Tuesday, October 03, 2006

A dystopian view of personal Tivos

At some point not to long into the future, we'll have personal recorders for our lives. The first versions will record all the audio we hear, and later, as storage/cpu becomes cheap, they'll start to record video too.

The killer technology that'll enable this will be speech recognition tech that actually works.

You'll carry this device on your person, it'll record all of the conversations that you participate in, will convert those to text which you'll then be able to easily search later.

This will solve that ever annoying problem of not being able to quite remember what so-and-so told you the other day. You'll just need to remember a couple of the words from the conversation and will be easily be able to go back and locate the conversation...

The other obvious benefit to this will be that you'll be able to easily figure out which song you heard on the radio, coming out of someone's car, or that you danced to in the Club. Song recognition technology is already out there, and so it's quite easy to imagine that this'd be rolled into such a device.

Due to the need to turn this info into searchable text, you're going to need to upload it somewhere for processing. It'll either be uploaded in real time over wireless/cellular networks, or maybe you'll dock the device at the end of your day for processing. Either way, it doesn't really matter for the purposes of this blog post.

Now, consider the fact that pretty much everyone has a cellphone on them. Cellphones all include GPS chips now - for E911 reasons (although, it's interesting to note that the ever-present greed of the cellphone companies is the main barrier to us having access to this GPS data right now. They want to make a buck each time you use this data to interact with a merchant).

And herein lies the problem. Consider the following scenario:

A crime occurs. The police contact the phone companies and get a list of everyone who was nearby to the crime when it happened (which they're able to get via the GPS/cell tower log data). Now, the feds demand that each person hand over the audio/video data from their personal Tivos so that they can piece together information on the crime.

This seems like a great idea. Right? Except when you consider the fact that large portions of society do not like the Police (this is due to many reasons - racial profiling, past abuses by the police, drug war overzealousness, etc).

If you witness a crime right now, it is quite easy for you to tell the police that you don't remember seeing anything. The real memories are your own, and so you have solid control over who you share these with.

Fast forward to the digital age of the personal Tivo - and suddenly, you do not have the right to keep this information from the police anymore.

Remember that you can only plead the 5th if you risk incriminating yourself. If you are incriminating someone else, you have no right to stay silent, nor keep your data to yourself.

Encryption - the magic pixie dust that has solved so many of the Security World's problems thus far, fails us... because the police can compel you to disclose your keys.

There are systems in place (StegFS, The Rubberhose filesystem) which aim to protect you against Rubber Hose Attacks (i.e. you being beaten by a CIA interrogator until you disclose your personal data). They work by essentially allowing you to say "I don't have any data on the disk"... Or by allowing you to have multiple encrypted files, one encrypted with your "real" key, and the other with a key which you give to the police when asked..

However, in the case of the personal tivo - through the GPS records that the Feds will gain from the phone companies, the police will know exactly where you are and when. Thus, if you give them bogus data, and they know you were walking past the Clocktower at noon - and your Tivo data does not have a clock chiming noon, they'll know you've given them false data.

Thus, we have an even more extreme form of the rubberhose attack. How do you protect your data from the police when they can 1. compel you to give it to them, and 2. They have a fair idea of at least some portion of the data on your disk? They can use what they know to verify if the data you later give them is in fact real.

It's a puzzling problem - and it's going to become real.... It's just a matter of time.

How do we solve this problem? I have no idea.

1 comment:

Anonymous said...