How C2PA Helps Combat Misleading Information

With the rise of generative AI, users are increasingly flooded with content of unknown provenance. Generated content is cheap, easy to produce, and difficult to tell where the information comes from or whether it has been manipulated. Misleading information on the Internet is more prevalent than ever.

This problem not only reduces people’s trust in online systems, but in the real-world systems that these online systems underpin: from elections, the financial system, to government and democracy itself. Combating misleading information requires input from every stakeholder in the ecosystem, as well as the creation of shared, open standards that allow users to track and evaluate content provenance. Understanding where the information in a piece of online content comes from is a critical first step to establishing trust.

For this reason, the Coalition for Content Provenance and Authenticity (C2PA) was formed. C2PA develops an open technical standard called Content Credentials that provides publishers, creators, and consumers the ability to trace the path of different types of media, from production (which camera took a photo, whether the photo was manipulated, and when) to consumption (bringing this information to the website that publishes the photo). Hosted by the Joint Development Foundation, C2PA has members who are representative of the content production lifecycle, and include organizations such as Adobe, the BBC, Google, Intel, Publicis Groupe, Microsoft, OpenAI, Sony and Truepic.

Why standards are needed

Why are new standards needed? Content changes or tampering — from minor touch-ups by content owners to manipulation of original content by third parties — is not an isolated issue: it is happening at scale and at all points throughout the media ecosystem, from publishers and creators to consumers. The media machine is global, rapidly evolving, and quickly adopted thanks to easy-to-use design and editing tools. While the industry has standardized certain techniques (e.g. image masking) and file formats (e.g. .png), file metadata doesn’t typically convey information about what was changed as a file moves from one platform to another in a human-readable way.

To address this issue, the Coalition is creating a rich ecosystem of digital provenance enabled applications for a range of individual and organizational use cases. C2PA’s specifications are designed to enable global, opt-in, adoption of digital provenance techniques for images, videos, audio recordings, and documents. These specifications are informed by scenarios, workflows, and requirements gathered from industry experts and partner organizations, such as the Project Origin Alliance and the Content Authenticity Initiative (CAI), and meet appropriate security and privacy requirements, as well as human rights considerations. This wide review helps establish solutions for unmasking maliciously manipulated media that are understandable, interoperable, and implementable.    

Demand for standards to address digital media provenance and authenticity is coming from both the public and the private sector. Recognizing the need to balance the priorities and concerns of different stakeholders, C2PA held a symposium that brought together policymakers, media industry leaders, and end-user organizations to discuss possibilities and opportunities for the future of the internet in the deepfake and disinformation era. In addition to the need for technical specifications, the symposium highlighted the importance of cooperation and alignment between public policy, education, and awareness campaigns in order to make meaningful progress. Since that landmark event, the Coalition has garnered further support from the White House and Congress, device manufacturers including Sony and Leica, and media platforms such as Adobe and TikTok. 

How C2PA works

The C2PA specification enables the authors of provenance data to securely bind statements of provenance data to instances of content using unique credentials. C2PA uses cryptography to encode details about the origins of a piece of content, by using cryptographic hashes to bind to every pixel in a source image or video. Similar to a nutrition label, C2PA provides information about who created the content and how, when, and where it was created. Content authors and publishers of provenance data may also include statements about when and how it was edited throughout its life. Users can then easily check the C2PA metadata of the digital content and make an informed decision about whether to trust the information in that asset.

Importantly, the C2PA specification does not provide a value judgment about whether a given set of data is “true” or “trustworthy,” but instead provides a secure way to match provenance information to a given digital asset. For a deeper technical dive into the way attestations and Content Credentials are authored, watch our recent webinar with the chair of C2PA’s technical Working Group, Leonard Rosenthal. The full C2PA Specification can be found here.

For a more in-depth look at how C2PA is used in practice, check out these explainers published by the MIT Technology Review and BBC News.

Future directions

C2PA aims to become more effective by increasing the adoption of Content Credentials across the Internet. The organization is currently working with other standards bodies and consortia to bring its specifications for international adoption and integration with other media standards. The organization also recently received a $500,000 grant from the Societal Resilience Fund to launch an educational campaign aimed at providing clarity and awareness of the current landscape of digital disclosure methods and best practices. The campaign will also seek to explain and drive awareness of the availability of Content Credentials.

To get involved with C2PA, you can follow or contribute to its work on GitHub. Read the specification to see how you can best integrate C2PA into your own systems, or improve the standard. Finally, your organization can join as a member to help influence the future direction of content provenance on the Internet.