Megan has a question about security in the real world.
She saw an ebook company that encrypts the ebook using as a key
the person credit card number to place reliance presumably on the user
to decide whether it's safe to share it.
This sounds like a really bad idea to me to be embedding personal information
in the ebooks.
The goal here is to watermark, to have the digital content specific to each user
in a way that if they distribute copies of it--they put it on a file-sharing site
or they abuse the copyright in someway--
that it can be traced back to them.
There has been quite a bit of work on using cryptography to make watermarks,
especially in videos but also possibly in books and images.
You can embed something that makes each image unique and as hard to remove without breaking the image.
This is probably much harder to do for plaintext than it is for video
just because you can't really modify the text, but you could do things that--
and this gets a little towards stenography where you're hiding a message
inside something that looks like an unencrypted document.
You could be doing things where you are varying the spacing or you're changing
things that don't really affect the content.
Or, in the embedded information in the ebook that you don't actually see when you read it,
you could be hiding some extra information which could embed the identity
of the person who bought the book.
That would be possibly easy to strip out, so that's something that you need to worry about.
If you want to use a watermark--in this case it seems like it's a really improper way
to treat the customers if they're not knowing this is happening and especially if it's their
credit card information that could be used in a way that's abusing the user.
There are legitimate reasons to want to do watermarking of digital content like this
and cryptography provides a great way to do it.
The challenge if you're doing it for something like video is
you can do a lot of things to modify the video that might get rid of the watermark.
Simple things like using the lowest bits in each pixel to encode the watermark--
well, those are really easy to remove, because you can change all the lowest bits
in the pixels without changing what the video looks like.
So there are lots of clever schemes that  try to do things that are hard to remove,
like changing the timing of black screens between scenes and doing things
that are more pervasive in the whole image but still don't make the content broken.
There are lots of social issues here about whether you can secretly track people
and whether that should be illegal or encouraged
or what kind of authorization you need to do that.
Then there are interesting crypto issues of if it seems acceptable to do this in some context,
like when a Hollywood studio is distributing a movie.
They have a pretty good reason and good understanding of the people they distribute to
that they want to keep close track on it and find out if anyone is leaking copies early
to put a watermark in those things--to find a way to do that cryptographically
that can't be easily removed and doesn't damage the content in ways that are noticeable.
