no photoshopping money

Wired says:
"Adobe Systems acknowledged Friday it quietly added technology to the world's best-known graphics software at the request of government regulators and international bankers to prevent consumers from making copies of the world's major currencies."

This was on Slashdot last week but reports seemed inconclusive about whether it was true. But now Adobe has admitted it, so I guess so!

Rumor has it that the trick is that there is some particular repeating constellation of dots that trigger the new "money crash" feature.

So the interesting and fucked up details here are,

  1. Adobe grabbed its ankles based on covert pressure from some unknown government agency: with what authority? And what kind of pressure was applied to make Adobe think it was worth investing engineering effort (equals money) into doing this? It's not an easy "feature" to add!

  2. This means that it's possible to construct a JPEG that Photoshop won't open. I don't know if that's been done yet, but Adobe has just added that feature! So presumably if you insert the right magic constellation of dots in your photo, you can know that nobody will be able to edit it with Photoshop: this could turn into a kind of halfassed general-purpose copy protection. (Which will work great until someone finds out the four-byte patch to make to Photoshop to turn off the new "feature", 80s-video-game-crack style.)

I'm curious to know exactly what Photoshop is looking for: presumably there's a "quick check" followed by a "slow check." I wonder how many false positives it's likely to encounter.

Update, Jan 14: Wired has another article about this that includes the detail, "The inner workings of the counterfeit deterrence system are so secret that not even Adobe is privy to them. The Central Bank Counterfeit Deterrence Group provides the software as a black box without revealing its precise inner workings." Nice!

Tags: , ,

36 Responses:

  1. lovingboth says:

    Scan some currency and experiment?

    I was told this over the weekend and didn't believe it (blush). Apparently, from what the person told me, UK £5 notes have the magic 'constellation' on both sides, but other UK notes only have it on the back. It's in the white section more usually thought of as being for the watermark of the Queen's head.

    The Bank of England has certainly worked with manufacturers of colour photocopiers before, in order to find colours and patterns that copy badly.

    • vincel says:

      £5 notes have them on the front and back. On the £10 they're on the front. On the £20 they're on the front, where they're aligned on musical staves to make them look like the bottom part of each individual "note."

      • ciphergoth says:

        They are on both sides of a Darwin £10 note: in the oval on the Queen side, under the foliage on the Darwin side.

        If they are on the Elgar side of a £20, I can't find them.

        I want a T-shirt with this pattern...

        • uon says:

          Markus Kuhn's PDF shows that the constellation was on the 50 Deutschmark note, which means this technique was being used before January 2002, when Germany moved to the Euro.

          A housemate and I checked a bunch of other notes which came to hand: it wasn't on the old five pound note (dated 1990), or on a Northern Irish fiver; it was on a 50 euro note.

          Is there any evidence that this is used on things like passports as well? I couldn't find any signs on my (1995-issue) UK one.

        • legolas says:

          Good luck on the t-shirt, don't try to make the picture in photoshop ;-)

  2. Here's a short piece by Markus Kuhn (PDF) on the pattern used on European and British bank notes. I think he also suggested putting this on letterheads.... I suspect that putting it on t-shirts wouldn't have what I guess is the intended effect, since presumably the filter is very carefully matched to the exact size and arrangement of spots, so perspective distortion would break it. I believe that there are also photocopiers which overprint this pattern on things which you copy; the intention is that if you operate, say, a map library, you want to allow people to make copies but have to make some kind of effort to stop them making further copies later on. And so was born another asinine "anti-copying" technology....

    Do US bank notes have this pattern?

  3. mirar says:

    It's on the Swedish 100 "ett hundra kronor" bill, both sides. Not on the 20 though.

  4. kallisti says:

    I wonder how many other companies have had governmental pressure to add "features" to their the NSA thing in Windows 98...or have been asked to withdraw products, like I am guessing happened to Computer Associates and Zero Knowledge Systems...anyone notice how soon after 9/11 both of them got out of the easily available encryption business?

    But then again, I *am* a Discordian, so I am by definition paranoid.(grin)


    • insomnia says:

      "I wonder how many other companies have had governmental pressure to add "features" to their software."

      Lots. And it's not just software, but hardware as well, especially when it comes to communications equipment.

      Specifically, there is the Communications Assistance for Law Enforcement Act of 1994, which was passed in a non-debated midnight vote on the final day of the 1994 congressional session. It forces hardware and software manufacturers to alter their "telecommunications products" (defined loosely) so that the government can conduct electronic surveilance. just got ahold of a restricted FBI document about this, specifically relating to the surveilance of voice-over-IP / "internet" phone calls. It says regarding such surveilance, "certain key functionality and features could be provided by CPE". CPE being "customer premise equipment", meaning the hardware, software, and equipment that resides in your residence. It is also made clear that similar functionality could exist at the switch/routing level at the local phone carrier's central offices, and talks about some kind of authentication between central office and CPE equipment so that CPE equipment without the surveilance features built in won't work. For more info, you may want to see my post here.

      The question regarding Adobe is what kind of force was needed to get them to put in these features. To the best of my knowledge, there is no legal basis to compel them to put in such changes, however, there may be legal liabilities for creating a product that enables counterfeiting. Chances are good that they put it in at the request of the US government, who, in turn, reembursed Adobe for the cost of installing such features.

      As for what Adobe got out of the deal, it could have simply been an offer that couldn't be refused. "Either you can make some money by programming these features for us at our cost, and rack up some government contracts in the process... or we can pay Microsoft (or someone else) for a competing product." ... or words to that effect.

      • kallisti says:

        Interesting! But in a bad way...

        As for threats, they could just sick the IRS after virtually any company and "find" things.

        Big Brother is here, now...he's just hiding behind a Bush...


    • shaver says:

      It's very romantic -- and flattering, I suppose -- to think that ZKS stopped running Freedom due to government pressure, but I think it was really an issue of money leaving by the bucketful and entering in thimbles. Market pressure did a fine job, so governments didn't need to apply any of their own (if that would indeed have been effective).

      I think everyone at ZKS wanted Freedom to succeed, but there were *so* many obstacles that I think that it was pretty much doomed in that form. Still, a fun ride.


      • kallisti says:

        I might have believed that if CA hadn't gotten out of PGP so soon afterwards...and I don't think that the PAIP events would have been so cheerful if ZKS was going down the tubes at the time.


        • jwz says:

          "I might have believed that if your 'facts' were as romantic as my fantasy."

          I hope you're 16, dude.

          • kallisti says:

            I see you forget the name and the symbol.

            ZKS had problems, yes. But too much happened in the wrong order for me to be totally sure that it wasn't "pushed". And I've worked on a number of companies that have gone belly up, as well as watched friends companies go belly up...and something about the whole ZKS thing felt really wrong. And as I stated before, being a Discordian *means* I am paranoid...but sometimes in a fun way.


            • jwz says:

              In my experience, being a "discordian" means that you're

              1. sixteen, or
              2. smoked way, way, way too much pot when you were sixteen.

              Certainly there seems to be little correlation with a grasp of economics.

        • shaver says:

          I can't speak for CA (I didn't work there), but there are lots of stories about ZKS' financial straits that I can point at without betraying any ex-employee confidence. I'm sure Ian was still cheerful, though; he usually weathered those storms pretty well, and PAIP was always a good time.


        • cypherpunk95 says:

          ZKS wasn't going down the tubes; just that project. I state without reservation that Freedom was (sadly) shut down for money reasons, and absolutely nothing to do with gov't pressure or 9/11. [But right now, ZKS is separately profitable in each of its consumer and enterprise businesses.]

          As for PAIP events being cheerful: could they be any other way? Have you ever been at one?

          [This is Ian, BTW.]

  5. sachmet says:

    Apparently there's already a workaround: Open the image in Image Ready, save it as a .PSD, then open it in Photoshop CS.

    Also apparently, if you blow it up to 150% or down to 75%, you can edit it, too.

    Just more proof that other people must know better than us what we want!

    • The scaling thing is precisely in keeping with the law.

      You're only allowed to reproduce images of US currency if the images are outside that 75%-150% range. That's been the legal restriction for years. Not that I'm too hot on a piece of commercial software implementing that restriction, mind you.

      • nothings says:

        That makes very little sense in this context. Images don't really have an inherent size, just a pixel (dot) count; an image printed at 300dpi is 4 times as big as the same set of pixels printed at 1200dpi. (The same thing obtains for displaying at different monitor resolutions, e.g. 640x480 vs. 1600x1200, but is entirely irrelevant.)

        Some image file formats do allow storing the intended relationship between pixels and inches; e.g. scanners might well report that data. But it would be easy to alter that data without actually scaling the image data. Just stomp a couple bytes in the file and now you're claiming that this is a scan of a 10' wide $20.

  6. skryche says:

    I believe Paintshop Pro has had this problem for a while.

  7. wisn says:

    Matt Skala has some commentary on this:

    and scans of the marks on Canadian currency with analysis::

    You can see the marks on the newest version of the US twenty - on the back of the bill is a random-seeming pattern of very tiny "20"s.

  8. four says:

    i guess the quick check would check what colors were being used.

  9. macguyver says:

    Wow, no more counterfitting. Thanks, Tom Ridge!

  10. malokai says:

    copiers do this already.

    isn't the secret service responsible for affairs in counterfiting? (If I'm wrong, don't blame me. Canadian and no coffee yet.)

    • devpreed says:

      isn't the secret service responsible for affairs in counterfiting?

      Even if they are, in John Ashcroft's America, everyone needs to take a role in preventing terrorism.

      And editing images in Photoshop is nothing more than terrorism. Every patriotic person knows that.

  11. king_mob says:

    (Which will work great until someone finds out the four-byte patch to make to Photoshop to turn off the new "feature", 80s-video-game-crack style.)

    They're much bigger than 4k, but we bad, bad people still do this all the time.

  12. bifrosty2k says:

    I guess its time to start GIMPing a bit more...

  13. brianenigma says:

    ...covert pressure from some unknown government agency

    If you have not already seen it, a cnet article talks about this agency in more detail. It seems the "Central Bank Counterfeit Deterrence Group" has a longer reach than the Secret Service. It also seems they do not have a web presence (at least that I could find in English--perhaps Google or I missed it. Alternately, they may have one in the native language of one of the other member countries).

    To quote the article,

    The code to detect such images came from the Central Bank Counterfeit Deterrence Group.

    I wonder how one obtains a copy of this code (or even just pseudocode or a description of the algorithms). That would be a giant first step toward your second item: constructing a legal image that cannot open, which in turn would be a good "Exhibit A" for the EFF.

    • Write to them and explain that you want to add the same features to some existing (free) image processing software, and need to know how it works. If they fail to tell you how to do it, well, you lose. Otherwise, implement same (with --enable-silly-circles-thingy configure option) and investigate....

      My guess is that it uses a Hough transform to find the circles and then looks for the pattern, perhaps by searching for pairs of circles separated by the proper distance relative to its radius. Brief experiments suggest that this should work OK:

      blue channel showing circles

      Hough transformed images showing bright spots

  14. legolas says:

    As for 1... Stories of companies making encryption machines giving in to pressure from the NSA are rather well documented, I thought (I seem to remember Iran buying from a Swiss company in the hopes of avoiding backdoor-ed equipment... and even the Swiss company gave in to the NSA). So maybe Adobe got an NSA visit as well... maybe the friendly NSA brought the code along too?

    Anyway, who has the latest photoshop and a good scanner then? Can some one try this? And what if I scan it upside down, sideways, ... ?

    Once we have such a scan, that photoshop won't open, we could start graying out areas to see where the pattern is (or if it's all over, or ...)
    If photoshop would open such a scan, that would be fun too, obviously... unless there are no notes yet that use this security technique.

    And would adobe be the first, or would this same technique be in all the good color copiers etc as well?

    • legolas says:

      I now see many of my questions and ideas have been put up above... Meental note to self: read first then post.

  15. mskala says:

    Okay, I guess this explains the large number of referral hits those two entries in my little backwater journal were getting.

    For the record, in addition to my two LJ entries mentioned by <lj user="wisn"> above, anyone interested in this stuff should probably read my two Lebwog entries 1 (speculation on social implications), 2 (pointer to Markus Kuhn's work), and this article I posted in sci.crypt (includes concise geometric description of the pattern).

    There are a couple dozen US Patents, and a few Canadian, European, and Japanese ones, covering this kind of technique, but I haven't been able to find one I could definitively link to the specific pattern that's actually fielded in banknotes. The closest one I could find was US Patent 5,845,008. Most of the relevant patents seem to be held by DigiMarc corporation, and to derive from the work of a group of Japanese inventors. The patents mostly apply to detection systems rather than the watermark pattern itself, which would make sense because in order to be widely deployed, the pattern itself would have to be widely available at no cost.