[ccc_]

I did actually

these guys can avail themselves to tech far superior to what they are asking for

they should know what's at stake when and where they shoot the images they want to shoot

journalists of all stripes seem to be under the impression that they have a higher calling and should be less vulnerable to reprisal...it ain't happening

I personally travel with almost naked tech and everything that passes through is indeed shredded and bleached
i'm not particularly paranoid, just careful

as a general matter I would like to see either an in-camera encryption scheme or at least password protection at the front door

[DeadJohn]

U.S. Customs can already seize cameras at the border and hold them indefinitely. Transport a camera with encryption? They can hold it until they hack in. Unhackable? They can demand your password. Refuse? Never see your camera again, get banned from the country, etc.

Reporters need to cross borders with clean cards, electronically transfer everything before returning, and return home with clean cards.

[mattb123]

U.S. Customs can already seize cameras at the border and hold them indefinitely. Transport a camera with encryption? They can hold it until they hack in. Unhackable? They can demand your password. Refuse? Never see your camera again, get banned from the country, etc.

Reporters need to cross borders with clean cards, electronically transfer everything before returning, and return home with clean cards.

I agree but depending on where you went that may not be possible. That is when I'd want a secret encrypted partition and a visible decoy.

[rawr]

How this 'encrypt your camera' stuff develops will be interesting.

If anything, it might give camera makers a new differentiating feature to build into their bodies - and marketing. Features like the number of megapixels, the number of AF points, video support, WiFi support etc have been kind of running out of steam with consumers. Now camera makers will be able to sell security features too.

The advantage will probably lie with companies like Canon and Ricoh, if they choose to go down this path, since they already have a lot of exposure to security technologies and practices via their office IT business. Probably even big patent portfolios on the subject of secure imaging.

[automorphism]

I fear we'll see more laws criminalizing encryption unless the government has the keys.

Unlikely to work in practice. As long as there are computers and the ability to write software in some sort of programming language, encryption will be trivial to obtain. Most encryption schemes are freely available with published algorithms in thousands of copies of books and papers already around the world.

Encryption would be hundreds of times harder to regulate than guns, and look how well that works.

[SeaRefractor]

Here's the real issue, it has to be "easy" and nearly fool proof to screw up. If any of you using Windows 10 Pro with "bitlocker" have discovered, updating your BIOS and drivers can render you unable to access your content if you misplaced your recovery key.

With a camera, you'd need encryption on the camera and a unique encryption for each SD card. What is the method of making that card readable on different computers, especially if your personal laptop was damaged and you need to use a local service office to read your SD card and submit your images? Does the camera have sufficient storage for the unique keys created for each SD card to allow you to use several and not lead to a situation that you have to wipe the encryption and start over after you've used too many different sets of media?

Would it encourage the user to use USB cable and vendor specific software to retrieve the images rather than popping out the SD card and placing in any computer?

It must be simple, fool proof and not likely to be more of an impediment to customer purchases in order to be a feature the manufacturer wants. Check out smartphones that use microSD cards and allow you to encrypt those, guess what? Once encrypted they are only useable on that smartphone unless reformatted. This is the case with my flagship Samsung. Apple dodges that problem with smartphone encryption as there is not storage other than the internal purchased at the time of sale.

Imagine, you purchase your new "Encrypted" Pentax, one that is good to go upon first use and nearly impossible to crack only...... where's the SD slots? Actually from a sales standpoint you could then sell the same product at different pricing tiers for storage, several hundred for each level that is only ten bucks difference from the manufacturers cost. Works for Apple, should be a good model for the industry then, unless you are Sandisk and the others that want to sell you SD cards.

[DAZ]

The photographers who wrote this open letter on more right than they realize. Not only are features like encryption desirable but ultimately they are going to be absolutely necessary in ways beyond belief today.

Many have pointed out various problems from a technical standpoint but these are just minor nuances that can and ultimately will be overcome. Things like key management have and are now being worked out. The concept that quantum computers will instantly render all encryption obsolete is untrue. Quantum computers can be used in theory to attack certain public/private encryption systems. This mostly has to do with key management and key sharing. Encryption systems used on files and for the actual data that is being transmitted are really not any more susceptible to quantum computer attacks than general computer attacks. It is the key sharing part where the key is shared using public/private encryption systems that is vulnerable. Having said that new public/private encryption systems are already in the works and will likely be in use before quantum computers are widely used.

Encryption gives you many things beyond someone prying into your information. It gives you authentication and protection against outside influences.

At one time encryption was thought to be local. That is to say you would encrypt the file locally and if you wished you could transfer the files. You would then have to share the key via some secure means. This is the key management part of the problem. Public/private encryption systems have helped alleviate this problem. Today they are talking about end to end encryption. The concept here is someone would send a file from point A to point Z that this information would be secure from point B to point Y for many outside intrusions. This is an old model that is already outdated by the concept of “the Internet of things”. The mantra in the future will need to be “encryption all the time at all levels for all things”. This will be required to stop the entire system from collapsing from outside influences.

As more and more things become interconnected there becomes more and more points of possible intrusion. For example if your photo files are encrypted and somebody does take your SD card if you do get the files back (assuming you have a good encryption system) you can be assured that your files have not been manipulated. In addition if the operating system on your camera is encrypted when you get your camera back you would be confident that no back doors have been planted in your camera. In turn you could also be assured that no back doors would be finding their way onto your computer. In this particular case the reason for taking your camera had nothing to do with the pictures you might have taken but only as a means to get to your computer.

For the Internet of things to work encryption will have to be universal, embedded in all things, and essentially invisible to the user. Everything that is connected to the Internet of things even something as unimportant as your doorknob on your house could be a means to get access to something else that is much more important. This may all sound paranoid but I can assure you that it is not. The attacks might not even be against you personally but some organization you work for or have some contact with. It would not necessarily even need to be state-sponsored as somebody may want to get access to some bank account for example.

There are some in law enforcement and government intelligence organizations that believe that encryption is the beginning of the end and what will follow is chaos. This is obviously untrue as their ability to look at the world electronically and so brightly is a relatively new phenomenon in history. The world worked before and as this temporary brightness of their ability to observe fades the world will continue to work as before. But if there is not universal encryption at all levels for all things at all times the Internet of things will collapse in chaos without it. So as the Internet of things is most likely inevitable (and only possible without collapsing in the chaos with encryption) than much more security in encryption is also inevitable. The sooner and more thoroughly this is embraced and accepted the less likely organizations will be drowned by the incoming tide. Some at many levels of government believe they can hold back this tide but not only will he not be able to hold back the inevitable but there attempts are doing severe damage (Sony, Yahoo, etc.) to those they say they are trying to protect.

At the time most companies do much of this in-house. But with it becoming more universal many companies/open-source organizations will spring up and will produce essentially modular products that can relatively easily and cheaply dropped into just about any product. To some extent this is already happening. Eventually there will be so many levels of encryption that nobody will even bother to try to crack it. They will of course attempt the rubber hose and lead pipe methods but even these will ultimately fail is the end user won’t even have access to the keys that they desire.

So most definitely encryption is coming, (and a heck of a lot of it) but no matter how fast it comes it can’t come fast enough.

Dean

---

Last edited by DAZ; 12-14-2016 at 07:50 PM.

[SeaRefractor]

WIth the difficulty in accessing the images on my camera versus my smartphone, I have trouble seeing my camera as an IoT device.

Of course future cameras could have an extra chip that provides the encryption chops without placing additional demand on the imaging processors we want to dedicate the fastest performance of image storing and noise reduction upon. Perhaps Ricoh, from a medical imaging stand point with increasing identity protection needs, may see this as a strong enough market to bring to market first.

I'm not saying that it shouldn't be done, but that it is incumbent on Pentax or anyone that releases it to ensure it's a rock solid deployment from the get go so images are not lost for professionals that have some encryption issue. It must NOT be an add-on with the lower level of effort the Wi-Fi inclusion and smartphone apps have been to date from Ricoh.

Wi-Fi is a feature on my K-70 for example that after trying briefly after each app update I don't use further. Some of you may be the exception, but I doubt anyone would say it's a model feature all camera makers should duplicate in their offerings. Encryption and the ease of user interface needs to be that "everyone should use this model of ease of use and reliability". OR, make the encryption a user enabled feature that is not on by default and have the disclaimer that data loss is a limited liability issue.

[lithedreamer]

All of this talk of local encryption seems naive, when the ACLU app streams video to their servers so police can't delete it, and Ricoh owns a cloud storage company now. Sure, not everyone is going to have access to the Internet when or soon after recording, but I think enough people would that it makes sense to avoid the complexities involved with encryption. Besides, I'd be worried about Ricoh possibly trying to 'roll it's own' encryption, which usually goes poorly.