Digital locks called DRM might be coming to JPEGs

Ray Walsh

Ray Walsh

October 14, 2015

Digital Rights Management (DRM) is a type of technology that allows rights holders and companies to place a digital lock on their product. This digital lock is used to restrict the ways in which intellectual property can be used, most often to stop pirates from copying and sharing that intellectual property with unauthorised users. For this reason, DRM is commonly used by copyright owners such as film, music or book companies.

It is also often used by software creators to limit the number of instances (or devices), on which a piece of software can be installed. Ever bought a game and only been able to install it on one or two computers? That is DRM.

DRM works in two ways. Encryption is used to protect the content, and an authentication system is created to limit usage to the authorised buyer. When DRM is put on a digital product, the encryption jumbles up all the data within the file, making it impossible to access the content unless you are the authorised user with the appropriate key.

DRM often comes under severe criticism from people who do not feel it is fair to limit the ways in which buyers can use their purchase. Why should you have to play your game only on your PC? What if you visit your friend or relative and want to play it there? What if you want to copy your songs to another device for some reason, but have already reached the DRM limit? These rights are considered fair use and any DRM that steps on people’s ability to freely use any product that they have bought is seen as unfair and wrong.

A few years ago, under pressure from Hollywood, Netflix, Microsoft, and Google, DRM was placed on the HTML5 language that is used to make content for the World Wide Web (EME). This created a heated debate amongst people who felt it went against the idea of an open internet. Now a very similar discussion is underway about the possible addition of DRM to the popular JPEG image format,

‘The JPEG committee investigates solutions to assure privacy and security when sharing photos on social networks, (stock) photography databases, etc. JPEG Privacy & Security will provide new functionality to JPEG encoded images such as ensuring privacy, maintaining data integrity, and protecting intellectual rights, while maintaining backwards and forward compatibility to existing JPEG legacy solutions.’

Some of the details (German language) about the application of DRM on the legacy JPEG format is worrying people, who feel that DRM would put too many conditions on the widely used image format. At the moment, DRM is already present in the professional version of JPEGs known as JPEG2000. However, Jeremy Malcolm, Senior Global Policy Analyst at Electronic Frontier Foundation (EFF), explains that this particular DRM (JPSEC pdf) has not affected most people. Something that EFF feels would occur if DRM were placed on ordinary JPEGs,

‘Usage of JPEG 2000 is limited to highly specialized applications such as medical imaging, broadcast and cinema image workflows, and archival, therefore the availability of DRM in JPEG 2000 hasn’t affected the use of images online, where the legacy JPEG format remains dominant. Now, the JPEG Privacy and Security group is considering essentially backporting DRM to legacy JPEG images, which would have a much broader impact on the open Web.

On Monday, EFF members attended a scheduled meeting in Brussels to express their concern at the possible addition of DRM to Legacy JPEGs. In its presentation, EFF urged JPEG committee members to limit any cryptography they intend to place on the widely used image format to the optional signing and encryption of metadata in JPEGs,

‘Consider the use case of an image which contains personal information about the individual pictured—it might be useful to have that individual digitally sign the identifying metadata, and/or to encrypt it against access by unauthorized users. Applications could also act on this metadata, in the same way that already happens today; for example Facebook limits access to your Friends-only photos to those who you have marked as your friends.’

EFF feels that a Public Key Infrastructure (PKI) would benefit users by improving privacy and security, and allowing users to control what metadata about themselves is present in a JPEG. What the EFF is against, however, is the possibility that DRM will be implemented in a way that encroaches on fair use. ‘We warn against any attempt to use the file format itself to enforce the privacy or security restrictions that its metadata describes, by locking up the image or limiting the operations that can be performed on it,’ says Jeremy Malcolm.

‘Cryptographers don’t believe that DRM works,’ he adds. Pointing out that ‘DRM can infringe on [a] user’s legal rights over a copyrighted work (such as fair use and quotation), and… doesn’t even help to preserve the value of copyright works, since DRM-protected works and devices are less valued by users.’

EFF is not the only organisation that is against the use of DRM either. Defective by Design (DBD) has been a long-time critic of the loathed digital locks, itself running a campaign against the use of DRM in HTML. Zak Ragoff, the campaign manager, told BestVPN that DBD supports the EFF’s stance,

‘Digital Restrictions Management in all forms turns users’ computers against them and threaten their freedom, privacy and security. We need to keep it out of the mainstream JPEG standard for the good of individual users and for the health of the Web in general. This is just one front of a larger battle against DRM – Defective by Design is currently engaged in a multi-year effort to prevent DRM from being added to the official HTML standards by big media and Internet companies. Users, whatever platform or media format you depend on, unite against DRM!’

For now it is unknown what will happen. However, if the past is any indication it is likely that if DRM is written into JPEGs we can expect companies to start restricting the use of any images that they own. A PDF of the EFF’s presentation to the JPEG committee can be accessed on their website here, for anybody who is interested in learning what the EFF said at the meeting.

Your Information will never be shared with any third party.
Enter your email address to receive your Beginner's Guide to Online Security for Free
You'll also receive great privacy news and exclusive software deals!
Enter your email to get the ebook:
Your Information will never be shared with any third party.
Enter your email address to receive your Ultimate Online Privacy Guide eBook!
You'll also receive great privacy news and exclusive software deals!
Enter your email to get the eBook:
Special VPN Deal
Exclusive Offer
Get a Special Deal - 72% OFF!
With a biannual subscription
Exclusive Offer for Visitors!
50% Off Annual Plan
Limited Time Only
Exclusive price of
Exclusive Offer
Get NordVPN for only
Exclusive Offer
Get NordVPN for only