Movie piracy and threat models

| Comments (8) | DRM
I understand that in-theater videotaping of movies is a major source of piracy, but it's hard to understand the threat model under which this is a useful technique:
In recent years, the problem of camcorder piracy in theaters has become more serious due to technical advances in camcorders. In this paper, as a new deterrent to camcorder piracy, we propose a system for estimating the recording position from which a camcorder recording is made. The system is based on spread-spectrum audio watermarking for the multichannel movie soundtrack. It utilizes a stochastic model of the detection strength, which is calculated in the watermark detection process. Our experimental results show that the system estimates recording positions in an actual theater with a mean estimation error of 0.44 m. The results of our MUSHRA subjective listening tests show the method does not significantly spoil the subjective acoustic quality of the soundtrack. These results indicate that the proposed system is applicable for practical uses.

OK, so let's say that this works as advertised: why does it help. The full article is behind a paywall, but I'm assuming the way this is supposed to work is that you wait for a pirated movie to show up on the file sharing network, then what? Let's assume that each print is separately marked, so you can tell what theater it was taken in and what position the camera was in. I still see several problems.

First, you need to figure out which showing the video was taken at. The easiest way to do this is probably to inject a signal into either the audio or video. As I understand the situation, modern projection equipment generally uses digital audio, so I suppose it's possible that you can reprogram the projection system to add a time signal to the audio track somehow; if you're using digital projection you could probably add it to the video as well. Even so, it seems to me that this technique requires new equipment or at least new software on every theater. That's a pretty significant investment.

Second, you need to be able to go from the position of the camera in the theater to the person doing the taping. Even if we assume that the camera position and the perpetrator's position are the same, people typically sit within a half meter or so of each other, so in a packed theater, there are probably about 4-8 people who potentially did the taping. Or, rather, you now know what seat they were sitting in. But theaters don't typically know where people are sitting, so now we need some way to keep records of where people are sitting, which either means IDing customers and having assigned seating, photographic records of where people are sitting, or both. That's a major change in the way theaters do business.

Of course, even if the theaters (or rather the movie distributors or MPAA) did all this stuff, if they actually started going after pirates this way, it should be pretty easy to circumvent. The low tech countermeasure is just to put the microphone somewhere else in the theater. The high tech countermeasure is to use signal processing techniques to tamper with the time signal, remove the theater-specific watermarks, or just fuzz things enough to remove the information used for positioning. For that matter, when you go into the theater to pirate the film you could presumably—and this is pretty advanced stuff—wear some sort of disguise.

UPDATE: I should probably mention that there's a /. thread on this, which is where I originally saw it. The remote mike idea was suggested there, but it's pretty immediately obvious as soon as you hear about this technique.


Well, if this means american theaters will start having assigned seating then I'm all for it. FCFS seating is just nuts and sooo 20th century.

I thought almost the same thing that you did when I saw this, Ekr. Knowing where in the theater someone shot the pirate version is useless, so who cares? As is often the case with such things, this is a neat hack developed without any connection to a real threat model.

My impression is that watermarking is to signal processing what quantum computing is to theoretical physics, or cryptography to number theory: a way for a massive oversupply of researchers in a once-proud field to make a claim to relevance. The result is a deluge of academic papers exploring every conceivable theoretical nook and cranny of "practical" watermarking technology, generated by researchers who actually neither know nor care about whether any real-world person would have the slightest interest in their work. The real audiences are the people who accept papers to conferences and journals, and who allocate research grants--and whose notion of a plausible claim to practical applicability is rarely much more accurate than the researchers'.

Quantum computing is actually pretty relevant -- what is insanely irrelevant is quantum cryptography.

I stand by my position on quantum computing, but will refrain from sullying Eric's blog with an off-topic argument...

No, please sully away. I'd like to hear your take on this.

Okay, since you insist... :^>

Basically, there is one thing that quantum computers have been found to be capable of doing much better than classical computers. That one thing has been characterized variously as "finding hidden subgroups", "solving the abelian stabilizer problem", or "finding periodicities in abelian groups". Because this one thing happens to lead to polynomial-time algorithms for integer factoring and discrete log, quantum computers have been bandied about as an incredible new computing technology, but the truth is that this one thing is really very limited in scope, and in a decade and a half, nobody's found another significant application for it.

Moreover, there are lots of (admittedly informal) reasons for believing that quantum computers can't really do anything interesting beyond this one thing. So we're left with a technology that, even if perfected*, is unlikely to be able to accomplish anything of interest beyond solving a certain narrow class of number theory problems.**

That's not the impression one gets from quantum computing researchers, though--they tend to treat quantum computers as a technology with limitless potential that could revolutionize computation. One hears, for instance, about their power to do arbitrary searches at astonishing speeds--based on the fact that Grover's algorithm gives a *quadratic* (that is, not particularly impressive) speedup for general search problems.

The motivation for this overselling isn't hard to understand. Quantum physicists (and theoretical computer scientists, for that matter) are suffering from a particularly bad case of academic bloat (too many researchers chasing too few important-yet-tractable problems), as their past strings of glamorous successes have petered out. By latching onto quantum computing, they hope to be able to extend their past reputations (and the gravy train of funding that goes with them).

*Note that I haven't even touched on the practical feasibility of quantum computing. Although I'm extremely skeptical that a working quantum computer will be built at an interesting scale--say, capable of factoring four thousand-bit numbers--within the next century, I'm not enough of an expert in the physics to rest my opinion of quantum computing on that amateur estimate. Combine it with my meager estimate of its algorithmic potential, though, and I feel comfortable dismissing it as of little practical relevance.

**It's true that the one thing they can do happens to include breaking just about all currently deployed public-key cryptography. But there are plenty of proposed public-key cryptosystems around that are immune to the powers of quantum computation as they are currently understood, and it's extremely likely that if the current ones fall to quantum computers, then at least one currently known alternative would turn out to be a more-than-satisfactory replacement.

To use an analogy, suppose that someone were to discover AES in particular to be vulnerable to a bizarre new theoretical attack that required the design and construction of an elaborate hypothetical computing device that would have no other useful application--assuming that it could even be built. The main effect of such a discovery, I suspect, would be to turn cryptographers away from AES and towards choosing a replacement, on the grounds that the new discovery indicated a possible fundamental weakness in AES. On the other hand, I doubt that anyone would bother wasting much effort trying to build the device itself--unless, that is, there were thousands of researchers out there whose specialty happened to qualify them perfectly for the task, and for very little else of practical interest to the world.

Well, as it happens, I find Quantum Computing interesting specifically because I'm a security guy and I find the cryptography applications relevant. Perhaps what this means is that we should be taking non-RSA non-DH algorithms more seriously.

Leave a comment