Thursday, March 8, 2012

Verifeyed? Not really

I received an e-mail from the folks at Verifeyed.com. They asked to speak with me about their service and how it might apply to forensics.

They claim: "In order to authenticate an image using VerifEyed you must upload the original file unaltered as the device took it. This includes not rotating the image. VerifEyed does have a massive database of device signatures (we estimate 80% of images taken covered) but the technique itself uses multiple methods to authenticate." OK, what do you mean by "unaltered?" Can an image be altered and still be authentic? I'd say yes, but more on this later.

They go on to say, "Image authentication without using watermarks and signatures (called the passive or blind approach) is regarded as a new direction and does not need any explicit prior information about the image. The decision about the trustworthiness of an image being analyzed is based on fusion of the outcomes of separate image analyzers."

Needless to say, I was intrigued.

They sent me a trial code and I got out some simple images to throw at their tests. The first round's images were to test images downloaded from Facebook. I used images from my own account. Images that I either took with my own cell phone, or from my camera ... uploaded to my account ... then downloaded to my computer. I these cases, I'm either in the picture or the photographer ... and the camera is mine. Verifeyed.com reported these as not "Verifeyed" but didn't say why (there's no report function).

But wait ... these are my pictures. I'm in most of them. Just because Facebook's script processed it for transport doesn't make it inauthentic - the image's content and context are still the same. Under California's evidence code, I can stipulate as to the authenticity of them because I'm either in them or I took the picture.

Nevertheless, on to test two. I've got some JPEG stills that I saved from a DVR for one of my classes. I uploaded these and Verifeyed.com reported these as not "Verifeyed." Again, no report or reason as to why not. But, I exported the stills and they're authentic. What gives?

In my conversation with their sales and tech crew, it seems that the version that I was testing works almost exactly like JPEGSnoop. It looks at signatures vs. an internal (to them) database. Naturally, with Facebook, there'll be a signature change (as I've already documented). With DVR stills, there's no possible way a signature based solution will be able to keep up with the many different manufacturers and models out there.

They mentioned that getting into "forensics" was a new thing for them, that their primary market was the insurance industry and on-line dating sites. Ouch. Imagine this ... you take a picture of your family next to your new car. You upload the image to Facebook. The next day, your car is totaled with your phone in it. Phone's gone. Car's gone. You download the car's image from Facebook and send it to your insurance adjuster as proof that your car was fine before the crash. They upload your JPEG to Verifeyed.com and it says, "not Verifeyed." Claim denied. What are you to do?

As problematic as this is for the insurance industry, imagine unleashing this on the criminal justice system. Ouch. I'd rather not.

They said that they'd do deeper/additional testing on my images and get back to me with a better, more detailed report. That was almost a month ago. Now, their web site is down.

I'd say that Verifeyed.com is not verified.

Enjoy.

No comments: