As discussed in our previous posts (Part 1 & Part 2), Deepfake technology is progressing at a very rapid pace. Along with this progression, comes greater difficulty in detecting what content is real. Deepfake videos and images are an ever-growing threat given societies reliance on social media and the internet. Fake news, fake content, fake messages are out there and getting worse. The average American spends close to twenty (20) hours per month on social media, which provides ample time for an audience to engage with nefarious, fake content. Luckily Microsoft and Adobe, two (2) of the largest names in technology, joined forces over two (2) years ago to create a utility to detect deepfakes and determine if an image/video has been altered. The tool they are developing is called “Content Credentials,” which when in use will appear on verified authentic videos and images on the internet. Both Microsoft and Adobe hope this tool will eventually become the standard for all.
What is Content Credentials? A feature, in Adobe Photoshop, which allows creators to place specific unique details with the image to assure its authenticity. These details include edit history, image activity, along with the producer of the images name. This name, along with the other details, binds the information to the image and creates a tamper proof attribution for the creator’s final image. This attribution, which logs image history data, is called Content Credentials. Content Credentials also conforms with the Coalition for Content Provenance and Authenticity (C2PA) Standard. The C2PA standard was established in 2021 and is an association comprised of Adobe, arm, BBC, Intel, Microsoft and Truepic. The mission of the C2PA is:
“To define and establish an open, royalty-free industry standard that allows reliable statements about the provenance of digital content, such as its technical origin, its editing history or the identity of the publisher.”
In other words, their main purpose is to stop the spread of disinformation.
Now we know what Content Credentials is and who is creating this tool, but how will this tool be utilized by the public? As a user is scrolling through their feed, they will notice a specific Content Credentials icon on the image or video. By simply clicking this icon, they will be able to review the entire history of that image. They will be able to see who took the image, when the image was captured, where it was taken and any edits that were made. If the image does not have the Content Credentials icon present, the user can assume the media is not genuine. Thus far, over 900 companies have agreed to utilize the Content Credentials tool and display their icon on the images/videos produced. Companies include social media giants, camera hardware manufactures like Nikon and Canon, as well as publishers such as New York Times (NYT) and Wall Street Journal (WSJ) which have agreed to utilize the tool and display the icon on their website to authenticate articles, imagery, and information they create.
There is a stark contrast between the proposed Content Credentials feature and a detailed Computer Forensic investigation. During a detailed investigation an examiner uses specialized forensic software to analyze data. This software examines the EXIF and Metadata of a file. It also allows for the analysis and comparison of the metadata against the binary data contained within a file. This type of analysis gives forensic investigators an advantage, but how these tools will overlap and collaborate is yet to be seen. One issue which remains to be seen is how the implementation of Content Credentials will affect the work of digital forensic examiners. Adding additional data to an image or video will certainly require additional processing time and tools. However, being able to determine if an image that is utilizing Content Credentials was altered using conventional forensic examination techniques will be the real challenge. Currently, forensic examiners can review file metadata in hexadecimal view to examine its attributes. If Content Credentials is adding layers to that metadata to secure its authenticity, what will that look like to the examiner who is running that image/video through their forensic tools? Hopefully, just as the creators of Content Credentials have partnered with 900 companies, they will do the same with the developers of forensic examination software. Examiners will still need to perform their job, while maintain the integrity of the images and videos being protected. Ideally, users will become more aware of authenticity complications and be more wary as they view content.
Deepfake videos and images are an ever-growing threat given societies reliance on social media and the internet. Fake news, fake content, fake messages are out there and getting worse. This threat is one that intensifies in quality and sophistication as time goes on. Being able to irradicate this type of content is a daunting task which cannot be undertaken by the technologies currently available to the everyday end user. With a combined effort from both the largest tech companies in the world and the common user, the internet will hopefully become a safer a place to share and get information in the future.
Capsicum was founded in 2000 within the law firm of Pepper Hamilton, LLP. (now Troutman Pepper Hamilton Sanders LLP.) Charged with providing technology consulting support to their clients, we soon realized that the need to understand, collect, and forensically analyze digital data went far beyond what we were handling. We began our journey as general technologists, but quickly became specialists in digital forensics. Our areas of expertise soon evolved and expanded into forensic investigations, cybersecurity, discovery, electronic and paper recovery, security, regulatory compliance, and incident response retainers. In 2002, Capsicum became an independent consulting company that focuses on these core services. Employing high-caliber experts and a unique understanding of data, technology, and the law, we support organizations that need technological proficiency to run their companies and when they come face-to-face with difficult tech, legal, and regulatory situations. Capsicum is headquartered in Philadelphia, PA with offices in New York, Florida, Texas, and California.