June 19, 2019


I wrote last week about the Analog Hole Bill, which would require almost all devices that handle analog video signals to implement a particular anti-copying scheme called CGMS-A + VEIL. Today I want to talk about how that scheme works, and what we can learn from its design.

CGMS-A + VEIL is, not surprisingly, a combination of two discrete signaling technologies called CGMS-A and VEIL. Both allow information to be encoded in an analog video signal, but they work in different ways.

CGMS-A stores a few bits of information in a part of the analog video signal called the vertical blanking interval (VBI). Video is transmitted as a series of discrete frames that are displayed one by one. In analog video signals, there is an empty space between the frames. This is the VBI. Storing information there has the advantage that it doesn’t interfere with any of the frames of the video, but the disadvantage that the information, being stored in part of the signal that nobody much cares about, is easily lost. (Nowadays, closed captioning information is stored in the VBI; but still, VBI contents are easily lost.) For example, digital video doesn’t have a VBI, so straight analog-to-digital translation will lose anything stored in the VBI. The problem with CGMS-A, then, is that it is too fragile and will often be lost as the signal is stored, processed, and translated.

There’s one other odd thing about CGMS-A, at least as it is used in the Analog Hole Bill. It’s remarkably inefficient in storing information. The version of CGMS-A used there (with the so-called RCI bit) stores three bits of information (if it is present), so it can encode eight distinct states. But only four distinct states are used in the bill’s design. This means that it’s possible, without adding any bits to the encoding, to express four more states that convey different information about the copyright owner’s desires. For example, there could be a way for the copyright owner to signal that the customer was free to copy the video for personal use, or even that the customer was free to retransmit the video without alteration. But our representatives didn’t see fit to support those options, even though there are unused states in their design.

The second technology, VEIL, is a watermark that is inserted into the video itself. VEIL was originally developed as a way for TV shows to send signals to toys. If you pointed the toy at the TV screen, it would detect any VEIL information encoded into the TV program, and react accordingly.

Then somebody got the idea of using VEIL as a “rights signaling” technology. The idea is that whenever CGMS-A is signaling restrictions on copying, a VEIL watermark is put into the video. Then if a signal is found to have a VEIL watermark, but no CGMS-A information, this is taken as evidence that CGMS-A information must have been lost from that signal at some point. When this happens, the bill requires that the most restrictive DRM rules be applied, allowing viewing of the video and nothing else.

Tellingly, advocates of this scheme do their best to avoid calling VEIL a “watermark”, even though that’s exactly what it is. A watermark is an imperceptible (or barely perceptible) component, added to audio or video signal to convey information. That’s a perfect description of VEIL.

Why don’t they call it a watermark? Probably because watermarks have a bad reputation as DRM technologies, after the Secure Digital Music Initiative (SDMI). SDMI used two signals, one of which was a “robust” watermark, to encode copy control information in content. If the robust watermark was present but the other signal was absent, this was taken as evidence that something was wrong, and strict restrictions were to be enforced. Sound familiar?

SDMI melted down after its watermark candidates – all four of them – were shown to be removable by an adversary of modest skill. And an adversary who could remove the watermark could then create unprotected copies of the content.

Is the VEIL watermark any stronger than the SDMI watermarks? I would expect it to be weaker, since the VEIL technology was originally designed for an application where accidental loss of the watermark was a problem, but deliberate removal by an adversary was not an issue. So how does VEIL work? I’ll write about that soon.

UPDATE (23 Jan): An industry source tells me that one factor in the decision not to call VEIL a watermark is that some uses of watermarks for DRM are patented, and calling it a watermark might create uncertainty about whether it was necessary to license watermarking patents. Some people also assert (incorrectly, in my view) that a watermark must encode some kind of message, beyond just the presence of the watermark. My view is still that VEIL is accurately called a watermark.


  1. Another problem in using the VBI for any purpose: LOTS of video and TV applications place data in the VBI, and adding a new requirement there may make many pieces of legacy software and hardware obsolete. The VBI is not an “available” place to put any kind of standard data.

  2. There are some basic evidences : if you can’t see the mark, it means that if you remove it, it will be unnoticeable from a video point of view.
    Well, there are solutions to spread the information on the whole picture, but it requires huge processing power, it is not a “consumer technology”. So, I wish good luck to the system.
    Basically, what are saying the test when you : distort the image (zoom of a 2% factor for example), rotate the image (1 degree), add noise, apply some filtering, de-interlace and then re-interlace, … Well, good luck.
    If you can’t see it (the mark), you can remove it.
    And if you can see it (the video), you can record it.

  3. Sean Ellis says:

    It would appear that the VEIL watermark, whatever its form, would be susceptible to a Replacement Attack (see http://crypto.stanford.edu/DRM2002/drm.pdf for a discussion of this technique on audio streams).

    Couple this with the fact that conforming consumer devices could easily be set up as an “oracle” which would allow you to determine whether the watermark has been successfully removed, and you have a system which would present little obstacle to a dedicated attacker.

    In other words, business as usual: it will create lots of inconvenience their legitimate consumers, while at the same time presenting only minimal interference to the big-time copyright offenders.

  4. Blake Baxter says:

    For me, the only way to read this is that they are not aiming for a technical solution at all. If they were, they’d actually try. What they really want is a legal solution, writing Hollywood’s right to profit into law under the pretext of fighting circumvention.

  5. Why do I keep reading VEIL as EVIL? Hmm…

  6. I would have thought that if the intention of the content provider is that there be no restrictions on copying or usage of the content, that there would be no need to incorporate any drm signals on the recording at all.

    Yet those standards cater for (a) no drm signals at all, and (b) drm signals which are specifying no restrictions, as alternative methods of publishing “do what you like with it” content.

    That road potentially leads to a situation where a device will only play content if the drm signals are there, and that a producer wanting no restrictions has to use a drm system to say so, which presumably involves paying for a licence for the drm method used.

    Which looks more like an attempt to monopolise the use of the technology, than a genuine attempt to protect copyright.

  7. John,

    CGMS-A is carefully specified so that the provider can say whether he wants DRM measures to be used, but he can’t say whether he gives permission to copy. In other words, if he says no to apply DRM, this is not the same thing as saying that copying is okay.

    A better system would let the provider say that copying was okay, or was okay for only non-commercial purposes, or was okay was long as the content was unaltered.

    The omission of this last possibility is really conspicuous, since it would correspond to a business model in which the provider distributed programs, with commercials, to anyone who wanted them — which is by far the most successful business model in the history of the industry.

  8. Janos Simon says:

    The problem with the “programs with comercials” business model is TiVo and similar devices. For content that is used off-line all comercials could be filtered out (and this is true even if content should be distributed unaltered: just provide a separate file with the positions of the comercials.)

  9. Programs with commercials could be accommodated in a playback device by having the commercials include numbered “commercial” watermarks, and having other watermarks in the main program. A receiver would only play a numbered segment of programming if it had seen the corresponding numbered segment of commercial.

    Not that this couldn’t be worked around by generating “fake” commercials, but accommodation of the “commercial-television” model in a watermarking scheme is no less reasonable than any of the other watermarking schemes.

  10. Blake is right, this is not really meant to stop piracy, but to give Hollywood more control. They know that it won’t stop folks of reasonable technical skill, but they want to stop production of products like ours (essentially a digital VCR), or at least control what they can do. In effect it would likely outlaw our product because the compliant one would be nearly useless.

    We wrote the following open letter to congress:


    Anyway, great explanation of the underlying technology, best one I’ve seen.

  11. Richard Leiberman says:

    Far too many acronyms used by you jokers — a nearly impenetrable shield of geekishness surrounds your chit-chat. It could be an ironic observation, and thus a funny inherent geek trait — if it weren’t for the equal measure of moroseness elicited once the inherent selfishness of even the enlightened sectors of humanity is identified as inescapable.
    Yes, this is indeed my attempt at a version of impenetrable jargon that will alienate innocent bystanders and only mildly frustrate paranoid sociopaths, borderline schizophrenics, et al.

    Truth be told, I’d rather be skipping stones at the lake.

    Stop with the acronyms!