JPEG Committee Proposal Stirs Image-DRM Fears
Oct 19, 2015 12:09 PM PT
The JPEG Committee last week met in Brussels to discuss a proposal to secure privacy information such as metadata for published pictures that includes geographical information enabling identification of people who have given anonymous interviews to journalists and pictures posted on social media intended only for a limited audience.
The proposal also seeks to address intellectual property rights for images provided by commercial stock providers or news agencies.
Privacy concerns inhibit digital content distribution, the JPEG Committee said. It is seeking solutions that provide trust when sharing image content and metadata.
Its focus is on legacy images as well as standards such as JPEG XT, JPSearch and JPEG Systems.
The result will be the addition of digital rights management to the JPEG image format, argued Jeremy Malcolm, senior global policy analyst at the Electronic Frontier Foundation.
Extending DRM to Images Online
Much of the privacy and security support functionality required already is available in Part 8 of the JPEG 2000 standard.
JPEG 2000 has a DRM extension called JPSEC that is used for highly specialized applications such as medical imaging, broadcast and cinema image workflows, and archiving, so it "hasn't affected the use of images online," Malcolm pointed out.
The JPEG Privacy and Security Group is thinking of "essentially backporting DRM to legacy JPEG images," he said. This would impact the open Internet.
Cryptographers don't believe DRM works, Malcolm told the JPEG Committee. It doesn't account for copyright limitations such as fair dealing, fair use and quotation, and it "allows anticompetitive conduct such as region coding."
In addition, archives often wrongly claim copyright-like rights to images in the public domain, he said.
Further, laws against circumventing DRM threaten liability for people reporting vulnerabilities in DRM implementations and infringe upon freedom of expression, Malcolm said. In 2001, for instance, the music industry used the Digital Millennium Copyright Act to prevent Princeton and Rice university professors from discussing security flaws in its SDMI DRM technology.
Alternatives to DRM include cryptography, rights management information and licensing, he said.
DRM May Not Work
The DRM issue is complicated because it "steps on many other issues, such as the rights of the user," said Jim McGregor, a principal analyst at Tirias Research.
The best defense against piracy is "a change in business models," he told the E-Commerce Times. "Provide value and make it affordable and/or develop alternative business models around the content, and piracy will no longer be an issue."
The argument for DRM is that it would protect investment in the development of content, but "it's really just protecting antiquated business models that are out of date with modern society and current technology," McGregor contended.
"Any software company will tell you that there's no way to completely protect software from hacking," he said. "Likewise, there's no way to completely protect content, especially with the speed with which it can spread around the Internet."
The alternatives Malcolm suggested are "at best Band-Aids," McGregor contended, because "once content is out in the public eye, it can be copied and distributed in many different ways."
Much Ado About Nothing?
The JPEG Committee "has not endorsed any specific solution to protect privacy or secure JPEG images," said JPEG convener Touradj Ebrahimi.
The JPEG Committee invited the EFF, as well as several other organizations, to provide its opinion because JPEG "wants to have as much reaction as possible before standardizing security solutions for its format," he told the E-Commerce Times. "These comments will be used to better define the scope and framework of the JPEG Privacy and Security [Group]."
DRM "is a generic definition that refers to a large spectrum of solutions, ranging from protection to monitoring," Ebrahimi pointed out.
"It's better to ask EFF to provide a more detailed description of what they mean by DRM," he said, "and maybe some references to back this statement as we do not either endorse or deny this general statement."