We're in the early stages of a pretty serious problem. Faster hardware and software might bring us new tools to help with accessibility or bring AI-powered conveniences into the phone in your pocket, but they can also be used to mislead. Deepfakes might be humorously awkward right now, the subject of entertainment and really obnoxious Twitter ads, but they're going to be a bigger and bigger problem as both software and hardware get better. Worse, we're also losing the arms race to detect them. But there's another potential solution. A company called Truepic is working on a overly-witty-named feature called "Foresight" that promises to bring hardware-backed security to photos and videos.
It might have a marketing-heavy, snappy name, but it doesn't actually need it. You can just as easily call it "hardware-secured photo capture," and it's really pretty simple. Instead of trying to figure out how to detect deepfakes or particularly good 'shops, you can verify the photo or video at the time it's captured, stamping it with a seal of authenticity saying "this video happened," and ensuring its provenance and a record of any modifications to it stays attached as it's distributed or edited. Truepic, the aptly-named company behind the technology, has been working with Qualcomm to bring it to your next phone.
The company gave us a demo of its technology on a Qualcomm Snapdragon 865 reference device last week, and it's pretty snazzy, claiming to offer end-to-end security for the capture process, courtesy of Qualcomm/ARM's standardized TrustZone platform. That means from the second you tap the shutter to the file being saved, it's all handled securely in a way no one (including you) can interfere with. In the call I watched, we actually had to switch from a screenshare of the phone to a camera just to see the process work because even the camera's preview couldn't be recorded externally — it's all super secure, end-to-end.
These aren't weird photos that you'll need some special viewer to see, either. It's a standard JPEG with extra data attached to it. Importantly, it's an open standard, and it will eventually work with other formats like HEIC as well. The solution that Truepic built can even be used by third-party apps, for super-secure photography in things like banking apps when depositing checks, or verifying you're actually who you claim to be in dating apps.
Photos and videos taken this way are also loaded metadata for irrefutable provenance: Things like location, time, a 3D depth map, and image previews can all be included and cryptographically signed in a way that can't be changed. That introduces our first and biggest road bump: Right now, this extra data doesn't persist between changes in format or editing. Until more companies get on board, its use in the modern internet age is limited. But eventually, this metadata could even show how images were modified on their way to your eyeballs across photo editors and social media uploads.
There are also other requirements, like hardware-backed depth mapping (required to mitigate so-called "picture of picture" attacks), but most new phones these days have either dual-pixel AF or portrait mode/depth sensors of some kind, which is enough: Truepic's system can read whatever is plugged into Qualcomm's ISP.
I know this might sound complicated, but it's actually surprisingly simple. It's just one of those things that can't really work until everyone is on board with it. Right now, it's just a proof of concept. Software and service companies like Adobe, Google, Twitter, Facebook, and Apple, as well as smartphone manufacturers all need to bake in support for passing this metadata on — anything that might change that photo on its journey through the internet needs to support it. Qualcomm is clearly interested, but more companies in the chain will need to work with it. We're told there will be announcements of partnerships like that in the coming weeks and months, but there's nothing to share now. Furthermore, though we saw a demonstration of the process for photos, it isn't working for videos just yet.
Some estimates claim that up to 85% of photos are taken on smartphones, so this is definitely the right avenue to take. But while it can't stop deepfakes, it does mean that someday, we might be able to tell real photos and videos from modified ones courtesy of an indelible genealogy attached to each one.
PRESS RELEASE
Truepic Breakthrough Charts a Path for Restoring Trust in Photos and Videos at Internet Scale
First Native Integration of Hardware-Secured Photo Capture in a Mobile Device Paves the Way for Enabling Authenticity for the Trillion-Plus Photos Taken on Smartphones Annually; Allows Dissemination of Authentic Content as a Viable, Scalable Countermeasure to Visual Disinformation, Image Fraud, and Deepfakes
SAN DIEGO, October 15, 2020 /PRNewswire/ - Today, Truepic Inc., the leader in provenance-based photo and video authentication, announced that it has successfully achieved the world’s first native integration of hardware-secured photo capture in a prototype mobile device, powered by the Qualcomm® Snapdragon™ 865 5G Mobile Platform. The device produces photos with cryptographically-sealed provenance data whose authenticity can be verified by recipients.
The announcement marks a watershed moment in society’s battle against deceptive photos and videos, be they “deepfakes” or “cheapfakes”. Deceptive visual content is an imminent danger that is eroding trust on the internet, which can impede everything from transacting online to making important personal, financial, and even political decisions.
“The world is digitizing most human interactions, a trend that has only accelerated during the COVID-19 pandemic," said Jeff McGregor, CEO of Truepic. "Simultaneously, we have seen a rapid growth in visual deception, fraud and disinformation online. These two trends cannot safely co-exist without a trust mechanism to help protect those capturing and viewing images. Today’s announcement represents the future of digital imagery on the internet—and a scalable, long-term solution to the problem of visual deception online.”
According to Infotrends, 85% of all pictures taken in 2017—estimated at over 1.2 trillion photos—were captured on smartphones. The figure underscores the critical role that smartphone photography plays in online visual communication. Securing photo capture in hardware and integrating it as a native feature of the smartphone can put the technology in everyone’s hands, while fortifying it against malicious attacks and hacking. The widespread adoption of the technology can provide a strong, secure foundation upon which to rebuild trust in visual media at the scale of the internet.
This breakthrough milestone was achieved with the new Truepic® Foresight™ system, the hardware-secured version of the patent-pending, next-generation of Truepic’s award-winning Controlled Capture technology. Truepic integrated Foresight into the Snapdragon 865 reference design, taking advantage of the underlying hardware security. The Truepic Foresight system features:
-
The Truepic Foresight trusted application firmware for the Qualcomm® Trusted Execution Environment (TEE) of Snapdragon 865
-
The Truepic Foresight middleware for the Android™ operating system 3. The Truepic Foresight Certificate Authority cloud service
-
A modified version of the device’s native camera app
Foresight leverages the cutting-edge hardware security features of Snapdragon 865, including the secure hardware pipeline of the Qualcomm Spectra™ camera 480 Image Signal Processor (ISP), which is resistant to image data and operational control tampering.
“This development paves the way for visual content consumers to determine the trustworthiness of photos and accurately discern authentic versus forged content,” said Manvinder Singh, Vice President, Product Management, Qualcomm Technologies, Inc. “We are pleased that Snapdragon is providing the platform on which this crucial deepfake countermeasure is being developed.”
The Foresight capability is accessible through a new “Secure” capture mode in the device’s native camera app. Engaging this mode and pressing the capture button produces a digital photo that contains cryptographically-sealed provenance data,
formatted in accordance with emerging open standards. The data allows a recipient to authenticate the pixels, date and time, geolocation, and 3D depth map that were securely-acquired and sealed into the file at the time of capture.
With the power and breadth of the Snapdragon ecosystem, Truepic Foresight achieves unprecedented levels of hardware-based security and resilience for media capture, scalability to hundreds of millions of devices across price tiers, deep integration as a native feature of the smartphone without requiring the installation of a 3rd party camera app, and a privacy-first architecture that forgoes the need to uniquely identify the user or the device.
Truepic develops the world’s most secure camera technology for mobile devices. We empower viewers to make better-informed decisions through high integrity photos & videos. Truepic Vision, our flagship product, enables our partners to instantly gather and view trusted visual documentation from anywhere in the world. Our team is dedicated to restoring trust in every pixel of consequence, with the goal of having a shared sense of visual reality across the internet by 2030.
Qualcomm, Snapdragon, and Qualcomm Spectra are trademarks or registered trademarks of Qualcomm Incorporated.
Qualcomm Snapdragon, Qualcomm Trusted Execution Environment, and Qualcomm Spectra are products of Qualcomm Technologies, Inc. and/or its subsidiaries.
Android is a trademark of Google LLC.