Slashdot Mirror
Mandatory Banknote Detection Code?
metamatic writes "The European Union is planning to introduce legislation to make it mandatory for software developers to add black-box banknote detection code to their graphics software.How will this apply to open source software? Is it time to get writing to your Euro-MP?"
It's interesting that now the EU wants to push problems with more
and more counterfeiting money appearing on the market to graphics
software makers...
How do they think, that this will improve the situation? Look at
what TODAY's Gimp, Photoshop, and others can do... All I would need
to do is stick with a current version and not upgrade, if I really
wanted to counterfeit money on my own. And if you would integrate
this into the printers, then I'll just print the banknote in two or
three passes (always just print another part of the banknote so
that the printer will never get to see the whole thing in one go).
Why not integrate this into the FUTURE banknotes (they already have RFIDs in there, don't they? All it would need to take would be to issue unique codes to EACH banknote so that they could verify the identity of the banknote there)
next time on CSI: man rendered invisible to the magic zoom-in photo software by wearing suit made of dollar bills
-You're wasting your time. Alfador only likes me.
Link here
got sig?
I'm not an OSS developer, but I would think they would ignore this. What's next? McDonald's pays software companies enough money to include their trademark detection? So you can't scan/recreate/modify/distribute their likiness?
I know they're probably attempting to stop (appearently) rampant counterfitting... but where will it end? I once scanned a dollar and sent it to someone on IRC as a joke (they said, someone DCC me some money). There has to be a better way. Like I said, isn't this really just admitting defeat?
FLR
Ok ill just go buy a OLD scanner, and find a older version of photoshop.
Kinda locking the door after the horse has bolted dont we think people?
oh and FP ! \o/
- http://www.milkme.co.uk
As far as in the USA, most scanners will print something over the scanned money. Generally its "Void" in stripes over the entire scan. Copiers are worse. There are several Xerox models that will literally lock up until a service tech fixes it if American money is inserted.
I see little in the need to copy a bill. We all have issues with forgeries and counterfitting ruining the value of the dollar/euro. Why not?
Sigs are nice guns
...will software developers be required to keep up with new note faces? If old software blocks all note faces as of 2004, will developers face penalties for not updating their software in 2008 when the currency is redesigned?
I don't like the idea of being legally required to update old software. Will this happen?
Does anyone know of a source for T-shirts with this yellow five circle pattern? Any photo with you in it would be impossible to digitally edit with the new software.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
Yes - it's been in the media over here in Europe. In Germany apparently a good number of forgeries were even re-distributed through ATMs of some banks, who - for the sake of saving a couple of Euros - reloaded the ATM cartridges themselves, instead of carting of the money to the German National Bank who would check the banknotes and fill the ATM cartridges with absolutely authentic banknotes. The issue behind this is that normal merchant banks and people on the street do not know EVERY security detail of the Euro banknotes. Seven details have been published, the others are being kept secret by the national banks so that forgers will not get to hear about them.
In an Open Source app, it can stop someone who don't know C from doing something, but if you know C you can simply remove the added code...
From the article:
The copies are often good enough to fool vending machines. By using a fake 20 note to purchase a 2 rail fare, the criminal can take away 18 in genuine change.
Follow this logic: While we can't make vending machines clever enough to tell the difference between real dollars and fake ones, we can make your computer smart enough to not let you do anything with money.
This'll work.....
How's that? Just because its Free doesn't mean OSS projects will be able to incorporate it. I didn't read anything about it being GPL.
The last thing we need is the government forcing OSS project to include some closed source code into every project that deals with graphics. If this goes through in the EU and not in the US then the EU is just going to having to do without OSS graphics software.
If you wanna get rich, you know that payback is a bitch
This is useless. Banknotes do, and should, have security markers on them that cannot be produced by normal software tools anyway (I am thinking of markers that have tactile feel, holograms, etc). Thus, you need advanced techniques to forge these: and anyone capable of such advanced techniques is going to be able to work around any of these standard software embedded countermeasures.
All these countermeasures are doing is addressing joe average who uses a scanner, photoshop and a printer to make poor forgeries: exactly the type of forgeries that are picked up easily.
Further: I'd like to hear more detailed assessment of forgery rates, nature of how forgeries are constructed and so on, to determine whether the cost of all of this is really justified.
The term for faking currency is "forgery" with fake currency being "counterfeit". "Piracy" has nothing to do with it.
I think I read somewhere that a large percentage of the fake money is actually created by everyday people. This is an effort to stop that. If they think it's something more they're kidding themselves.
And unlike the movies, I bet they are doing this in secret. Other things they could add to software is the printer to have small dots indicating when the money was print (based on the bios or os of the system), or maybe something to identify the system it was printed (like something unique like the mac address of the nic or something equally unique).
Rosco: "If brains were gunpowder, Enos couldn't blow his nose."
Dear European Union,
I am an open source software developer. Could you please send me samples of all EU notes, so that I can include image protection in my software. 10-20 copies of each should be enough to complete the work needed.
http://www.kubuntu.org/
I just know some idiot will latch on to this and use it as an excuse why OSS is bad/evil/wrong.
See? We can tell Adobe to lock down their software to stop counterfeiting, and it happens. But not those OSS people. Having the source means you can change the source. It makes counterfeiting possible, promotes communism, and makes baby Jesus cry.
Unfortunately, it's not the software that's the problem - it's the law thinking it can mandate things like this that's the problem. But you watch - OSS is going to take a beating for this anyhow.
Weaselmancer
Weaselmancer
rediculous.
Just by even saying this it prooves without doubt that the EU has absolutely no idea about the issues involved. Have they even asked experts? do they have a technical panel? Even im qualified to say that this will not work and is a stupid in-the-clouds idea, why don't they atleast make a start and hire me?! ill work for next to nothing and i could sort out all their stupid issues on DRM, bank-note detection, censorship and patent laws, im not biased to any corporation im not even biased towards open-source (much). Can't they take a look at slashdot now and then? Or are they all corrupt already.
This comment does not represent the views or opinions of the user.
The open source software is not immune to the law s of your country, but allows easily to break them.
If Adobe adds banknote detection code into Photoshop, you can't easily remove it.
OSS, instead, allows you to compile the software from the source.
So it would be easy to remove from gimp the banknote detection code.
Of course doing that would be a crime, but who cares ? I mean, if somebody is going to forge fake money he's already breaking the laws.
just my two cents,
Fabio
Yeah, that's a great idea. More licensing problems. Additionally, it would then become impossible to put such software in the public domain!
No thank you.
1) And so it should be. I would be rather concerned about the Orwellian trojan horses that would be in such a blackbox
2) Forgers can also easily reverse-engineer the blackbox software, so what's the point.
I believe it is again one of those dumm ideas politicians have that are professional politicians without knowledge of the subject matter.
The FA mentions the fact early deduced, that these work by detecting a pattern of 5 small circles. So exactly how this is implemented isn't important or necessary to keep secret. More important from the bank's point of view is that OSS can simply be compiled from source with this code omitted (similar example is the code blocking printing of PDFs in Ghostscript, easily commented out).
*laughs*
OK. The last time this came up, it consumed about twelve straight hours of hackery. You can go ahead and play with some of the black boxed code using the demo version of Paint Shop Pro (or the latest Photoshops). Let me tell you: This has nothing to do with the circles. I was actually quite saddened by this fact, as I was planning to print up a "secure t-shirt" that would be unphotographable and unprintable by modern image manipulators. (It'd be a great excuse to talk at Black Hat wearing a T-Shirt *laughs*).
Alas, such adventures were not to be had. Experimenting with copy/paste between an unprotected app and the demo PSP, it quickly became clear that while some old copiers might indeed trigger on the inter-circle distances, counterfeiters now had a vastly more difficult system to fight. What there seems to be is some sort of size and position invariant image fingerprint function, probably wavelet based, that receives the full image after every large scale image transform, executes a fingerprint matching vs. a confidence value, and returns true or false depending on what the confidence threshold is set to. It's not perfect -- Stirmark does seem to cause the algorithm to occasionally stumble, though not consistently (see this gallery for details) -- but it's very good work nonetheless.
Certainly, it does not appear possible to manipulate the watermarking system to create new and unique images that appear, computationally, to still be money. That's a very good thing. And while it's somewhat problematic to have code refusing to obey its controller, the integrity of the financial system really is an important thing. Remember the privacy case for cash -- if paper money becomes something we all distrust, what exactly are we left with? The fault with the RFID approach is that it forces us to carry a reader to validate funds. If we cannot self-validate, we cannot trust (notably, the biggest weakness with the metal strip approach is that we cannot quickly notice that the metal strip has been removed -- the wealth is actually thus represented not by the bill but by an invisible strip of iron and plastic!).
I do not think that image manipulation software is the right place to put this code, specifically because it's too easy to write an image editor from scratch (what are you going to do, ban compilers?). Scanners and printers are however sufficiently single sourced that they're far superior places to trust that anti-counterfeiting logic will be in place. But then, that's just IMHO.
--Dan
Similar to gun control measures, this only does one thing - takes a perfectly legal thing out of the hands of law-abiding people.
In this case, circumventing the technology (PARTICULARLY IF IT'S IN AN OSS PROJECT!) will prove to be fairly trivial to criminal counterfeiters. I myself can think of several ways that would take all of 5 minutes, although I won't share them here because I don't want the black helicopters landing on my front lawn.
In the meantime, some 37-year-old woman, with no criminal intent, trying to scan money to use in some car dealer's newspaper ad (DEALS DEALS! CASH BACK!) is going to go crazy. Likewise for the Art 101 student trying to make a collage out of GWB's face and the US $100. Likewise for the vending machine engineer trying to scan bills to teach the reader how to recognize them. And so on...
-JT
Create an army of autonomous solar powered hyper-Roombas.
Have them with scamper about with a video grabber and the black box algorithm.
Set them loose to harvest money.
Seriously, it seems to me that the black box library would just be
as easily used as a dependable proof reader for money image duplicators,
and a much more easily targeted point of failure.
This isn't about counterfeiting, it's all about screwing the little guy.
The major sources of counterfeiting are other governments and large multinational crime organizations. They'll be able to get around this stuff.
Now that the little guy can make his own passable bills, they're all out to squash him down. Nothing new here.
There are a number of problems with adding such code to printers:
* It is difficult to update. All counterfeiters have to do is find *one* image that can get past the blocking code. Futhermore, there is a *huge* set of printers out there that have no such blocking.
* Printers have limited memory and CPU capabilities. I really think that HP will not be thrilled with blowing a bunch of each on doing "currency detection" on every chunk of every page for each country that latches onto this.
* Printers have only the ability to "block". "Blocking" penalties for a detection of counterfeiting is the *easiest* variety of protection, since people just poke at their images until they print. Photoshop or other can "phone home". Some folks might think ahead enough to have a fully-disconnected computer, but as network connectivity grows...and it only takes one "phone home" with a detected serial number of a page of bills that are showing up with bogus numbers to nail someone.
* Printers were never designed to be highly secure embedded devices (for example, a number have easily-replaced firmware slots). It's a good bet that printer manufacturers don't go to a lot of trouble to hide diagnostic data. Sure, no random counterfeiter might be able to crack such a system -- but (a) there's lots of money involved to hire such a geek, and (b) there are major "geek points" involved in figuring out how to break such a system, and legitimate reasons for doing so. Remember the Xbox -- yes, it was cracked so that people could put Linux on it, but it opens things up to piracy. What if people want to improve image quality, add their own rendering engines (because it's not like they can easily build modern printers in their basement)? When someone distributes detailed instructions for how to disable such protection, it won't take a brilliant counterfeiter to beat the thing.
I really think that this is more a case of "we need to do something new with our currency". Currency was designed in a day and age when it was hard to accurately reproduce detailed images on a piece of paper. It was a very good design for that environment. I think that if we had to come up with a new system, we'd have something wildly different today.
You know what *could* make a major improvement?
Smart cards replacing "stupid magnetic strip" credit cards.
Currently, the reason that you can't use credit cards everywhere is because the credit card companies rake in money on each card, and it imposes overhead that not every retailer wants to pay (in vendor fees and per-charge costs).
Smart cards (with *associated readers*) make credit card fraud much more difficult, and thus reduce credit card company costs, and ultimately reduce prices to retailers.
This will help produce smart cards be more commonly used.
Of course, the downside is the big credit card issue -- more easy tracking of money flow, which is a bit Orwellian. Technically, it's possible to build a system that doesn't track fund flows (and still has the hard-to-counterfeit benefits), even if your credit card vendor is malicious, but there is probably little public interest in such a property. Plus, given the commercial value of people's credit card records (and pressure from law enforcement to monitor them) I don't think that it will happen.
May we never see th
In fact, as far as I'm concerned, Chip and PIN is a potential nightmare.
Instead of mugging victims finding themselves relieved of their wallets and purses I can forsee muggers demanding PINs too, so that they can use the cards that they've stolen.
Right now, if a card is fraudulently used and the signature doesn't match that of the cardholder then the bill is footed by the credit card company, even if the card hasn't been reported stolen. Sure, the costs are passed onto the consumer (well, to those consumers that don't clear their card balances at least) but there's no chance of you suddenly being presented with a four- or five-figure debt for the spending that a card fraudster has run up on you card.
But, if you find yourself in a situation where you give an assailant your PIN, even if it's to avoid physical harm, then you're responsible for all spending they clock up before your card is eventually cancelled.
Frankly, as a credit card holder, this scenario frightens me, even though the chance of it actually happening to me is next to nothing.
Of course, the card issuers are being very quiet about all this, which is no great surprise.
"Accept that some days you are the pigeon, and some days you are the statue." - David Brent, Wernham Hogg