Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Mandatory Banknote Detection Code? 434

metamatic writes "The European Union is planning to introduce legislation to make it mandatory for software developers to add black-box banknote detection code to their graphics software.How will this apply to open source software? Is it time to get writing to your Euro-MP?"
This discussion has been archived. No new comments can be posted.

Mandatory Banknote Detection Code?

Comments Filter:
  • Duh...? (Score:5, Insightful)

    by beh ( 4759 ) * on Sunday June 06, 2004 @11:51AM (#9350677)
    It's interesting that now the EU wants to push problems with more
    and more counterfeiting money appearing on the market to graphics
    software makers...

    How do they think, that this will improve the situation? Look at
    what TODAY's Gimp, Photoshop, and others can do... All I would need
    to do is stick with a current version and not upgrade, if I really
    wanted to counterfeit money on my own. And if you would integrate
    this into the printers, then I'll just print the banknote in two or
    three passes (always just print another part of the banknote so
    that the printer will never get to see the whole thing in one go).

    Why not integrate this into the FUTURE banknotes (they already have RFIDs in there, don't they? All it would need to take would be to issue unique codes to EACH banknote so that they could verify the identity of the banknote there)
    • Re:Duh...? (Score:5, Interesting)

      by AtomicBomb ( 173897 ) on Sunday June 06, 2004 @11:59AM (#9350739) Homepage
      Or use a solution that is available now:
      Australia and New Zealand have adopted "plastic" notes for a while... I believe it is a big barrier for the cottage counterfeiting groups.
      • Re:Duh...? (Score:5, Interesting)

        by mog007 ( 677810 ) <> on Sunday June 06, 2004 @12:39PM (#9351010)
        Austrailia has done a good job with thwarting forgery in more than just the media that the bills are printed on. Really good counterfeiting operations in the United States take a batch of one dollar bills and bleach them to remove all the stuff from the one, except they protect the serial number, then they reprint a higher bill's value onto it. That won't work in Austrailia, because every bill has braille and the larger the note's value, the larger the note. A one and a five arn't the same size.
        • Re:Duh...? (Score:3, Informative)

          by Weirdofreak ( 769987 )
          the larger the note's value, the larger the note
          Same in the UK, but I don't think it's true for the Euro. However, there isn't a great deal of difference in size, and most people would just see the 20 and think, Says 20, not regular paper, magnetic strip, it's a 20.

          The braille seems like a good idea, and easy to implement - assuming politicians or whoever else makes these decisions knows about them, why not adopt it? Good for PR (counterfeiters might not like them, but the blind people would - and blind p
          • Re:Duh...? (Score:4, Informative)

            by avij ( 105924 ) on Sunday June 06, 2004 @01:18PM (#9351234) Homepage
            The more valuable Euro banknotes are indeed physically larger than less valuable notes. Here's a link for you [].

            As for braille, the notes do not have any braille codes on them, but the banknotes are printed in relief, using a special printing method known as intaglio. The EUR 200 and EUR 500 banknotes have tactile marks printed in intaglio and positioned along their edges. This should help blind people to recognize the notes.
        • Re:Duh...? (Score:4, Informative)

          by Anonymous Coward on Sunday June 06, 2004 @01:56PM (#9351428)
          We don't have one dollar bills mog. ;-)

          Another thing that would make it difficult is the plastic window thingy on the notes.
          Each note has a transparent section on it. The transparent section is a different design and shape for different values of the note.

          Even if the notes weren't difference sizes and textures, even if it were possible to bleach them some how. The transparent section would still be different for different values of notes.

          I must say I like the plastic money over our old paper money, I've saved hundreds of dollars in potentially lost money from the washing machine.
          • Re:Duh...? (Score:3, Interesting)

            by caseih ( 160668 )
            Austrialia used to have paper money? That's strange. No currency I know of has been printed on paper for many years. Most are currently printed on some kind of cloth (such as cotton). While the wear characteristics of cotton are nowhere near as good as plastic, I have washed many bills in the washing machine (some on purpose) and they come out great. In fact, after ironing, they often are almost as crisp as brand new bills.
            • Re:Duh...? (Score:3, Funny)

              by HermanAB ( 661181 )
              Exactly - that is where the term money laundering comes from. Cocaine dealers used to wash the money to remove cocaine traces - nowadays almost all money has cocaine traces, so they stopped doing that, otherwise a batch of clean money would indicate drug money...
        • Re:Duh...? (Score:3, Informative)

          by ozbird ( 127571 )
          every bill has braille ...

          No braille, but the notes have intaglio print (raised ink) so that you can feel the design; this may be of use to the blind to identify the note.
          The different length of notes was to allow the use of a note gauge - insert the note, read the braille value that remains exposed.

          Here is a list of the security features [] of Australian banknotes.
    • Re:Duh...? (Score:5, Interesting)

      by maxwell demon ( 590494 ) on Sunday June 06, 2004 @12:06PM (#9350804) Journal
      Well, Euro banknotes already have unique codes printed on them. E.g. I've got here one starting with X0688...

      But of course, the unique codes only help partially: If you get two banknotes with the same code, you know one has to be wrong. But if you get only one banknote with a given code, how do you know if it's the original one or a copy? Also, when replicating per printer, it probably would't be too hard to give every one a different number.

      But Euro banknotes have some security measures which I can't see how to replicate with a printer (like a metallic surface strip).

      They don't have RFID, though (and I hope they'll not have them in the future - I wouldn't feel too well if any potential thief could just use an RFID reader to find out in advance if stealing my wallet would be worthwhile).
    • SARCASM We should put a unique code on every piece of paper money. We could call it a serial number. The americans could even put it on either side of the president's head. /SARCASM

      The problem is that people don't check to see if the serial number is valid every time they receive a bill. Not only is that ridiculous, but there isn't even a way to check it.

      Also, by code they meant source code.

      FLAME Next time try basic reading comprehension. /FLAME
    • Re:Duh...? (Score:3, Interesting)

      by einhverfr ( 238914 )
      I am not sure that being able to trace the path that a given banknote took would be good for privacy, so I am not sure that RFID is a good solution here. Cash is also needed for this privacy reason (otherwise, why not just issue everyone bank card readers for settling personal debts? I am sure that the hardware could be made secure enough and any fraud would be auditable).

      To my knowledge most anti-counterfeiting measures tend to rely on:

      1: Security through obscurity (features which are difficult to det
  • by OwlofCreamCheese ( 645015 ) on Sunday June 06, 2004 @11:51AM (#9350679)
    next time on CSI: man rendered invisible to the magic zoom-in photo software by wearing suit made of dollar bills
  • Photoshop does this (Score:5, Informative)

    by b0lt ( 729408 ) on Sunday June 06, 2004 @11:52AM (#9350681)
    Link here []
  • by Cytlid ( 95255 ) on Sunday June 06, 2004 @11:52AM (#9350690)
    I'm not an OSS developer, but I would think they would ignore this. What's next? McDonald's pays software companies enough money to include their trademark detection? So you can't scan/recreate/modify/distribute their likiness?

    I know they're probably attempting to stop (appearently) rampant counterfitting... but where will it end? I once scanned a dollar and sent it to someone on IRC as a joke (they said, someone DCC me some money). There has to be a better way. Like I said, isn't this really just admitting defeat?
  • Stupid answer... (Score:3, Insightful)

    by djsmiley ( 752149 ) <> on Sunday June 06, 2004 @11:53AM (#9350697) Homepage Journal
    Ok ill just go buy a OLD scanner, and find a older version of photoshop.

    Kinda locking the door after the horse has bolted dont we think people?

    oh and FP ! \o/
  • Nice. (Score:3, Informative)

    by schotty ( 519567 ) on Sunday June 06, 2004 @11:54AM (#9350698) Homepage
    As far as in the USA, most scanners will print something over the scanned money. Generally its "Void" in stripes over the entire scan. Copiers are worse. There are several Xerox models that will literally lock up until a service tech fixes it if American money is inserted.

    I see little in the need to copy a bill. We all have issues with forgeries and counterfitting ruining the value of the dollar/euro. Why not?
    • Re:Nice. (Score:5, Insightful)

      by HeghmoH ( 13204 ) on Sunday June 06, 2004 @12:04PM (#9350783) Homepage Journal
      Why not?

      Wrong question.

      Whenever restrictions are proposed, it is those who are for it who must answer the question, "Why?" It is not necessary for those who oppose a restriction to answer the question "Why not?"
    • Re:Nice. (Score:3, Interesting)

      by Jeremy Erwin ( 2054 )
      In the states at least, it's not unknown for advertisements to include images of dollar bills, either enlarged to above 200%, or reduced to below 75%, so as to comply with treasury regulations.

      The proposed lockout algorithms would prevent this, even if the finished output complied with existing laws. It's very roughly analogous to the DMCA, which forbids all potentially infringing use, and fair use too.

      (Yeah yeah. In the US, banknote designs are protected by a different title. But in Europe, it's common f
    • Re:Nice. (Score:3, Funny)

      by Agent Green ( 231202 ) *
      That's funny...especially since my employer almost exclusively uses Xerox copiers. Imagine...if all those copiers were shut down on $5...I figure it'd take me about 30 minutes to visit each one and render all of them useless. :)
  • Really... (Score:2, Insightful)

    by b0lt ( 729408 )
    They (the counterfeiters) will just switch to another product, such as Macromedia Fireworks, GIMP, or Inkscape. This will only hurt the companies creating the products. Also, on another point, will there be GIMP EU edition, and GIMP Everyone Else Edition? How will this work?
  • by Erwos ( 553607 )
    Just because your software is open-source doesn't make it suddenly immune to the laws of your country.

    • The open source software is not immune to the law s of your country, but allows easily to break them.
      If Adobe adds banknote detection code into Photoshop, you can't easily remove it.
      OSS, instead, allows you to compile the software from the source.
      So it would be easy to remove from gimp the banknote detection code.
      Of course doing that would be a crime, but who cares ? I mean, if somebody is going to forge fake money he's already breaking the laws.

      just my two cents,

    • Just because your software is open-source doesn't make it suddenly immune to the laws of your country.
      And how, pray tell, can the EU force a open-source software developper in Taiwan to incorporate their code in his program???? Or, for that matter, prevent people in the EU from downloading and using it???
    • 1. How can your software be open source if it includes this 'black box' detection code? Sure can't be GPL.

      2. How is this law going to be effective even if the detection software is in the open source photo editors? They're OPEN SOURCE, you can just not compile in the detection module.

      3. Is this law *really* going to be effective, even if you ignore the open source implications?
  • by Anonymous Coward on Sunday June 06, 2004 @11:55AM (#9350706)
    ...will software developers be required to keep up with new note faces? If old software blocks all note faces as of 2004, will developers face penalties for not updating their software in 2008 when the currency is redesigned?

    I don't like the idea of being legally required to update old software. Will this happen?
  • T-shirts (Score:5, Interesting)

    by Alsee ( 515537 ) on Sunday June 06, 2004 @11:55AM (#9350707) Homepage
    Does anyone know of a source for T-shirts with this yellow five circle pattern? Any photo with you in it would be impossible to digitally edit with the new software.

    • The only way you could arrive at a T-Shirt with the five-circle patern is if you were intentionally starting with it and working around it. The formula for the patern is so complex you're not likely to hit it by happenstance.
    • Re:T-shirts (Score:3, Informative)

      by Gorath99 ( 746654 )
      >Does anyone know of a source for T-shirts with this yellow five circle pattern? Any photo with you in it would be impossible to digitally edit with the new software.

      Cool idea. Won't work though

      The positioning of the circles with respect to the other circles is very important. Unless you've got an extremely flat abdomen, the positioning will get screwed up. And well, this being /. and all, I kinda doubt that you have such abs :-)

    • Re:T-shirts (Score:5, Funny)

      by Andy_R ( 114137 ) on Sunday June 06, 2004 @01:42PM (#9351362) Homepage Journal
      I tried to make one, but the damn graphic software wouldn't let me!
    • Here's a shirt that has it.

      Can't Copy Me Tshirt []

  • Impossible... (Score:5, Insightful)

    by mancontr ( 775899 ) on Sunday June 06, 2004 @11:56AM (#9350718)
    In an Open Source app, it can stop someone who don't know C from doing something, but if you know C you can simply remove the added code...
    • Even if it is closed source, you can hack it. People have been doing this for ages and I am sure that right now it is trivial to find any number of cracks that remove this Photoshop restriction.
    • Re:Impossible... (Score:3, Insightful)

      by SuperBanana ( 662181 )
      In an Open Source app, it can stop someone who don't know C from doing something, but if you know C you can simply remove the added code...

      How did this get modded 5, Insightful?

      Which part of "black box" didn't you understand? Didn't you pick up on the fact that the legislation may require it be impossible to remove, thus making it impossible to have an open-source graphics program hosted or written by anyone in the EU? Those issues aside, how about the technical difficulties behind trying to provide

      • Re:Impossible... (Score:3, Insightful)

        And so someone just downloads an app from somewhere not in the EU... It won't stop counterfeiters, and counterfeiting is already illegal. It is an attempt at a non-feasible technical fix to a law enforcement problem.
    • Re:Impossible... (Score:4, Insightful)

      by pr0c ( 604875 ) on Sunday June 06, 2004 @03:10PM (#9351827)
      Exactly... can likely be done with two characters


      Furthermore, I find it hard to beleive all these crackers can get around product registration, serial numbers and all that and yet another person can't remove the money check code from closed source products.
  • by jeffkjo1 ( 663413 ) on Sunday June 06, 2004 @11:57AM (#9350724) Homepage
    From the article:

    The copies are often good enough to fool vending machines. By using a fake 20 note to purchase a 2 rail fare, the criminal can take away 18 in genuine change.

    Follow this logic: While we can't make vending machines clever enough to tell the difference between real dollars and fake ones, we can make your computer smart enough to not let you do anything with money.
    This'll work.....
    • by gilroy ( 155262 ) on Sunday June 06, 2004 @12:08PM (#9350818) Homepage Journal
      Blockquoth the poster:

      Follow this logic: While we can't make vending machines clever enough to tell the difference between real dollars and fake ones, we can make your computer smart enough to not let you do anything with money.

      No, you miss the point. Modifying the vending machines would cost corporations money. Instead they'd rather put the onus on the end user -- we should pay to protect their investment. Or, put succinctly, business as usual.
      • No, you're missing the point. Nothing ever just costs corporations money. If it costs them money, it will cost the end user money too. You don't really think that costs have nothing to do with market price, do you?

        You need to take some elementary economics, friend.
    • And what about... (Score:3, Insightful)

      by carlmenezes ( 204187 )
      Legitimate uses of graphics software to manipulate currency images? What if I'm doing some research on the different types of currency or the history of currency? Do I need to get some kinda of congressional approval? Heck, what about simple history? The history of the 20 dollar bill? I have an image of a dollar bill and would like to resize it to fit my article?
      This does not seem to be the right solution to me. Too many false-positives. I think somebody has already mentioned plastic bank notes.
      Besides will
  • Makes me wonder why us geeks try over here. Every time something comes along we wish to support the bastards in Brussels decide that screwing it up with more totally useless laws is a great idea.

    Makes me wonder if Microsoft is slipping money into pockets over here to try and kill open source.
  • useless (Score:5, Insightful)

    by curator_thew ( 778098 ) on Sunday June 06, 2004 @11:59AM (#9350738)

    This is useless. Banknotes do, and should, have security markers on them that cannot be produced by normal software tools anyway (I am thinking of markers that have tactile feel, holograms, etc). Thus, you need advanced techniques to forge these: and anyone capable of such advanced techniques is going to be able to work around any of these standard software embedded countermeasures.

    All these countermeasures are doing is addressing joe average who uses a scanner, photoshop and a printer to make poor forgeries: exactly the type of forgeries that are picked up easily.

    Further: I'd like to hear more detailed assessment of forgery rates, nature of how forgeries are constructed and so on, to determine whether the cost of all of this is really justified.

    • The true test would be how likely a consumer equipment made $20 bill would be accepted by randomly selected store cashiers among their normal traffic. Sure, such people should know to look for the stripe and other security features in a real $20, but among the hustle of their other business, would they think to check all the bills in a stack of seven handed to them for a $130 order?

      A counterfeit bill doesn't have to be accepted by a bank to be profitable... the counterfeiter can pass the bill to any cash-a
    • Re:useless (Score:4, Informative)

      by avij ( 105924 ) * on Sunday June 06, 2004 @01:42PM (#9351357) Homepage
      Yes I agree, the banknote detection code is just an annoyance, it doesn't really stop the forgeries.

      As for forgery rates, there were 551 286 found counterfeit Euro banknotes in 2003, most of them were 50 EUR notes. This can be seen from the annual report [] of the European Central Bank [], see chapter 3.2.
  • GPL (Score:2, Interesting)

    by Okeanos ( 739925 )
    How will this black-box banknote detection code work with GPL'ed software? If it's going to be added to a GPL project it can't be proprietary anymore.
  • The goal (Score:4, Interesting)

    by gr8_phk ( 621180 ) on Sunday June 06, 2004 @12:03PM (#9350775)
    The goal is not to prevent fake money entirely, it's to prevent casual criminals. Anyone willing to scan and print money today can probably do so. Organized crime will always be able to do it, as they have the resources. Sure, GIMP could be patched to use this detection software. Sure, you could remove the patch. Your neighbor and the other countless casual criminals will not know how to remove it.

    I think I read somewhere that a large percentage of the fake money is actually created by everyday people. This is an effort to stop that. If they think it's something more they're kidding themselves.

  • by kompiluj ( 677438 ) on Sunday June 06, 2004 @12:05PM (#9350796)
    Obviously adding any black-box code to a system with open source won't accomplish anything. I remeber hacking the OptimalJ by Compuware []. It is a big application written in Java (so you can assume it to be Open Source - for instance use this []), but it had some black-box module that has checked licenses and operating system. We were at the time OptimalJ licensee (so NO unlawful activity when copyright is considered) but wanted to run OptimalJ on FreeBSD (was 2xfaster than on Linux and 4xfaster than on Windows). Point was that this black-box module checked the operating system and made impossible for the program to start if it was not linux or windows. So we simply did circumvent the whole black-box module.
    In my personal opinion if you want such regulations to have any effect both OpenSource and posession, use and selling of compilers/decompilers should be controlled by the state the same way as heavy arms/munitions. In particular it should be banned to own/use/sell/produce compilation tools, exept in the case you are a professional company having obtained a suitable license.
    • This is really the goal of microsofts "un-trusted computing" (calling it trusted in my view is the same as supporting it) the end goal is tamper-proof hardware that will just break if you try anything. Theres simply no way to ban compilers otherwise and as you say, any black-box software methods can just be circumnavigated, the only way is locked down hardware and thats something we have to be afraid of.

  • slower work (Score:2, Insightful)

    by meatbridge ( 443871 )
    if photoshop has to run each pic through a detection algorithim wouldn't that slow things down a bit. not that a slightly slower photoshop matters to most people, but i batch process thousands of frames for animations. maybe it wouldn't be a big slow down for one scan or import but it would for the amount that i process. and it doesn't really seem like this is going to stop anything.
  • by John Seminal ( 698722 ) on Sunday June 06, 2004 @12:07PM (#9350809) Journal
    I am suprised they would stop printers or use software to stop copies of money. What I would suspect they would do is instead, print a series of dots so small they are next to undetectable, which would identify where the printer was sold. I would think the Secret Service would be more interested in catching who is doing the counterfeiting in the USA. By knowing some things like what city/region the printer was sold in, where the money was used, one can start to paint a portrait of the counterfeiter. How is it the movie industry is using invisible dots in movies to catch people who illegaly tape films?

    And unlike the movies, I bet they are doing this in secret. Other things they could add to software is the printer to have small dots indicating when the money was print (based on the bios or os of the system), or maybe something to identify the system it was printed (like something unique like the mac address of the nic or something equally unique).

    • The authorities would rather prevent the crime than catch the people who did it after they've done it. The hope is that the college student who casually copies a $20 bill to go see a movie will realize it's not that easy and then give up.

      Sure, the determined copier of $1,000,000 worth of cash won't be stopped by this... but that's not the goal here. The goal is to stop the little guys so that more resources are free to go after the big guys in other ways.
  • by TheSHAD0W ( 258774 ) on Sunday June 06, 2004 @12:07PM (#9350810) Homepage
    At least with open-source, you'll be able to disable the @!#$)@*!@#$ detection when the thing decides your new graphic work is actually money and your boss starts screaming at you...
  • by DeadBugs ( 546475 ) on Sunday June 06, 2004 @12:09PM (#9350823) Homepage
    Dear European Union,
    I am an open source software developer. Could you please send me samples of all EU notes, so that I can include image protection in my software. 10-20 copies of each should be enough to complete the work needed.
  • by Weaselmancer ( 533834 ) on Sunday June 06, 2004 @12:09PM (#9350825)

    I just know some idiot will latch on to this and use it as an excuse why OSS is bad/evil/wrong.

    See? We can tell Adobe to lock down their software to stop counterfeiting, and it happens. But not those OSS people. Having the source means you can change the source. It makes counterfeiting possible, promotes communism, and makes baby Jesus cry.

    Unfortunately, it's not the software that's the problem - it's the law thinking it can mandate things like this that's the problem. But you watch - OSS is going to take a beating for this anyhow.


  • EU in the dark (Score:4, Insightful)

    by t_allardyce ( 48447 ) on Sunday June 06, 2004 @12:09PM (#9350826) Journal
    Just by even saying this it prooves without doubt that the EU has absolutely no idea about the issues involved. Have they even asked experts? do they have a technical panel? Even im qualified to say that this will not work and is a stupid in-the-clouds idea, why don't they atleast make a start and hire me?! ill work for next to nothing and i could sort out all their stupid issues on DRM, bank-note detection, censorship and patent laws, im not biased to any corporation im not even biased towards open-source (much). Can't they take a look at slashdot now and then? Or are they all corrupt already.

  • I don't understand how it is possible to be 100% sure that people will keep that black box into a piece of software distributed as source code. The black box is likely to be a binary-only library, but people can modify the surrounding code not to call the library.
    Will it be a criminal offence to compile out the black box in graphics programs used within the EU? I bet it will, as soon as legislators realize that open source SW exists.
    Will open source developers living outside the EU add the black box to thei
  • I saw this in the article and found it Here []

    nifty info
  • Rather then changing the virtual world, I think its time for the affected countries to 'upgrade' their banknote manufacturing processes.

    I am going to try scanning a coin, printing it, then using it on a vending machine. Somehow MAYBE it won't work... Hmm... Maybe try on a laser printer...

  • ...will only inconvenience legitimate users.

    It may also stop some teenagers from printing up obvious fakes and landing themselves years in prison. Of course, this wouldn't be so huge an issue if ambitious politicians didn't insist on throwing the book at them.

    Criminals will go "oh, that's cute" and switch to something else, implement a workaround, or whatever it takes to keep business running.

    The rest of us will have to deal with software self-destructing, hardware seizing up, open source projects bec

  • by cgenman ( 325138 ) on Sunday June 06, 2004 @12:15PM (#9350869) Homepage
    Why is it we must resort to trying to push back the tide of capable graphics applications, when we really should just make money harder to counterfit? Why not have money with two different types of paper? Or with embedded RFID tags? Or with some form of cheezy hologram? Or a multi-level print system? What about bumpy, raised sections?

    The fact of the matter is, there are many ways to make money more robust, and there are many excellent detection schemes on the market today. That US dollar bill marker is a good example. But like that US dollar bill marker, nobody uses them. It ads another thing to do. It's easier to just push this all onto the people making graphics applications, and assume the worst. Of course this will shut down most open source software packages and any pictures of money in commercials, but that's a small price to pay for piece of mind, right?

  • Photoshop and other graphic suites already have this in place, without the legal requirement to do so. You can bet that there won't be much resistance from them because they are already in compliance with this. Frankly, as someone who would never have to scan in money, I am quite indifferent about it, especially since I have been handed counterfeit cash twice (that I know) by a food vendor at my school. I am not saying that I want this law to pass anywhere, it's just that I think there are bigger battles to
  • Black Box Code? (Score:3, Insightful)

    by Bistronaut ( 267467 ) on Sunday June 06, 2004 @12:19PM (#9350898) Homepage Journal

    That's stupid - there's no such thing as black box code. If a computer can read it, a person can use a computer to read it. There's no such thing as black box code. That's the "soft" part of software.

    In order to have "black box" information of any kind (code or no), you have to have some physical device that does not let that information out. A "black box" that can't be opened without destroying the information.

    So they're going to make a law that requires "black box code", but there is no such thing. Brilliant.

  • by mrjb ( 547783 ) on Sunday June 06, 2004 @12:19PM (#9350901)
    1. Take open source graphics software
    2. Remove banknote detection module
    3. Profit!

    The problem is proving (2) as long as I keep the modified software to myself. Oops - of course I meant-- as long as the counterfeiter keeps the modified software to himself. Come on, criminals break laws. A law more or less isn't going to make that much of a difference.
  • by Effugas ( 2378 ) on Sunday June 06, 2004 @12:23PM (#9350919) Homepage

    OK. The last time this came up, it consumed about twelve straight hours of hackery. You can go ahead and play with some of the black boxed code using the demo version of Paint Shop Pro [] (or the latest Photoshops). Let me tell you: This has nothing to do with the circles. I was actually quite saddened by this fact, as I was planning to print up a "secure t-shirt" that would be unphotographable and unprintable by modern image manipulators. (It'd be a great excuse to talk at Black Hat wearing a T-Shirt *laughs*).

    Alas, such adventures were not to be had. Experimenting with copy/paste between an unprotected app and the demo PSP, it quickly became clear that while some old copiers might indeed trigger on the inter-circle distances, counterfeiters now had a vastly more difficult system to fight. What there seems to be is some sort of size and position invariant image fingerprint function, probably wavelet based, that receives the full image after every large scale image transform, executes a fingerprint matching vs. a confidence value, and returns true or false depending on what the confidence threshold is set to. It's not perfect -- Stirmark [] does seem to cause the algorithm to occasionally stumble, though not consistently (see this gallery [] for details) -- but it's very good work nonetheless.

    Certainly, it does not appear possible to manipulate the watermarking system to create new and unique images that appear, computationally, to still be money. That's a very good thing. And while it's somewhat problematic to have code refusing to obey its controller, the integrity of the financial system really is an important thing. Remember the privacy case for cash -- if paper money becomes something we all distrust, what exactly are we left with? The fault with the RFID approach is that it forces us to carry a reader to validate funds. If we cannot self-validate, we cannot trust (notably, the biggest weakness with the metal strip approach is that we cannot quickly notice that the metal strip has been removed -- the wealth is actually thus represented not by the bill but by an invisible strip of iron and plastic!).

    I do not think that image manipulation software is the right place to put this code, specifically because it's too easy to write an image editor from scratch (what are you going to do, ban compilers?). Scanners and printers are however sufficiently single sourced that they're far superior places to trust that anti-counterfeiting logic will be in place. But then, that's just IMHO.


    • by D4C5CE ( 578304 )
      what are you going to do, ban compilers?

      Shsh... don't you give 'em politicians new ideas!
      "Overheard from imaginary Members 1 to 4 of Some Parliament:"

      1. You know, everyone and their Mum at their kitchen table can now write programs that can be used to forge money, so we must outlaw unlicensed development tools immediately!
      2. So that's another good reason for what the representatives of MicScoSoft who invited me for dinner at the Deluxe Grand Hotel last week proposed too? They are saying people abuse these v
    • by 0x0d0a ( 568518 ) on Sunday June 06, 2004 @03:42PM (#9351997) Journal
      There are a number of problems with adding such code to printers:

      * It is difficult to update. All counterfeiters have to do is find *one* image that can get past the blocking code. Futhermore, there is a *huge* set of printers out there that have no such blocking.

      * Printers have limited memory and CPU capabilities. I really think that HP will not be thrilled with blowing a bunch of each on doing "currency detection" on every chunk of every page for each country that latches onto this.

      * Printers have only the ability to "block". "Blocking" penalties for a detection of counterfeiting is the *easiest* variety of protection, since people just poke at their images until they print. Photoshop or other can "phone home". Some folks might think ahead enough to have a fully-disconnected computer, but as network connectivity grows...and it only takes one "phone home" with a detected serial number of a page of bills that are showing up with bogus numbers to nail someone.

      * Printers were never designed to be highly secure embedded devices (for example, a number have easily-replaced firmware slots). It's a good bet that printer manufacturers don't go to a lot of trouble to hide diagnostic data. Sure, no random counterfeiter might be able to crack such a system -- but (a) there's lots of money involved to hire such a geek, and (b) there are major "geek points" involved in figuring out how to break such a system, and legitimate reasons for doing so. Remember the Xbox -- yes, it was cracked so that people could put Linux on it, but it opens things up to piracy. What if people want to improve image quality, add their own rendering engines (because it's not like they can easily build modern printers in their basement)? When someone distributes detailed instructions for how to disable such protection, it won't take a brilliant counterfeiter to beat the thing.

      I really think that this is more a case of "we need to do something new with our currency". Currency was designed in a day and age when it was hard to accurately reproduce detailed images on a piece of paper. It was a very good design for that environment. I think that if we had to come up with a new system, we'd have something wildly different today.

      You know what *could* make a major improvement?

      Smart cards replacing "stupid magnetic strip" credit cards.

      Currently, the reason that you can't use credit cards everywhere is because the credit card companies rake in money on each card, and it imposes overhead that not every retailer wants to pay (in vendor fees and per-charge costs).

      Smart cards (with *associated readers*) make credit card fraud much more difficult, and thus reduce credit card company costs, and ultimately reduce prices to retailers.

      This will help produce smart cards be more commonly used.

      Of course, the downside is the big credit card issue -- more easy tracking of money flow, which is a bit Orwellian. Technically, it's possible to build a system that doesn't track fund flows (and still has the hard-to-counterfeit benefits), even if your credit card vendor is malicious, but there is probably little public interest in such a property. Plus, given the commercial value of people's credit card records (and pressure from law enforcement to monitor them) I don't think that it will happen.
  • by johnthorensen ( 539527 ) on Sunday June 06, 2004 @12:25PM (#9350931)
    Similar to gun control measures, this only does one thing - takes a perfectly legal thing out of the hands of law-abiding people.

    In this case, circumventing the technology (PARTICULARLY IF IT'S IN AN OSS PROJECT!) will prove to be fairly trivial to criminal counterfeiters. I myself can think of several ways that would take all of 5 minutes, although I won't share them here because I don't want the black helicopters landing on my front lawn.

    In the meantime, some 37-year-old woman, with no criminal intent, trying to scan money to use in some car dealer's newspaper ad (DEALS DEALS! CASH BACK!) is going to go crazy. Likewise for the Art 101 student trying to make a collage out of GWB's face and the US $100. Likewise for the vending machine engineer trying to scan bills to teach the reader how to recognize them. And so on...

  • by D4C5CE ( 578304 ) on Sunday June 06, 2004 @12:34PM (#9350974) Europe has even more surprises in store for us:
    money-wise, such as banknotes with RFID serial numbers (making anonymous transactions impossible even for cash, plus creating a huge data trail even for innocuous daily purchases, and finally giving robbers the opportunity to single out the most promising victim before aiming their gun or swinging the baseball bat), which seems to scare even the RFID industry itself [], and
    , especially with respect to the creation of dangerous additional intellectual property rights (undue powers for copyright holders, and software/business method patents) [].

    This database [] should give everyone a good idea whom to elect, and whom to vote out of office ASAP.

    The fact that so few people participate in European elections only adds to the weight of your votes.

    A reasonably composed European Parliament (which can now veto most of the proposals by Commission and Council) is our best chance for (more) sensible lawmaking in the future.

  • by rice_burners_suck ( 243660 ) on Sunday June 06, 2004 @12:40PM (#9351014)
    The European version of the GIMP:

    /* Do NOT remove this code!!!!!!!!1111 */
    if (eu_banknote_detect())
    return (ERROR_912);
    if (us_banknote_detect())
    return (ERROR_913);

    Of course, nobody would ever think to remove that code!!!

    I think that ultimately, a lot of software companies would push for this because they would want to see free software made illegal for one reason or another. The problem is that even in closed source proprietary black box software, someone who wants to counterfeit money will figure out, or hire someone to figure out, how to disable that code. And no matter how obfuscated the code is made, it is ALWAYS possible to do something like that. It's only a matter of time and money, and to the counterfeiters, the money is practically free anyway.

    Technological measures designed to enforce the law will never work. While they might keep the honest people honest, those people are, by definition, honest anyway; but the dishonest will find a way around it. For example, by using old graphics software, or by modifying current software, be it free/open or proprietary.

    I say just make the bills much harder to counterfeit, and do it in such a way that it's easy to detect the fake ones.

  • Profit! (Score:4, Funny)

    by presearch ( 214913 ) on Sunday June 06, 2004 @12:45PM (#9351054)
    Create an army of autonomous solar powered hyper-Roombas.
    Have them with scamper about with a video grabber and the black box algorithm.
    Set them loose to harvest money.

    Seriously, it seems to me that the black box library would just be
    as easily used as a dependable proof reader for money image duplicators,
    and a much more easily targeted point of failure.
  • Although the /. post says that the banknote detection software is "black-box", I see nothing to that effect in the Observer article. I wonder if in fact the software is closed source. If it isn't, then it isn't a problem for FLOSS, leaving aside details of license compatibility.

Thus spake the master programmer: "Time for you to leave." -- Geoffrey James, "The Tao of Programming"