

Don't you know its racist to call countries where the police beat would-be free press photographers "shit-holes"?

I don't see any mention of race at all. Just in your post.

Re:Rubber hose cryptanalysis

Pretty sure it's more racist to categorically deny people entry and/or asylum in your country because they are from these countries.

Re:Why must the camera be secure?

[Anonymice]

Given the remoteness of most of these regions, and that RAWs can be upwards of 50MB each, I don't think a phone's data connection would cut it.

Syncing via WiFi to another device could be an option, depending on the scenario, but it's relatively battery intensive so it requires preparation & knowledge of exactly when you're going to shoot. Not so great for journalists travelling in remote regions, often off-the-grid, who need to be able to whip out their camera at a moment's notice.

OTOH Encryption could make your become detained

Encrypted device could make you suspect and become detained without warrant for indefinitely time. So better think of the children.

Clueless photographers

[guruevi]

Canon offers a kit that includes an encrypted SD and flash drive. There are also a bunch of hackers around that do anything from running Arkanoid to implementing zlib on their dSLR camera. There are options, a bit of research and/or a knowledgeable it staff would help them more than bitching at the manufacturers.

Sneaky

One would think that the camera memory would hold photos of flowers and whatnot, whilst the sdcard with the good shit on it is nestled securely up your ass.

Re:Sneaky

[Teun]

In 2000 and at the end of their 25th. independence celebrations I took some pics of the Angolan government plane being boarded by some VIP's.
Within seconds security confiscated my camera.
A good hour later they came back explaining they could not get the film out, indeed they had never seen a digital camera :). (Olympus C-900 Zoom)

So I showed them the photo's and deleted the ones' they objected to.
Little did they know or understand I had already taken more pictures on a different card.
A couple of hours later when back in South Africa I undeleted the photo's from the affected card.

I'm afraid these days such won't work any more...

Re:Why must the camera be secure?

[kenh]

I can easily imagine a program that detects a new photo on the SD card, transmits the message to the linked-to device (smartphone), then overwrites every sector the photo occupied with a random bit pattern before deleting the photo entry from the file directory on the device.

Sure, a curious regime could send the SD card out for data recovery, but the actual sectors the photo occupied would contain the random bit pattern - a brute-force search of the device would be fruitless.

Kickstarter

[iamacat]

You want a niche feature that would be detrimental or confusing to most users. An average photographer's nightmare is losing an amazing shot and encryption is likely to screw up any recovery attempts. Others would get in more trouble because of encryption than because of actual photos. Sounds like a good case for a Kickstarter project to make an Android-based camera where you can use a photo app that suits your specific needs. If there is mobile data, you would ideally upload shots to your studio and the securely erase them locally so that no evidence, including evidence of hiding evidence, is left.

No Standards

Im not sure there are any standards where this wont cause more hassle for regular customers of course it could be optional. I could be wrong but I dont know of a standard where a sd card could be encrypted then popped into a computer and asks for the password. If the camera just encrypts the files then we need to agree on a file format that may or may not already exist and build it into software and os's to make it transparent I think the filesystem would be a better way once its unlocked apps could just use it as normal.

Re:No Standards

[PPH]

Cameras use SD Cards. "Secure Digital". The standard already exists, so all that camera manufacturers need to do is to implement the protocols for entering a password.

Re:No Standards

Does anything actually implement the sd card password? From what I can tell that password is for blocking commands it doesnt do any encryption so its not very secure but it is better than nothing. If were going to work on something lets get something a little better going :)

To what end?

I don't think it would make much difference if the photographer (journalist or whatever) had the best encryption there was for their photos, if an authority in a repressive/dictatorial state asks for their media and they (the authorities) can't access it.....what do you think is going to happen to that media. I don't see the authority figure just saying "Oh, never mind then..." and giving it back! More than likely both the media and the photographer will be investigated more thoroughly in a less than friendly manner.....

Just use a cellphone to take important pictures

[torrija]

If cellphones already implement some sort of encryption and their camera quality is good enough, why not taking pictures with them?

Re:Just use a cellphone to take important pictures

For most cases this 100% although optical zoom is a issue for me. I know theres some solutions to this but none of them are great

brute force attack.

Encrypted SD photo cards are easily decrypted by hitting the fingers of the photographer one at a time with a ball-peen hammer.
I think it's called a brute force attack.

Re:brute force attack.

xkcd calls it a rubber hose attack on encryption. If you cannot decrypt it, just use a rubberhose and strangle the guy who loves encryption.

Re:Magiclantern open-source firmware for Canon cam

[Kernel+Kurtz]

First thing I thought when I read the article.

I have not tried the encryption functionality, but Magic Lantern rocks.

Please, think of the children

The photographers plea for encryption lacked the phrase "Please, think of the children" which is always used to pull at the heart-strings of bleeding-heart liberals to pass laws (or pressure corporations) that have NOTHING to do with the safety or well-being of children.

ZDnet, heal thyself

Nothing wrong with the reporting, but it is comical that ZDnet is saying this when their OWN WEBSITE doesn't use HTTPS.

I don't get it

[Deadstick]

OK, so you're in a country where they're suspicious of photographers. A cop comes up and asks to see what's in your camera. Sure, you say, and let him download your files. Oh, I see they're encrypted, he says...well, thank you for your time. Right?

Re:I don't get it

I know right? The case law in the US is that you can be held indefinitely while the police try to break your encryption...

Re:I don't get it

Should have built in plausible deniability. A huge area in the filesystem is encrypted, one area has harmless pictures, the other area are protected photos. You require 2 keys, one for the harmless area decryption, the second is for the senstivie area decryption. This is the same thing done by most hard disk (FDE) encryption tools. But the intelligent enforcer will also require 2 keys, because he assume you made 2 area in your filesystem. Better if vendors can provide 3 area in its filesystem, so you can have 3 keys. Wait, maybe 4 since enforcers will ask for 3. Oh, nevermind. Encryption is hard.

Re:I don't get it

[110010001000]

Exactly. This is why camera makers haven't bothered.

Re:I don't get it

[Zocalo]

The idea is that you load the public key that will be used to encrypt the images on the camera and you leave the private key back home. This is all fully documented by the camera manufacturer so that if the photographer gets challenged to decrypt the images it's easy to establish that they can't actually do that and there's no point in getting out the rubber hose. Ideally there would also be some options for having unencrypted images on the card and simply hiding the encrypted ones from the image review in the event of a more casual stop and search. If the police (or whoever) want to be a little more thorough, then yes, they can still detain the photographer, delete images/format cards, or destroy cameras/cards, but all that is going to based on no actual evidence and they'll eventually be called on it by the media organizations. Whether they care about that or not is another matter entirely.

Of course, the prudent photographer working in a situation where detention or worse might be a possibility would also provide a copy of the private key to a trusted agent (lawyer, employer, etc.) so that if things really did turn ugly the key could still be provided. That could then be backed up with some specific circumstances upon which to disclose the private key appropriate to the types of images being sought, the country of detention, and the overall severity of the situation.

Re:I don't get it

[Brett+Buck]

Wrong. They will ask for you to decrypt them, and when you don't, you go to jail.

Re:I don't get it

[jrumney]

Rather than simply encrypting them, they should hide them by steganography inside random pictures of cats.

Re:I don't get it

[fido_dogstoyevsky]

The idea is that you load the public key that will be used to encrypt the images on the camera and you leave the private key back home. This is all fully documented by the camera manufacturer so that if the photographer gets challenged to decrypt the images it's easy to establish that they can't actually do that and there's no point in getting out the rubber hose...

Apart from making an example.

Re:I don't get it

[fafaforza]

And how many of these edge cases and capricious scenarios should Nikon, Sony and Canon support?

Re:I don't get it

[Zocalo]

In some regimes certainly, but in that case they'll have done that anyway - and in all liklihood more severely - if they were able to retrieve unencrypted images of something they took exception to. The aim here isn't to remove all the risk from the profession, it's to reduce it to the point that journalists have at least a fighting chance of using plausible deniability and the implicit threat that the regime's practices will be exposed on the world's stage to enable them to do their jobs with the minimal risk of harm possible. They'll still need to manage their situation and have good OpSec/PerSec, especially if they do have some photographic evidence that a regime would want suppressed, but even so being roughed up and eventually release for lack of actual evidence is still going to preferable to the alternative if it comes to it.

Re:I don't get it

Plus when you get out, you will not be taking your camera with you.

Confiscation

"Without encryption, police, the military, and border agents in countries where they work can examine and search their devices."

Seems like countries like that would just confiscate any device that the owner won't unlock.

more (micro)SD cards?

I would say: have a lot of (micro)SD cards around and hide the ones that could harm you.
I believe that hiding (a few) micro SD's is not the biggest challenge for a professional photographer.

Re: more (micro)SD cards?

Camera should be disigned in such a way that the SD cards can be swapped easily without even looking at it. Like how you turn on a flash light, not a lot of tinkering and can be done while staring somewhere else. That way, you can swap SD cards on the fly in just mere seconds without openning the camera.

Good business plan, could be worth billions of $

Since most Cameras have usb port, be it USB 1.0, USB 2.0, USB 3.0, just build a third party add-on with the size of a smartphone. Or better yet an adaptor from camera to smartphone with Camera App for encryption. You can set the storage area to your third party add-on (or smartphone) with all types of encryption suites from aes, camellia, cast, idea, blowfish, seed, 3des, rc6 etc. When you're done with your sensitive photo shoot, disconnect the adaptor/cable.

Can also be done with a different hardware, other than a smartphone but would be bulkier.
When you become a billionaire with this idea, please share your profits with me.

Re:Good business plan, could be worth billions of

[110010001000]

Good idea. You could call this attachment a "smartphone" or a "laptop". It could have a bunch of other software that could run on it too. Genius!

How in fuck's name ?!

NK soldier gets your camera.

NK soldier sees encrypted files.

NK soldier throws your camera onto the fucking floor and shoots it.

How is your fancy encryption helping you? How will encrypted photos make you look? Not suspect at all?

The moral duality of technology

[RogueWarrior65]

Every human endeavor can be used for both good and evil. In this case, those who are arguing for protection against a government agency looking at the contents of the cameras are ignoring the fact that the cameras can be used for illegal purposes.

Re:The moral duality of technology

[JesseMcDonald]

There is no duality here, because there is no circumstance where the mere capture or possession of a photograph or video should ever be considered a crime.

Re:The moral duality of technology

[RogueWarrior65]

Really? Then you have no problem with some dirtbag taking locker room photos of your daughter. Brilliant.

Re:The moral duality of technology

[JesseMcDonald]

One can "have a problem with" something without it being a crime; there is an entire continuum of ethics spanning the range between "acceptable behavior" and "should be considered illegal". However, it is pointless to object to someone merely taking a photo of something they can already see. By itself, stored inertly in the camera's memory, the photograph is no more harmful than their own memory of the scene. If you have a problem with someone taking photographs, don't grant them access in the first place.

In this case it is safe to assume that the offender is violating the terms of their permission to access that space, and thus trespassing. Why focus on photographs when the real problem their presence?

Re:The moral duality of technology

[RogueWarrior65]

Because of the rules of physical evidence. You can't convict the dirtbag without it. Encrypting the camera makes the discovery of the physical evidence impossible.
But you continue to ignore the fact that technology can always be used for both good and evil. You can't prevent evil actions from being done by humans who are using technology. You can, however, make the pursuit of justice easier by not encrypting the camera. That said, society has decided that certain types of content are illegal and some are not. Justice itself can be used for evil if legal content is mis-characterized as something that should be considered by the public as illegal even though it's not.

Only if it's open source

This way we can prevent manufacturers from using it to limit cross-compatibility (encrypted SD card). They may also utilize it in updates in a way that's similar to programmed device death. And, it keeps them from requiring the device to act as a bridge, which whomever pays them enough, may prevent support for other systems.

Re:OTOH Encryption could make your become detained

[Teun]

Absolutely.
Until all devices are encrypted.

Already done

canon cameras have an aftermarket open source firmware with encryption:
https://www.magiclantern.fm/forum/index.php?topic=10279.0

as far as I can tell it could use a security review to be usable but it does work...

WTF?

[ka9dgx]

WTF? If some authority can't browse the photos in your devices, they will simply seize the devices. Encryption isn't going to help you there.

Adding a digital signature, created by the camera before compression, etc.. to an image, would be a much better value add. This could help assure that images aren't tampered with after they are taken. Heck, my name is even on one of those patents, though I wouldn't get any $ from it.

Re:WTF?

a) so what if the camera is taken. that's what insurance is for. cost of doing business. could also be taken by a thief who doesn't work for the government.

b) if there are unencrypted photos as well there is no reason for the goons to be suspicious. for every dumb objection there is an answer. seriously guys use your brains.

Re:WTF?

That would really only be valid if you incorporate the camera sensor into the secure processing component that does the signing, and you can produce the camera to show that you didn't tamper with it to sign data that you were somehow piping directly into the silicon. Also, the signature would have to be added after compression. Otherwise, how would you verify that the signature is correct?
(assuming lossy compression)

Re:Magiclantern open-source firmware for Canon cam

It looks like it's possible using Magiclantern open-source firmware for Canon cameras:

https://www.magiclantern.fm/fo...

I think what is being requested in the article is AES grade encryption. What magiclantern provides might be better than having nothing but is still far from being AES. As stated by the author, "the encryption [he] implemented is *not* military grade." For cameras that are taken by border security guards, a make-shift XOR "encryption" probably is not going to be good enough.

What they don't know...

[pikine]

There is still the principle that what they don't know can't be used against you. Sure, you might be found guilty of something and punished for being uncooperative, but usually the scope of their suspicion is limited by what they already know, so why fuel their imagination by giving them something to actually prosecute you and then maybe push their suspicion a few more steps further?

Maybe taking the picture of a few poor orphans might put you in trouble, but they might find the pictures you took at a nuclear power conference elsewhere an even more interesting target.

Please no!

This will just usher in a new era of proprietary storage formats and the need to use some dumb, unsupported after 2 years vendor created app to unlock and view the contents of your memory card. It will be the late 90's/early 2000's all over again.

Encryption should be handled at the card level in hardware, and support be built into OSes. So the SD card org needs to come up with some solution.

Re:Magiclantern open-source firmware for Canon cam

[swillden]

It looks like it's possible using Magiclantern open-source firmware for Canon cameras: https://www.magiclantern.fm/fo...

Interesting. But it should be pointed out that the implementation is very badly done from a security perspective. I only spent a few minutes looking at it and found several showstoppers in both design and implementation. Among them:

1. The basic file encryption algorithm is a stream cipher construction using a simple LFSR as the stream generator. This is almost certainly trivial to break; standard LFSRs are in no way designed for cryptographic security. I suspect the LFSR was used for performance, and I'm sure it does in fact perform much better than, say, AES in CTR mode (where AES is used to generate a bitstream XORed with the plaintext in the same way the LFSR output is). While no good stream cipher is likely to match the LFSR performance, there are several that would provide moderate performance and high security, such as ChaCha20 -- or perhaps even a reduced-round variant like ChaCha12 or even Salsa20/12.

Note that someone has contributed an XTEA implementation which is much better, security-wise, than the LFSR but actually slower than AES. If you're going to do that, just use AES.

2. Even if the LFSR-based encryption algorithm were good, it uses 64-bit keys, which is just too small. Oddly enough, when you use the provided RSA mode for asymmetric write-only encryption (decryption can only be done on your PC), the author seems to recommend a 4096-bit RSA key size, which is roughly equivalent to a ~160-bit symmetric encryption key, and which is quite slow. It makes no sense to use such a huge, slow RSA key to protect small symmetric keys.

3. Password hashing uses the same LFSR plus some shifting and masking. Almost certainly insecure, and there's really no reason at all not to use a good password hashing algorithm like Argon2, or at least scrypt.

4. In asymmetric mode, the code appears to use random padding for RSA operations. There are really good reasons for the PKCS#1 v1.5 and RSA-OAEP padding modes that are normally used. It's possible that a very careful analysis of this implementation may show that under certain operational assumptions random padding is okay... but I seriously doubt that any such careful analysis has been done. I would never bother doing anything of the sort and would simply use OAEP. (Or, better yet, avoid RSA and instead use an elliptic curve algorithm -- less tricky to use correctly, faster, smaller keys and even the provides possibility to derive keys from passwords. There's really no reason to use RSA for anything anymore unless you have to interoperate with legacy infrastructure that already uses it.)

5. RSA key generation is done on-device, with the private key written to the SD card, then later deleted. You can't actually delete things from SD cards, not with any confidence. Much better to do keygen off device so only the public key ever exists on the SD.

6. A glance at the RSA key generation code throws up a number of red flags. I suspect the key generation is buggy.

7. I didn't find the random number generator, but given all of the above, I'd be shocked to find that it's actually good. A bad RNG can easily destroy the security of the best cryptographic design.

When I get some time (ha!) I'm going to see if I can get ML running on my 70D and hack together a better version, using Curve25519 ECDH and ChaCha20 with 128-bit keys, with asymmetric keygen done off-device, and a decent PRNG plus the best seeding mechanism available. To make it more usable, I'll see if I can keep the last few dozen per-file keys in RAM, which will allow the photographer to look at the images on the camera, until the camera is turned off. More paranoid users should be able to disable the retention of keys in RAM.

Sounds like a fun project. One which I may or may not get to before 2025 or so...

Use a computer

Can't you just carry a small computer, copy the pictures to that and encrypt them? You could even encrypt them on the SD card, and then hide it.

NFW!!!

[rally2xs]

How about this: I'm not spending one red cent on any hunk of metal and glass where I have to screw around with encryption / decryption in order to use it. Screw that. The camera I have now, a Nikon D4s, will last me the rest of my life since I'm 70, and any further camera is really going to have to rock in order to beat it and lure me into spending another $6K - $10K for a subsequent camera. It is guaranteed that if I have to F around with crypto, I will not buy it.

Re:Why must the camera be secure?

[fafaforza]

obviously you don't use data. You use Wifi in most cases where you download straight to a phone.

one time pad

[bugs2squash]

Fill the SD card with random numbers and xor the photo data on top of it. Keep a little space aside for keeping track of the directory content.

Use native WiFi on camera?

[buchanmilne]

Most modern DSLRs (e.g. Canon EOS 5D IV, Canon EOS 6D II, Canon EOS 80D) have built-in WiFi now, and you can trivially send all photos from the camera to a smart phone (ideally one with support for removable micro-SD cards) where you could have encrypted storage set up. I have done this on many occasions (e.g. post a photo from my 80D to the internet while at an event).

(I am not as familiar with Nikon models, but I am sure they have some models with built-in WiFi).

Sure, it may be slightly more fiddly than being able to write directly to encrypted SD (or CF) cards on-camera, but much easier to set up as plausibly-denaible.

Of course, if your camera doesn't have WiFi support, you can do the same thing with a bit more fiddling by using a cable (or the "camera connectivity kit" if you use a phone from a vendor who artificially limits the capabilities of their products in order to extract more money from their customers), but then it may be more obvious to nefarious people what you have done with the photos you took.

Re:Use native WiFi on camera?

You seem to forget Bluetooth. Old but reliable file transfer, as long as both devices were paired properly prior the photoshoot.

Pain in the ass for everyone else

[TJHook3r]

When we get some sort of failure and all the files are encrypted, those files need to be as retrievable as they would normally be. I would be surprised if more than 20 people in the whole world are worried about security though. If they are, just take the card out and swallow it before you reach customs!

Re:Pain in the ass for everyone else

Why swallow it? Just shove it down your ass, less painful and can be retrieved anytime.

Re: Magiclantern open-source firmware for Canon ca

[fennec]

In another thread someone contributed a chacha20 patch. But the main problem is that since there is no hardware support any strong implementation is very slow. I think the idea is to try to obfuscate hidden pictures is the supposed noise of deleted files.

Digital Camera is not a iPhone

iPhones don't have a removable SD card. Encryption for digital cameras is just plain stupid..

Let's be honest..

If you're taking pictures of things the local authorities don't wan you to be photographing, perhaps you deserve to face whatever consequences they see fit.

Alternative Solutions Exist

[ZifraTech]

No, the major camera manufactures will not implement the needed encryption in their cameras, but there are other ways to handle this without them. For instance, we at Zifra Tech are currently developing special memory cards that can perform the encryption directly in the camera (while still allowing the user to look at the images until turning off the camera). For more info, check out our webpage https://zifra.tech/ [zifra.tech] Cheers, Robin

A solution exists - an encrypting SD card

Have a look at https://zifra.tech/. They have developed an SD card that encrypts the files on the fly, with photo journalists in mind.

Other matters

The top end cameras have ethernet jacks in them? Why? Journalists have to get their images to HQ in a hurry so they plug the camera into a computer and transfer the files that way.

Moreover, the cameras also have image processing tools built in so that they can adjust colour, crop and sharpen in camera. The images need to be readable for this toolset to be of any use.

Moreover, the top end cameras have audio notes that can be associated with images. Typically these are used to record the person spelling her or his name.

Finally, the Jpeg is the lingua franca of the working photo journalist. Sure, they have 45 mb raw files to contend with if they want to but typically they ship jpegs to HQ because of the timeliness needed.

Re:Why must the camera be secure?

[Anonymice]

Re-read OP

...and who knows, maybe the smartphone could sync with a cloud service to get the images out of the region moments after captured?

This argument is stupid

[nehumanuscrede]

if you are taking photos in an area where " the situation is dire " enough that you need encryption for your photos, then you are also in an area where they will beat the shit out of you until you give up your passcode / keys to unlock them. Or they will just take your camera and no one will ever see you or your compromising photos ever again. Encrypted or not.

Very few will buy the " Reporters Special Edition " camera for this feature because it will slow the camera down. A camera with encryption in it limits where it can be sold and would only appeal to a very tiny niche market. I don't see camera vendors getting too excited about this.

Raw files in modern cameras are already touching 100MB in size ( Nikon D850 ) depending on the sensors resolution. Encrypting that would take time which would probably kill one of the selling points of many cameras: framerate.

A flagship Nikon D5 raw file sizes are only ~40MB in size due to lower resolution sensor, but it can take 12 images per second, so your encryption would need to keep up with 480MB / sec if you want things encrypted before landing on the card.

I suppose you could do so after the images arrive on the card but it would eat up processor cycles doing so ( slowing the camera ) unless you add a custom chip to offload it to.

Then comes the whole making software work with your encryption scheme. Is bad enough we have different flavors of raw files from different vendors, now you want to add encryption into the mix ? Good Luck.

Nope. Nope. Nope.

Canon has a kit, only compatible with few cameras

[lucaq]

http://web.canon.jp/imaging/osk/osk-e3/index.html

OSK-E3

"Note: Currently only compatible with EOS-1Ds Mark III, EOS-1D Mark III"

Most Everyone Doesn't Want Camera Encryption

I'm on a family vacation taking pictures of my kids with one spare battery that needs to last all day. Encryption is going to drain power faster, and encryption reduces the frames/sec that I can take when junior is diving into that pool. I am sorry journalists feel bad someone is going to search their camera, but hey, they're not the majority of the market, and I don't want to have less camera just so they can have a false sense of security. No encryption please!

Re: Magiclantern open-source firmware for Canon ca

If the CPU load of encryption is that bad, it makes me wonder if you could play games with "half-encrypting" the file.

For example, the first part of the file (encrypted) is a JPEG-compressed version of the image, and the second part (unencrypted) is the residuals between the JPEG and the raw image.

It wouldn't be nearly as good as strongly encrypting the entire file, but still much better than weakly encrypting it.