Adobe’s photo-editing flagship Photoshop is so successful that the brand is a synonym for digital fakery. Later this year it will become a standard bearer for a proposed antidote: technology that tags images with data about their origins to help news publishers, social networks, and consumers avoid getting duped.
Adobe started working on its Content Authenticity Initiative last year with partners including Twitter and The New York Times. Last week, it released a white paper laying out an open standard for tagging images, video, and other media with cryptographically signed data such as locations, time stamps, and who captured or edited it.
Adobe says it will build the technology into a preview release of Photoshop later this year. That will be the first real test of an ambitious—or perhaps quixotic—response to concerns about the democracy-corroding effects of online misinformation and fake imagery.
“We imagine a future where if something in the news arrives without CAI data attached to it, you might look at it with extra skepticism and not want to trust that piece of media,” says Andy Parsons, who leads Adobe’s work on the standard.
Under CAI’s system, Photoshop and other software would add metadata to images or other content to log key properties and events, such as which camera or person took a photo and when the file was edited or published to a news site or social network. Cryptography would be used to digitally sign the metadata and bind new tags to the old ones, creating a record of an image’s life.
If that system gains traction, consumers could one day be prodded to mull the origins of images and video they see on social networking sites.
The simplest way would be for services like Twitter to allow users to inspect the tags on an image or video. The standard could also enhance the automated systems that social sites have deployed to add warnings to posts spreading untruths, like those Twitter and Facebook place on Covid-19 misinformation. Posts about an unfolding tragedy such as a shooting might earn a warning label if they use images that tags indicate come from a different location, for example.
It’s unclear whether tech companies will find the tags useful or reliable enough to push at users. Twitter declined to say when it might test the technology, but a spokesperson said in a statement that it will continue to work on the project. “This white paper attempts to provide clear insights into the unique potential of the Content Authenticity Initiative across all media and online platforms,” the statement said. Facebook did not respond to a request for comment.
To make authenticity tagging work, makers of cameras, creators of editing software like Photoshop, and publishers and social platforms will need to support the standard. Trusted authorities selected by the project would control access to the digital certificates needed to cryptographically sign the metadata.
The world should get a chance to try out this vision for a more transparent internet before the end of this year. Adobe plans to build the standard into a prerelease version of Photoshop, as well as its Behance social network where creatives showcase their work.
Truepic, a startup whose photo-verification software is used in apps from insurers and other clients, plans to release beta software that builds CAI tagging into an Android smartphone’s camera and cryptographic hardware. Sherif Hanna, a vice president at the company, says embracing the open standard offers a chance to see wider usage of ideas that Truepic was already working on. Google declined to comment on whether it was taking an interest in CAI; Apple did not respond to a request for comment.
The first live test of CAI in the news business will most likely come from the The New York Times. The newspaper’s head of R&D, Marc Lavallee, had dreams of testing the technology at a major media event this year, perhaps a political convention. Due to the pandemic he is now looking to events after the presidential election.
As well as thinking about how to integrate the standard into the Times’ news-gathering, editing, and publishing tools, Lavallee’s group is also thinking about what data not to include in the tags. “If you’re a photographer in a forward operating unit in Afghanistan, we don’t want every lat-long where you took a photo to be openly visible,” he says.
The biggest test for CAI will be whether the standard is embraced by social media sites, which have become a misinformation battleground.
Lavallee is encouraged that Twitter, Facebook, and other social media companies have begun to more actively remove and label political and pandemic misinformation. That should make warnings based on CAI data more palatable to both tech companies and their users, he says. “People are getting more comfortable seeing those signals,” Lavallee says. “If we can pick off people who are well-intentioned and about to unwittingly share misinformation, that’s a great starting point.”
The CAI standard’s use of cryptography makes tampering with its tags difficult, but there are ways bad actors could subvert them. One acknowledged in the project’s white paper is to strip the CAI tags from a file and add faked ones. A person or organization that did that might get blocked by the certification authority they used to sign the misleading tags, but that may not undo the damage done by a falsely accredited fake or restore trust in the system as a whole.
The biggest potential weakness is that the system may be applied to only a tiny sliver of online content, says Wael Abd-Almageed, a professor at the University of Southern California working on software to detect deepfakes. “The Washington Post and New York Times will probably use this, and that’s great, but how about user generated content that goes viral?” he says. If most content doesn’t have CAI tags, fakes will continue to spread easily, Abd-Almageed says, so work on systems that analyze imagery to detect fakes remains crucial.
Hanna, of Truepic, says total coverage isn’t necessary for CAI to make an impact, but he argues it can win significant support because of widespread concern about online misinformation. The system can be useful even if it’s not bulletproof, he says, pointing out similarities with the system of certificate authorities that underpin online encryption.
That system isn’t perfect—hacks happen—but online encryption mostly works. Trust may be tricker to establish for the CAI standard, because many more people create, share, and manipulate media than launch encrypted web services. Hanna acknowledges the project’s backers have to communicate the technology’s strengths and weaknesses carefully. “We need to educate consumers that nothing is 100 percent, but they are still getting much higher assurance of where something came from and whether it was manipulated,” he says.