The White House wants to ‘cryptographically verify’ videos of Joe Biden so viewers don’t mistake them for AI deepfakes::Biden’s AI advisor Ben Buchanan said a method of clearly verifying White House releases is “in the works.”

  • drathvedro@lemm.ee
    link
    fedilink
    English
    arrow-up
    11
    arrow-down
    2
    ·
    11 months ago

    I’ve been saying for a long time now that camera manufacturers should just put encryption circuits right inside the sensors. Of course that wouldn’t protect against pointing the camera at a screen showing a deepfake or someone painstakingly dissolving top layers and tracing out the private key manually, but that’d be enough of the deterrent from forgery. And also media production companies should actually put out all their stuff digitally signed. Like, come on, it’s 2024 and we still don’t have a way to find out if something was filmed or rendered, cut or edited, original or freebooted.

      • drathvedro@lemm.ee
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        11 months ago

        Oh, they’ve actually been developing that! Thanks for the link, I was totally unaware of C2PA thing. Looks like the ball has been very slowly rolling ever since 2019, but now that the Google is on board (they joined just a couple days ago), it might fairly soon be visible/usable by ordinary users.

        Mark my words, though, I’ll bet $100 that everyone’s going to screw it up miserably on their first couple of generations. Camera manufacturers are going to cheap out on electronics, allowing for data substitution somewhere in the pipeline. Every piece of editing software is going to be cracked at least a few times, allowing for fake edits. And production companies will most definitely leak their signing keys. Maybe even Intel/AMD could screw up again big time. But, maybe in a decade or two, given the pace, we’ll get a stable and secure enough solution to become the default, like SSL currently is.

          • drathvedro@lemm.ee
            link
            fedilink
            English
            arrow-up
            2
            ·
            11 months ago

            Oh, so Adobe already screwed it up miserably. Thanks, had a good laugh at it

          • Natanael@slrpnk.net
            link
            fedilink
            English
            arrow-up
            1
            ·
            edit-2
            11 months ago

            Oof.

            They need to implement content addressing for “sidecar” signature files (add a hash) both to prevent malleability and to allow independent caches to serve up the metadata for images of interest.

            Also, the whole certificate chain and root of trust issues are still there and completely unaddressed. They really should add various recommendations for default use like not trusting anything by default, only showing a signature exists but treating it unvalidated until the keypair owner has been verified. Accepting a signature just because a CA is involved is terrible, and that being a terrible idea is exactly the whole reason who web browsers dropped support for displaying extended validation certificate metadata (because that extra validation by CAs was still not enough).

            And signature verification should be mandatory for every piece, dropping old signatures should not be allowed and metadata which isn’t correctly signed shouldn’t be displayed. There’s even schemes for compressing multiple signatures into one smaller signature blob so you can do this while saving space!

            And one last detail, they really should use timestamping via “transparency logs” when publishing photos like this to support the provenance claims. When trusted sources uses timestamping line this before publication then it helps verifying “earliest seen” claims.

    • hyperhopper@lemmy.world
      link
      fedilink
      English
      arrow-up
      7
      ·
      11 months ago

      If you’ve been saying this for a long time please stop. This will solve nothing. It will be trivial to bypass for malicious actors and just hampers normal consumers.

      • drathvedro@lemm.ee
        link
        fedilink
        English
        arrow-up
        1
        ·
        11 months ago

        You must be severely misunderstanding the idea. The idea is not to encrypt it in a way that it’s only unlockable by a secret and hidden key, like DRM or cable TV does, but to do the the reverse - to encrypt it with a key that is unlockable by publicly available and widely shared key, where successful decryption acts as a proof of content authenticity. If you don’t care about authenticity, nothing is stopping you from spreading the decrypted version, so It shouldn’t affect consumers one bit. And I wouldn’t describe “Get a bunch of cameras, rip the sensors out, carefully and repeatedly strip the top layers off and scan using electron microscope until you get to the encryption circuit, repeat enough times to collect enough scans undamaged by the stripping process to then manually piece them together and trace out the entire circuit, then spend a few weeks debugging it in a simulator to work out the encryption key” as “trivial”

        • hyperhopper@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          ·
          11 months ago

          I think you are misunderstanding things or don’t know shit about cryptography. Why the fuck are y even talking about publicly unlockable encryption, this is a use case for verification like a MAC signature, not any kind of encryption.

          And no, your process is wild. The actual answer is just replace the sensor input to the same encryption circuits. That is trivial if you own and have control over your own device. For your scheme to work, personal ownership rights would have to be severely hampered.

          • Natanael@slrpnk.net
            link
            fedilink
            English
            arrow-up
            2
            ·
            edit-2
            11 months ago

            A MAC is symmetric and can thus only be verified by you or somebody who you trust to not misuse or leak the key. Regular digital signatures is what’s needed here

            You can still use such a signing circuit but treat it as an attestation by the camera’s owner, not as independent proof of authenticity.

            • hyperhopper@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              ·
              11 months ago

              A MAC is symmetric and can thus only be verified by you or somebody who you trust to not misuse or leak the key.

              You sign them against a known public key, so anybody can verify them.

              Regular digital signatures is what’s needed here You can still use such a signing circuit but treat it as an attestation by the camera’s owner, not as independent proof of authenticity.

              If it’s just the cameras owner attesting, then just have them sign it. No need for expensive complicated circuits and regulations forcing these into existence.

              • Natanael@slrpnk.net
                link
                fedilink
                English
                arrow-up
                1
                ·
                11 months ago

                You can’t use a MAC for public key signatures. That’s ECC, RSA, and similar.

          • drathvedro@lemm.ee
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            1
            ·
            11 months ago

            I think you are misunderstanding things or don’t know shit about cryptography. Why the fuck are y even talking about publicly unlockable encryption, this is a use case for verification like a MAC signature, not any kind of encryption.

            Calm down. I was just dumbing down public key cryptography for you

            The actual answer is just replace the sensor input to the same encryption circuits

            This will not work. The encryption circuit has to be right inside the CCD, otherwise it will be bypassed just like TPM before 2.0 - by tampering with unencrypted connection in between the sensor and the encryption chip.

            For your scheme to work, personal ownership rights would have to be severely hampered.

            You still don’t understand. It does not hamper with ownership rights or right to repair and you are free to not even use that at all. All this achieves is basically camera manufacturers signing every frame with “Yep, this was filmed with one of our cameras”. You are free to view and even edit the footage as long as you don’t care about this signature. It might not be useful for, say, a movie, but when looking for original, uncut and unedited footage, like, for example, a news report, this’ll be a godsend.

            • Natanael@slrpnk.net
              link
              fedilink
              English
              arrow-up
              1
              arrow-down
              1
              ·
              edit-2
              11 months ago

              Analog hole, just set up the camera in front of a sufficiently high resolution screen.

              You have to trust the person who owns the camera.

              • drathvedro@lemm.ee
                link
                fedilink
                English
                arrow-up
                1
                arrow-down
                1
                ·
                11 months ago

                Yes, I’ve mentioned that in the initial comment, and, I gotta confess, I don’t know shit about photography, but to me it sounds like a very non-trivial task to make such shot appear legitimate.

      • Drewelite@lemmynsfw.com
        link
        fedilink
        English
        arrow-up
        1
        ·
        11 months ago

        Thank you, lol. This is what people end up with when they think of the first solution that comes to mind. Often just something that makes life harder for everyone EXCEPT bad actors. This just creates hoops for people following the rules to jump though while giving the impression the problem was solved, when it’s not.