The Center for Democracy & Technology today released a set of privacy principles for digital watermarking. The principles are intended to provide guidance on how those deploying the technology can and should take privacy into account.
Digital watermarking technology embeds information, in machine-readable form, within the content of a digital media file (typically image, audio, or video). In some applications, watermarks signal basic identifying information about the media file itself, such as its title or author. In other applications, watermarks can provide individualized user or transaction information. CDT's principles address privacy questions that may arise when watermarks provide information about individual consumers or users.
"Watermarking seems to be getting increased attention as a tool for facilitating digital content distribution," said David Sohn, Senior Policy Counsel for CDT. "But people are bound to wonder what it means if their media files contain embedded information that can be used to identify them. From both the consumer and content distributor perspective, it would be best to address these kinds of privacy questions in advance, on a proactive basis."
In developing its privacy principles for digital watermarking, CDT consulted with industry representatives and interested privacy advocates. The principles fall into the following eight categories:
1. Privacy by design - address privacy considerations in the early design and planning phases of digital watermarking applications, not late in the process as an afterthought;
2. Avoid embedding independently useful identifying information directly in watermark – so that even if unauthorized third parties learn how to read the watermarks, no meaningful information will be exposed;
3. Provide notice to end users - disclose the existence and other key information about individualized watermarks, with a prominence appropriate to the extent and likelihood of any possible privacy impact;
4. Control access to reading capability - so that members of the public who happen to obtain a watermarked file will not have easy access to the devices or software needed to read the watermarks;
5. Respond appropriately when algorithms are compromised - reconsider how much reliance to place on watermarking systems whose workings have been exposed, particularly if there is a risk that watermarks could be altered or forged;
6. Provide security and access controls for back-end databases - adopt rules and security safeguards to protect databases containing information about individuals from unauthorized access;
7. Limit uses for secondary purposes - design watermarking applications to avoid "mission creep," by collecting, retaining, and disclosing individualized information only as necessary for the application's intended purpose; and
8. Provide reasonable access and correction procedures for personally identifiable information - so that individuals have reasonable opportunity to correct inaccuracies in the data stored about them.