No, Encryption Will Not Protect Digital Cameras, or Photographers
Techdirt brings us the news that the Freedom of the Press Foundation wants camera makers to build encryption into their products.
Encryption has become one of the key issues in the digital world today, as the many posts here on Techdirt attest. And not just in the tech world, but far beyond, too, as governments grapple with the spread of devices and information that cannot easily be accessed just because they demand it. Techdirt readers probably take crypto for granted, as an increasing proportion of Web connections use HTTPS, mobile phones generally offer encryption options, and hugely-popular mainstream programs like WhatsApp deploy end-to-end encryption. But a recently-published open letter points out that there is one domain where this kind of protectively-scrambled data is almost unknown: photography. The letter, signed by over 150 filmmakers and photojournalists, calls on the camera manufacturers Canon, Fuji, Nikon, Olympus and Sony to build encryption features into their still photo and video camera products as a matter of course. Here’s why the signatories feel it’s necessary:
Without encryption capabilities, photographs and footage that we take can be examined and searched by the police, military, and border agents in countries where we operate and travel, and the consequences can be dire.
We work in some of the most dangerous parts of the world, often attempting to uncover wrongdoing in the interests of justice. On countless occasions, filmmakers and photojournalists have seen their footage seized by authoritarian governments or criminals all over the world. Because the contents of their cameras are not and cannot be encrypted, there is no way to protect any of the footage once it has been taken. This puts ourselves, our sources, and our work at risk.
As a user of digital cameras; I hope this never comes to pass; it will cause more problems than it solves.
For one thing, encrypting a camera will not protect the data, or the camera’s owner. The FPF is mistaken on that point.
Encryption will only restrict access to the data, and only so long as no one is interested enough to hack the DRM. As anyone who has followed encryption news can tell you, there are hundreds if not thousands of hackers who see defeating encryption as a professional challenge.
All it takes is one to break the encryption and share their work with the world, and then there is no restriction on accessing the data.
And the reason I stress accessing the data versus protecting it is because encryption will in no way protect the data.
Encryption only impacts access; it does not protect against physical destruction. One can still take an encrypted camera and simply destroy it with a few swings of a hammer. Or one could destroy the storage media using nothing more than the contents of the average toolbox.
In a way that would simply be a return to the old days when one exposed a camera’s film in order to destroy the data. (How young the FPF members must be, to not the similarity?)
Sure, the bad actor would like to see the data before destroying it, but in many situations they just want to make sure that the no one has the data.
And when it comes to destroying data, one need not even physically destroy the object to achieve the goal. One could pull that off by using the encryption against itself, by triggering the security features to wipe the camera.
What if the data is protected by an access code, and the camera is set to wipe the data if the wrong code is entered?
That is how security works on the iPhone works, and if all you want is to make the data disappear then it is a great way to delete the data without damaging the hardware.
But never mind using the security features to defeat itself; there are simpler methods to gain access. Encryption also does not protect against the classic access method, as detailed by xkcd:
Should a bad actor encounter an encrypted camera, they could just beat the access code out of the camera’s owner.
So really, encryption provides no more protection that what already exists.
It wouldn’t even provide a fig leaf of protection, and comes at the cost of potentially harming users who never wanted or needed encryption.
All it would take is one bug, or an update gone wrong, and suddenly a user – who had never even turned on the encryption – will lose access to their data.
Given that the net benefit of adding encryption to cameras is nil, is it really worth the potential downside?
image by peace6x