You may remember that forgedf photograph of John Kerry and Jane Fonda together made by mashing up photos of them taken in different places a year apart. Well, now the original photographers have asked Corbis (from which the photos were presumably taken) to track down the masher-up.
My instinctive reaction is "good luck." It's hard enough finding the source of viruses released into the wild. Without going back and subpoenaing the various suckers, I mean sites taken in by the forgery, figuring out the path of a forwarded meme is a Herculean task -- and even with subpoena power, probably won't work against someone determined to hide their tracks.
But Cordbis claims to have special tools in this fight -- watermarks and digital fingerprints. The watermark is the "corbis" that appears faintly superimposed on all of the sample images on the Corbis site; the digitial fingerprint is presumably hidden in the bits of the watermark-free version you get when you log in. The idea is that somehow the combination of the two will let Corbis figure out who mashed up the photos.
Perhaps. But I can tell you a story in which these digital tattletales don't help. Our PhotoShop expert goes in and strips the watermark. I'm no expert here, but it doesn't seem all that difficult for someone good enough to make a convincing mash-up in the first place. If the watermark were opaque, that would have been a different matter, but it looks to me like just a matter of undoing an alpha-channel blend with a known image, which is both straightforward and deterministic.
But -- says Corbis -- that would be a DMCA 1202(b) violation! Oho! Gotcha now! The fallacy is the same one that undergirds many misguided spam solutions: adding another penalty for knavery doesnt, by itself, help you catch the knaves. Every time you stare closely enough at the DMCA, it winds up being either horrirfic or redundant.
Of course, if the mash-up was made with fingerprinted images instead of watermarked ones, Corbis has a shot at figuring out which users of its site were the ones who originally downloaded the images. But that alone doesn't show you who made the mash-up, any more than knowing who published the mash-up shows you who made it. It's the same problem, flipped: you're staring at one end of a (potentially) long chain of forwarding, wondering where along that chain a particular mutation took place.