[Cryptography] Photojournalists & filmmakers want cameras to be encrypted

Jack N. j.a.w.n at tutanota.com
Fri Dec 16 17:45:07 EST 2016


16. Dec 2016 01:09 by mitch at niftyegg.com:
> There are two issues... 
>   -) tampering.>   -) encryption.
>
> -- 
>   T o m    M i t c h e l l




Tom, I think your two issues are right but I also think you covered several different user requirements.

The warzone journalist has a different threat model then the political activist and even journalists working within their own countries would have more protections (ideally) then one working in countries with less freedom of press and human rights.

FDE on a camera will not solve all user scenarios/threat models although it may help alleviate some of them. Tamper proofing and authentication is something that should be built into all cameras and come as standard no? It does not harm a user who does not know about or want the feature, and offers those users who may end up needing to prove the authenticity of a photo later (an innocent bystander happened to take a photo of a crime etc) will have a much easier time doing that. 

Default FDE can help those who need it but it makes them possible suspects even if innocent, and those who need and use the default FDE will just be easier found and their equipment seized or taken etc etc..
 

> From the bad guy point of view a camera with flash media will simply have the media > pulled, destroyed or tossed if not the whole camera.  So getting the media out of the action zone is possibly more critical than encryption.
> A tablet application could add encryption.  Phones and tablets could move content to a cloud as bandwidth permits.  Phones with +100GB of microSD are common.   
>

I think a modular solution like this would be better for certain journalists and activists working over seas or in very hostile countries. A small laptop with a pgp public key encrypt the files and then storing them for later transmission back to the publishers servers. A SecureDrop style isolated offline machine that stores the private key for the extra paranoid, and Tor might be helpful when normal internet channels are blocked.

I think better still a raspberry pi might be helpful here, its pretty  you'll probably already have a battery pack power supply, large external hdd, sd card reader. 
Simply pop in the sd card from your camera, pi encrypts with public key onto external media storage and waits till an internet connection ( either from sat phone/cellular phone/mesh network/wifi back in the hotel) to upload to secured servers.

For tens of bucks and the gear a photographer usually always has carry with them then can have a stop-gap solution with slightly more functionality until device manufacturers actually do something that would cover ever user case. 
But as usual any solution to a security issue comes with pros and cons and their is no one best answer.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20161216/a781b622/attachment.html>


More information about the cryptography mailing list