Using Watermarks to Combat Piracy

TheEvilOverlord writes to tell us PC Advisor is reporting that researchers at the Fraunhofer Integrated Publication and Information Systems Institute have developed a new watermarking system to help track and combat piracy. From the article: "The system lets content providers, such as music studios, embed a watermark in their downloadable MP3 files. Watermark technology makes slight changes to data in sound and image files. For instance, the change could be a higher volume intensity in a tiny part of a song or a brighter colour in a minuscule part of a picture. Even the best-trained human eyes and ears, according to Kip, can't detect the change."

Human?

[biocute]

Even the best-trained human eyes and ears, according to Kip, can't detect the change.

Who says anything about using human senses to detect the watermark? If these watermarks are embedded by machine, I'm sure it won't be long until Watermark Bob creates a "cleanser" program to detect anything unusual, and maybe even remove it.

Re:Human?

[Iphtashu+Fitz]

I'm sure it won't be long until Watermark Bob creates a "cleanser" program to detect anything unusual, and maybe even remove it.

Good point. All you'd really need is two or more copies of a given file, each with their own watermarks. Do a relatively straightfoward binary diff on the files and you'd quickly spot the watermarks. Normalize the diffs based on the similarities between the multiple file copies, and voila! Instant un-watermarked file.

Re:Human?

Most movies aren't being pirated in their original quality anyways. A 4gb movie file is usually ripped to 1gb so the odds are pretty good that this miniscule variation will get destroyed in the re encoding process.

Re:Human?

[rjstanford]

Why bother?

I mean, isn't it cheaper to let everybody know that you're watermarking the video files than it would be to actually watermark them? Maybe toss in a few random bits if you think that people would actually download two copies and diff them, to keep them guessing.

Social solutions to technical problems. Think of it as the, "Hey, I'll give you candy for your password," issue, but in reverse.

Re:Human?

[Kadin2048]

The intended use of watermarking, at least as I see it, is less for mass-released files than for prerelease or limited-release uses.

E.g., radio stations get copies of songs weeks before the CDs actually hit stores -- and suspiciously, the songs tend to show up on P2P networks soon after they go out to radio stations. What the music producers would really like to be able to do is trace the leaked files back to whoever put them on the internet, and then get medeival on them for breach of contract.

You can imagine similar uses for prerelease screenings of movies that go out to critics, film review boards, etc. It's less about preventing piracy than it is about finding the snitch afterwards so they can be made an example of. Really, the piracy deterrent is not technological (the watermark), but social (whatever punishment gets inflicted). The watermark is just facilitating the latter.

I suppose in theory if you had a watermark that could be embedded into the file quickly and easily, you could use it on downloaded music (like the iTMS) to see if people were sharing files that they purchased, but really I think systems like this are designed to catch big fish, not Joe Preteen who's ripping files that he bought off of Napster and putting them onto Kazaa.

A lot of similar systems are used with images; actually many of the techniques used for watermarking are used for steganography (it's arguable that watermarking is really a form of steganography), like Least Significant Bit padding for one. There are also systems that have a robust enough watermark that they will survive printing and scanning, although they tend to begin to mess up the image slightly.

Re:Human?

[pclminion]

Who says anything about using human senses to detect the watermark? If these watermarks are embedded by machine, I'm sure it won't be long until Watermark Bob creates a "cleanser" program to detect anything unusual, and maybe even remove it.

The purpose of making the watermark imperceptible isn't to trick the user. The user is fully aware that the music is watermarked. The reason it is done the way that it is, is because it is the only way to do it. There are really two requirements for the watermark. First, it must be intertwined with the actual data in order to make it non-trivial to remove. Simply sticking the watermark in a meta-information block would make removing it too simple. Second, because the watermark is intermixed with the audio data, it MUST be done in an imperceptible way in order to retain the quality of the recording.

So, making the watermark inaudible is not some attempt to pull one over on you. It's just the only realistic way it could be done.

Re:Human?

[funkstick]

they can trace back to the original buyer, who spread the file.

What does that accomplish? Scare tactics generally don't work well as a deterrant, see also harsh DUI penalties that do nothing to lower drunk driving rates. Clearly there are enough people out there willing to take a risk to be a part of the chain, I just don't see it helping or not being easily overcome by some reverse engineering.

Re:Human?

[gtwrek]

Watermarking is 100% "security through obscurity."

Not correct. DRM is 100% "security through obscurity". The way I understand that this watermarking technology is to be used, it is a secure solution. The players would not have the means of detecting the watermark - if they did, then it would be just some other obscurity that is broken weeks after releasing.

A lot of the threads here are confusing DRM and watermarking. Anything with DRM is just security through obscurity. DRM schemes will invariably be broken, as the players have the secret key.

With watermarking, however, the player does not have the secret key.

This type of watermarking is the only viable long term solution, and one that I think will eventually be quite universal, and accepted. And yes, it could (and should!) be open sourced. The algorithm could be completely open - with just the "key" being kept secret.

Think about it, you need to hide what - let's conservatively say 512 bits - 64 bytes - into files that are normally multi-megabytes in length? I have no experience in this area, but off the top of my head I can think of 3-4 ways of easily doing this, with redundancy. This is an arms race which the studios can win. They can't with DRM.

And for Joe Sixpack - he's bought some mp3 online - they contain some bit of hidden watermark in the file that indicated "Joe Sixpack bought this disk". He never knows this nor cares - he can download the mp3 to his iPod. Save it to a CD to play in the car, etc. Why should he even bother with any stripper program on the net? He has no incentive. Most of the reasons for anti-DRM programs on the net was to allow LEGAL users to listen to their LEGALLY purchased music, which for whatever reason DRM had broken.

But, when said mp3 file starts showing up all over the net then the studios has some evidence that says Joe Sixpack is illegally sharing files.

And to be honest, this is ok with me. The studios aren't going to go after kids sharing files with friends (well, at least when they final understand that it's isn't working, and hurting business). They will (and should) go after major pirates on the net, and this is a viable tool they could use.

Um, what?

[Jugalator]

The system lets content providers, such as music studios, embed a watermark in their downloadable MP3 files

For whom was this intended again?

I'd be happy if there actually was plenty of music studios providing downloadable mp3's though.

uhm

[tehsoul]

so what about the majority of pirated music: the mp3s ripped from cd?

Trace it back to me? How?

[rmsmith]

"If, for instance, you purchase and download a CD, burn a copy and give it to a friend and that person puts it on a filesharing network, our system will trace that music back to you and, depending on the legal system of the country you're in, you could be [hit] with an expensive fine," Kip said.

How, exactly? Supposing I went out and purchased a music CD (a radical idea, I know) with cash, how could they possibly trace that particular CD back to me should it somehow be made widely available to download? I mean, I wouldn't have provided any personal information to the store during the purchase so ... what gives?

Nothing to see/hear

[Tackhead]

> The system lets content providers, such as music studios, embed a watermark in their downloadable MP3 files. [ ... ] Even the best-trained human eyes and ears, according to Kip, can't detect the change.

In other words, "Nothing to see/hear. Please move along?"

More seriously - although it could be stripped out (relatively) easily, you could embed watermarking data in the metadata segments of downloadable MP3s. I'd accept this as a tradeoff for music studios offering downloadable MP3 files: If some_hit_song_i_downloaded.mp3 shows up on a P2P network and contains metadata whose MD5 could only be generated by, say, hashing my credit card number with some_riaa_private_key, that'd be pretty reasonable grounds for RIAA to believe that I'm the schmuck who (a) paid for the right to download it from a RIAA-authorized source, and (b) uploaded it to a non-RIAA-authorized filesharing network.

Make it impractical for Joe Sixpack (who will be unaware of this type of watermarking, and who probably will be unaware of the existence of tools to strip it) to upload his files without risking fines/prosecution, and you can offer DRM-free MP3s to Joe Sixpack.

Re:Nothing to see/hear

[AviLazar]

Since your above example utilizes credit card information you CANNOT make Joe Sixpack unaware. He has to know, explicitly, that his credit card information is being encoded and sent up. Joe Sixpack needs to be given the absolute right to say "No I really do not trust your security system, and I will not give you my GC #"

That's the spirit

[RyoShin]

I'm hoping these kinds of anti-piracy actions work, and work well.

Things like the DRM and DMCA were put into place to fight piracy, and wound up just hurting regular consumers while the pirates just snickered as they continued along their merry way.

With these kinds of things, regular users will still be able to do what they like with their own copy, be it back it up or transfer it to another medium for personal use. At the same time, it will allow those tracking piracy to find the source and press charges only against that person, and not the random multitude.

I'm sure the pirates will figure out some way to work around this (be it to randomly change the volume slightly throughout an entire MP3, or brightening/dithering an entire picture), as they have everything else, but if this kind of technology can prevail and advance, it will allow those of us legally using our own purchased goods to do so without worry, while punishing those who deserve it.

Re:That's the spirit

[mr_burns]

I'm pretty certain that they'll watermark the plaintext, then wrap that up in DRM. They aren't going to sell us non-DRM files just because they've got a watermark.

Re:That's the spirit

[no_opinion]

If the majors sold inaudibly watermarked but non-DRMed MP3 files, would people buy them? My friends say no because they think people will find this too "big brotherish" but I think that the only ones at risk are the people violating copyright (i.e. sharing on p2ps). I'm willing to buy an INAUDIBLY watermarked mp3 file, because then I can do whatever I want with it, I don't have to worry about DRM, and I'm not at risk because I'm not infringing copyright.

What do others think?

Re:That's the spirit

[markdavis]

It scares me. You could then be held liable, if someone broke into your system and "stole" some of the watermarked works and then proceeded to "share" them with others. Even worse, someone could frame someone else by simply re-watermarking media to have it point to someone else.

Although it sounds like a very attractive alternative to DRM, there are some serious security issues that would have to be adequately addressed.

medialoggers replace keyloggers as top malware

[G4from128k]

If **AA prosecutes the original buyer of illegally distributed watermarked copies, then pirate distributors will create malware to steal originals from unsuspecting copy owners. Computer owners that don't secure their machines will find that someone has surreptitiously copied their media files, sold or traded them on the open market and made the owner of the infected machine liable for criminal act.

Key question

[overshoot]

However, the question is how this gets applied.

Are they planning to

• ship millions of identical watermarked files, then expect hardware to refuse to play any that files that aren't licensed (same old business model, someone else's problem.)
• Mark each file to identify the purchaser, then go after the source of widespread copyright violation?

The first is basically worse than DRM, the second is essentially an aid to enforcing existing copyright laws. I suspect that if the Content Cartel would finally accept that their business models need to change and go for the second approach, most of us could accept it.

Identifying pirated music

[yintercept]

It seems to me that the primary goal of watermarking system is simply to identify pirated content. Even if a pirate changes or removes a watermark, you can show that the mark was pirated or removed.

So, let's say you gave each legally sold copy of a song a unique randomly generated 64bit ID (that you record). The pirate could remove that ID. They might even put their own random ids in place of your id. The deal is, their IDs will not match those that you recorded, and you could make the the case that this is pirated music.

The thing that needs to happen is that publishers need to fight against the professional content copyright violators.

If done right, watermark technology would be sufficient to track and counter the extremely abusive copyright violations while allowing the use of open formats.

For that matter, I think "hidden" watermark technology is going in the wrong direction. The mark does not need to be hidden in the file. If you put a unique identifier on each thing downloaded. When you go to make the case that group A is pirating music you can either prove that there is a bunch of files with the same ID or with the wrong id. You don't even need to track back to the original buyer.

Indies?

[tepples]

You code media players to detect the watermark (which would have to be in a standardized format) and refuse to play anything that does not contain the watermark.

So would independent recording artists be able to insert the watermark? If not, wouldn't that be grounds for an antitrust action? Or are they assuming that all possible songs are already copyrighted to a major multinational publisher, as hinted by this article and this article?

How can it hold up in COURT?

[tehwebguy]

not to mention, will it be able to hold up in court when the MPAA explains "ok, now we know you can't see the difference, but this machine says there is one"

Re:And this fights piracy how?

[crawling_chaos]

Or is it a liability type thing -- "your computer was used, so it doesn't matter who used it, you pay either way" ?

Ding! This is not a criminal proceeding, but a civil suit. A far more extreme example would be suing someone who allowed a murderer to get a hold of an otherwise legally obtained gun. They can't prove you committed the murder, but they can argue that your lack of security on the firearm contributed to the crime so you have some civil liability. And in civil court you only need a preponderance of the evidence, not proof beyond a reasonable doubt.

The analogy isn't perfect of course, but the important thing to remember is that these lawsuits are civil matters and have lower standards of proof.

So to be on the safe side...

[DeadboltX]

Don't buy any music, online or off, just pirate it all.. that way if any of your music finds its way to p2p, it isn't "your" music and the RIAA won't go after you, just whoever you got it from..

Re:So to be on the safe side...

[ostehaps]

Of course, what you fail to note is that's exactly what the companies want. If they can foster a public attitude that sharing your own music should be avoided, p2p sharing will plummet. This mechanism is also why p2p networks try to restrict leeching.

This will not replace current "DRM" schemes

[massysett]

because it puts the enforcement burden on the record labels. There would be millions of watermarked files floating around out there, and they'd have to sue enough people to scare folks into not sharing their files. Only through scaring people could the labels have enough impact with this--there's no way they could close the spigot with the lawsuits.

Even so, the labels might adopt something like this. But it would be in addition to their current copy restriction schemes, rather than a replacement for them. Consumers still lose as they'll still have to wrangle with FairPlay, WMA, or whatever copy restriction scheme the labels want to use.

Sounds great (not).

[marcello_dl]

Also it requires every purchaser of a copy to be a registered one, it requires the purchaser to be very careful not to have the copy stolen or lose it, and it might also lead a hacked watermark to accuse an innocent purchaser.

A prosecution tool

[jabelar]

This is not to prevent copying, just to help track down where copies come from. This may not be too useful in current environment, but as cinema turns to digital distribution and terrestial broadcasts of television and radio go digital, it would help piece together a case against suspected infringers. I'm not at all for this, but just explaining how it would be useful (and likely will be used) by content providers. By the way did you know that many laser printers already have such watermarking, to allow police to prove that a printout was made by a specific printer?

Lossy Format

[AeroIllini]

The article is a little short on technical specifics, but it's hard to imagine how a watermarking system would work with a lossy compression format.

If the watermark is applied to the file after compression to mp3, then it is very easily defeated by decompressing and recompressing with a non-watermarking encoder, of which many exist for mp3. The act of decompressing the file will obliterate whatever bits were flipped for watermarking purposes. If the hidden information is subtle enough, the lossy compressor will simply throw it out. If it's obvious enough to not be obliterated by lossy compression, then I can hear it in the file, and the product is inferior. The only option would be for the encoder to recognize the watermark and purposefully retain the data, and then we're tied to a specific piece of software just like DRM.

However, if the watermark was applied before the compression (i.e., directly to the wav file on the CD), then the act of compressing the file will change the watermarking somewhat, and matching the "fingerprints," as they are called in the article, would be statistical in nature, not exacting like a hash is. The fingerprint would have to be considered "close enough" to be a match.

Also, every single watermark would have to be unique in order to match it to a specific source, which means creating a Big Database (tm) of customer info, which is easily defeated by paying with cash. On the other hand, if the record companies weren't interested in identifying a specific source, but the presence of a watermarked file in an upload directory is sufficient, then that's no different than the existence of any other file in an upload directory which contains copyrighted material, which is what they've been going after for quite some time now.

And the point is...?