Wednesday, September 26, 2007

A use case for provenances

It's the not-too-distant future. I'm walking down the street, vaguely aware that there are all manner of webcams around me. As it happens, I'm touring my city with a friend from out of town. "Oooh!" my friend says, "Let's take your picture in front of that statue!"

I say OK and we do. What makes that picture different from the dozens or hundreds of thousands that various webcams took as we strolled?

When my friend took my picture, the camera got in touch with my personal datastore, using the appropriate PK mojo and one of my friend's keys. My personal datastore stored the picture for me and sent it (or a pointer to it) to my friend's datastore, bundled together with "On this date, <my friend> took this picture with permission from <me>" all signed with one of my keys. The random webcam pictures lack that permission.

Again, that doesn't mean that no one can take my picture and look at it. That's just a fact of going out in public, even today (though ubiquitous webcams do change the picture, so to speak). What it does mean is that if they share such a picture, my permission will be conspicuously absent. Publishing? Swim at your own risk. Publishing content without permission will probably be grounds for a civil suit, at least.

Of course, there's the issue of The Man getting access to those pictures, since The Man don't care about permission. But that's a separate issue.

As before, the point here is that while using encryption to try to prevent unauthorized copying has, at the least, a few hurdles to overcome, it may well be better to de-emphasize that and use signatures instead to leave a paper trail of authorized copying.

If you can copy music all you want, but commercial players won't play music without proof of purchase (or proof of permission, for non-commercial works), then yes, you can always get a bootleg player, but it ought to be much easier to control those than the music itself. Or, if you prefer, players can just report whether there's permmission and let the listener's conscience be their guide.

In the case of pictures, where you can't control whether someone takes your picture, you can at least say convincingly whether they had your permission to do so. In this scenario, your browser (or whatever does what browsers now do) will be able to tell you the provenance (or lack of provenance) of a particular piece of content.

It won't cure all ills, but it seems useful.

1 comment:

David Hull said...

Note to self: privacy laws ... Pictures of people in public can be and are published without permission or attribution.