How difficult is it to watermark data so it has little value to attackers if stolen, and can be tracked later by authorities?
Ask the Expert
SearchSecurity expert Michael Cobb is standing by to answer your questions about enterprise application security and platform security. Submit your question via email. (All questions are anonymous.)
Digital watermarking is the process of adding identifying data -- such as a sequence of characters or code -- to digital content such as text, images, films, music and software programs.
There are two types of digital watermarks: those that are perceptible to the human eye or ear, and those that are imperceptible. Both need to be able to survive intact without affecting the quality of the content during compression and decompression, encryption and decryption, and while it's being used. A watermark is typically used to identify either the originator or authorized user, state usage rights, verify the authenticity or integrity of the data, or control its use and distribution. The Digital Watermarking Alliance, an international group of leading organizations, promotes the advantages of digital watermarking to content owners, industries, policy makers and consumers.
Traditional watermarks, such as those on banknotes, are only perceptible under certain conditions and are difficult to remove. The problem with digital watermarks is that any digital process can be reversed. There is also a problem known as the analog hole: content has to be in analog form for humans to see or hear it, but once digital content is put into analog form, it's no longer protected and can be converted back into digital format, allowing unauthorized copying and redistribution.
Watermarks are not complete digital rights management (DRM) mechanisms in their own right, but are used as part of DRM solutions, such as helping to provide prosecution evidence for legal avenues of rights management, rather than direct technological restriction. Most DRM systems have been hacked and tools to decrypt content or strip off the DRM controls are routinely put on the Internet, even though the Digital Millennium Copyright Act makes such tools illegal.
Despite these shortcomings, digital watermarking is being used for source tracking. This is where each recipient gets content with its own unique watermark. A watermark embedded into content at each point of distribution can be retrieved from the copy and the source of the distribution can be checked. A product by Digimarc Corp., Digimarc for Images, adds an imperceptible digital watermark to images that can be used to locate where they are used online.
While watermarks cannot prevent illegal activity, they can alert someone if they receive or access illegally copied or distributed content. It is far from a perfect science, though. False positives often occur when watermarked data is legally restored to a replacement device, or when key files are corrupted or removed by anti-spyware tools.
In terms of a watermark ensuring data is of little value to attackers if stolen, the only type of watermark that would work is a perceptible one, such as big red text over a digital image, a PDF document saying copyrighted material, or a hiss recorded throughout the soundtrack of a video or music file. However, this approach clearly affects the quality of the data and renders the files of little use to the legal owner. So until watermarking techniques are developed that are robust enough to prevent removal, encryption remains the best approach to protecting data.
This was first published in July 2013