[luma]

The only thing that'd need to be in a secure element would be the signing keys. This has existed for a while for digital cameras. Canon, Nikon, and Sony have all brought still image solutions to market for use in situations like photojournalism or forensic evidence collection.

[munk-a]

Device signing can be used very effectively to tell if a particular devices was involved in an action - but it is far more difficult to tell if some non-specific device was the source or whether it was generated. When it comes to fabricated video evidence we'd need to establish a circle of trust that included every camera ever produced but was somehow secure and unforgeable. We've seen this approach break down previously with Diginotar[1] - it really only takes on weak link in the system to compromise the verification. At the scale with which cameras are demanded it seems unreasonable to expect a centralized signing administration to be able to keep their tokens all completely secured.

1. https://en.wikipedia.org/wiki/DigiNotar

[bigiain]

> When it comes to fabricated video evidence we'd need to establish a circle of trust that included every camera ever produced

Stopping short of that, there'd still be value in being able to cryptographically prove that your home surveillance video (or dash cam video) came from _your_ camera and is unaltered from the original recording.

I think going forward, the "circle of trust" for the next "capital insurrection type event" video evidence will be founded on multiple videos of the same scenes from multiple angles and from devices owned by un related individuals.

Although, the biggest category of cameras these days is cell phones, and all (most?) of them have some sort of hardware trust store with private keys that are extremely difficult to extract, so it wouldn't be to much of a stretch to consider having Android and iOS default camera app being able to digitally sign photos/video - all without "a centralized signing administration" and piggybacking on existing token security methods...

[brippalcharrid]

I don't think that the signer would be able to verify the authenticity of the data that it received from the sensor and image processing circuitry unless they were able to authenticate each other securely. I know that an attack on a system like you proposed would still be expensive, but it would become more attractive if its characteristics were overplayed (and would then be subject to legal challenge). Forensics, of course on the other hand is based on experts saying "yes, by all accounts this appears to have happened".