Skip to main content
  1. Blog Posts/

C2PA the omnipresent snitch

·612 words·3 mins

Let’s imagine a citizen in China who wishes to anonymously share, for any reason whatsoever, an image of Winnie the Pooh — a character censored in China due to its physical resemblance to President Xi Jinping, who, in terms of character, has little in common with a teddy bear. In the near future, this citizen will face an increased risk of being easily identified by authorities due to new technology.

C22PA is not a Star Wars robot but a technological standard led by a coalition of companies, including Adobe, BBC, and Microsoft. At first glance, they have the noble aim of combating misinformation and copyright abuses by AI and it’s users, through standardizing information production regarding media content. However, upon closer analysis of the proposed standard and associated communication beyond technical or business jargon, we encounter concerning facts, starting with the coalition’s lack of dialogue with the programming community, activists, and security experts.

The internet operates on standards and patterns that enable widespread communication, without programmers and other engineers needing to reinvent the wheel for each device, platform, or network — some examples of these standards among thousands are HTTP, TCP/IP, DNS. In this sense, C2PA will be just another standard — however, its format and usage are incredibly worrying.

The C2PA standard maintains a cryptographic record of all changes made to a file. This record includes what is called a file’s Metadata, which may include the device on which the file was created, the location, and the identity of those who created and edited the file — akin to cryptocurrencies. The coalition appears to want to enforce the mandatory implementation of this standard.

Given this, we return to the initial hypothetical situation of a dissident citizen living under an oppressive government. Now, the same government would know with greater precision who created the image and all accomplices who may have made some edits, thus exacerbating the machinery of political persecution and oppression of human rights.

Beyond the persecution of dissidents by tyrants who love honey, or similar entities, there are more concerns for the general population. How might a sexual predator use this new standard to stalk victims? Who will decide what actually constitutes “fake news”? How much of our privacy are we willing to give up to achieve greater security — if this new standard indeed achieves that proposed goal? And what about its execution? How will it be implemented in different countries? Will its use be optional? Will it be possible to share files that do not comply with this standard? There are many concerns, which this article will not cover in it’s entirety.

The companies in question are already lobbying the US government to force widespread implementation of this standard, which would compel all modern devices to come factory-equipped with this standard implemented by default. I believe it is important to question what these companies stand to gain from this standard. What will be the business model to make the time and money spent on this project viable?

Could it be purely for the betterment of humanity, as the coalition claims? I put to you, it is not. A former director of the US National Security Agency (Michael Hayden) once stated: “We kill people based on Metadata”. I believe that no one in good conscience, especially with historical knowledge of these companies’ business practices, would claim that as the objective.

We live in an era of misinformation, where it is difficult to discern reality from half-truth, half-truth from lie, reality from fiction. To combat this trend, we need clear solutions, with universal implementation, that do not endanger people’s lives and privacy. C2PA is not one of these solutions.