The Joint Photographic Expert Group, which oversees the JPEG format, met in Brussels today to discuss adding DRM to its format, so that there would be images that would be able to force your computer to stop you from uploading pictures to Pintrest or social media.
The Electronic Frontier Foundation's Jeremy Malcolm attended a JPEG meeting in Brussels today to try and explain why this is a terrible idea:
EFF attended the group's meeting in Brussels today to tell JPEG committee members why that would be a bad idea. Our presentation explains why cryptographers don't believe that DRM works, points out how DRM can infringe on the user's legal rights over a copyright work (such as fair use and quotation), and warns how it places security researchers at legal risk as well as making standardization more difficult. It doesn't even help to preserve the value of copyright works, since DRM-protected works and devices are less valued by users.
This doesn't mean that there is no place for cryptography in JPEG images. There are cases where it could be useful to have a system that allows the optional signing and encryption of JPEG metadata. For example, consider the use case of an image which contains personal information about the individual pictured—it might be useful to have that individual digitally sign the identifying metadata, and/or to encrypt it against access by unauthorized users. Applications could also act on this metadata, in the same way that already happens today; for example Facebook limits access to your Friends-only photos to those who you have marked as your friends.
There's No DRM in JPEG—Let's Keep It That Way
[Jeremy Malcolm/EFF]
