Privacy Protections Against Non-Consensual Intimate Media (NCIM) Abuse

Last updated: October 2024

Introduction

Non-consensual intimate media (NCIM) refers to the “unauthorized creation, obtainment, or distribution of sexual content featuring someone’s body or likeness” and can take various forms, including “unauthorized dissemination of commercial content, sexualized deepfakes, and what is colloquially known as ‘revenge porn.’”

This project proposes a defensive toolchain augmented with data provenance tooling for protecting images from being used to produce non-consensual intimate deepfakes. This work can be generalized to protect other forms of media content from non-consensual data use and may be furthermore integrated into social media platforms, media sharing platforms, and AI models to support a broader digital ecosystem that prioritizes informational agency and consent. 

Background 

Our current digital landscape lacks tools and protections for safer digital intimacy. Around 8 in 10 adults share intimate content digitally, with few options for consent and access once these images have been shared.

Non-consensual intimate image abuse impacts 1 in 3 people; disproportionately harms marginalized groups, e.g. women, LGBTQIA+, migrants, and victim-survivors of intimate partner violence; is often used for humiliation or harassment; causes severe emotional and social distress and trauma; and can put physical safety, reputation, or job security at risk for those affected. It impacts a second victim-survivor as well: the sex worker who experiences financial harm from stolen content. In both cases, the victim-survivors of NCII abuse experience gross violations of consent and bodily autonomy, having very few options for taking down abusive content and even fewer for prevention.

Existing systems for takedowns either: 1) rely on image hashes, which may not be robust to simple image transformations such as cropping and may only apply to a limited number of participating platforms, or 2) work through DMCA requests, which can be ineffective and can have a 0% removal rate for non-copyrighted media. 

NCII abuse further illustrates a broader issue around data consent, as increasingly large platforms and data brokers use consumer data with little to no notice nor controls around access or consent. New paradigms for privacy tooling can introduce possibilities for agency and consent over personal information, and may need support on multiple fronts, through policy, social culture, and technical frameworks.

Design

1. Defensive toolchain for image protection 

The main approach for this proposal involves creating a defensive toolchain for protecting images from non-consensual use. By running images through the toolchain, the resulting output image can be difficult or unfeasible to be used for training deepfakes. 

Existing options for toolchain components may include tools such as: PhotoGuard, a tool that makes images difficult for generative models to edit; and facial recognition prevention tools such as Fawkes, a digital image cloaking tool that tweaks images including faces to be unrecognizable to AI facial recognition models, and LowKey, which similarly “applies an adversarial filter to images that impedes their use in face recognition systems,” using minor changes such that AI models ignore the processed image during training, making the image an “unlearnable” or “adversarial example.”

2. Data provenance tooling

Data provenance tools can make it possible for social media platforms, media sharing platforms, AI models, and more to only accept uploads or inputs from the verified content owners themselves. Digital signatures, zero-knowledge, proof-carrying data, perceptual hashes, and more can be used to augment data protections through cryptographic verification; prevent non-consensual uploading, publishing, distribution, and sharing of media content; and facilitate take-downs of non-consensual intimate content. 

Some existing tools, frameworks, and organizations supporting data provenance include: Coalition for Content Provenance and Authenticity (C2PA), “an open technical standard that allows publishers, companies, and others to embed metadata in media for verifying its origin and related information” and can make it possible to verify the provenance of media content, with applications including fighting disinformation and supporting “responsible digital media creation, publication and sharing;” Content Authenticity Initiative (CAI): a secure, open-source, end-to-end system for digital content provenance using Content Credentials, with 3k+ partners including Adobe, Canon, Nikon, and more; PhotoProof: Cryptographic Image Authentication, a tool for image authentication using cryptographic proofs robust to specific image transformations, embedding proofs into the image itself, as metadata can be tampered or stripped; and ImageAngel, a tool originating to combat image-based abuse, using invisible watermarks to address unauthorized image distribution. 

Deliverables

Using these approaches in tandem, an accessible web tool can be built where users can:

  1. Protect their media from being used to train models against their consent.

  2. Watermark and verify ownership over their content as a step towards preventing non-consensual image distribution.

Potential deliverables may include:

  1. Research and exploration of existing tools and their tradeoffs.

  2. A open-source, technical toolchain integrating various cryptographic components for protecting media content from non-consensual use.

  3. Published writings such as a whitepaper, report, and/or blog posts presenting findings and recommendations, proposing a system that can build on existing tools, and identifying remaining gaps and needs such as through policy and cultural work for combating non-consensual media and data use. 

Open Questions 

  • How can social media platforms, media sharing platforms, AI models, and more use watermarks, cryptographic signatures, and other certifications to combat non-consensual content generation and distribution? 

  • How can frameworks of “unlearnable examples,” “data poisoning,” and “data strikes” apply to creators and users protecting media content? 

  • How can cryptographic frameworks create digital governance structures that prioritize agency and consent? 

  • How may this work generalize to other forms of media, such as audio or text? 

  • What further policy changes and social or cultural frameworks are needed to support this work?