DJI can just add some mandatory firmware upgrade process that offloads your footage to the mothership, and 99.9999% will agree to everything without reading.
How would that work? I would imagine that any system to implement this would necessarily be something that AI tools could replicate, wouldn’t it?
Then you can check the signature using the company’s public keys.
If you make edits to it, the editing app will package the new metadata, edited photo data, the original signature, and sign it again.
Now you have a chain of “changes” and can inspect and validate its history. It works for video and audio too.
As long as the private keys aren’t leaked, there’ll be no way to fabricate the signatures.
It seems to me that any "paper trail" scheme of the sort you describe would have to solve the problems of DRM to work: making the elements that report on the real world (in this case, the CCD) tamper-proof, making the encryption key impossible to extract, designing robust watermarks to avoid analog holes, etc.
I don’t think C2PA’s goal is to completely prevent this type of thing, but to make it hard enough to stop low-effort attempts.
This, like DRM, will probably be an arms race, and future solutions will look nothing like what I described.
But then again, the spec has been out for more than a year, and I haven’t seen anyone big bothering to implement it. Maybe it’s a flop already.