Connecting the dots is becoming ever easier when it comes to our digital personae, but here’s a fascinating new way for that to happen: according to EU-funded research, it’s possible to link digital photos to the social media identities of the people who took them. This technique is definitely worth keeping in mind for its privacy implications.
We’ve known since 2006 that digital cameras – from big SLRs down to smartphone snappers — plant unique fingerprints on the images they generate, because of sensor pattern noise (SPN). Unlike the Exif metadata that comes with most digital photos, SPN can’t be stripped, so it’s of great interest to people working in digital forensics.
What’s new, however, is the fact that SPN can provide a link between a photo of interest and the social media account of the person who took it. That’s the lesson we can take from an award-winning paper published this month by researchers Riccardo Satta and Pasquale Stirparo of the Institute for the Protection and Security of the Citizen in Ispra, Italy.
Basically, it’s a matter of finding photos on suspects’ accounts and establishing how likely it is that they were taken with the same camera. The researchers suggest their proposed technique could prove useful in identifying phone thieves who go on to post pictures taken on the stolen device, cyber-bullies who put damaging pictures online and – more seriously – those who circulate images of child abuse.
The technique isn’t currently accurate enough to provide admissible evidence, but the researchers argue it’s already sufficient to prove useful in the investigation phase, by narrowing down a list of suspects. The main problem with its accuracy is that photos posted to social media accounts such as Facebook or Flickr are frequently altered in some way – by cropping, compression, resizing or Photoshop – which can in turn alter the image’s SPN. The choice of ISO settings can also result in a different signature.
Although it’s not something the researchers go into in their paper, I would add that we’re not yet talking about a situation where you can easily scan the billions of images on the web and link them to online identities – there’s the matter of private accounts, for one thing, along with the sheer scale of what’s out there. But the research does raise interesting possibilities for a future in which computing power vastly outstrips what is available today.
The research was funded by the European Commission’s “in-house science service”, the Joint Research Centre (JRC). As the JRC noted in a news release on Wednesday, social networks are often “not privacy-friendly by default”:
“The JRC study raises awareness of the potential threat to citizens’ privacy that these techniques may pose if malicious persons make use of them. At the same time, it shows a valuable methodology of investigation for law enforcement bodies, that may be used for example to find information on the possible creator of an image showing illegitimate content.”
The research will continue, with a view to giving European law enforcement new forensic tools, but it’s had a pretty good start: Satta and Stirparo won the Best Paper Award at the International Conference on Computer Vision Theory and Applications earlier this month.