DRM In JPEGs?

JustAnotherOldGuy writes: Adding DRM to JPEG files is being considered by the Joint Photographic Expert Group (JPEG), which oversees the JPEG format. The JPEG met in Brussels today to discuss adding DRM to its format, so there would be images that could force your computer to stop you from uploading pictures to Pinterest or social media. The EFF attended the group's meeting to tell JPEG committee members why that would be a bad idea. Their presentation(PDF) explains why cryptographers don't believe that DRM works, points out how DRM can infringe on the user's legal rights over a copyright work (such as fair use and quotation), and warns how it places security researchers at legal risk as well as making standardization more difficult. It doesn't even help to preserve the value of copyright works, since DRM-protected works and devices are less valued by users.

Re:Who cares?

[SQLGuru]

If JPEG finally implemented DRM, then more people would switch. PNG is superior if only for the extra features. There are instances where JPG compresses better and instances where PNG compresses better, so I won't claim either wins on that account.....but lossless vs lossy and alpha channel support is nice. I'd also like to see the animation extension more consistently adopted (to supplant GIF). I'm not sure why it hasn't caught on more than it has.

Hey you can't have this

[future+assassin]

oh yah?! Click...

Awesome

[viperidaenz]

How is the jpeg library supposed to know the intent? It's not even involved in the image upload process.

Or is the website supposed to check and reject uploads with DRM?

What's to stop me opening the file and saving as PNG, then uploading?

Re:Awesome

[0123456]

What's to stop me opening the file and saving as PNG, then uploading?

The operating system won't let you. Any operating system which does let you will be banned under the 'free trade' treaty for breaking DRM.

It's hard to tell whether the DRM fanatics are insane or just plain evil. But, either way, they have to destroy general-purpose computing to make it work.

I'm a JPEG Content producer

[JazzXP]

I produce a lot of JPEGs that earn me money and find me clients (photographer)... DRM? Nope, do not want.

Re:DRM Does Work

[Dutch+Gun]

DRM works reasonably well in closed ecosystems and on closed hardware. That includes consoles, handhelds, phones, and so on. It can be bypassed, but it's a pain, and most people don't do so. This is because the DRM is implemented in hardware, and in ways that are extremely difficult to unravel, and so aren't really worth attacking except for people who are mostly doing it for the technical challenge.

Where DRM typically fails is on open platforms like the PC. There are only two forms (that I can think of offhand) of DRM to really succeed on the PC. One is the "leave most of the code on the server" sort of DRM, essentially online-only games, and that's a pretty draconian solution for single-player games. The other is high-end software that uses a hardware encryption dongle to protect it. Other than that, the only way to make software-based DRM work on the PC is to make it a closed device like consoles, and although I'm sure some companies wouldn't mind seeing that happen, with declining PC sales as is, I just don't see it happening.

DRM in JPEG images is a pipe dream. Even if it were technically possible in the first place, do you really think anyone and everyone is going to bother implementing whatever extensions would make it possible? It's ridiculous. Note that the ONLY way I can think to implement this would be an image handling library with root-level privileges on every computer system on the planet. Did we fucking learn nothing from Stagefright?

Re:How will it work? Seriously

[nashv]

You're not getting this. Most likely, adding DRM will make JPEG files unreadable without a license/key. Tools that don't read contents and decrypt will not be able to view it. So irrespective of whether you can upload it or serve it, no one without proper rights will be able to view it. Think of this like locked PDFs.

This will be the end of JPEG. Nothing to worry about, PNG is better anyway.

Will not be supported by Instagram/facebook

JPEG with DRM will fail because the biggest use of JPEGs (on facebook & Instagram) will require that users upload images without DRM. By necessity, facebook & instagram require you to assign them full rights to use an image, thereby making any DRM from the original owner of the content pointless. Similarly, facebook & instagram (as licencees to use the work but not owners) are not in a position to impose DRM on said images (they don't own the content and thus can't decide or enforce rights management.)

Re:How will it work? Seriously

[AHuxley]

An advanced always internet connected "free" US operating system might have to send back details on any moved, copied, created or altered image under a 'free' anti virus, malware feature.
It would just be a small dataset created from details, names, embedded strings about all files visible, open when the the screen image captured.

All files would be looked at for expected, listed virus or malware and if an image was moved, copied against existing international police databases.
The transmission of a set of small checksums would not be difficult given the amount of other data most big brand modern operating systems send back.
For the average user the file would be reported on by the OS in near realtime for 'free' anti virus efforts with the free operating system.
The user can then run any application to try and convert, remove, transform the image but the report of a copy made would have been sent. Downloading and using any such rights altering application could also be logged :)

Such efforts are usually done now for any images in free email, cloud or other networked products as part of law enforcement image tracking efforts over the years.
Just push the tech down into the users 'free' OS computers and let the publishing/media community add every image checksum they have.
No action if the image stays in a deep part of the OS for say allowed web browsing, if moved to a new folder or captured the rights owner gets the ip, time, unique hardware details of the computer.

The sites will be a walled garden. Users will have to load and enjoy the site everytime without been able to save data.
The OS will phone home the possession of the saved image or creation of a screen capture with the protected image in it. The free gift of AV software at the OS level gets to look at every file in realtime, why not report on DRM files too :)

a picture is worth . . .

[swell]

no, I'm not going to finish that by saying '1000 words'. That would be insulting to those who already despise the stupid phrase.

But what is a picture worth? I spend my days at one of the most attractive places on earth where thousands of visitors from everywhere snap the same photos. One scene in particular must have been shot millions of times over the last 100 years. They line up so that they can stand in the exact spot for the best view. Each photographer walks away proud of their new acquisition.

Certain pictures do have value and are well protected. The hollow inside of Fort Knox. The Dead Sea scrolls (yes, the ones they haven't told you about). The blueprints for the Star Trek phaser weapon. The Royal Personage picking her nose...

But really, who would use this DRM? Web sites with sale-worthy photos show thumbnails and sell the full resolution image via email. Not much problem there. It's true that stock photo sellers have been ripped off badly and I'm sorry about that, but I assume they have watermarks, etc, offering some protection. Even Playboy magazine has come to realize that photos just aren't that compelling anymore.