CDT offers privacy principles for watermarking

Digital watermarks are one of the technologies being touted as a means to deter piracy of digital content, as telecom service providers and others look for secure and efficient means of reliable content distribution. There are privacy concerns associated with digital watermarks, however, and today the Center for Democracy and Technology, a Washington-based advocacy group that promotes an “open, innovative and free” Internet, released what it calls a set of privacy principles for the use of digital watermarking.

In essence, the CDT principles laid a roadmap for using digital watermarking without unnecessarily compromising individual privacy, said David Sohn, senior policy counsel for CDT and author of the privacy principles. In addition, they provide guidance for how best to respond when digital watermarking technology is breached or compromised.

Digital watermarking works by embedding subscriber-specific data in digital files that are purchased or downloaded, with the purpose of being able to track the origin of files that are then illegally shared. The primary intent is to discourage piracy by giving law enforcement ready means to identify and therefore prosecute those who illegally post protected content to peer-to-peer or other file-sharing sites.

That’s a legitimate use, Sohn said, but there are also inherent dangers to privacy that vary widely depending on the application. The CDT’s eight principles are intended to spell out how best to mitigate those dangers.

“It’s my hope that [telecom service providers] would realize that there is some useful and fairly concrete considerations here as they go to design and implement watermarking,” Sohn said. “We’ve tried to make these principles workable from a commercial standpoint but also address privacy concerns.”

The eight principles are:

1. Privacy by design: First and foremost, Sohn said, privacy should be designed into any digital watermarking application from the outset, not added on at the end. “It is easier and works a lot better if you think about it in the design phase, up front, rather than trying to retrofit a privacy solution on at the very end,” Sohn said. That means also considering all aspects of the digital watermarking process, including whether some portion of it, such as control of the user database, is being outsourced to another party who must also be taking privacy into account, Sohn said.
2. Avoid embedding independently useful identifying information directly into a watermark: “Instead of putting in a watermark that contains my name, you put in a watermark that contains a code or serial number that in a backend database correlates to me,” Sohn said. “The code is gibberish unless they have access to the database to look it up. At the very least, it makes [stealing information] a two-step process that is harder.”
3. Notify end-users about individualized watermarks: This one is tricky because it will vary, depending on the application, Sohn said. For instance, “you could imagine a little notice and text at the beginning of a DVD saying this DVD is watermarked with information that can be traceable back to you so you really shouldn’t copy it,” he said. “That wouldn’t bother anybody and, in fact, if the purpose is to deter people from privacy, the deterrent effect is only going to kick in if they know that those watermarks are there.” It would be annoying, however, to hear a notice every time you play a downloaded song, Sohn admitted.
4. Control access to watermark readers: “There will be a need for some devices to be able to read watermarks – the question is how widely or how loosely do you disseminate those readers,” Sohn said. In short, they shouldn’t be on a shelf at Best Buy, where anyone can get one.
5. Respond appropriately when algorithms are compromised: “Any codes people use will sometimes get cracked, and that doesn’t mean you scrap the entire thing,” Sohn said. “But depending on what you are using it for, you might want to be careful about further use.” For example, if the algorithm has been hacked so badly that third parties could alter the watermark or put in a fake watermark, then if you are trying to identify pirates and bring lawsuits against them,” obvious changes are needed, Sohn said.
6. Provide security and access controls for back-end databases: These databases are going to be full of subscriber-specific information such as buying habits and must be protected from security breaches, Sohn said.
7. Limit uses for secondary purposes: Sohn calls this “mission creep” – using information collected and retained about individuals for security purposes in ways not originally intended, such as to target ads. The watermark system “doesn’t need to be recording my lawful use of [downloaded material] because that’s not relevant to the purpose,” Sohn said. “If I upload it to a peer-to-peer system, and infringing copies are found, that’s one thing. But unless and until I do that, there is no need for the system to be recording how much or how I’m using that media legitimately.”
8. Provide reasonable access to whatever information is on file so that consumers can check it for accuracy and make corrections: Like credit reports, stored data within security systems should be viewable and correctable, Sohn said.