[notmyname]

Generally when I hear the term "deniable" used with something security related, I think of something like the hidden volumes in True Crypt: something that I can't be proved to have.

Does your product provide this level of deniability? I would venture a guess that the answer is no (after all, there is a box with a big "DV" on it). If not, what do you mean by the word deniable?

[_cbsz]

Ditto. I'm a grad student studying security, and I'm not convinced that this is deniable. How will you deny the DV box (or even unlabeled camera & microphone) in your meeting area when the feds suddenly raid the place? How will you deny the private key on that USB drive you are very very careful to store securely, lest you lose the ability to view the video? I believe that history predicts that once the existing of these things have been proven to a court, you'll be either producing the passphrase or getting thrown in jail for contempt of court.

http://xkcd.com/538/

[robotrout]

Regarding the "private key on the USB drive", I think the USB drive contains their software. Your private key is typed in at a password prompt.

Regarding the "contempt of court" threat, they need to implement hidden volumes, like TrueCrypt does, and that will be addressed.

[_cbsz]

The password prompt is for a passphrase to unlock the private key. It's standard to encrypt the private key using the passphrase to provide some protection against the loss of the key.

[andrewcooke]

but to some extent that's no different to the problem of having truecrypt (for example) installed on your computer - you have to explain that. of course, in the case of truecrypt you can have multiple (edit: hidden) volumes - i guess the equivalent here might be to have an "innocent" video that can be unencrypted. even then, though, it will be clear that the time isn't current, so if there is any "on" light, or disk activity on recording, that could be used as evidence that other data exist....

[thaumaturgy]

This is answered directly on their website. They record the video in a way that supposedly makes it impossible to determine if video has actually been recorded at all.

Thus, you can simply say, "Well, sure, I've got the box, but it hasn't been recording anything", and nobody can prove otherwise.

I'm still reading the site to see if I can understand the technical basis for their claims.

[robotrout]

This is exactly the same premise as TrueCrypt. Nobody can know if there's anything on a TrueCrypt volume or not.

They address the coercion (either by law enforcement or guy with a gun), by allowing you to make hidden volumes inside the main volume. You open the main volume, filled with data you don't care about, and they never know that a hidden volume resides deeper.

I see no reason that this same technique wouldn't work here. You record some boring video on the main volume, and record your main video on a hidden volume.

[thaumaturgy]

IIRC, some minor vulnerabilities to TrueCrypt's DFS were found.

Ah, found one link: http://www.schneier.com/paper-truecrypt-dfs.pdf

[marltod]

Is the idea that it can be proven that you have a DV product but it cannot be proven that the unit has been recording?

1. If the hard drive is making a lot of noise it is probably recording video.

2. This is security through obscurity. The data is not being encrypted in a standard way. But the binaries on the computer that are used to decrypt the data can be decompiled to discover this obscure method. At that point you have no advantage over other encryption programs.

  If you want to be deniable get rid of the hard drive and require an internet connection.  Then when someone gets your "DV" unit and asks where the video is you can say it was set to live streaming mode and is never recorded.