Meeting notes

##January 25, 2011 Team Meeting

• For Sprint 1, fine to use Android Face Detection as a working placeholder
  • Should design abstract interface to make pluggable, as well as help define necessary functions
• Shawn is investigating GStreamer framework for video processing (Shawn, Hans)
  • Can plug in OpenCV, FFMPEG into it
• Need to twiddle the knobs on Face Detect input images (exposure compensation, resolution) (Shawn)
• Document all available metadata and investigate exif library options (Harlo, Andrew (in C?))
  • Location, Heading, Altitude, Time/Date, Elevation, Tilt, Network/IP, Device, Camera Hardware
  • May need our own JPEG/EXIF library
• UI/Wireframing needs to be done (Shawn, Derek, Harlo)
  • Consent and Intent UI Elements - need to capture contact information for subjects, consent data, etc as part of the "tag" feature
  • Should determine the pluggability into Gallery app menu
  • Support broadcast intents for camera taking
• Crypto Stuff (Nathan, with _HC's help please)
  • Nathan nearing first build of LUKS encryption for secured mount aka "/media/sscmount"
  • Also investigating GPG public encryption and signing via APG intents
• Sync: Nathan to add code/sample for rsync of sdcard data to remote SSH server
• Design Document on Media Processing, Degradation, Storage
  • How are we storing the image and metadata: proprietary formats vs. open (JPEG, PNG, SVG?)
  • Should we deconstruct on mobile, and then reconstruct later on the desktop?
• HC's git workflow tutorial for local feature branch work (well described in this blog post: A Git Workflow for Agile Teams)
  • Clone a repo: git clone
  • Create a new branch: git checkout -b mynewbranch
  • View the status of your branch: git status
  • Nice visualization tool: gitk &
  • Make your changes to your local branch! (including git add for new files, etc.)
  • Commit your changes: git commit -m "your message"
  • (make as many commits as you want, you can rebase them into something nice later)
  • git rebase -i HEAD~3 (rebase the last three commits)
  • Rebase to muck around with your commits as you see fit (and be careful): git rebase
  • Checkout master: git checkout master
  • Merge your branch: git merge mynewbranch
  • delete the old branch: git branch -d mynewbranch
  • Push to master: git push origin master
  • for more on rebasing, see: ProGit: Rewriting History

##February 1, 2011 Team Meeting

• making android-opencv into a reusable library for Android Apps (Hans)
• make LUKS build on Debian and Android (Hans)
• investigate Android Privacy Guard APIs (Nathan)
• secure meta data for human rights work
  • budget for this
  • what data is needed
  • how should it be disassembled and encrypted
• Yvonne (Witness Archivist) Discussion (FileMaker Pro) (Better to have XML file than embedded in file which would require separate tools)
  • PBCore - Public Broadcasting Standard (EBCore) - Schema and Data Dictionary
    • http://pbcore.org/2.0/
  • Use MediaInfo (metadata extraction)
  • Preservation Metadata (Preservation Actions/Archive Date/Chain of custody)
  • Premise (Library of Congress): http://www.loc.gov/standards/premis/Rights-in-the-PREMIS-Data-Model.pdf
  • Rights Related Standards
    • IPTC - International Press Standard for Photography??
    • Mets Rights??
  • Witness collects consent documentation - Who are you and can we use your image
  • Creative Commons
  • Public/Private Use - Usage Intentions
• Encrypted MediaStore using SQLite Secure - Could be a great module

February 4, UI/UX Discussion

• What are core use cases that we're designing for in Phase 1 Sprint?
  • Broadly: (1) Media, (2) Consent, (3) Security
  • Capture piece of media - Phase 1 focusing on still images
  • Gaining consent & communicating intent
    • Potentially adaptable to a walkthrough / flow
  • Saving media
    • Differing levels of protection - signed, encrypted, saved within encrypted partition
  • Viewing media locally
  • Distributing / sharing media
  • Destroying media
    • Keeping in mind PIN protection of media & view timeouts
• What are key user states & application entry points that need to be kept in mind?
  • User States:
    • Connectivity: Online (Carrier vs. WiFi vs. Bluetooth, etc.), Low Connectivity, Offline
    • Others?
  • App Entry Points:
    • SSC App
    • Camera
    • Gallery
• UI / UX Sketches:
  • https://github.com/guardianproject/SecureSmartCam/blob/master/doc/mockups/20110204_SSC_Sketches_Shawn.jpeg
  • https://github.com/guardianproject/SecureSmartCam/blob/master/doc/mockups/20110204_SSC_Sketches_Derek.jpeg

February 8, Team Meeting

• Luks - Compiled for Android - Now attempting to make easy - Standalone App/API
• Android Privacy Guard - Solution for now - Download from Market and use Intents
• SQL Cipher to be used as basis for Secure MediaStore
• Metadata per image/video should consist of intent, consent, genealogy and technical data.
• Came up with plan to show Witness staff Wireframes next week Tuesday
  • To Do: Formalize Wireframes, Add in video to comps

February 22, Team Meeting + WITNESS Debrief

• Scrum notes:
  • Harlo: metadata framework (see: doc->metadata->References)
  • Bryan: mtg w/ Nokia
  • Hans: SQLCipher integration -- right now very quick & dirty integration possible via command line
• WITNESS Debrief Notes:
  • Have the SSC team thought about Audio / voices or just visual? It would be helpful to have the ability to use this app to covertly record audio -- and just remove video
  • What is the 'unblur' potential?
  • Remote lockdown - how would this work?
  • User Story: Multiple people using the same phone / device
  • Who is this app designed for? Anyone and everyone or specific users? This has implications in terms of responsibility for media captured across many different scenarios (good and bad). Legal knowledge needed.
  • User Story: What if the organization is compromised? Keys need to be updated or removed from the app. Key revocation flow.
    • 'Worst case scenario' planning
  • How is the walk-through / training aspect planned? Apps that have training flows are nice!
  • How is intent / consent captured?
    • Match point of consent to actual time/place of media and also via metadata
    • Intent: we could use some guidance from WITNESS on how this could be mapped for the user to choose from
  • Timetable for deployments?
    • Initially here in US with core teams
    • Next roll to low-risk areas to train with non-technical personnel, iron out usability & user-interface aspects along with security
    • Who starts using it, and when?
  • Metadata walk through for new users - did you know that all this stuff is tracked? You can change it!
  • Analysis of current powerful apps and postmortem of their use in current hot situations
  • Must keep in mind that sometimes the 'highest risk' situations are one-on-one whistleblower media clips as opposed to protest scenario (hard to round up 50 ppl). How do we introduce these options to users? Wizard-based, good documentation, just a slider-bar?

March 24, UI Discussion

• Attendees:

  • Sean, Harlo, Derek

• Action Items:

  • Bryan - we need to more fully understand the 'Panic' scenarios -- how visible does this option need to be throughout the application? Availability when editing an image?
  • Bryan - write the 'opening credits' flow for the app in phase 1; what's needed?
  • Derek - update wireframes to reflect latest comps & design decisions (below)
  • Wordsmithing / Copywriting:
    • Blur - needs to change, as Andrew has indicated that it's quite easy to 'unblur' programatically. Needs to indicate fully destructive nature.
    • 'Tagged media' - need a better term to describe the copy of a piece of media saved by SSC with tags, etc.

• Notes:

  • Features & functionality
    • Decision to limit region encryption & ID tagging to a single public key and single identity - this will preserve the ability to replace region in actual jpeg
    • Media resolution will be 'low' for now
    • Export option should be killed / combined with Share option
  • Wireframe / Flow Updates (Derek):
    • 'Quit' menu option not needed from main application menu -- means no menu options really needed
    • 'Edit mode' concept
      • Entered when creating new regions (via menu or via long-press), or selecting 'edit' from contextual menu
      • Options to 'set' or 'delete' region
    • Add copy to export/share popup that image will be saved - image preferences will apply
    • 'Tag mode' concept
      • Entered when a region is active - includes ability to add ID tag, apply encryption, destory a region
      • Apply region tagging for encryption, blur, ID
    • Preferences changes:
      • add to global: automatically scan image for regions
      • add to global: prompt on unsaved exit / back
      • add to global+local: automatically sign image
      • remove from local: media resolution
  • Design Updates (Derek):
    • Check out the 'quick actions UI' for the popup on longpress widget
      • Source project (HH): http://www.londatiga.net/it/how-to-create-quickaction-dialog-in-android/
    • 'Edit mode' needs to pop more - use transparent grayscale back-drop
  • Whiteboard notes:
    • 

March 29, Consent/Intent Discussion

• Attendees:
  • Shawn, Bryan, Derek, Hans, Nathan
  • Consent and Intent "objects" that can be associated with any region
    • 1: Create a predefined list - What's your name?, check boxes.. Add in. Not during process of creating media - Before
    • OR
    • 2: After media is created - "collect informed consent" - when id regions - asks if you have previously gotten consent - if you say "yes" it allows you select from predefined list - if you say "no" - go through process
  • Consent for Individual Region
  • Intent for Entire Image