“i don’t want to get my copyright stripped off” michael steidl, iptc @jpeg privacy &...
TRANSCRIPT
![Page 1: “I don’t want to get my copyright stripped off” Michael Steidl, IPTC @JPEG Privacy & Security Workshop 13 October 2015, Brussels (Belgium)](https://reader036.vdocuments.site/reader036/viewer/2022062806/5697bfd11a28abf838cab604/html5/thumbnails/1.jpg)
“I don’t want to get my copyright stripped off”
Michael Steidl, IPTC@JPEG Privacy & Security Workshop
13 October 2015, Brussels (Belgium)
![Page 2: “I don’t want to get my copyright stripped off” Michael Steidl, IPTC @JPEG Privacy & Security Workshop 13 October 2015, Brussels (Belgium)](https://reader036.vdocuments.site/reader036/viewer/2022062806/5697bfd11a28abf838cab604/html5/thumbnails/2.jpg)
IPTC – who‘s that?The global standards body for the news media
• A not-for-profit organisation with more than 50 members• … from news agencies, newspapers, broadcasters and
systems vendors
… only a subset of membersis shown
© 2015 IPTC www.iptc.org2
![Page 3: “I don’t want to get my copyright stripped off” Michael Steidl, IPTC @JPEG Privacy & Security Workshop 13 October 2015, Brussels (Belgium)](https://reader036.vdocuments.site/reader036/viewer/2022062806/5697bfd11a28abf838cab604/html5/thumbnails/3.jpg)
IPTC Photo Metadata Standard
• … defines a schema of metadata properties• … by 3 major groups:
1. Describes what can be seen in an image: caption, persons, locations, artwork, products …
2. Writes down administrative data: when created, identifier(s), job id, instructions …
3. Defines data relevant for rights: creator, copyright owner, licenses, credit line, model release, property release …
© 2015 IPTC www.iptc.org3
![Page 4: “I don’t want to get my copyright stripped off” Michael Steidl, IPTC @JPEG Privacy & Security Workshop 13 October 2015, Brussels (Belgium)](https://reader036.vdocuments.site/reader036/viewer/2022062806/5697bfd11a28abf838cab604/html5/thumbnails/4.jpg)
Photo workflow/supply chainPhotog takes photo, initial metadata (e.g. creator + copyright + who is shown)
Photo library in country ABC: gets local copyright, modifies metadata (e.g. adds location …)
International photo agency EPA: gets international copyright, modifies metadata
Online news XYZ in country KLM: publishes the photo on their website. May modify metadata.
Mary Miller: sees photo, likes it, downloads it, cannot get aware of a copyright and shares the photo by Pinterest
© 2015 IPTC www.iptc.org4
![Page 5: “I don’t want to get my copyright stripped off” Michael Steidl, IPTC @JPEG Privacy & Security Workshop 13 October 2015, Brussels (Belgium)](https://reader036.vdocuments.site/reader036/viewer/2022062806/5697bfd11a28abf838cab604/html5/thumbnails/5.jpg)
The Challenge
Looking at the photo downloaded by Mary Miller,
a party from the supply chain may shout:
“I don’t want to get my copyright stripped off”
© 2015 IPTC www.iptc.org5
![Page 6: “I don’t want to get my copyright stripped off” Michael Steidl, IPTC @JPEG Privacy & Security Workshop 13 October 2015, Brussels (Belgium)](https://reader036.vdocuments.site/reader036/viewer/2022062806/5697bfd11a28abf838cab604/html5/thumbnails/6.jpg)
The Real Challenge
How to guarantee that Mary Miller
has the correct metadata in the image file
© 2015 IPTC www.iptc.org6
![Page 7: “I don’t want to get my copyright stripped off” Michael Steidl, IPTC @JPEG Privacy & Security Workshop 13 October 2015, Brussels (Belgium)](https://reader036.vdocuments.site/reader036/viewer/2022062806/5697bfd11a28abf838cab604/html5/thumbnails/7.jpg)
Clarification
IPTC• … has as long experience and strong knowledge about
the data used to describe and manage a photo …• … but only little knowledge about how to secure
metadata against modifications without permission.
We want to forward the needs of people using the IPTC metadata schema to security experts.
© 2015 IPTC www.iptc.org7
![Page 8: “I don’t want to get my copyright stripped off” Michael Steidl, IPTC @JPEG Privacy & Security Workshop 13 October 2015, Brussels (Belgium)](https://reader036.vdocuments.site/reader036/viewer/2022062806/5697bfd11a28abf838cab604/html5/thumbnails/8.jpg)
What needs to be secured
IPTC sees the need for different levels of protection• "never ever change the value of property X“ (after the
initial application of the value)• "property Y may be changed only with an agreement by
the prior editor of this property value"• Protected history of changes which allows to track back
© 2015 IPTC www.iptc.org8
![Page 9: “I don’t want to get my copyright stripped off” Michael Steidl, IPTC @JPEG Privacy & Security Workshop 13 October 2015, Brussels (Belgium)](https://reader036.vdocuments.site/reader036/viewer/2022062806/5697bfd11a28abf838cab604/html5/thumbnails/9.jpg)
Limit editing metadata
• Top Level „never ever change“– E.g. Initial Globally Unique Identifier
• Second Level: change only with an explicit permission by the last editor of this value (maybe: using a shared key)– Creator– Core rights properties: Copyright Owner + Notice, Licensing
• Third Level: at least show a warning and keep records (history) of any change– Model & Property Releases– Credit Line
© 2015 IPTC www.iptc.org9
![Page 10: “I don’t want to get my copyright stripped off” Michael Steidl, IPTC @JPEG Privacy & Security Workshop 13 October 2015, Brussels (Belgium)](https://reader036.vdocuments.site/reader036/viewer/2022062806/5697bfd11a28abf838cab604/html5/thumbnails/10.jpg)
Control editing metadata
• IPTC‘s wish-list:– Each (protected) metadata field should get a security
level assigned– Editing a metadata field should only be possible with
a permission of the previous editor of the metadata values – depending on the security level.
© 2015 IPTC www.iptc.org10
![Page 11: “I don’t want to get my copyright stripped off” Michael Steidl, IPTC @JPEG Privacy & Security Workshop 13 October 2015, Brussels (Belgium)](https://reader036.vdocuments.site/reader036/viewer/2022062806/5697bfd11a28abf838cab604/html5/thumbnails/11.jpg)
Show alarm if a change was not permitted
• IPTC knows: as long as bits and bytes of a file can be changed also the bits and bytes of embedded metadata can be changed.
• Sealing metadata does not protect it against changing its bytes but a modification can be detected!
• IPTC’s wish: if sealed metadata have been changed an alarm should be shown to the user. The user has to draw conclusions.
© 2015 IPTC www.iptc.org11
![Page 12: “I don’t want to get my copyright stripped off” Michael Steidl, IPTC @JPEG Privacy & Security Workshop 13 October 2015, Brussels (Belgium)](https://reader036.vdocuments.site/reader036/viewer/2022062806/5697bfd11a28abf838cab604/html5/thumbnails/12.jpg)
Implementation
• IPTC‘s wish-list:– The security features should be implemented by a widely
supported standard/technology.– The implementation should be a planned joint action of
standardization bodies and software implementers. (To overcome the usual chicken-egg business discussion: what’s first, the need for that feature or the software providing the feature.)
© 2015 IPTC www.iptc.org12
![Page 13: “I don’t want to get my copyright stripped off” Michael Steidl, IPTC @JPEG Privacy & Security Workshop 13 October 2015, Brussels (Belgium)](https://reader036.vdocuments.site/reader036/viewer/2022062806/5697bfd11a28abf838cab604/html5/thumbnails/13.jpg)
Thank you for listening to IPTC.
We are happy to join a discussion of next steps.
Meet IPTC at www.iptc.org/photometadata
© 2015 IPTC www.iptc.org13