OK, so we have some video. If that video was taken from within an app on a mobile device, it may be somewhat tamper resistant.
Some external cameras have GPS, but certainly not all, and any meta-data could be changed before importing. In terms of location, we have device GPS, cell tower location, nearby WiFi based location, IP address, Internet network topology and timing. Any of those could be spoofed with some effort. Signing content with location information before uploading might bring reputation into the equation, and give some more trust in the information. I assume your binning concept (100,000 or 2^32) is to give "I was there" without saying "here is exactly how to find and kill me". Is that correct? We might achieve the same by simply rounding Lat Long at some level of granularity. We could lock down the time of publication to the system using hash chain type structures. The hash, location, time, and document could all be signed by the hashing server. This could be distributed and redundant. Just some quick thoughts. -- Lance Cottrell [email protected] On Aug 27, 2013, at 12:25 PM, Rich Jones <[email protected]> wrote: > The purpose is to prevent forgery of documents. Actually, even more > fundamentally, it is a way of saying "I was at this place at this time" - I > don't believe there is any system which can do better than that (any kind of > device-based fingerprinting would be a DRM scheme, and therefore flawed from > conception.) > > I don't believe that these documents could be made to be self-verifying, > although this is the sort of attempt being made with J3M. CitizenMediaNotary > proposes to make documents network-verifiable against retroactive forgery, > but this is actually a different problem ("have we seen this before" rather > than "where in spacetime was this created"). > > Let's suppose a use case. Seems like we're about to have a nice little war in > Syria, so let's use that. Suppose a citizen reporter creates an image of a > bombed-out orphanage for impoverished nuns. Al-Jazeera wants to run with it, > but can it be trusted? How do we know that this is actually an image from > 2013 Syria, and not a previously-unpublished image from 2011 Libya, uploaded > by a military agent? > > A geokey system would use network properties to assure that regions of > spacetime have unique identifiers. These identifiers could then be tied to > media, with a network protocol or J3M or something similar. Ideally, the > handing out of these cryptographic identifiers would actually be done via > satellite and not IPv4, as spatial IPv4 allocation isn't always accurate, > especially with mobile phones. Also, the thought of there being geostationary > microsats for the sole purpose of providing cryptographic spacetime > assurances just gives me the sci-fi tinglies. Imagine little crypto robot > oracles wizzing through space, beeping out random zeros and ones back down > onto the planet! > > I guess the best we can do with this system is just narrow the "forgery > surface" to people who are at a certain place at a certain time who have also > preconspired to construct forgeries based on the keys generated by the > oracle. This is not perfect, but it's better than nothing - assuming that we > keep this limitation in mind. > > > > > On Tue, Aug 27, 2013 at 8:57 AM, Lance Cottrell <[email protected]> wrote: > I think we need to look first at the threat model you are trying to address. > Is the concern that the photo's creator would fake the location of the photo? > Is it that you want to make the location of the photo self-verifying if it is > re-used? > Do you want to simply be able to spot re-use and prove where the photo was > actually taken? > Something else? > > I think that a clearer definition of the problem will help identify the most > appropriate solutions. > > -- > Lance Cottrell > [email protected] > > > > On Aug 26, 2013, at 4:08 PM, Rich Jones <[email protected]> wrote: > >> This is a small, unfinished idea I had, but I'd be interested in hearing any >> feedback anybody here might have to offer. Normally we talk about >> cryptography to secure communications, but this is an idea rather about >> verifying the authenticity of media. >> >> [Quick backround: OpenWatch is a global citizen media network using mobile >> phones as the basis for a free worldwide press. We care very much about the >> authenticity of citizen media, and have designed some systems which attempt >> to improve the verifiability of citizen media.] >> >> The problem is that sometimes media artifacts are presented as a record of a >> current event, when in fact they from different events. An example of this >> was when images of a marathon race in Istanbul were presented as images of >> the recent Occupy Gezi protests. >> >> Now, imagine the globe divided into a grid coordinate system, say 100,000 >> units (or perhaps 232, if IP rather than physical address is to be used). >> Based on their physical location, reporters can contact a server and are >> assigned a key with which to sign or encrypt their media to. This then ties >> a media object to a physical space. This can be further improved to include >> both time and space by dividing a space-day into a number of units, suppose >> 1440, such that different keys would be handed out at different times of the >> day, thus further tying a document to a moment in time as well. >> >> Does anybody know if any systems like this have ever been discussed or >> designed in the past? I suppose this is somewhat similar to the RSA-keyfob >> system, although this allows for anonymous access without pre-arrangement as >> well. >> >> R > > > > > -- > ————————————— > > Rich Jones > > OpenWatch is a global investigative network using mobile technology to build > a more transparent world. Download OpenWatch for iOS and for Android!
