The White House wants to 'cryptographically verify' videos of Joe Biden so viewers don't mistake them for AI deepfakes

www.businessinsider.com The White House wants to 'cryptographically verify' videos of Joe Biden so viewers don't mistake them for deepfakes

Biden's AI advisor Ben Buchanan said a method of clearly verifying White House releases is "in the works."

The White House wants to 'cryptographically verify' videos of Joe Biden so viewers don't mistake them for AI deepfakes::Biden's AI advisor Ben Buchanan said a method of clearly verifying White House releases is "in the works."

You're viewing a single thread.

233 comments

I've been saying for a long time now that camera manufacturers should just put encryption circuits right inside the sensors. Of course that wouldn't protect against pointing the camera at a screen showing a deepfake or someone painstakingly dissolving top layers and tracing out the private key manually, but that'd be enough of the deterrent from forgery. And also media production companies should actually put out all their stuff digitally signed. Like, come on, it's 2024 and we still don't have a way to find out if something was filmed or rendered, cut or edited, original or freebooted.
- They're doing something like that I think
  https://www.techradar.com/cameras/photography/sony-canon-and-nikon-set-to-combat-deepfakes-with-digital-signature-tech-in-future-cameras
  
  Oh, they've actually been developing that! Thanks for the link, I was totally unaware of C2PA thing. Looks like the ball has been very slowly rolling ever since 2019, but now that the Google is on board (they joined just a couple days ago), it might fairly soon be visible/usable by ordinary users.
  Mark my words, though, I'll bet $100 that everyone's going to screw it up miserably on their first couple of generations. Camera manufacturers are going to cheap out on electronics, allowing for data substitution somewhere in the pipeline. Every piece of editing software is going to be cracked at least a few times, allowing for fake edits. And production companies will most definitely leak their signing keys. Maybe even Intel/AMD could screw up again big time. But, maybe in a decade or two, given the pace, we'll get a stable and secure enough solution to become the default, like SSL currently is.
  
  You might find this interesting.
  https://www.hackerfactor.com/blog/index.php?/archives/1010-C2PAs-Butterfly-Effect.html
  
  Oh, so Adobe already screwed it up miserably. Thanks, had a good laugh at it
  
  Oof.
  They need to implement content addressing for "sidecar" signature files (add a hash) both to prevent malleability and to allow independent caches to serve up the metadata for images of interest.
  Also, the whole certificate chain and root of trust issues are still there and completely unaddressed. They really should add various recommendations for default use like not trusting anything by default, only showing a signature exists but treating it unvalidated until the keypair owner has been verified. Accepting a signature just because a CA is involved is terrible, and that being a terrible idea is exactly the whole reason who web browsers dropped support for displaying extended validation certificate metadata (because that extra validation by CAs was still not enough).
  And signature verification should be mandatory for every piece, dropping old signatures should not be allowed and metadata which isn't correctly signed shouldn't be displayed. There's even schemes for compressing multiple signatures into one smaller signature blob so you can do this while saving space!
  And one last detail, they really should use timestamping via "transparency logs" when publishing photos like this to support the provenance claims. When trusted sources uses timestamping line this before publication then it helps verifying "earliest seen" claims.
- If you've been saying this for a long time please stop. This will solve nothing. It will be trivial to bypass for malicious actors and just hampers normal consumers.
  
  You must be severely misunderstanding the idea. The idea is not to encrypt it in a way that it's only unlockable by a secret and hidden key, like DRM or cable TV does, but to do the the reverse - to encrypt it with a key that is unlockable by publicly available and widely shared key, where successful decryption acts as a proof of content authenticity. If you don't care about authenticity, nothing is stopping you from spreading the decrypted version, so It shouldn't affect consumers one bit. And I wouldn't describe "Get a bunch of cameras, rip the sensors out, carefully and repeatedly strip the top layers off and scan using electron microscope until you get to the encryption circuit, repeat enough times to collect enough scans undamaged by the stripping process to then manually piece them together and trace out the entire circuit, then spend a few weeks debugging it in a simulator to work out the encryption key" as "trivial"
  
  I think you are misunderstanding things or don't know shit about cryptography. Why the fuck are y even talking about publicly unlockable encryption, this is a use case for verification like a MAC signature, not any kind of encryption.
  And no, your process is wild. The actual answer is just replace the sensor input to the same encryption circuits. That is trivial if you own and have control over your own device. For your scheme to work, personal ownership rights would have to be severely hampered.
  
  I think you are misunderstanding things or don’t know shit about cryptography. Why the fuck are y even talking about publicly unlockable encryption, this is a use case for verification like a MAC signature, not any kind of encryption.
  Calm down. I was just dumbing down public key cryptography for you
  The actual answer is just replace the sensor input to the same encryption circuits
  This will not work. The encryption circuit has to be right inside the CCD, otherwise it will be bypassed just like TPM before 2.0 - by tampering with unencrypted connection in between the sensor and the encryption chip.
  For your scheme to work, personal ownership rights would have to be severely hampered.
  You still don't understand. It does not hamper with ownership rights or right to repair and you are free to not even use that at all. All this achieves is basically camera manufacturers signing every frame with "Yep, this was filmed with one of our cameras". You are free to view and even edit the footage as long as you don't care about this signature. It might not be useful for, say, a movie, but when looking for original, uncut and unedited footage, like, for example, a news report, this'll be a godsend.
  
  Analog hole, just set up the camera in front of a sufficiently high resolution screen.
  You have to trust the person who owns the camera.
  
  Yes, I've mentioned that in the initial comment, and, I gotta confess, I don't know shit about photography, but to me it sounds like a very non-trivial task to make such shot appear legitimate.
  
  It's not. Wait till you find out how they made movies before CGI!
  
  A MAC is symmetric and can thus only be verified by you or somebody who you trust to not misuse or leak the key. Regular digital signatures is what's needed here
  You can still use such a signing circuit but treat it as an attestation by the camera's owner, not as independent proof of authenticity.
  
  A MAC is symmetric and can thus only be verified by you or somebody who you trust to not misuse or leak the key.
  You sign them against a known public key, so anybody can verify them.
  Regular digital signatures is what's needed here You can still use such a signing circuit but treat it as an attestation by the camera's owner, not as independent proof of authenticity.
  If it's just the cameras owner attesting, then just have them sign it. No need for expensive complicated circuits and regulations forcing these into existence.
  
  You can't use a MAC for public key signatures. That's ECC, RSA, and similar.

233 comments