CAI Symposium | C2PA Primer
um I'm Colleen Jose I lead community and our efforts in editorial I know many of you traveled really far from Germany Japan the UK so thank you all for being here and for being part of our Vibrant Community um I'm really excited to introduce my colleague Leonard Rosenthal um Leonard is senior principal scientist at a do he serves as PDF architect and has been involved with the technology for over 30 years um in 2019 surely after this caii was established he took the took on the responsibility of Chief Architect for this Cai and this led him to chairing the technical working group of the c2p so over to Leonard to tell you more thank [Applause] you yeah I don't know what it is that all of those pictures are missing our head top of our heads so I'll have to figure that out there a hardware problem so it's not my fault all right there we go much better all right so you've heard a lot already this morning I will try not to duplicate a lot of the material but I would like to spend some time put it in context and go a little deeper into um the Coalition for Content provenance and authenticity the ctpa so you've heard about the ctpa a bit uh you see Cai all over the place um so what's the relationship between the two other than uh content authenticity came first and ctpa came second at the ctpa we like to think of ourselves as the architects in that we are the ones out there putting together the technical standards defining how this stuff is going to work and then Cai is the group that that is out there building implementations doing the education doing the Outreach to various organizations and and leveraging the work that we do at the ctpa so obviously we are working very very closely together but we each have very clear delineated focuses try there we are so as I mentioned the c2p operates as a separate organization we are operated as a what's called a Linux Foundation um development foundation project uh this is the way that a lot of Open Standards now are done uh various image formats Wi-Fi standards digital certificates all sorts of things are now done through the Linux Foundation because it's a nice infrastructure for doing Open Standards and open source today and as I mentioned our goal our mission at the ctpa is to Define that standard for Content Providence and authenticity at scale with a focus on and we think about and have established very early on the use cases that enable whether it's a publisher it's a creative it's a user uh we also think about th not only that those individuals but also organizations uh we've had various people come to us over time from different organizations uh insurance Banking and others who are also thinking about how they can put this same idea of content provenance and authenticity to use so our membership is nowhere near the 2,000 that the CI has and that's actually okay uh we are over 80 members at this point uh and we are getting membership applications in Daily uh so the picture here is a little out of date uh because it takes us a little bit to get all of the logos is updated on our website but I said here you can see Hardware vendors software vendors Network providers human rights organizations certificate vendors you know all sorts of agencies organizations companies with different reasons for joining and wanting to be part of building this standard and we also don't do it alone we have established Leons with various other Open Standards organizations we partner with the ISO the International Organization for standardization and a number of their groups we partner with the IPC the group that's responsible for metadata for photographs and video we partner with Etsy Etsy is the European telecommunication standards Institute they're the ones that Define the rules and standards in the European Union for digital identity and digital signatures and even specific groups like The PDF Association who work with us to ensure that our standards can be leveraged with other standards such as PDF and we continue to build up these liazon ships we continue to build up our relationships with other groups the w3c we don't have a formal relationship with but we work with very closely as well on web standards so our goal is all about building this open standard and integrating it with those standards from these other organizations around the world you've heard a bunch of already today from Dana Nico and others but there are three pillars that we focus on obviously the clear one is provenance it's in our name but we also education you've heard about that Dana spoke well on that matter and also about policy and I'll talk a little bit about some of the work we're doing in policy through the ctpa the one thing we do not do will not do is detection We Believe very clearly that it is about attribution it is about provenance it is not about detection why because provenance is not an arms race we don't want to get into a battle of hey we can detect your stuff okay maybe not anymore you know it's not like the days of copy protection back in the 80s and 90s we just don't want to be there we want to focus on putting the information that is known into the assets today and having them carried into the future that's our goal also you know I work for a company Adobe uh which makes software that does editing of content uh we'd like to continue to sell Photoshop and acrobat and Premiere and everything to edit all of that content we've done well so far uh in our 40 years of existence we'd like to continue to do so so editing is good uh and you've seen lots of great examples today and we'll continue to see more of why it needs to be this full workflow uh and continue through it I'll also talk a bit about signals uh each one of these pieces of information that goes into our content credentials we talk about as trust signals because every one of those things the who the what the how the when the why potentially are all things that that end user that consumer of your content can look at and then make their own determination about do they trust do they believe in this content because we can't do that for them machines cannot do that for them only individuals as they are consuming the content can make that decision and so the more trust signals that they get the more that they will be able to make those decisions intelligently for themselves when we started this process uh back in 2021 as you heard we had we established some design goals that we have kept ourselves to throughout the development process and I'm just going to mention a few of them because they really are key to what we do and why we do it so the first first one was our goal was not to develop anything new we don't want to reinvent the wheel instead we want to build on Battle tested Technologies things that have been out in the field before other Open Standards so we've done that all of the stuff that you will hear a little bit about now and then I have a breakout this afternoon I'm happy to talk in great detail about this um they they're pre-existing standards we just took them and put them together into a new and unique way of leveraging them we really didn't have to invent a lot of new stuff and that's great made it a lot easier for people like Leica and others to implement because of that very early on we decided that cloud storage use of blockchains distributed ledgers was not a requirement we are perfectly happy to have it used um we have many members who do this whether it's in clouds blockchains ledgers Etc and integrate with our content credentials but it is not a requirement it needed to work completely offline like for example on a camera as well as in a fully connected space uh and we've achieved that we talked about this idea of audit Trails of provenance all the way from that capture experience to the final publication and it had to work across all types of formats and all types of media images videos audio documents 3D AR and VR all of the things any way in which you can create content you need to be able to establish its provenance and we've been working very very hard um within ourselves and with our partner organizations to make that a reality as you heard Dana mentioned we are currently at version 1.4 of our specification uh it was just released a few weeks ago so I understand it hasn't made its all the way has not made that information up to the executive floors where Dana Works um so totally understandable uh 14 is new uh a lot of interesting things in 14 this was an opportunity where we had some new members come in we get every so often this happen so we had some new members joined who brought some ideas with them of things they wanted to see so a lot of the stuff that came out in 14 came from new members uh my favorite example of this is uh company monotype so some of you may know they're a long-standing font vendor they brought us the idea of establishing provenance for fonts so one of the interesting features in 14 includes the ability to establish providance for fonts and text we did a lot of work around text and documents uh as well in 1.4 so that was an idea that came from New membership and that's what we like to see is our new members bringing us their needs their use cases and US figuring out how to apply the technology that we've built to their needs so what is this thing um very simply our goal is to establish cryptographically verifiable and tamper evident information okay and we do that around an established trust model that trust model is sacran in our standard like if there was one core kernel of the work we've done it's that trust model that's the one thing that like we will not change it is what everything is based around it's how we as an organization and users as they start to consume these things are going to know that they can trust the ctpa and how they're going to then establish the trust about the content they consume so there's a couple of core components in our credential so this is a you know pretty little diagram here of what a Content credential the parts are internally in the technical spec we refer to this as a c2p manifest that's the technical term content credentials are ctpa manifests they are a onetoone map and designed to be that way it's just the human term and we like it um and of course the pins look really pretty too uh so a nod to Pia Blumenthal uh who was our designer uh for both c2p and CI who did a wonderful job on the the logo so what do we have in here what we have is really the three bottom components are the most important ones assertions are the statements of fact these are the things you're going to put in there the who the what how Etc these are your statements the as you saw from Lea these could be the GPS coordinates they could be the copyright they could be any sort of information that you want to establish as fact about your content that's an assertion the assertions are gathered together and bundled into what we call a claim and the claim is then digitally signed and that's the claim signature um in addition as you saw Dana showed you if you wanted to you could turn on your identity you could have your name and information established in there as well that goes into what we call our VC Store so we can establish identity as well again all of this bundle together digitally signed and becomes tamper evident and then those pieces of information go very nicely uh and be displayed places like content credentials. org our verify site um as well as natively built into applications and you can see how they just map one to one from each of those pieces to Something in the user experience I mentioned the Manifest can be embedded as I mentioned images video formats document formats we recently added support for Microsoft Office files uh in the 1.4 specification I mentioned fonts audio so all about being able to embed it carry it along with it I also said that it can be referenced meaning it can be stored up in the cloud it could be stored on a blockchain or DLT that's fine we want to enable that in those scenarios where you either can't or don't wish to embed it you can store it up in the cloud or both in some cases you may want to keep a record uh for example uh in addition to it being in the asset in case it gets lost or either purposefully or unintentionally stripped from the asset and to that point one of the things that we are working on is we continue to advance the standard uh and Andy sort of hinted at this earlier is two other pillars of this three- pillared store we talk about so in addition to provenance we want to look at watermarking so we have an active group right now within the ctpa focused on watermarking so how can we leverage watermarking as a technology to connect to our manifest and manifest data and also fingerprinting so we can also go back and again reattach manifests when they become detached and lost from assets uh you've seen some other pictures similar to this today but this whole idea of again the process goes from creation editing publishing sharing and viewing each time another manifest another content credential is added telling the full story of what happened to the this asset and by whom so I mentioned that the trust model is key to what we do let me spend a minute or two on this our trust model isn't something we created from hul cloth it's the exact same trust model that has been around for over 30 years now uh it is based on x509 certificates it's the same technology that represents that lock icon in your browser at least until the leg that icon go goes away um but that lock icon we know we understand it same trust model it's also the same trust model that has existed in PDF for over 25 years so when you sign your documents uh you know electronically you're using that exact same technology it is standardized by the iso it is standardized by um ITF by other organizations so well EST l so we built our trust model on that exact same Foundation certificate authorities and Trust list and this is how we can establish the tamper evident this as well as the trustworthiness of the tools the people the organizations that are signing that asset you know well established we understand it we know how it works and I mentioned before you combine that with trust signals so all of those assertions all of the information the claim coming together to give that user more and more useful information with which they can make their final determination about whether or not to trust this and as I mentioned trust is a human decision it's not a decision by machine and I love this picture because it really says trust is not a one or a zero it's not a binary decision it's not a thumbs up or thumbs down it really goes up and down a scale and as you look at each one of the things about an image you're mentally doing this not consciously but unsubconsciously going okay I trusted a little more I trusted a little less and so this idea of this sliding scale of trust and having it on a range just speaks to me and I and I really really speaks to what we do at c2p and how we think about um our manifest and credentials so I want to talk as you've heard one of the things that has come up most recently at the ctpa in the world world is generative AI when we started this effort it wasn't a thing um but as it became one we made it a high priority it was the highest priority in our one two specification was introducing aspects around generative Ai and we introduced three of them so there's three things that we wanted to ensure could be done with a Content credential in this area first and foremost was you needed to identify that a given asset was or was not um involved with generative AI this could have been created from scratch you saw Dana's um Adobe Firefly image this could have been something where you started with a photograph and you added or removed someone or changed something for example using photoshop's generative fill anything in which generative AI or AI not just generative but it can be applied we want that identified onto the asset we we also want to be able to identify the regions of Interest where that was applied and this is not just about images or videos but we just thought about in the latest 14 specification we introduced this for text and llms as well so if you're authoring a document saying Microsoft Word using the new um co-pilot feature and you highlight a paragraph and you say you know what simplify this paragraph for me okay it goes and it does that and then you say save as PDF and you open that PDF you should be able to see in your PDF viewer hey this one paragraph was impacted by AI because if that's one paragraph out of 300 Pages don't tell me the document was impacted by generative AI tell me what part of that document was impacted by generative Ai and that applies again this is the document case but apply that again to videos if you have an hourong video and only three frames are impacted we need to know just those frames and so this is where regions of Interest another feature of content credentials comes into play We also wanted to establish the ability to record what we call the recipe so we have a a very kitchen oriented vocabulary in ctpa we have ingredients uh so when you bring a bunch of other images or videos or components together into a composit or asset we call those things ingredients so how did you do that what's how did you build up an asset we call that the recipe so the recipe in a generative AI scenario that's the prompt you use if you provided a sample image like do it in this style you could should be able to provide that image if you use seed values or all any sort of other thing that helped your generative AI produce the result that's the recipe and we'd love that recipe information to be carried along with the asset as well very important in the creation process we also went to the other side which is that it was very clear and if you've read any stories in the Press you know this to be the case that creatives authors wanted to be able to say Do not train on my assets and so we established another one of those assertions which enables people to say Do not train on my asset and you can identify different types of training that can be done you can also say do not use it for infr so if you don't want to allow it to be used as a a sample for styling you can do that as well so briefly since I'm getting the nod over on the side because the clock isn't working it's not my fault um I'll briefly talk about the fact that uh you've heard about Dana mentioned the US and the work going on here in the United States on policy we're not just focused on the United States the UK and EU um are places that we are focused on I've been in contact with the Chinese government uh around their uh AI legislation uh I'm been invited to come to Australia to talk to them about it as well so we are talking to various governments around the world on this issue um it is extremely important and we believe that the ctpa technology the content credentials are what are going to help address the problems and help them establish those legislative restrictions so I will wrap up um again so the ctpa the our content credentials are about establishing that open standard it's not about establishing one single way of doing it it's not about establishing a platform or set of source code or anything like that it's an open standard that you build upon that creates interoperability compatibility so that no matter what tool is used what asset type is used you can interchange and understand and express the Providence do you wish so thank you all very much and uh if you have any other questions about it I'll be around [Applause] today
2024-02-06 22:29