Protecting Against Digital Media Fraud Part 2: Secure Editing

Share on linkedin
Share on twitter
Share on facebook
Share on email
Share on print

In our prior post Protecting Against Digital Media Fraud Part 1: Prevention vs. Detection, we discussed how automated protection is the preferred method of defense against the threat of altered digital photos and videos. We discussed two of the approaches typically used (Prevention vs. Detection) in automated protection and the pros and cons of each.

The Challenges of Media Editing

When capturing a photo from a camera or a video recorded on a smartphone, it’s not unusual for that photo or video to be edited — for example, adding annotations, improving the brightness, cropping, etc. While editing, in this case, might represent a purposeful rather than a malicious operation, in some cases, for businesses that need files to be 100% authentic, protection against all editing is essential.

Take for example, an insurance claim or police evidence. The insurance carrier or law enforcement agency that requests and uses the digital media file needs to be certain that what they will receive is unaltered. Typically, there is no easy way of discerning good versus bad edits. Allowing individuals to email or submit photos, videos and documents in ways open to editing increases risk of fraud in the process. 

However, let’s think about some cases where editing might be beneficial or even a requirement. In the field of healthcare, de-identifying photos might be important for preventing breach of private data. This can amount to blurring faces or any recognizable features. In the field of law enforcement, 

person using photo editing controls on mobile phone

redaction may be a necessity in a photo showing innocent bystanders, whose identity should not be revealed. Finally, think about transferring photos over a low-bandwidth network — perhaps due a poor cellular signal — where resizing those photos might be the only way to successfully complete the transfer in a reasonable period of time.

Ultimately, there are cases where purposeful editing is a requirement. How can digital media be edited while still maintaining confidence in its integrity?

Ensuring Edits Are Made Securely

While there is not a “one size fits all” solution for securely making purposeful edits to digital photos while preserving their integrity, there are ways to address the issue, using a combination of process and technology. These include:

  • Eliminate the need to edit: At first glance, this may sound easier said than done, but consider the third example above of purposely shrinking a photo so it can be transferred over a slow network. One plausible solution is to have the application capturing the photo measure the speed of the network beforehand and adjust the photo resolution accordingly prior to the photo capture. This takes away the need to edit altogether. While this a clever solution to the network bandwidth example, it does not address other examples which may require more complex operations such as redaction.

  • Move purposeful editing to the point of capture: Assuming tamper prevention tools are used to establish chain of custody at the point a photo is captured, if the photo can be edited securely during that point of capture, then the tamper prevention can be run afterward. This establishes chain of custody for a legitimately processed image and, if handled securely, minimizes or eliminates the window for fraudulent edits.

  • Import the edited image: While only recommended in cases where the image traverses a secure, trusted device and network and where an authorized chain of custody is maintained, an edited image can be imported into a tamper prevention system after the edits. Because the edited image no longer has point of capture provenance, this method should be used only in cases where processing or editing after the point of capture is absolutely necessary or unpreventable and results in a slightly lower level of confidence in the photo. On the other hand, done carefully and securely, this solution can suffice for a number of use cases where editing is mandatory.


While none of these represent simple solutions, eliminating doubts about media integrity after required edits is a critical aspect of ensuring business quality digital media.

Summary

If your business requires the use of digital media like photos, videos and documents to make decisions, and you generally request the submission of media by customers or non-employees, then using a controlled environment where a photo goes from the camera to your possession, you can be assured that you are viewing something that is original, unchanged and worthy of basing a decision on. However, when purposeful edits to these photos are a necessary part of the process, there are processes and technology that can help ensure those edits happen using a secure and authorized process that is protected from any unwanted edits or manipulation. Either way, you can greatly increase confidence that what you are looking at is actually real.
Manny Parasirakis

Manny Parasirakis

About Us

Attestiv provides authenticity for data, photos, and videos, eliminating deepfake threats, data tampering, and enabling new efficiencies for enterprises.

Recent News

Sign up for our Newsletter

Nicos Vekiarides

Nicos Vekiarides

Nicos Vekiarides is the Chief Executive Officer & co-founder of Attestiv. He has spent the past 20+ years in enterprise IT and cloud, as a CEO & entrepreneur, bringing innovative new technologies to market. His previous startup, TwinStrata, an innovative cloud storage company where he pioneered cloud-integrated storage for the enterprise, was acquired by EMC in 2014. Before that, he brought to market the industry’s first storage virtualization appliance for StorageApps, a company later acquired by HP.

Nicos holds 6 technology patents in storage, networking and cloud technology and has published numerous articles on new technologies. Nicos is a partner at Mentors Fund, an early-stage venture fund, a mentor at Founder Institute Boston, where he coaches first-time entrepreneurs, and an advisor to several companies. Nicos holds degrees from MIT and Carnegie Mellon University.

Mark Morley

Mark Morley is the Chief Operating Officer of Attestiv.

He received his formative Data Integrity training at Deloitte. Served as the CFO of Iomega (NYSE), the international manufacturer of Zip storage devices, at the time,  the second fastest-growing public company in the U.S.. He served as the CFO of Encore Computer (NASDAQ) as it grew from Revenue of $2 million to over $200 million. During “Desert Storm”, Mark was required to hold the highest U.S. and NATO clearances.

Mark authored a seminal article on Data Integrity, that was published in the online Wall Street Journal. Additionally, he served as EVP, General Counsel and CFO at Digital Guardian, a high-growth cybersecurity company.

Earlier in his career, he worked at an independent insurance agency, Amica Mutual Insurance Company as a claims representative, and later, was the CEO of the Bermuda captive insurance subsidiary of a NYSE company. Also, he was the president of WorldPath Health, an international healthcare company.