I sat staring at at my screen today with a squinty look in my eyes and a soured puss as my wife asked me why I looked so funny. "Meh!" I replied tersely.
The real answer was that I was pondering a question asked by the title of a topical piece penned by CNET's Matt Rosof which begged: "Watermarking to Replace DRM?"
I think the reason I looked so perturbed is that it was an overtly stupid innocent question given that it's pretty obvious that watermarking won't "replace" DRM, it is merely another accepted application of it.
It doesn't take much to remember that the 'M' in 'DRM' stands for management. Tracking how files move around is part of the M. Why is this any different? The point of monitoring anything is either to: (a) gather intelligence which can be used to (b) implement a control or effect a disposition based upon said intelligence.
It's interesting that in many cases we risk giving up our 'R' but that's a topic for a different post.
So here's the premise of watermarking -- something I think most of us understand:
So what's watermarking? It's the insertion of extra data into an audio stream that can help identify where that audio came from. It's not enough to attach data to a digital audio file--users can just burn that file to a CD and then re-rip it, changing the file format and stripping off all the data associated with the original file. (This is also the classic way users get around DRM.) Instead, the data is inserted into the audio track itself. It's inaudible to human ears, but detectible by various other tools.
What I found interesting from a security and technology perspective was the following:
In the case of Universal, the watermarking data won't identify each individual file--a method that would allow the company to trace pirated files back to their first purchaser. Instead, it will only identify the particular song. Eventually, Universal will look at popular file-trading networks, and see which of the DRM-free songs released through its experimental program ended up on these networks.
Firstly, I don't believe the first sentence. Sorry, I'm a skeptic. Secondly, this technology and its application isn't new at all. I have it on very, very good authority that existing technology has been used in this exact manner for the last several years by the RIAA in order to track and monitor P2P file swapping which includes audio. It's used by government and military operators, also.
How do you think those subpoenas get issued specifically against those 12 year old girls swapping Shakira MP3's? They can definitively link a specifically watermarked MP3 with the IP address of the downloader after it's injected into the network and consumed...by using watermarking.
(Ed: Comments below by Jordan suggest that this practice is not used heavily. I cannot dispute this assertion, but I maintain that the technology has been used in this manner. See the comments for an interesting perspective.)
It's the same technology used by DLP and DRM solutions in the enterprise today. So, watermarking is just another means to the end. Period.
This is the funny part of the story:
Universal can then use this data to help decide whether the risk of piracy outweighs the increased sales from DRM-free MP3 files, segmenting this decision by particular markets. For example, it might find that new Top 40 singles are more likely to find their way onto file-trading networks than classic rock from the 1970s.
Sure it will... ;) I feel all warm and fuzzy now.
/Hoff
* Picture Credit: CNET
