Hacker News new | past | comments | ask | show | jobs | submit login
CryptoCam: Privacy Conscious Open Circuit Television (arxiv.org)
36 points by adulau 36 days ago | hide | past | web | favorite | 7 comments

A lot of this proposal is interesting, but the proposed invention is really concerning. The proposed CryptoCam (section 5) in particular ignores the privacy rights of recorded individuals in an attempt to offer greater access to recorded footage.

Section 5, the proposed CryptoCam, is to me the most concerning. The proposed solution would use location-awareness communicated from a recording subject's digital proxy in order to collect encryption keys to later access footage that they may have been a subject in.

This gives a person access to:

1. The biometric information of private individuals, based only on their proximity to those individuals (faces are incredibly sensitive information) 2. Any intellectual property or sensitive information that may have been visible during the period that they passed through a space.

Someone intending to perform an illicit activity need only wander through a space and receive the exact perspectives and resolutions of existing cameras in order to summarily defeat the protective capabilities of that video surveillance deployment.

There's so many new ways a system like this can be abused, and the proposed setup doesn't reduce any existing abuse vectors.

2 additional concerns:

There exists with video surveillance today an understanding that one or more agent is watching, recording or analysing footage, and that footage may exist for some period of time. Benefits of video surveillance may include deterring illicit activities, particularly when the location and perspective of cameras is generally but not specifically known.

3.2 suggests a framework for access, but I do not, at first read, understand a change being proposed from what is currently industry standard practice; access to recorded footage is generally need-based and restrictive.

3.3.1 suggests new mechanisms for exposing some of this information (active vs passive monitoring, whether recording exists). I mention it above but the partial Panopticon effect is one of the main reasons video surveillance has a deterring effect.

The real benefit inspired by the authors might be in a logging scheme for moving in surveilled spaces. When I pass through a bounded space, my tracker app gets a log of the camera whose space I moved through. If you wanted to request the footage you’d have a 2-party confirmed list of cameras and times to request, reducing impact of a request and potentially increasing East of compliance.

This would be difficult still without fine-detail geographic bounding via maybe Bluetooth and likely very expensive to retrofit into existing systems, but would also still protect other private individuals’ privacy and security. Released footage could still be masked, for example, and access and use encouraged to be more directly audited.

Great insight.

Additionally, an attacker could gain long-term visibility of the cameras footage, simply by continuously capturing the broadcasted keys via a covertly placed device, either in close proximity to the camera or further away with high-gain directional antennas.

A valiant though experiment. But the value in CCTV exists IN the latent information asymmetry between watcher and watched. No operator is going to voluntarily subjugate that.

I think the watchers are more trust worthy than uhhh random devices in proximity.

I would like to see a request for data be logged along with a description of an offense. An international government committee with at least 1 randomly rotated member from each foreign country each of which has the key. (there is no key inside the country) If just one deems it necessary the footage is made available to either local law enforcement, a judge or a citizen who has legitimate reason to review it. If no offense is found nothing is released. If the choice is sufficiently dubious the reviewer is reviewed and replaced. (plenty of people with eyes)

That way we can have tons of cameras without all the paranoia.

For anyone wondering how this works, the TL;DR is in figure 1.

> Fig. 1. Footage is recorded, encrypted and uploaded to a cloud storage provider. Encryption keys are distributed to phone-based listening clients nearby. Phone clients later retrieve encrypted footage from the cloud and decrypt the contents usingthe key previously provided locally, then the footage can be played on the device.

So it's cloud stored localized panopticon?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact