OK, so we have some video. If that video was taken from within an app on a mobile device, it may be somewhat tamper resistant. Some external cameras have GPS, but certainly not all, and any meta-data could be changed before importing. In terms of location, we have device GPS, cell tower location, nearby WiFi based location, IP address, Internet network topology and timing. Any of those could be spoofed with some effort. Signing content with location information before uploading might bring reputation into the equation, and give some more trust in the information. I assume your binning concept (100,000 or 2^32) is to give "I was there" without saying "here is exactly how to find and kill me". Is that correct? We might achieve the same by simply rounding Lat Long at some level of granularity. We could lock down the time of publication to the system using hash chain type structures. The hash, location, time, and document could all be signed by the hashing server. This could be distributed and redundant. Just some quick thoughts. -- Lance Cottrell loki@obscura.com On Aug 27, 2013, at 12:25 PM, Rich Jones <rich@openwatch.net> wrote:
The purpose is to prevent forgery of documents. Actually, even more fundamentally, it is a way of saying "I was at this place at this time" - I don't believe there is any system which can do better than that (any kind of device-based fingerprinting would be a DRM scheme, and therefore flawed from conception.)
I don't believe that these documents could be made to be self-verifying, although this is the sort of attempt being made with J3M. CitizenMediaNotary proposes to make documents network-verifiable against retroactive forgery, but this is actually a different problem ("have we seen this before" rather than "where in spacetime was this created").
Let's suppose a use case. Seems like we're about to have a nice little war in Syria, so let's use that. Suppose a citizen reporter creates an image of a bombed-out orphanage for impoverished nuns. Al-Jazeera wants to run with it, but can it be trusted? How do we know that this is actually an image from 2013 Syria, and not a previously-unpublished image from 2011 Libya, uploaded by a military agent?
A geokey system would use network properties to assure that regions of spacetime have unique identifiers. These identifiers could then be tied to media, with a network protocol or J3M or something similar. Ideally, the handing out of these cryptographic identifiers would actually be done via satellite and not IPv4, as spatial IPv4 allocation isn't always accurate, especially with mobile phones. Also, the thought of there being geostationary microsats for the sole purpose of providing cryptographic spacetime assurances just gives me the sci-fi tinglies. Imagine little crypto robot oracles wizzing through space, beeping out random zeros and ones back down onto the planet!
I guess the best we can do with this system is just narrow the "forgery surface" to people who are at a certain place at a certain time who have also preconspired to construct forgeries based on the keys generated by the oracle. This is not perfect, but it's better than nothing - assuming that we keep this limitation in mind.
On Tue, Aug 27, 2013 at 8:57 AM, Lance Cottrell <loki@obscura.com> wrote: I think we need to look first at the threat model you are trying to address. Is the concern that the photo's creator would fake the location of the photo? Is it that you want to make the location of the photo self-verifying if it is re-used? Do you want to simply be able to spot re-use and prove where the photo was actually taken? Something else?
I think that a clearer definition of the problem will help identify the most appropriate solutions.
-- Lance Cottrell loki@obscura.com
On Aug 26, 2013, at 4:08 PM, Rich Jones <rich@openwatch.net> wrote:
This is a small, unfinished idea I had, but I'd be interested in hearing any feedback anybody here might have to offer. Normally we talk about cryptography to secure communications, but this is an idea rather about verifying the authenticity of media.
[Quick backround: OpenWatch is a global citizen media network using mobile phones as the basis for a free worldwide press. We care very much about the authenticity of citizen media, and have designed some systems which attempt to improve the verifiability of citizen media.]
The problem is that sometimes media artifacts are presented as a record of a current event, when in fact they from different events. An example of this was when images of a marathon race in Istanbul were presented as images of the recent Occupy Gezi protests.
Now, imagine the globe divided into a grid coordinate system, say 100,000 units (or perhaps 232, if IP rather than physical address is to be used). Based on their physical location, reporters can contact a server and are assigned a key with which to sign or encrypt their media to. This then ties a media object to a physical space. This can be further improved to include both time and space by dividing a space-day into a number of units, suppose 1440, such that different keys would be handed out at different times of the day, thus further tying a document to a moment in time as well.
Does anybody know if any systems like this have ever been discussed or designed in the past? I suppose this is somewhat similar to the RSA-keyfob system, although this allows for anonymous access without pre-arrangement as well.
R
-- —————————————
Rich Jones
OpenWatch is a global investigative network using mobile technology to build a more transparent world. Download OpenWatch for iOS and for Android!