Slashdot Mirror
Mandatory Banknote Detection Code?
metamatic writes "The European Union is planning to introduce legislation to make it mandatory for software developers to add black-box banknote detection code to their graphics software.How will this apply to open source software? Is it time to get writing to your Euro-MP?"
...will software developers be required to keep up with new note faces? If old software blocks all note faces as of 2004, will developers face penalties for not updating their software in 2008 when the currency is redesigned?
I don't like the idea of being legally required to update old software. Will this happen?
Does anyone know of a source for T-shirts with this yellow five circle pattern? Any photo with you in it would be impossible to digitally edit with the new software.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
Yes - it's been in the media over here in Europe. In Germany apparently a good number of forgeries were even re-distributed through ATMs of some banks, who - for the sake of saving a couple of Euros - reloaded the ATM cartridges themselves, instead of carting of the money to the German National Bank who would check the banknotes and fill the ATM cartridges with absolutely authentic banknotes. The issue behind this is that normal merchant banks and people on the street do not know EVERY security detail of the Euro banknotes. Seven details have been published, the others are being kept secret by the national banks so that forgers will not get to hear about them.
Or use a solution that is available now:
Australia and New Zealand have adopted "plastic" notes for a while... I believe it is a big barrier for the cottage counterfeiting groups.
How will this black-box banknote detection code work with GPL'ed software? If it's going to be added to a GPL project it can't be proprietary anymore.
I think I read somewhere that a large percentage of the fake money is actually created by everyday people. This is an effort to stop that. If they think it's something more they're kidding themselves.
Well, Euro banknotes already have unique codes printed on them. E.g. I've got here one starting with X0688...
But of course, the unique codes only help partially: If you get two banknotes with the same code, you know one has to be wrong. But if you get only one banknote with a given code, how do you know if it's the original one or a copy? Also, when replicating per printer, it probably would't be too hard to give every one a different number.
But Euro banknotes have some security measures which I can't see how to replicate with a printer (like a metallic surface strip).
They don't have RFID, though (and I hope they'll not have them in the future - I wouldn't feel too well if any potential thief could just use an RFID reader to find out in advance if stealing my wallet would be worthwhile).
The Tao of math: The numbers you can count are not the real numbers.
And unlike the movies, I bet they are doing this in secret. Other things they could add to software is the printer to have small dots indicating when the money was print (based on the bios or os of the system), or maybe something to identify the system it was printed (like something unique like the mac address of the nic or something equally unique).
Rosco: "If brains were gunpowder, Enos couldn't blow his nose."
At least with open-source, you'll be able to disable the @!#$)@*!@#$ detection when the thing decides your new graphic work is actually money and your boss starts screaming at you...
There is something floating around which claims to patch the banknote feature in Photoshop CS although I've never used it since I don't use Photoshop. When I had read about it in some blog a few people had reported it made things much faster.
In the states at least, it's not unknown for advertisements to include images of dollar bills, either enlarged to above 200%, or reduced to below 75%, so as to comply with treasury regulations.
The proposed lockout algorithms would prevent this, even if the finished output complied with existing laws. It's very roughly analogous to the DMCA, which forbids all potentially infringing use, and fair use too.
(Yeah yeah. In the US, banknote designs are protected by a different title. But in Europe, it's common for the central bank to retain copyright.)
That howstuffworks article (http://money.howstuffworks.com/counterfeit.htm) on counterfeiting is US centric: in the US you have poor banknotes that have not evolved with the time. I suggest looking at modern EU (and Australia) banknotes that are highly sophisticated. Especially since this article is about banks in the EU.
If people become convinced that it is ***IMPOSSIBLE*** to counterfeit money, they will stop being suspicious, forget to triple check all the features and counterfeiters will have a field day...
Austrailia has done a good job with thwarting forgery in more than just the media that the bills are printed on. Really good counterfeiting operations in the United States take a batch of one dollar bills and bleach them to remove all the stuff from the one, except they protect the serial number, then they reprint a higher bill's value onto it. That won't work in Austrailia, because every bill has braille and the larger the note's value, the larger the note. A one and a five arn't the same size.
Learn something new.
I am not sure that being able to trace the path that a given banknote took would be good for privacy, so I am not sure that RFID is a good solution here. Cash is also needed for this privacy reason (otherwise, why not just issue everyone bank card readers for settling personal debts? I am sure that the hardware could be made secure enough and any fraud would be auditable).
To my knowledge most anti-counterfeiting measures tend to rely on:
1: Security through obscurity (features which are difficult to detect and replicate, such as microprint, magnetic signatures in ink, etc).
2: Special inks with limited supply (raised print, color shifting ink, etc.)
3: Special paper with limited supply.
Interestingly, most individuals know absolutely nothing about the security of their currency. Consequently they are not in a position to know anything about whether a bill is counterfeit or not. Additionally, I have found that many people I know cannot read microprint without a magnifying glass, so again, they are not in a position to detect counterfeits.
The best defence against counterfeiting IMO, though is better international coordination of enforcement. Banknote detection is a farce--- what happens when a banknote is redesigned? Does it mean that everyone must upgrade their banknote detection or face fines or charges? Or is this more generic (and would, say, prevent you from printing Monopoly money)?
Now, one could use a smart-card, etc. to store a digital signature based on a well-known string, the serial number, and the mint's private key. RFID technology might be modifyable to do something similar. This would allow merchants to more easily detect counterfeit euros. This method would not require actually tracking the bill from person to person and would be analogus to what is in place today (central monitoring via financial institutions).
LedgerSMB: Open source Accounting/ERP
1. How can your software be open source if it includes this 'black box' detection code? Sure can't be GPL.
2. How is this law going to be effective even if the detection software is in the open source photo editors? They're OPEN SOURCE, you can just not compile in the detection module.
3. Is this law *really* going to be effective, even if you ignore the open source implications?
Color copiers usually scan the bill in a single pass and this somehow foils the CCD into not seeing the intended color and registering a paler shade of the background.
This is used in some other notes too (ours, Brazilian Real, for example), not only in the US.
Dear aunt, let's set so double the killer delete select all
This is a perfect place to weaken the conflict of national "trade secrets" with "viral" OSS licenses. Just include a rider in the banknote law removing the right of anybody to sue for copyright infringement, if the only reason to do so is the refusal to distribute the closed source required by the banknote law. This will remove the teeth from all GPL-like licenses, and thus render them unenforceable for this particular situation.
What Congress giveth, Congress can take away...
I've been in the photocopier business for 23 years. Seems with each new generation of full color copiers, they have to put some sort of counterfit device into them. The latest is two fold. There is a "black box" device that detects the color of green and some other attributes and will cause the machine to lock up, displaying a 1-800 number to call. Then someone from the manufacturer, along with your friendly treasurey agent drops by to find out what you were copying. I heard this from a support engineer that a teacher was copying some things for a class, and the background of her original was close enough to cause it to lock up. The 2nd line of defense is that on any full color copier, there is a row of tiny light yellow microdots printed in the border area, which has the date of manufacturer, serial number and date of the copy. This way, if something sneaks by the black box, it can be traced back to who sold it. The last thing, is that the resolution isn't good enough to pick up the microprinting around the portrait, not to mention the security thread, or the color shifting ink. But, take one of these counterfits into a busy nightclub, fast food place, or any other business where they are as busy as a three ring circus, and it's no wonder they get passed. I've been a reserve with the sheriff's office for 15 years, and you should see some of the pathetic attempts at forgery. The funniest ones are where they cut the corners off of 20's and paste them onto the corners of a one dollar bill!
There are a number of problems with adding such code to printers:
* It is difficult to update. All counterfeiters have to do is find *one* image that can get past the blocking code. Futhermore, there is a *huge* set of printers out there that have no such blocking.
* Printers have limited memory and CPU capabilities. I really think that HP will not be thrilled with blowing a bunch of each on doing "currency detection" on every chunk of every page for each country that latches onto this.
* Printers have only the ability to "block". "Blocking" penalties for a detection of counterfeiting is the *easiest* variety of protection, since people just poke at their images until they print. Photoshop or other can "phone home". Some folks might think ahead enough to have a fully-disconnected computer, but as network connectivity grows...and it only takes one "phone home" with a detected serial number of a page of bills that are showing up with bogus numbers to nail someone.
* Printers were never designed to be highly secure embedded devices (for example, a number have easily-replaced firmware slots). It's a good bet that printer manufacturers don't go to a lot of trouble to hide diagnostic data. Sure, no random counterfeiter might be able to crack such a system -- but (a) there's lots of money involved to hire such a geek, and (b) there are major "geek points" involved in figuring out how to break such a system, and legitimate reasons for doing so. Remember the Xbox -- yes, it was cracked so that people could put Linux on it, but it opens things up to piracy. What if people want to improve image quality, add their own rendering engines (because it's not like they can easily build modern printers in their basement)? When someone distributes detailed instructions for how to disable such protection, it won't take a brilliant counterfeiter to beat the thing.
I really think that this is more a case of "we need to do something new with our currency". Currency was designed in a day and age when it was hard to accurately reproduce detailed images on a piece of paper. It was a very good design for that environment. I think that if we had to come up with a new system, we'd have something wildly different today.
You know what *could* make a major improvement?
Smart cards replacing "stupid magnetic strip" credit cards.
Currently, the reason that you can't use credit cards everywhere is because the credit card companies rake in money on each card, and it imposes overhead that not every retailer wants to pay (in vendor fees and per-charge costs).
Smart cards (with *associated readers*) make credit card fraud much more difficult, and thus reduce credit card company costs, and ultimately reduce prices to retailers.
This will help produce smart cards be more commonly used.
Of course, the downside is the big credit card issue -- more easy tracking of money flow, which is a bit Orwellian. Technically, it's possible to build a system that doesn't track fund flows (and still has the hard-to-counterfeit benefits), even if your credit card vendor is malicious, but there is probably little public interest in such a property. Plus, given the commercial value of people's credit card records (and pressure from law enforcement to monitor them) I don't think that it will happen.
May we never see th
Well, having been in a related situation, here's my story:
I was mugged, and the PIN to my debit card beaten out of me.
The bank pointed out that they had the PIN, therefore the bank wasn't liable. In addition, they argued, the crime wasn't reported to the police until after the money was removed. [0]
I accept that this is a different situation, in so much as it was a debit card, not a credit card. However, the legal situation is exactly the same - insofar as the argument of authorisation applies.
In the end, the bank gave me part of the money back, as a 'goodwill' gesture. Making it quite clear they didn't have to.
Note that this is a specific case of PIN being forcibly extracted - other forms of fraudulaent use will be covered as before.
Also note that if my signature had been forged, then that would have been clearly fraudulent. Because it was a number, it was considered authorised. This was despite injuries sustained in attepting not to reveal it.
As far as the law stands (UK), you give out the PIN, you are liable. Period.
[0] No shit, Sherlock. One went off with the card and PIN, whilst his (armed) mates stayed with me.
Here's a novel idea. Stop printing money and rescind all paper currency. It's easy to print paper. No matter what the government does, it will always be relatively easy for people who really want to counterfeit bills to do so. It is relatively difficult, by comparison, to mint pieces of metal.
The obvious problem is that people become paranoid about losing a coin once it becomes worth something. That's why you also cap the maximum value of any piece of currency at $20. That is the largest bill that most people carry around when not on a trip anyway. That's the largest bill that most ATMs dispense. Just do away with everything with a higher face value.
The net impact will be that anything costing over a couple of hundred dollars will end up being purchased via check or plastic. Well, that's the case anyway, for the most part. Couple this with a nationwide ban on profiteering from ATMs, and the problem of people on trips goes away, leaving the only people severely impacted being those doing illegal transactions (drugs, money laundering, ordering a hit on someone, etc.). And frankly, causing inconvenience for those folks is a good thing, right?
The governments of the world all have one thing in common.... When something goes wrong, they try to patch around the problem with the minimum necessary effort... kind of like a bad sysadmin. As a result, things keep going wrong because they aren't solving the fundamental problem. The fundamental problem is that paper currency is a bad idea. We all need to get over it and move on. :-)
Just my $0.019997 (adjusted for inflation).
120 character sigs suck. Make it 250.
Austrialia used to have paper money? That's strange. No currency I know of has been printed on paper for many years. Most are currently printed on some kind of cloth (such as cotton). While the wear characteristics of cotton are nowhere near as good as plastic, I have washed many bills in the washing machine (some on purpose) and they come out great. In fact, after ironing, they often are almost as crisp as brand new bills.
OK, they want software to stop working when it detects money? Good. Let's all start inserting The EURion Constellation [1] everywhere we can, on our websites, on our t-shirts, on our cars and literally everywhere. Then, when people start noticing that they cannot print their God damned holiday photos because there is some jerk with some freaking dots on his t-shirt on them, maybe they will stop using software inluding this stupid black-box banknote detection code. We can do it, people.
[1] It's a Google link, I don't want to link directly to eurion.pdf to avoid slashdotting the server.
Sincerely,
Pan Tarhei Hosé, PhD.
"Homo sum et cogito ergo odi profanum vulgus et libido."
This is exactly the problem I have with Chip & PIN. I work for a credit card company, and I raised objections about it. But they weren't interested. The party line is that "it is proven to have reduced credit card fraud in Europe, so the UK banking industry has adopted it". Then they have the nerve to try and sell it to the public as a good thing (which it is for the bank -- by shifting the burden of proof from the bank to the customer, they reduce their exposure, and increase their profits).
"The invisible and the non-existent look very much alike." -- Delos B. McKown
I was also in a similar situation, but with a different result from the bank. I was held at knife-point whilst money was taken from a cash machine. I'd given out the PIN, and the bank made it clear they didn't have to pay, but covered the whole amount (500 UKP) without an argument. I was so delighted with this, it would now take a lot for me to consider changing banks (providing they stay competitive), and I've recomended them to several friends. If only all businesses would realise good customer service pays for itself in the long term.
There was this idea of having a panic-pin for each card that will work as well as the normal pin, but which triggers a silent alarm when used, marks transcation as fraud or something like that.
Cool idea, i don't know why it never got implemented