back to article Watermarks on AI art a futile game of digital hide-and-seek

Adding visible or invisible watermarks to images to identify whether they're made by AI won't prevent content from being manipulated to spread misinformation online, experts warn. Visible signatures like OpenAI's DALL-E text-to-image model, which overlays a row of colored squares on the bottom of its images, are easiest to …

  1. Anonymous Coward
    Anonymous Coward

    How can an article be that long

    and not mention steganography ?

    1. Catkin Silver badge

      Re: How can an article be that long

      An invisible watermark is steganography.

    2. Anonymous Coward
      Anonymous Coward

      @AC - Re: How can an article be that long

      Steganography like symmetric key encryption, addresses confidentiality but does not assure non-repudiation. I doubt it can be used to prove the information is genuine.

      1. Dinanziame Silver badge
        Headmaster

        Re: @AC - How can an article be that long

        Private key signing should be able to prove the information is genuine, no? Which means you could at least prove in some cases that the art is AI-generated. Probably not that it is not AI-generated though.

  2. david1024

    You authenticate everything, not just the AI

    Everything needs a signature these days for nonrepudiation. If you crop the AI's pic, great, you sign it--and when the AI signed version pops up, there you go... Same as if you copied something I published. Only signing the AI products doesn't make sense and I can't see how it helps... Honest-tech-savvy folks will do the signing and everyone else... Won't understand it. AI has peed in the collective IP pool and we all have to deal with it.

    Perfect system, maybe not... But at least tools would exist to unravel the tangles... Right now all we have is witnesses and the way back machine.

  3. vtcodger Silver badge

    Where there's a hit

    Copyright and IP in general looks to be potentially a bottomless well of grief for anyone who uses it on a profitable project. I'm told that there is an old saying in the music industry -- "Where there's a hit, there's a writ." If your song makes significant money, someone is probably going to sue you because your song purportedly resembles their song from 1983. Now AI is probably going to extend that to artwork and maybe prose and possibly computer code.

    Popcorn time.

  4. Roj Blake Silver badge

    Another Thing Not in Common

    There's one other thing that AI therapists don't have in common with ones - confidentiality.

  5. Anonymous Coward
    Anonymous Coward

    Grammar Nazi strikes again

    "3.5 million people everyday" should be "3.5 million people every day". "Everyday" is one word if and only if it is used as an adjective. Now write it out a hundred times, hail Caesar :)

  6. DS999 Silver badge

    You have to identify "real" photos, not AI

    It will always be possible to strip out the metadata identifying something as "AI", but far more difficult to fake a signature that identifies something as "real".

    Nothing can be done about past images, of course, but future images could have a cryptographic signature indicating "taken with a Canon xxx" or "taken by iPhone". Using the iPhone example the image signal processor (ISP) in the iPhone would embed the signature in photos produced and optionally include other metadata like the date/time, GPS location, settings used, name/Apple ID of the phone's owner, etc. The cryptographic key being used would be inaccessible to the main CPU and not stored in system memory, so even if the entire device was compromised the key couldn't be found (though with sufficient effort, the key from a specific iPhone could be obtained, but probably not without destroying it)

    Now obviously photos are typically manipulated (cropped, scaled, converted) before they are distributed on the web, so that cryptographic signature (if it had not been stripped out prior to publication) would no longer match. But that's fine, the reason you'd do this is so that you could prove a published photo had not been alerted in a way to show something that wasn't true. i.e. if I take a picture of alien standing next to his spacecraft, I could produce the original photo proving that the alien or spacecraft hadn't been added in later. I couldn't prove it wasn't a fake alien and spacecraft, but that makes it just like the analog photo days where you could "produce the negative" to prove the print had not been modified. It couldn't prove that the photo you took wasn't staged.

    Having the option of including the date/time and GPS coordinates would be important for provenance of stuff like war photos - showing it was really taken in Ukraine a week ago and is not a photo from a whole different conflict that took place elsewhere. So activists taking pictures of war crimes would want that information embedded, but would strip out their personal identifying information to avoid reprisal.

  7. Anonymous Coward
    Anonymous Coward

    We have a bigger problem on our hands.

    In response to DS999's post.

    The classification as information/disinformation is relative and often has nothing to do with the actual truth. It depends a lot of the source's location and the "good" governments versus "evil" governments. I've learned so far that every piece of information blessed by a Western democratic government is true while anything coming from others is always disinformation. I can live with that, it's propaganda 101 and the same is valid if you're on the other side. Would you believe content signed by Chinese AI ? Do you really believe US government will allow their AI to sign Chinese content ?

    Using your own reasoning, the war photos will be clearly signed and marked as being taken in Ukraine one week ago but who's to say the war scene has not been staged to serve a certain purpose ? Would you believe a signed war photo taken by Russians and showing otherwise ? Thought so!

    Something tells me some TLAs would have no difficulty to persuade US government to get those encryption keys by coercing digital cameras manufacturers as a condition of doing business in North America. Obviously, this is disinformation.

    In my opinion, this is more about controlling the message than it is about the truth.

    1. Anonymous Coward
      Anonymous Coward

      Re: We have a bigger problem on our hands.

      "Something tells me some TLAs would have no difficulty to persuade US government to get those encryption keys by coercing digital cameras manufacturers as a condition of doing business in North America. "

      why would a digital camera operator be reliant on the camera manufacturer for cryptographic signing?

      I would expect a professional camera owner/operator to be generating their own key for signing any digital photo/metadata/watermarking, this provides a bonus in that the if the owner/operator properly stores and backups their keys they can prove the provenance of photos they have taken which would also help them in copyright infringement cases in the future.

      In the case of a regular user the phone they are using could trivially generate a cryptographic signing key for use on the photos, Its up to the user to export it or not but in theory the TLA's wont just be able to ask the phone manufacturer for the keys because they simply shouldn't have them.**

      ** Caveat: It is assumed they wont just slurp up a users private cryptographic keys, but we know how addicted these companies are to data, cryptographic keys might just be too tempting a target.

      1. DS999 Silver badge

        Re: We have a bigger problem on our hands.

        It would be more difficult to implement with user provided/generated keys, since anything input via the phone's UI is by definition stored somewhere accessible to the phone's OS. Thus hackers could steal someone's key. They wouldn't care about yours, but about a journalist's they would in some cases.

        Now sure you can always argue that evil government types can force tech companies to do their bidding, but I'm not talking about proving a photo is "real" to the satisfaction of those who see conspiracy around every corner. Such people would be free to doubt the authenticity of a photo if they believe some government agency might have forced release of the key, but in 99.9% of cases where authenticity of a photo needs to be proven the US/UK/EU/Russia/China etc. have no dog in the fight. Heck, in the majority of the cases it would simply be the person who took the photograph (and therefore owns the copyright) being able to prove they in fact took the original against those who falsely claim it is theirs.

  8. martinusher Silver badge

    A new bureaucracy solves everything

    I read an extensive OpEd on this subject in our newspaper this weekend. This article seems to miss out on the "need criminal penalties for non-compliance and faking material" part and just mentions watermarking images.

    Like with other content moderation that done with the best of intentions ("will someone think of the children?") the overall goal seems to be job creation. Everyone's worrying that AI will put people out of work but for some its a golden opportunity.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like