Making The Case Against Adding DRM To JPEG Images

from the don't-go-down-that-road dept

Earlier this year, we wrote about a plan to add DRM to the JPEG standard, meaning that all sorts of images might start to get locked down. For an internet where a large percentage of images are JPEGs, that presents a potentially serious problem. We did note that the JPEG Committee at least seemed somewhat aware of how this could be problematic -- and actually tried to position the addition of DRM as a way to protect against government surveillance. However, there are much better approaches if that's the real purpose.

The JPEG Committee recently met in Brussels to discuss this, and thankfully Jeremy Malcolm from the EFF was able to give a presentation explaining why this was such a bad idea and to suggest alternative approaches for protecting privacy without having to go down the path of DRM.

This doesn't mean that there is no place for cryptography in JPEG images. There are cases where it could be useful to have a system that allows the optional signing and encryption of JPEG metadata. For example, consider the use case of an image which contains personal information about the individual pictured—it might be useful to have that individual digitally sign the identifying metadata, and/or to encrypt it against access by unauthorized users. Applications could also act on this metadata, in the same way that already happens today; for example Facebook limits access to your Friends-only photos to those who you have marked as your friends.

Currently some social media sites, including Facebook and Twitter, automatically strip off image metadata in an attempt to preserve user privacy. However in doing so they also strip off information about authorship and licensing. Indeed, this is one of the factors that has created pressure for a DRM system that could to prevent image metadata from being removed. A better solution, not requiring any changes to the JPEG image format, would be if platforms were to give users more control over how much of their metadata is revealed when they upload an image, rather than always stripping it all out.

We encourage the JPEG committee to continue work on an open standards based Public Key Infrastructure (PKI) architecture for JPEG images that could meet some of the legitimate use cases for improved privacy and security, in an open, backwards-compatible way. However, we warn against any attempt to use the file format itself to enforce the privacy or security restrictions that its metadata describes, by locking up the image or limiting the operations that can be performed on it.

Hopefully the JPEG Committee listens.

Filed Under: drm, jpeg, privacy, surveillance
Companies: eff


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 15 Oct 2015 @ 12:37am

    Here we go again...

    Adding DRM is not a solution to anything by a long shot. It is at most just one step in an arms race.

    An expensive, complicated and ineffective step that will only inconvenience the 'honest' users and will be cracked in no time...

    No really sure why anyone would think it will work on images when it has failed on all other media it was applied to: games, music, books, movies...

    reply to this | link to this | view in chronology ]

  • icon
    Violynne (profile), 15 Oct 2015 @ 3:04am

    The problem with the encryption route is no different than DRM and it will get abused no differently.

    Call me cynical to believe those who wish to utilize the "encryption" of the image will be giving the keys to unlock the image freely.

    This means websites wishing to use the image much first obtain the key.

    The very reason HTTPS works is because the digital key necessary to view the site has no restrictions on obtaining the key.

    Not seeing how this same system will be applied to JPEGs (already covered by HTTPS if used) while pretending it's not DRM.

    reply to this | link to this | view in chronology ]

    • icon
      Goyo (profile), 15 Oct 2015 @ 4:36am

      Re:

      Of course the problem is different. You only can access a DRM'd file using some piece of propietary software which decides what you can an cannot do. Attemps to access the file in any other way may be illegal due to anti-circunvention laws even if what you want to do is lawful.

      With an encrypted, non DRM'd file, you do not have that kind of issues.

      reply to this | link to this | view in chronology ]

    • icon
      PaulT (profile), 15 Oct 2015 @ 5:17am

      Re:

      "The problem with the encryption route is no different than DRM and it will get abused no differently."

      Yes and no. If you read carefully, the encryption suggestion is talking about the metadata and not the file as a whole. So, you should be able to access the image part of the data, but require a key to decrypt the metadata. Since, as mentioned, many uses of jpegs strip out the metadata anyway, and it should be less problematic than you think.

      There may be some unforeseen issues introduced depending on how this is implemented, but the files should in theory be usable even in the encrypted form.

      reply to this | link to this | view in chronology ]

      • icon
        MrTroy (profile), 15 Oct 2015 @ 9:47pm

        Re: Re:

        My (non-careful) reading of it was that the DRM was to prevent the metadata from being stripped:

        However in doing so they also strip off information about authorship and licensing. Indeed, this is one of the factors that has created pressure for a DRM system that could to prevent image metadata from being removed.


        I'm not sure how much I can make myself care about a form of DRM that means I can't interpret the metadata of images that I download from the internet... but that can't be what they mean, otherwise stripping the metadata involves taking the unencrypted image data, and saving it into a new image with neither DRM nor metadata.

        reply to this | link to this | view in chronology ]

  • identicon
    Mr Big Content, 15 Oct 2015 @ 3:13am

    JPEG Will Never Suceed Without DRM

    If they want there format to become popular, they will HAVE to support DRM. Do you think poeple will use a Format that lets there preciuos pictures, teh product of so much hard work, be freely copied? NO WAY! No camera vendor would touch such a format with a TEN FOOT POLE! You think Microsoft would willingly allow a piracy-friendly format into there PC OS? Adobe willingly risk the security of Photosohp by opening such a export loophole? Photo websites allow uploading any format that can be so easily downloaded by any old Tom, Dick and Harry Softwear? NOT A CHANCE!!!

    So let these smart-aleck photographic "experts" (makes air quotes) WAKE UP AND SMELL TEH COFFEE!! Otherwise THERE CLEVER FORMAT PORPOSAL WILL BE LEFT IN TEH DUST BY TEH MARKET!

    reply to this | link to this | view in chronology ]

  • icon
    JustMe (profile), 15 Oct 2015 @ 3:23am

    It will be cracked in days & requires 'always on' connectivity

    I agree with OP AC & Mr BC. Also, the idea is unsustainable and provides no social value (beyond reminding people there is a JPEG committee, I suppose).

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 15 Oct 2015 @ 5:53am

    Yet another reason to standardize on PNG

    nuff said.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 15 Oct 2015 @ 8:59am

      Re: Yet another reason to standardize on PNG

      Little overkill. PDFs are capable of DRM, still nearly no PDFs on the internet have any.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 15 Oct 2015 @ 9:45am

      Re: Yet another reason to standardize on PNG

      100% agree on pngs, pretty much using them all the time instead of jpgs when i have a choice in the matter

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 15 Oct 2015 @ 6:07am

    Not sure why people still use jpeg ...

    reply to this | link to this | view in chronology ]

    • identicon
      Rich, 15 Oct 2015 @ 6:13am

      Re:

      What format do you think is better?

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 15 Oct 2015 @ 8:47am

        Re: Re:

        APNG.

        reply to this | link to this | view in chronology ]

      • identicon
        Within Reason, 19 Oct 2015 @ 5:48am

        Re: Re:

        .png, as JPEGs corrupt easily. The number of times I've made a beautiful graphic only to have had it turned into a JPEG when uploaded to FB, which flippin' ruined it by spoiling the quality! *Seethe*

        Oh yes, standardise .png, by all means. Result: prettier, clearer, sharper graphics.

        If Twitter can do it FB has no excuse.

        reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 15 Oct 2015 @ 8:55am

      Re:

      I can understand the sentiment. Some jpegs out there look terrible. But, they can look really good too, if you turn the compression off. The internet as progress enough from the days 26k back when jpeg was invented that the added file size means nothing.

      reply to this | link to this | view in chronology ]

  • icon
    Ninja (profile), 15 Oct 2015 @ 6:09am

    Imagine when you hit that DRMed picture of some tragedy? Instead you see a picture stating "Sorry, you can't see this picture because reasons. Have this public domain picture with puppies and kittens playing."

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 15 Oct 2015 @ 6:16am

    Never gonna work

    Remember when BRD boasted their perfect DRM that was supposed to take a lifetime to crack? We all saw how well that played out. DRM on video and image would be far harder than software and software has not came up with one viable solution.

    Serial - Fail
    Serial with online verification - Fail
    Online only - Fail
    Sandboxes - Fail
    Sever side data required - Fail
    Encrypted Virtualization - Fail

    Just because DRM technology is improving doesn't mean hackers are not. Hackers will always be ahead of the game because there are more of them. Some have malicious intent, and others see DRM as a challenge; meaning the harder the better.

    What cannot be cracked will be replaced with custom code. IE private video game servers are almost always coded from scratch. Then a custom patch will set the game to use different server IP addresses.

    With and video the best that we'll ever do is advanced recognition software. Then the problem will be getting everyone to use it on their servers.

    Most will not, I know I wouldn't. It's not my problem or job to babysit.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 15 Oct 2015 @ 6:21am

    Maybe those pushing for this, stop uploading images to the internet and keep them in a personal photo album under the coffee table.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 15 Oct 2015 @ 6:56am

    >drm to jpeg

    I thought this was a joke.

    This would be the easiest thing to bypass ever.
    A script embedded somewhere like imgur, which relies on how easy jpegs and pngs are to share, could render it completely worthless.

    Hey guys, remember when they tried drm in pdf? That was the most secure thing ever, right guys? No one ever got past that.

    reply to this | link to this | view in chronology ]

  • icon
    DannyB (profile), 15 Oct 2015 @ 7:23am

    DRM bad, but digitally signed metadata is good

    It would be nice if any image format could have not only metadata, but digitally signed metadata.

    Anyone viewing the image would then be able to verify, with the same level of trustworthiness as SSL certificates have, that the metadata within the image is really from who it claims to be from.

    An example: When a US Senator posts pictures of his microsoft and digitally signs the bragging rights, we could all be pretty sure it was actually him doing the bragging.

    Now imagine that Certificate Authorities could issue digital signing certificates to individual cameras and the cameras do the signing. Have some cryptographically secure way to distribute the certificate into the camera without any human ever seeing or having access to it. The key would be kept in a smart chip running Java like the sim card on your phone. The processor, memory and signing key are in a secure chip that is tamper resistant.

    The result of this is that you could be sure that a SPECIFIC CAMERA took the picture. That way, a journalist could have each of his 500 cameras have a different uniquely identifiable certificate so that each picture can be identified with the camera that took the image and signed it.

    The potential security issues are:
    * someone steals the camera and takes photos -- but the journalist can also record when the camera was stolen or missing. Certs can be revoked.
    * for a dedicated attacker it might be possible to recover the secret key material from the sim card so that it now is available to humans in a form that can be used to sign anything

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Anonymous Coward, 15 Oct 2015 @ 7:49am

      Re: DRM bad, but digitally signed metadata is good

      And apparently someone can strip out the metadata and the picture would then be attributed to no one.

      On the other hand, if it is possible to strip out metadata, then wouldn't it be possible to add bogus metadata easily?

      I am having a hard time discerning what might be accomplished with any of this, except as someone mentioned above, showing that there IS a JPEG committee, and that they are doing...something...trying to stay relevant.

      reply to this | link to this | view in chronology ]

      • identicon
        Joe, 15 Oct 2015 @ 8:39am

        Re: Re: DRM bad, but digitally signed metadata is good

        *cough*invisible watermarks*cough*
        This problem has been solved for years. Relying on text in a separate node of the container file is silly.

        reply to this | link to this | view in chronology ]

  • identicon
    Median Wilfred, 15 Oct 2015 @ 8:05am

    Just another barrier to entry

    DRM on an image format (any image format, not just JPEG) is a fairly transparent attempt to raise barriers to entry into several software markets.

    The markets include, but aren't really limited to: image viewers, document production, photo manipulation, CGI, and web browsers. The only four ways that such DRM can actually perform its task are:

    1. Code kept secret in any program that decodes the image.
    2. An effectively secret "standard" that costs lots of money to use, and requires strict NDAs.
    3. DRM in the operating system itself, which must then be the code that's kept secret.
    4. DRM in the hardware, which must then be the code that's kept secret.

    All four of these means to the end will limit the number of entries into any of the markets I mentioned above. We will all suffer from this DRM. It looks to me like 3 of the 4 methods would require quite a bit more in terms of legal support, stricter "intellectual property" laws, stricter laws against reverse engineering or reverse engineering tools, or some combination of the above.

    Unfortuntely, all of this can come to pass. Parts of the US government clearly have some perverted fetish about listening to and saving all electronic communication. Having the "IP" and other laws in place make it much easier to mandate pseudo-encryption with backdoors, because everything must be checked to see if the DRM on an image is being violated or not. If those perverted agencies can see this, they would probably throw their weight behind such a proposal. Other agencies might see the DRM on images as a way to assign blame for leaks, or keep classified material from journalists, even if they're not directly involved in the fetishistic surveillance of the entire population.

    reply to this | link to this | view in chronology ]

  • identicon
    James K, 15 Oct 2015 @ 8:12am

    lol

    You:
    SHIT, this image has DRM and I can't view it on my computer.

    Me:
    What metadata? I used screen shot

    reply to this | link to this | view in chronology ]

  • identicon
    bdj, 15 Oct 2015 @ 8:14am

    Let the DRM fanboys create their own protected format instead of dicking around with JPEG. The Internet was rather nice before the copyright/IP clowns showed up...

    reply to this | link to this | view in chronology ]

  • icon
    tom (profile), 15 Oct 2015 @ 8:45am

    I disagree with part of the EFF position. Expecting sites like Facebook and Twitter to have effective privacy controls is silly. Anyone uploading anything to any of these 'public view' sites should expect all aspects of the thing in question to become fully public, regardless of any so called privacy settings on the file or its meta data. Its a rare week where we don't read about some kind of privacy breach on some site.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 15 Oct 2015 @ 11:31am

      Re:

      While this is true, one has to be a bit sympathetic to those who find their likeness in an ad selling something offensive or controversial.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 15 Oct 2015 @ 11:05am

    Only a fool would think about adding DRM to an image format. They can feel free to create their own image format and hope it gets picked up though /chuckle.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 15 Oct 2015 @ 12:17pm

    JPEG's filename extensions piss me off!

    .jpg, .jpeg, .jpe

    reply to this | link to this | view in chronology ]

    • icon
      DannyB (profile), 15 Oct 2015 @ 1:43pm

      Re:

      Blame it all on that fact that in the late 1980's and very early 1990's a certain highly inferior operating system from Redmond could only handle three character extensions in file names.

      The fact that the OS I am thinking of even required extensions in order to identify what was in a file was another example of how far behind the times it was. Even back then.

      reply to this | link to this | view in chronology ]

  • identicon
    Mark Wing, 15 Oct 2015 @ 3:36pm

    All of my photos go into the wild watermarked. So I normally don't take issue with a company using one of my photos, because the watermark has my domain name on it. Some readers have told me that they found my site from a watermarked photo on a different site.

    Every once in a while, a company will ask really nicely for an original or a set, usually of their product, and I almost always give it to them.

    So, I'm not sure what DRM would give me as a photographer. I want people to see my work. I want my photos to be spread far and wide. My only fear is that someone else takes credit for my work, but the watermarks fix that.

    As far as control, from a technological standpoint, the only control I have is whether to put my photos are in the wild or not. Once they go into the wild, my only control is artificial: threats, lawsuits, whatever reactive bullshit people do.

    As far as my work going into the wild without my consent, I do the best I can. It's probably a hundred thousand photos and they are all stored on an encrypted drive. If someone swipes the drive, they'll just get a brick. If hackers or a three letter agency swipe my drive, then oh well, I did my best to secure it if they crack it.

    The watermark tool I built (and also sell) will also set the metadata on formats like JPEG, but I've never looked to see if anyone is stripping it off my photos in the wild. I think (?) Google even uses this metadata to help decide your search ranking.

    Any way I look at it, as a photographer, the only end result of DRM would be everyone seeing me as a douche-bag and staying away from my work, which is the polar opposite of what I want.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 15 Oct 2015 @ 5:37pm

    DRM on JPEGs?

    Is nothing sacred?!

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.