In our prior post Protecting Against Digital Media Fraud Part 1: Prevention vs. Detection, we discussed how automated protection is the preferred method of defense against the threat of altered digital photos and videos. We discussed two of the approaches typically used (Prevention vs. Detection) in automated protection and the pros and cons of each.
The Challenges of Media Editing
When capturing a photo from a camera or a video recorded on a smartphone, it’s not unusual for that photo or video to be edited — for example, adding annotations, improving the brightness, cropping, etc. While editing, in this case, might represent a purposeful rather than a malicious operation, in some cases, for businesses that need files to be 100% authentic, protection against all editing is essential.
Take for example, an insurance claim or police evidence. The insurance carrier or law enforcement agency that requests and uses the digital media file needs to be certain that what they will receive is unaltered. Typically, there is no easy way of discerning good versus bad edits. Allowing individuals to email or submit photos, videos and documents in ways open to editing increases risk of fraud in the process.
However, let’s think about some cases where editing might be beneficial or even a requirement. In the field of healthcare, de-identifying photos might be important for preventing breach of private data. This can amount to blurring faces or any recognizable features. In the field of law enforcement,
redaction may be a necessity in a photo showing innocent bystanders, whose identity should not be revealed. Finally, think about transferring photos over a low-bandwidth network — perhaps due a poor cellular signal — where resizing those photos might be the only way to successfully complete the transfer in a reasonable period of time.
Ultimately, there are cases where purposeful editing is a requirement. How can digital media be edited while still maintaining confidence in its integrity?
Ensuring Edits Are Made Securely
While there is not a “one size fits all” solution for securely making purposeful edits to digital photos while preserving their integrity, there are ways to address the issue, using a combination of process and technology. These include:
- Eliminate the need to edit: At first glance, this may sound easier said than done, but consider the third example above of purposely shrinking a photo so it can be transferred over a slow network. One plausible solution is to have the application capturing the photo measure the speed of the network beforehand and adjust the photo resolution accordingly prior to the photo capture. This takes away the need to edit altogether. While this a clever solution to the network bandwidth example, it does not address other examples which may require more complex operations such as redaction.
- Move purposeful editing to the point of capture: Assuming tamper prevention tools are used to establish chain of custody at the point a photo is captured, if the photo can be edited securely during that point of capture, then the tamper prevention can be run afterward. This establishes chain of custody for a legitimately processed image and, if handled securely, minimizes or eliminates the window for fraudulent edits.
- Import the edited image: While only recommended in cases where the image traverses a secure, trusted device and network and where an authorized chain of custody is maintained, an edited image can be imported into a tamper prevention system after the edits. Because the edited image no longer has point of capture provenance, this method should be used only in cases where processing or editing after the point of capture is absolutely necessary or unpreventable and results in a slightly lower level of confidence in the photo. On the other hand, done carefully and securely, this solution can suffice for a number of use cases where editing is mandatory.
While none of these represent simple solutions, eliminating doubts about media integrity after required edits is a critical aspect of ensuring business quality digital media.