MPAA Developing Digital Fingerprinting Technology 544
Danathar writes "The MPAA is looking to use digital fingerprinting technologies that in conjunction with legislation will enable and force ISPs to look for network traffic that matches the signatures. " From the article: " Once completed, Philips' technology--along with related tools from other companies--could be a powerful weapon in Hollywood's increasingly aggressive attempts to choke off the flood of films being traded online."
Computer = COPY (Score:5, Informative)
Just take the new napster mess where everybody is loading up on free music right now:
Napster/Winamp hack to get unprotected free music [tech-recipes.com]
Re:Encryption (Score:3, Informative)
There are already some P2P programs that support encryption, such as Freenet [sourceforge.net] and MUTE [sourceforge.net].
Re:Crypto (Score:3, Informative)
It'd also be quite difficult to tell what is encrypted and what isn't -- encrypted data, like ideally compressed data, is indistinguishable from random noise.
The only route would be to outlaw encrypted p2p apps, I would guess, which would probably be unenforceable in a practical sense anyway. (It's illegal to trade copyright material already; do you see that stopping too many people?)
This does NOT matter (Score:3, Informative)
http://www.ourmedia.org/ [ourmedia.org]
http://www.unmediated.org/ [unmediated.org]
etc... just google for it... Get involved in your public access TV today.
Re:Encryption (Score:3, Informative)
Yes, but SSL still leaves you open to the MPAA running a robot to download stuff, check for fingerprints in what it has downloaded, and recording the IP addresses of where it obtained the material. A captcha means they'd have to pay someone in Bangladesh $15/day to type in codes.
Artists (Score:2, Informative)
Re:Encryption (Score:5, Informative)
sure it would, that is the whole point behind the man-in-the-middle attack. It was discovered as a weakness in key exchange protocols such as diffie-hellman which rely upon exchange of public keys between previously unknown parties who do not use a trusted third party to manage public keys. The premise of the man-in-the-middle attack is that an intermediary intercepts the public keys (which must be transmitted in the clear) during the exchange protocol before they reach the intended recipients and substitutes his own public key instead. Then when the symmetric key is computed by the recipients during the key exchange (using the man-in-the-middle's public key) all three of them, both recipients and the man-in-the-middle, will have the secret symmetric key and the entire session will be compromised. Moreover, the recipients will have no idea that the man-in-the-middle exists because they had not previously exchanged public keys. The solution to this problem in practice has been to have a trusted third party repository for public keys, such as Thawte, which signs public key requests with its own private key to verify the origin of each public key. However, this requires central registration and management of keys, something which is unlikely to be palatable to P2P users for obvious reasons and thus the man-in-the-middle problem will persist when computing session keys for encryption on P2P networks. Man in the Middle is somewhat difficult to implement in practice, but not impossible (ISPs would make the perfect men-in-the-middle), so this is not merely a theoretical possibility.
Re:Hmm, wouldn't... (Score:5, Informative)
The stupid part is that even trivial encoding changes (zip) much less encryption (DES, AES, PKC) render this useless. The way around that is actually doing application layer filtering on data, and I with them luck with that. Besides encryption still getting around this in many cases, the CPU time required to do near-real-time layer 7 processing of ALL of the packets going through an ISP is obscene. (remember this type of filtering requires persistence of those packets for a period of time in order to reconstruct the resulting media, because the few bytes in a single IP frame probably isn't enough to know if it's media). Such investment would drive every ISP except Microsoft bankrupt.
What the MPAA is really pursuing right now is watermarking (mentioned later in the article). They have proposed altering each image that goes to different movie theaters or DVDs (especially previews that go to the MP Academy), etc. By watermarking the image against a master (of 'neutral' color, it is possible to determine which copy it came from even if it has been re-encoded.
The alteration is of certain items in the image. It is not on the magnitude of a least-significant bit (which different encoding schemes would then garble). What these watermarking systems do is change it by a number of bits, and do so in a recognizable fashion. In a scene, this might change brightness of the clouds, or the brown of the ground, etc. The net is that a distinct watermark can be created on the image. By altering different items in different films (and at different times), the net result is indistinguishable to the watcher; yet when the 'master' is known to the MPAA, the patterns can be distinguished to determine the source of a pirated copy of a movie or song (regardless of how it might have been re-encoded - unless it's at REALLY low quality)
Re:DMCA and encryption. (Score:2, Informative)
if you're not selling all those "vacation" JPEGs and school papers, it's damn hard to show copyright damages
If you register your photos with the US Copyright Office, which costs only $30 per photo album, they become eligible for statutory damages of $750 to $150K per infringed work unless the defendant has a clear fair use defense.
will the good old MPAA make (Score:4, Informative)
Dear Oliver,
Thanks for your e-mail.
While Peer-to-Peer (P2P) networks allow for a great deal of opportunity
for distribution of entertainment, P2P networks unfortunately enable
massive amounts of pirate activity.
When people upload or download others' copyrighted works, that is, in
fact, illegal. There is nothing illegal about P2P technologies, if
you're sharing work that you have the rights to share. But, most
commercial works you find available on P2P networks (e.g., albums you
find in stores, movies you find in theatres or stores) were not posted
there legally.
It is only this illegal activity that the MPAA is fighting against. We
will continue to embrace technology and the opportunities it offers
responsible citizens using it legally.
Thanks again for writing, and please let me know if you have additional
questions.
Anne
Re:Statutory damages. (Score:2, Informative)
You mean you somehow get automatic money, despite having no conceivable real damage to yourself? Not even the debatable damages of lost sales?
Yes. If the following happen in order: 1. you create a work, 2. you register U.S. copyright in that work, 3. somebody infringes your copyright on U.S. soil, and 4. you sue and win, then even if you can't prove monetary damages, you can still recover statutory damages and attorney's fees. See 17 USC chapter 5 for the gory details.
Re:While You're Bitching ... (Score:5, Informative)
"For decades they conspired on prices and you claim they "paid the price"?!"
The price-fixing settlement was not as a result of "conspiring" for "decades." Here's what happened:
The winners here are Best Buy and Wal-Mart. The losers are the traditional record stores and indie stores that continue to get squeezed out of the business by Wal-Mart and their loss leader prices on CDs. The record companies probably don't mind; other than sending out some settlement checks and sending some crappy CDs to some libraries (as you've mentioned), this didn't hurt their bottom line. They were selling CDs to Tower Records for the same price that they sell to Wal-Mart.
You should be happy about this if:
You should be unhappy if:
The bottom line is that anybody who thinks that the price-fixing settlement was a strike against big business and a win for the little guy is mistaken. They're probably still chuckling about it at Wal-Mart headquarters in Bentonville.
Re:Encryption (Score:4, Informative)
It's simply infeasable for an ISP to track absolutely _EVERY_ outgoing connection on its network and decrypt its contents for perusal by the MPAA, so this isn't gonna happen. At best all the ISP would be able to do is a random cross-sampling of its entire set connections, and try to infer actual usage from that (although they wouldn't be able to actually prosecute anyone without the direct evidence).
Re:Encryption (Score:5, Informative)