<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
A major professional association, the National Press Photographers
Association (NPPA), among others, is joining or covering favorably
the Freedom of the Press Foundation statement.
<a class="moz-txt-link-freetext" href="https://nppa.org/news/journalists-documentary-filmmakers-call-encryption-cameras">https://nppa.org/news/journalists-documentary-filmmakers-call-encryption-cameras</a><br>
<br>
pros: footage verifiability/authentication. protects sensitive
content from being detected. may protect actual journos at cost of
equipment/funds<br>
<br>
cons: depends on good implementation. processing issues. cameras
likely to be confiscated or destroyed more frequently but may
protect actual photog although some may be tortured for passcode. <br>
<br>
Verifiability would be of interest to activists and in particular
groups like <a class="moz-txt-link-freetext" href="https://witness.org/">https://witness.org/</a> . It might also be helpful to legal
documenters like: <a class="moz-txt-link-freetext" href="https://www.nlg.org/lo-trainings/">https://www.nlg.org/lo-trainings/</a> .<br>
<br>
<br>
On 16/Dec/2016 11:00, <a class="moz-txt-link-abbreviated" href="mailto:cryptography-request@metzdowd.com">cryptography-request@metzdowd.com</a> wrote:<br>
<pre wrap="">Photojournalists call on camera makers to build-in encryption
</pre>
<pre wrap="">Actually very few want it. In fact so many find it outright offensive that they have consistently refused to buy cameras with that feature.
Don't believe me?
There is a reason it is called Secure Digital cards, more popularly known as SD cards. In order to support SD cards, the device has to support encrypted cards. This feature has literally been there for 17 years.
</pre>
<pre wrap="">The basic security features for SD cards were a write-lock notch, reversible and irreversible "go into read only mode" commands, and password protection. In fact many implementations ignore the write lock (sometimes the hardware does; sometimes the hardware relies on the driver for enforcement and the driver then ignores the setting) and I've never seen an implementation of an on-card password: I'm sure it's been done, but given the general unavailability of devices that could read the resulting cards, there's little reason to create devices to write them.
Encryption was not part of the original specs - it would likely have been too expensive at the time (1999 for the original specs). I believe the "Secure" in "Secure Digital" was mainly aimed at DRM: There were (and are) specs for how to limit access to DRM'ed data on SD cards. (This use of the word "secure" is common in the industry - a way for the manufacturers to keep the RIAA and similar organizations off their backs. "Yes, we support DRM in our standard so you can keep your precious music bytes safe. No one implements it? Don't look at us - we just produce specs.")
Not that that has seen much take-up either.
</pre>
<blockquote type="cite" style="color: #000000;">
<pre wrap="">The feature is so negatively desired that manufacturers have hide that the camera is even capable of it.
</pre>
</blockquote>
<pre wrap="">There would certainly be a negative pushback on an attempt to use DRM to control what you can write to an SD card or how you can use the data you put on it. If this mechanism was ever used in a fielded product, it didn't last long.
I don't see how you can say that buyers have rejected the notion of secure protection of SD cards because manufacturers pretty much haven't even bothered to provide them, so buyers have never been in a position to decide. About all you can say is that buyers have certainly not called for such a thing.
Note that the story is similar for disk drives: For a while there, drive makers provided "secure drives", sometimes with just password protection in the firmware, somewhere with "military-grade" encryption. All of the widely marketed ones were so weak there was no point in using them. In theory, encryption in the drive itself (or in the card or USB stick) itself would be a great way to protect data. In practice, the implementations are <b class="moz-txt-star"><span class="moz-txt-tag">*</span>generally<span class="moz-txt-tag">*</span></b> very poor (there are a few exceptions, e.g., Ironkey for secure USB drives), and even if they were of good quality, someone would have to provide appropriate support in a variety of OS's, which hasn't been done.
-- Jerry</pre>
<br>
</body>
</html>