By Steve Hawley
Being December, we’re seeing lots of “what we learned in 2020” articles, at the end of the most disruptive year in recent memory. Lately I have been learning about cybersecurity.
Companies are reminding employees of basic enterprise data security practices for remote workers. But that’s been just a start.
One year-end article warns that data centers are being infiltrated by ransomware attacks – which were up seven-fold, mid-year according to one study– and recommends a backup strategy. Cybersecurity firm Randori projects that ransomware attacks will extend into enterprise cloud infrastructure and threaten corporate executives.
While valuable on their own, they fall short for the media industry.
Two major December incidents by nation-state actors have given cybersecurity some unwanted exposure. First, tools offered by FireEye, which are used by government agencies, financial services companies and other major corporations to prevent cyber-attacks were compromised by Russian cyber-experts.
Then, it was discovered that servers of SolarWinds, another producer of IT security management tools, were used for months to distribute a malware agent called SUNBURST, which was designed to disable malware detection tools. As of this writing, progress has been made to disable SUNBURST.
Meanwhile, there were reports that two investment firms which together hold 70% of SolarWinds stock and six of SolarWinds’ board seats shorted the stock “shortly” before the breach was made public, which may prompt an insider trading investigation – into an “infringement” of a different kind. But back on topic…
So is “cybersecurity” enough for the media industry?
One of the more visible disruptions in the media industry this year has been that major theatrical movies are no longer necessarily theatrical. Disney’s live-action Mulan shows us one vision of the new movie release windows: first released on Disney+ for $29, it became available on Disney+ for no additional fee, beginning on December 4 (which Disney had announced back in September).
On almost the same day, Warner Media gave us its own vision: that it’s entire 2021 theatrical movie line-up will be released via HBO Max on the same days that they will be released in theatres; thereby up-ending many contractual agreements with actors and other talent.
Now open for piracy business
What does this mean for piracy? In a phrase, it’s open season. While Mulan was released on September 4th online, it almost immediately became one of the top 100 movie titles distributed on Pirate Bay. By September 5, downloads reached nearly a million worldwide. Small wonder, since it was released at such a high price point.
One of the movie’s target markets was China, where there were nearly 50,000 downloads on the day of release, and 400,000 before the movie’s theatrical release on Sept. 11.
Mulan escaped before she was released
In fact, Mulan was available via Pirate Bay long before its official release. Looking for instances of Mulan on Pirate Bay, sure enough, there was one as early as May.
And people were looking for it. According to Google Trends, there was a murmur of searches for ‘stream Mulan‘ for weeks before the movie’s release, not to mention the enormous spike in demand beginning on September 4th.
As they say in the movies, it only needs to be stolen once. Then it becomes a seed for worldwide distribution.
So what do we do about it?
Many of us concerned about the theft of valuable media assets – not to mention the impact that this has on the industry by stealing the revenue that pays creative professionals – look toward technology to detect infringing instances and flag them for mitigation (with the help of an ecosystem of law enforcement, judicial systems and many others).
We hear so much about forensic watermarking and monitoring, as well as AI and ML to detect anomalous or infringing use of content distributed by premium video services. Implemented correctly, DRM is another effective tool in the battle, and although we don’t hear quite as much about cybersecurity in these disussions, it’s important too. But the overall piracy problem is much deeper and broader, and must be looked at holistically by vendor-neutral brokers.
MovieLabs addresses higher-order cybersecurity concerns
While generic cybersecurity practices are critically important, they mainly deal with physical and network related security issues, and don’t fully get to the unique concerns of media security.
Guidelines set by Motion Picture Laboratories (aka MovieLabs) are at a higher level in value-chain; identifying standardized use-cases, relationships and processes that provide accountability, not just security. More like Layers 4 and higher in the standard ISO/OSI (Open Systems Interconnection) networking model, as opposed to Layers 4 and below.
MovieLabs guidelines around production security include:
- A vision for production comprised of three key workstreams: New Cloud Foundation, Security & Access, and Software-Defined Workflows.
- An ontology that provides “a standard, organizing framework to capture and surface the inherent relationships between works and other entities as part of that core data infrastructure.”
- The MovieLabs Digital Distribution Framework (MDDF), which includes guidelines for file and image delivery, and Best Practices for implementing them.
- The asset ordering and delivery process, which deals with (among other things) processes associated with the delivery of assets.
MovieLabs is best known in video security technology circles as author of the famous “MovieLabs Spec” (the Enhanced Content Protection – ECP – Specification), which identifies DRM and watermarking guidelines for Ultra HD content. A new version was released in December 2020, to add television use-cases.
MovieLabs, by the way, also published Production Resumption guidelines for video producers as they resume operations post-COVID.