A video of a giant squid thrashing around a downtown Zara. Is it real? 

A video of a politician saying something pretty sensible: fake, right?

A video of a volcano singing show tunes and erupting rainbow-colored marshmallows. Huh?

What’s true?

Using advanced editing software and AI, people these days can generate clips showing anything under the sun, no matter how preposterous, and pass them off as genuine. Rogues such as misinformation, disinformation, and deepfakes flourish and multiply. All come knocking at your device’s door, asking you, inviting you, begging you, to believe.

Comedian John Oliver did a 1/2-hour dive into this debris, what he terms "AI slop."

Luckily, an organization has stepped up with a spec that can put its stamp on what’s authentic, and what’s synthetic. The spec can certify where the pictures, motion pictures, and sounds we’re seeing and hearing come from.

That organization is called Coalition for Content Provenance and Authority, or C2PA.

All about the metadata

Launched in 2021, media and tech industry-led C2PA seeks to embed signed metadata into digital media files, ensuring that each piece of content’s source and integrity remains verified during its journey throughout the internet.

The technical specification, available on the C2PA site, lists in detail how authors and editors can use the spec to create and record assertions on how, where, and when content assets are authored and modified.

The spec is a protection mechanism, essentially.

Say an original source file gets manipulated (no matter if it’s slightly manipulated, or altered beyond recognition). Or say the original file was created out of whole cloth by AI. Then that manipulation or complete artificiality becomes documented and researchable.

Core parts of C2PA

The C2PA framework provides a structured, tamper-evident way to track a piece of content all the way from creation to distribution, including any pit stops (alterations) the asset makes along the way. 

C2PA involves the following parts.

• Provenance manifests
  
  These manifests describe where, when, and how the content was created, inclusive of changes.
  
  
• Digital signatures
  
  These so-called “didge sigs” validate the manifest’s authenticity and ensure the metadata hasn’t been doctored.
  
  
• Certificates & identity
  
  C2PA relies on Public Key Infrastructure (PKI) to verify the signer’s identity. PKI is like a digital passport. Holders of these passports prove their identities to gain access to secure channels. PKI uses public-key cryptography, meaning each entity owns two keys. One is a public key used for encryption, and the other is a private key used for decryption.
  
  
• Selective disclosure
  
  Sounds like a relationship, right? You choose what you reveal. Creators of content can redact sensitive metadata, without invalidating or breaking the overall chain of trust, even though anything redacted is traceable. 

This open standard of C2PA is format-agnostic and designed to work across images, video, audio, and documents—with a particular emphasis on scalable adoption.

What’s Unified up to in the C2PA space?

Almost since the spec hit the scene, via multiple standardization organizations, Unified Streaming researchers have been evangelizing for the use of C2PA to address authenticity and provenance requirements.

Recently, the company has created a proof-of-concept (PoC) that presents how to stream DASH live while employing the C2PA specification.

Why DASH? Well, it’s a very popular format for streaming. Plus it holds the tools to enable the delivery of C2PA-type information, specifically the DASH event message mechanism.

In the Unified Streaming PoC, each segment can carry the requisite C2PA manifest, allowing the player to validate the media on a segment-by-segment basis. Publicly accessible now, the demo of the Unified Streaming PoC of streaming DASH live using C2PA has already been described in detail as a contribution to MPEG (Moving Pictures Experts Group).

Unified Streaming Standardization Representative Mohamad Raad plays a key role in Unified’s involvement with C2PA. Asked what interests him most about C2PA, Raad said, “The flexibility of the approach to describe any kind of media. C2PA provides a method of describing the provenance and authenticity of the media independently from the format used to capture the media itself.”

But will it play in Peoria? The spread of C2PA 

The companies involved in developing C2PA under the umbrella of the Linux foundation signals that “there will be widespread adoption of C2PA,” said Raad.

“We have already seen announcements from some consumer electronics companies saying they will support C2PA. Some generative AI platforms are also including C2PA manifests to describe the provenance of media those platforms generate.

“Furthermore, a number of regulators over the past months have given the impression that C2PA will be used to help in identifying the source and trustworthiness of content. All of these indicators lead to the expectation that the adoption of C2PA will be widespread,” added Raad.

Making media trustworthy

There’s a reason Raad is driving support of C2PA within his role at Unified Streaming, and it dovetails with the company’s support of independence within workflows.

“I believe it’s good practice to describe media in a way that is independent of the media itself, while being able to bind the description to the media," said Raad.

“Think of it in the same way as a biometric identity card or a passport. The document itself is independent of the person, and there is a binding, through, say, a fingerprint. This approach to describing media means there is no need to lock the description to the media format. So a video compressed using MPEG-2 can be described in the same way as a video compressed using HEVC.

“The C2PA approach also allows one to follow the history of content all the way back to the recording device. I see this as an important contribution to making sure that we can benefit from new technologies such as AI, while also having the ability to determine whether or not content is trustworthy.”

C2PA and the future

Is C2PA upgradeable? What’s coming down the pike for the spec?

According to Raad, the C2PA spec is being updated regularly, and the organization has a number of technical groups working on addressing new use cases. The relevance of the spec, therefore, is expected to grow with time.

“Anything can be hacked if enough resources are available,” said Raad. “But what C2PA will do is make it much more difficult to create fake content and make fake claims.”

And in a world where fake content assets and claims spring up like subterranean mammals in a game of Whack-A-Mole, making the barrier to spoofing more difficult can be only a good thing.