In the ``real world'' the users have only a limited understanding of the underlying mechanisms of image watermarking. They don't want to spend hours of training to use one function of their image processing software. Watermarking should be like a ``black box'' where the user enters his original image and by some magic the box outputs the watermarked image. No specific user understanding should be necessary.
Usually artists are the designers of images. The observation that
artists don't like to degrade their work deliberately by inserting a
watermark leads us to believe that they will either insert a weak
watermark![[*]](http://paris.cs.berkeley.edu/~perrig/icons/foot_motif.gif){kind=icon}
or not insert
anything at all. Security is not a strong enough argument to convince
artists to lower their image quality.
We can see that the user interface (UI) becomes very important: it must present the user with a clear model of the effects of watermarking and protect him from misuse. It needs to iron out users' misconceptions about the watermarking technique. This observation is equally true for other security software. [Whi97] showed that the security of the system should not rely on user understanding but be an implicit behavior of the software. Therefore the UI becomes a crucial point in any security system.
Let's step away from UI concerns and let's take a look at another way the real world challenges image copyrighting. The scenario is the following: in a country that does not adhere to the Berne convention on copyright protection a malicious person sets up his web-server distributing copyrighted images, music, etc. There is no way to prevent this person from his ``illegal'' distribution as the country does not provide the legal basis for prosecution. All forms of intellectual property share this common problem. The past has shown that such scenarios are not far fetched. In fact the number of incidents prove that this attack is quite common. The situation gets worse as the Internet expands its range with high speed connections to countries that are ``traditionally'' known for copyright infringement. If these countries do not change their laws, this problem can not be solved trivially by technical means.
The legal enforcement of copyright infringement in countries that enforce the Berne convention of copyright protection is not a simple task either. First, it is difficult to prove copyright infringement in court. The complication is that we can't just say ``Mallory distributed my copyrighted image on her web-server'' but we need sound evidence for the fraud. For example an impartial witness could provide for a resolution. But again, things look differently in the real world. Web servers don't send non-repudiable responses. Therefore how can the witness really know where the data came from? In a possible scenario let's say that Mallory tries to convince Alice that Bob stole her image. But Bob is a good person and would not steal any images. So Mallory needs to trick Alice. One simple way to trick her is by DNS spoofing; when Alice accesses http://www.bob.com/image.gif the DNS server replies with a wrong address for www.bob.com, namely one of Mallory's servers. The server then shows the ``stolen'' image to Alice.
In the other case where Mallory really did steal Alice's image, Alice starts a law suit. But during this process, Mallory will surely remove the stolen image from the server. In the case where Alice first consults a notary to look at Mallory's web-site and confirm that the stolen image really is stored there, Mallory might refuse to send the image to notaries. This would certainly be difficult to achieve but it would be technically feasible.
Web-spiders which scan the web for stolen images face the same problem as stated above: the web-server detects that the request originates from the spider and it will then not forward any illegal images to that site, or replace them with other bogus images. Access controlled or pay-sites present another problem to the web-spider. It can not access the contents without paying or authenticating itself. Unfortunately we believe that the largest part of copyright infringement comes from access controlled sites. These problems present high barriers for any web-spider to overcome.
Various schemes have been proposed to do rights management [Int97,Cox96]. Rights management is where the information distributor can give usage access rights to the client. For example he could declare that only viewing, not printing of the image is possible. This sounds feasible at first, but again, things look differently in the real world. Even if the rights are enforced by using a tamper-proof smartcard in everybody's PC that checks the access rights prior to any action, the image can be stolen anyway. While the image is displayed on the screen, the information has to be present somewhere in the PC's memory. Therefore that memory can also be read by another program and saved. Watermarking faces a similar problem: the image already has to be present somewhere in memory before the watermark can be extracted.
A reason why things look differently in the real world is that the systems are used in ways not foreseen by the system designers. In watermarking we could imagine the following problem: Instead of showing the stolen image at once on a web-page, Mallory chops up the image into small blocks and creates many small images. In the web-page, the images are then arranged such that the viewer can see the original image again. Unfortunately, the individual images are too small to carry an extractable watermark. Only if multiple blocks were merged could the watermark could be extracted again. Therefore a web-spider could never detect the fraud, because it only considers each image individually.