M+E Daily

Media and entertainment (M&E) companies have a lot to learn from military and intelligence security initiatives, and it would be a great idea to start handling M&E content like national secrets, according to Thinklogical advisor Curtis Staples.

Members of the military and intelligence community “don’t trust anybody” when it comes to the protection of sensitive information, he said during the session “Protect Your Content Like a National Secret: What M&E Can Learn from Military & Intelligence Security” Dec. 6 at the Content Protection Summit in Los Angeles.

“Every single human being is a threat” in the military and intelligence sector “and I believe we’re heading in that direction” in the M&E community also, he told the summit. “If you’ve got people working in the building and there’s a movie down the hall … it’s only a matter of time” before content winds up in the wrong hands, he said.

After all, recent content leaks demonstrate that content creators are subject to many of the same threats to their data as government agencies. External cyberattacks and internal bad actors all contribute to piracy, hacks and content theft that compromises distribution schedules and reduces revenue.

Some of the latest innovations in M&E post-production infrastructures leverage military-grade security features and capabilities to maximize content protection, and it’s in the best interest of M&E companies not taking advantage of them yet to start doing so, according to Staples. He pointed out that Thinklogical customers run the gamut from ESPN to U.S. government agencies.

“In the military world/intelligence sector, they’re collecting information from wherever they can get their hands on it, it’s being processed, talked about, modified. They’re filtering the data. They’re comparing all kinds of things looking for patterns. It’s analyzed. And ultimately they have to make a decision” on how it’s disseminated, he said.

Information is “coming in from everywhere, as you can imagine, and they have different levels of security” in the military and intelligence sector, he said, adding: “There’s top secret. There’s secret, which is I guess less secret than top secret. There’s confidential. We know what that is. It’s on all the contracts we sign. And then there’s unclassified. The top three are various levels of classified.”

But “these guys are obviously lightweights because in our business we know everything is top secret,” he said, joking at least in part, and was greeted with laughs from the audience.

“They have a rulebook, which is probably what our rulebook is going to look like in CDSA land down the road” because “we need to assure that the information we have is safe.”

“It all starts here: a computer, a workstation, keyboard, mouse and display, and the device,” he said. One simple device that stands to hurt all M&E companies is a 2-TB USB flash drive, he said, referring to it as “the predator.” After all, he noted, “you can put 13 two-hour movies on that little pocket device” and it only takes two minutes to download each movie to it. You can also transfer eight full movies in uncompressed HD in just 3 minutes and two uncompressed Ultra High-Def (UHD) feature movies two hours in length in just 12 minutes a film, he pointed out.

So, it’s imperative that M&E companies get all that important data out of the building entirely, he said. All their proxy content should be moved to the public cloud and all master content should be moved to a heavily secure private cloud, he suggested. Companies including Thinklogic offer solutions that help organizations do the latter, where systems aren’t connected to the Internet and those who want to access content must have the right fingerprint and iris to access it, he said.

Companies should also consider encrypting email and cut down – and even eliminate, if at all possible – emailing content via attachments, he warned.

There are solutions already available that allow one to send pixels to a screen so that nobody can see exactly what is included in the content, with no computers or video cards involved, he noted. What you’ll see is just a “waterfall of pixels coming to my screen that are only there while I’m looking at them and that’s what I see,” he said.

But “the downside with almost all of these” solutions is that you’re almost always dealing with compression issues, so “you’re not seeing the real picture,” and that makes it hard to master a film, he said, adding there also usually latency issues. The master file also isn’t being addressed and “that’s the stuff that’s sitting around in third-party facilities everywhere, where human beings work, where every single one of them has multiple points of access,” he said. “Worst of all, somewhere in those machines, one way or the other, they’re connected to the Internet,” he said.

He went on: “We want no compression, we want no latency, we want no dark frames, no artifacts…. We want it to feel like we’re pushing play and it’s the master right now in this room.”
Those in the military and intelligence sector will use matrix switches and other technology to “change what’s on the screens in a heartbeat to nothing to something else,” depending on the security levels of people at the location, he said. But “we’re not very good at that” kind of thing in the M&E world, he pointed out.

“If we thought about this as though these were national secrets, we wouldn’t behave the way we behave,” he said, adding: “It’s only a matter of time. And it’s going to be one waterfall moment after another cascading and, as ridiculous as some of these things may sound to our business, we’ll be doing all of them in five to 10 years – maybe less.”

Staples has worked on feature films where metadata was included as attachments in emails between multiple people over many months, he said. That practice is “exposing so much metadata” that includes contract and other sensitive information, he told the summit, adding: “It’s really got to stop because it’s going to end the life for companies.”

What we also need desperately in the M&E sector is a “place for our stuff,” he said, noting: “Nobody’s built encrypted lockers for us to put those little things in… It needs to go somewhere, like a locker in a bus station where I can call you and give you the combination and you can go and open that locker and get that thing. That’s what we need, and it needs to be tied to the workflow” and integrated into software tools that can be used easily. Only then will we see M&E workers not routinely sending content via email attachments, he said.

Distributing encrypted storage, in which a file is divided up into many bits and sent out to multiple locations, is another option that can be added to the mix, he said, adding: “The thing that will be at the foundation of this will be blockchain.” That technology wasn’t talked about much today, but will be a year from now, he predicted.

The Content Protection Summit was produced by MESA and CDSA, presented by MediaSilo, and sponsored by Independent Security Evaluators, Aspera, the Digital Watermarking Alliance, Menlo Security, Microsoft Azure, NAGRA, NexGuard, Convergent Risks, HGST, PwC, Thinklogical, Avid, Militus Cybersecurity Solutions, Amazon Web Services and Bob Gold & Associates.