27

I am thinking on a way which would prevent unauthorized copying or recording of data by photographing screens.

I also think, if the content of a screen is understable for an eye of a living human, it is also photographable by any mobile.

Thus, I think, in general case, the answer is "no". I am right?

Extension, problem details:

  1. As I explained in comments, the primary security objective is to protect sensitive data from employee working on it.
  2. A secondary objective is to protect it from non-employee (and thus, having passed generally much easier security criteria).
  3. The effective solution of this problem is clearly social and obvious (no-cam policy, etc).
  4. The goal is here to find the (admittedly narrow) possibilities of the technical defenses, if there is any.
peterh
  • 2,938
  • 6
  • 25
  • 31
  • 40
    The usual solution is physical: ban cameras from the room computers are in. This is standard practice for classified military/intelligence environments. If you need this for remote users, you're out of luck – paj28 Sep 12 '15 at 18:19
  • 12
    Having said all this, Paj is the one with the right answer. Unauthorized copying is a social problem, not a technological one; technology is simply the tool by which it's carried out. The appropriate solution, then, is a social one too, not a technological one: set and enforce a "no cameras" policy around sensitive data. If you try to defeat recording devices rather than ban them, then you're getting into an arms race, and nobody wants that, least of all the people playing defense. – Mason Wheeler Sep 12 '15 at 22:31
  • Comments are not for extended discussion; this conversation has been [moved to chat](http://chat.stackexchange.com/rooms/29177/discussion-on-question-by-peterh-is-it-possible-to-prevent-unauthorized-copying). – Rory Alsop Sep 15 '15 at 20:32

13 Answers13

37

There is mainly two kind of people to consider in this question:

  • The person working on the computer. This person is your employee, they went through your HR screening and abides by your policies. They have been trusted to access and work with some data. Due to this, since they need to see, no technical measure can prevent them from taking photographs (using a phone, a pen camera, ...), taking notes or remembering what they saw.
  • The people around the computer. The computer could be a laptop in an airport or at a customer site, a desktop at a front desk etc., the other people may be unknown people, customers, or even other employees. Here the issue is not the same, and for this use-case you can buy privacy screen filters. These filters reduce the viewing angle of the screen, ensuring that only the person right in front of the screen can see its content (this person being obviously assumed to lock the computer when not in front of the screen).
psmears
  • 900
  • 7
  • 9
WhiteWinterWolf
  • 19,082
  • 4
  • 58
  • 104
  • HR screening must take care a wide spectrum of things and the security is only one of their motivations. And there are always people around the screens which could somehow avoid the test (for example, if they aren't internal members of the team). Yes, privacy screen filter would be an useful solution for the second case. – peterh Sep 12 '15 at 18:02
  • 4
    In public places, you can remove the polarizing filter from the screen and use polarized glasses. Everyone else (including cameras) not using polarized optical filters will see a white screen. http://www.gizmag.com/stealth-computer-display-lcd-polarizing-glasses/29700/ – Mindwin Sep 14 '15 at 17:26
  • 4
    @Mindwin: and that's why it's useless. An attacker that knows this would just use polarizing lens with his camera. To defeat this, you'd want your polarizing glass to be active glass; the polarity should change randomly based on PRNG and a key that's only known by the screen and the paired receiving glasses. That's not going to come cheap, if at all possible. – Lie Ryan Sep 15 '15 at 15:04
  • @LieRyan one could hack some LCD active 3D glasses to work with a infrared emitter on the PC. – Mindwin Sep 15 '15 at 16:15
14

In my view, unfortunately the answer is: unless you're willing to go with the two pretty radical options I mention below, probably not with any kind of really strong guarantee of security.

Other answerers have suggested technical measures that, in theory, might possibly allow users to see information on screens properly while preventing cameras from doing so. With all respect to those views, frankly, I'm a little skeptical that there are any such measures that would reliably work, at least if we're talking about facing an opponent actor with some minimal ability to do things like use photo and video editing software to recover any information from pictures/frames that might indeed be successfully made difficult to see on ordinary viewing. At the least, I would not rely on any techniques like that to meet the security need you're talking about without first having some extensive, independent testing in-hand demonstrating strong effectiveness. Which I dount you're going to be able to find.

If we limit ourselves to measures that we know will work with a high degree of likelihood if implemented properly, unfortunately we are left with two admittedly not-great options:

  1. Implement tight, physical security searches to prevent any employees from bringing any kind of electronic devices into a highly-secured area where the computer screens thatshow the sensitive info are kept.

  2. Rework or replace the software that displays the sensitive data on screen (or the ways that you use that software) so that, well, the data is never actually on screen.

Option 1 is how governments and enterprises secure super-sensitive information that they must protect in high-security facilities. It is difficult, and often-times expensive, to implement. (You need, at the very least, dedicated security personnel screening each person who enters the secure area.) Option 2 is more palatable in many ways, except that depending on your workflow and how your workers need to do their jobs they might well need to see the actual clear-text sensitive information on screen. Whether that's a practical course or not depends on how your business or organization actually uses sensitive information.

Now, all of the above being said that doesn't mean that there aren't measures you can take to reduce the risk of an employee deciding to whip out his or her phone and take a photo of on-screen information. Obviously, you can impose a policy ban on bringing devices with cameras in the areas where computers with sensitive info on them are located, and let your employees know that if they are caught breaking that rule punishment will be significant. And of course you can and should do background checks on anyone before allowing them access to sensitive information in the first place. But those policy-based measures are, obviously, very far from foolproof.

In sum, the taking-a-picture-of-a-screen scenario is just a really rough one to combat. If you can prevent sensitive data from ever really being on screens to begin with that's probably your best of a bad set of possible options if you aim to very strongly protect the confidentiality of it.

mostlyinformed
  • 2,715
  • 16
  • 38
  • Well, I know that the technological defense is nearly impossible, I was looking for around the few possibilities on it. Maybe somebody has a better idea as mine. – peterh Sep 12 '15 at 23:33
  • 1
    I hear what you're saying. FWIW, I've read some stuff here and there about methods of using IR-emitting diodes (like LEDs, except emitting infrared) to sort of jam the sensor of many electronic cameras. I'm not aware of any commercial-off-the-shelf technologies implementing that, but you might find some DIY experiments looking around the net. My best guess if I absolutely had to explore a tech angle. Anyway, good luck. – mostlyinformed Sep 13 '15 at 04:40
9

One solution could involve physically altering a monitor, by removing one or more of the "filter" layers it has and sticking them on glasses or something else to be worn by the designated user, so the "unfiltered" image would appear blank or hardly visible to everybody and everything that does not possess the extra filter, although I might be wrong and some lenses might still see the image, do let me know if that's the case.

Roflord
  • 91
  • 1
  • 11
    I've seen something of the sort done by removing the polarizer. However, polarizing filters are a normal bit of camera gear, I own one myself. Just like polarized sunglasses they can remove glare from scenes and they can also make the sky much bluer. – Loren Pechtel Sep 12 '15 at 22:09
  • 4
    http://www.gizmag.com/stealth-computer-display-lcd-polarizing-glasses/29700/ This is an example of the polarising filter removal being used to block viewing of images. It is however trivially bypassed by putting polarising filters in front of the camera. – March Ho Sep 13 '15 at 06:37
9

Put two armed guardians exactly at the sides of the display. Anything else would disturb legal users more than those who want to make copies.

Barafu Albino
  • 211
  • 1
  • 2
  • 1
    This is a more extreme case of @paj28's comment. Only useful in a small range of scenarios, but still valid. – Rory Alsop Sep 13 '15 at 08:08
  • Unless the armed guardians decide to steal and sell the information, that is... Because if you do that, you just gave two more people the chance to copy the sensitive information. And this two people might be paid less and care less about the information, thus be more likely to steal it. – Josef Jan 30 '17 at 15:02
8

What about a VR headset? The user has no worse a view then they would normally, and nobody can take a photo of the screen as long as the headset is shutdown as soon as it is removed.

Cheap and off-the-shelf option which will be easier to replace and upgrade in future, and has a higher degree of confidence in preventing unauthorised access than some more complicated setups.

Chengarda
  • 81
  • 1
  • 1
    Well, maybe it is not yet really feasible for standard office work, maybe it will be useful in the future. – peterh Sep 14 '15 at 13:24
  • You could sneak photos inside a VR headset by pretending to have a vision impairment and then putting your super secret spy camera glasses on before the headset. – daniel Mar 20 '17 at 13:49
7

I have not tested this but here is how I would reduce the chances (not eliminate) of photography of a screen.

  1. Put a field of view filter on the screen. (Privacy Filter) That would reduce the angles from which someone could photograph the screen.

  2. I would decrease the brightness and contrast of the monitor as low as tolerable by the user(s). This should reduce the clarity of photographs that are taken quickly (like walking by while holding a phone, casually snapping pictures). Also increase the screen refresh rate as high as possible. The faster the screen refreshes the more likely a camera only grabs a partial image. Granted the refresh won't matter if it's an LCD. (Stick with a CRT on purpose?)

  3. Within the viewable angles of the privacy filter, I would then aim ultra bright IR LEDs around the screen. (One thing I am curious about is would they work better pointed toward potential camera lenses, or maybe aimed to reflect on the screen filter itself.) Many cameras can be blinded by IR without blinding a person. With the low brightness of the screen and the high brightness of the LEDs it should be very difficult to get a good photograph that isn't washed out. This won't work on cameras with IR Filters however it should block those that do not. Example: http://www.instructables.com/id/See-Infrared-LED-Light-with-an-iPhone-4/?ALLSTEPS

  4. Since all this won't stop an employee from copying the data themselves, I would place a webcam toward the employee working to be able to audit their actions. Even if you don't check it often, many times the simple act of having the camera there with it's LED on could be a deterrent. Example: http://freakonomics.com/2006/06/28/scarecrows-work-on-people-too/

Finally, I would consider simply restricting access to the location where the data is viewable and having a solid NDA with the employee. The kind of setup where any leak HAD to be them, and any punishment is so heavy they wouldn't want to copy it.

nl88
  • 71
  • 1
  • Bright IR LED is a very good idea, because it doesn't harm the user experience of the normal work. – peterh Sep 13 '15 at 16:33
  • 15
    Be careful. Bright IR LEDs can damage human eyes just like any other bright light source. It doesn't matter that the wavelength are invisible. The photons still hit your retina. – slebetman Sep 14 '15 at 07:07
  • 3
    ...and in otherwise-dark environments IR LEDs can cause *particular* damage, since one's pupils will be dilated. – Charles Duffy Sep 14 '15 at 22:07
  • You *probably* (i.e. do look into it if you try to go down this route) won't have to worry about IR LED powers, as they won't really be focussed onto the retina and the user will be some distance away. – Chris H Sep 15 '15 at 09:42
  • I actually was thinking you would aim them away from the monitor (and user) however the privacy filter should cover that. You could also possibly shine them toward the monitor and create a washout effect on the privacy filter as well. Same effect of using a flash through a screen door. You can't see the object behind it because the screen gets lit up first. That way they aren't aimed at the user and they are only getting indirect light. – nl88 Sep 22 '15 at 14:58
  • Couldn't the user just put a piece of paper over the LED? – George Mar 20 '17 at 09:10
7

An extra precaution is putting major canaries/watermarks into data. E.g. each employee with the need-to-know is presented his/her own version of the data, and you are supposed to a) track leaks, b) detect canaries in leaked data, c) punish the perps. Even better is to do this in a provocation (a hired stooge is dramatically punished after doing a staged leak).

Armed guards, strip search, and employee vetting are also recommended. YMMV.

Deer Hunter
  • 5,297
  • 5
  • 33
  • 50
5

  1. As suggested by someone else, IR light is typically how this is done in modern cinema. I found the patent here.

  2. While researching #1, I discovered this implementation on a yacht though another site gives an excellent breakdown on how it only relies on certain cameras and unlikely to work outside a controlled environment.

Matthew1471
  • 1,124
  • 10
  • 14
  • I think your answer is OK as an answer, too. In this case you don't need to excuse for commenting in answer. – peterh Sep 13 '15 at 18:00
  • 1
    +1 but I think it could do with some expansion on how the IR light works. Do note however that like the polarising solution it's fairly easy to circumvent: User takes photo, see it's washed out with IR light (there are fast flashing IR techniques as well I think), *comes back* with IR filter fitted. – Chris H Sep 14 '15 at 09:31
4

Transmit data to the user through a non-visual medium, e.g. audio through earphones. Obviously limited uses, but you could get creative by transmitting the sensitive data via audio ("This graph shows the number of nukes held by our government") and the less conspicuous data visually (i.e. the graph with no axis labels).

andrewb
  • 204
  • 1
  • 6
  • Good idea - maybe it is not really effective in all possible work model, where it is, it is one of the bests until now. – peterh Sep 15 '15 at 15:45
3

At least for monochrome displays, maybe you could display the data on the screen in encrypted form and view it with a decryption matrix built into glasses based on something like DLP (micro-mirrors). Unauthorized users would just see random changing snow on the screen.

Spehro Pefhany
  • 559
  • 2
  • 10
2

The human eye and the camera's sensors don't work in the same way. Namely, humans take all the information gathered over about 1/30th of a second, while cameras tend to pick up light over a small slice of time. This is why it's hard to photograph helicopter blades, hummingbird winds, on normal citizen hardware. While a human sees a blur, the camera sees a "tearing" effect, as described in Rolling Shutter. This suggests that you could rapidly swap between several images that humans would perceive as normal, if not slightly flickering, while cameras would have an incredibly hard time taking proper photographs, and videos would be nearly destroyed. While I'm not an expert on what patterns would work best, it's possible (theoretically) that an incredibly fast monitor with the software to scramble the display pseudo-random images that would appear more-or-less correct to humans, but distorted or masked when photographed.

phyrfox
  • 5,724
  • 20
  • 24
  • 25
    Just add a neutral density filter to your camera and use a 1/30 second exposure. Then you'll get a photo of all the different images composed together, as the human eye would see it. – Mike Scott Sep 12 '15 at 18:11
  • 6
    This scheme would be easily circumvented. All that's really necessary is to use a camera with (roughly) the same image retention characteristics as the human eye. If nothing else, an old-fashioned film camera can do this quite easily. – Hot Licks Sep 13 '15 at 00:39
1

Another novel (goofy) idea to reduce the need for physical searches is have the computer screen replaced by an eyepiece, like on a microscope. Then the room can be monitored to prevent the user putting a camera to the viewfinder, and those monitoring the room are not exposed to the information. This could still be beaten by people wearing spy glasses, hats or ocular prosthetics.

daniel
  • 774
  • 3
  • 12
-4

Today, the easiest way to keep a document from being photographed is by encrypting it in a non-mathematical (non-hackable) barcode. Or, just use cryptography, then decode for reading when necessary.

Tony Belasco
  • 1
  • 1
    I am not sure that helps avoid screenshots or photography - I agree encryption protects a document from several other risks, but I am not sure (or I can't figure out) how it helps with a screen capture. You would expect the screen to display the unencrypted information (at least for legitimate users) in order for it to be 'read when necessary'. – iwaseatenbyagrue Mar 20 '17 at 08:40
  • 1
    And after you decode it, someone can take a picture .... – schroeder Mar 20 '17 at 14:04