This article by guest author Bruce MacCormack, Chair, International Press Telecom Council – Media Provenance Committee, follows his keynote at the Dalet NAB 2024 Executive Breakfast.
As Artificial Intelligence (AI) continues to advance, detecting the authenticity of digital content is increasingly difficult. With deepfake scams growing more sophisticated, the role of content provenance is critical to prevent misinformation. Sure it’s probably not a big deal if your nephew uses AI to doctor a photo so he appears to now proudly drive a Ferrari. But for the news media and the viewers that they serve, AI-powered misinformation has serious consequences.
Take the example of the 2022 video showing Ukrainian President Volodymyr Zelensky seemingly urging his soldiers to surrender to Russian forces. The video was quickly revealed as a fake, but not before rapidly spreading across social media. AI provenance could have identified the video’s origins so platforms could flag it as inauthentic. This would have immediately reduced its impact. That is the role of AI provenance – to provide transparency about content’s origins, enabling fast and more effective countermeasures against misinformation.
Well-established digital rights management methods exist to prevent legitimate media from being distributed by illicit channels or reaching unauthorized users. The added challenge is how to prevent illegitimate media from being unwittingly distributed by legitimate channels. How do we do this? By validating the content’s sources of origin. That is where media provenance adds real value.
It Takes a Village: The Teamwork Behind Provenance
With the digital transformation of information sharing, the ability to trace the provenance of media has become critical. The Coalition for Content Provenance and Authenticity (C2PA) addresses this issue at scale for publishers, creators and consumers. Over 130 media and technology companies, including Dalet, are collaborating to address the prevalence of misleading online information by developing technical standards to certify the provenance of media content. The mission is to develop an end-to-end open technical standard.
The C2PA process provides a secure foundation for news ecosystems. With C2PA, the recipient of a digital file or stream can be confident that:
- The content comes from the source that signed it.
- The media has not been altered since it left the sender.
- The meta-data manifest is attached to the proper media file.
In addition, for media that is produced over a number of processes, or that contains multiple media elements, the history and composition of the file is recorded and retained by all C2PA compliant processes involved in the production.
Trust is core to the work of the news media. Our audiences decide who to trust and why. These choices are often based on their history with the brand and signals they associate with a particular piece of content from the brand.
Well-established brand identities are hard earned and can be hijacked to provide false confidence or amplify malicious sources of misinformation. Providing cryptographic protection to the provenance is a defense against this form of attack. Brand values technology must support, and not supplant the long-established trust relationships between media brands and their audiences. The responsibility for the veracity of content as a basis for continued trust in the brand is a journalistic and marketing responsibility. This is unchanged. However, the emergence of AI-generated media requires two additional technical foundation layers – Validated Identity and Tamper-Evident File Integrity.
The Digital Passport: Validated Identity
Cryptographic signing certificates can be used to prove that a brand is who it says it is. A certificate will be issued to authorized staff at branded publications after confirming an organizational identity and role. This allows the publisher’s signing key to be recognized by downstream validation systems.
To facilitate adoption of media provenance techniques, the International Press Telecommunications Council (IPTC) is building the infrastructure to issue signing certificates and manage the Origin Validated Publisher list. This will ensure that the identities of established news organizations are protected from imposters. The certificates confirm identity but do not make any judgment on editorial position. This work started in April 2024 and is actively welcoming new members to participate in developing governance rules and sharing best practices. Liaison agreements with other groups in the media ecosystem will be used to accelerate the distribution of certificates.
Camera manufacturers and software vendors are already beginning to incorporate the C2PA standard into their products. Once these implementations are validated for compliance to the specification, vendors will be issued signing certificates that will allow them to create C2PA manifests on the creation of each new file version produced. The manifest will provide a provenance history of the asset.
Digital Fortresses: Building Trust with Tamper-Evident File Systems
The technical security of the underlying digital file or stream provides the final level of assured media provenance. The addition of a tamper evident, cryptographically sealed manifest provides assurance of the identities of the publisher and vendors, that there have been no undocumented changes to the file post publication, and that the manifest is attached to the intended file.
Other technologies such as watermarking and fingerprinting of digital media can reinforce the robustness of the manifest by detecting the absence, and potentially recovering, manifests that should be present but have been removed.
When fully implemented, the C2PA standard can securely document the path of media from the camera lens to the audience’s display screen. Well before then, individual links in the distribution chain will be enhanced with secure, tamper evident, metadata that will allow more efficient and automated assessments of the technical integrity of a media file.
Three Newsroom Use Cases
- VALIDATION – Know your source
The job of validating content ingested into the news workflow has become more complex with the widespread availability of GenAI tools that can create almost undetectable fake photos and videos. The presence or absence of a secure C2PA manifest can provide a trained journalist with valuable clues or assurances. First, trusted sources can be confirmed by their signing identity. Second, media created by prominent GenAI platforms can include markings and a manifest to identify their origins. Third, the presence or absence of secure manifests can be an indicator that increased analysis might be required before trusting the submitted media.
None of these methods are foolproof against determined misinformation attacks by knowledgeable parties. However, taken together, they greatly increase the chances of leaving tell-tail clues. These systems will be able to triage incoming media and allow increased focus on material that is not signed or shows evidence of tampering.
- ARCHIVE RESTORE – Preserve History
Newsroom archives preserve a validated record of history. This is becoming increasingly valuable as AI tools that can alter photographic or video records of past events grow even more widely used. The archivist who restores material from a newsroom repository can cryptographically sign the material as a true copy of what is in the newsroom archives. Thus acting as the proxy witness to past events.
In addition, this validated media library, with professional metadata records, is becoming increasingly valuable for use as training data for AI systems. AI needs training data from authentic and real-world sources. Training systems on datasets that include undisclosed synthetic data can cause damage to valuable AI models. The ability to attest to the provenance of training data will enhance the negotiating power of the owners of news libraries.
- PUBLICATION – Protect your brand, sign your work.
The addition of C2PA manifests to a news story, signed by the publisher, is a signal to the audience that the story is authentic. The publisher has attached their brand reputation to the material in a way that cannot be impersonated. This will be increasingly important to maintain the trust of consumers who are becoming sensitized to AI manipulated media.
Newsrooms are busy places with limited manpower. Adding secure media provenance information is critical to the future of responsible digital media creation, publication and sharing.
This is a technical effort, but when set up properly, it should not create too big of a burden to the day-to-day efforts by journalists.
The Fourth Estate Meets AI: Your Role in Provenance
Regulators worldwide are beginning to plan for the use of media provenance as a high-potential defense against disinformation. Whether you are a content creator, a hardware or software vendor, a broadcaster, publisher, or a digital distribution partner, media provenance solutions should become part of your workflow.
CBC, BBC, NYT and Microsoft have a collaboration agreement to work on media provenance together, with a focus on News. We joined with Adobe to found the C2PA, a Linux Foundation project. C2PA is applicable in many different industries. Project Origin continues to exist but has been moved to the IPTC to allow other companies to join in to work on C2PA in a news environment.
Featured in: AI | Cryptographic Signing | Deepfake | Deepfake Prevention | Digital Trust | Media Manipulation | Media Security | Newsrooms |