Slashdot Mirror
Mandatory Banknote Detection Code?
metamatic writes "The European Union is planning to introduce legislation to make it mandatory for software developers to add black-box banknote detection code to their graphics software.How will this apply to open source software? Is it time to get writing to your Euro-MP?"
In an Open Source app, it can stop someone who don't know C from doing something, but if you know C you can simply remove the added code...
Why not?
Wrong question.
Whenever restrictions are proposed, it is those who are for it who must answer the question, "Why?" It is not necessary for those who oppose a restriction to answer the question "Why not?"
Mod down posts with a "Free Mac Mini/iPod" sig, they're spam!
*laughs*
OK. The last time this came up, it consumed about twelve straight hours of hackery. You can go ahead and play with some of the black boxed code using the demo version of Paint Shop Pro (or the latest Photoshops). Let me tell you: This has nothing to do with the circles. I was actually quite saddened by this fact, as I was planning to print up a "secure t-shirt" that would be unphotographable and unprintable by modern image manipulators. (It'd be a great excuse to talk at Black Hat wearing a T-Shirt *laughs*).
Alas, such adventures were not to be had. Experimenting with copy/paste between an unprotected app and the demo PSP, it quickly became clear that while some old copiers might indeed trigger on the inter-circle distances, counterfeiters now had a vastly more difficult system to fight. What there seems to be is some sort of size and position invariant image fingerprint function, probably wavelet based, that receives the full image after every large scale image transform, executes a fingerprint matching vs. a confidence value, and returns true or false depending on what the confidence threshold is set to. It's not perfect -- Stirmark does seem to cause the algorithm to occasionally stumble, though not consistently (see this gallery for details) -- but it's very good work nonetheless.
Certainly, it does not appear possible to manipulate the watermarking system to create new and unique images that appear, computationally, to still be money. That's a very good thing. And while it's somewhat problematic to have code refusing to obey its controller, the integrity of the financial system really is an important thing. Remember the privacy case for cash -- if paper money becomes something we all distrust, what exactly are we left with? The fault with the RFID approach is that it forces us to carry a reader to validate funds. If we cannot self-validate, we cannot trust (notably, the biggest weakness with the metal strip approach is that we cannot quickly notice that the metal strip has been removed -- the wealth is actually thus represented not by the bill but by an invisible strip of iron and plastic!).
I do not think that image manipulation software is the right place to put this code, specifically because it's too easy to write an image editor from scratch (what are you going to do, ban compilers?). Scanners and printers are however sufficiently single sourced that they're far superior places to trust that anti-counterfeiting logic will be in place. But then, that's just IMHO.
--Dan