Re: VeriPic photographs for court evidence

[Brent Boren]

It would be interesting to see how VeriPic could prevent someone from uploading a modified digital image into the camera before "verifying" it as original and re-downloading it with the verification stamp.

I can take images from my 505, modify them, and re-upload them to the 505 with relative ease. If someone were to run verification on these files before downloading them again, all it would prove was that they were not modified any further.

Am I missing something here?

 

[Pepe]

It would be interesting to see how VeriPic could prevent someone from
uploading a modified digital image into the camera before "verifying" it
as original and re-downloading it with the verification stamp.

I can take images from my 505, modify them, and re-upload them to the 505
with relative ease. If someone were to run verification on these files
before downloading them again, all it would prove was that they were not
modified any further.

Am I missing something here?

I agree. It is quite an ineffective sysyem, I must say. The Epson way is far better because it adds the authentication during the in-camera image processing.

 

[John Kwan]

It would be interesting to see how VeriPic could prevent someone from
uploading a modified digital image into the camera before "verifying" it
as original and re-downloading it with the verification stamp.

I can take images from my 505, modify them, and re-upload them to the 505
with relative ease. If someone were to run verification on these files
before downloading them again, all it would prove was that they were not
modified any further.

Am I missing something here?

The answer to your question is that we only work with specific models of digital cameras. These cameras have the ability to tell if the photo on their compact flash cards are the ones that it took or if it's been altered. We connect to these cameras by the serial or USB port. Our software can ask the camera certain questions directly because we have a direct connection. This prevents the kind of forgery you are refering to. If you have any further questions you can pose them to myself or one of my staff at [email protected]. Thank you for your interest in our product.

-John Kwan, Founder
Kwan Software Engineering, Inc.
(The VeriPic (TM) people)

 

[Will Perlis]

I agree. It is quite an ineffective sysyem, I must say. The Epson way is
far better because it adds the authentication during the in-camera image
processing.

What's to prevent someone from manufacturing an image they want and uploading with "valid" Epson codes already imbedded in it?

 

[Teddy]

You mean police for instance is going to use only specific brand/model of digital camera in gathering evidence ? The software then will be useless if the image is taken with an "unauthorized" digicam. In other words, if I witness a crime, and was able to shoot some images using my digicam, it will be unusable in court.

Moreover, I still think that images can be forged. Once hackers know how the system works, we'll be seeing "authentic" altered images around.
Anyway, I still hope the VeriPic system really works.

It would be interesting to see how VeriPic could prevent someone from
uploading a modified digital image into the camera before "verifying" it
as original and re-downloading it with the verification stamp.

I can take images from my 505, modify them, and re-upload them to the 505
with relative ease. If someone were to run verification on these files
before downloading them again, all it would prove was that they were not
modified any further.

Am I missing something here?

The answer to your question is that we only work with specific models of
digital cameras. These cameras have the ability to tell if the photo on
their compact flash cards are the ones that it took or if it's been
altered. We connect to these cameras by the serial or USB port. Our
software can ask the camera certain questions directly because we have a
direct connection. This prevents the kind of forgery you are refering to.
If you have any further questions you can pose them to myself or one of
my staff at [email protected]. Thank you for your interest in our product.

-John Kwan, Founder
Kwan Software Engineering, Inc.
(The VeriPic (TM) people)

 

[John Kwan]

You mean police for instance is going to use only specific brand/model of
digital camera in gathering evidence ? The software then will be useless
if the image is taken with an "unauthorized" digicam. In other words, if
I witness a crime, and was able to shoot some images using my digicam, it
will be unusable in court.
Moreover, I still think that images can be forged. Once hackers know how
the system works, we'll be seeing "authentic" altered images around.
Anyway, I still hope the VeriPic system really works.

You will not be able to use an "unauthorized" camera with VeriPic (TM). The
VeriPic (TM) software will refuse to talk to your camera if it is not one of the
cameras that is on our list. The situation you describe above can not occur.

The answer to your second question is, that's right. Photos taken by your
digital camera may possibly not be usable in court. Many states (> 10) are
considering legislation that prevents digital photos without authentication
from being used as evidence. That's why our company also has a consulting
service to provide court testimony and also helps Police Departments select
cameras and equipment and set up digital photo evidence gathering procedures.

(We also monitor digital photo web sites as well...)

As to being able to hack anything, hackers can always hack something. It's a
matter of how much computer power and how much time they have. If a

system takes several hundred or thousands of computer years to hack something running full time it would be pretty hack resistant. If it takes even
longer than that it's more or less hack proof. If you like you are welcome to
purchase a system and try to hack it. The only restriction is that we can only
ship in the United States and can't currently export the software so you
must be a U.S Citizen living in the U.S. to purchase it.

-John Kwan
http://www.VeriPic.com

It would be interesting to see how VeriPic could prevent someone from
uploading a modified digital image into the camera before "verifying" it
as original and re-downloading it with the verification stamp.

I can take images from my 505, modify them, and re-upload them to the 505
with relative ease. If someone were to run verification on these files
before downloading them again, all it would prove was that they were not
modified any further.

Am I missing something here?

The answer to your question is that we only work with specific models of
digital cameras. These cameras have the ability to tell if the photo on
their compact flash cards are the ones that it took or if it's been
altered. We connect to these cameras by the serial or USB port. Our
software can ask the camera certain questions directly because we have a
direct connection. This prevents the kind of forgery you are refering to.
If you have any further questions you can pose them to myself or one of
my staff at [email protected]. Thank you for your interest in our product.

-John Kwan, Founder
Kwan Software Engineering, Inc.
(The VeriPic (TM) people)

 

[Brent Boren]

The proposed legislation you mention would be unfortunate because it would preclude the "Rodney King video" situations fairly effectively ("I'm sorry sir, even though you have video of the police beating you illegally, it was not on an approved camera so we can't use it"). It would be extremely bad to see legislation like this passed under the banner of protecting us from digital harm.

Unless, of course, companies like yours can develop methods of authenticating ANY images from digital sources. Keep up the good work - sounds like we will need these capabilities :^)

The answer to your second question is, that's right. Photos taken by your
digital camera may possibly not be usable in court. Many states (> 10) are
considering legislation that prevents digital photos without authentication
from being used as evidence. That's why our company also has a consulting
service to provide court testimony and also helps Police Departments select
cameras and equipment and set up digital photo evidence gathering
procedures.

 

[Teddy]

I agree. If anyone is familiar with the recent sex attack in NY's Central Park, they're using amateur video clips as evidence against the attackers. What if that's the only evidence that will prove the crimes committed ? The defendant's lawyers can easily say those images were altered, right ?

What I'm trying to point out here is that the VeriPic system should not limit itself to would be 'authorized' digicams. And also, I hope VeriPic will not be the ONLY system that will authorized to authenticate digital images.
There must be some other way, right ?

Unless, of course, companies like yours can develop methods of
authenticating ANY images from digital sources. Keep up the good work -
sounds like we will need these capabilities :^)

The answer to your second question is, that's right. Photos taken by your
digital camera may possibly not be usable in court. Many states (> 10) are
considering legislation that prevents digital photos without authentication
from being used as evidence. That's why our company also has a consulting
service to provide court testimony and also helps Police Departments select
cameras and equipment and set up digital photo evidence gathering
procedures.

 

[Michael11945]

It would be interesting to see how VeriPic could prevent someone from
uploading a modified digital image into the camera before "verifying" it
as original and re-downloading it with the verification stamp.

I can take images from my 505, modify them, and re-upload them to the 505
with relative ease. If someone were to run verification on these files
before downloading them again, all it would prove was that they were not
modified any further.

Am I missing something here?

I hate sound pedantic about this, maybe someone can help? I have a film camera I use slides scan them manipulated in PS and go to a digital print shop and get them printed on photographic paper - how can anyone tell exactly their history. I ask this as I've done the same with my digital camera and produced quite amazing images which are to all purposes photographs. Michael

 

[Pepe]

I agree. It is quite an ineffective sysyem, I must say. The Epson way is
far better because it adds the authentication during the in-camera image
processing.

What's to prevent someone from manufacturing an image they want and
uploading with "valid" Epson codes already imbedded in it?

I don't think that that is possible with the Image Authentication System of Epson - unless somebody cracked the algorithm used by the camera, there is little chance of adding the "valid" codes to the image.

 

[Pepe]

It would be interesting to see how VeriPic could prevent someone from
uploading a modified digital image into the camera before "verifying" it
as original and re-downloading it with the verification stamp.

I can take images from my 505, modify them, and re-upload them to the 505
with relative ease. If someone were to run verification on these files
before downloading them again, all it would prove was that they were not
modified any further.

Am I missing something here?

I hate sound pedantic about this, maybe someone can help? I have a film
camera I use slides scan them manipulated in PS and go to a digital print
shop and get them printed on photographic paper - how can anyone tell
exactly their history. I ask this as I've done the same with my digital
camera and produced quite amazing images which are to all purposes
photographs. Michael

This is exactly what the problem is. You can have your digital images burnt to negatives as well.

 

[John Kwan]

We are trying to add new cameras every quarter. That depends, in part, on the camera's manufacturer cooperating with us. Some have been very helpful (assigning Engineers to work with us full time at their expense) while others have been slow to react (having to send their discussions back to Japan, etc.)

Watch our web site from time to time to see what new cameras we've added. As I've mentioned before the cameras have to have certain attributes burned into it's software before we could work with it and that depends on the manufacturer putting that behavior into the camera to begin with.

We've had some large accounts change their camera purchasing decision and go for cameras that work with VeriPic (TM) instead of ones that don't. We are hopeful that a few more events like that would encourage the several camera manufacturers that drag their feet to work with us instead. We are open to working with anybody's cameras if they do their part to make sure that our software won't have any problems. If you want your favorite brand of camera to be VeriPic (TM) capable (if we don't already work with that company) email that manufacturer and encourage them to work with us. We actually want to work with as many cameras as we could but often it's the camera manufacturer that is the road block.

I think our technology will be very important to keeping the integrity of the sources of evidence in a digital world. We are working for a better tomorrow.

-John Kwan
http://www.VeriPic.com

Unless, of course, companies like yours can develop methods of
authenticating ANY images from digital sources. Keep up the good work -
sounds like we will need these capabilities :^)

The answer to your second question is, that's right. Photos taken by your
digital camera may possibly not be usable in court. Many states (> 10) are
considering legislation that prevents digital photos without authentication
from being used as evidence. That's why our company also has a consulting
service to provide court testimony and also helps Police Departments select
cameras and equipment and set up digital photo evidence gathering
procedures.

 

[Michael11945]

It would be interesting to see how VeriPic could prevent someone from
uploading a modified digital image into the camera before "verifying" it
as original and re-downloading it with the verification stamp.

I can take images from my 505, modify them, and re-upload them to the 505
with relative ease. If someone were to run verification on these files
before downloading them again, all it would prove was that they were not
modified any further.

Am I missing something here?

I hate sound pedantic about this, maybe someone can help? I have a film
camera I use slides scan them manipulated in PS and go to a digital print
shop and get them printed on photographic paper - how can anyone tell
exactly their history. I ask this as I've done the same with my digital
camera and produced quite amazing images which are to all purposes
photographs. Michael

This is exactly what the problem is. You can have your digital images
burnt to negatives as well.

Without stretching a point could this mean that film photographs will also need some form of certification? and raw digital data could be held to be more reliable than printed material?

Michael http://www.360sphere.com

 

[Edwin Kooij]

The answer to your question is that we only work with specific models of
digital cameras. These cameras have the ability to tell if the photo on
their compact flash cards are the ones that it took or if it's been
altered. We connect to these cameras by the serial or USB port. Our
software can ask the camera certain questions directly because we have a
direct connection. This prevents the kind of forgery you are refering to.
If you have any further questions you can pose them to myself or one of
my staff at [email protected]. Thank you for your interest in our product.

This method you describe is inherently unsafe. I can already think of a couple of hundred people working for any of these camera firms you endorse that know (or can easily acquire knowledge about) what to put on a CF card to fake having taken a picture with the camera they build.

No secrecy or encryption was part of the design process of what to put on the CF (or other) card in current cameras, so anybody with some technical skills might do the same. You just need to buy a seperate card reader and fiddle a bit with the supplied drivers (to be able to read and write whatever you want on the card) and there you go! Someone with ample time might build a forge tool just for the fun of it. This is what typical hackers do.

Ideally authentification has to be done inside the camera, using some secret code and/or algorithm hidden away in hardware. Even though secrets can leak out, as was shown recently with the DVD-encryption format, this can be made to work pretty safe.

Before these fancy camera's hit the market it might be wise to invest time in other methods, like a time registration system where you register (digital) information so that you can proof that information already existed at a certain moment in time and thus hasn't been meddled with after that time. There are smart ways to do this without storing any information in some big central system. This is fun!

Edwin.

 

[Will Perlis]

....
I don't think that that is possible with the Image Authentication System
of Epson - unless somebody cracked the algorithm used by the camera,
there is little chance of adding the "valid" codes to the image.

Looking at recent history, all that's needed to crack the algorithm is a couple of interested kids, many cans of soda with high caffiene levels, and a few cases of Twinkies.

The thing is, all that's needed to blow the scheme for legal purposes in the USA is one good "exploit" where some experts are badly fooled. What happens if I manipulate a picture, display it on a high resolution monitor, and take a picture of that? It would be an "authentic" picture according to the Epson algorithm, right?

Anyway, those law-enforcement pictures are most often not lit like Hollywood sets; they're dark, noisy/grainy, and generally have all sorts of artifacts present. Can you imagine any jury making sense of the dueling expert's testimony over what is really there and what isn't? I'll refer you back to the DNA testimony in the OJ Simpson trial for an illustrative example.

Bottom line? If I get caught on camera doing something bad, I'll sure hope some digital processing is in the evidence chain somewhere.

Will

 

[dean higman]

Just had a chance to view some of the coments regarding the evidence images and possibilities od altering the photographic evidence. I've been taking evidence photos, developing and printing them for over 18 years.

I went to veripic for help in 2002 and entered the digital world. Never have I been so pleased with the security of the photographic evidence . We have been running the client version and it has worked out very well. There is alot of talk about altering images and having that very thing go undetected. IT CAN"T HAPPEN without something triggering intrest from the DA or photo manager for the dept.

Lets think about it....FILM - a strip of plastic that can be used over and over and only the guy in the dark room knows whats really going on. When were the images caputred ? were they replaced at any point in time ? during printing was there any alterations to the image printed ? was an copy-negative used ?? Was an outside agency used to process the film and/or the photos ?....Shall I go on

Now ..Veripic, secured and encrypted digital files. Believe me there are securties in place that even VeriPic can't break..I've been there when I needed them to break encryption and they could not. Thats on the back end of the process. somewhere in the middle there is the verification process. I've tried to alter images from a dept camera place them back on the camera and attempt to download them....Veripic won't allow it. The images will only be stored not verified. Its a dead topic. Now, back to the trail of a image(not film but a file).

Date and time stamps, Server Key download time stamps, Digital signatures, User sign-on passwords, image authentication and photographer verification, Department operating procedures re: digital imaging and lets not forget the Veripic user security features. And last but not least THE AUDIT REPORT for every image on file !!
Now, how archaic is film .....John Kwan has done it right