Camera Makers Resist Encryption, Despite Warnings From Photographers

An anonymous reader shares an article from the security editor of ZDNet: A year after photojournalists and filmmakers sent a critical letter to camera makers for failing to add a basic security feature to protect their work from searches and hacking, little progress has been made. The letter, sent in late 2016, called on camera makers to build encryption into their cameras after photojournalists said they face "a variety of threats..." Even when they're out in the field, collecting footage and documenting evidence, reporters have long argued that without encryption, police, the military, and border agents in countries where they work can examine and search their devices. "The consequences can be dire," the letter added.

Although iPhones and Android phones, computers, and instant messengers all come with encryption, camera makers have fallen behind. Not only does encryption protect reported work from prying eyes, it also protects sources -- many of whom put their lives at risk to expose corruption or wrongdoing... The lack of encryption means high-end camera makers are forcing their customers to choose between putting their sources at risk, or relying on encrypted, but less-capable devices, like iPhones. We asked the same camera manufacturers if they plan to add encryption to their cameras -- and if not, why. The short answer: don't expect much any time soon.

SD card feature?

not excusing the camera makers here, but couldn't this be designed into an SD card?

Re:SD card feature?

DSLR's save as jpg or whatever raw file type they use... no encryption whatsoever. Adding encryption to cameras will just slow them down and cause compatibility problems with photo editing software.

Re:SD card feature?

[jfdavis668]

I don't think SD cards have a whole lot of processing power. I may be wrong.

Re:SD card feature?

[BronsCon]

Why, yes it could. In fact, one of the things that supposedly made SD better than MMC, which it replaced, was this (emphasis mine):

Cards can protect their contents from erasure or modification, prevent access by non-authorized users, and protect copyrighted content using digital rights management.

Of course, no implementation that I've come across since the format was released over 18 years ago has implemented that highlighted bit.

Re:SD card feature?

Why? This could be pretty easy.
Just load up a small version of gpg that only encrypts.
Load in your public certificate, and have it encrypt every picture using that.
When you get home you decrypt them.
For all other users it will work as normal.
If that's too much get mbedtls or wolf ssl or some other embedded crypto library.
It takes you two or three days to whittle it down to the functionality you need, and another two or three days to reduce the stack usage to something manageable.
This isn't rocket surgery.
The photo editing software will never know the files were encrypted. Yes, saving will be a bit slower, but will the reporter care that much?
Surely having encryption is more important?

Re:SD card feature?

[Entrope]

The problem is key management. A camera does not have a good way to enter a long password or passphrase, and an SD card is worse. It seems just as feasible to plug the memory card into a laptop (or into an adapter attached to a phone) that can apply whatever encryption the photographer wants.

A country could, of course, outlaw the use of apps to do that -- but they could, and presumably would, do the same for cameras that incorporate strong encryption.

Re:SD card feature?

[I'm+New+Around+Here]

You might be surprised what SD cards can do.
http://www.toshiba-memory.com/...

Re:SD card feature?

[kenh]

Why? This could be pretty easy.
Just load up a small version of gpg that only encrypts.
Load in your public certificate, and have it encrypt every picture using that.
When you get home you decrypt them.

Except, how will this work if you want to see the photo you just took? Encrypt upon capture with encrypt-only software would prevent the camera user from being able to review the photo they just took until they get to a device that can decrypt them. if you implement encryption such that it is a process the photographer chooses to apply after taking the photo (think of it as a process similar to deleting a photo - you highlight it and select "encrypt", rendering it invisible on the camera), that will leave the photos vulnerable immediately after being taken - you know, like when the soldier grabs your camera right after you snap the photo of the soldier beating up a protester...

Re: SD card feature?

[c6gunner]

The problem is key management. A camera does not have a good way to enter a long password or passphrase, and an SD card is worse

This seems like a trivial problem. Have the camera look for a my.key file on the sdcard. If it's there, copy it to onboard and overwrite it on the card. All future pictures are encrypted using the key. Have a button which the user can push to wipe the key from onboard memory.

Re:SD card feature?

[kenh]

There is the eyefi SD card that includes a wifi implementation, allowing you to shoot photos from your camera to your smartphone without any interaction, turning your smartphone into a secure, encrypted photo vault, which can sync with a cloud data service.

Re: SD card feature?

[Immerman]

Sadly not. First - that's not even remotely the point of a write-protect tab, it has nothing to do with read-access at all.

Secondly - unlike floppy drives where the write protection tab prevented the drive from writing to the disc, SD cards use software based write "protection" - i.e. the tab is only a request that the card not be written to, and offers absolutely no protection against faulty or malicious software.

Re: SD card feature?

[Immerman]

You don't even need to do that - use asymmetric encryption and let the my.key file hold only the public encryption key and you can just leave it on the card - it can't be used for decryption, so it doesn't matter who else gets access to it.

Of course that would mean that you can't review your photos on the camera, but also means that the photos are protected even if someone takes your camera without giving you a chance to push the "wipe" button.

And really, there's very little need for on-camera reviewing in an evidence-collecting situation - at most you just need to be able to review the just-taken photo to be certain it clearly captures what you intended, and a professional photographer should have the skills and familiarity with their camera to make that unnecessary. Film cameras didn't have *any* on-camera review options, and did the job just fine for decades.

Re: SD card feature?

[c6gunner]

Being able to review is a handy feature, though, so it would be a shame to get rid of it completely.

But your suggestion is a good one, and there's no reason why both encryption schemes couldn't be implemented. Then the user would have the option to decide which scheme to use based on what level of usability/security they need.

Re:SD card feature?

[aaarrrgggh]

There was an article (likely here) years ago about cameras with digital signing technology built in in order to satisfy evidence chain of custody requirements for police photographers.

It is odd that these types of features are not available in mass-market devices.

Re:SD card feature?

There are SD cards on the market which contain an embedded WiFi chip which creates a portable hotspot to connect to and download pictures directly off the SD card via a built in webserver. They seem like they must be running some sort of embedded *nix OS.

You don't say?
The person you replied to, who linked to exactly that, didn't have me convinced such a thing existed. But thankfully an anon came along to reply to that and confirm it!

(Sorry, but I couldn't help myself there)

So it would seem like it should be possible to create an SD card with a similar embedded system which automatically encrypts files as their written to the FS in a write-only fashion. Obviously this wouldn't allow previewing of images, which is sort of the point anyways.

Not "seem like", but that exists too.

There used to be an SD card under the brand and name "Trancend Wifi SD Card" containing a multi core ARM processor, flash, wifi hardware, and RAM - all running Linux, a wifi/tcp stack, hostap, Apache, and Samba.

You can easily gain root on these cards with physical access and from there and reprogram it to your hearts content, or if you prefer even reflash the entire ARM system with OpenWRT

This was documented back in 2013:
https://forum.openwrt.org/viewtopic.php?id=45820&p=1

One project I saw back then, but unfortunately can't find the github repo for now, was a daemon that ran on the SD card and watched for new files to be stored on the flash via the SD interface.
It would then use GPG to encrypt the file using an uploaded public-key and basically 'move' it into a subfolder.

The idea was that you left the private-key at home on your computer, so the files saved to it can only be decrypted there.

That exact code with slight changes could be used for this purpose and a camera.
Since cameras tend to write their data fairly slow, you'd want to bump up the timing check for new files such that it only 'kicks in' after the file hasn't been modified for a couple seconds, to ensure the integrity of the data being encrypted.

So on one hand, using fully existing hardware one can have this feature today.
On the other, the fact it is some one elses existing hardware is the only reason this can't be sold by a 3rd party right now. (Which isn't necessarily impossible either, but does require securing permission and contracts from the companies that make the things)

There would be a higher cost associated in 'reinventing the wheel' and designing your own version of those SD cards, but obviously that is very much within the realm of possible seeing as it has been done before.

Re:SD card feature?

[Applehu+Akbar]

How do you go about entering a password on a camera? Any virtual keyboard on a camera would be controlled by the arrow keys and Select button, like name entry on the early video games. No photographer would use such a scheme more than once.

I have my iPhone set to automatically Dropbox all pictures I take with it. Even if someone were to grab my phone on the scene I still have my shots.

Re:SD card feature?

[YrWrstNtmr]

Eye-Fi is pretty much defunct. And I say this as a long time user and previously ardent supporter of that tech.

I used it all the time to auto-download to a tablet in my backpack.

Re: SD card feature?

[Applehu+Akbar]

Encryption could also be built into online photo sync systems like Adobe Creative Cloud, so that encryption would take place when you upload the contents of an SD card to the service using a tablet or phone at the end of a shooting day. By the time you cross a border, all your SD cards can be reformatted in camera (not just erased) and your images are encrypted on a server until you get home. This keeps all of the encryption and decryption off the vulnerable camera.

Re:SD card feature?

[cfalcon]

> Adding encryption to cameras will just slow them down
Yes, and if this is a problem you need to add enough hardware to the phone to accomplish the encryption within the needed read/write time of the camera. Given how little power this takes relative to modern processing power, and given the specialized solutions available in most modern chips, this is exactly what is being added.

> and cause compatibility problems with photo editing software.
No, by the time software sees the files they are unencrypted. This is not a concern.

Phones tend to control the entire stack, so adding encrypting to them was mostly invisible to the user, except for the obvious passcode or password. Because cameras are meant to be much more functional, you would need to have a setting on them that allows for optional operation in encrypted mode, with the user being left with the hassle of extracting data from an encrypted SD card. This also means that there would need to be an agreed upon standard that all cameras and other things interfacing with their cards could use, which is probably the real reason this is taking awhile- there's no commonly understood standard for this sort of thing across filesystems in the real world.

Cameras getting encryption is a bit less important than phones getting encryption, as well- because many cameras don't store anything EXCEPT to removable media, whereas phones are a stack of everything all in one place. Still would be nice though.

Re:SD card feature?

[John.Banister]

Perhaps a card could have it's functionality oriented in the opposite direction and function based on what it receives. It could self encrypt the data with a resident public key, and play it back so long as it can receive a requested private key via WPA2 connection to an external device (eg your phone). People with phone confiscation worries could use the phone as a fragile conduit to a remote key server.

Re:SD card feature?

[RightwingNutjob]

Let's also point out the obvious flaw here: encryption takes time and writing to a flash memory device takes time.

This thread is turning into another "smart gun" debate. One side wants a technology that has to read minds and violate laws of math or physics in order to work as conceived, and the other side isn't interested in going down a rabbit hole of silly.

Re:SD card feature?

[ceoyoyo]

Except, how will this work if you want to see the photo you just took?

Who could do photography under those conditions!? ;)

Encrypt-only isn't the solution to everything, but it actually might be a better solution to the problem stated in the summary. If you leave the decryption key at home then you can't decrypt it, even under coercion. Plus, if it's in the card, you just swap cards between regular shots and things you think might be sensitive. Provides some plausible deniability too: yeah, here are the pictures I've taken; oh, haven't used that other card yet.

As for looking at the pictures, you couldn't do that in the field with film either. And documentary photographers might look at quiet times for interest sake, but they don't shoot, check the photo, ask the subjects to stand differently, shoot, rearrange.... At least they're not supposed to.

Re:SD card feature?

[magarity]

How do you go about entering a password on a camera? Any virtual keyboard on a camera would be controlled by the arrow keys and Select button, like name entry on the early video games. No photographer would use such a scheme more than once.

That's how one sets up camera WiFi and radio flashes. So, yes, the camera already has virtual keyboard. Its no worse than navigating such things as FireTV Stick, etc. If you're the 1 in a million photographer trying to get pictures out of North Korea or Burma then you'd be happy to have such a system. The rest of us wouldn't want to encrypt even if it was easy.

Re:SD card feature?

[nospam007]

"This isn't rocket surgery."

As a rocket surgeon, I can tell you, it ain't as easy as it looks.

Re:SD card feature?

[The+MAZZTer]

Any such encryption would have to be invisible to the camera in order to work, so the camera would still be able to view the pictures, and this is how anyone would check your pictures anyway.

Re:SD card feature?

[mysidia]

Encrypt upon capture with encrypt-only software would prevent the camera user from being able to review the photo they just took

Encrypt all the photos on a particular card with the same 128-Bit AES "User Key" that is generated by applying a certain number rounds of Argon2id to a passphrase selected by the user. Save a strong hash of the key on the card alongside each file --- AND keep the key in RAM until the camera is shut off, or the user pushes a 'lock' button to allow picture review.

When the camera is turned on, the user will be prompted to enter that SD Card's "User Key".

Also, when the user loads the SD Card into a computer they will see on the SD Card a "Filesystem file" that the filename is the hash of the user key, and the content is an exFAT filesystem image file where each sector is encrypted using the user key, and the listing of files is embedded into the image.

Re:SD card feature?

[mysidia]

Encrypt-only isn't the solution to everything, but it actually might be a better solution to the problem stated in the summary.

Yeah.... even if you go encrypt-only; you could still use a unique symmetric key for each file, and just encrypt the symmetric key using GPG.

Hold the symmetric key for each photo in RAM for a short amount of time to allow the review process, and then when the camera is shut off, or the review is done --- purge the symmetric keys from RAM.

Re: SD card feature?

[Monster_user]

If you can't decypt it, the you can't take the photos out of the country.

Problem still exists, and now you've got built-in ransomware on your device, because the majority of you customers don't know a thing about encyption. I for one hate encryption of my personal devices, it makes it difficult to make unencrypted backups or to switch vendors.

Better to use encrypted LTE and upload to Dropbox, then delete the photos. That way the photos have already made it out, and there is less risk to the photographer.

Re:SD card feature?

[CaptainBaseballbatBo]

Except, how will this work if you want to see the photo you just took? Encrypt upon capture with encrypt-only software would prevent the camera user from being able to review the photo they just took until they get to a device that can decrypt them

That problem could be solved by encrypting the photo only after a period of time; as a photographer I'm interested in the photo for about 1 minute anyway to be able to check it's not over / underexposed etc. Asynchronicity would also solve the problem of encrypting in real time.

Re: SD card feature?

[viperidaenz]

When was the last time you managed to access Dropbox via LTE while in North Korea?

Re:SD card feature?

[ArchieBunker]

Hardware encryption won't slow anything down.

Re: SD card feature?

[viperidaenz]

Unless you're trying to get out a country with no internet.

Maybe you're a journalist in Iran, involved in the recent protests. Iran cut off the internet in entire parts of the country. They also block a lot of sites when you can get access.

Or maybe Syria?
Or North Korea?

Re:SD card feature?

[Teun]

There are reasons digital photography left the old analogue behind, immediate checking of the results is one of those reasons.

Re:SD card feature?

[beckett]

like film. we survived waiting to develop the emulsion back at the lab.

not suitable for all situations but it would be a welcome toggle setting that the ohtographer could pre-set for anticipated challenging situations.

Re:SD card feature?

[Teun]

The higher end camera's have a significant fast memory buffer from which the pictures are transferred to the slower removable media.
The manufacturers will have to devise a system whereby said buffer will not retain a tell-tale.

Re:SD card feature?

[Teun]

Thanks for the valuable information.

Re: SD card feature?

[Teun]

Or the USofA where all your rights are waved within a significant distance of the international borders?

Re:SD card feature?

[djbckr]

You are pointing out something that film photographers have dealt with for decades: Did I have my settings right? Was I underexposed/overexposed? etc. When I look at my pictures, I *mostly* look to see that it's an acceptable exposure - my histogram is beside the picture. If that looks reasonable, I move on. The encrypt-immediate process could leave the histogram un-encrypted. You can't surmise what the picture is about based on that, but at least you know you have a decent exposure.

Re:SD card feature?

[Teun]

The pictures of your parter in an undressed situation might be another cause for encryption.

Re:SD card feature?

[Teun]

A modern hi-end camera has a touch screen with a virtual keyboard.
Even a fingerprint sensor could be considered.

Re:SD card feature?

[ceoyoyo]

I thought the winky face made the sarcasm clear. Or did you mean to reply to the GP?

You could leave the histogram unencrypted yes. I doubt that would be a big selling feature though. Documentary photographers probably don't look at their images (or histograms) much while they're in the kinds of situations where you'd want to encrypt pictures. And those of us who learned with film often rarely look at the back of the camera any time.

By encrypting everything you could hide the pictures entirely on the card. If someone looks it just looks empty, or maybe you put a smattering of innocent photos on it.

Re:SD card feature?

[AHuxley]

Re "Hardware encryption won't slow anything down."
A consumer dslr can do 5 images in a set time before the hardware and media need time to catch up. The camera stops for a while as the buffer of set size and speed fills.
Call it say 30 images with a more expensive dslr. Then the much faster card has to saves the images.
Add encryption and that rate stays the same, gets not as good for that generation given the new encryption.
The competition selects not to offer encryption. Their lack of heat, power, working on the file in a new way with encryption allows their image per time number to look better.
Their buffer just works on images, not having to work on and wait for encryption. While one weather sealed camera slows to encrypt, uses more power to encrypt and gets warmer, the completion captures a few more images per set time.

Hardware encryption needs more battery support, makes more heat, slows the buffer. Less images per set time and thats one selling point that has to be better.
Selling a slower camera with less images per buffer size at the same price as next generation will be difficult given what new encryption will take away.

Re:SD card feature?

[K.+S.+Kyosuke]

Except, how will this work if you want to see the photo you just took?

Clearly photography could never work under such conditions...

you know, like when the soldier grabs your camera right after you snap the photo of the soldier beating up a protester...

If I'm not mistaken, there are cards that immediately send the data wirelessly into another device.

Re: SD card feature?

[ceoyoyo]

"If you can't decrypt it, the you can't take the photos out of the country."

Why? You leave your decryption key at home. When you get home, you decrypt it. If you get caught in-country, the pictures are unrecoverable, which is what you want.

The easiest way to implement it would be to use a standard encryption library. No problem decrypting with anything you care to pop your SD card into.

Re:SD card feature?

[EETech1]

http://www.toshiba-memory.com/...

Ever used these? I just bought one a few months ago.

Re:SD card feature?

You do not need to see it. Or you review the version that is in the camera RAM (one image only if need be).I suppose this could be made to work in a 'write only' SD card - which would show teh file system metadata, but turn all image block data into something undecodable on readout.
For most security, the key is only available at the photographer's home base.

Cameras have too small a market for this kind of feature. At leas in a memory card it can be amortized over more devices (secure logs anyone).

Re:SD card feature?

[Altrag]

The same way your iPhones does it? Sure there's some debate with regard to biometric vs passcode entry (especially in the US with respect to the 4th amendment) but aside from that, its pretty much a solved problem.

Camera makers are either being lazy, or being coerced. I suspect the former. Keep in mind it wasn't that long ago that people were bitching about camera makers not bothering to introduce digital processing features that iPhones had years earlier (to the point that some photographers were talking about just switching to using their phone flat out. Probably not seriously but I wouldn't be surprised if at least some of them chose to use their phone for certain pictures for a while, just so that they could see the filters and other processing applied on-the-fly rather than having to hope they get a good shot that they can photoshop later.)

Re:SD card feature?

[Altrag]

Fingerprint scanner? Or change the screen to a touch device and put up a number pad? Hell they could get rid of the arrow keys and shit if they designed a decent on-screen interface. There's plenty of ways they could do it.

They're just being lazy and cheap and relying on the fact that there's only two major brands (Nikon and Canon.) Sure there's plenty of smaller names in the industry as well but there's also an insane amount of brand loyalty holy wars so the smaller brands have a hard time gaining market share even if their devices are objectively better in some way.

Imagine in Apple decided to enter the market. Perhaps an add-on that allowed you to attach professional lenses to your iPhone (which already has a pretty good CCD.) They could potentially demolish the market. Of course I don't know if the professional photography market is big enough for Apple to bother, but if they did it would at least force Canon and Nikon to start innovating again in areas other than megapixels or whatever the buzzword number of the year is these days.

Re:SD card feature?

[dgatwood]

Selling a slower camera with less images per buffer size at the same price as next generation will be difficult given what new encryption will take away.

The buffer size is an implementation detail. Nobody outside the manufacturer knows the actual amount of RAM (though we can roughly approximate it by multiplication), which means the manufacturer could easily bump up the RAM by 10-20% to support the crypto hardware, and the public would be none the wiser.

And at current flash card write speeds, I don't think you'll hit a wall in terms of performance or heat, either.

No, the reason they won't add this feature is that only a tiny percentage of users care, and it would probably add ten bucks to the BOM cost of the product — a cost that they will have to eat, because only a tiny percentage of users care. If it added ten cents to the BOM cost, it would be too much.

Realistically, the way you're going to get features like this is not through the manufacturer, but rather through custom firmware like Magic Lantern. They have some limited encryption (public-key crypto is likely impractical because of limited CPU speed), and it would be relatively easy turn it into nearly unbreakable encryption through careful use of a one-time pad:

• Write a random data file that is roughly the size of the flash card BEFORE you leave the U.S.
• Make a copy (or multiple copies) of that file and leave it (them) at home.
• XOR each block of new files with a block from the end of that file.
• Truncate the random file to discard the random blocks.
• Write the encrypted data to the flash card.
• Write a mapping table entry that says "file foo.jpg should be decrypted with blocks 794-796".

With that approach (truncating before writing), nearly all of the used random data blocks will get overwritten almost immediately by encrypted image data, making recovery of the original random data physically impossible for anyone without a copy of the original random data file.

For maximum safety/paranoia, you could add code so that when you switch the camera off, it creates a file as big as the remaining space on the flash card, zero-fills it, and deletes it a few times, but such a feature should be independently gated by a separate, user-controllable setting, because it would have a serious impact on the lifespan of flash cards.

Re: SD card feature?

[Monster_user]

Encryption on digital cameras is rare. Because it is rare; it is suspiscious. Unless you are a spy working for an intelligence agency, you're going to get the same punishment regardless of whether they can decrypt the photos.

Encrypting my photos means I can't decrypt them when I get home because I lost the decryption key. Furthermore, it means I have to remember to decrypt them before backing them up, because I will eventually lose the decryption key.

Re:SD card feature?

[pikine]

Here is an article about password protecting SD cards using custom hardware. It has some technical detail how it works. All SD cards should have the password feature, just that not all cameras let you enter a password to unlock the card for access. It may be at odds with the need to be able to pull out the camera and immediately start shooting an unanticipated fleeting moment. The camera might want to keep the card unlocked, but have a dedicated lock button to relock the card before encountering security searches.

Re: SD card feature?

[Immerman]

Possibly on some newer drives, but the original design was implemented in hardware/firmware - even with raw system control (no OS present) you couldn't write to a copy-protected floppy, the drive itself would return an error.

Re:SD card feature?

[AHuxley]

Re 'which means the manufacturer could easily bump up the RAM by 10-20% to support the crypto hardware"
In a weather sealed, small camera that needs 4K movies and a lot of other new useful features and has to support more and more images, have more resolution, capture more data per image?
The manufacturer has so many other heat producing, battery using systems to try and fit in without adding new costs of "bump up the RAM by 10-20%"
Then to "support the crypto hardware".

Consider the user side too. A user sets a code. They forget the code. They want their best images back... The brand gets asked to recover the images, they cannot. The once captive user who was fully invested in branded lens, branded hardware is unhappy with that brand.
A lack of encryption makes for lower costs, allows limited memory to work as expected for the costs, cpu, heat, power and other limitations to be used on features that make a product stand out from past generations.
Adding encryption would need more cooling, more power, a larger physical size of camera, more costs to pass on for design work to keep the existing size?
New special chips or slow the existing chips to now do encryption too?
The "cost that they will have to eat" is going to codecs, 4K, the next ten of camera. Not much room in the costs to add a new design for crypto. Unless the features are reduced, kept the same, costs are increased. Who wants a next ben camera thats like the last one with more costs and "crypto" as the only new feature. With the same/less images in a set time.

Re: SD card feature?

[Immerman]

So, make it not rare, and not obvious. Standard option somewhere in the settings to turn encryption on and off, and encrypted files just get totally ignored by the browse/review interface - if all you've taken is encrypted photos, the camera appears to be empty. Take a bunch of non-encrypted vacation photos, and you have a nice decoy - unless the jackbooted thug actually pulls the card and examines it on a separate diagnostic device, the encrypted stuff is invisible.

For added convenience you might list the actual free space while in encrypted mode so you get some advanced warning before getting a "no space for photo" error. That's slightly less obfuscated in that the thug wouldn't need a separate diagnostic device so long as they knew what they were doing - but that calls for a somewhat higher grade of thug.

Moreover, the point of encryption is not so much to protect yourself - if that's your goal then you don't try to break stories where encryption would matter. The goal is to protect your sources.

Re:SD card feature?

[Immerman]

Actually, I suspect it was very far down the list - digital cameras were getting quite common before even really bad screens became standard. Digital took off because it was cheap and convenient, with basically zero incremental costs for each photo and no need to take it to somebody and wait a few hours/days to get it developed.

Screens are like the "instant" Polaroids of the photography world - quite popular among the hobbyists, but largely irrelevant to most professional photographers. If you have to look at the camera to tell whether you got a decent shot you don't know your camera.

Re:SD card feature?

[Immerman]

So be stealthy - encrypted photos are completely ignored by the on-camera browser. Take a few innocent unencrypted ones to allay suspicion.

More to the point, encrypting the photos isn't intended to stop you from getting caught - it's intended to protect your sources *if* you get caught. If you have the time you'll have already swapped out to a decoy SD card anyway, so that there's nothing suspicious in the camera. Encryption is for when you don't have the time, or they find your real card.

Re:SD card feature?

[Immerman]

Ram usually doesn't store a tell-tale for long without pretty extreme measures. And if you were concerned about it it wouldn't be terribly difficult to fill the entire memory with random noise whenever it's powered off - that should take care of it nicely.

Re:SD card feature?

[Immerman]

Easy solution - put the encryption on a toggle feature. Don't need it, don't use it. Need it, it slows down how fast you can take photos while it's turned on, and probably makes those photos impossible to review, if not outright invisible without separate hardware.

Re: SD card feature?

[slazzy]

There are a lot more countries that will shit on you over photos, in fact almost every country will in some situations. Still, i agree that unreliable lte goes along with unfriendly governments, so uploading would not be an option for everyone.

Re:SD card feature?

[rally2xs]

"Yes, saving will be a bit slower,"

So the $6,500 camera that the sports photographer just bought and is using at 11 frames per second to capture all the action at the basketball goal that he just paid some local official to be able to position himself above is not going to be able to run his camera at 11 frames per second any more because it is screwing around encrypting his 42 megapixel files shot in "raw?" I'm sure he's going to buy a camera that works like that... not...

Re: SD card feature?

[BronsCon]

No, the movable tab achieves he first item on that list.

Cards can protect their contents from erasure or modification

Maybe read the linked article and some of its references? I mean hell, this tech has been around for over 18 years and is well documented.

Re: SD card feature?

[olof_k]

You're right. And it's being done already by a company called Zifra https://zifra.tech/ They have the hardware already and many clever ideas for how to make this easy and secure. I have talked to them quite a lot over the last year

Re:SD card feature?

[ZifraTech]

This is exactly the problem we at Zifra Tech (small new organisation in Sweden) are fixing. We are developing special memory cards that can perform the encryption directly in the camera (while still allowing the user to look at the images until turning off the camera). For more info, check out our webpage https://zifra.tech/ Cheers, Robin

Re:SD card feature?

[Cederic]

To be fair, he'd just turn off the encryption.

It's the guy shooting in a dodgy situation that will go, "Yeah, losing processing power and dropping to 4 frames per second is a reasonable trade-off if it stops people getting killed."

I'm just not sure that there are enough such people buying cameras to justify the cost of adding the feature.

Re:SD card feature?

[Cederic]

The camera stops for a while as the buffer of set size and speed fills.

Nah, not any more. The storage media is now bloody fast and can keep up. My camera can sustain 17fps for a couple of minutes.

Admittedly if I set it to capture at 60fps (the most it will do in RAW) that slows right down after the buffer is filled.

Re:SD card feature?

[Cederic]

Since cameras tend to write their data fairly slow

Are you shitting me? If you're shooting events (sports, combat, civil disruption) you're hitting the shutter frequently and/or using sequential capture at (up to) double-digit frames/second. The cameras are writing files in tenths of a second at most.

Re:SD card feature?

[Cederic]

They're a bit slow though. Don't get me wrong, a few years ago they'd have been top-end cards, but they're just not cutting it for modern cameras.

RAW file sizes are higher, capture rates are higher.. SD cards need to keep up.

Re:SD card feature?

[rally2xs]

Well, if you can turn off the encryption, then fine, there's no problem other than the presence of it probably making it cost more.

Re: SD card feature?

[sound+vision]

I believe you wouldn't use it more than once, and I also believe you're not a photojournalist in a warzone. Taking 60 seconds to decrypt your pictures once you get back to safety would be the quickest, easiest part of the job.

Re:SD card feature?

[olof_k]

There's a company called Zifra https://zifra.tech/ that does exactly this. They have the hardware ready and plenty of clever ideas for the software. I have talked to them quite a lot over the last year and they are doing a great job

Re:SD card feature?

[AlwinBarni]

It seems to me an important feature, which obviously should be optional (e.g. a special button, like now RAW format).

As for not being able to review the images, there was a time (not so long ago), when reviewing required sending your film to being processed first and somehow photo journalism existed. Please keep in mind that, as far as I understand this request, the feature is to protect lives of journalists in rogue states, where when being found with "forbidden" photos might put them to jail or even cost their lives, and usually such situations involve no time to copy the photos and encrypt with e.g. laptop, also no WIFI around.

In my opinion the option should make the photos completely undetectable on the camera, which in the worst case can cost a journalist his camera. Of course rogue states can still just ban cameras with such features, that's why it is important to have cooperation from all camera manufactures, but let's be honest here, when was the last time corporations stood for average human being freedom risking banning their products.

Re: SD card feature?

[jouassou]

Not necessarily. Just use an encrypted file system instead of encrypting each file. Ask the user if they wish to set an encryption password when they format a new SD card, leaving the ability to use legacy non-encrypted vfat if they so wish. Now, every time you turn on your device, it'll ask you for a pass code to decrypt the storage. If you're in trouble, turn off the device, and don't give away the code, assuming you're in a region where they can't just beat the pass code out of you (in which case you'd be screwed regardless of whether they see the contents of your camera or not). Sure, using that feature might make saving pictures slower, and drain the battery faster. But for many journalists that might be an acceptable tradeoff for their privacy, which is why the best option would be to implement the feature, tell the user about the tradeoffs, and let them decide. Note that encryption of whole SD cards has been a thing on phones for quite some time, and my encrypted phone still lasts a couple of days per charge, even though it does a lot more than take pictures. There's no reason that can't be ported to "proper" cameras too.

Re:SD card feature?

[Bob+the+Super+Hamste]

Perhaps an add-on that allowed you to attach professional lenses to your iPhone (which already has a pretty good CCD.)

People already do make add on lenses for iPhones and while they will give you some telephoto abilities they will never produce professional results. The reason is that the sensor in the iPhone and stock lens are already diffraction limited so any lens with a greater f-stop than the factory one will only make that worse. Also since no lens is perfect adding another one will only introduce additional optical defects and aberrations into the final image. Now some times this is acceptable (look at 1.4x and 2x telephoto converters) but the results are not as good as just using a larger lens to begin with. For example I have a very nice SMC Takumar 200mm lens and a really cheap 400mm lens, I get better results with the cheap 400mm lens than using the 200mm with a 2x telephoto converter. That said before I got the 400mm I would use the 200mm + 2x converter for that extra reach as the results were still better than a tighter crop of an image taken with just the 200mm lens. So don't expect adding more glass in front will work miracles.

Moving on to sensors the iPhone has a very good sensor for its size but it is still a tiny sensor (about 6mm x 5mm). Compare that to a professional full frame sensor that is 24mm x 36mm, APS-C 22mm x 14mm, medium format (43mm x 32mm or 53mm x 40mm) sensor. The light gathering ability of those larger sensors is substantially better that the tiny sensors in cellphones. The iPhone does use a back illuminated sensor which does help it out with high ISO noise but even then the high ISO performance of the larger sensors is vastly superior. It looks like the iPhone tops out at ISO 1250 which is pretty damn low compared to even an old DSLR (I have a 10 year old one that tops out at ISO 3200 and one less than 2 years old that tops out at ISO 51,200) and the amount of noise in the image from the iPhone is comparable to my newest camera at ISO 25,600 or the older one at ISO1600.

Then you have the combination of the existing lens plus sensor on the phone which produces a very deep depth of field, even with the "telephoto" lens on the iPhone. Yes software can fake it but there is a reason that professionals like a mild telephoto (in the 70mm to 150mm range) with a nice f/2 aperture on a full frame camera or better yet a 200mm on a medium format for portraits. The depth of field comes about because of the sensor size and focal length so a big sensor with a big lens will give you a shallower depth of field while the tiny sensor (crop factor of about 7) with tiny focal length (about 4mm) give a very deep depth of field. If I want that I will stick my 17mm fish-eye or 28mm wide angle on my full frame camera, set the f-stop to f/11 or f/16 spin the focusing ring over to about 2 meters and not bother focusing it again and go do some street photography. In looking at a lab test of the iPhone 8 image quality I'm not impressed with what it produces under ideal circumstances but there one is a pixel peeper.

All that aside a camera like what one finds on a modern good quality cell phone will be all most people, 99% of people fall in this category, will ever need and they will never find the camera being the limiting factor in their photography ability. The only area that these cameras could really improve would be in noise reduction, especially at high ISO, as they are at the limits of what can be done to improve image quality with optics and pixel densities. Even there they may be rapidly approaching the limits but I don't know much about that area of senso

Re: SD card feature?

[nwf]

If you are in North Korea taking pictures, you aren't going to get away with "they are encrypted!" They'll confiscate your camera and memory cards and destroy both. Then lock you in a second-century jail for the rest of your life.

Thank goodness for encryption.

Re:SD card feature?

[lucaq]

Canon has a product.

http://web.canon.jp/imaging/osk/osk-e3/index.html

Re:SD card feature?

[dgatwood]

Re 'which means the manufacturer could easily bump up the RAM by 10-20% to support the crypto hardware" In a weather sealed, small camera that needs 4K movies and a lot of other new useful features and has to support more and more images, have more resolution, capture more data per image? The manufacturer has so many other heat producing, battery using systems to try and fit in without adding new costs of "bump up the RAM by 10-20%" Then to "support the crypto hardware".

You're dragging cost in. If you'd read the rest of my post, you'd see that the very next thing I said was that the reason was cost, not technical challenges.

Heat is really not a factor in camera design, with the exception of the image sensor itself (which can't have a traditional heat sink for obvious reasons). A typical camera is huge by the standards of modern electronics, with lots of empty air space into which heat can be dissipated. An extra RAM chip isn't going to make enough difference to matter. I mean their CPUs typically run almost half a decade behind the state of the art in terms of their process size. If heat were a significant factor, don't you think they'd spend the extra money on improving that?

Battery power for RAM is a factor, but not a big one. The number of shots per battery charge is measured in the high hundreds to low thousands, most serious shooters carry multiple batteries, and most casual shooters can go two or three days on a charge unless they're shooting lots of video or have Wi-Fi turned on. And the number of shooters who care whether it's 900 shots to a charge or 800 is likely about the same size as the number of shooters who care about crypto.

No, those things are excuses. The reason is cost, period.

Re: SD card feature?

[cthulhu11]

In the film days one got by without review for multiple reasons, including:

o The bar for acceptable focus was much lower
o The bar for acceptable grain/sharpness was lower
o Film is more forgiving of the dynamic range of skin tones
o Film would be pushed / pulled more effectively

A compromise would be to buffer unencrypted previews for 30 seconds. Encrypted shots would go to storage, unencrypted previews would be gc'd after a a configured amount of time.

Re: SD card feature?

[JesseMcDonald]

If you are in North Korea taking pictures, you aren't going to get away with "they are encrypted!"

Missing the point. Encryption isn't primarily to protect you, it's to protect your sources. To protect yourself from discovery you'd need plausible deniability, and possibly steganography, which are outside the scope of this proposal.

Re: SD card feature?

[nwf]

Not sure I agree. If North Korea tortures you until you provide they key, what's the difference between that and no encryption as far as they are concerned? Sure you may not have a key, but then you die and your pictures never see the light of day. Keeps the source safe, but they've taken risks for no benefit. Or they install malware on all your devices and hack into your home computer and get the key. People suck with keeping things secure.

These are likely the issues as to why manufacturers won't ever do this. Either it gets someone killed (bad PR) or is an incomplete solution (especially since NK's pal China can likely break your cheap camera encryption anyway.) Doing nothing is the safest solution. The photographers can learn to hide the good pictures and gave lots of pictures of happy NK citizens for a cover.

Re: SD card feature?

[JesseMcDonald]

If North Korea tortures you until you provide they key, what's the difference between that and no encryption as far as they are concerned?

Well, there is the fact that they would actually have to torture you, which might cause more diplomatic problems for them than simply seizing your equipment. There is also the possibility that you don't have the decryption key in the first place; the photos could easily be encrypted such that only your superiors in whatever organization you're reporting to have access to the decryption keys.

... but then you die and your pictures never see the light of day. Keeps the source safe, but they've taken risks for no benefit.

They'd be taking far more risk for no benefit if the photos were intercepted without encryption. Of course, the goal is to get the photos out of the country undetected, and for that purpose a prudent photographer would take the steps others have reasonably suggested, like transferring the photos to a secure device—ideally a remote server in a "safe" country—wiping the camera's memory card, and filling it with innocuous "decoy" shots. The purpose of on-camera encryption is to plug the gap which exists between when the photos are taken and when they can be offloaded to more secure storage.

Re: SD card feature?

[Immerman]

It is, but if it's the price of absolute security then perhaps it's worth sacrificing. I would assume it would be a toggleable option, so you'd still get review on vacation and artistic photos, just not of anything taken in encrypted mode. Which is probably generally going to be evidence, and held to much lower standards of artistic quality.

As an added bonus, if the review feature simply ignored encrypted photos then it would add a little obfuscation - guard seizes camera, only sees your vacation photos. No prompt for password or anything. Nothing looks suspicious and you're probably on your way.

And as AC says, you could potentially still review the last few photos that are still in RAM, which lets you still verify exposure, focus, etc.

Re: SD card feature?

[Immerman]

True. But we're talking about documenting evidence, not taking award-winning artistic photos. For non-sensitive stuff I'd assume you'd turn off the encryption.

But yeah, buffering the last photo of two so you could at least verify proper focus, exposure, etc. would probably be relatively safe.

Re:SD card feature?

[torkus]

Not really...make saving the PIN/decrypt key optional. People in high risk situations would gladly forgo the ability to review pictures (it would be trivial to keep the 2-5 second preview) in order to be sure that no one can access their photos. Heck, if you keep the decrypt key secret from the photographer (i.e. for reporters) then it would be impossible to force them to give them up even.

This isn't a smart gun debate for so many reasons...death is not a likely outcome from the use of encryption on cameras for one. Plus this is available in levels and easy disable entirely. Plus, unlike a gun, most people who use a camera WILL have advance notice and are unlikely to die if they are unable to point a camera back at someone pointing one at them.

Way to bring unrelated but hotly debated topics into the discussion though.

Re:SD card feature?

[RespekMyAthorati]

is not going to be able to run his camera at 11 frames per second any more because it is screwing around encrypting his 42 megapixel files shot in "raw?"

Of course, if there is anything that oppressive governments don't want the world to see it is a basketball game.

Re:SD card feature?

[Altrag]

Yeah it would have to absolutely be something Apple designed and built for. I have no doubt that just tacking a third party lens on top of (rather than in place of) the existing lens would be less than ideal. I'm thinking something more in concept to those cheap 3D glasses where you drop your phone in to do most of the heavy lifting.. so the "camera" is just a foundation for holding the lenses, the tripod mount, etc.. and your phone acts as the camera's processing unit, replacing the often-terrible display, buttons, UI, etc with something designed by a company known for good (or at least reasonably decent) design.

Of course it would be optimal if the camera's CCD could be used as well, but its not 100% necessary for my idea. It would just save having to attach a plug or otherwise pairing the phone with the "camera" unit.. though that may be desirable anyway so that the phone could control things like zoom and focus and other features that require physically manipulating the lenses and other non-processing operations.

Re:SD card feature?

[Bob+the+Super+Hamste]

In that case something like what the new Pentax digitals have might be what one wants with their wireless tethering. I haven't used it as my camera is one generation back and so doesn't support it. I have found that digital camera controls range from just pisses me off to being somewhat intuitive with Pentax being the somewhat intuitive and Canon just pissing me off. Granted these are for high end DSLRs not point and shoots which I just get mad at because I want to do something the camera things I shouldn't. Up until late last year I was still exclusively using film in an old but very high end all manual 35mm camera so all I really want is a quality view finder, and an easy way to set aperture, ISO, and shutter speed for controls.

I think we have already seen the split with cameras and you are going to see brands like Nikon, Canon, Pentax, Sony, Minolta, Olympus, etc making very good cameras for serious amateurs and pros while the general population takes cat and food pics with their cellphone and can get a reasonable 8x10 under ideal circumstances. The point and shoot will likely disappear in the next few years and the superzooms will be a very small market. Likely just a stepping stone between the cellphone and high end DSLR or mirrorless, if those eat the DLSR market, likely within a decade. My wife loves her cellphone camera and 3 year old point and shoot digital because she just wants to push a button and get a not completely shitty picture (out of focus, under/over exposed) but wants nothing to do with my cameras. Yet if she needs some nice pictures of quilts for publication she will have me take some really nice ones with my camera to be sent off.

Even just using the sensor in a cellphone, if one could replace the lens, wouldn't provide much of an increase in quality or ability as the pixel pitch on those sensors is so tiny that you are diffraction limited basically at all f-stops, seriously anything smaller than f/1.4 and you are diffraction limited on an ideal lens. I own one lens that wouldn't be diffraction limited with that sensor and even then that lens would be wide open which means it would be fairly soft as would even today's best variable aperture lenses, unless you went and rented one of those Ziess f/0.7 lenses. That still doesn't address the depth of field issue with those tiny lenses (a 10mm focal length lens on an iPhone would be about the same field of view as a 70mm lens on a full frame or 35mm camera) but would have depth of filed of from infinity down to about 5 feet even at f/1.4 but you could get within 1/2 of an inch of something and be able to focus and then get a shallow DoF. There are a lot of cases where one wants to have a super shallow depth of field like in portrait or product photography which those cameras wouldn't be able to do. At the same time if one wanted to go ultra wide on one of those sensors how would one use and manipulate a 1 or 1.5 mm lens?

Then dump the "Camera Makers"...

With smartphones approaching 20MP, they are an alternative in a lot of situations.

(No, you dont have to argue that a 5mm Optic isn't the same as a 50mm Optic, i know. But if encryption is important for you, currently, the Camera Makers wont give you a choice)...

Re:Then dump the "Camera Makers"...

[admin7087]

Common, the article is about professional photographers. They also need to sell their photos on a highly competitive market.

Re: Then dump the "Camera Makers"...

[Teun]

Uhh, Sony camera's make nice pictures but their operation is rather difficult, for one Sony decided to make them too small for many if not most hands.
Even though their price / quality is very good pro photographers need something more substantial.
Luckily the better Nikon camera's use the best Sony sensors.

Re:Then dump the "Camera Makers"...

[fafaforza]

It's not about megapixels.

Re:Then dump the "Camera Makers"...

[Cederic]

Yep. 20Mpx on a shitty small sensor is worse than 12Mpx, especially for photojournalism.

My phone can take some awesome photographs and has seriously good software helping with exposure and focus. It still can't get close to my proper camera in fast moving or low light situations.

Encryption doesn't sell cameras

[PeeAitchPee]

High resolution, more stops of dynamic range, and the ability to use different lenses does. For really high end models, there are a few other things too, like full frame DSLR formats, high frame rates (for shooting sports etc.), the ability to shoot HD video, etc. The vast majority of people shooting with a camera other than the one on their phone (which is already a shrinking market) don't care about encryption (which would slow down their camera even more), so don't expect the Nikons, Canons, and Sonys of the world to invest a lot of R & D on a feature that there's really not much of a market for.

Re:Encryption doesn't sell cameras

[jfdavis668]

Correct. Camera companies are in competition to sell cameras. Adding an expensive option that very few people would want to use would just handicap that company in the sales competition.

Re:Encryption doesn't sell cameras

[ThomasBHardy]

Agreed. The number of folks who are interested in using encryption on a camera is a very very small slice of the consumer base.

I've worked as a photographer in a news organization. Even with my time there, never was there any case for encryption. Having the entire camera industry switch to encryption would be having the 1% of actual use cases drive the cost and performance factors for the 99%.

Lets see one company make a single camera that has encryption. If it sells like hotcakes to news organizations, fine. but I'll be willing to bet that it the sales will be minuscule because it's not a feature that needs to exist for realistic situations.

Re:Encryption doesn't sell cameras

[Bing+Tsher+E]

Further, camera companies don't have much value in painting a target on their back that says 'Customs agents and police: hassle people MORE if they are carrying our brand of camera.'

These 'journalists' need to just accept the reality that their activities are not risk-free.

Re:Encryption doesn't sell cameras

[Immerman]

How expensive would it be though? Cameras already have the necessary CPU power to do all sorts of image processing, encryption is no more difficult. All they need to do is load a public key from the SD card and, if in "encrypt mode" use it to encrypt the the photo rather than storing it unmodified on the SD card. Maybe that means it takes 5x longer to store each photo if the CPU is especially weak, but so what? If you're taking photos where encryption is important you should be willing to make compromises. And it doesn't have any impact at all if encryption mode is turned off.

Re:Encryption doesn't sell cameras

[Actually,+I+do+RTFA]

Not only that, but encruption fights those features. Recording more data faster to the card is consisdered a feature (I need to store that higher resolution, extra dnamic range, more frames per second, etc.) Already some cameras require CF cards because SD isn't fast enough. Encryption will invariably slow down the write speed.

Re:Encryption doesn't sell cameras

[idji]

Don't we already have self-encrypting SD cards, that could hide photos unless they were inserted into a safe device back home?

Re:Encryption doesn't sell cameras

[Cederic]

Cameras trade off processing power for capture speed, physical dimensions and battery life.

You want to add additional processing, it comes at a cost. You may consider it a low cost but cameras are already running on the edge so it's going to have a discernable impact.

Sure, it can be done - but just who the fuck is going to want and use it? Maybe the demand is there, but so far it hasn't been strong enough to encourage a manufacturer to implement the feature, and even if they did, making it fit neatly into a sensible photographer workflow is still going to be bloody hard.

Re:Encryption doesn't sell cameras

[ThomasBHardy]

I'm not sure that would work unless the camera itself had a firmware update to write out the image files encrypted and read them in as needed for previews. Can they build that into a standard SD card? Where would the encrypt/decrypt step occur? There's no processor on an SD card capable of handling giant RAW file encryption in a timely fashion that I'm aware of.

I know there's a firmware mod for a Nikon that provides encryption and there's a magic lantern project that I think targets Canons, but I'm not familiar with how reliable they are.

I I were trying to make a product for this, I'd think a potential route would be something like the wireless SD cards paired to a smartphone app in your pocket to transmit images to the phone as quickly as is reasonable, removing images from the SD card as they are completed. Smartphones offer all the encryption options necessary.

Encryption doesn't really solve this

[JoeyRox]

If you're a photojournalist leaving a dangerous field assignment then there's a high likelihood you will be stopped and searched. If you hand over your camera and it comes up with a prompt for an encryption password then your camera and its media will be confiscated or destroyed in front of you. There go your photos.

As for protecting sources, why would you photograph them if you didn't intend to publish the photos anyway, which would still put them in danger?

Re:Encryption doesn't really solve this

[kobaz]

There go your photos... but then the powers that be can't prove you were taking pictures of the super-secret-government-coverup and hopefully would be less likely to send journalists to a dark hole.

Think about it... If you were searched by border patrol in a fscked up country and you were taking pictures of things that "no one is supposed to know about". What would you prefer: a smashed camera, or blatant evidence of actions which would definitely put your life in danger.

Re:Encryption doesn't really solve this

[davecb]

Journalists have been aware of this problem since glass-plate cameras: they look for ways to hide their images from passing police, and only have harmless ones to display. Once they get home, they can crop and mask out persons at risk and still show, for example, the violent breakup of a protest by the military.

Re:Encryption doesn't really solve this

[DigiShaman]

but then the powers that be can't prove you were taking pictures

Depends on the host nation. Many don't adhere to the presumption of innocence in law.

Re:Encryption doesn't really solve this

[pots]

If they destroy your camera rather than killing you, that's a win. As for protecting sources: sometimes you take pictures with the intention of publishing some of the picture, and redacting the rest. It's very common to blur peoples' faces.

Re:Encryption doesn't really solve this

[mridoni]

Think about it... If you were searched by border patrol in a fscked up country and you were taking pictures of things that "no one is supposed to know about". What would you prefer: a smashed camera, or blatant evidence of actions which would definitely put your life in danger.

There's no win-win scenario here, a lot would be riding on the actual situation on the ground, and on the stakes at risk. This is why having the possibility of encryption would be a good thing.

The reason why we're not having it even on high-end SLRs (after the Nikon encryption fiasco in 2011 and the half-assed attempts years ago by Canon to implement it, along with digital signature) is completely clear: while professionals and their endorsement help to sell a camera (and a brand), they're only a tiny fraction of the whole market. And while you can sell "hyper-blazing fast autofocus with a megazillion focus points" to anyone with a enough cash to spare, even if that US$ 4000 camera is used for kids birthdays and picnics, encryption is still going to be a feature that only a small percentage of users will ever use. Add to that the fact: 1) it is not so easy to handle encryption reliably when you have non technical (in the IT-sense) users 2) you will have to keep restrictions to a minimum because encryption should not get in the way of doing one's job 3) cameras are not really designed for easy and quick software updates when (not if) a vulnerability is discovered, and, well, you get the picture (sorry for the pun, I couldn't resist).

Re:Encryption doesn't really solve this

[burtosis]

What would you prefer: a smashed camera, or blatant evidence of actions which would definitely put your life in danger.

I'm assuming if you are a journalist with that task then you don't value your safety much in the first place. It's really surprising more don't just end up "missing". Anyhow the best bet in this case is to have a satellite link and dummy photos on your camera. Because I agree with you and xkcd on the security of encryption.

Re:Encryption doesn't really solve this

[Immerman]

Why would the camera ask for an encryption password? Store the public key used to encrypt the photos on the card, and then just completely ignore any encrypted photos when browsing, since it can't decrypt them anyway.

A professional photographer has no particular need to look at the photos they just took - they didn't even have the option in the film days. It may be convenient for many things, but it's a small convenience to sacrifice to ensure their sources remain safe. Once they get back home, then they can use their private key to decrypt the photos. If they don't even take the private key with them, then there's no way it can be compromised.

Re:Encryption doesn't really solve this

[Marxist+Hacker+42]

Agreed. What does solve it, is your camera connected by bluetooth to a satellite phone, which is connected to a cloud server. Once in the cloud the camera and its media can be destroyed (rather expensively, but that's part of the cost of doing business) and the pictures can be published all over the world.

Re:Encryption doesn't really solve this

[Marxist+Hacker+42]

Replace "encryption" with "automatic cloud upload" and you would not only have a selling point, but in places that have connectivity, you could produce an SLR that has only enough memory for 30 or so pictures- and that only temporary storage before they're uploaded.

Re:Encryption doesn't really solve this

[FrozenGeek]

OR you find yourself subjected to various forms of torture until you provide the decryption key. Followed by additional forms of torture because they're now POd that they had to work to get the decryption key.

Re:Encryption doesn't really solve this

[Joey+Vegetables]

If there is both cellular and VPN infrastructure available to you (I know, big "if" in many such places), you could upload frequently to servers you control, in a relatively free jursidiction; then, have a service or daemon encrypt there, then delete all unencrypted copies. That's what I'd try to do. One might even distribute parts of the public key to different individuals in relatively free jurisdictions so they can't rubber-hose it out of you, although that implies a commitment to truth above that to one's own life, which is a fairly high bar; yet, if one does not have such a commitment, one probably does not go to places where such commitment is required in the first place.

Re:Encryption doesn't really solve this

[RockDoctor]

286 comments and only one mention of this XKCD. Oh, Spashdot, where have your balls gone? Not because the XKCD is a startlingly or novel good description of the problem (Zimmerman's PGP release notes include it's essence) , but there just appears to be so much pathetically optimistic derangement in the hipster generations.

In the real world, on encountering a journalist-type (white, foreigner) with a memory device/ camera/ etc full of unreadable things ... you smash any phones and cameras and anything else that may hold a transmitter. Then you gut one of the locals helping the white foreigner and leave him screaming in the dust, "pour encourager les autres". This criminal will "die trying to escape". Then, you torture the other locals, who are also trying to escape when they die, until the white foreigner gives you the passwords. If you run out of local criminals and their families to torture in front of the untouchable privileged white foreigner, then you photograph him being infected with a disease by an underage criminal, pour whiskey down his neck until he can't walk, and send him driving back to the city on the rough road.

Do millennial children not know how politics works? Or do they rely on Hollywood?

Download needed

[Geoffrey.landis]

Interesting.

The workaround, for photographers, has to be that if the pictures are sensitive they need to download their pictures to their laptop (or other device) which is encrypted as soon as they leave the photography site.

... then take a lot of pictures of the floor, to overwrite the images on the camera's storage...

Magiclantern open-source firmware for Canon camera

[fennec]

It looks like it's possible using Magiclantern open-source firmware for Canon cameras: https://www.magiclantern.fm/fo...

Canon's fingerprint scanner

[maxwave]

https://www.digitaltrends.com/... Wonder if this is one of the reasons for this patent.

Re:Canon's fingerprint scanner

[kenh]

Biometric security can be "compromised" if you have the hand the fingerprint came from... We're talking repressive regimes here, they would happily put a pistol to your head and tell you to put your thumb on the fingerprint scanner.

Is this a surprise?

[SwashbucklingCowboy]

Sure, it'd be a useful feature for a small number of people, but the vast majority of users of high end cameras (and there aren't that many) wouldn't need it. And doing it this would either require a special encryption chip, increasing the cost for all users, or would be so terribly so that it would make the camera effectively unusable.

Re:Is this a surprise?

[Entrope]

This would not require a special encryption chip. Most high-end cameras are built with ASICs that are designed by the manufacturer. There is an extensive market of reusable logic cores, including ones that perform encryption and decryption, that can be integrated into an ASIC. Most modern encryption algorithms are designed to need very little in terms of hardware resources, so it should not significantly increase the size of the ASICs in question.

They exist

[hcs_$reboot]

still, they're called film cameras. Nobody can see the pictures before the film is processed, and good luck to find a shop that still processes films nowadays.

Re:They exist

[jfdavis668]

Good idea!

Real-time encryption of HD video is costly

it's just that simple.

Don't you hate it when...

[AndyKron]

If you're not doing anything wrong you shouldn't have anything to worry about. Don't you hate it when people say that?

Not just encryption

[Dwedit]

It's not just encryption that cameras need, they also need a cryptographic signature to indicate that the image it took is fresh from the camera and has not been edited since the photo was taken. (Obviously this can be defeated by photographing a photoshopped image, but still...)

Re:Not just encryption

[Anonymice]

Like...RAW? It's routinely used in forensic science & is legally admissible in court as evidence.

Re:You are a guest in another nation

[admin7087]

Talking about ignorants... Journalists weigh personal risks vs. getting the story out since the profession exists and you think it's all a super-easy choice and you always should just obey the authority.

Why must the camera be secure?

[kenh]

The lack of encryption means high-end camera makers are forcing their customers to choose between putting their sources at risk, or relying on encrypted, but less-capable devices, like iPhones.

Or, you know, pulling the memory card out of the camera and hiding it.

I've seen wifi SD cards for cameras, so it should be easy to have your high-end camera send it's pictures to your smart phone, tablet, etc. as soon as you take it, then the photojournalist can simply delete the local copy on the camera. when your camera is searched, no images are found, they are all on your secure, encrypted smartphone, and who knows, maybe the smartphone could sync with a cloud service to get the images out of the region moments after captured?

Re:You are a guest in another nation

[mark-t]

I've always wondered what would happen in such a regime if the password you give them doesn't work for them because it's biometrically keyed to work only for you?

And what would happen if further, the biometric protections utilize mechanisms that go so far as to examine your brain waves to evaluate your emotional state at the time you are attempting to unlock the device, and will not unlock, not even for you, while you are experiencing above average levels of stress or otherwise under any kind of duress to unlock it?

And of course, throwing you in a cage because you used such impenetrable encryption wouldn't change anything, and would in general only make it even *more* difficult for you to unlock the device for them.

SD Wifi adapter

[jfdavis668]

Have your camera connected to your smart phone via an SD Wifi adapter. Automatically transfer the photos and delete them on the camera as they are taken.

Re:SD Wifi adapter

[Immerman]

You'd still need to actually wipe the camera - deleting typically only mangles the filename. And without hardware support, reliably wiping requires completely filling the card with other images - and even that may not do it if the flash storage is over-provisioned so that it can maintain its capacity as flash cells begin to fail (I have no idea if that's common with SD cards, but it's standard procedure for SSDs)

Re:SD Wifi adapter

[ceoyoyo]

An SD card doesn't technically have to have any memory at all. For the paranoid, make one that's just a wifi transmitter.

picture in picture

[louden+obscure]

Would it take a rocket appliance to use steganography?

Re:You are a guest in another nation

[admin7087]

You're presenting a false dichotomy and are apparently completely ignorant of the profession. Journalists reporting from crisis & war zones, on violent crime and from regimes with undue process have always been taking risks, and they have always weighed them against the obligation to report the story. It's part of the job, but only a small number of journalists work in this field and are willing to take the risks. Despite all that, dozens of journalists are killed every year while doing their work, just so you can get their news in your comfy living room. You should to tone down your attitude and show respect where it's due.

Rubber hose cryptanalysis

[stevegee58]

Good luck when you're stopped by the police/military in some shit-hole country. Encrypted files? No problem, just beat them until they decrypt.

Re:Rubber hose cryptanalysis

[magarity]

Good luck when you're stopped by the police/military in some shit-hole country. Encrypted files? No problem, just beat them until they decrypt.

Don't you know its racist to call countries where the police beat would-be free press photographers "shit-holes"?

Re:Rubber hose cryptanalysis

[swillden]

Good luck when you're stopped by the police/military in some shit-hole country. Encrypted files? No problem, just beat them until they decrypt.

It's easy enough to use an asymmetric encryption algorithm, with the private key stored on a computer in another country. Won't save you the beating, but assuming they actually need proof to keep you in prison (a big, big "if" in the countries where you might feel like you need encryption, and in which the authorities are willing to use rubber hose cryptanalysis), they'll be unable to get it.

If necessary, you could even use jurisdictionally-diverse key splitting. The idea is to pick a handful of mutually-antagonistic countries who are unlikely to be willing to cooperate with one another to recover your key, then cryptographically split your private key (perhaps with an m-of-n technique to give yourself some redundancy) and store one piece in each of them.

Protecting your data from the authorities is totally feasible. Protecting yourself... maybe not so much.

Re:Rubber hose cryptanalysis

[blindseer]

I'm not sure how that helps. If you don't have the password but your spouse does then they'll just call the spouse and explain how they will torture and kill unless the password is handed over. What would your spouse do in that case? Allow you to be tortured? Hand over the password and hope they hold up their end of the deal?

This assumes they believe you that you do not in fact have the password. This assumes that they even care if they get the password, they might just beat you up for being in the wrong place at the wrong time.

Re:You are a guest in another nation

[kenh]

Wow, I'd think the better approach would be a fingerprint reader that can store two fingerprints - one that operates normally, allowing access to all the images on the device, a second finger that only allow access to a curated area of storage, with pictures of puppies, children, and sunsets. A more aggressive option would be a third-finger that wipes the contents of the card...

For example:

• scanning your pointer finger opens the curated photo collection
• scanning your ring finger opens the entire contents
• scanning your middle finger erases the device

such an arrangement would allow the photojournalist the option of providing access as the situation warranted, choosing to either protect their subject's privacy/security or save their bacon if they are afraid for their life.

Re:Why must the camera be secure?

[Anonymice]

Given the remoteness of most of these regions, and that RAWs can be upwards of 50MB each, I don't think a phone's data connection would cut it.

Syncing via WiFi to another device could be an option, depending on the scenario, but it's relatively battery intensive so it requires preparation & knowledge of exactly when you're going to shoot. Not so great for journalists travelling in remote regions, often off-the-grid, who need to be able to whip out their camera at a moment's notice.

Clueless photographers

[guruevi]

Canon offers a kit that includes an encrypted SD and flash drive. There are also a bunch of hackers around that do anything from running Arkanoid to implementing zlib on their dSLR camera. There are options, a bit of research and/or a knowledgeable it staff would help them more than bitching at the manufacturers.

Re:Why must the camera be secure?

[kenh]

I can easily imagine a program that detects a new photo on the SD card, transmits the message to the linked-to device (smartphone), then overwrites every sector the photo occupied with a random bit pattern before deleting the photo entry from the file directory on the device.

Sure, a curious regime could send the SD card out for data recovery, but the actual sectors the photo occupied would contain the random bit pattern - a brute-force search of the device would be fruitless.

Kickstarter

[iamacat]

You want a niche feature that would be detrimental or confusing to most users. An average photographer's nightmare is losing an amazing shot and encryption is likely to screw up any recovery attempts. Others would get in more trouble because of encryption than because of actual photos. Sounds like a good case for a Kickstarter project to make an Android-based camera where you can use a photo app that suits your specific needs. If there is mobile data, you would ideally upload shots to your studio and the securely erase them locally so that no evidence, including evidence of hiding evidence, is left.

Just use a cellphone to take important pictures

[torrija]

If cellphones already implement some sort of encryption and their camera quality is good enough, why not taking pictures with them?

Re:You are a guest in another nation

[Bing+Tsher+E]

When they enter into the arena of conflict and choose to 'show the truth' in a way that one side in the conflict opposes, they are entering into the conflict as a participant on one side and are no longer being a journalist. They can suck air in prison if they're caught.

Re:You are a guest in another nation

[Immerman]

It's not themselves they're trying to protect - if they wanted to stay safe then they wouldn't be in that line of work. They're trying to protect their sources and their evidence.

Re:Magiclantern open-source firmware for Canon cam

[Kernel+Kurtz]

First thing I thought when I read the article.

I have not tried the encryption functionality, but Magic Lantern rocks.

Re:You are a guest in another nation

[Immerman]

An easier option - use asymmetric encryption, and leave your private key at home. You can't give them what you don't have, even if they break you and you really wish you could. Of course, if they break you then you can probably just *tell* them most of what they want to know, but it at least ensures that you are the weakest link.

Re:No Standards

[PPH]

Cameras use SD Cards. "Secure Digital". The standard already exists, so all that camera manufacturers need to do is to implement the protocols for entering a password.

I don't get it

[Deadstick]

OK, so you're in a country where they're suspicious of photographers. A cop comes up and asks to see what's in your camera. Sure, you say, and let him download your files. Oh, I see they're encrypted, he says...well, thank you for your time. Right?

Re:I don't get it

[110010001000]

Exactly. This is why camera makers haven't bothered.

Re:I don't get it

[Zocalo]

The idea is that you load the public key that will be used to encrypt the images on the camera and you leave the private key back home. This is all fully documented by the camera manufacturer so that if the photographer gets challenged to decrypt the images it's easy to establish that they can't actually do that and there's no point in getting out the rubber hose. Ideally there would also be some options for having unencrypted images on the card and simply hiding the encrypted ones from the image review in the event of a more casual stop and search. If the police (or whoever) want to be a little more thorough, then yes, they can still detain the photographer, delete images/format cards, or destroy cameras/cards, but all that is going to based on no actual evidence and they'll eventually be called on it by the media organizations. Whether they care about that or not is another matter entirely.

Of course, the prudent photographer working in a situation where detention or worse might be a possibility would also provide a copy of the private key to a trusted agent (lawyer, employer, etc.) so that if things really did turn ugly the key could still be provided. That could then be backed up with some specific circumstances upon which to disclose the private key appropriate to the types of images being sought, the country of detention, and the overall severity of the situation.

Re:I don't get it

[Brett+Buck]

Wrong. They will ask for you to decrypt them, and when you don't, you go to jail.

Re:I don't get it

[jrumney]

Rather than simply encrypting them, they should hide them by steganography inside random pictures of cats.

Re:I don't get it

[fido_dogstoyevsky]

The idea is that you load the public key that will be used to encrypt the images on the camera and you leave the private key back home. This is all fully documented by the camera manufacturer so that if the photographer gets challenged to decrypt the images it's easy to establish that they can't actually do that and there's no point in getting out the rubber hose...

Apart from making an example.

Re:I don't get it

[fafaforza]

And how many of these edge cases and capricious scenarios should Nikon, Sony and Canon support?

Re:I don't get it

[Zocalo]

In some regimes certainly, but in that case they'll have done that anyway - and in all liklihood more severely - if they were able to retrieve unencrypted images of something they took exception to. The aim here isn't to remove all the risk from the profession, it's to reduce it to the point that journalists have at least a fighting chance of using plausible deniability and the implicit threat that the regime's practices will be exposed on the world's stage to enable them to do their jobs with the minimal risk of harm possible. They'll still need to manage their situation and have good OpSec/PerSec, especially if they do have some photographic evidence that a regime would want suppressed, but even so being roughed up and eventually release for lack of actual evidence is still going to preferable to the alternative if it comes to it.

Re:You are a guest in another nation

[admin7087]

Wow... just wow. In every conflict on earth you have a side that opposes covering aspects of the conflict at one time or another. According to your bizarre logic journalists could never get any footage from any war zone anywhere without 'taking sides' and 'no longer being journalists'. The world does not work the way you think it does.

By the way, in many cases war correspondents who miscalculate their risks can be happy if they end up in prison. Often they are killed. But I guess the beheading of James Foley by ISIS was just alright from your point of view, because he was 'taking side'. Retard.

Re:You are a guest in another nation

[SvnLyrBrto]

> I've always wondered what would happen in such a
> regime if the password you give them doesn't work
> for them because it's biometrically keyed to work
> only for you?

Similar issue: A company I used to work for always but ALWAYS required travel with loaner laptops only. (Didn't matter if it was just to LA, or all the way to China. And, by his own decree, the policy included everyone up to and including the CEO.). All of the important data was on an encrypted partition, with just the basic OS unencrypted. Tricky bit was: we used a split-key system where the traveling employee had to:

1) Plug in his USB key, input the PIN on the USB, and its password on the computer to unlock his half of the key.
then
2) Connect to the company VPN, from which he would fetch the other half of the key, which was only stored in RAM and never swapped to disk.

Only with both parts of the key could the encrypted partition be accessed. And we always suspended VPN access while the employee was en route; making it literally *impossible* for him/her to give up the secured data, even to "rubber hose decryption". If some airport security goon got the notion in his little head that he wanted to see the contents of the laptop, he could go tell it to a real LEO, who could tell it to a judge, who could issue a subpoena or warrant, which our lawyers could fight. The ASG itself could go get bent. That data was OURS, not the employee's, and certainly not the airport's.

It was an issue only once while I worked there. An employee was returning from Singapore & vicinity; and some ASG wanted to see the contents of his laptop. After explaining the situation that the data was privileged and protected to them, our guy actually called up InfoSec, put him on speaker with the airport goon, and reportedly grinned ludicrously as InfoSec told the ASG not just that we wouldn't be unlocking the laptop, but also exactly what we thought of him, his kind, his agency, his "mission", his manhood and the lack thereof, his family and it's canine/porcine pedigree, and so on (Said InfoSec guy had been an army drill instructor in his past. So he had the talent. And I understand that the looks on the faces of the other overhearing travelers was fairly priceless.); with an admonition to not-so-kindly go fuck himself sideways with some rusty farm implements and to call legal if he had a problem and could somehow conjure up the mental wherewithal to operate a telephone himself. The laptop did stay at the airport; but not for long. Legal wrote a nastygram, in blood, on asbestos paper, and delivered by a black raven. And I think it only took about a month or so to get it back.

Re:Good business plan, could be worth billions of

[110010001000]

Good idea. You could call this attachment a "smartphone" or a "laptop". It could have a bunch of other software that could run on it too. Genius!

The moral duality of technology

[RogueWarrior65]

Every human endeavor can be used for both good and evil. In this case, those who are arguing for protection against a government agency looking at the contents of the cameras are ignoring the fact that the cameras can be used for illegal purposes.

Re:The moral duality of technology

[JesseMcDonald]

There is no duality here, because there is no circumstance where the mere capture or possession of a photograph or video should ever be considered a crime.

Re:The moral duality of technology

[RogueWarrior65]

Really? Then you have no problem with some dirtbag taking locker room photos of your daughter. Brilliant.

Re:The moral duality of technology

[JesseMcDonald]

One can "have a problem with" something without it being a crime; there is an entire continuum of ethics spanning the range between "acceptable behavior" and "should be considered illegal". However, it is pointless to object to someone merely taking a photo of something they can already see. By itself, stored inertly in the camera's memory, the photograph is no more harmful than their own memory of the scene. If you have a problem with someone taking photographs, don't grant them access in the first place.

In this case it is safe to assume that the offender is violating the terms of their permission to access that space, and thus trespassing. Why focus on photographs when the real problem their presence?

Re:The moral duality of technology

[RogueWarrior65]

Because of the rules of physical evidence. You can't convict the dirtbag without it. Encrypting the camera makes the discovery of the physical evidence impossible.
But you continue to ignore the fact that technology can always be used for both good and evil. You can't prevent evil actions from being done by humans who are using technology. You can, however, make the pursuit of justice easier by not encrypting the camera. That said, society has decided that certain types of content are illegal and some are not. Justice itself can be used for evil if legal content is mis-characterized as something that should be considered by the public as illegal even though it's not.

Re:OTOH Encryption could make your become detained

[Teun]

Absolutely.
Until all devices are encrypted.

Re:Sneaky

[Teun]

In 2000 and at the end of their 25th. independence celebrations I took some pics of the Angolan government plane being boarded by some VIP's.
Within seconds security confiscated my camera.
A good hour later they came back explaining they could not get the film out, indeed they had never seen a digital camera :). (Olympus C-900 Zoom)

So I showed them the photo's and deleted the ones' they objected to.
Little did they know or understand I had already taken more pictures on a different card.
A couple of hours later when back in South Africa I undeleted the photo's from the affected card.

I'm afraid these days such won't work any more...

WTF?

[ka9dgx]

WTF? If some authority can't browse the photos in your devices, they will simply seize the devices. Encryption isn't going to help you there.

Adding a digital signature, created by the camera before compression, etc.. to an image, would be a much better value add. This could help assure that images aren't tampered with after they are taken. Heck, my name is even on one of those patents, though I wouldn't get any $ from it.

Re:You are a guest in another nation

[Actually,+I+do+RTFA]

Leaving aside the legal costs, and the costs of the loaner laptops, that solution sounds pretty expensive. But very effective.

What they don't know...

[pikine]

There is still the principle that what they don't know can't be used against you. Sure, you might be found guilty of something and punished for being uncooperative, but usually the scope of their suspicion is limited by what they already know, so why fuel their imagination by giving them something to actually prosecute you and then maybe push their suspicion a few more steps further?

Maybe taking the picture of a few poor orphans might put you in trouble, but they might find the pictures you took at a nuclear power conference elsewhere an even more interesting target.

Re:Magiclantern open-source firmware for Canon cam

[swillden]

It looks like it's possible using Magiclantern open-source firmware for Canon cameras: https://www.magiclantern.fm/fo...

Interesting. But it should be pointed out that the implementation is very badly done from a security perspective. I only spent a few minutes looking at it and found several showstoppers in both design and implementation. Among them:

1. The basic file encryption algorithm is a stream cipher construction using a simple LFSR as the stream generator. This is almost certainly trivial to break; standard LFSRs are in no way designed for cryptographic security. I suspect the LFSR was used for performance, and I'm sure it does in fact perform much better than, say, AES in CTR mode (where AES is used to generate a bitstream XORed with the plaintext in the same way the LFSR output is). While no good stream cipher is likely to match the LFSR performance, there are several that would provide moderate performance and high security, such as ChaCha20 -- or perhaps even a reduced-round variant like ChaCha12 or even Salsa20/12.

Note that someone has contributed an XTEA implementation which is much better, security-wise, than the LFSR but actually slower than AES. If you're going to do that, just use AES.

2. Even if the LFSR-based encryption algorithm were good, it uses 64-bit keys, which is just too small. Oddly enough, when you use the provided RSA mode for asymmetric write-only encryption (decryption can only be done on your PC), the author seems to recommend a 4096-bit RSA key size, which is roughly equivalent to a ~160-bit symmetric encryption key, and which is quite slow. It makes no sense to use such a huge, slow RSA key to protect small symmetric keys.

3. Password hashing uses the same LFSR plus some shifting and masking. Almost certainly insecure, and there's really no reason at all not to use a good password hashing algorithm like Argon2, or at least scrypt.

4. In asymmetric mode, the code appears to use random padding for RSA operations. There are really good reasons for the PKCS#1 v1.5 and RSA-OAEP padding modes that are normally used. It's possible that a very careful analysis of this implementation may show that under certain operational assumptions random padding is okay... but I seriously doubt that any such careful analysis has been done. I would never bother doing anything of the sort and would simply use OAEP. (Or, better yet, avoid RSA and instead use an elliptic curve algorithm -- less tricky to use correctly, faster, smaller keys and even the provides possibility to derive keys from passwords. There's really no reason to use RSA for anything anymore unless you have to interoperate with legacy infrastructure that already uses it.)

5. RSA key generation is done on-device, with the private key written to the SD card, then later deleted. You can't actually delete things from SD cards, not with any confidence. Much better to do keygen off device so only the public key ever exists on the SD.

6. A glance at the RSA key generation code throws up a number of red flags. I suspect the key generation is buggy.

7. I didn't find the random number generator, but given all of the above, I'd be shocked to find that it's actually good. A bad RNG can easily destroy the security of the best cryptographic design.

When I get some time (ha!) I'm going to see if I can get ML running on my 70D and hack together a better version, using Curve25519 ECDH and ChaCha20 with 128-bit keys, with asymmetric keygen done off-device, and a decent PRNG plus the best seeding mechanism available. To make it more usable, I'll see if I can keep the last few dozen per-file keys in RAM, which will allow the photographer to look at the images on the camera, until the camera is turned off. More paranoid users should be able to disable the retention of keys in RAM.

Sounds like a fun project. One which I may or may not get to before 2025 or so...

NFW!!!

[rally2xs]

How about this: I'm not spending one red cent on any hunk of metal and glass where I have to screw around with encryption / decryption in order to use it. Screw that. The camera I have now, a Nikon D4s, will last me the rest of my life since I'm 70, and any further camera is really going to have to rock in order to beat it and lure me into spending another $6K - $10K for a subsequent camera. It is guaranteed that if I have to F around with crypto, I will not buy it.

Re:Why must the camera be secure?

[fafaforza]

obviously you don't use data. You use Wifi in most cases where you download straight to a phone.

one time pad

[bugs2squash]

Fill the SD card with random numbers and xor the photo data on top of it. Keep a little space aside for keeping track of the directory content.

Use native WiFi on camera?

[buchanmilne]

Most modern DSLRs (e.g. Canon EOS 5D IV, Canon EOS 6D II, Canon EOS 80D) have built-in WiFi now, and you can trivially send all photos from the camera to a smart phone (ideally one with support for removable micro-SD cards) where you could have encrypted storage set up. I have done this on many occasions (e.g. post a photo from my 80D to the internet while at an event).

(I am not as familiar with Nikon models, but I am sure they have some models with built-in WiFi).

Sure, it may be slightly more fiddly than being able to write directly to encrypted SD (or CF) cards on-camera, but much easier to set up as plausibly-denaible.

Of course, if your camera doesn't have WiFi support, you can do the same thing with a bit more fiddling by using a cable (or the "camera connectivity kit" if you use a phone from a vendor who artificially limits the capabilities of their products in order to extract more money from their customers), but then it may be more obvious to nefarious people what you have done with the photos you took.

Re:You are a guest in another nation

[SvnLyrBrto]

It wasn't so bad as you might think. Our lawyers were mostly full-time on-staff. While we brought in dedicated specialists from law firms when needed; for routine matters like griefing ASGs, our salaried guys could generally keep the requite steady stream of bile flowing as part of their 9-5. Also, due to the nature of the business, a number of said lawyers in addition to many of our execs, had contacts in the federal government and knew exactly who to go over-their-heads to, so as to expedite the shit rolling downhill to the ASGs. (Our CEO had had a very bad experience with the TSA not long after it got started... circa 2003 or so... which left him with something of a burning hatred of the agency. So various surliness, circumvention, uncooperativeness, and outright hostility towards it, and the various TLS spinoffs comprising the rest of the ASGs, while not mandatory, was actively encouraged.). Finally, the laptops themselves were insured.

And at the end of the day, the laptop is nowhere near as valuable as the data; and not just for our own sake. For a decent number of our customers, including the part of the federal government we directly dealt with, we were contractually obligated to protect said data. And releasing it to some ASG yahoo was NOT part of those contracts (Not even with the feds.). And the penalties for leaking it would have been well in excess of the cost of eating a laptop, assuming we never got it back and insurance never paid out.

Pain in the ass for everyone else

[TJHook3r]

When we get some sort of failure and all the files are encrypted, those files need to be as retrievable as they would normally be. I would be surprised if more than 20 people in the whole world are worried about security though. If they are, just take the card out and swallow it before you reach customs!

Re: Magiclantern open-source firmware for Canon ca

[fennec]

In another thread someone contributed a chacha20 patch. But the main problem is that since there is no hardware support any strong implementation is very slow. I think the idea is to try to obfuscate hidden pictures is the supposed noise of deleted files.

Alternative Solutions Exist

[ZifraTech]

No, the major camera manufactures will not implement the needed encryption in their cameras, but there are other ways to handle this without them. For instance, we at Zifra Tech are currently developing special memory cards that can perform the encryption directly in the camera (while still allowing the user to look at the images until turning off the camera). For more info, check out our webpage https://zifra.tech/ [zifra.tech] Cheers, Robin

Re:Why must the camera be secure?

[Anonymice]

Re-read OP

...and who knows, maybe the smartphone could sync with a cloud service to get the images out of the region moments after captured?

This argument is stupid

[nehumanuscrede]

if you are taking photos in an area where " the situation is dire " enough that you need encryption for your photos, then you are also in an area where they will beat the shit out of you until you give up your passcode / keys to unlock them. Or they will just take your camera and no one will ever see you or your compromising photos ever again. Encrypted or not.

Very few will buy the " Reporters Special Edition " camera for this feature because it will slow the camera down. A camera with encryption in it limits where it can be sold and would only appeal to a very tiny niche market. I don't see camera vendors getting too excited about this.

Raw files in modern cameras are already touching 100MB in size ( Nikon D850 ) depending on the sensors resolution. Encrypting that would take time which would probably kill one of the selling points of many cameras: framerate.

A flagship Nikon D5 raw file sizes are only ~40MB in size due to lower resolution sensor, but it can take 12 images per second, so your encryption would need to keep up with 480MB / sec if you want things encrypted before landing on the card.

I suppose you could do so after the images arrive on the card but it would eat up processor cycles doing so ( slowing the camera ) unless you add a custom chip to offload it to.

Then comes the whole making software work with your encryption scheme. Is bad enough we have different flavors of raw files from different vendors, now you want to add encryption into the mix ? Good Luck.

Nope. Nope. Nope.

Canon has a kit, only compatible with few cameras

[lucaq]

http://web.canon.jp/imaging/osk/osk-e3/index.html

OSK-E3

"Note: Currently only compatible with EOS-1Ds Mark III, EOS-1D Mark III"

Re:You are a guest in another nation

[Actually,+I+do+RTFA]

For a mid-to-large company, that's fine. A small company won't even have one lawyer on-staff to start the vitriol. And, as an individual, it's hard for me to imagine anywhere near as complete a system.

As I said, a great system. I wonder if there's some way to supply it as a service to the general population.

Re:You are a guest in another nation

[Bing+Tsher+E]

Thank goodness you've diagnosed the problem. All those years in fucking medical school have paid off.

Re:You are a guest in another nation

[Bing+Tsher+E]

Journalists from all sides in most conflicts have access. Usually under the escort of one side or the other. During World War II there were journalists reporting most everything as it happened, to the degree that the public needed to know. Credible professional journalists who work within the system to report the facts.

And then there are people who fancy themselves as being journalists who engage as renegades and pretend they don't need to take sides.

It's impossible not to take sides, and you're defrauding yourself, and whomever else you're reporting your 'journalism' to if you pretend you haven't taken sides.