The Online Photographer

Check out our new site at!

Wednesday, February 28, 2007

On “The Most Culturally Significant Feature” of Canon’s new 1D MkIII

by Micah Marty

Completely overlooked in the online fuss over Canon’s new flagship SLR was the incorporation of a significant new capability: the embedding of inviolable GPS coordinates into “data-verifiable” RAW files.

(In 2003 Canon introduced the process of “data verification,” an encryption process that reveals even the tiniest post-shutter changes to a photograph or its metadata. Nikon introduced its own comparable system of “image authentication”—with GPS capabilities—with the rollout of the D2Xs last July.)

Why is the ability to embed inviolable GPS coordinates “culturally significant”? Because it means that digital photographs can now be more tamper-proof than film photographs ever were. Offering a way to make digital photographs harder to undetectably manipulate than film photographs are is a big deal in the history of photography: even as millions of digital photographs are being made around the world every hour, film still enjoys a reputation for being “more trustworthy” while “digital” is considered easy to fake.

Some quick background
With film, a manipulated image can be rephotographed far from the original scene, under studio conditions, to produce a new negative that will fool at least some of the people some of the time into thinking they’re viewing an undoctored original. A similar process is possible with digital cameras, creating a new digital file by rephotographing a manipulated image under ideal studio conditions. (How often these scenarios are actually likely to occur isn’t as important from a “trustworthiness” perspective as is the widespread awareness that they can occur even once in a million photographs.)

When a “data-verifiable” RAW file has inviolable Global Positioning System coordinates embedded in it, however, it’s a different story. In order to match the embedded GPS coordinates of the subject depicted, the rephotographing of the manipulated image would have to be done at the original scene, using a plausible lens—because focal length is also embedded in the metadata—in order to not raise suspicion. If the GPS data embedded in the “new” digital photograph is inviolable, then carefully rephotographing a manipulated image without fear of later detection becomes almost impossible with many common subjects.

Could the rephotographing challenge get any tougher? Actually, yes. If not only focal length but also focus distance is incorporated into the inviolable metadata—as it is expected to be at some point soon—then the rephotographing of manipulated images of most wide-to-normal scenes shot at any distance greater than a few feet would be essentially impossible. Embedding focus-distance data means that the manipulated image to be rephotographed couldn’t be downsized and reshot at a macro-copying distance but rather would have to be rephotographed at the actual size and distance as the subject depicted in the photo.

Part of a larger industry trend
Canon and Nikon aren’t the only ones developing methods for checking how much digital photographs have been manipulated. The CEO of the worldwide news agency Reuters announced in December that his organization is working with Adobe and Canon to develop a method of “permanently embedding [in the file] an audit trail of changes made to a digital image,” a process which they hope will become the industry standard. (Reuters, you may recall, got stung last year after they disseminated to news outlets a manipulated image sent from a freelance in Lebanon. Credibility is a news agency’s lifeblood, so Reuters can’t afford another embarrassing incident like that one.)

Of course, “audit trails” and “GPS verification” can’t address problems of staged photos and other circumstance-related deceptions. Those are as old as photography itself and will always be possible with any secondhand representation of any event, in any medium (written, audio, or visual). But the advances described above do squarely address one huge variable in photography’s “trustworthiness” equation—undetectable manipulation of the photograph after it is taken—a variable which, as noted earlier, happens to be the most troubling aspect of “digital” for much of the general public.

Not just for photojournalists
Should photographers who aren’t photojournalists care about all of this talk of “data verification” and “proof of non-manipulation”? The good news is that they don’t have to ever make use of these technologies but they can whenever they wish to.

Only in news photography is something like an inviolable “audit trail” likely to ever be a requirement—and even then, only from one’s publisher, not from any larger entity (unless perhaps the photo is entered in a contest, in which case the contest sponsors may ask for an audit trail).

On the other hand, there are plenty of photographers of almost all subjects who are tired of viewers asking about every impressive photograph, "Was this picture manipulated?" It isn’t hard to see the appeal of a process that would let those photographers easily prove that it wasn't.

Should be interesting times ahead….

Micah Marty, a Chicago-based photographer, is the founder of (“The ‘Nonfiction’ Label for Photographs”). For more on “data verification,” see Those who want to know more about where TrustImage is coming from might start with "Photo Manipulation 101" or with the short essay on "Celebrating the Wonder of a Moment."

Posted by: MICAH MARTY


Blogger Max said...

I bet this technology could add extra value to image files in archives, as a proof of the time and place procedence of an artist work and a thousand other uses, but I don't believe "inviolable" exists in the software world in the long run. It could exist for short lived assignments, but not for an archival file in it's original format, somebody will in time find the way to manipulate or replicate these "inviolable" attributes.

7:21 AM  
Blogger roberts2424 said...

Interesting read.

7:31 AM  
Blogger razorblack said...

This is very interesting, but I think there may be a large weak link in the system...

The GPS coordinates are provided by "a portable GPS device" (as the Canon press release says). This could be anything, including a manufactured circuit that reports a false GPS position? There is no mention that the GPS device is itself trusted.

Would it be fair then to say that it's almost there, for most intents and purposes, but maybe not quite all the way yet?

8:09 AM  
Anonymous Anonymous said...

I would love a camera with built in GPS, I am a lousy note taker and would love to have each photo tell me when and where is was taken.

But GPS does not work inside or downtown, the receiver needs to see 3 satellites to work, so that indoor model or product shoot all you get will be time data and you already get that.

8:16 AM  
Blogger Scott Kirkpatrick said...

It's a step in the right direction, even though I agree that at the present time the gps data could be spoofed by any device that can write a NMTS data stream in the publicly described format that GPS uses. But that loophole can certainly be closed if people conclude it is important. Similarly, the cell phone folks have made great strides in what they call "assisted gps" (this means you pay us something and we do part of the work and your phone is less expensive than a full GPS unit) which works indoors and anywhere that a cell phone would be used. And GPS gives a highly accurate timestamp, as well as geographic position (of the camera, not the objects in the picture, but they should be close).

9:56 AM  
Blogger dasmb said...

Yeah, I'm not impressed by any of this. Without embedding a fairly complex checksum into the GPS unit, it's trivial to write a program that would allow you to change whatever metadata you like. With a fairly complex checksum, it's still plausible that somebody will find a way to hack the checksum algorithm, or simply feed fake data to it.

I'm even less impressed by the concept of an "audit trail." An open format, industry standard audit trail is begging to be hacked -- and who wouldn't want it to seem like all their shots looked perfect coming right out of the camera?

Do we even need any of this? If you want to prevent fake photographs, your best bet is to treat harshly those who fake photographs. Sue the hell out of the photographers -- they've got to be breaking their contract, right? -- and make sure they never work as journalists again.

Boy, I wish print journalists were held to the same standard! Faking quotes, getting facts wrong, or simply reporting rumors as fact...and doing so regularly, even on small stories where it shouldn't even matter. Want to see a wealth of misinformation reported as fact? Go to your public library and look up the news for March 18th, 2003.

10:04 AM  
Blogger Paul Butzi said...

If not only focal length but also focus distance is incorporated into the inviolable metadata—as it is expected to be at some point soon—then the rephotographing of manipulated images of most wide-to-normal scenes shot at any distance greater than a few feet would be essentially impossible. Embedding focus-distance data means that the manipulated image to be rephotographed couldn’t be downsized and reshot at a macro-copying distance but rather would have to be rephotographed at the actual size and distance as the subject depicted in the photo.

Really? It seems to me like this is not true.

I can focus a lens at, say, 4 meters. Then I place optics between the lens and the subject of the photo (the print to be rephotographed). Problem solved.

For instance, if I'm remembering correctly, if I place a 3 diopter closeup lens between the lens (focused at 4 meters) and the print to be rephotographed, the actual focus moves to something like 1.3 meters, but the lens still reports 4 meters.

And that's ignoring the possiblity of modifying lenses to lie about focus distance, devices that emit the data stream that appears to come from a GPS unit but lies about location and time, etc.

10:13 AM  
Blogger Dave New said...

razorblack hit the nail on the head. In any given system, "Garbage In, Garbage Out".

As long as the source of the GPS coordinates themselves are suspect, then there is nothing to see here.

Even if the GPS device to camera protocol is somehow secured/authenticated, there exist RF bench testers that produce fake GPS signals (for development, testing, and calibration). They may be pricey, but all it does is raise the price of admission. If someone wants it bad enough, they can easily undetectably fake a reading to make it look like the shot was taken standing anywhere on the planet, including several thousand feet above it, or even in orbit. Same goes for GPS timestamps.

I find that having GPS coordinates embedded would be a nice convenience for filing shots, but it's a far cry from being useful to actually lawfully authenticate a picture location. It's too easy to spoof or abuse, and the current system has too many holes in it to patch effectively.

11:15 AM  
Blogger fivetonsflax said...

Interestingly, I independently invented this (admittedly somewhat obvious) cryptographic image/gps verification some time in 2003, and I put some work into it before discovering I'd been beaten to the punch.

2:01 PM  
Blogger Jim Coffey said...

Crime Scene Investigators also have a need for photographs that can be verified. I think Law Enforcement is the main buyer of the special audit trail hardware and software.

Come on guys - don't you watch CSI??? [grin]

3:31 PM  
Blogger dasmb said...

Yes, I've watched CSI. I've watched them enhance pixel level resolution when zooming in, remove noise from digital signals to uncover flawless details, perfectly colorize a monochrome frame and -- yes -- even represent a 2 dimensional image in 3d to look behind the objects in the frame. You know -- pretty much anything you could make up to add information that isn't there.

Blade Runner didn't have this much science fiction.

I figured if I know the writers bullshit their way through imaging, they bullshit their way through everything else as well. Which kind of ruins the mystery for me.

6:10 PM  
Blogger Mike Johnston said...

As you may know, a pet peeve for me...recently, there was an episode in which the "technicians" look for clues in a CELL PHONE image; managed to find a small area of background in which there is a REFLECTION; purport to ENHANCE the reflection, and end up with--of course--perfect high-rez images of all the people in the room when the video was made. Allegedly.

I fear that these woeful manneristic tropes have just become standardized within the repetoire of screenwriters, and are deployed unthinkingly as plot development, even though they are utter nonsense, in the same way that, say, Superman stumbles whenever he comes across a green glowing rock. It has nothing whatsoever to do with reality.

In real life, of course--well, do you remember that case in which an 11-year-old girl was abducted pretty much directly underneath a surveillance camera? Despite the fact that the kidnapper pretty much filled the frame, they couldn't "enhance" the image well enough for anyone to recognize his face.



6:29 PM  
Blogger Photoburner said...

Let's look at the reality of the recent past photo manipulations. These were done by local hire photographers. These guys aren't up to the high tech spoofing that is being described to circumvent the verification process.

If the NSA wants to spoof a photograph then I'm sure they could come up with GPS signals and anything else needed. But for most of these events you are talking about, some guy with a camera and photoshop. This would deter them.

As for validation one way I can see it working is when the organization buys a camera for a journalist the Tech Support guys install a strong private password for public/prvate key encryption. The photographer would only have access to the public key and the metadata would be encrypted. That would make it untouchable by anyone without the private key.

That wouldn't help if the photographer held the private key of course.

7:10 PM  
Blogger Mike Johnston said...

Photoburner's got a good point. Security is just layers, like government clearance. Of course it's TECHNICALLY possible to breach almost any security, but in real life each successive layer of security cuts out another level of abuse and reduces, sometimes exponentially, the practical likelihood of fraud. To me that's a good thing. And it's a good thing, too, that this is something someone's thinking about and working on. Just my 2 cents.


7:15 PM  
Blogger Zach Matthews said...

Law schools around the country currently teach 'CSI-proofing' in their trial law classes - lawyers are instructed to prepare a jury in advance (in opening statements) that CSI-level technology is not available in the real world and they should not expect it. This is especially troublesome for prosecutors, because jurors have repeatedly found that they weren't convinced "beyond a reasonable doubt" by the absence of bogus Star Trek level technology that only exists on TV in the prosecutor's presentation.

My concern for magazines and not journalism is that the technology might do as much hard as good. Magazines can safely use "art" photography now because they don't attempt to maintain a "real world" standard; however many readers just assume the magazines they are entertained by and the news they are purportedly informed (accurately) by hold themselves to the same standards. Technology like this seems to me to imply that GPS-tagging and other verification is something to aspire to. I think a good magazine should aspire to publish the best looking photos possible that illustrate the article, because a magazine is typically entertainment rather than news (some publications (i.e. Time, Newsweek) excepted, but true for most of the rack).

8:48 PM  
Blogger megaperls said...

First, it is a technical solution for a social problem, which rarely works.

Secondly, its implementation is similar to DRM schemes, which have all been proven to be breakable.

Thirdly, photography is inherently manipulative of reality - rather than fight it, acknowledge it.

Fourth, how about things like colour balance/saturation or general in camera processing or even capture? Is the red of the blood stains on the carpet over- or undersaturated and what is the effect on the audience?

There's probably much more...

Talking of "Be careful what you wish for": Yeah, remind yourself of your enthusiasm when you are in a courtroom pleading your innocence - in vain, because computers cannot possibly be wrong, can they?

Excitement over this is futile.

11:14 PM  
Blogger fivetonsflax said...

"Megaperls" is mistaken. This is not similar to DRM. It's much more akin to the technology that lets you safely communicate with your bank online, which works fine.

Not to put too fine a point on it, but it is much easier to certify that data hasn't been changed than it is to keep someone from sharing data while still giving them meaningful digital access to it.

3:19 PM  

Post a Comment

<< Home