Crashing Arizona's C2PA Pilot (www.hackerfactor.com)

Arizona’s recent pilot to use C2PA for authenticating images released by the Arizona Secretary of State is effectively a stress test that failed: independent analysis of the demo site shows pervasive implementation and specification problems that make the provenance claims unreliable. Every tool examined (Adobe/CAI, Microsoft, Truepic, FotoForensics, and custom extractors) returned inconsistent interpretations of the same C2PA metadata; the JUMBF signature timestamps don’t align with EXIF/XMP capture and edit dates (signatures sometimes post‑date edits by months), XMP “Derived From” references point to missing originals, two PNGs lack XMP entirely, and Error Level Analysis reveals selective visual edits not described in the credentials. The demo UI itself leaks activity to Truepic on every scroll/click and has bugs (missing “Cr” icons), and the human‑readable certificate name field can be arbitrarily set—meaning a signing cert that reads “Arizona Secretary of State” is not cryptographically bound to the real office the way HTTPS certificates are bound to domains. For the AI/ML community this matters because provenance metadata is central to dataset curation, model auditing, content moderation, and legal evidence. C2PA in its current ecosystem risks false trust: inconsistent tool outputs undermine reproducibility, unbound signer names enable impersonation, signature/timestamp mismatches break chain‑of‑custody, and telemetry to third parties raises privacy concerns. The pilot shows C2PA needs stricter certificate binding, reliable timestamping, consistent viewer implementations, and clearer UX before it can be treated as authoritative provenance for research, production models, or litigation.