[Cryptography] Photojournalists & filmmakers want cameras to be encrypted

Jerry Leichter leichter at lrw.com
Fri Dec 16 16:50:07 EST 2016


   
>> Photojournalists call on camera makers to build-in encryption
> 
> Actually very few want it. In fact so many find it outright offensive that they have consistently refused to buy cameras with that feature. 
> 
> Don't believe me?
> 
> There is a reason it is called Secure Digital cards, more popularly known as SD cards. In order to support SD cards, the device has to support encrypted cards. This feature has literally been there for 17 years.
The basic security features for SD cards were a write-lock notch, reversible and irreversible "go into read only mode" commands, and password protection.  In fact many implementations ignore the write lock (sometimes the hardware does; sometimes the hardware relies on the driver for enforcement and the driver then ignores the setting) and I've never seen an implementation of an on-card password:  I'm sure it's been done, but given the general unavailability of devices that could read the resulting cards, there's little reason to create devices to write them.

Encryption was not part of the original specs - it would likely have been too expensive at the time (1999 for the original specs).  I believe the "Secure" in "Secure Digital" was mainly aimed at DRM:  There were (and are) specs for how to limit access to DRM'ed data on SD cards.  (This use of the word "secure" is common in the industry - a way for the manufacturers to keep the RIAA and similar organizations off their backs.  "Yes, we support DRM in our standard so you can keep your precious music bytes safe.  No one implements it?  Don't look at us - we just produce specs.")

Not that that has seen much take-up either.

> The feature is so negatively desired that manufacturers have hide that the camera is even capable of it.
There would certainly be a negative pushback on an attempt to use DRM to control what you can write to an SD card or how you can use the data you put on it.  If this mechanism was ever used in a fielded product, it didn't last long.

I don't see how you can say that buyers have rejected the notion of secure protection of SD cards because manufacturers pretty much haven't even bothered to provide them, so buyers have never been in a position to decide.  About all you can say is that buyers have certainly not called for such a thing.

Note that the story is similar for disk drives:  For a while there, drive makers provided "secure drives", sometimes with just password protection in the firmware, somewhere with "military-grade" encryption.  All of the widely marketed ones were so weak there was no point in using them.  In theory, encryption in the drive itself (or in the card or USB stick) itself would be a great way to protect data. In practice, the implementations are *generally* very poor (there are a few exceptions, e.g., Ironkey for secure USB drives), and even if they were of good quality, someone would have to provide appropriate support in a variety of OS's, which hasn't been done.
                                                        -- Jerry



More information about the cryptography mailing list