In Computers, Typical on 2008-01-24 by petervk

Lately we’ve been seeing a trend to discard DRM in digital music. Steve Job’s prominent post about how Apple only uses DRM because the music industry forces it,’s new DRM-free music store, and several major music labels defection from the DRM bandwagon. This really should not be surprising as DRM is a logically flawed and really never worked. (Tell me of even one album where mp3 rips are not easily available on some p2p network) (ok, a popular album that people care about)

What is interesting about this is an increasing popularity of “watermarking” technology. At its simplest watermarking means adding meta data to the digital music file so that copies can be tracked to their origin. What this means is, if you download a music file from a provider using watermarking they embed some form of unique tracking id into the file. When you copy the file to put it on your iPod, and your laptop, and your backup disk, etc each one of these copies retains the tracking information. The reason for this is when a mp3 file shows up on some p2p network they can trace back to who originally purchased the file.

This starts to sounds like a reasonable solution. I mean no one likes their every move tracked, but this seems to be a reasonable way to allow people to their rights of fair use and still provide a means to prosecute those who are breaking the law.

Lets walk through some of the things that will be needed for this watermarking to work.

  • Based upon proven public key cryptography
    • For watermarking to really work we need to make sure that the only one who can produce a valid watermark is the seller of the files, and that we can verify that the watermark has not been tampered with. If this were not true, someone could easily create a new watermark changing who “owns” the file, or filling it in with useless information (i.e. Jane Doe, 1234 anywhere street, etc). The provider of this technology must provide the same level of trust that digital certificates currently provide. Remember we are talking about something that could potentially be used to put someone in jail, we need to be able to trust the data. No possibility of forgery is acceptable. Oh, and security through obscurity is a myth.[1]
  • Completely Transparent to the User
    • There is no way to enforce that digital music players play only watermarked media[2], so we must include the watermark in the existing file. But we cannot put it in an obvious position (the id3 tags for instance) as this will be insanely easy to blank out. So the watermark must remain completely transparent to the user, and this is where the idea fails. All that needs to happen is two different users to compare the file they bought to find out what the watermarking process changed. By writing random data to those locations we could easily ruin the watermark, or even worse, make it look like someone else purchased it. Someone may be able to create an algorithm that somehow changes almost every bit in the file to hide the watermark, but this is computationally expensive (i.e.very un-scalable) and will eventually be broken as well.

So I don’t think watermarking will work. It will either be as user unfriendly as DRM or it won’t be able to be trusted, making it useless. What I do bet is that the music industry will still continue to be greedy and will jump on whatever trend will make them the most money.

Want to start a digital watermarking business with me? I foresee a year or two of incredible growth and then being dropped like a newborn giraffe when people clue in.


[1] Seriously people. The whole idea of security through obscurity cannot ever be proven. It completely relies on speculation and unknowns.

[2] Ok, you may be able to enforce watermarking through a new file format that builds the watermark into its analog to digital conversion method, but I bet a million dollars that it will fail. People will stick with existing file formats, or with other ones that do not have such purposes built in.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: