JPEG Privacy & Security 2nd Workshop Proceedings
March 7, 2016

San Diego (La Jolla), CA, USA – February 23rd, 2016

Privacy and security support for image data is becoming steadily more important seen the fact that image collections are increasingly more stored in distributed and cloud repositories rather than in private repositories. Moreover, social media and online photo repositories, for example, are currently offering insufficient means to secure privacy-sensitive information carried by the picture or to signal associated IPR metadata. Observing that on a daily basis billions of pictures are shared in JPEG legacy formats on these media, it is evident that embedding additional functionality that would safeguard this type of information and functionality would benefit a significant user base.

Hence, the JPEG Committee has launched a new activity called JPEG Privacy & Security. This activity aims at developing a standard for realizing secure image information sharing which is capable of ensuring privacy, maintaining data integrity, and protecting intellectual property rights. This activity is not only intended to protect private information carried by images - in the image itself or the associated metadata - but also to provide degrees of trust while sharing image content and metadata based on individual preferences. It is necessary to extend the existing coding standards by adding such preferences. JPEG Privacy & Security will explore ways on how to design and implement the necessary functionality without significantly impacting on coding performance while ensuring scalability, interoperability, and forward and backward compatibility with current JPEG standard frameworks.

A first successful workshop was organized on October 13, 2015 in Brussels, Belgium. Representatives from academia, law enforcement agencies, non-governmental organisations and standardisation organisations presented requirements imposed by the use cases they typically address and shared their view on what needs to be achieved within the scope of JPEG privacy and security standardization effort.

As follow-up of the successful workshop in Brussels, the JPEG committee organised on February 23, 2016 during the JPEG meeting in La Jolla, CA, USA a second workshop targeted on improving the committee’s understanding of industry, user and policy needs in terms of technology and supported functionalities.

Proceedings (presentations)

All presentation can be downloaded here.


13h00 - Registration

13h30 - Touradj Ebrahimi (JPEG Convenor, EPFL), “JPEG Privacy and Security - Introduction and Scope”

Prof. Touradj Ebrahimi received his M.Sc. and Ph.D., both in Electrical Engineering, from the Swiss Federal Institute of Technology (EPFL), Lausanne, Switzerland, in 1989 and 1992 respectively. In 1993, he was a research engineer at the Corporate Research Laboratories of Sony Corporation in Tokyo, where he conducted research on advanced video compression techniques for storage applications. In 1994, he served as a research consultant at AT&T Bell Laboratories working on very low bitrate video coding. He is currently Professor at EPFL heading its Multimedia Signal Processing Group. He was also adjunct Professor with the Center of Quantifiable Quality of Service at Norwegian University of Science and Technology (NTNU) from 2008 to 2012. Since 2014, he is convener of the JPEG committee.

13h40 - Ambarish Natu, “Summary of Brussels workhop”

Ambarish Natu currently works as an IT Architect within the Information Architecture Team of the Australian Taxation Office where he is responsible for developing data models for effective compliance activities. Since 2002 Mr. Natu has been involved in the development of several standards under the auspices of the ISO, IEC and ITU-T as Editor/Chair/Co-Chair. Mr. Natu has been an active contributor on Australian Standards Committee IT-029, CT-002 and IT-039 for more than a decade. Mr. Natu is a Fellow of the Institute of Engineers Australia, a Chartered Practising Engineer and a Senior Member of IEEE. He currently serves on the ITEE College Board, The Canberra Division Committee and the ITEE Canberra Division Committee of Engineers Australia. Mr. Natu is also the Vice-Chair and Webmaster for the IEEE ACT section in Australia.

13h50 - Jeremy Malcolm (EFF), “Who Can you Trust? (When you’re trusting trust)”

Privacy and content-restriction have a lot of overlap – both use crypto to distribute files safely and deploy a key-management system to ensure that only the right person decrypts them. But the law makes a sharp distinction between the two: once you create an “effective means of access control” to copyrighted works, laws like the US DMCA (which has been replicated all over the world) turn your code into a loaded weapon: merely reporting vulnerabilities in the code or implementing a compatible player can trigger a law that can send coders to jail for up to five years (for a first offense!). Crypto is amazing technology, surrounded by amazingly bad laws. Adding pro-privacy crypto technologies to image format standards is a great idea, but it’s also a tightrope walk over the pit of shockingly poor policy. How can JPEG implement security, securely?

Jeremy Malcolm is Senior Global Policy Analyst at Electronic Frontier Foundation, where he works on the international dimensions of issues such as intellectual property, network neutrality, Internet governance, and trade. Prior to that he worked for Consumers International coordinating its global programme Consumers in the Digital Age. Jeremy graduated with degrees in Law (with Honours) and Commerce in 1995 from Murdoch University, and completed his PhD thesis at the same University in 2008 on the topic of Internet governance. Jeremy’s background is as an information technology and intellectual property lawyer and IT consultant. He is admitted to the bars of the Supreme Court of Western Australia (1995), High Court of Australia (1996) and Appellate Division of New York (2009). He is a former co-coordinator of the Civil Society Internet Governance Caucus and currently a Steering Committee member of the OECD Civil Society Information Society Advisory Council.

14h15 - Jeff Sedlik (PLUS Coalition), “The PLUS Coalition Connecting JPEG Files to Rightsholders and Rights Information”

In this session you will learn about a global, non-profit image rights network employing unique persistent identifiers, steganography and image recognition technology to allow any person or system to instantly determine the rights holder and rights information for any image. With participants in 172 countries, the non-profit PLUS Coalition (“PLUS”) is a collaboration between all communities engaged in creating, distributing, using and preserving images. In a 12 year effort, PLUS participants have established a standard for expressing image rights, and are now completing development of a system that will support a global network of image rights registries. The PLUS Coalition has offered to support and cooperate with the JPEG Committee’s efforts, and PLUS President Professor Jeff Sedlik is joining us to provide an overview of the initiative.

Jeff Sedlik is the President and CEO of the non-profit PLUS Coalition. A Professor at the Art Center College of Design, Sedlik serves as a Director of both the Linked Content Coalition and the American Society of Collective Rights Licensing, and is the former President of the Advertising Photographers of America. A professional photographer by trade, Sedlik also works as a forensic expert witness, and as a consultant on digital asset management, image metadata and intellectual property issues.

14h40 - Ramesh Jain (University of California, Irvine), “Media-JSON for Creating Visual Web”

Twenty-five years ago, the WWW was invented to create a Web of documents. Photos are the new “documents.” The 21st century began with a major disruption: the rapid rise of smartphones meant that capturing, storing, and sharing photos became easier than using text. Photos and videos communicate directly, without the need for language or literacy. Anyone can report on an event using micro-reports that are more objective, compelling and informative than micro-blogs. All this information could be represented as media-JSON for using micro-reports in diverse applications as well as for creating a EventWeb. We will discuss our approach to capturing, representing, and using such micro-reports using media-JSON. We will discuss nature of these micro-reports, Visual Web, technical challenges in making these happen, and some interesting opportunities in this area. We will present the approach adopted by Krumbs to make our discussion concrete. Privacy is a big concern while dealing with captured photos and videos. We will present our thoughts for feedback from the community in this important area.

Ramesh Jain is an entrepreneur, researcher, and educator. He is a Donald Bren Professor in Information & Computer Sciences at University of California, Irvine where he is doing research in Event Web and experiential computing. Earlier he served on faculty of Georgia Tech, University of California at San Diego, The university of Michigan, Ann Arbor, Wayne State University, and Indian Institute of Technology, Kharagpur. He is a Fellow of ACM, IEEE, AAAI, IAPR, and SPIE. His current research interests are in processing massive number of geo-spatial heterogeneous data streams for building Smart Social System. He is the recipient of several awards including the ACM SIGMM Technical Achievement Award 2010. Ramesh co-founded several companies, managed them in initial stages, and then turned them over to professional management. These companies include PRAJA, Virage, and ImageWare. Currently he is involved in building Krumbs, a company building personalized visual web. He has also been advisor to several other companies including some of the largest companies in media and search space.

15h05 - Gregg Brown (Microsoft), “SC27 Standards”

In this presentation an overview will be given of SC27 standards that support practitioners’ and policy makers’ consideration of privacy, including the ISO/IEC 29100 Framework and recent work on data de-identification.

Gregg Brown is a Senior Director, Strategy for the Microsoft Corporate Standards Group where he leads a team focused on technology and process standards for privacy, security, transparency and compliance for cloud technology and mobile devices. Gregg has participated in the NIST Cloud Computing Roadmap collaboration, and works on Microsoft’s contributions ISO/IEC privacy standards and is Microsoft’s representative on the ATIS Board. Gregg Brown has led teams to provide technology policy and strategy guidance to Microsoft’s worldwide team of Government Affairs professionals and to advise Microsoft product teams on cross-company use of emerging standards. Gregg joined the Interoperability Group from the Microsoft Windows team where he was the Lead Program Manager in the Digital Document group, responsible for the definition and delivery of all the Windows technologies relating to the XPS and the Open Packaging Conventions Standards. He joined Microsoft in 2003 to work on electronic publishing; prior to joining Microsoft, Gregg led the Document Server program at Adobe Systems and managed the relationship between Adobe and SAP. Gregg has 22 years of experience working with enterprise-level information technology, including leading venture funded startups and eight years with IBM. He has a degree in Engineering from the California Institute of Technology.

15h30 - Break

16h00 - Touradj Ebrahimi (EPFL), “Legacy JPEG compliant transmorphing to preserve privacy in social networks”

Picture-related applications are extremely popular because pictures present attractive and vivid information. Nowadays, people record everyday life, communicate with each other, and enjoy entertainment using various interesting imaging applications. In many cases, processed images need to be recovered to their original versions. However, most approaches require storage or transmission of both original and processed images separately, which result in increased bandwidth and storage resources to be used. In contrast, in this talk, we present a JPEG transmorphing algorithm, which converts an image to its processed version while preserving sufficient information about the original image in the processed image. It does this by inserting partial information about the original image in the application markers of the processed JPEG image file, so that the original image can be later recovered. We then show how the proposed transmorphing can be used in social networks to preserve the privacy and demonstrate it by means of an iOS and Android App.

16h25 - Greg Reser (University of California, San Diego), “Embedded metadata in the cultural heritage community”

Cultural Heritage Institutions (museums, archives, universities) are increasingly using embedded image metadata as a way to create, manage, and publish information about artworks and objects. This information ranges from content description to production management to intellectual rights. To facilitate this, the Visual Resources Association has developed user-friendly file info panels and batch export/import plugins for Adobe Bridge. We are now responding to user requests for more structured data, linked data support, and the ability to secure or hide private metadata.

Greg Reser is a Metadata Analyst at the University of California, San Diego Library where he has worked since 1997. Trained as an image cataloger and database maintenance manager for the Library’s slide/digital image collection, Greg now works as an analyst for the Digital Object Metadata Management unit which provides mapping between metadata formats, functional specifications for the UCSD Libraries’ DAMS, object specifications for migrating data to the DAMS, consultation on metadata creation for digitization projects, and development of digital preservation metadata. Greg is a member of the VRA Data Standards Committee, and chair of the VRA Embedded Metadata working Group and on the PLUS Board of Directors.

16h50 - Jaime Delgado (Professor of Distributed Multimedia, UPC) - “JPSearch metadata and its use for Security & Privacy in JPEG images”

When trying to add privacy to images, it is necessary to describe privacy rules over them. These rules, expressed using standard languages, such as XACML (eXtensible Access Control Markup Language), could be stored together with the image metadata, embedded or not in the image file itself. Since JPSearch specifies a core metadata set for JPEG images, a good strategy could be to take benefit of the JPSearch standards in order to express and include privacy rules to control the access to images. The presentation will analyze how this could be done and will show example approaches.

Prof. Jaime Delgado. PhD in Telecommunication Engineering (1987). Full Professor at the Universitat Politècnica de Catalunya (UPC BarcelonaTECH). Head of the Distributed Multimedia Applications Group (DMAG). Project Manager of many European and national research projects. Active participation, since 1989, in International standardization, as co-editor of standards and co-chair of groups in ISO/IEC, EWOS, ETSI, ITU-T and CEN/ISSS. Evaluator and reviewer for the European Commission.

16h10 - Panel Discussion

Organising Committee

  • Peter Schelkens (Belgium)
  • Takaaki Ishikawa (Japan)
  • Ambarish Natu (Australia)


JPEG Privacy and Security 2nd Workshop Proceedings, ISO/IEC JTC1/SC29/WG1, wg1n71026, La Jolla, CA, USA, February 23rd, 2016.

More information

To stay posted on the action plan for JPEG Privacy & Security, please regularly consult our website at and/or subscribe to our e-mail reflector.