Section 5, the proposed CryptoCam, is to me the most concerning. The proposed solution would use location-awareness communicated from a recording subject's digital proxy in order to collect encryption keys to later access footage that they may have been a subject in.
This gives a person access to:
1. The biometric information of private individuals, based only on their proximity to those individuals (faces are incredibly sensitive information)
2. Any intellectual property or sensitive information that may have been visible during the period that they passed through a space.
Someone intending to perform an illicit activity need only wander through a space and receive the exact perspectives and resolutions of existing cameras in order to summarily defeat the protective capabilities of that video surveillance deployment.
There's so many new ways a system like this can be abused, and the proposed setup doesn't reduce any existing abuse vectors.
2 additional concerns:
There exists with video surveillance today an understanding that one or more agent is watching, recording or analysing footage, and that footage may exist for some period of time. Benefits of video surveillance may include deterring illicit activities, particularly when the location and perspective of cameras is generally but not specifically known.
3.2 suggests a framework for access, but I do not, at first read, understand a change being proposed from what is currently industry standard practice; access to recorded footage is generally need-based and restrictive.
3.3.1 suggests new mechanisms for exposing some of this information (active vs passive monitoring, whether recording exists). I mention it above but the partial Panopticon effect is one of the main reasons video surveillance has a deterring effect.
This would be difficult still without fine-detail geographic bounding via maybe Bluetooth and likely very expensive to retrofit into existing systems, but would also still protect other private individuals’ privacy and security. Released footage could still be masked, for example, and access and use encouraged to be more directly audited.
Additionally, an attacker could gain long-term visibility of the cameras footage, simply by continuously capturing the broadcasted keys via a covertly placed device, either in close proximity to the camera or further away with high-gain directional antennas.
I would like to see a request for data be logged along with a description of an offense. An international government committee with at least 1 randomly rotated member from each foreign country each of which has the key. (there is no key inside the country) If just one deems it necessary the footage is made available to either local law enforcement, a judge or a citizen who has legitimate reason to review it. If no offense is found nothing is released. If the choice is sufficiently dubious the reviewer is reviewed and replaced. (plenty of people with eyes)
That way we can have tons of cameras without all the paranoia.
> Fig. 1. Footage is recorded, encrypted and uploaded to a cloud storage provider. Encryption keys are distributed to phone-based listening clients nearby. Phone clients later retrieve encrypted footage from the cloud and decrypt the contents usingthe key previously provided locally, then the footage can be played on the device.