Slashdot Mirror
Mandatory Banknote Detection Code?
metamatic writes "The European Union is planning to introduce legislation to make it mandatory for software developers to add black-box banknote detection code to their graphics software.How will this apply to open source software? Is it time to get writing to your Euro-MP?"
It's interesting that now the EU wants to push problems with more
and more counterfeiting money appearing on the market to graphics
software makers...
How do they think, that this will improve the situation? Look at
what TODAY's Gimp, Photoshop, and others can do... All I would need
to do is stick with a current version and not upgrade, if I really
wanted to counterfeit money on my own. And if you would integrate
this into the printers, then I'll just print the banknote in two or
three passes (always just print another part of the banknote so
that the printer will never get to see the whole thing in one go).
Why not integrate this into the FUTURE banknotes (they already have RFIDs in there, don't they? All it would need to take would be to issue unique codes to EACH banknote so that they could verify the identity of the banknote there)
I'm not an OSS developer, but I would think they would ignore this. What's next? McDonald's pays software companies enough money to include their trademark detection? So you can't scan/recreate/modify/distribute their likiness?
I know they're probably attempting to stop (appearently) rampant counterfitting... but where will it end? I once scanned a dollar and sent it to someone on IRC as a joke (they said, someone DCC me some money). There has to be a better way. Like I said, isn't this really just admitting defeat?
FLR
Ok ill just go buy a OLD scanner, and find a older version of photoshop.
Kinda locking the door after the horse has bolted dont we think people?
oh and FP ! \o/
- http://www.milkme.co.uk
They (the counterfeiters) will just switch to another product, such as Macromedia Fireworks, GIMP, or Inkscape. This will only hurt the companies creating the products. Also, on another point, will there be GIMP EU edition, and GIMP Everyone Else Edition? How will this work?
got sig?
Just because your software is open-source doesn't make it suddenly immune to the laws of your country.
-Erwos
Plausible conjecture should not be misrepresented as proof positive.
In an Open Source app, it can stop someone who don't know C from doing something, but if you know C you can simply remove the added code...
From the article:
The copies are often good enough to fool vending machines. By using a fake 20 note to purchase a 2 rail fare, the criminal can take away 18 in genuine change.
Follow this logic: While we can't make vending machines clever enough to tell the difference between real dollars and fake ones, we can make your computer smart enough to not let you do anything with money.
This'll work.....
Makes me wonder why us geeks try over here. Every time something comes along we wish to support the bastards in Brussels decide that screwing it up with more totally useless laws is a great idea.
Makes me wonder if Microsoft is slipping money into pockets over here to try and kill open source.
--- [Insert intresting Sig here]
How's that? Just because its Free doesn't mean OSS projects will be able to incorporate it. I didn't read anything about it being GPL.
The last thing we need is the government forcing OSS project to include some closed source code into every project that deals with graphics. If this goes through in the EU and not in the US then the EU is just going to having to do without OSS graphics software.
If you wanna get rich, you know that payback is a bitch
This is useless. Banknotes do, and should, have security markers on them that cannot be produced by normal software tools anyway (I am thinking of markers that have tactile feel, holograms, etc). Thus, you need advanced techniques to forge these: and anyone capable of such advanced techniques is going to be able to work around any of these standard software embedded countermeasures.
All these countermeasures are doing is addressing joe average who uses a scanner, photoshop and a printer to make poor forgeries: exactly the type of forgeries that are picked up easily.
Further: I'd like to hear more detailed assessment of forgery rates, nature of how forgeries are constructed and so on, to determine whether the cost of all of this is really justified.
Why not?
Wrong question.
Whenever restrictions are proposed, it is those who are for it who must answer the question, "Why?" It is not necessary for those who oppose a restriction to answer the question "Why not?"
Mod down posts with a "Free Mac Mini/iPod" sig, they're spam!
Obviously adding any black-box code to a system with open source won't accomplish anything. I remeber hacking the OptimalJ by Compuware. It is a big application written in Java (so you can assume it to be Open Source - for instance use this), but it had some black-box module that has checked licenses and operating system. We were at the time OptimalJ licensee (so NO unlawful activity when copyright is considered) but wanted to run OptimalJ on FreeBSD (was 2xfaster than on Linux and 4xfaster than on Windows). Point was that this black-box module checked the operating system and made impossible for the program to start if it was not linux or windows. So we simply did circumvent the whole black-box module.
In my personal opinion if you want such regulations to have any effect both OpenSource and posession, use and selling of compilers/decompilers should be controlled by the state the same way as heavy arms/munitions. In particular it should be banned to own/use/sell/produce compilation tools, exept in the case you are a professional company having obtained a suitable license.
You can defy gravity... for a short time
if photoshop has to run each pic through a detection algorithim wouldn't that slow things down a bit. not that a slightly slower photoshop matters to most people, but i batch process thousands of frames for animations. maybe it wouldn't be a big slow down for one scan or import but it would for the amount that i process. and it doesn't really seem like this is going to stop anything.
I just know some idiot will latch on to this and use it as an excuse why OSS is bad/evil/wrong.
See? We can tell Adobe to lock down their software to stop counterfeiting, and it happens. But not those OSS people. Having the source means you can change the source. It makes counterfeiting possible, promotes communism, and makes baby Jesus cry.
Unfortunately, it's not the software that's the problem - it's the law thinking it can mandate things like this that's the problem. But you watch - OSS is going to take a beating for this anyhow.
Weaselmancer
Weaselmancer
rediculous.
Just by even saying this it prooves without doubt that the EU has absolutely no idea about the issues involved. Have they even asked experts? do they have a technical panel? Even im qualified to say that this will not work and is a stupid in-the-clouds idea, why don't they atleast make a start and hire me?! ill work for next to nothing and i could sort out all their stupid issues on DRM, bank-note detection, censorship and patent laws, im not biased to any corporation im not even biased towards open-source (much). Can't they take a look at slashdot now and then? Or are they all corrupt already.
This comment does not represent the views or opinions of the user.
I don't understand how it is possible to be 100% sure that people will keep that black box into a piece of software distributed as source code. The black box is likely to be a binary-only library, but people can modify the surrounding code not to call the library.
Will it be a criminal offence to compile out the black box in graphics programs used within the EU? I bet it will, as soon as legislators realize that open source SW exists.
Will open source developers living outside the EU add the black box to their SW? I bet that not everybody will, unless the US adopt a similar law.
Rather then changing the virtual world, I think its time for the affected countries to 'upgrade' their banknote manufacturing processes.
I am going to try scanning a coin, printing it, then using it on a vending machine. Somehow MAYBE it won't work... Hmm... Maybe try on a laser printer...
Beta Sucks
Why is it we must resort to trying to push back the tide of capable graphics applications, when we really should just make money harder to counterfit? Why not have money with two different types of paper? Or with embedded RFID tags? Or with some form of cheezy hologram? Or a multi-level print system? What about bumpy, raised sections?
The fact of the matter is, there are many ways to make money more robust, and there are many excellent detection schemes on the market today. That US dollar bill marker is a good example. But like that US dollar bill marker, nobody uses them. It ads another thing to do. It's easier to just push this all onto the people making graphics applications, and assume the worst. Of course this will shut down most open source software packages and any pictures of money in commercials, but that's a small price to pay for piece of mind, right?
The ______ Agenda
1) And so it should be. I would be rather concerned about the Orwellian trojan horses that would be in such a blackbox
2) Forgers can also easily reverse-engineer the blackbox software, so what's the point.
I believe it is again one of those dumm ideas politicians have that are professional politicians without knowledge of the subject matter.
Photoshop and other graphic suites already have this in place, without the legal requirement to do so. You can bet that there won't be much resistance from them because they are already in compliance with this. Frankly, as someone who would never have to scan in money, I am quite indifferent about it, especially since I have been handed counterfeit cash twice (that I know) by a food vendor at my school. I am not saying that I want this law to pass anywhere, it's just that I think there are bigger battles to be won.
That's stupid - there's no such thing as black box code. If a computer can read it, a person can use a computer to read it. There's no such thing as black box code. That's the "soft" part of software.
In order to have "black box" information of any kind (code or no), you have to have some physical device that does not let that information out. A "black box" that can't be opened without destroying the information.
So they're going to make a law that requires "black box code", but there is no such thing. Brilliant.
1. Take open source graphics software
2. Remove banknote detection module
3. Profit!
The problem is proving (2) as long as I keep the modified software to myself. Oops - of course I meant-- as long as the counterfeiter keeps the modified software to himself. Come on, criminals break laws. A law more or less isn't going to make that much of a difference.
Visit http://ringbreak.dnd.utwente.nl/~mrjb/growingbettersoftware to download your free copy of the book
The FA mentions the fact early deduced, that these work by detecting a pattern of 5 small circles. So exactly how this is implemented isn't important or necessary to keep secret. More important from the bank's point of view is that OSS can simply be compiled from source with this code omitted (similar example is the code blocking printing of PDFs in Ghostscript, easily commented out).
*laughs*
OK. The last time this came up, it consumed about twelve straight hours of hackery. You can go ahead and play with some of the black boxed code using the demo version of Paint Shop Pro (or the latest Photoshops). Let me tell you: This has nothing to do with the circles. I was actually quite saddened by this fact, as I was planning to print up a "secure t-shirt" that would be unphotographable and unprintable by modern image manipulators. (It'd be a great excuse to talk at Black Hat wearing a T-Shirt *laughs*).
Alas, such adventures were not to be had. Experimenting with copy/paste between an unprotected app and the demo PSP, it quickly became clear that while some old copiers might indeed trigger on the inter-circle distances, counterfeiters now had a vastly more difficult system to fight. What there seems to be is some sort of size and position invariant image fingerprint function, probably wavelet based, that receives the full image after every large scale image transform, executes a fingerprint matching vs. a confidence value, and returns true or false depending on what the confidence threshold is set to. It's not perfect -- Stirmark does seem to cause the algorithm to occasionally stumble, though not consistently (see this gallery for details) -- but it's very good work nonetheless.
Certainly, it does not appear possible to manipulate the watermarking system to create new and unique images that appear, computationally, to still be money. That's a very good thing. And while it's somewhat problematic to have code refusing to obey its controller, the integrity of the financial system really is an important thing. Remember the privacy case for cash -- if paper money becomes something we all distrust, what exactly are we left with? The fault with the RFID approach is that it forces us to carry a reader to validate funds. If we cannot self-validate, we cannot trust (notably, the biggest weakness with the metal strip approach is that we cannot quickly notice that the metal strip has been removed -- the wealth is actually thus represented not by the bill but by an invisible strip of iron and plastic!).
I do not think that image manipulation software is the right place to put this code, specifically because it's too easy to write an image editor from scratch (what are you going to do, ban compilers?). Scanners and printers are however sufficiently single sourced that they're far superior places to trust that anti-counterfeiting logic will be in place. But then, that's just IMHO.
--Dan
when they can steal it from under your nose, look at Ken Lay, tyco and the rest of those criminals, who needs to fake cash when every day is payday !
corporate corruption makes counterfitting look like a kids game and probably costs the economies a lot more than fake cash will ever do, just wait till someone spends their entire life saving for a retirement then just take it, they dont get a second chance
Similar to gun control measures, this only does one thing - takes a perfectly legal thing out of the hands of law-abiding people.
In this case, circumventing the technology (PARTICULARLY IF IT'S IN AN OSS PROJECT!) will prove to be fairly trivial to criminal counterfeiters. I myself can think of several ways that would take all of 5 minutes, although I won't share them here because I don't want the black helicopters landing on my front lawn.
In the meantime, some 37-year-old woman, with no criminal intent, trying to scan money to use in some car dealer's newspaper ad (DEALS DEALS! CASH BACK!) is going to go crazy. Likewise for the Art 101 student trying to make a collage out of GWB's face and the US $100. Likewise for the vending machine engineer trying to scan bills to teach the reader how to recognize them. And so on...
-JT
money-wise, such as banknotes with RFID serial numbers (making anonymous transactions impossible even for cash, plus creating a huge data trail even for innocuous daily purchases, and finally giving robbers the opportunity to single out the most promising victim before aiming their gun or swinging the baseball bat), which seems to scare even the RFID industry itself, and
otherwise, especially with respect to the creation of dangerous additional intellectual property rights (undue powers for copyright holders, and software/business method patents).
This database should give everyone a good idea whom to elect, and whom to vote out of office ASAP.
The fact that so few people participate in European elections only adds to the weight of your votes.
A reasonably composed European Parliament (which can now veto most of the proposals by Commission and Council) is our best chance for (more) sensible lawmaking in the future.
+5, Insightful.
Cash is old technology--hundreds of years. Why we insist on sticking with it is beyond me.
Because we know it works - more or less. We know what the risks are. They haven't changed substantially over the past 500 years. Technology that can counterfeit notes can be matched by technology that can detect forgeries.
Of course, nobody would ever think to remove that code!!!
I think that ultimately, a lot of software companies would push for this because they would want to see free software made illegal for one reason or another. The problem is that even in closed source proprietary black box software, someone who wants to counterfeit money will figure out, or hire someone to figure out, how to disable that code. And no matter how obfuscated the code is made, it is ALWAYS possible to do something like that. It's only a matter of time and money, and to the counterfeiters, the money is practically free anyway.
Technological measures designed to enforce the law will never work. While they might keep the honest people honest, those people are, by definition, honest anyway; but the dishonest will find a way around it. For example, by using old graphics software, or by modifying current software, be it free/open or proprietary.
I say just make the bills much harder to counterfeit, and do it in such a way that it's easy to detect the fake ones.
Yes.
Make programming tools like compilers controlled in the sense that certain substances are controlled these days: get caught owning, using or selling them and you're going to spend the next 5-10 years in prison.
Then bring in controlled black-box computer hardware that will only run software that has been produced with a properly licensed compiler.
It will happen. Media giants, software giants and certain DoJ attorney generals would love such control too much.
The owls are not what they seem
Legitimate uses of graphics software to manipulate currency images? What if I'm doing some research on the different types of currency or the history of currency? Do I need to get some kinda of congressional approval? Heck, what about simple history? The history of the 20 dollar bill? I have an image of a dollar bill and would like to resize it to fit my article?
This does not seem to be the right solution to me. Too many false-positives. I think somebody has already mentioned plastic bank notes.
Besides will it stop there? I mean, so my gfx software doesn't work with currency images. How do I know it isn't "phoning home" alerting some obscure agency that I just tried to open a currency image? This is quite ridiculous.
Find a job you like and you will never work a day in your life.
Although the /. post says that the banknote detection software is "black-box", I see nothing to that effect in the Observer article. I wonder if in fact the software is closed source. If it isn't, then it isn't a problem for FLOSS, leaving aside details of license compatibility.
Q.E.D.
In fact, as far as I'm concerned, Chip and PIN is a potential nightmare.
Instead of mugging victims finding themselves relieved of their wallets and purses I can forsee muggers demanding PINs too, so that they can use the cards that they've stolen.
Right now, if a card is fraudulently used and the signature doesn't match that of the cardholder then the bill is footed by the credit card company, even if the card hasn't been reported stolen. Sure, the costs are passed onto the consumer (well, to those consumers that don't clear their card balances at least) but there's no chance of you suddenly being presented with a four- or five-figure debt for the spending that a card fraudster has run up on you card.
But, if you find yourself in a situation where you give an assailant your PIN, even if it's to avoid physical harm, then you're responsible for all spending they clock up before your card is eventually cancelled.
Frankly, as a credit card holder, this scenario frightens me, even though the chance of it actually happening to me is next to nothing.
Of course, the card issuers are being very quiet about all this, which is no great surprise.
"Accept that some days you are the pigeon, and some days you are the statue." - David Brent, Wernham Hogg
Seriously, stuff that tries to stop people from doing things on a computer almost never works.
May we never see th