Jump to content

Is there a need for recording to encrypted storage media?


DanieldH

Recommended Posts

I am not sure in what forum on this board this issue belongs best or will develop, so I post it in general discussion, but it may be free to be moved to workflow or whatever else. Also, I hope this will not derail into a political conversation about Snowden or US administrations but stay on a technical perspective.

 

Before Laura Poitras won her oscar for "citizen four", she held a talk at the 31c3 conference in witch she called for encrypted storage cameras as an important tool for investigative journalists, since video footage can be seized and crews be held accountable for by whatever government. https://media.ccc.de/browse/congress/2014/31c3_-_6154_-_en_-_saal_1_-_201412272300_-_crypto_tales_from_the_trenches_-_nadia_heninger_-_julia_angwin_-_laura_poitras_-_jack_gillum.html#video

(I'll post the exact position of the relevant claim as soon as I find time to review it) The referenced part is at minute 33:50

 

If this is true for cameras, it is just as true for sound recordings, maybe even more. However, just as in video cameras, non of the usual suspects (I am aware of) SD, Zaxcom, Aaton, Aeta, Tascam, etc provide such a feature. If you have a job, requireing this feature, you could realize this with some direct to computer setup (with all its caveats regarding mobility and ruggedness).

 

Apart from governments or powerful organizations, there are other threads. Just imagine, your Nomad/788t/whatever gets stolen (or copied by some janitor after work) and the content of the upcoming episodes of the TV show you're working on appears in some torrent, spoiled on reddit... you get my idea.

 

For the latter thread, whatever proprietary encryption, like Zaxcom uses on its wireless might be sufficient. For any potential thread involving government or big organization interests, you would probably want a public peer reviewed implementation of the code and hardware. However, even if our usual suspects implement such features, they'll probably never provide open source code for their firmwares (or the relevant parts).

 

 

In the past, I've been working on a foreign feature film, that included crossing various borders and dealt with some national cultural taboos most political parties there including the government of that time "dislikes". Encryption whould have (at least) made me feel more comfortable, but resources did not allow it.

 

Now, my question is:

 

Do you ever had the need or the wish for encrypted storage?

 

Whould you like the usual suspects to implement such a feature?

 

If your answer to the latter is "yes", whould you say that even some proprietary encryption is better to have than no encryption?

Link to comment
Share on other sites

More complications to an already complicated machine...  Cost.... dependability... 

but who knows, I don't build these machines... I would think it is a hardware and a storage media situation....

 I am also not too sure that such media once encrypted would really stop anyone intent on getting at the data.... Unless they took YOU as well as the machine and data...  That's not good...

 

I personally in my years doing this have never needed such a function. Others who knows, but I would bet the market would be very small..

Link to comment
Share on other sites

It'd be a feature, that

- could easily be turned on or off in the firmware menu

- would consume more battery power. How much depends on hardware implementation of supporting processors/chipsets.

- would require some sort of keyfile, e.g. some microSD, a bluetooth device, etc.

- Whatever system provides the keyfile could also provide allocation information of encrypted content within a plausible deniability concept

 

Edit: Syntax correction

Link to comment
Share on other sites

An interesting idea... I wonder if it were necessary would it be easier to accomplish after the fact as there are already many ways to encrypt drives and folders after the recording process? Adding any processes other than recording (i.e. file storage) to my workflow worries me. At the end of the day my main concern is the quality of the audio and the least steps to get the best audio is my goal. (if only it were so easy)

Link to comment
Share on other sites

@CraigF

In what way do you see a problem of a delay in writing to disk? This would maybe add a few ms, maybe even some hundert, but does not affect the way timecode data is aligned to audio data.

 

Yes there is a higher risk in loosing data, less due to data coruption but even more due to physically loosing your keyfile/device. Yes encryption does add a further level of complexity that makes data recovery more difficult. But who would not favour an SSD over a HDD, even though data recovery from SSDs is less likely to be successful?

 

@crisnewton MRWsound

Thank you for the flowers, though it was not my idea and it's probably not a new one. It was Laura Poitras claim regarding cameras so the question for soundpeople is somehow obvious (but so far academic).

 

I'd imagine very few of us had ever the necessity of such a feature and therefore it will not soon or ever be a selling point for manufacurers. However I can very well imagine that such a feature could literally save lives on delicate productions or even "simple" production secrets on a dayly basis.

Link to comment
Share on other sites

I don't think this would be introduced to records anytime in the near future, additionally for encryption which is hard to break you often need a very long password- imagine how annoying that could get to enter on a SD633 with the joystick... 

 

One of the big things revealed by Snowden was how many companies the government had access to and could pressure into handing over encryption keys. These were companies like Yahoo, Microsoft, and Google- and they couldn't resist the government. I don't think SD or Zaxcom would stand a chance keeping any proprietary security features a secret. 

 

If you want to encrypt your files though you could bring along a small laptop, transfer the media to that and then use what ever encryption software you like. Then make sure to burn the media card you used...even after a couple reformats I can recover old files using data recovery software.

 

 

Link to comment
Share on other sites

IBH,

I agree with most of your perspective or approach, though I think such a feature can more easily be implemented technically than will be by the usual players due to the rules of the market game and its necessity of keeping firmware development a company secret.

 

If you want to encrypt your files though you could bring along a small laptop, transfer the media to that and then use what ever encryption software you like. Then make sure to burn the media card you used...even after a couple reformats I can recover old files using data recovery software.

 

This is very true and the current way to go for a delicate production (, apart from recording directly to an encrypting laptop.) But it does include more stuff to carry (eventually through borders any on planes), leaves a possibly dangerous timeframe in witch the data is unencrypted and requires time to copy, veryfy and overwrite the data (including more steps of failure in a possibly tense situation). Encrypting recorders for video and audio are definately more desireable.

 

you often need a very long password- imagine how annoying that could get to enter on a SD633 with the joystick...

you do need long passwords, sometimes called passphrases. However these have been implemented for quite a while in keyfiles or keydevices. Basically they are the stored passwords. As with any other key, you would not want to carry/keep, let's say a microSD card serving as such, beside your encrypted media (be it internal or external to your recorder). However you might want to have the same (or a second) key stored in your head, just in case you loose your microSD. This way, you only need your mSD inside, when you boot up your recorder, there is no need to enter a password manually(, unless you loose your mSD). I have used such systems on various computers for years.

I don't think this would be introduced to records anytime in the near future

I do not either, at least not from our usual suspects. Not because it is in technical terms very difficult to implement (although there are issues like a limited selection of processor platforms implementing hardware support for encryption) but rather the fact that Zaxcom or SD do not provide open source firmwares so that the user to whom this feature is critical can veryfy if an trusted up to date version of, e.g. LUKS/dm-crypt has been implemented correctly.

One of the big things revealed by Snowden was how many companies the government had access to and could pressure into handing over encryption keys. These were companies like Yahoo, Microsoft, and Google- and they couldn't resist the government. I don't think SD or Zaxcom would stand a chance keeping any proprietary security features a secret.

I'd doubt, they would soon be approached by government institutions. (EU, Swiss or Japanese companies even less likely). There are encrypting photo cameras on the market, based on alternative community developed firmwares
https://sites.google.com/site/nxcryptophotography/
http://magiclantern.fm/forum/index.php?topic=10279.0

Now I do not see a community coming up with alternative firmwares in the Zaxcom/SD market, but i could well imagine people coming up with something in the Edirol/Tascam/Zoom pricerange in case magiclantern manages to encrypt video.

Link to comment
Share on other sites

I don't know much about this, but would it be a good idea to encrypt the data then send it to multiple locations (cloud, drop box, dark web, whatever works) then delete your original files so they couldn't be accessed at all? Maybe substitute pix/sound from your cousin's wedding on your cards. In  Citizen Four there is that surreal scene where the Guardian execs are smashing up the laptop hard drives that had Snowden's files on them by order of the UK government. Security Theatre. Of course the files had already been cloned multiple times, and everybody knew it. Harder to pin it on you if there is no "original". OK go.

Link to comment
Share on other sites

would it be a good idea to encrypt the data then send it to multiple locations (cloud, drop box, dark web, whatever works) then delete your original files so they couldn't be accessed at all? Maybe substitute pix/sound from your cousin's wedding on your cards

Yes, if

- you replace "delete" by "sufficently overwrite"

- your hotel, internet cafe or whatever uplink you rely on is capable of transporting some hours of high quality video footage in a reasonable ammount of time (witch is probably not the case)

- your substitution footage fits your legend. Maybe a project called "World cities by night" or "Busses around the world" ;-)

 

Edit: I do not see what thread you suggest to face with uploading to multiple locations. Snowdens material stored by Guardian and Greenwald is not the video footage, LP shot in Honkong (or anywhere else she wishes to have encrypting cameras for). For the Snowden material the same rules apply as for any valuable data (childhood photos, accounting records, certificates...). You want to protect them from fire, water, riot looters or any other local thread and therefor you want to put copies in your parents attic, bank vaults or whatever you think of. The Snowden material was presumably "documents", as in text/powerpoint illustrations, etc. A fragment of the data volume, a video shoot has to deal with and easy to email, upload to whatever cloud or send via some thumb drive in a postal service envelope all thorougly encrypted and done way before the meeting in honkong. No need for any body orifices mentioned before.

Link to comment
Share on other sites

Look at it this way: film and analog tape was never encrypted. I think the key is, keep the files in a secure place where nobody who isn't authorized can get to them. Use reasonable caution, and don't get nutty about it.

 

I know of a major $100+ million film where they never let the camera drives out of anybody's sight, and after they were backed up on set, they were hand-carried to the airport by a licensed, bonded courier who got on a plane and flew directly to the city where the post was taking place. There's no chance for chicanery if a trusted employee is handling the files.

 

The biggest problem I see for recording in an encrypted format is, if the drive ever gets mangled, it makes recovering the data that much more difficult because it's in a non-standard format.

Link to comment
Share on other sites

I'm with Marc on this one: sneaker encryption is the best procedure. Also, commenting on DanieldH's statement: "your hotel, internet cafe or whatever uplink you rely on" seems to indicate a lack of understanding of the most common workflows in our industry. No production that is even casually concerned with security would ever allow the sound mixer or the DIT to upload files using a common Internet connection in a hotel or Internet cafe. One production that I worked on recently was uploading lots of data and also providing synced dailies with online access provided by dedicated connections to the PIX service servers. All of this activity was quite secure and protected and none of it had to be the responsibility of the production sound department or the camera department and the gear they both use (recorders and cameras).

Link to comment
Share on other sites

Well Jeff,

as much as I appreciate you and this forum, you might have not thoroughly read what i've wrote within this thread or I've not made it clear enough. The secenarios I've discussed, LP deals with or I presume chrisnewton's question referred to are the rare situations "our industries most common workflows" do not apply as such (or need a sufficient backup). I have had two situations I uploaded "files" am happy to bore you with technical details of suggested and conducted security percautions with. Both cases, were 1 day documentary shoots and initial coping of files was not conducted by me or my responsibility. In both cases I deleted the files after post assured me, they have finally imported everything and everything was fine.

 

So yes, when e.g. chrisnewton or his production plans a shoot in a place with uplink and server ressources they've tested and wish to rely on, and post validates the material, and there is a necessity of keeping recording media unquestionable, why not. I made clear, that I'd doubt that a reliable uplink source is likely present.

Link to comment
Share on other sites

Could I suggest that if you are concerned about the security of your rushes (sound or picture) why not store them on an encrypted drive? Its already here and could be part of your work flow.

If it's big brother govment you're worried about bear in mind that any encryption you use is probably already open to their intelligence agencies: those rights were given away long ago

Link to comment
Share on other sites

Well Jeff,

as much as I appreciate you and this forum, you might have not thoroughly read what i've wrote within this thread or I've not made it clear enough.

I have read it all very carefully and my effort in this thread is to keep it on topic: "Is there a need for recording to encrypted storage media?" --- the simple answer, in my opinion, is NO. This no refers mostly to the idea presented that the recorders we use need to have encryption routines built into their operating systems so that encrypted data is on the recorder's storage media. I had little interest in whether a production needs encryption of their digital assets by any of the available methods that are already in use on some limited productions. My mistake was to stray into that discussion where we started talking about internet connections, government surveillance, security breaches, etc. I'm sticking with my original answer that we do not need to "record to encrypted storage media".

Link to comment
Share on other sites

I wonder what the benefits of encryption really are. To me, at best encryption can provide safety from a casual thief (like the janitor in the op, but that could be solved by other security measures). What other scenarios could be there? Government: they can take the files from you secretly or they can subpoena you. Either way, encryption is hardly going to stop them.

Or you are working in a difficult country and, let's say, the IS forces you to hand over your gear, and data. Only if you have a hidden copy somewhere will this help, encrypted or not. If it's encrypted, they will force you (i.e. torture you) to unlock the files. To be honest, I'd rather give them un-encrypted files

Link to comment
Share on other sites

I feel like it would be an incredibly niche product to record in an encrypted format.

I hate the idea of having to enter a secure password every single time you want to do playback, or edit metadata on a file that already exists, or mark something as a false start, or copy files to your mirror Drive or all of the other things we do all day in the heat of battle. I suppose you would be able to add to this magical drive, but you would not be able to delete edit or copy without entering your secure password or whatever system.

Security like that would probably be incredibly difficult and expensive, especially if you are thinking that you want it to be better then what the local government security officials might be able to crack. Even if it's an option, we would all be paying for the development and maintenance of that system. If copying cards to a secured drive at the end of the day is not enough, then maybe there is a market for some sort of high-security investigative journalist video camera. It just seems like a potential way to lose files for the rest of us. Those low key investigative jobs don't usually have sound mixers anyway.

You would also either have to have a different password for every project, or give out your password to one client for all of your recordings. On something with more than one camera and possibly more than one sound recorder, it sounds like an incredible headache.

If there was a market for this, I would see maybe one company providing the option, more then it becoming a standard that they all offer in the next generation of products.

Same way the Cantar has been considered "the most weather resistant" sound recorder. I don't really see people challenging that notion, and most of us will work in rain a few times this year, but the Cantar has not become the standard de facto location sound recorder for doc/reality.

Link to comment
Share on other sites

In what way do you see a problem of a delay in writing to disk? This would maybe add a few ms, maybe even some hundert, but does not affect the way timecode data is aligned to audio data.

 

Yes there is a higher risk in loosing data, less due to data coruption but even more due to physically loosing your keyfile/device. Yes encryption does add a further level of complexity that makes data recovery more difficult. But who would not favour an SSD over a HDD, even though data recovery from SSDs is less likely to be successful?

The better the encription the longer the encode proccess.  Data Compression and Data Encription are related processes. 

 

NSA/CIA probaly alrady have this tech.  I only see it potenaly useful for Docs in Police States.

Most Post Houses would loth it.

Link to comment
Share on other sites

@Jeff,

I am happy you made this clear.

 

@Constantin,

it really depends what government/militia is your thread.

Scenario:

Of course encryption is no protection against "rubber-hose cryptoanalysis". But it might buy time and options you would not have without and rubber-hose techniques on you may not be an option for local authorities. You can still cooperate with officials and give them the keys, but at least, you can decide.

IS is not the best example here, as they would insist on accomany you anyway (like with Todenhöfer) and already know what you shoot. The scenario is rather, that some local official does not like you filming there and seizes all your stuff (and maybe has you deported). Of course this is a loss to you, but if your material is encrypted, maybe the dissident you have interviewed does not loose his life, after your stuff makes it up the chain and someone takes a closer look.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...