Canon Files For DSLR Iris Registration Patent

An anonymous reader writes "Canon has filed for a patent for using iris watermarking (as in the iris of your eye) to take photographer's copyright protection to the next level. You set up the camera to capture an image of your eye through the viewfinder. Once captured, this biological reference is embedded as metadata into every photo you take. Canon claims this will help with copyright infringement of photos online."

uh

[legoman666]

remove the meta data?

Re:uh

[fonik]

I'm guessing they'll use some kind of watermarking. But, do you really want every photo you take to be unambiguously traced back to you? On one hand, photos you take can be traced back to you. On the other hand, the watermarking or metadata could probably be removed by a third party. It seems lose-lose for the camera owner.

Re:uh

[geekoid]

The more confident people are in there little tracking toys, the easier it is to get away with things.

I think it's a waste of effort, but then anyone who wants credit to them this will be a feature.

Re:uh

[fredklein]

Um, you fail.

As a result of the foregoing, biological information indicative of a photographer need not be acquired every time an image is taken and, hence, processing executed by the imaging apparatus is not subjected to a load in terms of the sequence of photography.

Re:uh

If you are serious about photography enough to need/want this level of protection then I would think your camera would be important enough to you for you to file a police report about it as soon as it was stolen.

Re:uh

[omeomi]

Or worse. Your camera gets stolen and is used to photograph illegal activities. The images are then posted on the net with your watermark on them. Cops arrive at your door and your life is history.

Is there some massive and unlikely database of people's irises that I'm not aware of?

Re:uh

[SoupIsGoodFood_42]

It's different because in one case, the watermark is an optional feature added for the benefit of the user, and in the other case, it's forced mark that has been added without consideration for what it best to the user.

Explain to me how this is any different? One day it's an "option" in the high-end DSLR firmware. Next year it's turned on by default in the midrange. Couple years down the road, it'll be standard. Year after that, it'll be illegal not to ship a camera with the iris-based tracking system.

There is no real reason to think this is true. This is exactly what I'm talking about. Many people here are so paranoid that they think everyone is out to get them. If watermarks on printers were announced as a feature before they were ever put into production, do you think it would have been as successful? And how can this be forced onto people anyway? There is no way for the camera to tell if the photo of your iris is really yours or not to begin with. Don't you think there might be a reason for that? If Canon really wanted to track you, don't you think a more simple UID watermark generated on the camera would be the best way to do it?

But hey, mod me down, because by the rating you seem to be getting, there must be quite a few others wearing their tin-foil hats today.

I have great concern about privacy and the use of technology in general. I used to be an EFF member in sunnier days of higher income, but what I really can't stand are "advocates" who overreact to these types of things without even considering if it's really a problem.

Re:uh

[1u3hr]

"Don't want these photos of kiddie porn signed with your iris? Put ten million dollars in non-consecutive unmarked bills in a brown paper bag under the mailbox at 5th and Rochester." Am I missing something?

Yeah. Why would anyone pay you? It's obviously trivial to spoof. Go ahead and get yourself locked up for 1) forgery 2) extortion 3) making kiddie porn -- good for 20 to life, I guess.

People seem to have got the idea this is meant to prove conclusively who took a photo. It's not, and can't. It's like a serial number, it can be faked or removed. The main idea is to stop careless abuse -- no one could say "Sorry, I had no idea it was your photo" if it's got your metadata in it. And if they have a version with the metadata removed, they have a lot more explaining to do.

Re:uh

[Jeppe+Salvesen]

flickr would become one.

... whatcouldpossiblygowrong

[Mantaar]

And also help to track down that pesky journalist/blogger/dissident always posting images the government doesn't like? No, I'm not referring to any government in particular.

So we'll have journalist's contact lenses if those things become the DRM of digital photography?
Like with most advancements in modern electronics, this one does not go down my throat without a huge grain of salt.

Is it really watermarking if it's in the metadata?

That sounds pretty easy to strip out after the fact. Or, for that matter, to add in. What makes this any better than adding your name or email address to the metadata, as most cameras allow you to do now?

Proving an image is yours generally isn't even a problem. Online images are lower resolution versions of the originals, only the photographer will be able to produce an image with many times the quality of the online version. The problem is a) finding out that your images are being used without your permission, and b) getting it to stop. Both of these are made much more difficult by the global nature of the Internet, and neither of them are made any easier by this iris watermarking, as far as I can tell.

Use and Abuse

[neibwe]

Is there some form of public/private key crypto? Otherwise you'd have the same issue with forged signatures or lifted thumb prints.

"Ooo, hey I just extracted ur iris pic and watermarked my baby pics with it. Now you're busted for kiddie porn. LoLz."

What a terrible idea

[Qwerpafw]

As more and more governments and business turn to biometric data for confirming identity, and identity theft becomes a more and more prevalent problem, Canon's solution is to embed your biometric data in publicly distributed images?

Someone would just navigate to your flickr page, do a quick google search to find your real name (or read it from your page), look you up in publicly accessible databases to acquire your address etc, and then just rip your biometric information right out of the images you post! As wikipedia points out there are commercially available fake iris contact lenses designed to defeat these scanners - previously, the problem was only in acquiring someone's iris. Not to mention that in the future as biometrics become more popular we're likely to see people's irises, fingerprints, and other information used in household readers for providing authentication to software and internet applications - much like the fingerprint scanners we're seeing on more and more laptops.

Publically distributing your iris is a bad idea now, but a terrible idea in the future.

Re:metadata

[Penguinisto]

While you can easily edit EXIF data (GIMP has the ability for certain, and IIRC so does Photoshop), I suspect that it would be a little harder to remove a steganographic image that is embedded into the image file itself (unless of course you save it into a different format, say .raw -> .bmp -or-.tiff -> .jpg (taking the extra step just to be sure you rinsed it all out).

BUT... this doesn't remove the original image, which a photog can take into court proving that it's his... now where's your 2-zillion x 1.5 zillion rez RAW image w/ the steganographic retina scan (and all the other related images showing similar scenery), to match the one he's using in court against you to prove original ownership? (which in turn pretty much tells you that it isn't even halfway useful until/unless somebody sues you for ripping off his work...)

OTOH, I don't think it has much practicality due to the simple fact that not all photographs (especially pro photos) are taken with someone's eyeball right up against the eyepiece. There's a reason that all the decent photo shops sell release cables and tripods, yanno? :)

/P

typicalslashdotkneejerkreaction

[SuperBanana]

And also help to track down that pesky journalist/blogger/dissident always posting images the government doesn't like? No, I'm not referring to any government in particular.

They'd be storing a *representation* of the iris image data. Useless for matching. Watermarking the actual image is only mentioned very briefly and in passing, in a sort of "oh, and you could watermark the image with this" kind of way.

Given Canon's bread and butter with pro cameras are the press (your cute digital rebel costs $700; a 1DMk3 is $4k), they're unlikely to do anything that will piss them off.

Re:uh...turn it off?

[Quadraginta]

Fortunately, in (most of) this world, you are not paid according to what you "deserve," but according to what you can negotiate freely with the people who want your services or product.

Forcing your moral and ethical standards on others -- e.g. stating what other people do and do not "deserve" -- is something I find reprehensibly arrogant.

Who puts the eye on the viewfinder?

[charlieman]

Really, who does that this days? if this is suppose to work for any person on any camera they would have to register the iris every time a photo is taken. If it's registered before taking photos, then anybody using your camera can take photos that can be traced back to you, not them.

Waah.

[Idiot+with+a+gun]

As said above: Turn it off, or don't buy that camera. I'm not particularly sold on it myself, so I won't buy it (that and I shoot Nikon, and I've already invested in lenses).

1. Engage brain, 2. Respond

As more and more governments and business turn to biometric data for confirming identity, and identity theft becomes a more and more prevalent problem, Canon's solution is to embed your biometric data in publicly distributed images?

I assume it's not embedding raw biometric data, but rather a cryptographic hash of your cryptographic data and the image data. You know, like a PGP signature.

Of course, since it took me about 0.3 seconds to come up with this, I'm sure it's beyond the capabilities of Canon's entire R&D division, huh?

Re:uh...turn it off?

[syousef]

I'm not a pro photographer, but I've been known to take upwards of 2500 images in a day, and without blowing my own horn too much I believe I've taken some photos that don't stink. I've even photographed weddings for friends and they've been ecstatic with the results (though I did not charge them).

I think this idea is idiotic.

For starters, how hard is it to strip the image of this sort of thing? Hell any tool that will allow you to open the file will be able to save it to a new format sans any digital copy protection mechanism....unless you're willing to do even stupider things like legislate against tools that allow image format conversion, or lock the file in a proprietary format with proprietary tools that you have to buy from the camera manufacturer. No thanks. ...and then there's issues with the biometrics. What happens if you have eye trouble? How do you prove that's your iris scan embedded.

it's all economics

[Quadraginta]

Come on now. You might as well argue that locking your front door is pointless because there are many ways to pick a lock, if you are talented and persistent and resourceful enough, and in the end you can just hire a Mission : Impossible team for $10,000,000 to silently dig a tunnel under the house and break in through the basement.

The point isn't to make theft impossible in the sense that it would violate the laws of physics. The idea is just to make it more expensive, so that, ideally, it's cheaper to pay for the work in an honest way than to steal it.

In any event, there is obviously a correlation between how expensive and difficult it is to steal and make it pay, and how much stealing goes on. Anything that makes stealing even slightly more expensive is going to reduce the amount of it (more or less driving the cheap criminals out of the "market"). If it costs less than the amount of theft prevented, it's worth it.

Re:Sweet

[Jah-Wren+Ryel]

In other words, no, an image of your iris cannot be recovered from the watermark. That's not enough, not by a long-shot. For example, finger-print identification works by recording information about 'minutae' (whorls, curves, etc). It is not possible to reconstruct a fingerprint solely from the minutae that is stored in fingerprint identification databases.

HOWEVER, it is possible to use the minutae data to make a fake fingerprint that has all the right information to fool a fingerprint identification system. After all, the computer only cares about what information it stores - if all id systems work the same way (and for fingerprints the vast majority do, they just have different algorithms for comparing the minutae data) then one system's data is probably sufficient enough to fool another system.

In other words, no, the information won't just be easily removed tags in the metadata. However, the information required by canon's system must, by definition, be stored in the image. Given enough samples of photographs with the same watermark, it should be possible to extract useful information. At the very least, it should be possible to falsify the ownership info onto another image and if iris systems work the same way fingerprint systems do, there may be enough information there to spoof another iris-based biometric id system.

That's right, armchair experts, Canon isn't stupid enough to develop this entire application of watermarking without even knowing the first thing about it. Surprise! Well, your post drips with irony. It may be the case that canon has come up with a system to blunt the attacks I've proposed, but the text of this article does not provide much assurance beyond "trust us" style hand-waving.