The Coalition for Content Provenance and Authenticity (C2PA) aims to implement a new standard for online content. But what exactly is it and how does it differ from existing initiatives?
From the safety of vaccines through to the reputation of political figures and everything in between, most people will be familiar with the idea of online audiences being intentionally misled by what they see on social media and forums. But few will be familiar with the various tools and initiatives that are currently being developed to help people understand the trustworthiness of what they see online. In this article, we examine one of the latest of these, the C2PA.
What is the C2PA?
The C2PA is a coming together of some of the biggest players in the tech, creative, publishing and broadcasting industries to create an open standard for content provenance and authenticity.
Leonard Rosenthal, Chair of the C2PA Technical Working Group and Adobe’s CAI Architect, described its goal as bringing “an open standard that can be adopted anywhere in the world, in individual organizations, in individual businesses, in industry segments. We want something that is usable anywhere and everywhere. And that’s whether we’re thinking about images, videos, audio, or documents.
“All we’re really saying here is we’re using some well-established mathematics and technology in the area of cryptography to be able to ensure that we can detect – or more specifically, you, as a consumer, can detect – when assets have been modified.”
Who are members of the C2PA?
The C2PA has over 30 members among its active contributors, including many extremely influential names, such as Adobe, Arm, BBC, Intel, Microsoft, Truepic and Twitter.
Why was the C2PA formed?
The aim of the C2PA is to combine the efforts of two existing initiatives designed to vouch for the integrity of digital media: The Content Authenticity Initiative (CAI) and Project Origin.
What is the C2PA’s mission?
Laura Ellis, Head of Technology Forecasting at the BBC – one of the leading forces behind Project Origin – gave a good description of what the C2PA aims to achieve: “Given the disinformation that we’re encountering right across the media landscape, we just feel that now’s the time to be thinking about, in the long term, starting to embed these signals or align these signals to our content.
“If you can’t trust what you see, and you can’t trust that what you see is coming from the bona fide media organization that you believe it is, then that undermines trust right across the board for us.
“It’s something that we felt we needed to invest a lot of time and thought in, and we were more than delighted to find that there were like-minded people in the CAI at the time.”
How is the C2PA making a difference?
Release of the C2PA technical specification
On January 26, 2022, the C2PA released version 1.0 of its technical specification, forming the basis of the world’s first industry standard for content provenance.
This open-source specification is designed for easy implementation with any hardware, software, or online platform – from the smallest outfits right up to the biggest tech. Such accessibility paves the way for the widespread adoption of a global standard for digital provenance.
At a recent online launch event, Adobe’s Executive Vice President Dana Rao celebrated the release of the C2PA open standard as an important milestone in the journey towards restoring trust in online content, saying: “Today’s release means that everybody – software companies, social media platforms – can start building trust into their tools right now. And this is critical, because we all as a society need to be able to trust what we see, what we hear, and what we read.
“Being able to leverage our joint technical expertise has allowed us to create something that’s really going to work in our products and our tools and that’s the benefit of a standard that is created by and for the industry. We know what the problems are, we know how to solve them.”
The specification provides a comprehensive overview of the standard, covering the most technical details, while also offering a jargon-free explainer that’s designed to be accessible to all.
It also outlines the potential threats C2PA faces, provides detailed harms modelling, and offers information on user experience, including how C2PA information will be presented.
The Deepfake Taskforce Act
The release of version 1.0 of the C2PA technical specification comes shortly after the United States Homeland Security and Governmental Affairs Committee unanimously passed the Deepfake Task Force Act, which will create a task force at the Department of Homeland Security to tackle the ongoing threat posed by deepfake technology.
The act was introduced by Ohio Senator Rob Portman and Michigan Senator Gary Peters, both of whom appeared via video at the C2PA specification launch event.
“I’m pleased to help lead this good fight against deepfakes and to promote the authenticity of online content,” said Senator Portman.
“I’ve been honored to work closely with Dana Rao and teams at Adobe, Truepic, and other C2PA members to introduce new legislation to help develop standards for digital content provenance.”
Senator Peters continued: “This important bill will give the Department of Homeland Security additional tools to address the threats posed by deepfakes. It creates a taskforce made up of experts from government, academia, civil society, and industry, who will be charged with creating a coordinated plan to explore how the creation of a digital content provenance standard could help prevent the spread of deepfakes and disinformation.”
Such powerful support for the C2PA open standard is testament not only to the level of expertise that has gone into its creation, but also the level of threat that misinformation and disinformation poses to society.
CAI vs Project Origin vs C2PA
So, what exactly is the CAI? And what is Project Origin? And how will these fit with the C2PA project?
What is the CAI?
Led by Adobe, the CAI is a group that’s working on a secure end-to-end system regarding the provenance of digital content.
Who are members of the CAI?
The CAI was formed by Adobe, Twitter, and the New York Times, but has since added a large number of prominent names to its list of members, such as the BBC, Getty Images, Microsoft, Qualcomm, Truepic, and SmartFrame Technologies.
How does the CAI work?
The CAI gives photographers the option to automatically add tamper-evident time, date, location, and author details to an image at point of capture, which can then follow that image, unchanged, for the rest of its life.
In addition to these primary details, CAI data can be added every time that image is edited, logging anything from contrast tweaks, right through to composites. What’s more, by visiting a dedicated verification page, it’s possible to view versions of the image before and after edits, along with – if applicable – thumbnails of original images as they looked before they were combined.
Experience the CAI for yourself with the below image from renowned photographer David Yarrow, displayed using SmartFrame’s image streaming technology. Simply click on the information icon in the top left-hand corner of the image.
To read more about the collaboration between the CAI and SmartFrame, click here.
While the CAI’s current focus is images, it has earmarked other content that may eventually use the set of standards under development.
Learn more: Content Authenticity Initiative: What you need to know
IPTC data vs CAI data
So what’s the difference between the existing EXIF and IPTC metadata, and the standard proposed by the CAI?
There are three main ways that CAI improves on IPTC. The first is detail. As outlined above, the CAI not only makes it possible to log when, where and how the image was created at the point of capture, but it also continues to add to this data set as the image evolves, providing complete transparency around its provenance.
The second is accessibility. CAI data can be viewed at the touch of a button when an image is displayed online, making it as easy as possible for even the least tech-savvy users to access the data, without the need for any specialist software.
The third advantage is security. CAI data is tamper-evident, meaning that once it is added, any alterations will be clearly visible.
What is Project Origin?
Formed by the BBC, Microsoft, CBC/Radio Canada and the New York Times – and joint-led by the former two organizations – Project Origin is an initiative that provides a way of quickly and reliably authenticating the provenance of a piece of media online.
It aims to achieve a similar goal to the CAI, but for broadcast media instead of still images.
How does Project Origin work?
Producers can register the final edit of a production with Project Origin and give it a digital fingerprint in the process. Using this unique identifier, a tamper-proof certification of authentication is created and stored securely on a distributed ledger. This certification can then be embedded into the media item before it is published.
A user’s browser will then compare the fingerprint of the media being played with the original fingerprint on the distributed ledger. If the media has been altered in any way from its original certified form, Project Origin will alert the user.
How will the CAI and Project Origin work together?
As outlined above, the CAI and Project Origin essentially aim to achieve the same thing in a slightly different way, for slightly different applications. And with plans in place to develop the CAI standards to include video among other types of media, the technologies would inevitably end up in competition with one another.
The C2PA changes all that, and while the technology may still be evolving, the collaboration between these players is firmly established.
“The CAI has been focused on the creator ecosystem on devices and on social media. Project Origin has been focused on the news media ecosystem, particularly on video,” explained Andy Parsons, Director of the CAI.
“I don’t want to leave the impression that these are the only [two] organizations,” Parsons continued, “but these have been the focal points that agreed, early on in the lifetime of the C2PA, would come together to develop technical standards in one place, and effectively learn from each other in these various ecosystems.”
What has changed with the formation of the C2PA?
While the overall goal of the C2PA has not changed from that which was set out in detail by both the CAI and Project Origin, the key point is that this force has been strengthened.
A number of powerful organizations linking arms and forging ahead in the same direction certainly bolsters the fight against misinformation and disinformation.
However, the C2PA is keen to stress that these specifications have been designed not to prevent bad actors from acting badly, but to instead equip users with the tools they need to make their own decisions on the trustworthiness of the content they’re viewing.
“We’re not saying that this piece of content can be trusted, we’re saying it comes from where it says it comes from and it’s not been manipulated on its way to you,” emphasized Ellis. “C2PA is going to help you to make those decisions, but it cannot make those decisions for you.”
How will the C2PA bring transparency to the digital world?
While the leaders of the new coalition are the first to acknowledge that this is the beginning of a long and challenging road to popular adoption of the standard, all agree that it will ultimately lead to a safer, better-informed digital world.
“Project Origin focuses on the professional news organizations and they work with their constituents to make sure we’re building the right thing,” explained Rosenthal. “CAI is doing the same sort of thing within the creative community. So, it’s outreach, it’s education, it’s all these things – but all of it then comes together in the C2PA for the technical work.”
What is the scope of the C2PA?
With this concerted focus on educating the masses, you can expect to hear a lot more about the C2PA in the coming weeks, months, and years, in a broad spectrum of areas other than the primary – and arguably most important – areas of the media and human rights.
“We’ve gotten interest from a wide range of industry segments with regard to this technology – for example, the insurance industry, medical imagery, satellite imagery, the music business [and] government documents,” said Santiago Lyon, Adobe’s CAI Head of Advocacy and Education.
“Essentially, any piece of digital content that would benefit from more information about its provenance, regardless of where that interest arises or what the use case is. That’s how broad this is.”
This article was updated on January 28, 2022.
Discover how our innovative image-streaming technology can help make the online image ecosystem a safer place to be.
Subscribe to our newsletter
Get the latest articles and updates delivered straight to your inbox