From: "Alan (Miburi-san) Wexelblat" <wex@media.mit.edu>
Date: Tue, 14 Dec 93 07:23:53 PST
To: cypherpunks@toad.com
Subject: Signing pictures -- how hard, how long?
Message-ID: <9312141523.AA28906@media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


At the Media Lab, some people have begun discussing the ease with which
digital pictures can be altered.  One suggested way of ameliorating the
problem is to have the original photographer append something like a PGP
signature to the picture.

This doesn't stop the original photographer doctoring the picture before
signing it, but it does stop (I think) people downstream from undetectably
doctoring the pic.  And if the subject of the photo wants to claim it's been
doctored, there's a clearly-responsible person's signature attached.

Anyone performing an operation which changed the bits (such as cropping)
would have to generate a new signature associating his name with the set of
alterations.  With luck, newspapers and other information deliverers who
care about their reputations would not accept unsigned pictures (just as
they don't take pix today without the proper releases).  The end user would
not likely see the signatures (though they could be delivered and checked in
software invisibly to the user), but people with reputations and liability
on the line would.

One associated question has to do with the soon-to-be-productized next
generation of high-end movie cameras.  These are all-digital at the source,
so the question becomes: how hard would it be to build in digital signing at
the source.  In theory, you'd like every frame (probably 70 fps in the
ultra-high end HDTV cameras) to be signed -- how long would that take?
You'd like the signature hardware built into the camera -- what would that
cost?  Can we come up with a relatively reliable way for the camera operator
to handshake with the camera so that it's *his* signature appended to each
frame?  Perhaps by using some hand-held plug-in module to carry the key or
to generate an unique session key each time the camera is turned on?

In my opinion we're never going to get a 100% unspoofable system.  But I
think that a pretty straightforward signature system can get us to a level
of reliability where there is at least someone somewhere we can point the
finger at as the potential source of doctoring.

--Alan Wexelblat, Reality Hacker, Author, and Cyberspace Bard
Media Lab - Advanced Human Interface Group	wex@media.mit.edu
Voice: 617-258-9168 Page: 617-945-1842		an53607@anon.penet.fi
The belief that enhanced understanding will necessarily stir a nation to
action is one of mankind's oldest illusions.