Thank you all for making time to hear about what we mean when we talk about content authenticities. I'm gonna take a few minutes here to first give an overview of what we mean when we talk about content authenticity, and then how we've organized ourselves to do that work. And then from there I'll talk a little bit about some technical overviews of how we define the framework for content authenticity and provenance, and what we're doing specifically to tie identity into that ecosystem.
So first, why are we doing this? You know, the world is, you know, full of all kinds of images that are designed to mislead, misinform, distract us from, from the issues at hand. And whether you find these images amusing or annoying or whatever else, there's little doubt that they affect the marketplace of public ideas. And those have fairly significant consequences if you think about not just my home here in the United or in the United States, or the elections that are happening here in the eu, but really it's a quarter of the world's population is going to some kind of election this year.
And we're full of headlines that talk about the influence of those of misleading content.
We can't make that go away much as we wish that we could. I don't think that misinformation is, is, is going to disappear on us. But what we can do is to make a, a, a transition in the marketplace of ideas that says what you see, you can understand how you got there. And that's really what we're aiming to do. You can think of this as a lot like the transition that we have made in terms of how content appears in your web browser.
A decade ago, 15 years ago, if you saw plain HTP site, you didn't think much about that. And today, if you see plain HDP, you're, you ask a lot of questions about who might be tampering with the content on the way from the web server to you, or who might be just whole cloth replacing it. And so what I want you to think about is to be as skeptical about images that lack content credentials a decade from now as you are about websites that don't have HDPS on them.
What we're really aiming to do is to allow content creators to make statements about the content they create and to have those securely attached to that content. And then to allow content consumers to understand and digest those statements, to have the tools for both content producers and content consumers to, to partake in that ecosystem. Importantly, we're not trying to tell you who to believe what to believe. And I wanna dive especially into the second point here about image, fake image detection. We don't believe this is a sustainable war, right?
This is, you know, there might be a tool that detects the fake images of today, but every time you understand how fake images are created today, you're filing a bug report against the misinformation tools and they are highly incentivized to fix those bugs. So tomorrow's tool will come out and it will be better at generating fake information that's difficult to detect, and you may or may not catch up with that detection tomorrow.
So I'm gonna show a quick demo of how this works in Photoshop, and this was produced by my team, but let's just sort of play with this for a minute.
Pretend that I'm a travel blogger and I've just recently been to Egypt and I took a rather ordinary picture of the pyramids of Giza, but I'm gonna have a little fun with this and I'm gonna share, you know, a different story of what happened there and just, yeah, see what people think about that. So I'm gonna, I'm gonna change the lighting and make it look like it was cloud, which does often happen there.
And let's, let's go a little farther and say, Hmm, what if we make it snow at the pyramids?
But I'm gonna be, I'm gonna be careful about that. I'm gonna say, here's what I did, here's how I got there, and I'm gonna export that with content credentials associated. And when I post it on social media, somebody comes across it, Hmm, there's a C pin. Let's find out how that got created. And you can see here the history of the different ingredients that went into the image that I created. And you can compare to see, you know, where I started and how I got there, right?
This is a very, very quick demo of what the promise of content credentials are about.
So who are we? How have we organized ourselves? There are three organizations that are out in the public eye that are really aimed at solving the problems of misinformation and providing provenance data. So the first is the content authenticity initiative. And really what we do there is we talk about this is a business alliance of organizations and individuals who believe that content provenance is the best answer we have to the problem of misinformation and disinformation.
It's also the name of the business unit at Adobe, which I'm part of, which does open source, open standards work, and also drives the integration of these tools into Adobe products. There's also the CTPA, the Coalition for Content Provenance and Authenticity. This is a technical standards organization that's a joint development foundation within Linux Foundation. And it really defines what, it defines a framework for how you attach provenance to, to digital images or digital media in general, and a framework for others to add to it.
And within that framework, we now have the creator assertions working group, which I lead, which defines what individuals and organizations would like to say about their content. So who's doing this? We have a pretty good who's who of of, of organizations that help us with this problem.
And you'll see here a collection of news media, of camera manufacturers, of other software vendors, some in cases direct competitors of ours who are all aligned around the idea that affirmative content provenance is, is a valuable thing.
And we're especially a proud of camera manufacturers that have stepped up and started to join this Leica came out with a camera last year that has content credentials directly at the time of capture. Sony and Nikon are doing. So this year over in CTPA, the technical standards organization, there's a similar list of organizations that, that are helping us define exactly what this looks like.
And again, you'll see, you know, quite a variety of news media of manufac camera manufacturers, again, other tech companies that are, that are actively involved. So having explained who's who, I wanna talk a little bit about the data model and how we actually express content provenance. We start by saying any piece of digital media, any single piece of digital media that we want to describe, we call an asset and from the asset, then we describe that with what we call a C two PA manifest. And I will zoom in on these boxes in a couple slides here.
In the example that I showed a couple minutes ago, the video you saw that I took other assets and incorporated them into the final one that I was producing. And so that we call ingredients, the active manifest is the one that is the most recent, the snowy pyramids and the example that I showed before. And then from there, oh wait, we talked about ingredients from there then the collection of those manifests is what we call the C two PA manifest store.
And again, this, this talks a lot about the history of the image. And you can think of this for those of you who are developers as akin to a get history of your images
Within that box. So within any individual manifests, there are a few different building blocks that are important. And while I'm explaining this to help set the context for identity, which we'll talk to in a, in a minute or so, but assertions are basically opt-in statements. And I've listed a few examples of things that you can describe with, with assertions in the framework.
The most important one is what we call the hard binding assertion, and that's a cryptographic description of the binary content of the rest of the file. And the reason we do that is to prevent you taking a C two PA manifest from one asset and using it to describe another one, the cryptography will not match the C two PA manifest is invalid. You have a worthless bag of bits if that happens.
So some examples of things that are described using this extension framework that I talked about before are, for instance, who is creating the content or what is their intent with regard to training and data mining. We'll talk a bit more about who in the section on the cog. Every C two PA manifest has one claim in it. And this is, this is the sort of wrapper around all of the assertions. So it hash links the assertions to make sure that you haven't changed the content of those assertions adds information about who created the claim.
And then there's also a feature that I won't talk about today, but there's a feature that allows you to redact assertions from prior manifest. So if there's a privacy concern or some other reason that you need to delete a part of the history, you can do that.
And then finally, the CTP claim is signed, and we call this a claim signature. And this one point that is especially relevant here is that we have different signatures for different purposes.
This signature is specifically about the hardware or software that is implementing C two PA and it's attestation that the things that it saw were what happened at this time, right? So it's a timestamp signature, it's done with traditional PKI and really just binds all the pieces together. So the C two PA manifest is basically a box around that that contains all of these pieces that I've just spoken to. And you can imagine now if you take that set of ingredients, how that translates into a potential user interface such as the one that we have that we operate called Verify.
So with that, let's turn to the creator assertions working group, which we often call cog. And the reason that we're doing this is to really allow individuals and organizations who want to participate in the C two PA ecosystem to def to document their own role in participating in creating content. And to do that with the same level of assurance that their description and their documentation of their role can only be used for a specific asset.
And again, the same, the same protection that I talked about before applies here. That your signature applies to this asset. If you've plant transplanted to another one, it's invalid.
We talk about this, I've talked about this recently, is what we call the trust bubbles. This is a new and additional signal over what the two PA claim generator provides, and it's typically meant to indicate that the, the named actor, the person signing this either participated in or authorized the creation of this specific asset.
And what I've shown here is, is a model that shows a couple of different assertions where the named actor specifically called out their participation in a couple of parts of the asset and maybe there's some others where they haven't. But importantly, the hard binding assertion is required so that again, they're tied to that specific asset. Lemme see. So the identity assertion, I'm gonna skip over this in the interest of time, the signatures can be traditional PKI, which we envision for larger institutional customers. They can also be verifiable credentials.
We're working on that part of the standardization right now, and it's extensible. So there could be others credential mechanisms that would be introduced in future. The identity assertion is optional. Nobody needs to put one in if there's a privacy reason or some other reason why they wouldn't want to. They don't have to. And also it can be repeated. So you could imagine a multi-user application editing application that would separately document the actions taken by each participant and generate an actions assertion that's specific to each author and have them sign them separately.
And that's what I'm showing in the, the bubble up above
The, one of the interesting challenges that we're facing is where do the credentials that we're using come from? And that's part of the reason that, that I'm here is to, to research what, what the e IIDA regulations sort of provide and add to this ecosystem. From our perspective. We understand well how to do trust anchors in the X 5 0 9 world. We're a little less clear about that in the verifiable credentials world.
And I think the, the community is just now starting to understand that interoperability is an issue and that we need to, to think about how credentials from one place can be used in another. And finally, a call to action. Many of you in this room are, are active members in the creator assertions group, and I'm very thankful for that. If you are not and you have expertise in this area, we would love to, to welcome you to the cog, reach out to me either here or afterwards for an invitation. And with that, thank you.
Wow. Thank you. Yes. That was a really interesting topic. Thank you.
Because I think this is, this is a really difficult thing to, or, and, and a big threat of course. Yes. And you seem to be able to solve it. There's a question from the audience. Yes. But I think it's already been answered.
Can, can there be a lie about the identity information of an issue of, of a content creator? Right.
And that's, that's what I was starting to address with the question of where do credentials come from? Because certainly anybody can issue credentials. Do you eventually trust that issue or to have done so in good faith? Yeah.
And another question, what about live streams? Could you also make some content validation? What
There is definitely work being done in C two PA to describe streaming media.
So yes, that, that is definitely on our radar.
And then will the, will the general public be able to verify automatically the altar of the image?
That's certainly the intent of this.
I, I wanted to say and forgot too, that it's a real important value for us, that the socioeconomic status, the technical acumen of the people who are verifying and viewing content should not be a barrier to them understanding what they see.
Yeah. So democratic democracy, very, very much so. Yes. And then one other question. Yes. But you could do this, you could have the situation where this is a nested operations when you have one of the elements in the picture that are verified by themselves also. So you have a nested situation. An image in an image. In an image. Yes. Yes.
And how deep can you go? Can you just only do
Arbitrarily? There's no limit.
All right. Okay. Thank you so much. You're very welcome. That's interesting. And well please stay on stage. Okay. Because now we're going to have the panel. Okay.
