Slashdot Mirror
Mandatory Banknote Detection Code?
metamatic writes "The European Union is planning to introduce legislation to make it mandatory for software developers to add black-box banknote detection code to their graphics software.How will this apply to open source software? Is it time to get writing to your Euro-MP?"
It's interesting that now the EU wants to push problems with more
and more counterfeiting money appearing on the market to graphics
software makers...
How do they think, that this will improve the situation? Look at
what TODAY's Gimp, Photoshop, and others can do... All I would need
to do is stick with a current version and not upgrade, if I really
wanted to counterfeit money on my own. And if you would integrate
this into the printers, then I'll just print the banknote in two or
three passes (always just print another part of the banknote so
that the printer will never get to see the whole thing in one go).
Why not integrate this into the FUTURE banknotes (they already have RFIDs in there, don't they? All it would need to take would be to issue unique codes to EACH banknote so that they could verify the identity of the banknote there)
I'm not an OSS developer, but I would think they would ignore this. What's next? McDonald's pays software companies enough money to include their trademark detection? So you can't scan/recreate/modify/distribute their likiness?
I know they're probably attempting to stop (appearently) rampant counterfitting... but where will it end? I once scanned a dollar and sent it to someone on IRC as a joke (they said, someone DCC me some money). There has to be a better way. Like I said, isn't this really just admitting defeat?
FLR
Ok ill just go buy a OLD scanner, and find a older version of photoshop.
Kinda locking the door after the horse has bolted dont we think people?
oh and FP ! \o/
- http://www.milkme.co.uk
In an Open Source app, it can stop someone who don't know C from doing something, but if you know C you can simply remove the added code...
From the article:
The copies are often good enough to fool vending machines. By using a fake 20 note to purchase a 2 rail fare, the criminal can take away 18 in genuine change.
Follow this logic: While we can't make vending machines clever enough to tell the difference between real dollars and fake ones, we can make your computer smart enough to not let you do anything with money.
This'll work.....
How's that? Just because its Free doesn't mean OSS projects will be able to incorporate it. I didn't read anything about it being GPL.
The last thing we need is the government forcing OSS project to include some closed source code into every project that deals with graphics. If this goes through in the EU and not in the US then the EU is just going to having to do without OSS graphics software.
If you wanna get rich, you know that payback is a bitch
This is useless. Banknotes do, and should, have security markers on them that cannot be produced by normal software tools anyway (I am thinking of markers that have tactile feel, holograms, etc). Thus, you need advanced techniques to forge these: and anyone capable of such advanced techniques is going to be able to work around any of these standard software embedded countermeasures.
All these countermeasures are doing is addressing joe average who uses a scanner, photoshop and a printer to make poor forgeries: exactly the type of forgeries that are picked up easily.
Further: I'd like to hear more detailed assessment of forgery rates, nature of how forgeries are constructed and so on, to determine whether the cost of all of this is really justified.
Why not?
Wrong question.
Whenever restrictions are proposed, it is those who are for it who must answer the question, "Why?" It is not necessary for those who oppose a restriction to answer the question "Why not?"
Mod down posts with a "Free Mac Mini/iPod" sig, they're spam!
I just know some idiot will latch on to this and use it as an excuse why OSS is bad/evil/wrong.
See? We can tell Adobe to lock down their software to stop counterfeiting, and it happens. But not those OSS people. Having the source means you can change the source. It makes counterfeiting possible, promotes communism, and makes baby Jesus cry.
Unfortunately, it's not the software that's the problem - it's the law thinking it can mandate things like this that's the problem. But you watch - OSS is going to take a beating for this anyhow.
Weaselmancer
Weaselmancer
rediculous.
Just by even saying this it prooves without doubt that the EU has absolutely no idea about the issues involved. Have they even asked experts? do they have a technical panel? Even im qualified to say that this will not work and is a stupid in-the-clouds idea, why don't they atleast make a start and hire me?! ill work for next to nothing and i could sort out all their stupid issues on DRM, bank-note detection, censorship and patent laws, im not biased to any corporation im not even biased towards open-source (much). Can't they take a look at slashdot now and then? Or are they all corrupt already.
This comment does not represent the views or opinions of the user.
The open source software is not immune to the law s of your country, but allows easily to break them.
If Adobe adds banknote detection code into Photoshop, you can't easily remove it.
OSS, instead, allows you to compile the software from the source.
So it would be easy to remove from gimp the banknote detection code.
Of course doing that would be a crime, but who cares ? I mean, if somebody is going to forge fake money he's already breaking the laws.
just my two cents,
Fabio
Yeah, that's a great idea. More licensing problems. Additionally, it would then become impossible to put such software in the public domain!
No thank you.
1) And so it should be. I would be rather concerned about the Orwellian trojan horses that would be in such a blackbox
2) Forgers can also easily reverse-engineer the blackbox software, so what's the point.
I believe it is again one of those dumm ideas politicians have that are professional politicians without knowledge of the subject matter.
The FA mentions the fact early deduced, that these work by detecting a pattern of 5 small circles. So exactly how this is implemented isn't important or necessary to keep secret. More important from the bank's point of view is that OSS can simply be compiled from source with this code omitted (similar example is the code blocking printing of PDFs in Ghostscript, easily commented out).
*laughs*
OK. The last time this came up, it consumed about twelve straight hours of hackery. You can go ahead and play with some of the black boxed code using the demo version of Paint Shop Pro (or the latest Photoshops). Let me tell you: This has nothing to do with the circles. I was actually quite saddened by this fact, as I was planning to print up a "secure t-shirt" that would be unphotographable and unprintable by modern image manipulators. (It'd be a great excuse to talk at Black Hat wearing a T-Shirt *laughs*).
Alas, such adventures were not to be had. Experimenting with copy/paste between an unprotected app and the demo PSP, it quickly became clear that while some old copiers might indeed trigger on the inter-circle distances, counterfeiters now had a vastly more difficult system to fight. What there seems to be is some sort of size and position invariant image fingerprint function, probably wavelet based, that receives the full image after every large scale image transform, executes a fingerprint matching vs. a confidence value, and returns true or false depending on what the confidence threshold is set to. It's not perfect -- Stirmark does seem to cause the algorithm to occasionally stumble, though not consistently (see this gallery for details) -- but it's very good work nonetheless.
Certainly, it does not appear possible to manipulate the watermarking system to create new and unique images that appear, computationally, to still be money. That's a very good thing. And while it's somewhat problematic to have code refusing to obey its controller, the integrity of the financial system really is an important thing. Remember the privacy case for cash -- if paper money becomes something we all distrust, what exactly are we left with? The fault with the RFID approach is that it forces us to carry a reader to validate funds. If we cannot self-validate, we cannot trust (notably, the biggest weakness with the metal strip approach is that we cannot quickly notice that the metal strip has been removed -- the wealth is actually thus represented not by the bill but by an invisible strip of iron and plastic!).
I do not think that image manipulation software is the right place to put this code, specifically because it's too easy to write an image editor from scratch (what are you going to do, ban compilers?). Scanners and printers are however sufficiently single sourced that they're far superior places to trust that anti-counterfeiting logic will be in place. But then, that's just IMHO.
--Dan
Similar to gun control measures, this only does one thing - takes a perfectly legal thing out of the hands of law-abiding people.
In this case, circumventing the technology (PARTICULARLY IF IT'S IN AN OSS PROJECT!) will prove to be fairly trivial to criminal counterfeiters. I myself can think of several ways that would take all of 5 minutes, although I won't share them here because I don't want the black helicopters landing on my front lawn.
In the meantime, some 37-year-old woman, with no criminal intent, trying to scan money to use in some car dealer's newspaper ad (DEALS DEALS! CASH BACK!) is going to go crazy. Likewise for the Art 101 student trying to make a collage out of GWB's face and the US $100. Likewise for the vending machine engineer trying to scan bills to teach the reader how to recognize them. And so on...
-JT
In fact, as far as I'm concerned, Chip and PIN is a potential nightmare.
Instead of mugging victims finding themselves relieved of their wallets and purses I can forsee muggers demanding PINs too, so that they can use the cards that they've stolen.
Right now, if a card is fraudulently used and the signature doesn't match that of the cardholder then the bill is footed by the credit card company, even if the card hasn't been reported stolen. Sure, the costs are passed onto the consumer (well, to those consumers that don't clear their card balances at least) but there's no chance of you suddenly being presented with a four- or five-figure debt for the spending that a card fraudster has run up on you card.
But, if you find yourself in a situation where you give an assailant your PIN, even if it's to avoid physical harm, then you're responsible for all spending they clock up before your card is eventually cancelled.
Frankly, as a credit card holder, this scenario frightens me, even though the chance of it actually happening to me is next to nothing.
Of course, the card issuers are being very quiet about all this, which is no great surprise.
"Accept that some days you are the pigeon, and some days you are the statue." - David Brent, Wernham Hogg
Seriously, stuff that tries to stop people from doing things on a computer almost never works.
May we never see th