Root Causes 336: Digitally Signing Images on Cameras
A recent press release discusses efforts of camera manufacturers and the digital imagery supply chain to create an ecosystem for digitally signed images. We describe what such an ecosystem would do, where it could do in the future, and the advantages and limitations of these schemes.
- Original Broadcast Date: October 3, 2023
Episode Transcript
Lightly edited for flow and brevity.
-
Tim Callan
So, we’ve talked in the past about deep fakes and how this is presenting a problem for what seemed to be recorded images, whether those might be what look like photographs or videos or audio recordings and so this caught our eye. In this case, I’m referencing Canon Rumors, which is a website that’s focused on the digital photography space and this is actually a press release. I’m seeing it on Canon Rumors but it’s a press release from Thomson Reuters and Canon Europe and Canon, Incorporated dated August 31, 2023. The headline reads, “Canon and Thomson Reuters Team up in Developing Cryptographic Methods to Authenticate Photographs” and this is basically what we talked about right, Jay?
-
Jason Soroko
It is. We had talked about very specifically the need for the device manufacturers, we had talked about everything from Apple iPhones, Android phones of various kinds and the various photography ecosystem – Canon, Nikon, Fuji, etc., etc., - and here we go. Here we go. It’s exactly what we said which is it’s the beginning of these – this vendor ecosystem of content origination. The place where you originate content. And I can absolutely see this the Canon and Thomson Reuters connection because if you are feeding images into a news system, being able to know that it is legitimately the origin image has a lot of value.
-
Tim Callan
And so, I think how this works is the device itself has functionality built it. Obviously, of course, this is a digital photograph, not a film photograph obviously. That digital image is being signed by the device itself in some way. So when it comes off the device, it is essentially already verifiable that it is unaltered and it’s origin as a photograph that was captured on this particular device is also verifiable.
-
Jason Soroko
So for those of you who ever used a digital certificate to sign a document, to sign code, we’ve talked many times on this podcast about signed firmware that’s in your cars right now. So, even if none of you have ever signed a - -
-
Tim Callan
Or not signed. We’ve talked about that, too.
-
Jason Soroko
Or not signed. Or signed incorrectly. We’ve talked about it all. But here it is. Here it is. All of the sudden now we can cameras signing things. Isn’t that interesting, Tim. I think here’s the point. The point is the ubiquity of PKI just multiplies every day. PKI is everywhere. I think that’s an interesting takeaway to this. But the other takeaway to this is, ok, what are we really solving here. What we are definitely gonna solve is the authenticity of the who is the author of content and who is also the - - the fact that the content has arrived at its destination, perhaps a news outlet, without some kind of – without alteration – is important. And that’s really what we are solving with signing. But what we are not solving, Tim? Deep fakes.
-
Tim Callan
Right. Exactly. We are not solving them, we are creating a situation where you can know that something is not a deep fake and that could be very important. But for the vast majority of the digital content that we are all gonna apprehend in our lives, that particular provenance back to the original capture is just not going to be there. And for the overwhelming majority of the real content that’s really produced, that is not gonna be there. And so, in that sense, it absolutely doesn’t solve that problem, right?
-
Jason Soroko
It doesn’t solve that problem at all. It absolutely has value. In fact, digital signing, Tim, it has value. It has tons of value. And we’ve been doing it for a very long time. The podcast that we recently had on this was to speculate on it growing into an ecosystem. And I think this Canon announcement, I think you are gonna see just about everybody who takes an image do something like this at some point, frankly.
-
Tim Callan
Right. Now you can imagine it being more powerful once it’s on every Android phone. Right?
-
Jason Soroko
Definitely.
-
Tim Callan
That at the point just the amount of digital content that could be verified goes way, way up and you can imagine a scenario someday in the future when it’s on everybody’s smartphone and every digital camera that you can buy where something that doesn’t have the signature just kind of gets discounted. It doesn’t mean it isn’t real but it means people won’t give it any weight or credibility. You could see those things coming about but, first of all, not for a long, long time. And even then, like until you have 100% coverage, there’s always the possibility that things were captured that didn’t have this functionality built in.
-
Jason Soroko
Absolutely, Tim. I think that right now because of the fact that most content doesn’t have a digital signature associated I could send you something, Tim, you know, that has the watermark of Getty Images and it’ll be a celebrity and it’ll be deep-faked and you might half believe it or fully believe it.
That’s the world we are living in right now. I don’t think that that’s ever gonna go away. It’s not like all content will be digitally signed because modified images are the reality. In fact, I was trying to think of analogy, Tim, but the fashion model magazines, for example, what image hasn’t been retouched ten ways from Sunday from its origin from the camera.
You can still digitally sign it saying, hey, you know, Studio X has professionally prepared this image for a magazine cover and we’ve signed it and therefore it is a copyrighted piece of material that’s gonna be on the cover of a magazine. That’s terrific. So, that can be signed. But on the other hand, still, the majority of what you are going to be looking at is gonna be unsigned. And not only that, most people consume their imagery in a way where you don’t even have the infrastructure to check the signing mechanism.
-
Tim Callan
Sure. So, again, you could imagine – you could imagine if this was built into all of our computer systems where whether or not this was a signed or unsigned image could actually be scrutinized by my browser for instance and if my browser felt that it was unsigned image, it could pop up a warning. Just like it does now if I go to something it deems to be an unsafe website, right? And it could say, “Warning!, This is unverified content”. Don’t necessarily believe what you see. Like all of these things are doable from a computer programming perspective but we are imagining putting a vast ecosystem in place before such a thing occurs.
Now maybe that starts with a high-end SLR from Canon. Maybe that’s where it begins. And a deal with Thomson Reuters and maybe that’s how you get a footprint and you start expanding. There’s just a lot of distance between this particular solution set and something that helps you and me know that a picture we see of someone famous is real. Right?
-
Jason Soroko
Sure, Tim. We are talking about images here but you also talked about audio and we still receive phone calls and a deep-faked phone call. Heck, our very last podcast we recorded had a deep-fake audio as part of our subject matter. I mean it’s common right now.
And so, you just mentioned an image and a browser. There might be an ecosystem there for verifying signatures. Ok. Great. I seriously doubt you are gonna have that with audio.
-
Tim Callan
Sure. Well, and audio and video. Like video is even worse. If I’m a YouTuber, then even if my camera is digitally signing the raw video clips that I’m recording, I’m editing that. Once I edit that, I don’t have the original stuff.
-
Jason Soroko
You got it, Tim.
-
Tim Callan
So, even if I can sign that someday in the future and say I’m signing my edited video. This really came from me, the real YouTuber, that still doesn’t trace back to the origin of the raw video.
-
Jason Soroko
You got it, Tim. You got it.
So, the point here we are trying to say is that hooray, PKI becomes even more ubiquitous and it has an absolutely valuable purpose but don’t read these articles as deep fakes will be solved anytime soon – first of all – or even at any point in the deeper future. I think it’s here to stay and all the warnings Tim and I have given you, keep it in mind.
-
Tim Callan
And we could imagine a world where there is a set of content that I am able to trust as verified and then there is a set of content that’s just in the DMC and you don’t know what it is. Right? I could imagine that coming about and being something sometime in the future where I as a user can say, ah-ha, this is an official photograph from whoever – the White House. Right?
-
Jason Soroko
And I’ll tell you what, there are all kinds of under swellings underneath this, Tim, where freedom of speech around taking other people’s content and doing things with it. There are a lot of things that are not deep fakes. They are not illegitimate malicious deep fakes but call for taking original content and doing things with it. There’s a whole world of freedom of speech around that that I would not want to end up in a world where we stifle creativity like that. Good, legitimate creativity.
-
Tim Callan
I mean, that’s a legitimate point and we just talked about this in our Episode 334 when we were talking about sort of institutionalized, systematized functionality that sort of hurts small players. That was a different space. We were talking about browsers but I think that same argument could apply here. Right? To say you don’t want to create a system whereby fair use content gets penalized. Or research gets penalized. Or criticism gets penalized. Where I can’t go online and have an opposing viewpoint to the people with the large bull horn because some signing system is gonna prevent my content from being seen. So, those are concerns, too.
-
Jason Soroko
They are big concerns and so, the concern isn’t with signing. Signing does two fantastic things for us. Just a reminder. It is about proving who is the owner and the origin and, also, importantly, that it has not been tampered with. And so, those two things are just gigantic in many, many ways. And those are things we should applaud and no wonder it’s becoming ubiquitous because it’s just so darn handy in the world of all content.
-
Tim Callan
And they are rock solid and they are reliable and they are undefeated and there is no reason to believe they will be defeated. So, very important building blocks. So, go on, Jay.
-
Jason Soroko
But, hey, guys, I know that people have been looking at those kinds of technologies to defeat deep fakes and that’s not the purpose. It’s kind of apples to oranges.
-
Tim Callan
I think that’s fair. And by the way, everything we said about deep fakes applies equally well to altered images. Before this wave of interest in deep fakes, if you just go back in time to like the 2020 election, there were a bunch of altered images circulated of major political candidates. We talked about the Biden video a lot. There was some things about Trump that just weren’t right. Right? They weren’t real. And that was pre-deep fake. Just a good old-fashioned photoshopping, rotoscoping, kind of counterfeiting of an image that went on. That also is a trust problem. As the tools get stronger and better and easier, they don’t even have to be deep fake, especially if it’s AI-assisted alteration, getting better and better. And that isn’t going to go away under these circumstances. Although, again, there may be specific chains of custody, if you will, where we are able to prove the authenticity of a digital recording of some form and there could be circumstances where those chains of custody really matter.
-
Jason Soroko
There definitely are and there will be more in the future but, anyway, here we are, Tim. Thanks a lot.
-
Tim Callan
So, here we are. So, this is an interesting development and probably more will happen with this. I think we will return to this topic but that’s where we are today.