[Ssc-dev] A question from Thomson Reuters

Hans-Christoph Steiner hans at guardianproject.info
Wed May 23 23:21:39 EDT 2012 

If you are talking about skilled Photoshop editing, this cannot happen on any phone that I know of, and the app can provide a signed version of the image.  This will provide a strong cryptographic verification that the image was not modified since it was uploaded from the phone, regardless of how many hands it passes through.  Like Andrew says, this does not cover the possibilities of image manipulation happening on the phone that took the image.

.hc

On May 23, 2012, at 4:33 PM, Andrew Senior wrote:

> I was imagining something similar to "scalado remove" which we discussed on the list before - that erases some part of the foreground.
> I would think that in general image manipulations on the device could be made pretty difficult to detect - since the device it's being done on is the device that took the images it might even match the sensor noise, as well as the huffman coding tables etc. On the other hand "replacing with background" would require building a background model (that wouldn't in general be pixel-for pixel aligned with the image to be doctored) and that would have different characteristics to a natural image. I'm not sure what features a forensic examination would use, but pixel-level features and statistics might always be faked. Global consistency (like correct shadows) might be harder to achieve but I would think that detecting images doctored by sophisticated user + sophisticated software is very difficult.
> 
> Proving chain of custody within obscuracam could involve marking when an image has been taken by obscuracam itself (then you're limited by the security of the intent that was called) and storing sufficient data to bit-perfectly restore any image that was read off the sdcard. In both cases obscuracam has to sign this to declare its part of the chain of custody safe, but in neither case do we go all the way to the sensor.
> 
> Andrew
> 
> On Wed, May 23, 2012 at 12:57 PM, Bryan Nunez <bryan at witness.org> wrote:
> Hi Mandy,
> 
> I'm cc'ing the SSC group for their thoughts on this as well.
> 
> I'm not familiar with the iphone "replace" software, but am assuming it does some sort of image manipulation that could affect the authenticity of what's being depicted in the image or video.
> 
> As with any image or video, manipulation of both the visual and meta data is possible.  What we're trying to do with InformaCam is build in a mechanism that will essentially create a "sealed" around the image or video file which can be mathematically checked to reveal if any tampering has occurred between the time the file was sent and the time the recipient "opens" the file.  What happens before the file is "sealed" is harder to verify.
> 
> Thanks,
> Bryan
> 
> On Wed, May 23, 2012 at 12:37 PM, Mandy Lee <mandy.lee at int-bar.org> wrote:
> Hi Bryan and Sam
> 
> Thomas Szlukovenyi who will be joining our meeting by phone for a short while on 18 June, has highlighted this question below.  Mark is hoping to gain some cooperation from Thomson Reuters so would like us to be fully prepared to answer his question.
> 
> Could you let us have your thoughts on this?
> 
>  
> 
> 2. Verification is a big issue. Of course you somehow have to make
> 
> > sure that the pictures have not been altered and unfortunately there
> 
> > is no secure technological method for doing so. Even very experienced
> 
> > photo editors can be fooled by the latest developments in Photoshop's
> 
> > "content aware fill"  or the  Iphone's "Replace" software under
> 
> > development. Also there is the issue of copyright and is the picture
> 
> > actually showing what it says it does.  This could easily become
> 
> > politically important - some people or NGOs might want to take advantage of it.
> 
> > 
> 
>  
> 
> Many thanks
> 
> Mandy
> 
>  
> 
> Mandy Lee
> 
> Executive Assistant 
> 
>  
> 
> 
> 
>  
> 
> 
> 
> 
> -- 
> Bryan Nunez
> Technology Manager
> WITNESS
> +1 (718) 783-2000 x-311
> 
> 
> _______________________________________________
> Ssc-dev mailing list
> 
> Post: Ssc-dev at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/ssc-dev
> 
> To Unsubscribe
>        Send email to:  Ssc-dev-unsubscribe at lists.mayfirst.org
>        Or visit: https://lists.mayfirst.org/mailman/options/ssc-dev/aws%40andrewsenior.com
> 
> You are subscribed as: aws at andrewsenior.com
> 
> 
> _______________________________________________
> Ssc-dev mailing list
> 
> Post: Ssc-dev at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/ssc-dev
> 
> To Unsubscribe
>        Send email to:  Ssc-dev-unsubscribe at lists.mayfirst.org
>        Or visit: https://lists.mayfirst.org/mailman/options/ssc-dev/hans%40guardianproject.info
> 
> You are subscribed as: hans at guardianproject.info

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mayfirst.org/pipermail/ssc-dev/attachments/20120523/cfc7e7bd/attachment-0001.htm>

More information about the Ssc-dev mailing list