Friday, June 01, 2007

No test of effectiveness for watermarks

It appears that Apple are using an extremely simple method to embed purchaser information into its iTunes songs: including the user's name in plaintext. Anyone with a text editor can edit this information; converting the file to any other format is also likely to remove the data. Most watermarking schemes are far more sophisticated, hiding this type of information by subtly modifying tiny details of the underlying audio in ways that are difficult to mask.

Interestingly, iTunes' trivial "watermarks" are still protected by article 7 of the EU Copyright Directive. Member states must ban the removal of rights-management information, and the distribution of files whose rights-management information has been removed. In contrast, Digital Rights Management systems must be "effective" to receive legal protection.

iTunes encrypts DRM-restricted songs when they arrive on your computer, rather than as they leave Apple's servers. I wonder if watermarks are applied in the same way, making them even easier to attack. Of course, Apple/iTunes may also be applying further more sophisticated watermarks to purchased songs.

UPDATE: EFF are busy investigating some suspicious data in iTunes files (thanks, Anselm!)

No comments: