An intellectual property (IP) expert witness advises on a case involving two companies who are battling over copyrighted computer software. The plaintiff provides digital asset management services to organizations needing to store and retrieve photos, video, and audio data files in easily retrievable format. Its software provides a unified approach to organizing, storing and securing critical digital information, surpassing previous imaging processing applications such as Jvt. An add-on feature permits users to measure the real-life length of objects in a photo or distances between objects in a photo. Using the software required signing an agreement not to license the product to another party, limiting the number of computers and users, and prohibiting transferring the software to another party.
The defendant is a competitor that also sells digital evidence management software. It has offered a similar add-on module. The plaintiff alleges that one of the defendant’s sales and product development tactics has been to induce the plaintiff’s customers to violate their user agreement by giving the defendant’s employees access to the software and providing copies of it.
The plaintiff alleges that the defendant unlawfully obtained one or more copies of the software and misappropriated it by copying, decompiling, disassembling and/or modifying the software to circumvent plaintiff’s technological copyright protection measures that control access to the software.
The plaintiff hired an intellectual property (IP) / forensic science expert witness and filed suit for copyright infringement.
Question(s) For Expert Witness
- 1. What are the methods for authenticating digital media?
- 2. Are any better or more accurate than the others?
Expert Witness Response
The authentication of digital media consists of myriad of techniques that attack the problem in different ways and at different points in the imaging pipeline. For example, hashing technology can be used to verify that the contents of a recording have not changed from any moment in time after which a hash is extracted. Digital watermarking, implemented in software or camera hardware, can be used to verify that the contents of a recording have not changed since the time at which the watermark was inserted. Digital forensic techniques can be used to verify the recording’s underlying file structure and the physical plausibility of a recording. And lastly, visual inspection by a trained analyst can be used to verify the physical plausibility of a recording.
Each of these techniques has their relative strengths and weaknesses. For example, the mathematically well understood hashing technology can be highly secure and difficult to hack, but is only able to authenticate recordings up to the point at which the hash was extracted. Digital watermarking is less secure than hashing but is more flexible in that recordings can be authenticated even if they undergo simple and innocuous alterations such as re-saving or re-compression. Digital forensic techniques have the advantage that they can reach further back into time and validate the actual scene content in the absence of any hash or watermark. These techniques, however, are significantly less secure than hashing and watermarking and suffer from the well-known recapture attack in which, for example, an image is captured, manipulated, displayed on a high-quality display and re-photographed. Similarly, these techniques cannot distinguish between a partially or fully staged scene. And lastly, visual inspection techniques have the advantage that a trained analyst can analyze complex scene structure that is outside of the reach of modern-day forensic techniques. On the other hand, visual inspection can, in some situations, be highly subjective or error-prone.
Each of these and related authentication technologies trade-off security with assumptions and constraints. At one end of the spectrum is hashing technology which can be highly secure but is constrained to operate only within a specific imaging pipeline and workflow. At the other end of the spectrum are digital forensic techniques that make minimal assumptions about the imaging pipeline and workflow, but are less secure and more vulnerable to counter-attacks.
It is important to recognize that the notion of authentication is a bit of a misnomer. In particular, when one finds evidence of manipulation in a recording due to a mismatched hash, a missing watermark, an invalid file structure, a physical inconsistency in the recording, or an obvious visual discrepancy in the recording, then one can safely and reasonably conclude that the recoding is not authentic. In the absence of any such discrepancy, however, one cannot not conclude that the recording is authentic. One can only conclude that no inconsistencies were found in the recording and the recording is either authentic, staged, the result of a recapture attack, or a very good fake. This fundamental limitation is not unique to digital forensics, it is present in all forms of authentication from currency to artwork, historical documents, etc.
I’ve reviewed the reports of plaintiff’s experts, each of whom mis-state or mis-represent the fundamental nature of authentication of digital media. In particular, all techniques, be it hashing, watermarking, forensic analysis, or visual inspection, perform some form of authentication with varying degrees of security and assumptions.
The intellectual property expert witness is a computer science professor and founder of a company devoted to imaging forensic technologies and software.