Hacker News new | past | comments | ask | show | jobs | submit login
German police storing bodycam footage on Amazon cloud (dw.com)
54 points by tannhaeuser 21 days ago | hide | past | web | favorite | 32 comments



This is such a frustrating phantom discussion. It‘s so pointless, yet so typical of German cargo cult privacy considerations.

Bodycam footage can both be a tool of surveillance and opprosion (if the police has sole control over how, when and what is used) as well as a tool for dissolving power asymmetries (when use is controlled not by the police). That‘s the important discussion to have, not this weird Amazon discussion.


The topic of this article is “this weird Amazon discussion”. Consider finding a more relevant link about your point (or writing one!) and posting it to HN so your desired topic of discussion can be aired.


arrrgs comment is on topic and he makes a valid point about the way privacy-related topics are discussed in Germany.

Your comment on the other hand is (passive) aggressive in tone, unwarranted and out of place in this community.


Not passive at all, nor aggressiveness. The comment I replied to raises a very real and important question around whether surveillance is compatible with freedom and democracy, and it absolutely deserves a discussion. However, the importance of that discussion does not automatically nullify ‘lesser’ discussions within that concern space such as the one raised by German citizens about Amazon being subject to classified orders by the United States. The comment I replied to demands that we refocus the discussion away from the link posted and towards the also-relevant concern of surveillance and society. Had it instead simply talked about that concern rather than decrying our interest in this link’s discussion, I would have had no objection.


Everyone's saying, "I don't see the problem, here," but it's pointed to (but not expounded upon) in the article:

>Even though the servers are located in Germany, US security and intelligence agencies could access the data, Strasser warned, demanding that the Federal Police expand its capacity "to preserve sovereignty over the core state function of internal security."

For more on this concern, see here[0].

[0] - https://news.ycombinator.com/item?id=19238119


I don’t think confidentiality is that important for bodycam footage. In the sense that most will be released anyway.

Integrity is critical as you would never want deletion or editing by unauthorized. But this is pretty easy to protect independent of Amazon.

This seems like a non-issue unless, for some reason unknown to me, they have extra reasons for not wanting the NSA to see bodycam footage. Although I suspect that any German data center is the same, if not more vulnerable.


>I don’t think confidentiality is that important for bodycam footage. In the sense that most will be released anyway.

Why would most videos be released, anyway; especially, in Germany? This is all videos, inclusive of "routine stops" or "health and wellness checks".

>This seems like a non-issue unless, for some reason unknown to me, they have extra reasons for not wanting the NSA to see bodycam footage.

Why would they need extra reasons for not wanting that? Your supposition seems to infer that they should be o.k. with the NSA wanting to see bodycam footage any time that they want?

That makes no sense... That would be akin to saying that the Americans should be fine with the Chinese seeing bodycam videos any time that they choose. If it's not fine for one, why would it be fine for the other?

>Although I suspect that any German data center is the same, if not more vulnerable.

Possibly but they wouldn't be victim to the Cloud Act, yeah?


Yeah it’s not like if there were not big Cloud european player like OVH that doesn’t comply to US secrecy laws


OVH are amateurs compared to Amazon and Microsoft.


So it’s certified by the BSI for that use case but people complain about it? If that’s a problem they should fix the certification not just complain because there’s no suitable “german” vendor.

They even mention it’s encrypted (hopefully on the client end) so it wouldn’t even matter where you put it.


As opposed to some poorly run operation by T-Systems? Yes please!


Oh if its run by T-Systems there will be no more privacy problem ;) Half the time the services will be not reachable and the other half it will not work correctly xD


Well I guess they can still manage to mess up the aws setup and have it end up as a publicly readable s3 bucket. But then at least suspects can actually properly review their footage without it having gone accidentally missing when police is ordered to pull it up in court.


Best practice is using a new tool which makes this impossible account wide, so hopefully not!


Eh, there is a bunch of European cloud providers. Off the top of my head: hetzner (de), ovh (fr), upcloud (fi).


Of these three, only OVH have object storage and it's a joke compared to S3 (we use is extensively bc it's cheap, but it sucks). And none are full fledged cloud providers, they basically just do hourly billing for on demand VPS. Highly doubtful that any of these three are as or more secure/reliable than AWS.


Is Hetzner still sending paper contract over the post even over a single instance of a virtual server?


The new hcloud is actually fairly impressive. They are considering their go client and they terraform provider as an integral part of their product and had them out on day 1. And it looks like they are taking a pretty fast incremental approach based on customer feedback, with new features every couple of months.

Sure, we can go on how the big cloud providers have all of this and it's small steps, but it's pretty exciting to see a german hoster go into this direction.


They haven't done this in years (source: ordered a virtual server in 2015), and Hetzner Cloud (introduced in 2018) has immediate provisioning and hourly billing.


Nope.


Plenty of organisations store encrypted personal information in S3 buckets. I'm failing to see an issue here.


That maybe, possibly, there is a non 0 percent chance that maybe Amazon are using the data to help their facial recognition system (doesn’t the AWS Contract forbid Amazon using customers data this way with out explicit permission? It’s been a while since I’ve read the whole terms for AWS. Just to clear what I mean is Amazon automatically just processing everything ever uploaded to anything on AWS for their own benefit without the permission of the AWS Customer or the permission of the person who is “in the data”).

But then again their is an non 0 chance that Amazon are not recording everything we say via their echos so they can simulate our voices and ring up all the local shops and tell the owners to go fuck themselves so we have to use amazon for everything...

Either that or the implication is that because the police are using S3 to store bodycam footage, they MUST be using their facial recognition system too.

Edit: Jesus fucking Christ HN, it’s a bloody joke, I thought the part where Amazon are calling owners of local shops would of given that away. Guess I’ll have to be more explicit :-P I’m mocking the article because they state that their is privacy implications because they use AWS. Well their are privacy implications if you use any vendor or even if you self host.


Being more explicit won’t help; being less sarcastic will. “That maybe, possibly, ...” is one example of where your otherwise interesting argument is weakened unnecessarily.


Ok after a bit digging:

- German police signed a service agreement (probably with Motorola) as the model of bodycam is Motorola Si500. [0][1]

- Motorola is one of the service providers working with Amazon. [2]

"Motorola offers a digital evidence management solution that simplifies the way your agency captures, stores, and manages multi-media content. The solution includes the Si Series Video Speaker Microphone that combines voice communications, body-worn video, still images, voice recording and emergency alerting into one compact, easy-to-use device. Integrated with Motorola’s secure cloud-based CommandCentral Vault digital evidence management software, this solution is streamlining technology and reducing costs for law enforcement everywhere."

- They have some short nice video about their security [3]

- Basically it is totally cloud solution, although it has client side encryption, if you think Amazon can be compromised, rest of security falls apart too.

[0] https://www.weser-kurier.de/deutschland-welt/deutschland-wel...

[1] https://www.motorolasolutions.com/en_us/products/police-came...

[2] https://aws.amazon.com/blogs/publicsector/the-future-of-poli...

[3] https://www.youtube.com/watch?v=3m9dlR6JCvI


> Federal Police are using a cloud service from Amazon to store videos because the internet company is the only one in Germany with a certificate from the Federal Office for Information Security.

> "At the moment there is no state infrastructure available that meets the demand," the Federal Police said.

TL;DR: Government department uses an approved vendor, news at 11.


This might be due to my limited experience in Germany but this seems to be the norm. Competition is not that fierce and customers have few or no options. I don't know if it's due to rigid regulations or business owners know customers don't have many options.


I think what's much more interesting is that the only approved vendor is Amazon.


I see nothing strange in it. German businesses consider „cloud” and internet in general as dumb and obsolete cost inducing topic. I can totally imagine no local provider being able to comply.


It’s possible to bring your own encryption to AWS. You can put an HSM you control on your own infrastructure and keep your keys there. As a step further you can encrypt before sending any data there in the first place, though you’re then operating more critical systems yourself, of course.


Note to mod (if this is an appropriate way to contact them): I would suggest changing the link to the non-mobile version - https://www.dw.com/en/german-police-storing-bodycam-footage-...

The mobile version is very difficult to read on my desktop browser.


I guess it would just make it difficult for mobile browsers? Unless they automatically switch to mobile mode from the desktop website.


They do automatically switch, at least for me (Firefox on Android).




Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: