Best way to verify time/date of a video shoot?

Factual Questions
1

What would be the best way to prove to a future audience that a video that I shot today was shot today, but at the same time keeping it as private and secure as possible until I am ready to release it widely?

Example scenarios: Suppose I am a citizen who just happens to shoot footage of a politician doing something they weren’t supposed to be doing (an unplanned shoot that would eventually be under tremendous public/legal scrutiny), or a factory worker wanting to document a date sensitive illegal practice at a major manufacturer’s plant (a planned shoot that eventually would be under tremendous public/legal scrutiny).

2

I’m sure there are other ways technologically, but I can only think of ways to validate that the day you are videotaping is not prior to a certain date is by including a copy of a easily validated newspaper or other publication in your shot. This would validate that shot was not made any earlier than that day. It of course could have been shot after the fact.

3

The obvious method is to set the date/time display on your camera, but that can easily be faked.

One thing you could do would be to place it in an envelope with a tamper-proof seal and mail it to yourself via certified/registered mail so there is proof of date/time of delivery. Then lock it away in a safe place until you need to use it.

4

Here’s a way, but I’m not sure it’s the best way: Include an image that cannot have been included prior the day of your shoot, e.g. today’s newspaper. When finished, digitize your video if it’s not already digital. Take a cryptographic hash of the resulting video file(s). Print the hash value out and have it notarized. Retain the files and the notarized document until proof is needed.

5

in general, are photos and videos still acceptable as evidence?
Anything can be photoshopped and fabricated.
the OP only asks about time/date verification…but what about verifying the video itself?

6

It’s easy enough to prove that an image was made after a certain time - kidnappers and terrorists do it all the time, by referring to current events e.g. by having a newspaper headline in shot. But I’m not sure that it’s generally possible to prove than an image was taken *before *a certain time. I think it comes down to the arrow of time - it is impossible to demonstrate a lack of knowledge of future events right now, because obviously you don’t know what those events will be. I think the best you can do is to use a location where some relatively permanent change is about to be made. For example, have your picture taken at the site of some noted building while it is under construction. But such pictures can be faked, as others have said.

7

That would prove the date you compiled the video. But not that you didn’t some how film most of it ahead of time, and then only added in the image that couldn’t have happened. There would likely be artifacts of such an edit if they appear in the same scene, but I’m not sure that likelihood is strong enough.

8

What if you compress the video, generate a checksum file, then post the checksum file to some innocuous corner of the internet that gets cached by google or which is uneditable and trustable to have not monkeyed with the timestamps (the SDMB and its incorruptible moderators comes to mind, if only they allowed attachments). When it comes time to produce the video you give them the compressed file with corresponding checksum file which they can compare to the one you posted on the internet right after you filmed it. That shows the “no later than” date and you throw in today’s newspaper to show “no earlier than” and you’re set.

9

But that’s the key idea of the cryptographic hash that’s released semi-publicly at the time of the recording: to authenticate that it was made before a certain date.

If the cryptographic hash doesn’t match, there’s no need to analyze the video for artifacts. This is all based on the theory that numeric hashes are mathematically very difficult to reproduce for a different arbitrary input (such as a different tampered video). If the cryptographic hashes match, one might conclude the video’s hash number released X-number of years ago authenticates its recording date. However, there are potentially ways around this which involves deliberately creating a hashing collision.

10

Based on today’s computational horsepower and how much plan to delay the future validation, this may be acceptable.

However, the way to get around this is to deliberately generate hash collisions. Let’s say you fingerprint the video file with a large hash (e.g. 512 bit hash). Since the video file (the hash input) is already larger than 512 bits, you could make any video match the checksum by altering a group of inconsequential bits (up to 512 bits if necessary). Theoretically add any fake frame(s) the video and then change any of the extra 512 bits to match the checksum (possibly using brute force.) For example, a video of Britney Spears would undoubtedly generate a different hash value than a video of a dolphin. But you could imperceptibly alter the digital bits that carry the hue, brightness, color information (up to 512 bits) to generate the exact same checksum as the Britney Spears. It’s currently computationally infeasible for computers to recalculate trillions of hashes but if we’re looking to authenticate timestamps of 10, 20 or more years, who knows what will be technically possible at a later date? Quantum computers that can recompute any hash in seconds?

Possibly a way to counteract this doubt of authenticity is to generate multiple hashes of different inputs, especially of messages that are smaller than 512 bits. Since 512 bits is 64 characters, you could write a short English sentence of less than 64 letters describing what’s in the video. You also publish a hash of that sentence. Since the combination of any 64 (alphanumeric) letters has zero collisions in 512-bit space, it proves that particular sentence couldn’t have been altered after the fact.

So maybe some strategy of publishing multiple hashes:

  • Hash of the video.
  • Hash of the video played backwards.
  • Hash of a sentence describing the video.
  • Run a multiple of different hash algorithms on the video. Hash the result matrix using each hash.
  • submit an encrypted version of the video to a 3rd party to hash with an unknown algorithm. The 3rd party doesn’t know what they are hashing and the submitter can’t reproduce the algorithm because he doesn’t know what it is. Publish that hash as well. Any future falsifications would also have to match this hash.

The idea is to increase the combinations of hashes to an insurmountable task for future computers to recreate using arbitrary falsified data. There’s probably some vulnerabilities even with publishing multiple hashes. For example, if the semi-permanent place where the hash is published (google cache) can ultimately be tampered with in the future, the whole chain of dependent hashes (even with multiple hashes) can be faked.

11

I understand this. I’m saying this could all be done before the hash is ever made. It wouldn’t necessarily take a whole day to splice in some footage you did shoot on that day with some you staged earlier. It’s not like the camera itself will be publishing the hash instantly.

12

Easily faked by sending yourself the same envelope without sealing the tamper-proof seal. You can seal whatever you want in the envelope at a later date. The registered mail date means nothing.

13

Ok, but typically the scenario you’re trying to prove is fake data (video footage) added after the event instead of before. Tampering with video in post production is easier because starting with an existing video you want to alter is a “known quantity.”

Yes, you could conceivably prepare ahead of time and stage a fake video (or computer generate artificial video) to splice into a later event you anticipate. It’s theoretically possible to do it but anticipating all the relevant details to “pre-record” a convincing fake video would be very difficult. Suppose you want to “prove” to a later audience in the year 2100 that Obama snorted cocaine at the Presidential State of the Union in 2011. That’s 3 months in the future. You’d have to anticipate which color tie and shirt he was going to wear and also the clothes of all the politicians standing behind him within camera range. You’d have to play the odds and hope that whatever artificial video you produce (with an Obama impersonator or computer generated avatar) will match what Obama will look like on January 2011. For example you create a video in Octoboer 2010 with a clean shaven Obama snorting cocaine right next to the microphone. But the real Obama in 2011 has a mustache and a bandaid on his head because he accidentally banged it on the door of Air Force One the day before his speech. You cannot adjust all the parameters of the fake pre-recorded video to seemlessly splice into the real video and publish a hash within 1 hour of the conclusion of the speech. You could conceivably delay the publication of the hash but the longer the delay, the more doubt creeps in as to its validity. It’s much harder to “rewrite history” of a hash that you must publish in 1 hour vs a hash that can be published in a week.

Ultimately, determining authenticity is comparing the time frame of hash publication against the conceivable time frame of pre-staging a fake video and/or recomputing identical hashes. This would cover both the false video created before or after if you could trust the timestamp of hash publication.

One scenario where all of this breaks down is if you don’t even realize you needed to publicly publish the hash until much later. For example if someone dug up some video that was legitimately recorded 5 years ago but didn’t realize it showed incriminating acts until now. Well, it’s too late to publish a hash with credibility. However, the OP mentioned the scenario of shooting the video today. If so, he has to publish the hash ASAP – hopefully the same day. The longer the wait, the less the hash will be believed.

Another issue is if the subject video itself doesn’t have any signs of when it was recorded. If you just record video of a blue sky, ocean waves, or a guy just sitting in a white non-descript room, there’s not enough context to determine when it was recorded. If the videographer has control of the scenary, he could place a newspaper into the scene.

Proving the actual event date of a non-descriptive video that has no embedded context looks unsolvable. However, I think your issue is if we can reasonably trust when the hash itself was computed.

One way to handle this is to mix in some last-minute historical datapoints that can’t be predicted ahead of time as part of the hash input. This would be random data that’s preserved for record keeping and everyone agrees on. For example, a composite signature representing the closing numbers for Dow Jones + commodity prices + high & low day temperatures for all the major cities + winning lottery numbers from all the states

Since you cannot predict this random data ahead of time, it sets the lower timestamp boundary and prevents fake “precomputed” hashes.

The timeline for hashes would look like this:
1 - timestamp of embedded the latest official preserved random datapoints (mixed in with the video)
2 - hash was “computed” within this time window between #1 and #3
3 - timestamp of hash publication

You weigh all 3 as evidence of the hash’s believability and therefore conclude if the video is authentic.

14

Thanks for directing me towards timestamps and hashes, very interesting stuff. It would seem a pretty foolproof way to prove the date of a particular file.

My best idea was similar Greasy Jack’s.

15

Could you video yourself tweeting something to a large audiance?

Wouldn’t that instantly give you thousands of unsuspecting witnesses?

(Don’t know anything about twitter)