Privacy Preserving Image Sharing

Privacy Preserving Image Sharing

Self-Sovereign Identity (SSI) Systems enable users to manage their own identity through the use of credentials that they collect and retain in a wallet, in contrast to federated identity systems which manage users’ credentials for them.  The SSI approach is decentralised in that there is no central store where  users’ credentials are held; they are instead distributed across users.  This approach gives users control over who knows when and where they are using their credentials.  Furthermore, SSI systems support the principle of minimal disclosure, where users can give proofs that they are in possession of a credential that provides certain guarantees (e.g. that they are over 18, or that they are an accredited journalist) without giving away  additional information such as their date of birth or their name.  This is in contrast to a physical credential such as a passport – to use it to prove you are over 18 you have to show your date of birth – disclosing more than the minimal requirement.

SSI systems are still emerging, and are being explored in a variety of contexts where users will want to manage their own identity.  Often this can be for privacy concerns.  Our project on Identity within DECaDE is applying SSI in a novel way, to use credentials to manage claims about origination of digital assets that can be managed in a privacy-preserving way.  To dovetail with other projects within DECaDE, we’ve started by working with images, but the principles are more generally applicable.  A user can obtain a credential linked to an image which they can use at a later point to claim their relationship with that image, such that through minimal disclosure they can assert such claims and thus manage their rights over the image, while never revealing their identity. 

This enables photographers to share images in situations where they want to retain anonymity.  This has many applications, for example whistleblowers may wish to provide evidence without revealing their identity (e.g. the originator of the photo of the lockdown gathering in the Downing Street garden); activitists may wish to circulate images of authorities behaving inappropriately; and photo journalists or citizen photographers may wish to share pictures for example from the war in Ukraine or demonstrations in Russia. Being able to maintain rights over the image through a privacy-preserving credential gives the ability for the author to manage the image and to underpin its authenticity, and enables them to do it in a way that is completely under their own control.

Our project has been developing a proof of concept system, which manages a portfolio of such images through an SSI wallet.  We’ve been developing the technology for the decentralised ecosystem around this: for photographers, for credential issuers, and for the consumers of such images, all to be able to interact in a privacy-preserving way.  In this way we aim to support those who want to get their images out there to make a difference, but need to be cautious for their own safety.  In present times, we see more of a need for this than ever.

Author-Professor Steve Schneider

Project Lead and Director, Surrey Centre for Cyber Security