Warner Bros. recently trolled Pokémon fans with a fake leak of Detective Pikachu, which turned out to be a 100-minute video of Pikachu dancing. Jokes aside, content leaks represent huge costs to media properties in both clean-up and lost revenue, and a large portion of them come from seemingly mundane scenarios.
Like when Mr. Bigshot Film Critic shares his screener password with his wife who then shares it with her — oops! — book club or when the VP of marketing at XYZ Studios leaves her iPad unlocked, giving her kids access to share, say, the final episode of TV’s most popular show ever.
When it comes to pre-release content, all kinds of people representing all levels of tech and security savvy may have access to your most important content. A network may be sharing show previews with press reviewers, predominantly TV, film, and cultural critics. Authorized viewers might also include VIPs such as writers, directors, and actors; an external post-production or marketing team; and internal team members tasked with sharing the content. A single mundane mishap can cause problems that range from damaged media properties to very costly clean-up.
Good news is most leaks can be prevented with a few simple measures, but when a leak happens, you’ll first need to trace the sequence of events, including who shared the content and how. Start by asking these three questions:
What’s the content?
Is it cultish or nerdy with a strong fanbase? Does it have a highly anticipated reveal? Has it been well marketed? If you answer yes to any of these, chances are someone out there likes the content and thinks everyone should see it right away.
What controls were in place when the content owner shared it?
Did they lower their guard either accidentally or on purpose? Why did they lower their guard? Were they, for instance, helping an executive log in who forgot her password? Or was it something else? Typically, they’re trying to reduce friction for someone they trust to access the content.
How did the authorized user lose custody of the content?
Was it shared on purpose or by accident? With or without their knowledge? Authorized users don’t usually pirate content directly. In fact, they sometimes share it on purpose, which leads to the first threat: oversharing.
Threat #1: Oversharing or “The Lover Threat”
Who else in your life knows at least one password you use whether it’s for your laptop or email? At least one person — your partner, family member, or BFF — likely has access to your digital assets. Often where there’s a relationship in place (romantic or otherwise), there’s a risk that the authorized user will intentionally share access with an unauthorized user. We call this “The Lover Threat.”
Here’s how it might happen. Let’s say you’re a TV critic who got a screener of a pilot from a network’s PR firm. You share it with your boo, thinking you’ll change the password to the screener later. That person probably doesn’t pose a threat, but what if he shares it with someone else who has no loyalty to you?
Or maybe you forward the email invitation to the screener, and whoever receives it — can you really control who does or doesn’t? — downloads, rips, or shares the file? Things can get hairy fast.
When you’re searching for a software solution to these issues, be sure that it includes the following security measures.
- Magic Link login
The best antidote to passwords? No passwords at all. Systems that use an email verification process like Magic Link ensure that the content is only accessible through the reviewer’s email, so there’s no longer a password to forward or share.
- Multifactor Authentication (MFA)
Since email can be compromised and passwords shared, content owners should be able to turn on MFA as an additional layer of protection. Multifactor involves authenticating your identity with a code from a third-party application like Authy or Google Auth, typically on your smartphone. The downside to MFA is that it adds an extra step to login and can be troublesome if you lose your phone, which is why we also recommend alternatives like biometrics and physical security key, which we discuss below.
- Visible watermarking
Visible watermarking takes the form of a personalized watermark burned onto a video file the moment a viewer presses play. The authorized viewer’s name and email immediately appear on the video player, communicating that the viewer is, in some ways, also being watched.
- Forensic watermarking
In addition to the visible layer, you can find software like our own SafeStream that includes an invisible watermarking system that can help analyze and track down the leaky workflow and user.
- Digital Rights Management (DRM)
DRM is a set of technologies that allows content owners to issue time-limited licenses to content and offer enhanced security. It locks down the player, which makes ripping the video harder.
- NDAs and legal contracts
We recommend that all networks and content owners ask reviewers to sign nondisclosure agreements (NDAs) and other legally binding contracts and to train them how not to share content.
With these features in place, it becomes much harder for users to share content, accidentally or otherwise.
At SHIFT, we include all of these security measures in Screeners.com, a screening app for networks to share pre-release content with a variety of viewers.
Threat #2: Stored Credentials or “The Open iPad”
One threat has recently worsened and is more common than we realized: when an unauthorized user has standing access or can gain access to an authorized user's credentials. We call this “The Open iPad” because devices save passwords that people reuse and share, and family and friends often know each other’s password habits and four- to six-digit passcodes.
In the scenario shown above, a network’s publicist may not know that the reviewer has a secondary device with direct access to the content or indirectly through email. Anyone who knows how to get into the device can break in and leak its content.
Here, Magic Link directly addresses the password-storing and sharing issue — no more passwords! MFA also helps in this situation as long as the authenticator app also isn’t registered on the same device. At SHIFT, we prefer to register the device and to expire that registration in a number of days or weeks. Otherwise, the device becomes stale, so to speak, and others can gain easy access.
Again, visible watermarking reminds the potential leaker who the iPad belongs to, which may give them pause. It also forces the leaker to put in the work of anonymizing the watermark, while forensic watermarks help track down the leaky workflow and user. DRM further complicates the downloading and ripping process.
Threat #3: Account compromise
The last everyday threat is when an unauthorized user compromises the email or system account of an authorized user. The attacker has no loyalty to the authorized user and either phished them or compromised their email or system account.
The general public is becoming more aware of the controls available against email compromise, but phishing and compromise accounts are still quite common. MFA remains today's best defense against such compromises, but MFA can be problematic. At SHIFT, we’re looking at biometrics and physical factors as the next frontiers.
Studios and production companies deal with close proximity issues such as people trying to get on set — by faking identities, for instance — and these people might try to defeat endpoint controls, though probably not by spoofing fingerprints. However, when it comes to sharing pre-release content, proximity is less of a concern. We’re more worried about securing web and mobile software, so biometrics and physical factor protections are very useful.
For instance, iPhone users are probably familiar with TouchID, FaceID, and Face Unlock. All require a body part — finger, face — to unlock, but because those are individual to the iPhone owner, access can’t be shared widely and, beyond an unlikely horror movie-like scenario involving severed fingers and other grim possibilities, can’t be stolen. Availability and quality of biometric protections varies, where mobile (and particularly iOS) has a strong product, so we’re now waiting for the rest of the industry to catch up.
As for physical security, we like YubiKeys on the U2F standard, a USB device that plugs into laptops. The physicality of YubiKey makes it difficult to steal beyond a shared device and outside of one’s immediate social circle. Availability varies, so having both protections are important — biometrics where available on mobile and personal devices and physical security keys on everything else.
Besides these solutions, you can also use a watchmen service to monitor anomalous activity. These activities include users on too many devices in too many different locations, accessing content from odd locations, simultaneous viewing from multiple devices, watching more than twenty-four hours of content in a day, and watching the same content twice from two devices on the same account.
Download SHIFT's information sheet about Screeners.com for free.
When it comes to security for Screeners.com, we’ve focused our attention on improving detection and responses to these particular scenarios, which we see as the most common sources of our customers' leaks. Our approach to content protection was born out of several decades of experience developing and maintaining other SHIFT products: MediaSilo, a content-sharing platform and lightweight cloud DAM, as well as Wiredrive, a cloud content library with presentation workflows.
All to say, we’re seasoned experts who’ve observed the pitfalls that our customers and others in the industry regularly encounter. The notes we’ve shared here result from decades of experience, and we hope they prove helpful in protecting the content you’ve worked so hard to create.