Cryptographic content provenance
A submission-platform intake that cryptographically signs each document on receipt, surfacing a badge that records the time of receipt and the submitter's identity without claiming to prove authorship.
Tools that generate, modify, and fabricate digital content (images, video, audio, and increasingly documents) are now widely available, and as citizens use them routinely to prepare what they send to government, submissions arrive with no reliable signal of their origin or editing history. An agency receiving a digital submission cannot tell an original document from a synthetic one by examining the content alone, and that gap widens as agent-generated material becomes a normal part of the intake.
Government needs confidence that a digital submission's origin and edit history are what they claim to be, so an agency receiving it can rely on where it came from and how it was changed rather than judging the content alone.
C2PA depends on cryptographic infrastructure (certificate authorities, signing tools, verification services) that most text editors and word processors do not implement, which risks a two-tier system penalizing the low-resource submitter who drafts in a plain text box. Content Credentials stay an optional enhancement that adds assurance, never a precondition for a submission to be accepted.
Because the provenance chain breaks at every copy-paste boundary, the response signs each document where the agency controls it, at intake, recording the time of receipt and the submitter's identity. It records that the submission arrived and was unaltered after that point, and makes no claim about who originally authored it.
No surface has been built yet; the approach above is the brief for one.
- Established Headline
For images and video, where binding provenance to a file at intake is a settled response.
- Emerging
For documents, where the same approach is being worked out but not yet routine.
- Frontier
For government text submissions, where the chain breaks at every copy-paste boundary and provenance for pasted text has not been solved.
C2PA specification (v2.4, April 2026). The Coalition for Content Provenance and Authenticity (founded by Adobe, ARM, Intel, Microsoft, and Truepic) has developed an open technical standard for cryptographically binding provenance metadata to digital assets. The core construct is the Content Credential, a tamper-evident structure recording who created an asset, what tools were used, and how it was modified. Each edit adds to the provenance chain rather than replacing it. The standard is backed by a broad cross-industry membership spanning technology, media, and hardware companies (the allied Content Authenticity Initiative alone reports over 5,000 members). See the C2PA Technical Specification and the C2PA Explainer.
Implementation ecosystem. Samsung's Galaxy S25 became the first consumer smartphone integrating C2PA signing directly into the native camera app. Adobe's Content Authenticity Initiative embeds Content Credentials across Creative Cloud. The BBC has adopted Content Credentials for news media provenance, and Microsoft has integrated the standard into its media tools. See Content Credentials (Wikipedia).
Text and document support. C2PA v2.1 (September 2024) added new regions of interest for text-based formats including PDF, Office documents, and EPUB, and the specification defines provenance for "an asset in a form such as an image, video, audio recording, or document." However, practical implementations remain heavily concentrated on images and video; text document tooling is nascent. Cloud-based manifests in v2.2 (May 2025) extended coverage to formats that cannot embed metadata directly, creating a pathway for plain-text provenance. See the C2PA v2.1 Specification and a limitations analysis.
Medium transferability, with significant gaps. C2PA's architecture binds a cryptographic manifest to a file at creation and through each subsequent edit. This maps well to document submissions where the government controls the submission tool (an online form that generates a signed PDF). It maps poorly to the more common case: a citizen drafting text in an arbitrary word processor, email client, or AI assistant and pasting it into a web form. The chain of provenance breaks at every copy-paste boundary.
For government consultation submissions, C2PA would need to operate at the submission-platform level rather than the authoring-tool level. The platform could sign the submission at intake, recording the submitter's identity and timestamp, but this proves reception, not authorship. Proving authorship provenance for text remains an open problem in the specification.
The image-text gap is structural. Images have a 1:1 relationship between file and content; text is routinely composed across tools, edited collaboratively, and submitted by pasting. C2PA's file-centric provenance model does not transfer cleanly to text-centric workflows, and proving authorship provenance for pasted text remains the unsolved gap.
The failure mode here is a flawed derivation: a figure authentic in origin yet wrong in how it was computed, such as a debt averaged from annual income data. Provenance on the document alone misses this, because the document is genuine. Only a tamper-evident chain of how each figure was derived makes the calculation method auditable after the fact.