What is C2PA?
From https://c2pa.org:
"The Coalition for Content Provenance and Authenticity (C2PA) addresses the prevalence of misleading information online through the development of technical standards for certifying the source and history (or provenance) of media content. C2PA is a Joint Development Foundation project, formed through an alliance between Adobe, Arm, Intel, Microsoft and Truepic.
C2PA unifies the efforts of the Adobe-led Content Authenticity Initiative (CAI) which focuses on systems to provide context and history for digital media, and Project Origin, a Microsoft- and BBC-led initiative that tackles disinformation in the digital news ecosystem."
Why is this important?
Digital media provenance is important for several reasons:
- Authenticity: A provenance history helps to establish the authenticity and integrity of digital media content. It allows users to verify that the content that they are consuming or sharing is genuine and has not been tampered with or manipulated. In an era of fake news, misinformation, AI, and deepfakes, understanding the provenance of digital media is crucial to ensuring trust and credibility.
- Verification and Trust: Verification and authenticity enables trust. Provenance provides a way to verify the origin and history of digital media so that users can decide with confidence whether the content comes from a reliable source. It helps build trust between content creators, distributors, and consumers by providing a transparent record of the media's journey from creation to consumption.
- Attribution and Copyright: The provenance record helps with attributing credit to the original creators of digital media. It enables content creators to protect their intellectual property rights and ensures they receive appropriate recognition for their work. An immutable provenance record will help to resolve copyright disputes and provide evidence in legal proceedings related to intellectual property infringement.
- Content Integrity: Provenance allows users to assess the integrity of digital media by examining its chain of custody. It helps identify any genuine alterations and modifications from any unauthorized changes that may have occurred during its lifecycle. This is especially important in fields like journalism, where the accuracy and reliability of information are paramount.
Overall, digital media provenance ensures transparency, trustworthiness, and accountability benefiting both content creators and consumers.
How does it work?
The detailed answer to this is found on the C2PA website, but in simple terms this is what happens.
- A content creator uses a C2PA enabled device to create digital media. The obvious examples are a photo, a sound file or a video file but any piece of media can use C2PA.
- The device records the provenance metadata and associates it with the media. The metadata can include information about the content of the media, such as the creator's identity, the creation time, location, and technical details about the content file. This is called an assertion.
- The creator signs the media and metadata using a cryptographic hash. This signature acts as a proof of integrity and establishes that the content has not been modified or tampered with since its creation.
- The provenance information and signature are embedded into the media as metadata. C2PA refers to the three combined elements as the manifest. The manifest provides proof of origin, provenance and authenticity for the media.
- The consumer of the media can use the content credentials (typically an icon associated with the media) to access the metadata so that they can view the provenance history of the media. This allows them to make an informed choice whether to trust the media or not.
- If the media is modified, the editor is responsible for recording the changes made to the media in a new assertion which is signed and incorporated into the manifest.
- The consumer of the media will now have the option to view all the metadata or to select individual assertions when they check the content credentials.
Where does DataTrails fit in?
Essentially, the manifest is a digital ledger that contains the provenance history of the media asset, but is it an irrefutable source of truth? Unfortunately no, at least not completely.
The manifest allows an editor to redact or withdraw information from the metadata and this means we have to trust that the signer of the latest manifest has made legitimate changes and that they have recorded them correctly in good faith. Essentially you are forced to trust the last person to touch the file.
As well as potentially adding incorrect information, we don't know whether they have redacted information that the media creator did not want to be redacted. Or worse, a dishonest actor may have stripped the provenance info altogether and started afresh with the raw image to claim their own history on it.
Fortunately the C2PA standard includes provision for a media creator to use a remote manifest repository to store the manifest for their asset and DataTrails can be used as a C2PA manifest repository using open source metadata tools.
If the manifest is recorded as a DataTrails ledger it becomes an irrefutable record of the origin, provenance and authenticity of the media asset and all changes to the manifest during its life.
In addition to this, the DataTrails the provenance record can be made a public asset so that anyone can discover and use the manifest to check the provenance of a media file regardless of where they found it - even spotting duplicates and false histories, or abuses of directives like DO NOT TRAIN.
Even more, with DataTrails Instaproof able to search all provenance histories, it is possible to quickly identify where the same file may have been used in multiple places, or detect forks in the evolution of a single base image. All without relying solely on the last person or tool to touch the image in hand.
With the addition of DataTrails to C2PA long term trust is guaranteed!