Making The Case Against Adding DRM To JPEG Images

from the don't-go-down-that-road dept

Earlier this year, we wrote about a plan to add DRM to the JPEG standard, meaning that all sorts of images might start to get locked down. For an internet where a large percentage of images are JPEGs, that presents a potentially serious problem. We did note that the JPEG Committee at least seemed somewhat aware of how this could be problematic -- and actually tried to position the addition of DRM as a way to protect against government surveillance. However, there are much better approaches if that's the real purpose.

The JPEG Committee recently met in Brussels to discuss this, and thankfully Jeremy Malcolm from the EFF was able to give a presentation explaining why this was such a bad idea and to suggest alternative approaches for protecting privacy without having to go down the path of DRM.

This doesn't mean that there is no place for cryptography in JPEG images. There are cases where it could be useful to have a system that allows the optional signing and encryption of JPEG metadata. For example, consider the use case of an image which contains personal information about the individual pictured—it might be useful to have that individual digitally sign the identifying metadata, and/or to encrypt it against access by unauthorized users. Applications could also act on this metadata, in the same way that already happens today; for example Facebook limits access to your Friends-only photos to those who you have marked as your friends.

Currently some social media sites, including Facebook and Twitter, automatically strip off image metadata in an attempt to preserve user privacy. However in doing so they also strip off information about authorship and licensing. Indeed, this is one of the factors that has created pressure for a DRM system that could to prevent image metadata from being removed. A better solution, not requiring any changes to the JPEG image format, would be if platforms were to give users more control over how much of their metadata is revealed when they upload an image, rather than always stripping it all out.

We encourage the JPEG committee to continue work on an open standards based Public Key Infrastructure (PKI) architecture for JPEG images that could meet some of the legitimate use cases for improved privacy and security, in an open, backwards-compatible way. However, we warn against any attempt to use the file format itself to enforce the privacy or security restrictions that its metadata describes, by locking up the image or limiting the operations that can be performed on it.

Hopefully the JPEG Committee listens.

Filed Under: drm, jpeg, privacy, surveillance
Companies: eff

JPEG Looking To Add DRM To Images... Supposedly To Protect Images From Gov't Surveillance

from the png,-here-we-come dept

You may recall the mess a few years ago when, under pressure from the movie studios, along with Netflix and Microsoft, the W3C agreed to add DRM to HTML5. This resulted in lots of debates and reasonable anger from people who found that the idea of building DRM into HTML5 went against the idea of an open internet. And, now it appears that the organization behind the JPEG standard for images is heading down a similar path.

The JPEG committee investigates solutions to assure privacy and security when sharing photos on social networks, (stock) photography databases, etc. JPEG Privacy & Security will provide new functionality to JPEG encoded images such as ensuring privacy, maintaining data integrity, and protecting intellectual rights, while maintaining backwards and forward compatibility to existing JPEG legacy solutions.

Further details suggest DRM that has all sorts of conditions included: What's interesting is that some are claiming this is based on this research paper that pitches such DRM for the purpose of protecting images from surveillance and such:

— With the popularization of online social networks (OSNs) and smart mobile devices, photo sharing is becoming a part of people’ daily life. An unprecedented number of photos are being uploaded and shared everyday through online social networks or photo hosting services, such as Facebook, Twitter, Instagram, and Flickr. However, such unrestrained online photo or multimedia sharing has raised serious privacy concerns, especially after reports of citizens surveillance by governmental agencies and scandalous leakage of private photos from prominent photo sharing sites or online cloud services. Popular OSNs typically offer privacy protection solutions only in response to the public demand and therefore are often rudimental, complex to use, and provide limited degree of control and protection. Most solutions allow users to control either who can access the shared photos or for how long they can be accessed. In contrast, in this paper, we take a structured privacy by design approach to the problem of online photo privacy protection. We propose a privacy-preserving photo sharing architecture based on a secure JPEG scrambling algorithm capable of protecting the privacy of multiple users involved in a photo. We demonstrate the proposed photo sharing architecture with a prototype application called ProShare that offers JPEG scrambling as the privacy protection tool for selected regions in a photo, secure access to the protected images, and secure photo sharing on Facebook.

Now that's definitely interesting, but it still raises some concerns about whether such DRM would actually be used to protect an individual's privacy or (much more likely) to try to limit public use of images for other reasons, such as trying to set up tollbooths on use (even fair use). I also wonder how effective any image-based DRM can really be in the longterm, given the ease of simply screenshotting an image to make a copy.

Filed Under: control, drm, images, jpeg, surveillance

JPG Patent Holder Goes For The Sympathy Vote

from the oh-boo-hoo dept

Back during the RIM-NTP patent battle, one of the sleazier moves pulled by NTP was to have the widow of the patent holder write a letter to Congress about what a "gross injustice" was being done to her in the case. It was purely an attempt to influence the case for sympathetic rather than legal reasons. There are plenty of folks out there who have bogus patents -- and there's no reason to grant them rewards just because they've had some personal hardships. However, it looks like Global Patent Holdings (GPH) is taking this strategy to a new level. GPH, if you don't recall, holds the extremely questionable JPEG patent that has basically been used to bully people that patent attorney Ray Niro doesn't like. The Troll Tracker notes some interesting language used in a recent filing against a resort in Boca Raton.

In the filing, the lawyers play up the fact that the inventors named on the patent made very little money in 2006 and have some health problems (actually, it discusses one inventor and the other inventor's widow). In fact, it gets worse than that. In another filing, GPH points out that the inventors are old and "feeble". Again, it's not clear what the personal, health and financial problems of the inventors has to do with the validity of the patent or the claims of infringement. It seems to be purely an attempt to gain sympathy. Also, as someone in the comments on the Troll Tracker site notes, why focus on 2006, rather than 2007? The suggestion is that given how aggressively GPH has pushed to license the patent since last year, perhaps their income was substantially higher in 2007. Elsewhere, though, GPH notes that it owns the patents entirely, meaning that who the inventors are is somewhat meaningless -- but why let that stop the company from pushing for sympathy.

Either way, the filing then goes even further in pushing for the sympathy vote, noting that the resort in question is owned by a private equity firm in New York that was somehow loosely involved in the subprime loan crisis. Again, this obviously has nothing to do with whether or not the company is infringing on a patent by putting a JPEG image on its site -- but is being used to make the company look like a big bad evil giant. So, now the case is positioned as big multi-billion dollar subprime-mess-contributing NY-based private equity firm against poor, weak, sick inventors.

Filed Under: jpeg, jpg, patents, ray niro, sympathy
Companies: global patent holdings