LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for July 2, 2009

RealtimeKit and the audio problem

VFAT patent avoidance and patent workarounds

LWN.net Weekly Edition for June 25, 2009

Apache attacked by a "slow loris"

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

exif the "dna" of photographs? huh?

exif the "dna" of photographs? huh?

Posted Aug 2, 2007 18:18 UTC (Thu) by nettings (subscriber, #429)
Parent article: Our devices are spilling our secrets

i just wondered exactly how clueless that canon guy quoted in the times online article is...

"Every image that is taken on a digital camera contains Exif data, which holds information about the picture such as zoom, contrast, focus and 'distance to subject' measurements. It is typically used for 'trouble-shooting', so an owner can ascertain why a picture may not have worked, but it also enables a court, for instance, to establish whether a picture has been digitally altered. 'The Exif data is like the picture's DNA; you can't switch it off. Every image has it. Some software can be used to strip or edit the information, but you can't edit every field,' Mr Solomon said."

afaik, there is no cryptographic hash involved in exif data, right? and even if it were, tamper-evidence would require a private vendor key in the camera which is certainly easy to extract and fake... so are these people really propagating the assumption that people will not be able to edit a couple of more-or-less plaintext fields?

reminds me of our innenminister's latest coup: the online search warrant that basically enables the feds to place a trojan on my computer. strikes me as profiling: we only go after those people too stupid to take simple and obvious countermeasures... i knew these linux users have something to hide....

(Log in to post comments)

exif the "dna" of photographs? huh?

Posted Aug 4, 2007 19:26 UTC (Sat) by giraffedata (subscriber, #1954) [Link]

Right. EXIF does not include any kind of signature.

Canon's Solomon probably is clueless about EXIF, but his point is somewhat valid. While it's true that a Linux hacker can make the EXIF tags say whatever he wants, there probably is not a widely available, easy to use EXIF editor for Windows, which means the vast majority of pictures taken will make it to court with a valid modification datetime tag.

Though a court can't use the EXIF data as absolute proof in favor of the guy who submitted the photograph, it can use it as absolute proof against him.

Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds