My initial reaction was "great, so this is a thing now" but then I opened the article:
> "I applied as a cheeky monkey, to find out, if the comeptitions (sic) are prepared for AI images to enter. They are not."
I withdraw my heavy sigh.
---
This did get me thinking though -- could camera manufacturers add a new tag to the EXIF data that is cryptographically signed by the camera? This could then be carried over from the RAW format to whichever format the photographer chooses to export as after their touch-ups. This could be verified by contest officiants.
> could camera manufacturers add a new tag to the EXIF data that is cryptographically signed by the camera
They could, and some already do, but this doesn't fully solve the problem. You'd still be left with the analog loophole[1]. A sufficiently advanced attacker could feed a generated image directly to the camera sensor.
Also, I think every one of these has been broken. There have been instances of images being entirely replaced by historical images, without breaking the signature.
For a long time, polaroids have been held as the "this image can't be faked."
Somewhere in my collection of lesser used equipment, I've got a Daylab. https://www.instantphoto.eu/pola/pola_daylab_300.htm and I used it to transfer some 35mm slides to 4x5" to practice the various manipulations you can do there (emulsion lifts and transfers).
The thing was I had a 35mm slide that was projected onto the film. If I could make a 35mm slide of some sort, I could then make a polaroid of a digital image. Even back then there were a few services that could do it.
The idea that you can ensure that the image produced is what was recorded, even two decades ago when polaroids were still a reasonable standard for authenticity of an image shows how easily it can be compromised. Well, maybe not easily but it isn't difficult for a serious hobbyist to create the appropriately constructed image in the desired media.
And so what if you sign the EXIF data. That only really guarantees that version of the image. If you adjust the saturation or curves or exposure... or correct for some lens aberration does that EXIF information still match the resulting photo? For that matter, what if you crop it to a square from a rectangle or stitch two images into a panorama?
> And so what if you sign the EXIF data. That only really guarantees that version of the image. If you adjust the saturation or curves or exposure... or correct for some lens aberration does that EXIF information still match the resulting photo? For that matter, what if you crop it to a square from a rectangle or stitch two images into a panorama?
Oh, that's actually possible with cryptographic techniques. Very exciting!
Those are interesting, but there's a difference in the manipulations that are done for image for journalism and image for art. That has crop, resize, and grayscale... but not things like "selectively dodge and burn", "adjust the white balance", "skew or rotate to level horizon", or "correct for chromatic and coma aberration in a particular lens."
While that is good and useful (and I would be willing to even go so far as saying "needed" for journalistic uses), the transformations available are remarkably limited for artistic use that even represent what can be done in a traditional darkroom.
> what if you sign the EXIF data. That only really guarantees that version of the image. If you adjust the saturation or curves or exposure... or correct for some lens aberration does that EXIF information still match the resulting photo? For that matter, what if you crop it to a square from a rectangle or stitch two images into a panorama?
While you won't be able to verify the final work mechanically by just verifying the signature, at least, if you bundle the original raw file with the final work, an human (or an AI!) should be able to tell if the final work is at least derived from a real picture.
You just have to dive deeper. You need two cameras that have cryptographic signatures automatically attached.
In order to submit picture 1, you need to have picture 2 that was taken at the exact same time (and time is in the signature too) by a different camera, of picture 1 being taken, as a verification picture.
That does no good. You can present any image to a camera you want. You can't solve that problem by requiring another camera also being fed an arbitrary image.
The problem is that you want to ensure that an image corresponds to some real object. This problem is unsolvable, because a camera does not sense "real objects". It senses photons, and we already have the technology to shine any arbitrary combination of photons that a camera sensor can detect onto a camera sensor. There is no possible "signature" to apply to the output of a camera sensor that can validate that it is the result of "real objects", a definition that would get fuzzy if you tried to really nail it down in the presence of hostile attackers deliberately gaming your definition anyhow.
Besides, the entire idea that a photo is a concrete, specific thing is a very Hacker News, computer-programmer idea anyhow. Photos aren't just files. Long before we had the tech to shine arbitrary photons onto CCD camera sensors, photos were a process, not a single file. Even if we stipulate that the image on film can be reasonably called a "file", itself a rather large stipulation, the final photo would be the result of substantial decisions in how the image was developed. The program "Photoshop" is called that precisely because "photoshops" had numerous tools to affect the image at that point in the process, many of the tools in Photoshop are still named after these processes. Photo competitions absolutely include these elements; if there have ever been any photo competitions that accepted film as the input and rigidly developed all contestant's films the exact same way, they are the vanishing minority. Photos have always encompassed post-processing as part of their identity. A signature on a file is no good. You'd have to fundamentally rewrite the entire photo stack to include all the transforms, in a completely official and 100% specified manner, all signed, so the final signed photo has the complete record of everything done to it from the source... it's theoretically possible but absolutely not going to happen, especially in light of the fact the source is still meaningless for the above reasons. The whole idea is comprehensively unworkable.
Even with this elaborate setup, you still can't prove that the person taking the photo is the one that set up the composition or camera settings. I think you'll need a third camera recording a video of the setup process. Also cryptographically signed, of course.
When Canon did this, the signing key was the same for every camera of the same model, and you could extract it by running code on the camera. I don't have faith in camera companies implementing this properly.
Hence the “if”. The technology exists, and is for example in widespread use in smart cards, smartphones, and laptops. The article you link to is also from 2010, so the Canon development is probably 15 years old or more. I would expect a better level of security awareness by now.
You don't even have to carry it over, just require the original signed file in a competition. Though whenever you look at security you always have to consider what happens when it gets cracked.
Where do you draw the line between heavy editing and fully AI-generated? Some edits have little in common with the source, so at which point is the source not relevant anymore? What if you feed an original photo through some AI-enhanced tool like Topaz?
I had seen Dogme ages ago, thanks for reminding me. Agree we may see more like it, but probably with about the same cultural relevance : mostly a footnote.
And how do you know the signing keys are legitimate? Are they in a hardware root of trust for a high security, completely locked down device that can’t be rooted to sign whatever? Is the CA that endorsed them trustworthy?
Where do we draw the line? iPhone photos go through ml models should they not count either?
Just watching where the tech is heading I’m not going to be surprised if almost all creative tools in 10 years go through this tech so the whole idea that we can cordon off “pure and honest art” seems impossible on the long timeline.
I think it needs the actual photographic data which is unique to be encoded with the camera model perhaps? Tagging is not enough, it needs to be part of the image to really work (I am guessing)
Some cameras do this already, and there is some interesting research (2022) that tries to use zero-knowledge proofs to make signed images editable (e.g. cropping, simple adjustments).
> "I applied as a cheeky monkey, to find out, if the comeptitions (sic) are prepared for AI images to enter. They are not."
I withdraw my heavy sigh.
---
This did get me thinking though -- could camera manufacturers add a new tag to the EXIF data that is cryptographically signed by the camera? This could then be carried over from the RAW format to whichever format the photographer chooses to export as after their touch-ups. This could be verified by contest officiants.