Several things have been missed in the recent flare-up over Adobe Photoshop’s refusal to import images of currency. (For background, see Ted Bridis’s APstory.)
There’s a hidden gem in the Slashdot discussion, pointing to a comment by Markus Kuhn of Cambridge University. Markus established that some color copiers look for a special pattern of five circles (usually yellow or orange in color), and refuse to make high-res copies of documents containing them. Sure enough, the circles are common on paper money. (On the new U.S. $20 bills, they’re the zeroes in the little yellow “20”s that pepper the background on the back side of the bill.) Markus called the special five-dot pattern the “constellation EURion” because he first spotted it on Euro notes.
But reported experiments by others show that Photoshop is looking for something other than EURion. For example, Jon Sullivan says that Photoshop refuses to load this image, which nobody would mistake for currency.
There’s been lots of talk, too, about artists’ legitimate desire to use currency images, and lots of criticism of Adobe for stopping them from doing so. But check out the U.S. government’s legal limitations on representations of currency, which are much more restrictive than I expected. Representations of U.S. currency must be one-sided, and must differ substantially in size from real bills, and all copies (including computer files) must be destroyed after their final use. Photographs or other likenesses of other U.S. securities, or non-U.S. currency, must satisfy all of the preceding rules, and must be in black and white. (Other countries’ rules are available too.)
Finally, the European Central Bank (ECB) is considering recommending legislation to the EU to require inclusion of currency recognition into digital imaging products. Predictably, the ECB’s proposal is wildly overbroad, applying to “any equipment, software, or other product[]” that is “capable of capturing images or transferring images into, or out of, computer systems, or of manipulating or producing digital images for the purposes of counterfeiting”. As usual, the “capable of” construction captures just about every general purpose communication technology in existence – the Internet, for example, is clearly “capable of … transferring images into, or out of, computer systems”. Note to self: it’s way past time to write that piece about the difficulties of regulating general purpose technologies.
[Thanks to Seth Schoen for pointers to some of this information.]
If I pin a currency bill to my chest, does this mean that digital security cameras should not record my image?
An idea for the next “Mission Impossible” movie perhaps.
Good thing The Gimp is getting better.
The recognition system seems to key on the treasury seal image. I took the sample image, which PS CS will not open, opened it in PS 7, and painted a black dot filling in the area between the eagle’s beak and the top of the left wing (the eagle’s right wing, but you know what I mean 🙂 ) — PS CS opens the image now, with no warning.
Just for fun, I ran a second test. Starting with the original image, I selected just the seal, and mirrored it horizontally. PS CS will not open the image.
Third test — a black dot again, but only five pixels in size, linking the eagle’s beak with the top of the wing it’s pointing at. PS CS will not open the image.
Fourth test — I added three more pixels to the black dot, thickening the line. PS CS now opens the image.
Food for thought…
Adam,
I assume you refer to preventative measures in general purpose software and not preventative measures in the currency… And no, I don’t think there are any worthwhile preventative measures in this case because while it will take the truly motivated initially, the workarounds will filter to the least motivated in a short time.
The best analogy I can come up with regarding restricting software tools is physical mechanical tools. There are two types of Torx screws… the generic and the “security” version, the difference being that the security Torx screw has a post in the center of the hole requiring a special Torx driver that has a corresponding hole.
Soon after they came out people who had a drill press were drilling the matching hole in regular Torx drivers. Then “Security Driver Sets” began to appear mail-order. Now you can pop down to Fry’s and pick up a set of “Security Drivers” for pocket change.
I’m sure some hacker is working on a patch to Photoshop as we speak to bypass the image analysis piece… and it’ll initially be a grody nasty hex edit affair. But somebody will rewrite it into a executable… and then it’ll appear as a webpage (visit this site, click a button, voila… no protection).
At the same time a motivated black-hat hacker will be reverse engineering the image analysis piece so that their counterfeits will fail just as the real thing will.
So in a way this is temporarily discouraging the casual counterfeiter while exposing more data to the determined counterfeiter. Personally I don’t think that’s a good tradeoff.
“Code is Law”
as demonstrated once again.
It’s reticent of the Clinton Encryption progression:
Ban -> Allow w/backdoor & informal agreements w/private industry (see)
Stringent false-positive* prohibition falls somewhere in the middle, but closer to an all-out ban judging by the extent of proported denial-of-scan occurances.
I have no idea what the remedy should be. Fair use must have a place, but the prospect of Play-Dough-Money factories is none too attractive.
(on this note – the aforementioned currency representation guidelines would prohibit accurate representations such as those used in movies; do they always use ‘real’ money in those drug-kingpin-conartist-type films during the close-ups?)
I agree that the current status is an “in-security” feature, and all mass-produced commercial attempts to prohibit are doomed to failure; those that are truly motivated will find a way. However, are there any worthwhile preventative measures? Is the anger primarily over the lack of warning about the program limitations?
* positive being intenitional counterfitting of currency
Life imitates Vance
I’ve always admired the science fiction of Jack Vance; he has a baroque yet precise prose style, like steel draped in velvet. But one of his novels, The Killing Machine, rests on a premise that I always thought was a…
I could open that image in Photoshop 7.0.1 on XP. I was also able to save it as TIFF and do a screenshot and save it as TIFF. I wish it worked though for the purposes of teaching.. it would be an interesting example to show in class to convey to students how technologies can be tweaked to limit uses.
Interestingly, my photoshop 6 won’t open Jon Sullivan’s image (jpg), but when converted to a bmp file us MS Paint, there is no problem opening it.
Everytime I use a new scanner, I scan in a $20 at maximum optical resolution to test the quality of the scan. I’ve been doing it for years. I imagine I’m not alone.
So is this a “security” feature or an “insecurity” feature (see earlier blog entry). Is it necessary that a feature like this work with 100% perfection to be useful? Or is it enough that it raises the bar, makes the serious counterfeiter do more work, and stops the causal counterfeiter who tries to scan in a $20 bill “just to see what happens”?
just posted:
Many of the existing patents on currency-recognition algorithms talk about recognizing the Federal Reserve seal – which is clearly visible on Jon Sullivan’s image. So the success of that image in fooling the filter suggests that Photoshop is testing for several things at once. It’s also interesting because the Federal Reserve seal is not particularly designed for the purpose of this kind of recognition; to catch it, you have to use an image recognizer that could work for general images, and that implicates the social questions I asked in one of my early postings on this topic. If they can recognize banknotes, and they do so with a general-purpose image recognizer, then what other images will they be asked to block in the future?