The inside scoop on watermarking and content authentication

This article is from The Technocrat, MIT Technology Review’s weekly tech policy newsletter about power, politics, and Silicon Valley. To receive it in your inbox every Friday, sign up here. On October 30, President Biden released his executive order on AI, a major move that I bet you’ve heard about by now. If you want…
The inside scoop on watermarking and content authentication

C2PA focuses primarily on content authentication through a protocol it calls Content Credentials, though the group says its technology can be coupled with watermarking. It is “an open-source protocol that relies on cryptography to encode details about the origins of a piece of content,” as I wrote back in July. “This means that an image, for example, is marked with information by the device it originated from (like a phone camera), by any editing tools (such as Photoshop), and ultimately by the social media platform that it gets uploaded to. Over time, this information creates a sort of history, all of which is logged.”

The result is verifiable information, collected in what C2PA proponents compare to a “nutrition label,” about where a piece of content came from, whether it was machine generated or not. The initiative and its affiliated open-source community have been growing rapidly in recent months as companies rush to verify their content. 

Where does the White House come in?

The key part of the EO notes that the Department of Commerce will be “establishing standards and best practices for detecting AI-generated content and authenticating official content” and notes that “federal agencies will use these tools to make it easy for Americans to know that the communications they receive from their government are authentic—and set an example for the private sector and governments around the world.” 

Crucially, as Melissa and I reported in our story, the executive order falls short of requiring  industry players or government agencies to use this technology. 

But while the experts Melissa and I spoke with were generally encouraged by the provisions around standards, watermarking, and content labeling, watermarking in particular is not likely to solve all our problems. Researchers have found that the technique is vulnerable to being tampered with, which can trigger false positives and false negatives. 

Soheil Feizi, at the University of Maryland, has conducted two studies of watermarking technologies and found them “unreliable.” He says the risk of false positives and negatives is so extensive that watermarks provide “basically zero information.”

“Imagine if there is a tweet or a text with a hidden official White House watermark, but that tweet was actually written by adversaries,” Feizi warns. “That can cause more problems than solving any of the current problems.”

What’s more, his research found that invisible and tamper-proof watermarking technologies are theoretically “impossible,” though he has not studied the efficacy of content authentication techniques.