TheBirthmark Standard Foundation

The Birthmark Standard is designed to never need investigations. Camera compromise requires ~$100K-$1M per device. But we need a response plan for state-level attacks and credibility challenges. This documents our contingency—transparent safeguards for Coalition members, privacy advocates, and journalists evaluating the system.

Financial Barriers

$500 claim fee, forfeited if rejected. $1,000 total return if camera blacklisted ($500 refund + $500 bounty). Makes frivolous claims expensive while rewarding legitimate concerns. Any Coalition Member can waive fees for credible cases.

Technical Evidence Required

Foundation contracts professional forensic analysts (e.g., Bellingcat). Claims need specific measurable anomalies: noise pattern inconsistencies, impossible lighting geometry, metadata violations. "This looks suspicious" gets rejected immediately.

Enhanced Protections for High-Risk Contexts

Regions on CPJ's Global Impunity Index or active conflict zones require:

• Unanimous vote (3 of 3, not 2 of 3)
• Mandatory consultation with press freedom organizations (RSF, CPJ)
• Higher evidence threshold (multiple independent anomalies)
• Expedited appeals (7 days vs. 14 days)
• Escalation rights to full Coalition vote if consultation ignored

Distributed Control

Transaction log decryption requires 3 of 5 geographically distributed key holders. Keys stored cross-jurisdiction (US node's key in Europe). Sequential compromise needed: attacker must compromise first node to identify second target, within key rotation windows.

Limited Consequences

Only camera serial number revealed. Historical images remain authenticated—blacklist blocks future submissions only. Successful appeals completely remove blacklist (no "reversed" notation).

Transparency & Sunset

Annual public reports (claims, blacklists, appeals, geographic distribution). Any Coalition Member can access investigation materials. Five-year recurring review with option to sunset investigations if Coalition determines capability has become harmful or unnecessary.

1. Claim Submission: $500 fee + suspicious image
2. Preliminary Review: Professional forensic analysts assess. Rejected if no specific technical indicators.
3. Committee Vote: 2 of 3 (standard) or 3 of 3 (high-risk contexts)
4. Log Decryption: 3 of 5 distributed key holders cooperate
5. Manufacturer Query: NUC hash → camera serial number (manufacturer never sees image content)
6. Blacklist Decision: Public record with technical justification. Owner notified.
7. Appeal: Independent expert review. During appeal, owner can submit hashes of critical images for immediate authentication.
8. If Appeal Succeeds: Blacklist completely removed, no public notation.

Can investigations identify photographers?

No. Only camera serial number. Manufacturers may not have purchaser records (secondhand sales, gifts). Even with serial + purchaser name, cannot link specific images to people without already possessing those images. System designed so no entity correlates "this person took this photo" without outside information.

What protects photographers in dangerous regions?

CPJ Index regions and conflict zones get unanimous vote requirement, mandatory press freedom org consultation, higher evidence threshold, expedited appeals, and escalation rights. Investigation never reveals identity, content, or location—only serial number. If activists strip geotags before sharing (recommended), there's no location to investigate.

Investigation and editorial freedom

Images can only be investigated if shared. At that point, risk equals existing forensic analysis (anyone can submit to services like FotoForensics today). Investigation doesn't reveal photographer identity—only determines if camera serial number should be blacklisted.

What prevents governments flooding with false claims?

$500 non-refundable fee per rejected claim. Claims need professional forensic evidence before reaching committee. "This makes us look bad" gets rejected at preliminary review, fee forfeited.

Camera blacklist appeals

Submit hashes of critical images immediately (authenticated while appeal proceeds). Provide technical explanation. Independent expert reviews. Committee votes (2 of 3, max 14 days; 7 days for high-risk). If successful, blacklist completely removed with clean records. Coalition Members can expedite for photographers in high-risk contexts.

What prevents scope creep?

Coalition consists of journalism/press freedom orgs (NPPA, CPJ, RSF, IFCN) whose mission is protecting against surveillance expansions. Using investigations for non-technical purposes is explicit grounds for removal per Governance Charter. Annual public reports enable external monitoring. Five-year sunset reviews acknowledge this may not always be necessary.

Can governments compel cooperation?

Manufacturers alone are insufficient—they identify serial numbers but don't know what cameras captured. Coalition cooperation requires compromising multiple nodes across jurisdictions within key rotation windows. Government requests trigger node removal, not compliance (per Governance Charter).

Why is this necessary?

If compromised cameras can mint valid certificates for AI-generated images indefinitely, the system becomes worthless. The alternative is accepting a single breach authenticates unlimited fakes forever. Question isn't "should investigations exist?" but "how do we make them as safe as possible while maintaining integrity?" This framework balances system credibility with photographer protection.

Transparency: Annual public reports enable external monitoring.

Accountability: Any Coalition Member can access materials and escalate decisions.

Adaptability: Five-year reviews with sunset option as threats evolve.

Trust: Journalism orgs govern this system. If they determine investigations have become surveillance tools, they can vote to sunset the capability.

Questions? contact@birthmarkstandard.org