Privacy & Security of JPEG Systems

Introduction

A huge number of images distributed over the Internet are compressed with JPEG-1 (ITU-T T.81 (1992) | ISO/IEC 10918-1). For the main social media alone this accounts already for about 3.3 billion pictures a day according to recent KPCB reports [1]. These photos are shared with many people without any protection for personal information or distribution control. As the graph below demonstrates, in recent years, social networks and cloud computing are accelerating the sharing of images. In addition, many portable devices have communication functionality that allows for the immediate distribution of photos after capturing them. In combination with for example the potentially included GPS information in the file format, the photo might expose private and geo-location information to the world.

In order to avoid such undesirable situations, privacy and security protection mechanisms shall be provided to JPEG family of standards. For instance, encryption is a well-established approach to protect image data and metadata in JPEG files entirely and/or partially. The KPCB 2016 graph below additionally demonstrates that users are sensitive to the disclosure of private information or at least want to limit and to control the distribution of their content. Services such as Snapchat or WhatsApp that are partially providing this functionality and have known an exploding popularity compared to those apps such as Facebook that offer this control to a lesser extent. Hence, the particular focus of the JPEG Privacy & Security work item is to provide codestream and file format syntax support to enable security and privacy functionality for JPEG standards, not only in support of JPEG-1, but also for standards such as JPEG 2000 (for which Part 8 - JPSEC is already providing a rich set of tools), JPEG XT and JPSearch. It is important to stress that the scope of this activity is to provide a mechanism to incorporate and support privacy solutions within the JPEG family of standards.

[1] Mary Meeker, Internet Trends 2016 - Code Conference, KPCB reports 2016, June 1, 2016.

Workshops

Since the JPEG committee intends to interact closely with actors in this domain,several workshops were organized in different places. The workshop were targeted on understanding industry, user, and policy needs in terms of technology and supported functionalities. Links to the proceedings of the workshops are listed below.

More information

To stay posted on the action plan for JPEG Privacy & Security, please regularly consult our website at jpeg.org and/or subscribe to our e-mail reflector.