Update 2019–03–23: Edited credits

One of the key tools of disinformation is the doctored screenshot. It’s trivial even for a layperson with no special tools whatsoever to create one instantly— just go ahead and change your name on Facebook and subsequently create a post as “Bill Clinton”, that says “I never had sex all over the oval office”, along with a suitable picture of the Oval Office that you found on the internet. In case Facebook flags your post as inappropriate (impossible if you’re a US citizen, thanks to the First Amendment protecting free speech), take a screenshot while it’s up and boom, that’s it, instant credibility supporting a very fake story, truth of Bill Clinton’s activities in the White House totally beside the point.

Premodern word nerds may even argue that this screenshot is not strictly “doctored” in the sense that the image has been tampered with, but rather that it’s an undoctored screenshot of fake news, but of course you could trivially use Photoshop to achieve the same effect. Or you can clone the Facebook website locally and edit the HTML and take a screenshot of a fake webpage, similar to what I quickly did in less than 2 mins flat to create the example of a doctored screenshot below :)

Super genuine believable truthful news!

The point is that you can now spread this legitimate-seeming malicious disinformation far and wide, and nobody can verify its authenticity.

More uber believable news!

Human psychology dictates that the vast majority of recipients of this doctored screenshot will internalize the content as true, whether it is true or false, and even if they vociferously proclaim not to. Humans are extremely vulnerable to all deepfakes on an extremly subtle level. Malicious distributors of fake news like Russian trolls can display such doctored screenshots to gullible audiences worldwide through display ad networks. In other cases, especially in rural areas of poor countries where literacy and law enforcement presence is low, rumors that are completely cooked up but that are backed up by legimitate-seeming media, spread virally so fast that flash lynch mobs gather to literally murder and maim often totally innocent victims, and damage lots of property irredeemably. The Indian government is presently drafting rules that may require WhatsApp to end privacy protection through end-to-end encryption (e2e). The malicious spread of such disinformation is pretty much unstoppable once it has been created and actively distributed, and the authenticity of such screenshots is literally unquestionable. I propose that this regrettable situation can be, and must be, immediately fixed by all major social media and chat platforms, and I present a really straightforward scheme for the same.

The way that such content verification can be done is by content publishing services and apps watermarking the background of the published content, dynamically as it is updated, with a cryptographic signature, that can be used along with the posting account’s public encryption key, to uniquely identify the posting account, the accuracy of the content itself, and the exact time of publication.

In fact, e2e messaging platforms like WhatsApp and iMessage already use such cryptographic signature and public key verification techniques to ensure that your private chats haven’t been modified en route by others. The only two innovations I’m recommending are to display the cryptographic signature subtly, either as an image like a QR code or better yet, blended into the page background as a subtle image watermark of some kind; and for publishers to provide a public online software service for relevant third parties to verify that content as genuine. The general public should near-instantly be able to verify any content as genuine with the unique account identifiers (typically a link to your exact profile) and the screenshot, and law enforcement should also be offered another service where, with a warrant, they can extract account identifiers as well, from just the screenshot.

WhatsApp already has this verification capability built in! Security code (public key) screen for Android (left) and iPhone (right). Source: The Electronic Frontier Foundation’s WhatsApp guides for iOS and Android

Going back to my Slick Willie example, in a world where Facebook implemented such a protocol and offered such a public screenshot verification service, any layperson who has received a screenshot can take the URL of Bill Clinton’s legitimate Facebook account and upload that along with the screenshot, and the verification service would promptly answer that no, this screenshot is not genuinely published from this account.

The very fact that any layperson can quickly verify the authenticity of content will have a chilling effect on this entire ghastly and all-too-common disinformation technique of doctored media.

The following is a very useful introduction to public key encryption called PKI for busy people. Additionally, here’s WhatsApp security’s whitepaper describing how their encryption works to keep your data private and unmanipulated. In future updates to this article I’ll endeavor to explain these concepts better to a general audience.

Vicous rumors spread over social media and messaging platforms spawn murder in 3rd world countries

In India and other third world countries, particularly in areas where general literacy is low, vicious rumors spread like wildfire through chat platforms like Whatsapp. Flash lynch mobs gather and often murder or maim completely innocent and unwary accused. The most common example is rumors of a particular address harboring a child kidnapper in areas where human trafficking is common and law enforcement’s presence is untrustworthy or very low. The Indian government is strongly considering banning WhatsApp and other e2e encrypted messaging services for this reason. In response, Whatsapp has reduced the number of parties to whom one can simultaneously broadcast a forwarded message to 5 chats(from a previous limit of 500 chats) to dramatically reduce the viral velocity of fake news. This clunky solution is only partially effective.

Some links to news stories on the topic, it’s shockingly common:

GlobalNews.ca: Lynching of an innocent call-center employee in India — https://globalnews.ca/news/4333409/india-whatsapp-child-kidnapper-lynching-fake/ BBC: India WhatsApp ‘child kidnap’ rumours claim two more victims — https://www.bbc.com/news/world-asia-india-44435127 LA Times: When fake news kills: Lynchings in Mexico are linked to viral child-kidnap rumors — https://www.latimes.com/world/la-fg-mexico-vigilantes-20180921-story.html BBC: Burned to death because of a rumour on WhatsApp (in Mexico) — https://www.bbc.com/news/world-latin-america-46145986 The Guardian: Muslim killings over meat eating in India https://www.theguardian.com/commentisfree/2018/jul/20/mobs-killing-muslims-india-narendra-modi-bjp

In India, misinformation is poised to destroy society, especially as India and Pakistan near the brink of war and with an upcoming Indian general election: https://www.aljazeera.com/news/2019/03/news-india-pakistan-crisis-raises-fears-election-190308100252116.html

Even in the US, Facebook is barraged with a request every 6 minutes from Law Enforcement about the content of an encrypted chat: https://www.nbcnews.com/tech/tech-news/zuckerberg-plan-could-put-facebook-collision-course-law-enforcement-n981246

I posit that WhatsApp could instead easily image watermark message forwards with the encrypted identities of, eg the last 10 parties in this chain who forwarded the message. Law enforcement, on capturing one suspect’s phone, could then conveniently subpoena the chain backwards. This subpoena can trivially be fulfilled by attempting to match the relevant parts of the watermark with a large directory of suspects’ public keys. Potentially a forward trail can be stored on a remote server, but encrypted with the keys of the identities who forwarded it, leaving a message trail on a remote server that can only be decoded with the keys of someone legitimitely in the chain and with a copy of the original message. This approach maintains e2e encryption, critical for privacy and dissent and freedom worldwide. But at the same time it enables law enforcement to track down who originated a vicious rumor through subpoenas that honestly can be served and fulfilled electronically via an app for the police once a judge has issued a warrant. Providing the technical ability to find perpetrators will have an immediate chilling effect on vicious rumors of this kind.

If the subpoena service process is done electronically through the WhatsApp infrastructure itself, then that additionally means that police don’t need to browse the entire contents of subpoenaed phones in the event parties have simply forwarded a malicious but legitimate-seeming rumor. This is great for preventing unwanted searches of your most sensitive information, truly bolstering Fourth Amendment rights protecting you from unwarranted invasive searches. This proposed system of watermarking forwards both makes everyone much safer as well as protects privacy.

It should go without saying that being able to verify any screenshot of published content as genuine is extremely valuable to law enforcement as well as it is to the general public.

In summary, Mark Zuckerberg and Jack Dorsey and other social media and messaging platform owners, I hope someone refers you this article and you get moving on implementing this suggestion in your platforms RIGHT NOW. Let’s show the world that technology applied correctly can make it both a safer AND freer place! The dichotomy of Freedom vs Safety is patently false, let’s prove it in action!

This article is open to comments and updates. My personal email advani1@gmail.com, please include “SVS” in the subject if writing to me about this.

Similar articles:

Mark Zuckerberg’s A Privacy-Focused Vision for Social Networking: https://www.nytimes.com/2019/03/06/technology/facebook-privacy-blog.html?module=inline

How will we prevent AI-based forgery?: https://hbr.org/2019/03/how-will-we-prevent-ai-based-forgery

Credits:

Thanks to Travis Hassloch for teaching me about encryption and for suggesting viable schemes for implementing the message forwarding tracking. Thanks to Steve Phillips for moral support from the very beginning. Thanks to Lisa Rein for inviting me to Aaron Swartz Day at the Internet Archive where I had this idea while staring at the singular Chelsea Manning, who Lisa directly helped free from prison. Thanks to my parents for encouraging me and supporting me in publicizing this message.

Updates:

2019–02–16: Initial publication

2019–03–04: Added credits section

2019–03–09: Indo-Pak war link, fake Donald Trump tweet

2019–03–23: Edited credits