A couple of threads have recently touched on aspects of "digital fingerprinting", a term that covers a variety of methods for making changes to digital documents in order to trace the origin of illicit copies. This subject has been on my mind after several discussions on this topic at Crypto, as well as the one formal presentation on the subject. Here are some of my thoughts on this subject: o If the domain of changes is well understood, and can be altered without significant loss of quality, then it is trivially easy to remove the fingerprinting. In other words, if you know the algorithm used to create the fundamental codewords in the fingerprint, and you can overwrite arbitrary codeword bits with other codeword bits, then the scheme can be avoided without collaboration of any kind. Example: A software company fingerprints its software by mapping two equivalent machine instructions onto binary "0" and "1", respectively. Someone who knows about this could randomly replace one instruction with the equivalent one, which would reduce the fingerprint to noise. Example: A publishing company uses an even number of points between paragraphs to indicate "0" and an odd number of points to indicate "1". Someone who understands this can overwrite the fingerprint as above. o If a fingerprinting scheme depends on the secrecy of an algorithm, then this is really "security by obscurity", which may be effective for a period of time, but is likely to meet the fate of most copy protection schemes that have rested on raw obscurity. o Certain domains of information lend themselves to the secure formation of fingerprint "bits" that are very difficult to scrub in this way. One such scheme was used as the basis for the presentation at Crypto: imagine that a film was shot with two (or N) cameras. For each frame of the film, the distributor can chose to take a frame from a different camera. Frames from camera 0 would be mapped onto binary "0", frames from camera 1 would be mapped onto binary "1". Using this approach it is possible to construct schemes that are resistant to collaboration up to "N" people. The security of such schemes rests on the assumption that given one frame, it is very hard (and possibly intractable) to fuzz up the frame such that the parallax information doesn't give away which camera shot the frame. Rather than hiding the fingerprint information in the "low bits", this technique hides the information throughout the picture. In one sense, a 2D picture of a 3D object is similar to a one- way hash function. It is a form of lossy compression on the 3D object that is impractical to work backwards. o Note that overwriting a fingerprint with random noise (or whatever) does not generate a valid replacement fingerprint. Therefore it would still be possible to tell that a document had been tampered with (and was not a valid copy), even if its provenance could not be determined. o A number of people are working on "black box" viewer technology, which would allow people to purchase documents that could only be read on devices with tamper-resistant hardware in them that would be required to decrypt media. Certainly much piracy could be done by capturing the output of such a box (unless it was embedded in a tamper-resistant chasis); there are some proposed schemes for reducing the payoff of output capture, but they depend on a similar approach to the movie fingerprinting idea above -- the base data format is somehow richer, possibly capable of generating different output under different circumstances or on different hardware platforms, while the output of the black box represents only one view of the base data. Example: a base format for a 3D object is encrypted with a public key resident in the "black box". Said black box also includes a hardware 3D rendering engine. The output of the black box consists of a series of 2D frames, which may make it impractial to reproduce the base 3D object. It is my considered opinion that this sort of technology will meet with tremendous customer resistance, and will not prove practical or cost-effective; many analysts are predicting a trend toward more general purpose computers for media viewing rather than towards specialized hardware that is needed for this kind of approach. o There are also some profound practical and legal problems with the use of digital fingerprinting. For one thing, it involves generating a unique copy of every document for each consumer. After the digitial fingerprinting session at Crypto, a guy from Microsoft was pointing out the incredible difficulties posed by trying to fingerprint, say, every copy of Windows 95. On the legal front, it's not clear what you can do to someone even if you _can_ prove that the 100,000 pirate copies of Windows 95 circulating in Amsterdam stemmed from his copy. Machines get hacked, co-workers and family members often have free access to machines running software -- it's not clear that media companies _want_ to invoke the paranoia associated with potential responsibility for millions of dollars in damages if someone makes an illegal copy of one's software and the loaves and fishes ensue. [Imagine what great revenge this would make for jealous co-workers, ex-wives, etc.]