Sony camera feature hopes to make digital images immune to secret manipulation

Cryptographically signs pics – but you'll pay $2,500 before you've bought a lens

Sony has announced a new camera feature that the electronics goliath claims will make digital images immune to secret manipulation and forgery.

Called in-camera signing mode, the functionality cryptographically signs every image an equipped camera captures. Any subsequent pixel modification or tampering with the image will result in a picture that no longer matches its digital signature, Sony said, which will make manipulation more easily detectable.

This, we reckon, has a chance of working as long as the signing process is secure and cannot be subverted, and that there is a way for folks to easily check whether the digital signature of the snap is still valid. And to be clear: it won't stop material being altered, it just flags up that data has (or has not) been changed, from the signature.

Sony said the feature was developed as a response to "widespread issues with unauthorized editing and misconduct around digital photo data," and noted that it designed in-camera signing for corporate users concerned about images being misused.

As to use cases, Sony said passports and ID photo verification are a particularly valuable niche for the service, as is "tackling image manipulation in the media, medical and law enforcement fields." It also pointed out use in the insurance and construction sectors as a method of avoiding fraud. 

Sony in-camera signing is only available on the Sony Alpha 7 IV, a professional-level photo/video camera with interchangeable lenses that starts at $2,500 for just the body – no lens included. Enabling in-camera signing also requires receipt of a license that will be available for business users, Sony said.

The company said it planned to expand to other models in the future, and is also examining how it can expand in-camera signing to other industries "to further support enhanced security." 

While Sony didn't mention availability for the feature in its press release, a spokesperson told The Register that Alpha 7 IV cameras in the EU, UK, US, Canada, Norway, Switzerland, Bosnia and Herzegovina, Macedonia, Moldova, Montenegro, Serbia, and Turkey will get support for the feature.

Standards

In 2019, Adobe launched its Content Authenticity Initiative (CAI), which also aims to track the legitimacy of digital images, drive work on features. Two years later, Adobe, Arm, Intel, and Microsoft founded the technical standards body C2PA, which is aimed at providing the documentation and end-to-end open technical standards. Sony joined in March this year.

In 2020, Adobe added an attribution tool to Photoshop that records every change made to an image into its metadata, along with the name of the person making said changes. That data can be attached to an exported image in a form Adobe calls Content Credentials, which can be used "as a tamper-evident attribution and history data."

There's a catch here: Photoshop users simply don't have to enable Adobe's history tracking, and the image leaves the image-editing app with just as little tracked history as it presumably had when it went in. 

With Sony's digital signing happening in the camera, this cryptographic protection would presumably follow an image everywhere it goes and make manipulation traceable – provided the picture doesn't get stripped of its digital signature, edited, and somehow signed again. It seems quite a fragile process, in engineering terms.

The Japanese titan didn't provide specifics for how its digital signatures are checked for tampering, and didn't immediately respond to questions asking for clarification on the feature. 

The CAI, which Adobe launched along with a number of tech partners including Nvidia, Microsoft, and Twitter; news partners including the Associated Press, New York Times, and Getty Images; and camera makers including Nikon and Leika, is how Adobe plans to work against digital tampering.

According to the CAI, cryptographic asset hashing happens when images are created through its process too. Edits made to the digital image, original source photos used for composites, and other data can be searched using the CAI's Verify website, which is currently in beta. 

"We're creating a secure end-to-end system for digital content provenance through open-source development, cross-industry collaboration, and interoperability of tools," the CAI said. ®

Similar topics


Other stories you might like

Biting the hand that feeds IT © 1998–2022