i do wonder, that in the age where we have image and video creation out of the bag, whether or not this will result in whole classes of evidence becoming completely unreliable.
There's a big gap between "theoretically unreliable" and courts actually recognizing that, unfortunately. Lots of forensics is much more dubious than CSI would have you believe.
My girlfriends been having me watch law and order svu with her and to be honest it doesn't really even seem trustworthy with how they want to present it. The psychologist guy especially will come up with some wildly detailed assertions about who the criminal is based on nothing
If a fictional-but-popular TV show treats some kinds of evidence as more reliable than they really are, juries may be primed to believe in the kind of thing the TV show presents as legitimate.
Sure but lawyers would know that and ensure evidence doesn't get presented that way right? There are also a lot of other biases that lawyers have to navigate through.
Humans are flawed but that doesn't mean everyone in the jury thinks TV is real.
It affects the jury. If the jury watches tv shows that builds the expectation that there is always a bunch of ballistics evidence etc and that it is always fool proof then they will 1) distrust when there isn’t that type of evidence (but enough other evidence) and 2) they will overvalue the evidence when it exists
It affects everybody. I've heard of people arrested in rather more oppressive regimes expecting to be Miranda'd because it's what they know from American cop shows and they thought it was broadly applicable everywhere.
There is a reason such shows are labeled "copaganda" - it affect people's perception of police and their procedures. It makes the dubious seem less dubious and more believable. I very highly doubt any jury is made aware of the rate of error or unreliability of the this stuff.
There used to be - probably still are - cameras that would digitally sign all their images. Used in crime scenes? Maybe we will end up seeing wider adoption of this, despite the privacy implications. Hackers attention then will focus (once again) on the certificate supply chain and crypto hardware.
What about a system that saves in some way the hash in a Blockchain, and if you, eg, XOR the hash of the video with the hash of the previous block you will "certainly" know that the video was created between the previous block and the block where the hash is saved in. That's a starting point.
Like when people discuss voting, I believe a blockchain [0] is a terrible pitfall compared to a classic distributed database system of predefined nodes run by different organizations. For example, imagine a couple hundred predefined nodes run by different states, federal agencies, etc.
An attacker altering the ledger would still require compromising an unreasonably large number of independent groups at once, and even then the rest would be able to clearly see that some unusual and suspicious event occurred.
By limiting membership a bunch of problems simply vanish, like long-clearing times, wasting hardware on mining, vulnerability to foreign botnets, etc.
[0] A blockchain is distinguished by its core requirement, from which a cascade complexity flows: Uncontrolled node membership. Don't be fooled by people pitching "private blockchain", its a contradiction in terms designed to rehabilitate hype, like "multi-sample Theranos test" or a bicycle as "Segway passively stabilized inline wheel model."
You just described IBM's whole Hyperledger Fabric thingy. I worked with it once upon a time, with the biggest insurance companies in my country where they plus a regulator all ran nodes.
it does something, sometimes. it pushes the required fabrication timeline back.
if it is mandated that every photo or video taken for the possible use in evidence is notarized at the time of acquisition, any fabrication would necessitate total premeditation. that is, the fabricators would need to know ahead of time what they were pursuing and what evidence they would need. this seems like a very costly barrier.
for example, altering security footage would require some fantastical elements: a real-time system of ingesting real footage and altering it in real-time to slip it into the notarization pipeline within the error margins.
requiring that any equipment that produces acceptable evidence stream commitment hashes in real-time to public append-only repositories would be an enormous step forward.
"Crack the hash"? Does this mean you were employing some novel hashing algorithm and relying on its secrecy? If so your employer were never serious about security in the first place. Hardware attestation is more or less a solved problem, and that solution does not involve secret algorithms.
Eh. It was some kind of hash of the image. I was not involved in that project, so can't tell you exactly how it worked, but the images were "signed," and someone figured out how to "re-sign" an altered image.
I imagine in this age of blockchains you could embed into a media file a signature that proved it was no older than the timestamp of when it occurred, the digital equivalent of a hostage-proof-of-life photo with a recent newspaper
But I don't know of a cryptographic mechanism to ensure that a digital image is not more recent than a particular time
> But I don't know of a cryptographic mechanism to ensure that a digital image is not more recent than a particular time
Many (most?) blockchain mechanisms include a timestamp in each transaction on the chain, so while multiple records from the same owner prove little (the timestamps could be faked over a given period of time) the interaction with the wider network and the chain would give some confidence that the record happened between within a small amount of time.
The other possibility, that doesn't require a chain with many independent active participants, is to have things signed by an external trusted authority. Submit a hash of the content and appropriate metadata to them, and have them sign it with a signing timestamp. I've considered abusing ACME certificates for document signing like that: the hash of content (or some signature based upon it) becomes the subdomain to sign¹ and you get a certificate that even after expiry is evidence that the CA saw that value at the signing timestamp. Note of the signing will also be in the public certificate transparency log. This wouldn't, on its own, prove anything about the authenticity of the content, that could have been doctored before signing, but it does prove that the content+metadata existed at that time (so might be more useful in copyright claim type cases, or agreed contract situations where all parties have signed the content and the signatures are included in the metadata, than for proving authenticity).
----------------
[1] based64²-ed with non-alphanumeric characters removed and truncated³ to fit or split, so acodha3sf7whsrhtqestkabtx0b4bbhyveee0ajnrpqcuxrjjvmhsujgcex.domain.tld or acodha3sf7whsrhtqestkabtx0b4bbhyveee0ajnrpqcuxrjjvmhsujgcex.w5jmmkpmyfgshx2jecsfordpnq.domain.tld
[2] names not being case-sensitive drops some of the entropy, if that is a concern use a 32-bits-per-character encoding instead and have names twice as long
There isn't a way to externally sign/validate a TXT record, that I know of.
A TXT record may be used in the signing process if using DNS verification, but you are getting a certificate for the name overall so using an A record to hold the hash you are looking to certify does the trick, then if you want to use HTTP-01 for verification rather than an extra DNS record you can.
You don't need a blockchain for that. You just need some reliable-enough way to publish hash(image) with a timestamp - some way that it's infeasible enough as to be considered impossible for thepublisher to change the hash or the date.
Back when I was on Twitter and following a lot of infosec accounts, it was quite common to see tweets that were just a hash. Sometimes they'd have an explanation "Zero click RCE in Android 10 - {hash}"
In the past I've used gmail for this internally - email a hash of something critical (logs, configurations, decision docs, etc) to a dedicated gmail account - relying on the in feasibility of "faking" the date/time once it's onb Google's servers.
The important thing here would be to make sure those hashes are published somewhere where its technically infeasible for the police to change it after the fact, so not on a platform the police run or p-aid for (or that is run or paid for by an organization that the police can request or coerce the operators to make changes).
You literally just need several oracles which sign hashes at the time they receive them and record that fact.
As a community service you need them to have enough scale that no individual hash or source can be tampered with without being likely to become known as unreliable to everyone else as well ala certificate transparency records.
(You could probably just bootstrap let's encrypt for this - issuing a certificate you use to sign a bunch of data would stamp several minimums on the order anything could have happened).
Interesting, There aren't any newspapers left in my country, neither printed nor not printed. The closest you can find is the weekly advertising booklet here and there. Which is irrelevant now because a computer can either stich new content to an old picture, or entirely producing a custom picture.
That would be a use case for a block chain. But I still don't understand how you are securing the integrity of the validity of the certificate stating the authenticity of the media. I only understand you are stamping media with a "at least as old as [timestamp]
If you want to prove that "happened at or after this timestamp" you can use a randomness beacon. NIST[0] and others publish a random number every N minutes. Embed that (or a combination) of those seeds to prove that you observed this value. This does not work for the harder problem of proving an event happened before a timestamp.
Seems like this idea solves a different problem than signed timestamps. You have access to not only the current random numbers, but also any random number from the past (as long as someone somewhere wrote it down). I just don't quite get what this could solve if you can either use a current number or an old number. Just not a future number because they're not around yet.
Embedding a public random number also doesn't resist tampering, unlike signed timestamps.
I suspect so. Tbh, I'm surprised it hasn't happened already with the amount of processing that cell phones do on photos, with generative fill/expand/perspective change, etc.
We are quickly going to reach a point where any photo or video taken on a smartphone is inadmissible by default.
You should see what people were capable of in the darkroom, let alone before all this. You could always manipulate imagery ever since there was imagery to manipulate.
The roll itself can be manipulated too. Most of the techniques used in modern photoshop are basically 1:1 carry overs of darkroom processes. Layers, dodge and burn, masking, etc.
There was a time you could take this class in highschool.
You try to equate several days of work, specialized equipment (much more than water and trash bag: you need chemicals, baths, special paper, a projector, plates...) and knowledge with typing a text in a webpage.
Have fun keeping making bad faith arguments alone.
You are getting caught up in how the sausage is made and not the fact that the sausage was always getting sold either way. So what if I can make 1 or a billion propaganda videos a day? The volume here does not matter. The end result is the same: populace in the pocket of propagandists just as much as it has ever been.
You can burn negatives. You can fake polaroids, really, just think about how a camera itself must operate and you'll see why instantly. Darkrooms used to be far more common before digital photography my Junior and High school both had them.
What makes evidence "pixel perfect?" What digital photographs don't have to involve a chain of custody? Literally the first question the defense will ask is "how did you get this picture." If you say you pulled from a security system they can just go ask for the originals. This happens all the time.
Where people are getting confused is it's almost never _one_ piece of evidence that's used to convict you; although, it may be a single piece of evidence which convinces your attourney to railroad you into a plea deal.
We've gone from highly skilled people being able to forge some specific photos and documents using substantial time/energy/resources, to any asshole being able to generate realistic full-motion video in minutes.
I get that there is a certain type of moron who thinks that the collapse in cost of misinformation has no harm... but all you've done is announce to the world that you are a moron.
It is really not any different. People would throw a hubcap in the air and pitch it as a UFO photo and idiots would latch on to that. You could take a photo of the empire state building and use a double exposure to make it look like you were king kong. Kids were doing this sort of stuff. Stop motion home movies where you'd look like you were levitating or your head got cut off.
No obviously not. But this is silly framing because there are so many things we do because it increases the effort for bad actors to do bad things. We close and lock our doors not because it prevents break-ins, but because that is a barrier that makes breaking in more inconvenient.
The end-game is that people will willingly surveil themselves 24/7 on behalf of The System because that will be the only way to prove what they didn't do.
I’m still shocked we have not seen an extremely convincing AI video of a famous person or world leader announcing something huge like UBI or WW3 or aliens.
It'll no doubt shift the probabilities but people have always lied and faked data. With video coming out of Ukraine there are a lot of fake things but beyond AI glitches you can check who the source is, if it correlates with known events and so on.