Slashdot Mirror

← Back to Stories (view on slashdot.org)

MPAA Developing Digital Fingerprinting Technology

Posted by Zonk on from the following-in-your-tracks dept.

Danathar writes "The MPAA is looking to use digital fingerprinting technologies that in conjunction with legislation will enable and force ISPs to look for network traffic that matches the signatures. " From the article: " Once completed, Philips' technology--along with related tools from other companies--could be a powerful weapon in Hollywood's increasingly aggressive attempts to choke off the flood of films being traded online."

31 of 544 comments (clear)

  1. Encryption by Odo · · Score: 5, Insightful

    And ISPs are going to search for fingerprints in encrypted downloads how exactly?

    It would be relatively easy for the next generation of P2P applications to add very basic encryption. Possibly based on a captcha (just a regular zip file encrypted against the random letters contained in a gif).

    Or will the MPAA's next trick be to purchase legislation banning encryption.

    1. Re:Encryption by Breakfast+Pants · · Score: 4, Interesting

      The ISPs will be legally required to do man in the middle attacks. When you start up an SSL connection they will accept it as if they were the destination and then make a request to the destination for a connection. They will then pipe all info between the two connections through their fingerprinting program, and then pipe the approved data to you and to them. None of this will ever happen.

      --

      --

      WHO ATE MY BREAKFAST PANTS?
    2. Re:Encryption by mickwd · · Score: 5, Insightful

      Maybe the MPAA's next trick is to publicise some scheme they're thinking of using, letting it get published to Slashdot, reading what Slashdotters have to say, and using this to help decide on its viability, before investing any serious amount of money in it.

      Free technical review.

      Doesn't anybody else here think that occasionally someone from the "usual suspects" (Microsoft, RIAA, MPAA, etc) might read what some of their "opponents" are saying about them ? Especially when people here openly post how they will get round what the organisations concerned are trying to achieve (rightly or wrongly).

    3. Re:Encryption by CodeBuster · · Score: 5, Informative

      This wouldn't work with public key encryption.

      sure it would, that is the whole point behind the man-in-the-middle attack. It was discovered as a weakness in key exchange protocols such as diffie-hellman which rely upon exchange of public keys between previously unknown parties who do not use a trusted third party to manage public keys. The premise of the man-in-the-middle attack is that an intermediary intercepts the public keys (which must be transmitted in the clear) during the exchange protocol before they reach the intended recipients and substitutes his own public key instead. Then when the symmetric key is computed by the recipients during the key exchange (using the man-in-the-middle's public key) all three of them, both recipients and the man-in-the-middle, will have the secret symmetric key and the entire session will be compromised. Moreover, the recipients will have no idea that the man-in-the-middle exists because they had not previously exchanged public keys. The solution to this problem in practice has been to have a trusted third party repository for public keys, such as Thawte, which signs public key requests with its own private key to verify the origin of each public key. However, this requires central registration and management of keys, something which is unlikely to be palatable to P2P users for obvious reasons and thus the man-in-the-middle problem will persist when computing session keys for encryption on P2P networks. Man in the Middle is somewhat difficult to implement in practice, but not impossible (ISPs would make the perfect men-in-the-middle), so this is not merely a theoretical possibility.

    4. Re:Encryption by ConceptJunkie · · Score: 4, Funny

      Yes, and of course it never would have occurred to terrorists to poison the water supply or infiltrate nuclear power plants or destroy the Holland tunnel if they hadn't heard someone discussing those possibilities on Fox News either.

      Wow! Idle ramblings of a bunch of mostly adolescents. Better not let anyone hear this incredible font of devious ideas.

      Oh, the horrors!

      --
      You are in a maze of twisty little passages, all alike.
    5. Re:Encryption by 42forty-two42 · · Score: 4, Informative
      Trivially broken:
      1. Alice sends her public key K(a) to Bob.
      2. Mallory intercepts K(a) and passes his own key, K(m) to Bob
      3. Bob sends H(K(a), K(b)), k(b) to Alice
      4. Mallory intercepts H(K(a), K(b)), k(b) and replaces it with H(K(a), K(m)), K(m)
      5. Alice computes H(K(a), K(m)) and sees that it matches.
      The problem is that neither Alice nor Bob know each other's keys, so they cannot differentiate between Mallory and each other. This is not circumventable. No matter what, Mallory can negotiate two seperate connections with each of Alice and Bob, and simply relay, unless one of the two knows the other's key.
  2. Forget it by Karamchand · · Score: 5, Insightful

    Trying to make bits uncopyable is like trying to make water not wet. -- Bruce Schneier

    1. Re:Forget it by evilmousse · · Score: 4, Interesting


      aaaactually, mr wizard taught me that it's just the water's skin that's really wet--that is, it's self-adhesive properties...

      pour a shitload of babypowder on a cup of water, and stick your finger down to the bottom. it'll be baby-fresh instead of wet.

    2. Re:Forget it by Anonymous Coward · · Score: 5, Funny

      Analyzing humor is like dissecting a frog: Nobody really enjoys it and the frog generally dies as a result. -- E. B. White

    3. Re:Forget it by tfoss · · Score: 5, Funny
      Only on slashdot would you find someone arguing against 'water is wet.'

      -Ted

      --
      -=-=- Quantum physics - the dreams stuff are made of.
    4. Re:Forget it by Dachannien · · Score: 4, Funny

      pour a shitload of babypowder on a cup of water

      Hey, now, it's a lot of work grinding those babies up into powder. I'm sure as hell not gonna waste it trying to figure out something lame like whether water is wet or not.

  3. Computer = COPY by BoldAC · · Score: 4, Informative

    As long as you can get it onto a computer, people are going to figure out how to make it copy it.

    Just take the new napster mess where everybody is loading up on free music right now:

    Napster/Winamp hack to get unprotected free music

  4. It's funny... by DoraLives · · Score: 4, Interesting

    that some of the scariest 1984ish stuff would be coming out of the fricking entertainment industry fer chrissakes.

    --
    Is it fascism yet?
    1. Re:It's funny... by SunFan · · Score: 4, Insightful


      Perhaps this will lead to a division in society between the people who know the MPAA can't take our money and those who don't. These companies exist only because of us, the customers. I have no problem at all telling them to %$#@ off, because I know entertainment is cheap and very easy to come by. Take my kid to a movie vs. take my kid to a park vs. take my kid to a ball game, whatever. Movies really are not that big of a deal. Sure I might miss great movies like Dr. Strangelove, but, ultimately, movies are just a medium for these stories and certainly not a requirement. Indy productions, stage adaptations, etc. are all different ways for the talented people out there to tell their stories. Big company execs can kiss my ass for all I care.

      --
      -- Microsoft is the most expensive commodity operating system and office suite vendor in the marketplace.
  5. Made by Philips? by mr.henry · · Score: 4, Insightful

    It is sort of amusing that this technology is being developed by Philips, makers of the Philips DVP-642, probably the most pirate friendly DVD player on the market today.

    1. Re:Made by Philips? by chris_eineke · · Score: 5, Funny
      probably the most pirate friendly DVD player

      Yeah, it's used to play DVD-Arrrrrrrr's. :-)
      --
      "All you have to do is be fragile and grateful. So stay the underdog." Chuck Palahniuk, Choke
  6. 5 years from now.. by evilmousse · · Score: 4, Insightful

    ..govt. and coportate interests will lament the day they drove the average user to encryption.

  7. SneakerNet the Ultimate by LionKimbro · · Score: 4, Insightful

    We have 1TB disks coming up soon.

    I don't know how many terrabytes of released music exist in the world, but I imagine it's a finite number.

    We'll probably have 100TB disks, and then 10,000 TB cubes at some point in the future.

    Perhaps all the worlds music will fit in the space of a cubic centimeter.

    You visit your friend's house, put your cube-disk next to his cube-disk, hit "copy", and then walk home with your copy of the entire world's music.

    Really, there's not a whole friggin' lot you can do about that.

    Perhaps the possesion of world-music cube-disks will be the next marijuana possesion.

  8. Re:Better than upstream measures by schon · · Score: 4, Interesting

    this to me is the least offensive method of combatting piracy

    Yes, until you get your new bill from your ISP, which includes an extra $50.00 per month so that they can afford to comply with the law.

    See, I'm pretty sure that the MPAA won't be paying the ISP to implement this technology, to purchase the additional equipment to use it, and to maintain it.

  9. Two ridiculous science fiction stories in one day? by bigtallmofo · · Score: 4, Insightful

    First I read this story today, and I swear I still want my 5 minutes back from wasting my time reading it. Then comes along this story about the MPAA developing "fingerprinting" technology. I suppose that when someone rips a DVD using DVDShrink or DVDDecryptor or any number of other programs that said program is going to copy said fingerprint wholly intact into the resulting file even if it compresses said file. Then, after I convert it to DivX format, I'm sure the fingerprint is still going to be intact. Then after I transfer it with (Insert any of BitTorrent, WinMX, IRC, FTP, etc, etc, etc, etc) the fingerprint is going to be sent intact without using a fragmented TCP packet. Assuming all this to be true, my ISP is supposed to then pick out this needle-sized fingerprint in a galactic-sized haystick.

    This is pure science fiction.

    --
    I'm a big tall mofo.
  10. This will work.... by russint · · Score: 5, Funny

    Until someone invents something like ssl... oh...

    --
    ^^
  11. Re:Better than upstream measures by ScrewMaster · · Score: 4, Interesting

    This is nothing more than an automated private-sector wiretap. Bad thing. I don't want the FBI monitoring private communications without proper authorization and judicial oversight, and I sure as hell don't want the likes of the RIAA, MPAA or any other AA looking at my personal communications and deciding whether or not to sue me for whatever they think they've found. The RIAA is not a law enforcement arm of the government, neither is my ISP ... and I don't want either of them to become such.

    It's generally considered wrong when private individuals or organizations take the law into their own hands (see: vigilante justice.) It's even more dangerous when the organization in question is as heavily-bankrolled and as morally bankrupt as our two favorite "entertainment industry trade groups". No thanks. They can keep their grubby little lawyer fingers out of my data stream.

    --
    The higher the technology, the sharper that two-edged sword.
  12. Re:Hmm, wouldn't... by thpr · · Score: 5, Informative
    No. If they take the 4 or 5 most significant bits across a song and perform (for example) an MD5 hash of them, then any encoding mechanism (MP3, OGG, etc.) would still result in the same hash. Same goes for video.

    The stupid part is that even trivial encoding changes (zip) much less encryption (DES, AES, PKC) render this useless. The way around that is actually doing application layer filtering on data, and I with them luck with that. Besides encryption still getting around this in many cases, the CPU time required to do near-real-time layer 7 processing of ALL of the packets going through an ISP is obscene. (remember this type of filtering requires persistence of those packets for a period of time in order to reconstruct the resulting media, because the few bytes in a single IP frame probably isn't enough to know if it's media). Such investment would drive every ISP except Microsoft bankrupt.

    What the MPAA is really pursuing right now is watermarking (mentioned later in the article). They have proposed altering each image that goes to different movie theaters or DVDs (especially previews that go to the MP Academy), etc. By watermarking the image against a master (of 'neutral' color, it is possible to determine which copy it came from even if it has been re-encoded.

    The alteration is of certain items in the image. It is not on the magnitude of a least-significant bit (which different encoding schemes would then garble). What these watermarking systems do is change it by a number of bits, and do so in a recognizable fashion. In a scene, this might change brightness of the clouds, or the brown of the ground, etc. The net is that a distinct watermark can be created on the image. By altering different items in different films (and at different times), the net result is indistinguishable to the watcher; yet when the 'master' is known to the MPAA, the patterns can be distinguished to determine the source of a pirated copy of a movie or song (regardless of how it might have been re-encoded - unless it's at REALLY low quality)

  13. Wow! by rbarreira · · Score: 5, Insightful
    The trick is to make that identification process work even if the file is compressed, turned into a different computer file format or otherwise changed slightly. For a song, this means basing the fingerprint on the music's acoustical properties, rather than on the ones and zeros that make up a given digital file.

    The video process is similar, but would use visual characteristics of individual video frames instead of audio qualities.

    A good fingerprinting technique must be able to identify the movie even if parts of it are being downloaded out of order, or if some bits have been cut out, Maandonks said.


    Wow, is this a kind of an april's fool or something? I don't even think I need to comment much on the infeasibility of this...

    Next thing you know, the RIAA will be solving NP-complete problems in constant time or something...
    --

    The AACS key is NOT 0xF606EEFD628B1CA427BEA93A9CA9773F
  14. Re:Better than upstream measures by ScrewMaster · · Score: 4, Insightful

    Frankly, I don't want to have to deal with any kind of "dispute process" or take the risk that a failure of that process might land me in court. File-sharing of music and movies isn't my problem: it's not some significant social issue that we all need to be concerned about. Racism ... sure. Health care ... certainly. Undue corporate influence in Congress ... absolutely. But ... Music? Movies? Why are we even considering subverting our national communications system to serve the needs of a few large corporations? Most of whom, I might add, are foreign interests.

    This is really starting to get out of hand. I mean, the entertainment industry is not some great cultural treasure that must be preserved at all costs (the people that run it think so, but they are mistaken.) This is an economic matter, no more and no less. I didn't shed a tear when Westinghouse went belly up, I didn't lose any sleep when K-Mart filed for bankruptcy ... some organisms survive change, and other's don't. Let the RIAA and the MPAA and all their member corporations deal with the pace of progress like every other adaptable company that survived the advent of the Internet. Gee ... the public Internet makes "rampant piracy" possible? You're losing billions? THAT'S JUST TOO GOD DAMN BAD. The world changed around you, and in any event does not exist solely for your enrichment. Deal with it.

    --
    The higher the technology, the sharper that two-edged sword.
  15. Hmm. by Grendel+Drago · · Score: 4, Funny

    Either that's really fucking awesome, or you just figured out a way to make ten thousand Slashdotters all get baby powder on themselves.

    I suppose I'll go acquire some baby powder and find out.

    Either way, kudos to you.

    --grendel drago

    --
    Laws do not persuade just because they threaten. --Seneca
  16. Who needs encryption anyway? by Spy+der+Mann · · Score: 4, Funny

    Expect "digital fingerprint remover" software to appear in the digital 'black market' as soon as this thingy is implemented.

    Then expect conversations like this to appear in bash:

    [Joe]The MPAA is knocking at my house! :(
    [1337-0]Hahahahahah you forgot to remove the fingerprint?
    [PhantomZero]ROFL! Pwned!
    [Joe]It's NOT funny! I have to go, bbs :(
    [1337-0]bbs, or bbl... way l?
    [PhantomZero]LMAO!

  17. Re:I Love Slashdot, Really I Do ... by SpacePunk · · Score: 4, Insightful

    "This topic is absolutely chock-a-block with discussions about which burglars' tools work best to fuck over and steal from our neighbors. What next, discussions on how to cut through school zones and take kindergarten-age hostages to elude the police during a high-speed chase? "

    I look at it like this. A discussion on how to preserve the privacy and liberty of those of us that do not commit copyright violations. Allowing this is like allowing the cops to tap my phone becuase my neighbor was caught committing a crime. It's unacceptable.

    --
    Steve's Computer Service, Hobbs, NM
  18. Re:The scariest way ... by Joff_NZ · · Score: 4, Insightful

    I think the banks of the world might have something to say about that, and last time I checked, they are way bigger, and wield *much* bigger sticks than the MPAA/RIAA

    --
    The revolution will not be televised. It won't be on a friggin blog either
  19. Hardly by ewe2 · · Score: 4, Interesting

    If they do read slashdot for a free technical review, they can hardly ignore the same points raised over and over again:

    1. Technically infeasable and economically ruinous for ISPS to scan all network traffic (unless you want to pay them for their trouble, MPAA? you could indemify us all for the resultant Internet slowdown perhaps?). You've been told so many times, you can't be that stupid.

    2. Copy-protection can always be broken. It's like King Canute live action when I go to see a movie and be insulted by MPAA movie-theft ads.

    3. If you drive the people to encryption, a lot more than your precious assets will go byebye, it will bring down the gravy train for everyone else, and won't they thank you for it.

    Using Occam's Razor I ask which is more likely: that they either don't read slashdot or do so in such a way as only read it for the pictures.

    --
    insecurity asks the wrong question irritation gives the wrong answer
  20. Re:While You're Bitching ... by shark72 · · Score: 5, Informative

    "For decades they conspired on prices and you claim they "paid the price"?!"

    The price-fixing settlement was not as a result of "conspiring" for "decades." Here's what happened:

    1. A couple of "big box" retailers (Wal-Mart, Best Buy and the like) started selling CDs at a loss, or for extremely low margins, as an inducement to get people into the stores and buy other high-margin stuff.
    2. This started hurting a few music-only chains (Tower Records, TWE and one other that slips my mind), who didn't have an acre of high-margin children's clothing or computer equipment in the back of the store that allowed them to sell CDs at a price that competed with Wal-Mart and Best Buy.
    3. Tower Records, et al complained to the record companies (notably Universal) that Wal-Mart and Best Buy were putting them out of business.
    4. In response, Universal started a "MAP," or "minimum advertised price" program. Universal gave Tower, et al. funding for advertising (in newspapers and the like) with the stipulation that the advertised prices didn't fall below a particular point. In case this concept seems familiar to you... lots of other industries do it, including the computer peripheral industry.
    5. Best Buy and Wal-Mart noticed this and complained to the government.
    6. The government smacked Universal around a bit.
    7. Wal-Mart and Best Buy had the last laugh.
    8. Tower Records filed for bankrupcty.

    The winners here are Best Buy and Wal-Mart. The losers are the traditional record stores and indie stores that continue to get squeezed out of the business by Wal-Mart and their loss leader prices on CDs. The record companies probably don't mind; other than sending out some settlement checks and sending some crappy CDs to some libraries (as you've mentioned), this didn't hurt their bottom line. They were selling CDs to Tower Records for the same price that they sell to Wal-Mart.

    You should be happy about this if:

    • You don't mind buying your music in Wal-Mart (sadly, for many people reading this, Wal-Mart is the only place they know to get music, and they'll never know what it was like to have that cool indie record store in town before Wal-Mart put it out of business.) Can't beat those great Wal-Mart prices, particularly if you like Shania Twain!
    • You don't like MAP pricing programs. In that case, one industry down (the record industry) and lots more to go. This battle is fought one step at a time.
    • You subscribe to the "what's good for Wal-Mart is good for America" philosophy.

    You should be unhappy if:

    • You miss the old days when indie record stores and stores like Tower were more prevalent, and you wouldn't mind paying a few extra bucks for more selection and the opportunity to avoid going to Wal-Mart for your music.
    • It bothers you that the computer peripheral industry still uses MAPs. Doesn't bother me, as that's the industry I'm in. MAPs are great.

    The bottom line is that anybody who thinks that the price-fixing settlement was a strike against big business and a win for the little guy is mistaken. They're probably still chuckling about it at Wal-Mart headquarters in Bentonville.

    --
    Sitting in my day care, the art is decopainted.