Open letter to Adam Beguelin
I have already covered and promoted your service in my personal blog (German text, use the translation service on the right).
I have some thought I'd like to share with you.
These subjects will be covered:
It may seem a little bit pardoxical that I use the most open form of communication in order to write about the sensitive subject of privacy. But I believe that it's a good idea to talk about the principles of freedom, privacy and security in public.
These subjects will be covered:
- two factor authentication
- basic access protection
- end-to-end encryption
- local cloud platforms on secure infrastructure
It may seem a little bit pardoxical that I use the most open form of communication in order to write about the sensitive subject of privacy. But I believe that it's a good idea to talk about the principles of freedom, privacy and security in public.
 |
| Source: Wikipedia |
When everybody has reviewed your data protection concept and agreed on it's high level of security - then they are more than willing to use your service to hide away their personal, sensitive content without any dangers from the public.
Furthermore it's the 5th of July and the 4th of July has just passed away. This is a very appropriate date to think about restoring the 4th amendment of the US constituion. I won't just give my two cents on this subject. I'll even give five cents. Especially since there is a stamp with Benjamin Franklin on it.
Furthermore it's the 5th of July and the 4th of July has just passed away. This is a very appropriate date to think about restoring the 4th amendment of the US constituion. I won't just give my two cents on this subject. I'll even give five cents. Especially since there is a stamp with Benjamin Franklin on it.
A lot my fellow German citizens are deeply concerned about what they learned about PRISM and the NSA's collection of data. Since I wouldn't consider Kim Dotcom as the usual German and I hadn't thought that I ever, ever would quote him in another than in a despicable way, I have to admit that he made some really good points on this subject in the Guardian's commentary.
"They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety."
From this perspective it's easier to understand, why especially Germans are very concerned. They already established, suffered and abolished two totalitarian systems where its citizens under total surveillance. From time to time there are more Germans who learned their lessons. I hope that we already reached a critical mass for continous and sustainable insight without the necessity to relive a third Third Reich.
And this is the point where your great invention get's into this play: Sensr.
And this is the point where your great invention get's into this play: Sensr.
"Watch
your stuff" is about safety/security for the masses. Knowing that my stuff is securely watched
gives me the opportunity to enjoy the freedom of leaving my home/office
carelessly. Being able to move around freely is the essence of freedom. The most common place without this freedom is called jail.
But now we learned that the NSA has a backdoor to Google's, Facebook's other servers. Well - Amazon isn't on this list, but I cannot believe that they weren't blackmailed convinced into cooperation with the administration as well. Amazon's S3 service is the where Sensr's very sensitive data is stored. This data contains pictures of your children, your customers, your employees and yourself - and of course, your stuff.
If a data-thief - a criminal, stalker, child abuser or a spy from the US or foreign government succeeds in obtaining access to a Sensr Account, he would have a direct and untraceable video link to your most private area. For instance a jewellery store whose owner thought it would be a good idea to use Sensr to have its surveillance video securely stored in the cloud. In fact, this is a very good idea. But even a good idea can be improved.
If a data-thief - a criminal, stalker, child abuser or a spy from the US or foreign government succeeds in obtaining access to a Sensr Account, he would have a direct and untraceable video link to your most private area. For instance a jewellery store whose owner thought it would be a good idea to use Sensr to have its surveillance video securely stored in the cloud. In fact, this is a very good idea. But even a good idea can be improved.
I
lay my trust into you, Adam, and your company. I still think that you
really care about privacy. But in my opinion and my mediocre level of technical understanding Sensr just offers medium
security. This is what you disclose in your FAQ:
How secure are the images?
Currently, we don't encrypt or password protect the images that we store for you. However the URL itself is generated using a cryptographic hash, meaning it's virtually impossible for someone to guess the URLs for your images. This means that it's possible for anyone to view the images if they have the URL to the image, even for private cameras. This means that you should not share the image URLs if you don't want others to see the images.
Once public, the pictures of your crack can be
accessed even if you switched your camera's
account from public to private mode. This picture
is just an example. There are much more revealing
pictures accessible on Sensr.
So every frame of the recorded videos can be
obtained by anyone who knows its URL. OK - the URLs are rather complex
and hard to guess. The protection layer is your middleware database
where the URLs of the single images are linked to a single camera and
brought into the right sequence.
One factor is the user itself. I've already contacted two other Sensr users who obviously had left their cam on public while having set up their camera in their living rooms. One was a ship captain who was very surprised and thanked me for this information. The other one had hidden his cam in order to spy on his female host. He felt guilty and simply turned his cam private mode without any answer. Unfortunately the URLs of the revealing pictures URLs were still in my Browser's history. How the people use the technology shouldn't be judged or controlled by Sensr or anybody else - except local jurisdiction. So even if a producer of private adult entertainment decides to use Sensr in order to record inappropriate videos, he expects Sensr to effectively protect these sensitive recordings as soon as he switches his cam to private.
This can be achieved by at least 4 (or more) steps.
Step one: two factor authentication
To avoid a direct
attack on a Sensr user's password, you already confirmed that a two
factor authentication is already on your future feature list. That's great.
But a data-thief could also make a brute-force attack on your S3-storage, hack into your mapping-database or break your crypto algorithm.
Your
personal track record, Adam, shows how technology could help with these
kind of attacks. At Truveo you and your team developed advanced video
analysis algorithms in order to achieve ingenious things like
identifying a special for a search engine.
With this power your team made a big leap on the way to software capable of passing the Turing test because it can gather information on a much deeper level than former machines could. It's an important module of the computer which was faked for the motion picture Eagle Eye.
With this power your team made a big leap on the way to software capable of passing the Turing test because it can gather information on a much deeper level than former machines could. It's an important module of the computer which was faked for the motion picture Eagle Eye.
Well, when advanced picture analysis and raw computing
power are these days easily avaible on cloud computing platforms like Amazon's AWS, Microsoft's Azure or other PaaS-providers (German link). This lowers the bar for penetrating Sensrs security walls a lot.
This
is a very serious threat to Sensr's business model. If customers don't believe that their data is stored securely, Sensr wouldn't differ much
from YouTube. In fact YouTube's level of protection is even a little bit
higher since you could switch a recorded video to private. Just from this second nobody else can access your files - except Google's admins and the
US-government.
How can Sensr raise the level of trust?
Step two - basic access protection
This step would be to get level with YouTube's
level of file protection. Give up the old storage model and develop a
secure mode where every frame's access requires successful authentication (two
factor authentication - if demanded).
But you could still move a further beyond this point.
 |
| NSA doesn't only steal private data but logos too (source) |
Step three - end-to-end encryption
Support end-to-end encryption of the stored data. Find a way how
the files stored on your servers can be encrypted with strong encryption
as in EncFS. The crypto key would be only stored on your customer's
systems. So he can be sure that neither a bastard operator from hell at
Sensr or anyone else could easily browse through his private recordings.
Sure - the customers would have to give up features that rely on Sensr's server based analysis as YouTube sharing, public sharing, motion detection or the storage saving drop of files where no change from one frame to another had been detected. These features would be normally unusable. But that wouldn't be a loss. Private cams have a completely different use case than public cams. So most users of this segment wouldn't miss these features a lot. I assume that they even are willing to pay more than the other user group.
But they still could use them. They only have to be simply transferred to the local device. My Axis webcam supports this analysis. I only lack the encryption layer between my cam's FTP Client and your storage service. When retrieving the pictures my local crypto keychain must somehow be used by my web browser in order to decrypt the stored files. This feature is implemented in Kim Dotcom's new filesharing service www.Mega.com . But since his service is still threatened to be taken down because of copyright violations I wouldn't trust his infrastructure.
Sure - the customers would have to give up features that rely on Sensr's server based analysis as YouTube sharing, public sharing, motion detection or the storage saving drop of files where no change from one frame to another had been detected. These features would be normally unusable. But that wouldn't be a loss. Private cams have a completely different use case than public cams. So most users of this segment wouldn't miss these features a lot. I assume that they even are willing to pay more than the other user group.
But they still could use them. They only have to be simply transferred to the local device. My Axis webcam supports this analysis. I only lack the encryption layer between my cam's FTP Client and your storage service. When retrieving the pictures my local crypto keychain must somehow be used by my web browser in order to decrypt the stored files. This feature is implemented in Kim Dotcom's new filesharing service www.Mega.com . But since his service is still threatened to be taken down because of copyright violations I wouldn't trust his infrastructure.
Step four - trusted, local platforms and infrastructure
Support
local, trusted infrastructures - but as cloud services.
I consider the remote cloud-based recording as the essential USP of Sensr against local recording solutions as Synology's NAS based Surveillance Station.
A burglar who already got into your house can easily destroy or even
steal your NAS server along with your webcam and other precious
belongings. Sensrs software has some really cool and
advanced features - but the underlying US-based infrastructure has lost a lot of
reputatio inside and outside the US.
What if a Sensr user could choose from different options?
One could be a local storage service in his home country. Being in
Canada, New Zealand, Ireland, GB, France or Germany he would supposedly
trust his local data centers more than a foreign one. Maybe he wouldn't
even directly sign his service contract directly with Sensr.
A local
provider could use the Sensr Middleware as a white label/franchise platform and offer a local service in strict
compliance with local laws concerning data privacy, data security and
infrastructure security. Here in Germany, it could be a service like www.cospace.de with its open API that could be a perfect platform-as-a-service partner for Sensr.
As secure as Gringott's
With the steps
- two factor authentication
- basic access protection
- end-to-end encryption
- local cloud platforms on secure infrastructure
Sensr could become as secure as Gringott's bank in Harry Potter's world - and would be secure enough to provide corporate level camera surveillance even for this institute itself. Nobody but the owners would know what's inside and nobody else could access the safe deposit lockers. OK, nobody but a fictional character invented by a British muggle bestselling author using a lot of magical tricks which can't be performed in our real world.
I'm aware or at least I suppose that these things would have big impact on Sensr's software
architecture and couldn't be achieved without a groundbraking redesign.
 |
| Gayforce guys protecting Gringotts? |
I personally consider Ed Snowden as a hero (German content, use translation). Well, it's up to you if
you're willing to take these kind of risks, especially since they're much lower than the one a real NSA whistleblower has to face. You have the chance to
develop your service
platform a lot further than today's products on the cloud market.
 |
| It's highly probable that this letter contains so many keywords that it will show up on an NSA agents screen. |
Since it's the 5th of July this is a good day to look forward and see what comes after Independence: Security and
Freedom.
When I play around with Benjamin Franklin's quote about freedom and safety:
than it says
When I play around with Benjamin Franklin's quote about freedom and safety:
"They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety."
than it says
"They who obtain a little more safety, can enjoy more essential liberty, because WE THE POEPLE deserve liberty AND safety."I think that you have to agree that this open letter doesn't reveal any secrets. None of the concepts are new - but nobody had taken the steps for a real world implementation. Until now - as I know.
I would be really happy to see Sensr as a pioneer in this field.
Regards,
A faithful customer from Germany
I thank Markus Lauber for his great grammar and typo support.
0 Kommentare:
Kommentar veröffentlichen