FLOSS Weekly 699 Transcript
Please be advised this transcript is AI-generated and may not be word for word.
Time codes refer to the approximate times in the ad-supported version of the show.
Doc Searls (00:00:00):
This is Floss Weekly I'm Doc Searls this week, Katherine Druckman. And I talked to Andy Parsons of the content authenticity initiative works for Adobe, but that's his thing as content authenticity, it is a much bigger topic than I ever thought it was. If it works all the websites you see can be trusted, not to misinformation in them, if all the right things happen. And I think there's actually a fair chance that that will happen. So I'm very enthused about this one and that is coming up. Next.
Announcer (00:00:35):
Podcasts you love, From people you trust. Is TWiT
Doc Searls (00:00:42):
This is Floss Weekly episode 699 recorded Wednesday, September 21st, 2022. Content authenticity. This episode of Floss Weekly is brought to you by I R L an original podcast from Mozilla. Ill is a show for people who build AI and people who develop tech policies posted by Bridget Todd. This season of IRL looks at AI in real life search for IRL in your podcast player, and by bit warden, get the password manager that offers a robust and cost effective solution that can drastically increase your chances of staying safe. Online. Get started with a free trial of a teams or enterprise plan, or get started for free across all devices as an individual user at bit warden.com/TWiT, and by compiler an original podcast from red hat devoted to simplifying tech topics and providing insight for a new generation of it. Professionals listen to compiler and your favorite podcast player. Hello. Again, everybody everywhere in the world. I am Doc Searls. This is Floss Weekly, and I am joined this week by Katherine Druckman herself. We should appear on those who are not visually impaired. Sure. This look a good,
Katherine Druckman (00:02:02):
Thanks. Thanks. But I am yep. One the one and only, I hope
Doc Searls (00:02:06):
You're still in Houston. I'm still in Bloomington, Indiana. We're only one time. So apart. So are our guests this morning, Andy parses. He came at your recommendation if I'm not mistaken, is that right?
Katherine Druckman (00:02:20):
No, I don't think so. I think that was somebody else. Somebody can claim credit for that, but I am excited because I'm interested in the technology that he's working on. I'm interested in provenance in general, and I think this is a great, gonna be a really great conversation.
Doc Searls (00:02:34):
Yeah. I've had a lot,
Katherine Druckman (00:02:35):
Well, I cannot claim credit. I am excited. Yeah.
Doc Searls (00:02:38):
With other people about authentic data and Providence, which I've heard pronounce both provenance, the French or Providence, the English, I suppose the Italian Providence. Yeah.
Katherine Druckman (00:02:53):
No, I always think provenance because I come from my art history education that that's where that's coming from. So I think in terms of art provenance and that
Doc Searls (00:03:03):
Sort of thing, really.
Katherine Druckman (00:03:04):
Wow. That's my primary association with that word, but that's changing <laugh>
Doc Searls (00:03:10):
Yeah. Well,
Katherine Druckman (00:03:11):
As we talk about
Doc Searls (00:03:12):
Software supply chain is full of option. It's made up of better language. Is it full of that? So I don't want to delay any further because I really wanna get going on this show. So our guest this morning is Andy Parsons. He's the senior director of Adobe's content authenticity initiative. He's creating open technologies for a future of verifiably, authentic content of all kinds. I'm skipping. It's a long one throughout his career. He's worked to empower creative professionals. He's a big believer in power of community. He ran the closure, meet up at NYC and organized the New York CTO club. He founded work frame. I rather like his website though. I'm looking for him looking to find it here. Yeah. It's because it says he's a saxophonist husband and dad lives in Brooklyn. Also an aspire, a Barb aspiring barbecue Pitmaster cyclist that wanna be whiskey distiller. So with all of those out of the way, welcome the show, Andy.
Andy Parsons (00:04:12):
Thank you.
Doc Searls (00:04:14):
It's a pleasure
Andy Parsons (00:04:14):
To be
Doc Searls (00:04:14):
Here to be. Here's great. So I have to let on that. I am a lapse, Brooklyn Dodgers fan, cuz that's how old I am. So I never forgave them leaving Brooklyn. Well,
Andy Parsons (00:04:30):
Don't hold it against me today, doc.
Doc Searls (00:04:31):
Yeah. Are you lifelong or are you Brooklyn person or you just moved there or relatively
Andy Parsons (00:04:38):
Recent? I consider myself a new Yorker. Yeah. I grew up in Connecticut. I've lived all over the place, but I've been in Brooklyn for 20 plus years. So I think I've good mantle of New York. Yeah.
Doc Searls (00:04:51):
And the accent's gone. You could call yourself new Yorker. Now I grew across the river in New Jersey, so nice. That's nicer. <laugh> a better adjacent state. So tell us about content authenticity and cuz suddenly, I don't know if it's your work or somebody's work, but it's suddenly turning into a topic.
Andy Parsons (00:05:11):
Yeah. I hope it's our work, but I can see that there's a lot of interest around the topic of verifiable media integrity or Providence. I say Providence I love that you guys started out by debating the pronunciation word, something that comes up all the time. I think historically Catherine's exactly right. It does come from the art world and it has brought applicability to what we do in the digital realm but it's sort of an esoteric S a T word. So if you guys have suggestions for a better one, I am all years, but for now it's Providence with my Brooklyn accent. <laugh> so yeah, I mean, think there's a lot of interest in this area for a number of reasons and that we're sort of living at the nexus of, I think over the past several years and frankly, decades and centuries misinformation, the inadvertent sharing of information that's untrue or misleading and malicious disinformation, which we see more and more of around elections and wars in the world.
Andy Parsons (00:06:08):
And then the arrival of incredibly powerful. I think week over week, day over day, we see more power coming from the realms of synthetic media and generative media. Those things have all become conflated. And I think there's urgency around finding solutions to this problem. And it's probably unlikely to be detecting fake media or manipulated media. And instead it's a matter of focusing our attention on Providence, which is proving truth about how things were made and where it makes sense who made them and who gets attribution and those kinds of things. So that's what we've been focused on docu, right? There's a ton of attention from a lot of industry sectors to address the problem and effectively what we're doing at the content authenticity initiative is exactly that we're doing it through open source through standards and the Linux foundation and through Adobe tools. So everything in the creative cloud that will be outfitted with the technologies we'll talk about today.
Andy Parsons (00:07:07):
But historically this was started in late 2019. It was announced at Adobe max, which is Adobe's big creator ecosystem conference. I think that was the last pre COVID convening. The last two years have been remote. And then in 2020, I joined Adobe to basically lead this initiative and the kind of founding concepts were, as I said, let's see if we can prove what's true about media, about how it's produced, about who produced it, who gets credit for it and turn our attention away from synthetic media or deep fake detection, because that's probably an arms race that the good guys are gonna lose. And then that has blossomed into a number of efforts, which hopefully we get into one is an organization outside of Adobe called the C two P a. That's a JDF project in the Linux foundation where standards are being created. There's a big open source effort that my team is working on.
Andy Parsons (00:08:01):
And we're beginning to get pull requests and kind of building an early but active, engaged community around making this stuff accessible and easy to implement. And I've said everything about the initiative except what it is. The idea is to capture verifiable facts. If you will, all these words around truth and trust and facts are fraught terms again, the limits of the English language, perhaps. But the idea is to capture verifiable information about how something was made about what ingredients comprise it. And even things like perhaps what ML training data or model was used to produce something. So we're very interested in that. Obviously Adobe powers a lot of creativity in the world. Our tools are used on everything from restaurant menus and PDFs and signatures, and of course Photoshop and premier and tools of creation. So we're very interested in a solution that gives creators credit for their work, but also addresses the kinda scourge of info. So little bit of a Ramly intro, but I hope that gives you a sense of what we're up to.
Katherine Druckman (00:09:06):
That was great. I wonder if you can just tell us a little bit more about how it works and if you could kind of segue also into why open source. I mean, how did this end up becoming an open source project? I think that's obviously something our listeners wanna hear about being Flo weekly, but how did this come about and how did Adobe get involved?
Andy Parsons (00:09:27):
Yeah, so the CAI or the content authentic initiative was started by us got underway in 2020. And again, it was recognized two important things which culminated in the open source work that we released just a couple months ago in June. And those realizations were, this is a long term problem. It's been with us since the days of stolen manipulating photography and removing his enemies from photos and probably long before that. And we felt that Adobe has an important role to play and a responsibility given that so much of the world's creative content goes through Adobe tools. Secondly, that it couldn't be an Adobe only solution that would be extremely foolish leadership at our company, knew that early on and said, look, we need to build an industry consortium, maybe a standard at that time at initiation and make this something that can involve the interests of everybody from social media to the entire news ecosystem, broadcast to Adobe tools, Adobe competitors.
Andy Parsons (00:10:29):
And you can see where this is going. Therefore needs to be open. Any spec that is created should not be under the umbrella of Adobe or Microsoft or the BBC or any particular member, but rather in an open ecosystem in a nonprofit, we found a very comfortable, warm home, warm home in the Linux foundation, of course. And then ultimately we wanted to empower engineers, building Providence solutions into their tools. And ideally what's better than a capitalistic motivation to build a startup and raise money and make money. We wanted to make it easy for them to pull in Providence technologies. Why use Adobe open source? It's the very same code that's running in Photoshop and other creative cloud tools. And in the interest of adoption, answer your question directly, Catherine nothing, spurs adoption, then free permissive licensing. And that's why we took this approach.
Doc Searls (00:11:25):
So I've boy, I have a whole bunch of questions queued up here, but while I'm juggling tabs on my desktop, I have to let people know first that this episode of plus weekly is brought to you by IL and original podcast from Mozilla. IRO is a show for people who build AI and people who develop tech policies, this hosted by Bridget Todd and this season, IRL looks at AI in real life. Who can AI help? Who can it harm? The show features fascinating conversations with people who are working to build more trustworthy AI. For example, there's an episode about how our world is mapped with the AI, the data missing from those maps tells as much of a story as the maps themselves. You hear all about the people who are working to fill those gaps and take control of the data. There's another episode about gig workers who depend on apps for their livelihood.
Doc Searls (00:12:13):
It looks at how they're pushing back against algorithms that control how much they get paid and seeking new ways to gain power over data, to create better working conditions for political junkies or episodes about the role that AI plays when it comes to the spread of misinformation and hate speech around elections, a huge concern for democracies around the world. The latest episode I listened to this morning opens actually with a sad story about a guy who lost his wife from misdiagnosis because of a melanoma, because all of the existing expertise in this in terms of pictures was of lately complected people. His wife is African American and she died. It's really bad, but he's taken control of that thing and filling AI with much better information, much better picture is kind of an open source angle to it as well. So I highly recommend going and checking that out. So search for IRL and your podcast player will include a link in the show notes by thanks to IRL for their support. Okay. So again Andy, you mentioned the Linux foundation. It seems like we run into the Linux foundation everywhere. <laugh> and they jump ahead of everything. So what is the connection there with the Linux foundation? I mean the other day, for example, they announced an intent to form a foundation around something, not this particular thing, but I'm wondering what that connection is.
Andy Parsons (00:13:34):
Yeah. So I think what we wanted to avoid in the early days of opening this and making it again outside the umbrella of any particular company or contributor was things like the intent to form a proxy for a decision that might be made in the future, wanted to avoid that kind of thing. And within the Linux foundation is housed a project structure called the JDFs a joint development foundation. I think probably the most well known besides our project selfishly the most well known JDF project is probably the Alliance for open media that focuses on video and other things. And it's effectively just add water sort of way to found standard development organizations. So rather than reinventing the wheel, inventing an IP policy or adopting one involving armies of attorneys to set up a nonprofit you can go to the Linux foundation and the folks who run the JDF in particular and say, we wanna form a standard development organization.
Andy Parsons (00:14:36):
We want extremely permissive w three C compatible licensing and you choose from their kind of menu of options for forming the organization. And then you're ready to go. So rather than months or multiple months of setting up the organization within a couple of weeks, we were ready to convene and begin and read the IP policy to participants. So I don't know of anything else. I'm not a standard historian by any means, but I don't know of anything else that makes bootstrapping organization so straightforward. And again, feeling the urgency that we all felt forming this thing, we didn't wanna kind of focus our energies on the setup, but rather forming the task forces and the technical working group and starting to get some standards down on paper. So the Linux foundation was the exact right home for this
Doc Searls (00:15:32):
On to Catherine.
Katherine Druckman (00:15:33):
Sorry. Yeah. So I'm actually looking at the tools themselves and I think our listeners would be anxious to hear a little bit of an explanation about each of the open source tools that you provide. If you go to content authenticity.org I noticed you have a JavaScript SDK, there's a command line tool, a rest SDK. Can you tell us a little bit more about that? Why rest? I thought that was an interesting choice. And you mentioned it actually in our pre-show notes. I thought maybe I'd like to hear about that actually. Yeah,
Andy Parsons (00:16:06):
Definitely. Let me remind a little bit, Catherine, answer a question you left hanging and that he didn't answer, which is how does this work? And then I think from that, yeah, yes, we can. It'll be clearer why we created these three tools and even why rest. So, as I described, the idea behind Providence is to capture verifiable information when an asset is made. So imagine in a Photoshop workflow or any video editing workflow, you bring in lots of what we call ingredients. You mix them together and then you export a final master or final JPEG or of paying or what have you. And the idea is you effectively develop a graph of the contributors to that content and what tools were used. Now, I should make it clear. All this is opt in. This is not intended. Or in fact there are counter measures to make sure this can't be used for surveillance identity isn't required.
Andy Parsons (00:16:55):
In fact, the minimal claim that is made in one of these cryptographically signed manifest, as we call them is just a timestamp, maybe a thumbnail of what the media looked like before. And so you can compare it with the after, but the idea is to capture everything that a creator or a photographer or a news organization wants about how the thing was made. So for example, there's a kind of broad spectrum of use. One would be let's say a creator using Adobe tools or other tools who's minting NFTs, or trying to monetize their work in some other way. You wanna get credit for your work doesn't mean you can't have pseudonym ID and we can get much more deeply into ID. I know that's been a topic on other shows identity specifically you can get credit for your work, but you can be Banksy. You can be Andy Parsons or Doc circles and you wanna attach your identity in some form or another to the media itself.
Andy Parsons (00:17:49):
The other end of the spectrum is maybe you are a conflict photojournalist. And the worst thing for your personal safety would be to reveal anything about GPS coordinates or the device you're using, or of course your actual identity. And therefore just the timestamp is required there, but that conflict photojournalist might want to show what edits were made in an editing tool to make sure that that work conforms, for example, to AP or New York times standards for information integrity, and we can exist anywhere on that spectrum from purely focusing on identity and attribution, all the way to transparency about what something is and how it was made and making sure that a police car wasn't added or removed from a photo or video. So these tools allow us to do all of those things. And the trust model is based on a digital signature. I've listened to it.
Andy Parsons (00:18:41):
One of the episodes you did with Dave Hughes be who pointed out that X 5 0 9 digital signatures had been around for many decades, proven we need not necessarily look at blockchains and new ways to create digital signatures and proofs, and why not use a decades old hardened proven technology. So we effectively created digital signature, which of course Adobe has quite a lot of experience with we sign and bind the manifest, which it contains all those facts I described to the media itself so that it inextricably travels, wherever that media may go. And that's the idea behind the CAI and the C two P standard. It addresses that for a number of file types. It even covers streaming. And in the future, I think it will also address live streaming. So broadcast and video calls where you might have somebody for good or deleterious purposes appearing to be someone that they are not, whether it's a cartoon character or a politician.
Andy Parsons (00:19:39):
There's a lot of relevance for Providence to those kind of situations as well. So turning to the open source tools and the spec by the way is open free. There's no IP it's available to anybody. Most of us wouldn't wanna read a deep technical spec just like we would like to grab open SSL and not read all the SSL. So we hope that the Adobe open source will be one of a constellation of open source tools that make it very straightforward to do this. And as you pointed out, it comes in three flavors. One is a JavaScript SDK that lets you effectively drop a few lines of JavaScript on a webpage or into a web-based mobile app and any images or soon videos that come through in that context that have Providence data will display it. You're showing an example there, perfect timing. So that little I icon represents the presence of C two P a Providence data.
Andy Parsons (00:20:36):
And you can click on it and reveal a high level summary of in this case, we're showing what ingredients we're mixed in. Who's getting credit for this who's signing for. It could be an organization, could be a synonymous ID. It could be Andy Parsons. And then we can learn a little bit about what comprises that particular asset. So that's what the JavaScript SDK does. It allows you to do this in any web based application of any kind. There is a thing called the C two P tool, which is a command line app that could be shelled out to, from a service. We have folks doing that. In fact, Adobe stock takes this approach. So I think some number of hundreds of thousands of Adobe stock assets go through this process every day as they're downloaded. And we have sort of a last mile Providence edition that uses that tool but you and your listeners might also be familiar with something called exit tool which is an open source project made by a gentleman named Phil Harvey, who many of us in the photo ecosystem, Phil is a hero in the open source ecosystem.
Andy Parsons (00:21:39):
Exit tool is pretty much the clearing house tool for anything you want to do with exit data or image metadata in general. And we'd like to see C two P a tool or something like it, be that for digital cryptographic Providence. So it does all the things like show you different kind of disclosure about what data has been signed into the asset. It will allow you to create test certificate. So you can play around with making your own cryptographically signed CT P a metadata and everything in between. So via the command line. And then the third offering is in the interest of convenience, the CT P a tool and the JavaScript SDK are kind of purpose built for specific scenarios. For example, the JavaScript SDK has some UI built into it. You can skin it and add CSS any way you want, but it's basically meant to replicate a UI.
Andy Parsons (00:22:35):
We just saw a moment ago and the lower level SDK allows you to do whatever you like. So it does all the heavy lifting. It implements kind of the tricky parts of the spec, which involve things like C B a variety of cryptographic signature types that are all implemented. So it's very straightforward to bring that into your app to link it in. And this is where Russ comes in handy, and that we've seen that work and proven that it's pretty facile in iOS, on Android really any kind of language finding you would like to create, and largely thanks to Mozilla of course, originators of the rust language itself. But also there continues to be this rich ecosystem of tooling from Mozilla, and now with lots of other contributors to make bindings other languages really straightforward. So in short, why rust, if you take something that has really deep memory protections without garbage collection, which isn't portable across platforms and probably not viable on cameras and mobile devices.
Andy Parsons (00:23:38):
And then you connect that to bindings for any language you might be using, be it Python or C or C plus plus or swift. You have this really interesting tool set that runs fast that has memory safety like many other statically compiled languages but without the dangers, of course, of something like C, C plus plus, and a very small distributable B distributable binary or library. So it offers a tremendous amount of flexibility. I would say in my experience, and this is mostly me, proxying for my team who writes rust code every day. There's a learning curve, but it pays off in orders of magnitude of productivity and lack of bugs. So we're very pleased with rust, it's sort exploring rust in other areas there are many large companies who are taking advantage of rust, and I just, couldn't be more pleased with our personal experience using it for this project.
Katherine Druckman (00:24:39):
There's a lot of great info in there. Well, there's always a learning curve isn't there, but I'm wondering specifically you know, mentioned the developer experience. I wonder about adoption. I actually wonder about adoption from the end user perspective, but also the developer perspective. I know I've noticed, I read the New York times article about this, that you link to on the site as a case study. And I'm wondering where developers and end users can see this in the wild and what kind of the uptake is on all of this.
Andy Parsons (00:25:18):
Yeah, it's a great question. And essential question. I I'll start by describing what ultimate success looks like for all of us. I would say, even for society at large, to have the transparency that the content authenticity initiative and the CT P standard enabled to have that available to everybody everywhere. Now, when I say it's early days, I'm saying that there's a lot more work to do on the adoption side. There's a gentleman on my team who has decades of experience as a conflict photojournalist himself. His name is Santiago lion. He speaks quite a lot and very well about the CAI and the C DPA. Santiago also ran the photo organization at the associated press for 15 years in a VP role there. So he really understands the urgency in the necessity for information integrity when it comes to media especially in this environment, which we live with social media, where things are shared with impunity, because they might fit someone's worldview without really pausing to take a look at what something is and whether it's trustworthy or not.
Andy Parsons (00:26:21):
So we have made tremendous inroads in the kind of information ecosystem generally in news, if you look at the roster of, I think we're up to 800 plus members of the CAI, this large community sort of centered around open source and conversations about Providence and its applications you'll see names like AP and Reuters and AFP camera manufacturers. What you may not see yet is the kind of end user facing kind of last mile social media sites and other kinds of sites where news can be shared from the BBC to media feeds and things like that. And all I can say about that is stay tuned. We're working on those and the ecosystem of smaller companies and startups, many of which you've heard of many of which you haven't is very rich and active. So we have a discord channel. We have a membership that's very easy to be part of the CA you just go as give us your logo and some information about what you intend to do, and you can be party to all of our free events get some support from the Adobe team on the open source side.
Andy Parsons (00:27:27):
And there are other benefits. So I would say it's early, but we're seeing signs of a really rich ecosystem. We're doing things pretty much right to my eye, Catherine, but I don't think that's why this is gonna be successful. I think, again, that everybody in the orbit around misinformation and attribution for creators feels the same urgency that we do to figure out at least a foundational layer of trustworthiness to add to the internet itself. And that's why they're involved. And we're getting a lot of great feedback about the tools. There are dozens of implementations underway with some of those big name partners and some of the less known companies as well. So we are beginning the journey, not we have not ended it yet.
Doc Searls (00:28:12):
So I have a question about identity, which I think is hopefully an important one, or maybe just a coincidental one. But first I have to let everybody know that this episode of loss weekly is brought to you by bit warden. Bit warden is the only open source cross platform password manager that could be used at home at work or on the go and is trusted by millions with bit warden. You can securely store credentials across personal and business worlds. Every bit warden account begins with the creation of a personal vault with bit warden's username generator. You can integrate with the following popular email forwarding services that are also open source, simple login, and an Addie Firefox relay, and now fast mail that makes adding another layer of security and privacy easier than ever when using bit warden to generate a new username, the option to create an email aliases presented with a sub for choosing your preferred service, enter the API key for your individual account.
Doc Searls (00:29:10):
With the chosen service select the desired options in what's generated a new alias is instantly registered to your account. Using unique usernames, email addresses and passwords for every account is a powerful method for increasing internet security and privacy and adds protection to logins in the face of data breaches and leaks. This feature is available on the web vault desktop app and browser extensions with mobile plan for future release. And for those customers that use bit warden to generate T O TP codes, they can access it more easily on a dedicated screen on their mobile app bid word into and bust need for your business is fully customizable and adapts to your business needs. Use bid word, and send a fully encrypted method to transmit sensitive information. Whether text files generate unique and secure passwords for every site with enterprise grade security that GDPR CCPA HIPAA and SOC two compliant their end to end encrypted vault helps mitigate phishing attacks.
Doc Searls (00:30:10):
And bit warden has recently added even more enterprise capability by adding S C I M or skim support to make it even easier to provision and manage users. Their team's organization is $3 a month per user share private data securely with coworkers across departments or the entire company enterprises can use bit board's enterprise organization plan for $5 a month per user individuals can use their basic free account forever for an unlimited number of passwords or upgrade time to their premium account for less than $1 a month. The family organization option gives up to six users premium features for only $3 and 33 cents a month at TWI where fans of password managers bit warden is the only open source cross platform password manager that could be used at home on the go where at work and is trusted by millions of individuals, teams and organizations worldwide get started with a free trial of a teams' or enterprise plan, or gets started for free across all devices as an individual user at bit warden.com/TWiT that's bit warden.com/TWiT.
Doc Searls (00:31:19):
Okay, so I wanted to talk identity because we've had a lot of guests on the show and full disclosure I'm involved with it too. So was my wife with the whole SSI self sovereign identity, verifiable credentials approach to personal identity where you're not, you don't have N ID. You have something that says, I have tickets to the game. I went to this school. Here's where to find my what where it's minimum disclosure for constrained uses justifiable parties is a whole set of rules. And it seems to be, this is very close to that. And I'm wondering what the overlap is. If I I'd, hadn't thought about it before that wow data can be making a presentation of a verifiable credential that can be authenticated somehow. And that data could be, this is a real source. This is a real story. This is not BS here. I can trust this. And then you can unpack it with that little eye that you see in the corner of a webpage. So tell me more, but you're nodding. So I imagine there's a connection there. Yeah,
Andy Parsons (00:32:26):
There's a connection. I mean, full disclosure is something that we talk about a lot in the standards organization, and it's not a solved problem, but you're totally right, doc. I mean, there's a tremendous amount of overlap between general public key cryptography. The notion of decentralized IDs, which was, I think recently graduated to w w three C recommendation after some churn around focusing it on kind of standard clear ways to create did resolution methods and things like that. But verifiable credentials are super interesting. I mean, the topic is extremely germane to what we do with content authenticity, because as you said, age old example, you shouldn't have to show your government issued ID to get into a bar. You need only prove that you're allowed to go into that bar or whatever. And similarly with disclosure and verifiable presentations, which of course are part of the VC.
Andy Parsons (00:33:23):
I think we have a ways to go to make true SSI accessible to consumers. And I'd love to hear your opinion on that as well. I'm sure you're pretty close to it currently to get ready for that. We do use the did document that is retrieved and VCs in the format of the CT P a metadata. So sealed into that chunk of CBO R is a did, and various verifiable credentials representing some of the data you described. So we're on a road to get there building an ecosystem around issuers and holders and verifiers specifically for disin info and credentialing is a ways away, but we definitely want to, I should have mentioned up front, like what we're doing with the CAI and the CT P specifically intends as a guiding principle to invent the least required novel technology. We don't wanna reinvent PKI. We don't wanna invent new blockchains if that's not necessary.
Andy Parsons (00:34:21):
And we certainly don't want to stick our noses in identity, which has a long history a fraught history, but a history. So issues of reputation, identity, verifiable credentials, we want to adopt the good work that's being done in many organizations, including a double w three C. So there is overlap. I think in the coming years, you will see self sovereignty of private keys. So I don't need an organization to proxy for my identity. For example, in Photoshop currently, Adobe will effectively authenticate you using standard means you can off your Instagram account and connect various accounts. Again, I'm not using the word identity here because these are accounts, not identity and eventually other kinds of verifiable identity that might involve physical verification, waving your hand in front of your face with a certificate issuer, holding up a government ID. So at least even if you don't trust me, Andy Parsons, that I am who I say I am according to some third party KYC style customer. So all the things I just mentioned are part and parcel to, I think the eventual broad adoption of DIDs and VCs, and we wanna be ready for that when it's accessible to consumers so that I can be me or I can be Banksy. I can reveal only information that's necessary for you to verify and frankly, decide for yourself whether to trust an image or a video or a social media post.
Doc Searls (00:35:44):
Wow, there's so much there. You were actually twisting my mind, even as you're speaking about how to make all this identity stuff succeed. My first thought is you may be further ahead than the whole identity world is by working on your stuff, because you're talking about verifiably, authentic data and verifiably, authentic sources that may be a lower hurdle than trying to get the whole world to start waving verifiable credentials in front of some relying party. That has no idea what you're doing. <laugh> I think an issue there with the entire dead identity world going to self sovereignty and all that stuff is that the norms are, or the fly wheels of business as usual, and of the norms that we've had predating the net, you know, carry a bunch of government issued IDs and other business issued IDs. We call them IDs. They're not IDs, they're just they're documents, but they're in little rectangles that are plastic in our pockets.
Doc Searls (00:36:53):
And we present those and we get into Costco or we get into a bar or some other thing. And that's a norm that is very, very well established. How do you get past that? And I think the issue is UI. The issue is somebody has to invent the thing that mothers, the necessity, where you take one, look at it and say, I have to have it. My example for that is the smartphone smartphones are around for a long time before apple figured a way to make it easy. And where you take one, look at that. And you said, I had to have it. I remember people saying nobody's ever gonna want a phone that doesn't have a keyboard on it. Well, guess what? Apple's phone didn't have a keyboard on it, but it had apps. And all of a sudden we're living in that world and we've been living in there ever since it'll and somebody else may come up with something better.
Doc Searls (00:37:38):
I don't know. So let me twist this a little bit to going down to route of Providence. I think the high hope here is that every website that has a stake in reputation is gonna want that little eye in the corner of the webpage of every webpage. That's kind of like an RSS we used to be, and I'd like to see the RSS symbol to go back on there. Cause I think RS is a wonderful thing and I'd love to have Dave wine on the show later. Cause he's doing great stuff there, but we need to have that there because then you'll know, even if it's not quite real, you can track it down. You see it and it be easier for everybody. I also have another thought, which is, and this is really off base, but I think it's an interesting one in my own project that started at the Berkman center at Harvard a long time ago, we came up with an idea called emancipate eman.
Doc Searls (00:38:38):
The idea with emancipate is you can throw money at anybody you want for whatever you want. And so for example and at a whim, or you can program it in, I just have it automatically I'll record everything that I'm have my own record of everything that I've listened to. And I've watched, then I can voluntarily throw money back at it in a way that gets escrow at some trustable place. But at cascade I can cascade it down through sources. So for example, it was reporting. I can say, boy, I really like that. Andy had that. And then his sources were this or this or this or with music, cuz I know you play the sax. Let's say I like that piece of music and you're on that. And I want the band paid, right? Or I want the composer paid and I can put that into there. And that's an idea has been laying around for 17 years and nobody's adopted it. But I think there may be a way to do it through this, the schema, the ontology. I'm not sure what the right word for it is for what you're scaffolding up there. And I'm wondering what your thoughts are about all that. It's a lot.
Andy Parsons (00:39:44):
It is a lot. How much time do we have another two hours? Oh
Doc Searls (00:39:47):
Catherine. It's like about 20 minutes away. One more ad. Isn't there. So
Andy Parsons (00:39:52):
Back at you doc, cuz now you're twisting my mind and there's a lot and I'm gonna miss some of it cuz years are turning. So first of all, I want to back up to a critical point. I couldn't agree more that the barrier for adoption of SSI and sane ID identity systems is us like a hundred percent user experience is it has a long way to go to put it mildly. And I think regardless of how you feel about the NFT or the cryptocurrency ecosystem, which are separate things or the involvement of blockchain as a tool to enable other kinds of reasonable and justified decentralization without good UX to access these things and actually exercise your sovereignty over your private keys and also a baseline understanding of what these things are. I think we're doomed now. We're not actually doomed because there are good companies working on these problems, but it has a long, long way to go witness.
Andy Parsons (00:40:42):
The simple idea that many NFT collectors. And as you would imagine, we on the content authenticity initiative, talk to people in the art world who make the transition to digital art and exploring ways to be compensated and have proper attribution in all sorts of new kind of types of mixed media art. Some of them believe as they've been led to believe that the NFTs are in the wallet, the information is in the computer. What a wallet is, as you both know, is a way to steward private keys and unlock things on blockchains that live in a decentralized way, all over the place but relatively simple ideas like that. I think number one, I don't think consumers necessarily need to, or do care about decentralization until it comes to data stewardship and big companies owning your data. And we could spend one of our many more hours just on that.
Andy Parsons (00:41:35):
But again for utility and usage and adoption that a hundred percent comes down to UX. And that is in fact why Photoshop takes it makes some assumptions about the way people want to use this because if you want to use content credentials, which is the name we're using for the more creator accessible ideas behind the CT, P a standard, if you wanna add contacts, it needs to be as easy as possible and more over it. It needs to not impede your standard workflow. It can't slow you down in any way. You need to understand where you're doing in a responsible way. So you don't ally share identity in a public way, but it needs to be as seamless as possible. And I think that's where wallet software, and cold and hot storage and things like that that will enable D I D lack. So there's a long way to go there.
Andy Parsons (00:42:19):
Number one Providence in general I agree with you also for this to be successful, it does need to be ubiquitous. You should come to expect it. And that's why we started engaging with news organizations and creators of content and Adobe competitors and Adobe tools that we make. So that kind of the supply chain starting with cameras has Providence built into it. So that at the either end on social media, in other places, you can expose it as soon as there's a critical mass and there will be a critical mass in the next couple of years.
Andy Parsons (00:42:55):
And I think it really matters most because this data travels with the asset, no matter where it goes, you could argue and you'd be right to say, does the BBC or the New York times really need to prove the Providence of an asset on its own web properties where you already have an SSL certificate on a lock in your browser? No, probably not. If you trust the BBC's sourcing methods and you trust the BBC as a conduit of information then that's good enough. But as soon as that asset leaves, the BBC and an asset here could be a contextualized image or video that has text with it. It could be just a video that ends up on TWiTter. Then you really need to understand it's Providence, where it came from and at the bare minimum to be able to cryptographically prove that something that purports to come from the BBC actually did come from the BBC. So that's kind of the low hanging fruit for the ubiquity you described and having that icon everywhere, where it matters. And there was so much more in what you said. I forgot what I'm not even sure where to go next, but those
Doc Searls (00:43:56):
Are some, oh my it's too much. And I think actually we should probably talk later. Anyway, <laugh> definitely give a few seconds after this show. But one question I have is like, what's the path to success in this exactly. Or is you're imagining it out, cuz I mean, would love to see that little eye on as many sites as possible that are that traffic in trustworthy information and kind of a wheat and CHF threshing that will happen by nature. Once that comes up. And I think you've got a fairly bounded set of concerns here. Not trying the problem with SSI is trying to take on the entire identity world. That's a tough one, but you've got something much more bounded gonna take. Is it gonna take the New York times and the wall street journal joining this sea AI or what maybe they already have. And I don't even know it.
Andy Parsons (00:44:52):
They have indeed. Yeah. Oh good. So there's a broad spectrum of participants in the CAI. You both should join as well. It's open individuals and organizations, really anybody interested in this space who has something offer or learn. And I think that's pretty much everybody everywhere but I think the path of success were well past the starting line. As I said earlier, it by design, it started with gaining a consensus across industry human rights. I should note here that this is not intended, nor is it a bunch of big tech companies getting together to be the arbiter of trust. The CI at its fundamental kind of founding ideology is about transparency, not making judgment calls. So we would prefer that any platform or app not make judgment calls about its media in general, this is a broad generalization, but instead push the transparency all the way to the consumer.
Andy Parsons (00:45:48):
And that's what that I icon is for the, I doesn't indicate that something is trustworthy. It's not like a TWiTter blue check mark saying, Andy is verified. It's simply a way to say there's more here. Should you wish to learn about what this actually is? There's more here and if you're compelled to explore it, it's right there, a click or a tap away or a retina implant away, whatever it's gonna be in the metaverse. But I think moreover, the accessibility, which is also guiding principle also has two facets. It's number one, accessibility to engineers, developers, product people, designers who want to explore this and implement it but also accessibility geographically. And that means low cost implementation on low cost devices on apps that can run on not the latest generation of iPhone 20 fives. And that's something that we focus a lot of this kind of early ecosystem attention on is to make sure that this code that we're writing can run on those constrained devices.
Andy Parsons (00:46:44):
But there are other kinds of constrained devices that are newer, that are in the hands of photojournalist. They might be mirrorless cameras. They might be the number of manufacturers that are outfitting AFP and the AP and writers and others with the instruments to capture fact and tell the truth and tell stories about what the what's going on in the world. So when enable 'em as well. So that's all on the supply side. So as we think about success, there's like making sure we have plenty of supply of Providence enabled media. Then there's all the things that exist in news production pipelines and creative pipelines and agencies and digital experience platforms that touch that media change it carry through the metadata. So we need to make sure that at a minimum, they don't alter it in a way that isn't C two P a compliant that doesn't have the data continue to be bound to the bites of the asset.
Andy Parsons (00:47:36):
That's the first thing. And then the second thing is to embrace all of the platforms websites, mobile apps, operating systems, and eventually browsers. We wanna push this down to the metal, so to speak, not have every mobile app in the world need to implement CI open source from Adobe, but rather to have these facilities in the mobile OS itself because that's more secure, it can take advantage of hardware security and it can be available if you want it. It's right there. And it's the same code bake than the upper operating systems. So that's all to say, we have a long way to go, but success looks like penetration across all those facets. So that makers of applications and purveyors of information be it, video photos, audio 3d in the metaverse, whatever that is have access to it and begin to use it. We have good early signals that consumers want this and that they do understand that this is about transparency, not about judgment and portraying.
Andy Parsons (00:48:38):
You can trust these entities. You can't trust these entities and there's a lot more work that has to go in there. So on that last front, what we are doing is spinning up a lot of user research, both at Adobe and in the C two P funded by CT P a members funded by Adobe to understand how to get this message across to consumers, cuz it's not a straightforward message. And frankly, it's not one that we've needed before, which is to say, there's an icon here. There's a way to explore there's way to understand what this is rather than having interventions that say things like you haven't even read this article. Andy, are you sure you wanna share it? Instead if I do share it even on messaging systems and end in encrypted messaging systems, I'm sharing it with the context from which it came and that that's critically important and not straightforward to understand.
Andy Parsons (00:49:23):
So in service of that, we are also making efforts around. I would a new kind of media literacy really, which is be skeptical of everything. There was a time when fishing attacks were very poorly understood by consumers. You mentioned that earlier and now many people, if not most across all age groups would think twice or not even think about opening. Something that looks like it came from Citibank, but has a weird URL or a broken certificate and a browser. So I wanna get the media literacy level of our children, our grandchildren, our grandparents, our parents across geographies to be ready to embrace this when it becomes ubiquitous. So there's a lot to do. There are a lot of people involved and very interested parties involved, including human rights concerns who want to make sure that we safeguard founding principles like privacy and safety.
Doc Searls (00:50:21):
Wow, boy, <laugh>, I'm typing furiously in our back channel. And I know too, because there's so much we can unpack here and we're running short on time, which means I have to tell everybody that this episode of loss weekly is brought to you by compiler an original podcast from red hat devoted to simplifying tech topics and providing insight for a new generation of it. Professionals. It's hosted by Angela Andrews and Brent semio compiler closes the gap between those who are new to technology and those behind the inventions in services shaping our world. Compiler brings together stories and perspectives from the industry and simplifies this language, culture and movements in a way that's fun and formative and guilt free. Do you wanna stay on top of tech without the time spend in original podcast from red hat, compiler presents perspectives, topics and insights from the tech industry free from jargon and judgment.
Doc Searls (00:51:14):
They want to discover where technology is headed beyond the headlines and create a place for new it. Professionals to learn, grow and thrive. Compiler helps people break through barriers and challenges, turning code into community at all levels of the enterprise. In one episode, they cover the great stack debate. The software stack is like an onion or a sheet cake or lasagna, or is it it's often described as having layers that said on top of each other, but the reality is much more complicated and learning about it can help any tech career. The great stack debate is the first episode of compiler series on the software stack. They explore each layer of the stack and what it's like to work on them and how they come together into a whole application. Another episode covers are we as productive as we think the pressure to balance productivity with passion projects, personal responsibilities are just with the need to rest is challenging. Their team spoke with tech-minded creators in the productivity space on how to achieve full focus and how to make time for work relaxation and creativity. By the way, I've checked out that one of the great stack debate it's really good. The stack is not just the stack. It's more like I don't know, Tetris or something like that. We did a different metaphor for it. Learn more about COPI compiler at red.ht/TWiT list to compiler and your favorite podcast player. We'll also include a link in the show notes, my thanks to COPI compiler for their support.
Doc Searls (00:52:44):
So Catherine, you had one queued up <laugh> I
Katherine Druckman (00:52:47):
Do. Yeah. So here here's particularly interesting to me, this seems to me be a tech, at least a partial solution, a partial technical solution to what is a cultural problem. And while you mentioned earlier that you don't consider it to have the same meaning as for example, a TWiTter check mark, you're not necessarily verifying something the same way. It seems to me that you still need to build trust with end users, ultimately, especially non-technical people who may have zero understanding of what cryptographic signing is and any of these things. So I'm wondering how you approach educating consumers, or if, if you see that as your role, I'm curious to know how you envision getting buy-in from the rest of the world to trust that they can rely on this evidence of provenance for various media
Andy Parsons (00:53:47):
Highlighted Katherine, it's probably the hardest problem or problem area that we face in adoption.
Speaker 6 (00:53:53):
Hold on. I'm gonna cut in your mic was cut on my side. Gonna have you start again. Okay. Yes. That's Andy. Andy, right? Yeah. Yeah. Okay. Thank you. Go ahead.
Andy Parsons (00:54:03):
Yeah. So Katherine, you're pointing out one of the greatest challenges we face as we move ahead. So first of all, it's certainly not only Adobe who is responsible ultimately for educating consumers and the public and fact checkers. That's a responsibility that should, and I think is beginning to be spread across many companies and nonprofit interest and universities and others that we talk with frequently. And I also think you're a hundred percent correct to point out that this sort of sociological implications of digital Providence and its ubiquity I would say even geopolitical implications when you have obviously state funded actors who will be involved in some way good or bad in these ecosystems that develop, those are really gnarly problems. And I would be just a complete fool to tell you that we have that all figured out. I think this is an emergent ecosystem. Trust is important.
Andy Parsons (00:54:56):
I just want to not gloss over that too quickly here. So when I talk about the blue check mark, that's something that TWiTter might be communicating to. It's constituent saying, we believe Andy is who he says he is. And you can trust that too, cuz you trust us. It is important to trust the signer of C two P a metadata in these manifests. And the trust is rooted. There doesn't mean you need to know the person or the agency or the organization, but it does mean you need to trust the system, which I think is what you're pointing out. And that's why it's important that all of this be open. None of it can be closed. None of it can be proprietary. It can't be bound up in IP with any company or companies and it can't cost anything. So trust the force, read the source or whatever the saying is an open source.
Andy Parsons (00:55:42):
That's an important part of the solution. Now granted it doesn't necessarily touch consumers, but neither did the development of the lock in browsers. There was a time that I think maybe we're old enough to remember. I certainly am where there were more than two browsers and more than two underlining browser SDKs that everybody used and over time thanks again. To Mozilla there became a ubiquity ubiquity of lock, a certificate authority ecosystem so that there was the cab forum invented so that we could trust the certificates that ship with browsers, that's all technical, but ultimately it resulted in people being able to trust that at least the vehicle for them sending their social security numbers and financial instruments back and forth to websites was secure by some definition of secure. And we wanna do the same thing. So it's a giant nut to crack to do this across geographies economies and different kinds of individuals. But success back to docs earlier question does look like ubiquity and understanding and it does require all those parties to be fully plugged in, including universities. One of the things we are doing at Adobe is funding the developments of curricular materials that we will give away addressing the broad topic of media literacy, but kind of decorated with a very specific concept of media, Providence, which you think is going forward. One of the most critical skills for consumers to have,
Doc Searls (00:57:10):
Wow I'm looking at how little time we have left and I'm wondering, I wanna touch something. That's a little bit of a third rail. It may not be for you cuz you may be isolated from it, which is the authenticity of the way a website appears. When in fact it has a mountain of cookies coming into your browser. Some of those are from Adobe and then your personal information gets auctioned off somewhere. And I'm wondering whether that figures it all into your work or not because I have not been able to get a single reporter to touch that third rail because there's too much money in it, but I'm kind of famous for being an annoyance on that topic. So wonder if you're willing to touch that or not, or maybe you're so isolated from it, it doesn't matter.
Andy Parsons (00:58:06):
I think I'm isolated from it. And the CI is isolated from it. I will say that in the specification and in some, sometimes very vigorous conversations in the standards development organization, we do talk a lot about phone home kind of scenarios, where it's like, can some Providence live on the server and we've taken very careful actions to make sure that none of that is required. There's no scenario here where any server or company or cloud based system needs to touch any of your data, of course, including your identity. Now that doesn't mean that someone couldn't build something on top of the open standard that is effectively DRM, that does all sorts of behavior tracking. We neither encourage that nor preclude its possibility. And again, this is outside of Adobe, kind of outside of the CAI in particular, but certainly you can, we wanna make sure. And I think we've done a pretty good job on the standard side to make sure that a perfectly viable Providence system can be built on these specifications using our open source code that doesn't require any cookies or trafficking with servers whatsoever. So that is a hallmark it's absolutely required. Given the ubiquity that we talked about earlier, having every consumer everywhere, every piece of media, having Providence manifest, cryptographically attached, wanna make sure that this doesn't cannot wanna make sure this cannot become a massive surveillance system for states or others.
Doc Searls (00:59:31):
Wow. We are just about out of time. And I think that you've introduced so many incredibly important topics here Providence and authenticity. I mean, what could be bigger issues <laugh> yeah. Speaking is an old reporter here than where do you get that information, right? Exactly. And can you trust it? And you're talking about context as well and here in the physical world, we know what that is. It's very simple and most of it's visible, but online, not only is it not it's too easily gamed at this stage. So we're just about out of time. We always end with several questions or basically two basic, well, the first one, is there anything we haven't asked that you'd like us to have asked and you could answer quickly?
Andy Parsons (01:00:21):
Well, we didn't talk about barbecue doc. Maybe if you'll ever have, we can touch on that. <laugh> but no, I think we've covered to some good degree of depth all the topics. And there's so much more to talk about, but,
Doc Searls (01:00:33):
Well, I spent 20 years in North Carolina and I got a lot to say about that. And then Catherine's from Texas and which is probably a, I guess I have opinions came to it. <laugh> to barbecue. So we should talk about that. And actually we say this almost everybody, we definitely should have you back. And it has been great having you here. Oh, before we go, what are your favorite text editor in scripting language? If you have those, it made it be not be part of your job. Yeah.
Andy Parsons (01:00:59):
I obvious answer Python for scripting and nothing. I was shattering here, but I am a vs code convert from them. Oh,
Doc Searls (01:01:09):
Interesting. Oh, excellent. Very good. Very good in the VI family. So thanks again, man. This has been great having you on a show.
Andy Parsons (01:01:18):
Thank you both. It's been a pleasure and I do hope to come back is fantastic. A lot further.
Doc Searls (01:01:22):
Yeah. Fantastic. So Katherine. Wow. <laugh> I think good.
Katherine Druckman (01:01:30):
I'm so glad I got be a part of this. I was just listening and absorbing and learning. I think so much from this, but yeah, I'm glad I got to do this one.
Doc Searls (01:01:39):
Yeah, I think we have more, I think there's more in the back channel here between us on the, or back TWiT back channel. I didn't check that often cuz we were too busy with this and I know you had too many relevant thoughts about PowerPoint and I needed Photoshop and stuff like that. I think if he succeeds, it does change the world. I mean, because what do we want? We wanna know if this stuff is real or not. Right. I mean, that's a simple enough thing and it's
Katherine Druckman (01:02:14):
An ambitious goal, but incredibly valuable. And I think what, so coming from my perspective so if I just quickly plug, I have a new job, now I'm an open source of
Doc Searls (01:02:27):
Intel. Oh we
Katherine Druckman (01:02:28):
Did. I'm thinking I know. Yeah, we didn't do that. But I guess I just did, but I spent a lot of time these days thinking about open source security software supply chains and having this conversation really kind of drives home that I feel like the phrase of the decade of this decade is already supply chain. Like that is every, it is so important in everything that we do is provenance and tracing things authentically. I think it's yeah, it's a conversation I hope to be more a part of and I'm incredibly interested.
Doc Searls (01:03:05):
Well to complete the plug in case people missed it or not reading your lower third, are you working for Intel?
Katherine Druckman (01:03:10):
Yes. There
Doc Searls (01:03:10):
We go. Oh yes. This open. Tell us about that.
Katherine Druckman (01:03:13):
Oh sure. So yeah, Intel is heavily involved in open source software and I being new to Intel, I think hopefully you'll see a lot more from me@open.intel.com and my colleagues and yeah, we we're there to share with the world our open source activities.
Doc Searls (01:03:32):
And I remembering so
Katherine Druckman (01:03:33):
Follow this space.
Doc Searls (01:03:35):
I mean back when opensource first coin ISED from the military as a word by the geeks, they robbed it. They took it away, which is great. Made the world talk about it. It was in 1998 now 24 years ago getting big companies, the word open source already like a red hat to care about open source is a real chore. And now Intel has it. Adobe has it. Lots of big companies have it is a really cool thing. So I'm glad for that. So thanks for being on the show.
Katherine Druckman (01:04:08):
Yeah. Thank you for having me. This was a,
Doc Searls (01:04:10):
Oh see you on our own show. Incredibly
Katherine Druckman (01:04:12):
Lucky to been part
Doc Searls (01:04:13):
Of this one.
Katherine Druckman (01:04:13):
Yeah. I'll see you tomorrow on
Doc Searls (01:04:14):
Our it's the other plug that encounter and I have our own show too. So that's a reality, two cast, so great. Great. Hi you everybody. I haven't looked at who we have next week. I should look real quickly. Oh my gosh. I always mean to do that. And then I don't. Let me check the schedule. Oh wow. Yeah. Jonathan Corbit of L w analytics weekly news. He's stayed on the case for a very important guy in the Linux world. So that's Jonathan cor, but that's coming up next week. Be there I'm Doc Searls. This is plus weekly. See you then,
Speaker 7 (01:04:51):
Hey, we should talk Linux, the operating system that runs the internet, but game console, cell phones, and maybe even the machine on your desk and you already knew all that. What you may not know is that TWiT now is a show dedicated to it. The untitled Linux show, whether you're a Lenox, a burgeoning CSIT man, or just curious what the big deal is, you should join us on the club. TWiTdiscord every Saturday afternoon for news analysis and tips to sharpen your Lennox skills and then make sure you subscribe to the club. TWiTexclusive untitled Linux show. Wait, you're not a club TWiTmember yet. We'll go to TWiT.tv/club twit and sign up. Hope to see you there.
