TLDR: The C2PA specifications have been published, making it possible for any tool or device to add features that track the source and history of digital media. If widely adopted, the specifications could lead towards a systematic use of provenance and authenticity infrastructure that is meant to tackle mis/disinformation and generate trust online.
WITNESS has influenced this and related initiatives at an early stage to empower critical voices globally and bolster a human rights framework. After identifying and trying to address potential harms from this growing area of technology exploration, WITNESS is advocating for funding and supporting a diverse C2PA ecosystem that meets the needs of global users.
The case for increased efforts to tackle the storm of misinformation and disinformation, and for better ways to create trustworthy information, is constantly reaffirmed. This may be especially true for activists and civic journalists worldwide, many of whom often depend for their lives on the integrity and veracity of images they share from conflict zones, marginalized communities and other places threatened by human rights violations.
For three decades, WITNESS has been helping communities advocating for human rights change to create trustworthy information, to protect themselves against the misuse of their content, and to challenge misinformation that targets at-risk groups and individuals. One of the strategies we have identified to catalyze this is to build more robust ways to track whether images, video, and audio have been manipulated, mis-contextualized or edited, and if so, when and by whom. These digital and physical structures and tools that allow for the source and history of media to be tracked collectively make up what is now known as provenance and authenticity infrastructure. WITNESS has been part of this growing area of exploration to advocate for systems that empower critical voices and reflect human rights and privacy concerns.
Our work has been informed by collaborating on tools like ProofMode with the Guardian Project, and later by our report ‘Ticks or It Didn’t Happen’ that pinpointed fourteen key issues that need to be considered at an early stage of the development of this infrastructure (rather than try and fix at a later stage). You can find a summary of these key issues in our Tracing Trust blog and video series.
As we move from opt-in and niche authenticity infrastructure to more widespread efforts driven by governments, platforms and public demand, WITNESS seeks to influence these initiatives at an early stage. In our involvement in the Content Authenticity Initiative we successfully advocated for globally-driven human rights perspectives and practical experiences to be reflected in their framework and actions, and most recently, in the Coalition for Content Provenance and Authenticity (C2PA), we have co-chaired the Threats and Harms Taskforce to assess the proposed technical specifications for their potential to be misused and cause harm. You can read more about our work in the C2PA here.
The C2PA Technical Specifications for provenance and authenticity infrastructure
Version 1.0 of the Technical Specifications of the C2PA have been published as of December of last year. These specifications are open, so they may be readily included into any tool or device that creates or processes digital media. Within a C2PA-enabled ecosystem, it means that provenance information can be tracked from the moment that an image, video or audio (and later potentially documents) is captured, all the way until the content is published and consumed.
This could help activists or journalists, for example, offer more credible image or video evidence of human rights violations. Imagine that a human rights defender captures footage of a war crime using a C2PA-enabled camera. The provenance information would offer verifiable signals to suggest that this is a raw, unedited video. Then, with a C2PA-enabled editing software, sensitive information such as the faces of individuals that appear in the video may be blurred or redacted, leaving a trace of what was done to the media file and what was not. Finally, a C2PA-enabled publishing tool would allow viewers to trace the source and history of this asset to determine whether they believe in it or not.
Image 1: C2PA architecture and workflow
The C2PA Technical Specifications are a push away from niche tools, such as ProofMode, pioneered by human rights defenders, towards more widespread and standardized mechanisms for tracking the source and history of digital assets. This move towards a potentially systematic use of provenance and authenticity infrastructure comes with opportunities to create tools that operate across human rights defenders or civic journalist’s workflows. However, it also comes with privacy, security and accessibility concerns, as well as broader questions about its impact on individuals and communities most at risk from these technologies.
It is important to note that these considerations have been reflected in the Guiding Principles of the C2PA. Amongst others, these principles establish that C2PA specifications do not determine what is true or what is false, that the specifications must respect the common privacy concerns of its users, that they must take into consideration the needs of interested users throughout the world, and that they must be reviewed with a critical eye toward potential abuse and misuse of the framework.
As these specifications move from being designed and developed to actually being implemented into tools and devices, we must bear in mind their potential to tackle mis/disinformation and reinforce credibility of media from the frontlines, as well as to be misused, abused, or cause accidental harm.
Getting it right: provenance and authenticity infrastructure that works for all
WITNESS’s early intervention within the C2PA as co-chairs of the Threats and Harms Task-force has focused on a harms and misuses assessment of the specifications to identify potential harms, and to help develop a strategy for the prevention or mitigation of these risks. The assessment was informed by WITNESS’s previous work and experience, but also by internal and external feedback sessions with people with a broad range of lived, practical and technical experiences. An overview of the process can be found here.
One of the areas of concern that has been raised is that of privacy and anonymity. It is imperative that any data recollection system take the necessary precautions to guard against any intentional or inadvertent disclosure of personal information. For human rights defenders and civic journalists that may be particularly vulnerable, especially in adverse legal and political environments, it is all the more important that, already at a specifications level, the design includes any and all possible features that can be used to protect confidentiality of personal information.
In this version 1.0, important steps have been taken to reflect these privacy and anonymity concerns. To start, anonymous or pseudo-anonymous identities may be used for signing claims that contain provenance information, and a redaction feature allows for sensitive information to be deleted from a claim after it has been generated. User experience guidance is also available for implementers and users to be aware of best practices, emphasizing on the importance of content creators effectively retaining control of the information recorded, with particular attention to the creator’s identity and process.
Another concern that has been echoed during the assessment process is that of access. If C2PA manifests become an accepted or even required source for establishing trust, what happens to those that can, or prefer to, not use C2PA-enabled tools? What happens to civic, independent or community media, for example, if there are financial or technical barriers to access the C2PA ecosystem?
As an initial step towards addressing potential harms resulting from exclusion, the C2PA specifications have been designed to not preclude implementations in older devices and operating systems, and minimum viable implementations guidance is also being developed as a fallback for these cases. The specifications are also open for anyone to adopt, and it uses existing open-source libraries in various programming languages across a range of devices and operating systems/environments.
A list of the potential harms identified has already been matched with existing and potential mitigation strategies, but as the specifications move past mere guidelines and into the tools used by millions of people, they will need continuous adaptation to address these and other potential or actual harms that arise from their misuse or abuse, or from its intended use resulting in unintentional harm.
Looking ahead: from technical specifications to the tools used by millions
There are areas that have been identified as requiring additional efforts to avert and mitigate potential harms. The X.509 certificate, for example, required to sign C2PA certificates, comes at a hefty cost. The existing alternative is to self-sign a provenance claim that may be less credible, since the certificate is not independently verified, and may be inaccessible to those that don’t have the technical know-how to generate their own certificates.
Beyond the immediate scope of the specifications, a lot of the work will now be focused on the tools and technology that is built around the C2PA. For all the precautions, implementations can still, for example, opt to demand individual identifiers to be attached to provenance claims. This is particularly concerning in countries with no checks on government surveillance and control, and where activists, journalists, and political opponents are already vulnerable to a lack of privacy and anonymity.
More broadly, there are questions about the experience of users with C2PA-enabled tools and devices, and whether they will be able to effectively retain control of their information. These and other questions may need to be examined with more detail before, or if, social media platforms include it into their system, where millions of people live and interact with each other and with a broader ecosystem of companies, governments, and potentially malicious actors.
Moving forward, WITNESS is advocating for funding and supporting a diverse C2PA ecosystem that meets the needs of global users, particularly those of human rights defenders, civic journalists, and others that strive for a positive change in the world. We are also working towards an ongoing harms and misuses assessment that includes input from people from around the globe, and pushing back against legislative and political initiatives that abuse the specifications.