{"id":2268,"date":"2025-03-03T21:15:56","date_gmt":"2025-03-03T21:15:56","guid":{"rendered":"https:\/\/exponentialdecay.co.uk\/blog\/?p=2268"},"modified":"2025-12-01T16:59:43","modified_gmt":"2025-12-01T16:59:43","slug":"informed-consent-considering-steganographic-techniques-to-fingerprint-generative-ai-output","status":"publish","type":"post","link":"https:\/\/exponentialdecay.co.uk\/blog\/informed-consent-considering-steganographic-techniques-to-fingerprint-generative-ai-output\/","title":{"rendered":"Informed consent: considering steganographic techniques to fingerprint Generative AI output"},"content":{"rendered":"

Artificial intelligence (AI) is a polarizing topic. For every reasoned assessment of the technology and its potential to make some of our smaller, onerous, or more repetitive tasks easier, there are probably 100 reactive pieces predicting some radical overhaul of societal norms, from the service industry receiving new intakes of out of work software developers to laypeople taking on roles traditionally occupied by those of a college education, if they just start asking their AI the right questions<\/a>“<\/em> \u00af\\_(\u30c4)_\/\u00af<\/p>\n

The amount of AI-propaganda is draining, and the reaction is often spread across the board too, some cheer leading, some decrying, plenty taking their time to offer skilled and nuanced rebuttals, or suggestions for improvements.<\/p>\n

I find myself largely trying to stay out of the conversations. A lot like blockchain conversations 8 years ago, it will take another half decade for the hype-cycle<\/a> to plateau for us to see where it can truly complement our work.<\/p>\n

One part of the conversation that is increasingly harder to ignore, is being informed about when AI has been used in the generation of text or images. It is the property of knowing, or having the tools to\u00a0know<\/em> is what I feel is the most important.<\/p>\n

How can we be better informed about when AI is used, so that we are better prepared as consumers, to receive and understand content?<\/p>\n

In this blog I want to explore the potential for steganography techniques to be used in the output of AI to fingerprint content and provide a way for front-end mechanisms to identify it, as we might file formats using magic numbers<\/a>, so that users can be given the chance of informed consent: the opportunity to opt-in or out of whether we engage with AI content or not.<\/p>\n

Identifying AI<\/h2>\n

Some organizations are adopting AI usage guidelines<\/a>, similarly, some folks are asking about codes of conduct<\/a>. These are all good faith approaches, and absolutely needed.<\/p>\n

But a wild<\/del> unwanted AI appeared<\/del> content is still bombarding us, from appearing in conference proposals<\/a> to the dross we see on social media at important times such as the recent crash<\/a> at Toronto airport.<\/p>\n

\"Image
Image of an AI generated aircraft crash from Twitter account @100NEWS (Feb 17, 2024), following an aircraft crash at Toronto Airport — original link<\/a>.<\/figcaption><\/figure>\n
\"AI<\/a>
AI rendering of a plane crash scene and video from Twitter account @Pensacola_X on Feb 18, 2024 — original link<\/a>.<\/figcaption><\/figure>\n

NB.<\/em><\/strong> Twitter links are likely to disappear. They are not easy to archive, see more here<\/a>.<\/em><\/p>\n

It is not just chancers trying to get more clicks, stock photography sources can be flooded with AI<\/a> too (I really like Kelly Pendergrast’s thread<\/a> following up on that article)<\/em>.<\/p>\n

While standards like C2PA<\/a> exist and might enable reasonable understanding of the content creation workflow and provenance; requiring digital signing<\/a> at each stage of the media creation and editing process is onerous, the complexity is a bit of a smell<\/a>. To be clearer, there’s a lot of technology involved at each layer in the C2PA process, from hardware, to creating tools and software, rendering tools and software, the existence of file formats with good support for metadata, and of course digital signing and certificates; all of which can potentially be disappeared through round-tripping, given an image as an example, through Windows BMP<\/a>, and back to something else, e.g. JPEG.<\/p>\n

I will closely monitor C2PA as I believe it is an important discussion; however, I initially perceive it as being overly focused on images, requiring significant labor, and resembling a technologically advanced honors system, although policy will also play an big role.<\/em><\/p>\n

Is there something out there that can be implemented at the source? on multiple different types of output? that is easy to implement? and detect? that might signal<\/em> to us, the use of AI?<\/p>\n

I think so, I think we might be able to do this using steganography.<\/p>\n

Steganography<\/h2>\n

Steganography is the practice of encoding information within another message or physical object (Wikipedia<\/a>). The earliest recorded examples of Steganography come from Greece in 440BC.<\/p>\n

Steganography is different from cryptography, although they are often used in concert with one another; this Nord explainer<\/a> is helpful.<\/p>\n

The properties of steganography that I feel are important for this blog are those of being hidden in plain-sight while using obfuscation without changing an object’s structure. It is also important that steganography can be detected and identified, as previously mentioned, maybe like a file format’s magic number<\/a>.<\/p>\n

I haven’t had much need to use steganography in every-day life but I have always found the technique interesting, and others too, as a quick internet search will reveal a large number of articles on the topic. This is an interesting one<\/a> via LinkedIn describing some of its historical uses through tattoos, textiles, and invisible ink.<\/p>\n

I’ll touch on three real-world examples of steganography below, before looking at why it might be helpful to digitally fingerprint AI.<\/p>\n

Steganography in the real world<\/h2>\n

Example 1: printer dots<\/h3>\n

The Electronic Frontier Foundation (EFF) started tracking the use of printer dots hidden on physical printouts<\/a> from 2005. The printer dots were used to encode the serial number of the printer (and therefore type of printer), and date and time, if known, of the physical printout.<\/p>\n

The technique was first developed by Xerox in the 80’s<\/a> and it is thought that law enforcement wanted to mandate the use of these dots to track printers forensically, and while they couldn’t legally mandate this, a secret agreement was allegedly made by manufacturers to continue to use them.<\/p>\n

Electronic Frontier Foundation (EFF) – Robert Lee, Seth Schoen, Patrick Murphy, Joel Alwen, and Andrew “bunnie” Huang, CC BY 3.0, via Wikimedia Commons<\/figcaption><\/figure>\n

The suggestion was that the technique was to support the detection of counterfeiters, e.g. of money, although theoretically, once you can track a serial number, you can track so much more<\/a>. Just a few years ago, it is believed that the FBI tracked NSA whistle-blower ‘Reality Winner’ using this very technique<\/a>.<\/p>\n