Industry Voices—Hawley: By itself, cybersecurity isn’t enough for 2020’s disrupted media industry

Mulan
Mulan was released on September 4 online and it almost immediately became one of the top 100 movie titles distributed on Pirate Bay. (Disney)
Steve Hawley Industry Voices

Being December, we're seeing lots of "what we learned this year" articles, at the end of the most disruptive year in recent memory. Lately I have been learning about cybersecurity. One year-end article warns that data centers are being infiltrated by ransomware attacks - which were up seven-fold, mid-year according to one study- and recommends a backup strategy. Cybersecurity firm Randori projects that ransomware attacks will extend into enterprise cloud infrastructure and threaten corporate executives. Companies are reminding employees of basic enterprise data security practices for remote workers. While valuable on their own, they fall short for the media industry.

Two major December incidents by nation-state actors have given cybersecurity some unwanted exposure. First, tools offered by FireEye, which are used by government agencies, financial services companies and other major corporations to prevent cyber-attacks were compromised by Russian cyber-experts. Then, it was discovered that the update servers of SolarWinds, another producer of IT security management tools, was used for months to distribute a malware agent called SUNBURST, which was designed to disable malware detection tools. As of this writing, progress has been made to disable SUNBURST.

But is "cybersecurity" enough for the media industry?

One of the more visible disruptions in the media industry this year has been that major theatrical movies are no longer necessarily theatrical. Disney's live-action Mulan shows us one vision of the new movie release windows: first released on Disney+ for $29, it became available on Disney+ for no additional fee, beginning on December 4 (which Disney had announced back in September).

On almost the same day, WarnerMedia gave us its own vision: that it's entire 2021 theatrical movie line-up will be released via HBO Max on the same days that they will be released in theatres; thereby up-ending many contractual agreements with actors and other talent.

Now open for piracy business

What does this mean for piracy? In a phrase, it's open season. Mulan was released on September 4 online and it almost immediately became one of the top 100 movie titles distributed on Pirate Bay. By September 5, downloads reached nearly a million worldwide. Small wonder, since it was released at such a high price point.

Mulan BitTorrent downloads, September 2020. (South China Morning Post)

One of the movie's target markets was China, where there were nearly 50,000 downloads on the day of release, and 400,000 before the movie's theatrical release on Sept. 11.

Mulan escaped before it was released

In fact, Mulan was available via Pirate Bay long before its official release. Looking for instances of Mulan on Pirate Bay, sure enough, there was one as early as May. And people were looking for it. According to Google Trends, there was a murmur of searches for 'Stream Mulan' for weeks before the movie's release, not to mention the enormous spike in demand beginning on September 4.

Requests for 'stream mulan' prior to Mulan's release. (Google Trends)

As they say in the movies, it only needs to be stolen once. Then it becomes a seed for worldwide distribution.

So, what do we do about it?

Many of us concerned about the theft of valuable media assets – not to mention the impact that this has on the industry by stealing the revenue that pays creative professionals – look toward technology to detect infringing instances and flag them for mitigation (with the help of an ecosystem of law enforcement, judicial systems and many others).

We hear so much about forensic watermarking and monitoring, as well as AI and machine learning to detect anomalous or infringing use of content distributed by premium video services. But we don't hear quite as much about cybersecurity.

MovieLabs addresses higher-order cybersecurity concerns

While generic cybersecurity practices are critically important, they mainly deal with physical and network related security issues, and don't fully get to the unique concerns of media security.

Guidelines set by Motion Picture Laboratories (aka MovieLabs) are at a higher level in value-chain; identifying standardized use-cases, relationships and processes that provide accountability, not just security.  More like Layers 4 and higher in the standard ISO/OSI (Open Systems Interconnection) networking model, as opposed to Layers 4 and below.

MovieLabs guidelines around production security include:

MovieLabs is best known in video security technology circles as author of the famous "MovieLabs Spec" (the Enhanced Content Protection - ECP - Specification), which identifies DRM and watermarking guidelines for Ultra HD content. This spec was updated in December 2020, to add television use-cases.

MovieLabs Digital Distribution Framework. (MovieLabs)

MovieLabs, by the way, also published Production Resumption guidelines for video producers as they resume operations post-COVID.

Steve Hawley is managing director of Piracy Monitor, which provides news and insights about video and audiovisual content piracy, and its effects on video providers, creative professionals and on consumers. Subscribe to the E-Newsletter to receive news and updates. Piracy Monitor is active in four areas: Piracy awareness, Market intelligence, Industry marketing and Consulting. Mr. Hawley is also a contributing analyst to Parks Associates and S&P Global Market Intelligence.

Industry Voices are opinion columns written by outside contributors—often industry experts or analysts—who are invited to the conversation by FierceVideo staff. They do not represent the opinions of FierceVideo.