Security Review: In-Eye Video Camera

By jimmy at 1:15 pm on March 9, 2009Comments Off on Security Review: In-Eye Video Camera

Rob Spence, a Canadian Filmmaker, is currently developing a prototype to equip his prosthetic eye with a built-in, wireless video camera.  The digital system, while not able to transmit information to his brain, will be able to route the signal through a series of increasingly large transmitters to a remote machine, which could potentially stream that data live on the internet.  As Spence explains, “If you lose your eye and have a hole in your head, then why not stick a camera in there?”
Spence hopes to be able to integrate this recorder seamlessly into his existing prosthetic eye, such that a casual observer would not be able to notice its presence (for a stunning picture of how realistic his current eye looks, and how small his current camera is, see the article linked at the bottom of this post).  He plans to have an on/off switch, so the recording feature can be stopped for private events, theater screenings, or bathroom trips.  Spence and his team are currently working to shrink all of the necessary components such that they are small enough and lightweight enough to fit within the space of an eye-socket, without weighing enough to cause disfigurement.

  • Assets
  1. The wearer of this device should be able to restrict access to the data he/she collects.  This is important to protect not only the privacy, but potentially the security of the user.
  2. Others in contact with the wearer should have their own privacy concerns, given  they may or may not know they are being filmed and that the footage could even be streamed online in real time.
  • Adversaries
  1. An adversary may wish to steal private footage the user is filming.  The architect of this system is a filmmaker, so the footage could have potential value as an art-form.  One could easily imagine several other scenarios, however, where the images being filmed are of a sensitive nature.  Video of a user typing in his or her password onto a bank’s website, or entering his or her pin number into an ATM machine could be quite valuable to an attacker.
  2. An adversary could also use footage to cause direct harm to the user.  If the user decides to stream the video footage he or she collects online, an attacker could use this information to find the person’s precise location, and cause physical harm.
  • Weaknesses
  1. The footage has to be wirelessly transmitted from the camera to another location where it is collected.  This stream could potentially be sniffed and/or corrupted in flight.
  2. Rather than attack the footage in transit, an adversary could break into the remote location where the data is stored and steal and/or corrupt the hard-disk on which the data is stored.
  • Defenses
  1. The stream could be encrypted and signed to prevent tamering with, however this presents a large problem given the size/weight restrictions of the device within the eye-socket.  Most likely the camera within the eye would have to operate with an extremely weak signal that only could be received by another component on the users body.  That larger component, located on a belt or backpack, could be responsible for encrypting the stream, and sending it larger distances.  This current plan uses this implementation, for space not security reasons, but it may not include the encryption step.
  2. The user should also be careful to physically secure the remote machine location (locking doors and what-not), as well as encrypting the hard drive.

While to this point I have focused mainly on issues regarding tampering or theft of the data-stream, the elephant in the room remains the larger privacy issue surronding hidden cameras prevading our daily lives.  If this camera becomes so life-like as to be indisguishable from an actual eye, a possibility all the more likely give Moore’s law, a conversation one might think is private could be stored and transmitted to millions.  One could argue users of this system should be ethically obligated to inform others they are wearing a camera, however others might claim having a prosthetic eye is a physical handicap, and the privacy of that condition should be protected.  Spence himself claims he will turn the device off on private occasions, but why should he be trusted, and how can that trust be enforced?

To those who fear a world of eye-spies filming their every movement, my response would be that hidden cameras are by no means new.  Making a camera look as real as a human eye may be a large step forward, but eye-implants or no eye-implants, if people fervently care about keeping their private lives private they should tread lightly in public places.

Article:  http://blog.wired.com/gadgets/2008/12/eye-spy-filmmak.html

Filed under: Ethics,Physical Security,Privacy,Security ReviewsComments Off on Security Review: In-Eye Video Camera

Comments are closed.