Explain It Like I'm Five: C2PA

What is C2PA?

It’s a group started by Adobe and Microsoft to find ways to certify online media’s provenance: where it comes from and how it was created. This information includes if an AI platform was used to create a piece of media, helping companies curb deepfakes and disinformation. The C2PA acronym also sometimes refers to the metadata standard the coalition created.

… Metadata standard?

Media files have embedded data that can cover things ranging from when a file was created to where a photo was taken, though C2PA emphasizes provenance. A standard ensures everyone encodes the data the same way so it can be used by any device.

How does metadata stop disinformation and deepfakes?

It doesn’t, exactly, but it at least lets people know when they are looking at a fake image. Social platforms and websites can detect this data and automatically add a visual label to it, be it their own or a standardized “CR” button that C2PA is encouraging. Someone can also look into a file’s details themselves, usually by checking a file’s properties.

Who is on board, other than Adobe and Microsoft?

C2PA will be one thing Meta uses to label AI-generated media. OpenAI will soon add C2PA metadata and the CR symbol to images made with DALL-E. Google joined the C2PA coalition on Thursday.

Are there any shortfalls?

C2PA is only available for images so far, but the coalition is working on video and audio files. It is also opt-in, so AI platforms that haven’t signed on (or models that bad actors create on their own) won’t have the C2PA watermark or data. Also, like other metadata, C2PA data can be altered or stripped from a file.

How could it be removed?

For one, metadata isn’t transferred when you screenshot an image. Many social platforms also strip metadata from media as a privacy measure. And though it may be outside the reach of common internet users, someone with the motivation and know-how could go into a file’s data and remove it manually.