Leica, the German maker of elegant but absurdly-expensive cameras, just released the M11-P. The most interesting thing about it is a capability whose marketing name is “Content Credentials”, based on a tech standard called C2PA (Coalition for Content Provenance and Authenticity), a project of the Content Authenticity Initiative. The camera puts a digital watermark on its pictures, which might turn out to be extremely valuable in this era of disinformation and sketchy AI. Herewith a few words about the camera (Leicas are interesting) but mostly I want to describe what C2PA does and why I think it will work and how it will feel in practice.

M11-P · To start with, this thing lists at over $9,000 in the US. There are lots of awesome lenses for it, and you might be able to find one for under $5,000, but not usually.

On the other hand, it’s a lovely little thing.

· · ·

The obvious question: Can it possibly be worth that much money? Well… maybe. Any camera on sale today, including your phone, can reliably take brilliant pictures. But people who use Leicas (I never have) rave about the ergonomics, so you might be a little quicker on the draw. And they say it’s fun to use, which means you’re more likely to have it with you when the great photo op happens. And there’s no denying it looks drop-dead cool.

C2PA is puzzling · I’ve been impressed by the whole C2PA idea ever since I first heard about it, but damn is it hard to explain. Every time I post about it, I get annoying replies like “I don’t want my camera to track me!” and “This is just NFTs again!” and “It’ll be easy to fake by tampering with the camera!” All of which are wrong. I conclude that I’m failing to explain clearly enough.

Whatever, let’s try again.

Signing · Inside the M11-P there is special hardware, and inside that hardware are two closely-linked little blobs of binary data called the “public key” and the ”private key”; we call this a “keypair”. The hardware tries to be “tamper-proof”, making it very hard for anyone to steal the private key. (But nothing is perfect; a real security expert would assume that a serious well-resourced hacker could crack and steal. More below.)

When you take a picture, the camera makes a little data package called a “manifest”, which records a bunch of useful stuff like the time, the camera serial number, the name of the person who owns the camera, and so on. Then it runs a bunch of math over the private key and manifest data and the image pixels to produce a little binary blob called the “signature”; the process is called “signing”. The manifest and the signature are stored inside the metadata (called “EXIF”) that every digital photo has.

Then, you share the public key with the world. Email it to your colleagues. Publish it on your website. Whatever. And anyone who gets your picture can run a bunch of math over the public key and manifest and pixels, and verify that those pixels and that manifest were in fact signed by the private key corresponding to the public key the photographer shared.

Geeky interlude for PKI nerds · (If the “PKI” acronym is new to you, do please skip forward to the “Chaining” section.)

Leica has posted a Content Credentials demo page with a sample image. Big thanks to Sam Edwards (@[email protected]), who dug around and found the actual JPG, then taught me about c2patool. All this happened in a nice chatty set of Mastodon threads starting here; the Fediverse is really the place for substantive conversation these days.

The actual image.
(That is, once you click to enlarge it. But watch out, it’s 21M).

Applying c2pa to the JPG yields the JSON manifest, which has a selection of useful EXIF fields. It turns out the signing relies on traditional PKI-wrapped certs; there’s one associated uniquely with this camera, with a proper signing chain through a Leica cert, all apparently rooted at D-Trust, part of Germany’s Bundesdruckerei which also prints money. All very conventional, and whatever programming language you’re using has libraries to parse and verify. Sadly, ASN.1 will never die.

By the way, the actual C2PA spec feels way more complicated than it needed to be, with Verifiable Credentials and Algorithm Agility and JSON-LD and CBOR and COSE etc etc. I haven’t had the bandwidth to slog all the way through. But… seems to work?

Chaining · I’ve described how we can attach a signature to a photo and anyone who has the camera’s public key can check whether it was signed by that camera. That’s clever, but not very useful, because before that picture gets in front of human eyes, it’s probably going to be edited and resized and otherwise processed.

That’s OK because of a trick called “signature chaining”. Before I explain this, you might want to drop by Leica’s Content Credentials page and watch the little video demo, which isn’t bad at all.

Now, suppose you change the photo in Photoshop and save it. It turns out that Photoshop already has C2PA built in, and your copy on your own computer has its own private/public keypair. So, first of all, it can verify the incoming photo’s signature. Then when you save the edited version, Photoshop keeps the old C2PA manifest but also adds another, and uses the private key to sign a combination of the new manifest, the old manifest (and its signature), and the output pixels.

There’s enough information in there that if you have the public keys of my camera and my copy of Photoshop, you can verify that this was a photo from my camera that was processed with my Photoshop installation, and nobody else got in there to make any changes. Remember, “signature chaining”; it’s magic.

If you run a news site, you probably have a content management system that processes the pictures you run before they hit your website. And that system could have its own keypair and know how to C2PA. The eventual effect is that on the website, you could have a button labeled “Check provenance” or some such, click it and it’d do all the verification and show you the journey the picture took from camera to photo-editor to content-management system.

Why? · Because we are surrounded by a rising tide of disinformation and fakery and AI-powered fantasy. It matters knowing who took the picture and who edited and how it got from some actual real camera somewhere to your eyes.

(By the way, AI software could do C2PA too; DALL-E could sign its output if you needed to prove were a clever prompter who’d generated a great fantasy pic.)

But this can’t possibly work! · Like I said above, every time I’ve posted something nice about C2PA, there’ve been howls of protest claiming that this is misguided or damaging or just can’t work. OK, let’s run through those objections one by one.

No, because I want to protect my privacy! · A perfectly reasonable objection; some of the most important reportage comes from people who can’t afford to reveal their identity because their work angers powerful and dangerous people. So: It is dead easy to strip the metadata, including the C2PA stuff, from any media file. In the movie linked from the Leica web site above, you’ll notice that he has to explicitly turn C2PA on in both the camera and in Photoshop.

Yes, this means that C2PA is useless against people who steal your photos and re-use them without crediting or paying you.

I can’t see any reason why I’d attach C2PA to the flowers and fripperies I publish on my blog. Well, except to demonstrate that it’s possible.

No, because I’m not a cryptography expert! · Fair enough, but neither am I. This demo page shows how it’ll work, in practice. Well, early-stage, it’s kind of rough-edged and geeky. Eventually there’ll be a nicely-styled “verify” button you click on.

No, because corporate lock-in! · Once again, reasonable to worry about, and I personally do, a lot. Fortunately, C2PA looks like a truly open standard with no proprietary lock-ins. And the front page of the Content Authenticity Initiative is very reassuring, with actual working code in JavaScript and Rust. I’m particularly pleased about the Rust SDK, because that can be wired into software built in C or C++, which is, well, almost everything, directly or indirectly.

For example, the Leica-provided image you see above has no C2PA data, because it’s been resized to fit into the browser page. (Click on it to get the original, which retains the C2PA.) The resizing is done with an open-source package called ImageMagick, which doesn’t currently do C2PA but could and I’m pretty sure eventually will. After which, the picture above could have a link in the signature chain saying “resized by ImageMagick installed on Tim Bray’s computer.”

No, because of the “analog hole”, I’ll just take a picture of the picture! · This doesn’t work, because the signing computation looks at every pixel, and you’ll never get a pixel-perfect copy that way.

No, because bad guys will sign fake images! · Absolutely they will, no question about it. C2PA tells you who took the picture, it doesn’t tell you whether they’re trustworthy or not. Trust is earned and easily lost. C2PA will be helpful in showing who has and hasn’t earned it.

No, because it will lead to copyright abuse! · It is definitely sane to worry about over-aggressive copyright police. But C2PA won’t help those banditos. Sure, they can slap a C2PA manifest, including copyright claims, on any old image, but that doesn’t change the legal landscape in the slightest. And, like I said, anyone can always remove that metadata from the image file.

No, because artists will be forced to buy in! · Yep, this could be a problem. I can see publishers falling overly in love with C2PA and requiring it on all submissions. Well, if you’re a film photographer or painter, there’s not going to be any embedded C2PA metadata.

The right solution is for publishers to be sensible. But also, if at any point you digitize your creations, that’s an occasion to insert the provenance data. We’ll need a tool that’s easy to use for nontechnical people.

No, because it’s blockchain! Maybe even NFTs! · It’s not, but you can see how this comes up, because blockchain also uses signature chains, there’s nothing in principle wrong with them. But C2PA doesn’t need any of the zero-trust collective-update crap that makes anything with a blockchain so slow and expensive.

No, because hackers will steal the private key and sign disinformation! · Definitely possible; I mentioned this above. When it comes to computer security, nothing is perfect. All you can ever do is make life more difficult and expensive for the bad guys; eventually, the attack becomes uneconomic. To steal the private key they’d have to figure out how to take the camera apart, get at the C2PA hardware, and break through its built-in tamper-proofing. Which I’m sure that a sufficiently well-funded national intelligence agency can do, or a sufficiently nerdy gang of Bolivian narcos.

But, first of all, it wouldn’t be easy, and it probably wouldn’t be terribly fast, and they’d have to steal the camera, hack it, put it back together, and get it back to you without you noticing. Do-able, but neither easy nor cheap. Now, if you’re a Hamas photoblogger, the Mossad might be willing and capable. But in the real world, when it really matters, the attackers are more likely to use the XKCD technique.

No, because websites don’t care, they’ll run any old gory clickbait pic! · Absolutely. C2PA is only for people who actually care about authenticity. I suspect it’s not gonna be a winner at Gab or Truth Social. I hope I’m not crazy in thinking that there are publishing operations who do care about authenticity and provenance.

OK then. How will it be used in practice? · I remain pretty convinced that C2PA can actually do the things that it’s designed to do. Which raises the question: Where and how will it be used? I can think of two scenarios: High-quality publishing and social media.

The Quality Publishing workflow · We’re looking at The Economist or New Yorker or some such, where they already employ fact checkers and are aggressive about truth and trust. Their photos mostly come from indies they work with regularly, or big photo agencies.

Let’s look at the indie photographer first. Suppose Nadia has been selling pix to the pub for years, now they want to do C2PA and Nadia has a camera that can. So they tell Nadia to send them a picture of anything with C2PA enabled. They have a little database (Microsoft Access would be just fine) and a little app that does two things. First, when they get the sample photo from Nadia, there’s a button that reads the photo, extracts and verifies the C2PA, and writes an entry in the database containing Nadia’s camera’s public key and the way she likes to be credited.

From then on, whenever they get a pic from Nadia, they feed it to the app and press the other button, which extracts the C2PA and looks up the public key in the database. If it doesn’t match anything, there’s a problem and they probably shouldn’t run that picture without checking things out. If everything’s OK, it’ll create a nice little chunk of HTML with the credit to Nadia and a link to the HTML-ized provenance chain to show to anyone who clicks the “provenance” button beside the picture.

You know, if I were building this I’d make sure the database record included the email address, then I’d set the app up so the photog just emails the picture to the app, then the app can use the pubkey to pull the record and see if the email sender matches the database.

In the case of the agency photographers, the agency could run the database and app  on its website and the publisher could just use it. Neither option sounds terribly difficult or expensive to me.

The idea is that displaying the provenance button emphasizes the seriousness of the publisher and makes publishers who aren’t using one look sketchy.

The social-media workflow · The thinking so far seems to have been aimed at the high-end market I just discussed; after all, the first camera to implement C2PA is one of the world’s most expensive. I understand that Nikon has a camera in the pipeline and I bet it’s not going to be cheap either. [Sad footnote: I gather that Sony is building this into its cameras too but, being Sony, it’s not using C2PA but some Sony-proprietary alternative. Sigh.]

But on reflection I’m starting to think that C2PA is a better fit for social media. In that domain, the photos are overwhelmingly taken on mobile-phone cameras, and every app, bar none, has a media-upload feature.

Speaking as a former Android insider, I think it’d be pretty easy to add C2PA to the official Camera app or, failing that, to a C2PA-savvy alternate camera app.

I also think it’d be pretty easy for the Instagrams and TikToks of this world to add C2PA processing to their media-upload services. Obviously this would have to be explicitly opt-in, and it’d probably work about the same way as the Quality Publishing workflow. You have to initially upload something with a C2PA manifest to get your public key registered and tied to your social-media identity. Then you’d have to decide whether you wanted to attach C2PA to any particular picture or film-clip you uploaded.

I dunno, on a snakepit of sketchy information like for example Reddit I think there’d be real value, if I happened to get a good picture of an cop brutalizing a protester or a legislator smooching the Wrong Person or Ukrainian troops entering a captured town, to C2PA-equip that image. Then you could be confident that the trustworthiness of the image is identical to the trustworthiness of the account.

And if some particularly-red hot video capture either didn’t have the “provenance” badge, or it did but was from Igor48295y2 whose account was created yesterday, well then… I’m not so optimistic to think it’d be dismissed, but it’d be less likely to leak into mainstream media. And — maybe more important — if it were super newsworthy and CP2A-attributable to someone with a good record of trust, it might get on national TV right away without having to wait for the fact-checkers to track down the photog and look for confirming evidence.

Are you done yet, Tim? · Sorry, this one got a little out of control. But over the decades I’ve developed a certain amount of trust in my technology instincts. C2PA smells to me like an good thing that could potentially improve the quality of our society’s public conversation with itself.

And I’m in favor of anything that helps distinguish truth from lies.