Digital Video May Have Its Day in Court

​

EVERYONE’S SEEN THOSE mind-bending pictures on the Internet such as an unlucky tourist posing atop the Twin Towers on 9-11 or the satellite photo of half the United States in darkness during the August 2003 blackout. They’re fakes, of course, which raises the question: When can jurors trust digital photos in a legal case?

Until now, the ease of manipulating digital photographs and video and the difficulty in identifying manipulation have limited the use of digital footage as evidence in court. Now, technicians at the Applied Physics Laboratory at the Johns Hopkins University say they have an answer to this problem, one that may be in the hands of law enforcement by early next year.

With funding from the Technical Support Working Group and the U.S. Postal Inspection Service, the lab has developed a prototype that provides the “equivalent of a signed evidence tape” for the bits of data stored on a camcorder, says Brand Fortner, senior scientist at the lab. Later versions are expected to be designed for CCTV applications.

Called the Digital Video Evidence System (DVES), the system is designed to be easy for law enforcement officials to use, invulnerable to even sophisticated attacks, and inexpensive. The technology allows copies to be authenticated as well as the original, Fortner adds.

DVES combines two techniques, explains Fortner, who summarized four years of work on the project at this year’s ASIS Seminar and Exhibits in Orlando. First, a “hash stream” is created, in which an algorithm extracts data from the digital video and creates so-called digital fingerprints of each frame of the footage. Then the hash stream is encrypted.

The encrypted hashes, called digital signatures, are stored separately from the video footage. For the video to be tampered with, someone would have to modify the video and hash signatures in both their encrypted and decrypted states. At least three separate people in three different organizations (the certification authority, the law enforcement agency, and the lab where the software is being developed) would have to be compromised to undermine the system, Fortner says.

A law enforcement agent would record evidence with a camcorder, then attach the camcorder to a palmtop computer, which would generate the digital signatures and store them on a memory stick. The agent could authenticate the footage by entering his ID card and code in the palmtop. The video could be validated by comparing the digital signatures.

What makes DVES reliable is that it leverages the public-key infrastructure (PKI), explains Fortner. PKI serves as the linchpin of secure Internet transactions, Fortner says: “If PKI isn’t secure, the world falls apart.”

With PKI, a private key is linked to a specific public key; anyone can use the public key, but only a specific person or people can use the private key. In the case of DVES, an agent would encrypt video using a private key, and anyone could decrypt it with the corresponding public key, which would be stored at the National Finance Center, the administrative arm of the Department of Agriculture.

Many manufacturers claim to secure digital video, Fortner says. But their mechanisms for doing so are either insecure or so computationally intensive as to be unfeasible. For example, Fortner says, some vendors apply watermarks to video. “It’s almost trivial…to recover watermarks, make changes, and put the same watermark back on.”