But what about if:

…the signature included the depth measured by the autofocus system across the image?

…or a tiny stereo image was included to capture depth?

…or a mini video in the ten seconds before and after the photo was taken?

…and the key is in a tamper proof HSM?

…and the key is deleted the moment the camera detects the case being taken apart?

I know that it is a losing battle to try to build such hardware when offline attackers have essentially infinite time to dismantle even the most elaborate systems — no such thing as an un breakable safe, only how long it takes to break into it, etc — but I feel these are valid counter measures, are they not?

I agree. Yes, these are not foolproof, but damn does it make it harder. It means that a random lone wolf using some random AI is not going to find it easy.

I would add a few more measures:

* Keys are regenerated for each device in the charging dock and are only valid until next recharge or a timeout.

* There is a sign-out process for the cameras that ties them to the operator.

* Police officers have no control over when the camera is recording, the camera instead controls this.

* Lower resolution data is streamed and synced to a cloud in real time, along with interesting data such as GPS, local BT/WiFi devices, etc.

As for privacy, British police are using more and more evasive camera technology out in public spaces, it's about time they were forced to wear it themselves. I want even the pencil pushers in the offices to be forced to wear it.

> the signature included the depth measured by the autofocus system across the image?

> or a tiny stereo image was included to capture depth?

These systems work by having multiple sensors to use for depth perception, so enterprising hackers write software to create two images, one for each sensor, and put some kind of lens or mirror in front of the camera to direct a different image/screen to each sensor.

The problem is fundamentally that the device is taking unsigned analog attacker-controlled input and then signing it, and is being mass produced. So whatever you're having it do, they put something that generates the same photon pattern in front of the device and you can't fix that with cryptography.

You can probably make it so that a cheap camera needs a few hundred dollars in optical glass or similar, and expensive camera needs a few thousand dollars worth, but it's hard to see how you could make it infeasible to anyone with non-trivial resources and it's also easy to mess up even worse and make it practical even for anyone with a computer and a high resolution screen or two.

> or a mini video in the ten seconds before and after the photo was taken?

Which does what if nothing in the image is expected to be moving, or the thing you're pointing the camera at is a screen rather than a piece of paper?

Also, now to verify the signature on your 50kB image you need a 2MB video? Then by default people won't distribute images that have the ability to be verified.

> and the key is in a tamper proof HSM?

Someone figures out a timing attack on the HSM or similar and now you can extract the keys from every device of that model. Happens over and over, the chances of every device getting this right are essentially zero.

> and the key is deleted the moment the camera detects the case being taken apart?

They get multiple cameras of the same model, take one apart to see how the detection works, then having figured out how it works, take the other one apart without triggering it. Or they extract the key without ever removing the case.

Also, now your phone is going to delete its keys when you remove the case to replace the battery or a cracked screen etc., or if the detection system has a false positive? Then you need some way to transfer new keys to a thing that hasn't got any, which is an even worse attack vector than not deleting the keys to begin with.

It's obviously a loosing battle. You're thinking of elaborate attackers, I'm thinking of your common policeman or scammer. Not great security, but might be able to solve the easyness problem introduced by GenAI.

Out of curiosity, what would be your proposal for identifying GenAI images and videos? Any suggestions?

But also what about .. Even now there is a range of forensic tech that can be used to statistically indicate if an image has been doctored, or generated, wouldnt't adding more and more real world data to the capture increase the bar for doctoring, so that only attackers with infinite resources can do it? At least it would stop Bobby Rotten from doing it.

I’ve done a short deep dive on this, for some cases that possibly would have went court. The tools we have today don’t reliable indicate if an image was doctored necessarily. Most open available scoring and tools like VAAS, DIRE, and Sherloq are decent today. Figuring out if an image that has been doctored, especially with solid proof, is only reliable if the image has metadata to prove it. If they export it to another format or screen capture it and the metadata is lost, it is purely still a guessing game.

The more guarantees you put in place the more people believe the system is infallible and the more valuable the exploit becomes.

If "signed" photos were treated as incontrovertible truth, then you'll just have people 3d printing hyper realistic masks or something.

Really good points, thank you for pointing this out. What I'm mostly thinking of is the usage in e.g., social media. There will be efforts to do what you suggest, but for your typical facebook user and scammers, this might help with the more common situations where people use GenAI.