I’m imagining security cameras having to revert to magnetic tape recording.
It’s like you guys think forgery is new & provenance/chain of custody don’t exist.
Forgeries are nothing new. Society has always worked on trust and best guesses. Nothing has changed.
Relevant xkcd: https://xkcd.com/2650/
why does everybody assume that all CCTV recordings need to be uploaded to a data center…
Some technology would have to remain as it is for it to not be forged or threatened by AI. If CCTV footage has to remain CCTV, so be it, don’t break what isn’t broken.
Picture this: when something takes a photo/video, a phone, a cctv camera, a DSLR, whatever, if it has internet access, it can hash the media it took, and store the hash+timestamp on a blockchain.
For reference, if it’s SHA256 + timestamp, thats like 35 bytes, or 35 terabytes for 1 trillion records. And there’s no ‘leak’ of the image itself.
This wouldn’t prove a particular video is/isn’t fake, but it would prove when it’s taken (or at least give a bound for when it was uploaded). And this is extremely useful to courts; say a video ends up being evidence. If you can tie it to the exact time of the crime, in many scenarios, the maker wouldn’t know to fake it in that moment. It’s impossible to edit a video/photo without changing its hash. Even police wouldn’t be able to fake it.
This is a rare useful (and frugal/practical) niche for blockchain. Immutable verification is a core principle.
This is a rare useful (and frugal/practical) niche for blockchain. Immutable verification is a core principle.
You’re right on everything else, but this is just no. You never need blockchain.
One just need someone who makes it credible that the hash and timestamp were not tampered with. Even posting the hash on Reddit would do it for most people. Reddit isn’t going to commit fraud for some random person. And that random person is probably not able to hack the database undetected.
Recomputing lots of hashes isn’t difficult. A blockchain doesn’t add any trustworthiness on its own.
I’ve entertained this concept before, but it presents issues. What if a piece of evidence needs to be edited? To protect someone’s identity (say an SA victim) or even just to cut an originally 1 hour stretch of security camera footage to the relevant 5 minutes.
There are plenty of legitimate reasons for editing photos or videos, even when being used as evidence. And I’m sure there’s ways around this using trusted chain of custody methods.
But I’ve seen this “just hash it and store the hash in an immutable, publicly verifiable manner (the actual use case for blockchain)” brought up before for this and stuff like governments signing recordings of their officials, and every time I have to point out that it ignores relevant key use cases.
I’m sure there’s ways to make this concept work, it isn’t a bad idea, but it’s never going to be quite so simple.
Yeah, though that particular complication is chain-of-custody like anything else, like you said. At some point the court has to trust evidence processing.
If (say) the defense wants to verify, they can ask the judge to scrub through original footage. This feels like a thing that could be smoothed out over time.
…But what worries me most is the ease of ‘spamming the system’. Say someone wanted to commit a crime pre-emptively, in front of devices doing this automatically; they’d have incentive to pay to flood the blockchain with random data. And if you introduce a small cyptocoin cost to uploading, well, that’s a whole can of worms you’ve opened there.
This is sort of thing I’d hoped TPM would be used for, rather than being used to prevent running an alternative OS.
I don’t see what TPM’s needed for.
The device hashes the video (trivial on any CPU capable enough to handle media) and uploads that hash, a simple blockchain network (or some sufficient existing blockchain) ingests it and sets the timestamp, then it’s stored publicly, unencrypted, but set in stone.
Now that I think about it, this would work for any file (like documents) or indeed anything hashable. It’s simply a public ledger of hash + timestamp pairs to prove “a file with this hash existed at this time,” and there’s no need to encrypt any of it.
What ensures that only valid stuff gets pushed in the first place?
The blockchain sets the timestamp at the moment it’s added. All the ‘user’ can do is upload a hash.
Other than that, it doesn’t matter. It just a table of hashes + dates, and hash tells you nothing without the associated file. Fake media could be hashed, but if a timestamp can’t ‘verify’ the media in question for a particular situation, then it wouldn’t matter to a court anyway.
I guess one particular attack vector would be orgs flooding the system, unfortunately, and that would be difficult to work around.
What guarantees that what was uploaded in the first place wasn’t deepfake slop?
Doesn’t matter.
If the timestamp can’t ‘prove’ its authenticity (like placing the video chronologically before anyone would know what slop to make), then it’s useless as evidence in court, even if the video is real.
For a long time, cctv recording isn’t always a 100% effective evidence, it merely proof something happened, and you will need multiple account to actually make a solid argument. Cctv can be forged, evidence can be manipulated, and people can be framed.
Though AI definitely make stuff messier because how thing can be so easily generated.
This is actually one of the very few reasonable use cases for block chain technology.
You have a security camera on site. It takes recordings and sends them to a data centre which then appends the footage and uses various algorithms to make a much smaller block chain compatible summary, a small hash for each snippit of video. The hash is then mixed with the previous sum of all hashes and appended to the video. This means that after the fact modifying the video is effectively impossible. You would have to do it between the camera and the data centre, so yes, still possible, but doing it at a later date would be very hard. You could also make sure this data was stored in an append only form, say magnetic tape, which has physical measures to prevent access after the date of storage.
Recomputing the hashes is not a problem at all.
You are forgetting the simplest form of fucking with this, hijack the feed.
No, it was explicitly called out as a flaw:
You would have to do it between the camera and the data centre, so yes, still possible, but doing it at a later date would be very hard.
Hi. There are thousands of ways to fuck with this.
Don’t anger the tech bros! /js
Forged evidence is a problem that has existed in court before. The whole concept of a clean chain of custody of media or an object, the trustworthiness of the thing that generated it, people being able to argue that something is fake and then prove it, has been around for centuries.
There was a brief period during which we could make exact digital replicas of what happened, but not fake them very well, and it sounds like that’s drawing to a close. But that just means video is on the same footing as every other type of evidence.
When i was in the police I’d often collect CCTV from store owners etc.
I’d usually supervise the download to make sure I only got what I needed. In my statement I’d reference that I’d supervised the download and that the footage hadn’t been tampered with.
It wasnt a big deal.
Adding on that as a compulsory requirement, or making it so CCTV systems add hidden info into the meta data wouldn’t be difficult.
Tech folk seem to not realize that “this image could have been faked!” has been a problem since the very first photographs.
Every step in evidence collection literally served to put someone’s name on it, so those people can go before a jury and say “yeah, that’s the stick i used to get the video from their security system”
They’re rarely called,.AFAIK, mostly because “that video must be faked” needs some corroborating evidence to be plausible. And for that matter, so does “this video shows him robbing my store!”
Law enforcement fabricating evidence is probably a much bigger issue. No matter how well you verify the accurarcy of your own evidence, if the system is corrupt, then it doesnt matter. Digital media is only one small part of that problem. Server logs, message logs, existence of files on your confiscated devices, call logs, etc. can all be fabricated by police. Fabricating images is just a cherry on top.
Cops can just raid your house, confiscate your drives, carefully plant CP on them and claim that you were in posession of CP. Im pretty sure this has happened before.
Cops can just raid your house, confiscate your drives, carefully plant CP on them and claim that you were in posession of CP. Im pretty sure this has happened before.
See, this is why I hate the typical social media (yes, including reddit and lemmy) bandwagon of always sideing against the accused for any sex-related charges. Like… c’mon, it hasn’t even been proven in court. If they “find CSAM” or has a random person making SA claims against a democratic socialist candidate running for high office, I’m gonna be very skeptical of the claims. Could’ve been falsified to derail a campaign.
You know there are Windows audit logs that can show tampering like adding files after the equipment has been confiscated.
And before you say well they can edit/remove the logs, it tracks that stuff too.
You know I can read and write to a “Windows” machine without ever booting up Windows? It can’t track anything if it hasn’t been booted.
yes, and when a forensic expert does their check on the system and see a file existing that the audit log says was never written by windows how can prosecution say it was on the drive when they cloned it?
A. That would require the courts to be capable of having actual technical understanding which they absolutely do not if you look at the kind of rulings there have been for IT related stuff in the recent past.
B. Of course you can fake any kind of log in undetectable ways. Police has all sorts of deals with zero day software vendors these days. So even if it were so magically foolproof (which it isnt, nothing is) then you can never be sure.
C. Doesnt need to be “found” on a windows computer, they can just put it on a random USB drive and that would most likely hold up in court.
Why would the courts need to understand? That is why technical experts are called to support evidence
technical experts are called
Which are then ignored usually. If courts actually listened to experts we wouldnt have climate change, governments spying on their citizens, countries supporting israels genocide, big tech privacy violations, etc.
But courts don’t call on experts in these cases, they are called by the prosecution or defence to support or pick away evidence.
It wouldn’t ever be inadmissible, but it be less and less trusted until it eventually would no longer become a “smoking gun”.
It would be essentially regarded as another form a “eyewitness testimony”, it would require an actual person to attest to its authenticity. If you recorded a street fight, you then would attest to what you can remember, who started the fight, then attest that you didn’t know any of them, and that you did not edit the footage and no one has touched it until you submitted the evidence.
CCTV wouldn’t be “absolute undeniable proof”, it would be linked to the storeowner’s credibility and security practices. For big systems, like government owned buildings, some IT expert would have to testify how the system works, then the security guard on duty will have to testify that no one has tampered with it, probably a neutral third-party IT expert to verify that the government employees isn’t spewing BS technobabble. We would probably need some sort of “citizen’s oversight commission” and people from said commission to tag along and monitor what cops are doing, make sure cops don’t start using AI to edit the footage, ensure the chain of custody is working, kinda like elections and poll watchers type of thing.
Problem I could see is, if you challenge the validity of a contract, and want to get a handwriting expert, you currently have to pay out of pocket. I fear the same for video/audio evidence, if you wanna chalenge it, you have to hire your own expert, and that is gonna get a lot of poorer, innocent people jailed over fake evidence.
So… for authoritarian/totalitarian countries with even less transparency, there’s gonna be a stronger wave of doubt and conspiracy theories about “the government framed him/her”, heck, even in democratic countries, these conspirscy theories are already a thing, people are gomma cry “deepfake” regardless of if the evidence is legit.
Manipulating photos, documents and witnesses lying has been invented since long ago.
All of the above is still admissible in court. Just a question of strong evidence it constitutes.
AI is a new technology but video, images, and documents have always been able to be forged.
In the US at least, there’s a lot of groundwork that needs to be laid in order for this kind of evidence to actually be admissable. You can’t just show any video or photo and say it’s real. You need to establish where it came from, how it came into your possession, and how it’s relevant.
Doesn’t mean forgeries never make it I to court, but just because you can make a fake video easier than before doesn’t mean you can just get it into court easily. Especially since if someone does think it’s suspicious, that will be discussed and ruled on long before the trial itself begins. And even if they can’t outright prove it’s fake, it may not be admissible just due to how suspicious it is.
I think that things like mapping hot/cold pixels, noise modeling etc will come into play to prove source
A long time.
Digital evidence, like any other evidence, is something that is shared between the plaintiffs and the defense prior to being admitted in court for the judge or the jury to review.
If there is suspicion over whether it is authentic, there are experts that can be brought in to confirm the validity of the digital evidence.
That is not to say that there is no likelihood that false digital evidence can be successfully brought to court, but the likelihood is very small, assuming that each side is doing their part to the letter and spirit of the law.
