From The Economist:

In an effort to reel in photography, camera-makers are making it more obvious when images have been altered.

One way of doing this is to use image-authentication systems to reveal if someone has tampered with a picture. These use computer programs to generate a code from the very data that comprise the image. As the picture is captured, the code is attached to it. When the image is viewed, software determines the code for the image and compares it with the attached code. If the image has been altered, the codes will not match, revealing the doctoring.

Another way favoured by manufacturers is to take a piece of data from the image and assign it a secret code. Once the image file is transferred to a computer, it is given the same code, which will change if it is edited. The codes will match if the image is authentic but will be inconsistent if tampering occurred.

Digital signatures, just as I suggested. But even that won't be guaranteed:

...forgers have become adept at printing and rescanning images, thus creating a new original. In such cases, analysing how three-dimensional elements interact is key.

Yup. So we'll also need the army of photographers, for independent views of the event in question, and an army of ever-more-sophisticated bloggers to keep the forgers honest (or at least catch them when they're not).

What would constitute "tampering"? Cropping? Adjusting the balance? Seems to me there needs to be more sophistication than just a yes or no answer to the question of how a particular photo has been manipulated; how it was manipulated needs to be recorded.

It doesn't really matter, as long as the original remains available for inspection, Cecil. If someone has processed a photo to clean it up, or highlight a certain feature, that's all right, as long as they also submit the unaltered original for comparison. If they don't do that, then any tampered photo is suspect.

Perhaps I'm dense but how can you validate the fingerprint of a data file as original when there is no master copy outside the control of the forger? I'm picturing this fingerprint as some kind of hash that the forger would simply rerun through the algorithm after changing. Voila, the numbers match. Then show that file to the world as the 'original'.

...how can you validate the fingerprint of a data file as original when there is no master copy outside the control of the forger?

Good question. There are potential ways to do this, but I'm working with a company on some concepts, and I can't go into any more detail, because they're proprietary.

If the camera has internal data known only to it and some third party, then you could build an authentication system based on that. The third party would be the actual authenticator. There's still ways to hack the picture, the camera, or the scene of which the picture has been taken, so that's an incomplete solution.

I like Cecil's idea of including a history of alterations to the photo.

These things work like public key encryption, except the opposite. Badsically, a chip in the camera has a secret encryption key used to encrypt the data. The decryption key is made public, so anyone can decrypt the data (but they cannot encrypt it). This process in called digitally signing, and is the same process used to verify SSL certificates.

As for making it work after re-scanning and digitizing, there are ways to attempt that - but nothing will totally work. (One simple method would be to use a watermark that will survive zoom + rescan. The problem is that then you would just take the original with a non-watermarked camera)

This process in called digitally signing, and is the same process used to verify SSL certificates.

Yes, very good, I can see that. You would need some kind of authority to keep and be responsible for the keys, with a chain of trust. Perhaps the wire services would require their photogs to use, say, the Reuters key, and then Reuters would be forced to stand behind the 'originality' of the photo.

I really worry more about the 'staging' of photos rather than forgery and no mechanical process will fix that, however.

Tob

I just wish 'digital signing' was ubiquitous in email already. When you can hunt down the SPAMers, there should be either 1) a lot less of it, or 2) more consistently recognizable.