Wednesday, July 9, 2008

Photo fakes, data loss and co-evolution

Over the last year there have been some high-profile photographs that initially caught the world’s attention and were then revealed to be fakes.

Picking some that I followed in the news we have the recent famous photo fakes from China (which for some reason are all animal-based) and include the wild tiger, photo contest pigeon shot, and antelopes by the new train to Tibet.

Now we also have augmented photos from the recent Iranian missile launch.

Sure, photographs have been altered since there has been photography and some fakes have lasted more than 100 years before being found out (such as one from the US Civil War). Intentionally doctored photographs were more difficult to make but certainly were made in the past.

One thing that all of the above examples have in common is that the doctored photos improve upon the composition of the original. The other thing they have in common is that they lessen the belief that we have in the photographic image, especially those from official sources. Further, the notoriety of these fakes will not dissuade people from creating more fakes; rather, more care will be taken and future fakes will be harder to spot until fake-spotting techniques also advance, resulting in better faking techniques, ad nauseum.

The issue is one of co-evolution. That is, once there is a way of protecting something valuable – a lock and key, for example – eventually someone will develop a way to pick the lock. We see this in areas as varied as encryption technology, the recent man-in-the-middle attack that freed the hostages in Colombia, elongated trumpet-vine flowers matched with elongated hummingbird beaks, and so on.

This continuous development of ways to break through security requires that corporations continually step-up controls on sensitive data. It is also why we can always expect to hear about examples of unintentional data loss in items as varied as social security numbers, pension data and credit card numbers. Mistakes also happen (a laptop with sensitive data is left on a bus) and databases are hacked. Since we have to share some degree of personal data in order to easily maneuver our way through this world, we need to prepare for eventual possible data loss. Therefore, corporate (or personal) data security is not only a question of what you do to prevent data loss, it is about what you do after it occurs.

No comments: