{"id":7314,"date":"2025-02-12T14:27:51","date_gmt":"2025-02-12T20:27:51","guid":{"rendered":"https:\/\/www.darkreading.com\/cyber-risk\/content-credentials-aim-to-tame-disinformation"},"modified":"2025-02-12T14:27:51","modified_gmt":"2025-02-12T20:27:51","slug":"content-credentials-technology-verifies-image-video-authenticity","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/02\/12\/content-credentials-technology-verifies-image-video-authenticity\/","title":{"rendered":"Content Credentials Technology Verifies Image, Video Authenticity"},"content":{"rendered":"
<\/a><\/div>\n

When armed gangs raided a Haitian prison and released 4,700 prisoners last March, images and video showing the violence and gunfire saturated social media around the world. Determining which of those graphic media was authentic \u2014 and marking those instances in a way that future viewers could verify for themselves what was real and what has been modified \u2014 was a significant challenge.<\/span><\/p>\n

The British Broadcasting Corporation launched its adoption of Content Credentials, a technology for attesting to the authenticity and provenance of digital content, by using the technology to verify a TikTok video of the attack. The BBC verified the location of the video and its likely veracity \u2014 but <\/span>determined that audio of gunfire had been added after the fact.<\/a><\/span> The company then digitally signed the video, so that future viewers would know the BBC had verified it.<\/span><\/p>\n

Content Credentials are a nascent standard that attempts to solve disinformation and media integrity issues. The open technology is being developed by the Coalition for Content Provenance and Authenticity (C2PA), a group of more than 500 media, software, and hardware companies working to create an ecosystem for verified media.<\/span><\/p>\n

The BBC’s adoption of Content Credentials is just one use case, but an important one, says Andy Parsons, senior director for Content Authenticity at Adobe and a steering committee member of the C2PA.<\/span><\/p>\n

“The BBC [is] declaring that \u2014 regardless of whether this is a photo or whether AI was used to do a photo illustration \u2014 you can be guaranteed that it came from BBC, and even that simple proof-of-date or proof-of-origin is something we don’t have in media right now,” Parsons says.<\/span><\/p>\n

In 2019, technology and media companies created the <\/span>Content Authenticity Initiative<\/a><\/span> to find solutions to disinformation and ways for news organizations to authenticate photos and video. Two years later, six companies \u2014 Adobe, Arm, BBC, Intel, Microsoft, and Truepic \u2014 <\/span>founded the C2PA<\/a><\/span> to pursue an open standard for establishing the provenance of various types of media files. The two efforts eventually combined forces to advance Content Credentials, a digital-signature technology and infrastructure for verifying and authenticating media.<\/span><\/p>\n

In the past year, Content Credentials and the C2PA gained significant steam, with the addition of Amazon, Google, Meta, and OpenAI to the steering committee and the adoption of the technology by several camera makers \u2014 including Canon, Leica, and Sony \u2014 and smartphone makers, such as Samsung.<\/span><\/p>\n

Yet, the ecosystem is still in its infancy, Christian Paquin, a principal research software engineer at Microsoft, <\/span>told attendees at last month’s ShmooCon 2025<\/a><\/span>.<\/span><\/p>\n

“You can imagine the situation in 5 to 10 years when this technology is baked in a lot of the trusted news and a hardware ecosystem that can produce these signatures and can be validated by the social media themselves or the browsers, so that we can really have trust signals to differentiate what’s real and what’s not,” he said.<\/span><\/p>\n

Manifest Destiny<\/h2>\n

Content credentials have three main components: The media data, a manifest describing the data and any actions transforming the data, and a digital signature binding the two pieces of information together in a tamper-evident way. The manifest includes typical metadata as well as some additional C2PA-accepted fields \u2014 attestations \u2014 that can describe additional attributes of the photo, its source, and the software actions used to process the data.<\/span><\/p>\n

Based on public-key encryption and digital signatures, Content Credentials act as an audit log of every action performed on a piece of media. A photo could be captured with a smartphone, cropped and lightened with photo-editing software, and then compressed by a content delivery network. Each of those steps would be an attestation in the manifest of the signed content credential.<\/span><\/p>\n

\"Content<\/p>\n

A video signed with a Content Credential shows that it originated with the BBC News Lab. Source: https:\/\/contentcredentials.org\/verify<\/p>\n<\/div>\n

The result is providing an audit trail with each piece of authenticated content, which could help citizens and users better know what is fake and what is arguably real, Adobe’s Parsons says.<\/span><\/p>\n

“All the companies involved \u2014 and I would lump in civil society and some governments as well \u2014 have a real urgency to solve this problem,” he says. “And while C2PA is not a silver bullet at solving misinformation, it does put in place a fundamental foundational layer that the internet probably should always have had around trust, and this is a really nice clean way to do it.”<\/span><\/p>\n

Already, most makers of foundational AI models \u2014 such as Open AI, Meta, and Microsoft \u2014 digitally sign all images created by their image-generation models with a Content Credential indicating that it was AI generated or manipulated.<\/span><\/p>\n

An Evolving Standard<\/h2>\n

The standards is not done, either. The C2PA specification has quickly evolved over the past three years, <\/span>reaching version 2.1 in September<\/a><\/span>. Among the new features are efforts to make the credentials more “durable” \u2014 in other words, adopt techniques such as digital fingerprinting and watermarking to indicate the provenance of images, even if they are manipulated after publication or captured from a screenshot.<\/span><\/p>\n

The combination of signed metadata with fingerprinting and watermarking is a powerful one, Adobe’s Purdy <\/span>wrote in a 2024 analysis of the techniques<\/a><\/span>.<\/span><\/p>\n

“[N]one of these techniques is durable enough in isolation to be effective on its own,” he said. “But combined into a single approach, the three form a unified solution that is robust and secure enough to ensure that reliable provenance information is available no matter where a piece of content goes.”<\/span><\/p>\n

\"Benefits<\/p>\n

Watermarks, fingerprinting, and Content Credentials can be a powerful combination. Source: “Durable Content Credentials,” CAI blog<\/p>\n<\/div>\n

A number of technical problems remain to be solved. Journalists reporting on an authoritarian regime, for example, may want to remain anonymous and mask their location. Zero-knowledge proofs can help, allowing a name to be redacted and only the organization \u2014 BBC News, for example \u2014 to be shown or to generalize the location. ZK proofs allow an attribute to be signed, so a photo’s GPS coordinates could instead be reduced to New York City or Kiev to provide a general location that hides the photographer’s identity, and verified with a digital signature.<\/span><\/p>\n

“This is an evolving set of certifications,” Microsoft’s Paquin told the audience at ShmooCon. “The main challenge is establishing who can sign certificates … establishing PKI that is worldwide is a big problem.”<\/span><\/p>\n

Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

When armed gangs raided a Haitian prison and released 4,700<\/p>\n","protected":false},"author":12,"featured_media":7315,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[809],"class_list":["post-7314","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-dark-reading"],"featured_image_urls":{"full":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/content-credentials-technology-verifies-image-video-authenticity.jpg?fit=1920%2C1080&ssl=1",1920,1080,false],"thumbnail":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/content-credentials-technology-verifies-image-video-authenticity.jpg?resize=150%2C150&ssl=1",150,150,true],"medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/content-credentials-technology-verifies-image-video-authenticity.jpg?fit=300%2C169&ssl=1",300,169,true],"medium_large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/content-credentials-technology-verifies-image-video-authenticity.jpg?fit=640%2C360&ssl=1",640,360,true],"large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/content-credentials-technology-verifies-image-video-authenticity.jpg?fit=640%2C360&ssl=1",640,360,true],"1536x1536":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/content-credentials-technology-verifies-image-video-authenticity.jpg?fit=1536%2C864&ssl=1",1536,864,true],"2048x2048":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/content-credentials-technology-verifies-image-video-authenticity.jpg?fit=1920%2C1080&ssl=1",1920,1080,true],"chromenews-featured":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/content-credentials-technology-verifies-image-video-authenticity.jpg?fit=1024%2C576&ssl=1",1024,576,true],"chromenews-large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/content-credentials-technology-verifies-image-video-authenticity.jpg?resize=825%2C575&ssl=1",825,575,true],"chromenews-medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/content-credentials-technology-verifies-image-video-authenticity.jpg?resize=590%2C410&ssl=1",590,410,true]},"author_info":{"display_name":"Dark Reading","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/darkreading\/"},"category_info":"Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","jetpack_featured_media_url":"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/content-credentials-technology-verifies-image-video-authenticity.jpg?fit=1920%2C1080&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7314","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=7314"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7314\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media\/7315"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=7314"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=7314"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=7314"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}