Some notes on Content Protection Summit 2014

The conference was held on 9th December at Los Angeles. The audience was rather large for such event (more than 120 attendees) with representatives of content owners, service and technology providers and a few distributors.

The big trend and message is that cyber threats are more and more severe.  Traditional Content Protection is not anymore sufficient.  It has to be extended to IT cyber threats.  The SPE issue was cited very often.

The conference did not disclose surprisingly new information and technology.  Nevertheless, the event is a good occasion to share knowledge and basic best practices.  The following part will highlight interesting points or figures I collected during the event.

Welcome Remarks (by ROSE M., Ease)

He highlighted that the cyberwar is a reality.  It is performed by government funded teams or hacktivists,  It has serious implications such as wild censorship…

The Global State of Information Security (by BANTHANAVASI S., PcW)

The cyber world becomes more dangerous.  The state seems to degrade.  Some interesting figures from PcW’s annual report:

  • In 2014, the U.S. government notified 3,000 U..S. companies that they had been attacked
  • There was 48% more reported incidents in 2014.  Furthermore, the average cost of a breach increased.
  • Investment in security diminished
  • More and more incidents are attributed to third parties with trusted access

What to do (and who to call) (panel)

The usual stuff.  The most interesting advices were:

  • Log must be switched on.   This is essential in a cloud environment where low-cost plans may not have the logging feature available.  It is worthwhile to pay for it.  It is mandatory to learn and analyze when an incident occurs.
  • Have a response team available beforehand.  You will not have to time to look for and organize it when the incident will occur or will be detected.

The focus of the discussion was always on script kiddies, and never on Advanced Persistent Attack (APT)

This script will self destruct in 2 hours (panel)

The script is of high value, especially when the actual shooting was not started, or that the decision was not yet taken.  Nevertheless, it needs to be convenient.   Typical challenge for a confidential sensitive document that needs controlled distribution.  Warner announced that sometimes they even used 3-factor authentication.  Creative people may have hard feeling about privacy and traceability.

Protecting content: where creativity and security meet (panel)

Key message:  embed security within the existing ecosystem

According to Fox, TV is more forgiven than feature movie in case of leakage (excepted perhaps for the opening and closing episodes).  The biggest coming challenge is the request of international day+1 release of TV shows.

How to Secure Workflows in the age of digital services (panel)

Key message:  be aware of third parties (and their own third parties) and freelancers

The creative process behind great storytelling (panel)

Refreshing session with creative people.  The end of the session was a playdoyer for copyright.  The arguments were similar to the ones in the book Free Ride.

It’s about the money: strategies to disrupt funding piracy (LAWRENCE E., ABS-CBN and SUNDERLAND J., Lionsgate)

According to me, the most interesting session.  They presented real use cases.

Elisha explained how she drastically reduced the online piracy against ABS-CBN (the Philippines Netflix).   She performed different steps:

  1. Analyze the pirate landscape
  2. With SEO, increase the RANK to get the official sites as the first links in Google and bring pirate sites back to farther pages.
  3. Use investigators to collect proofs to enable shutdown sites
  4. Lawsuits with high fines.  The arrested webmaster are interviewed to learn all their techniques and tricks,

Jane explored the methods to have good brands advertising on pirate sites.   80% of the revenues of streaming cyberlockers are coming from advertisement.  Among them, 22% are coming from institutional brands. Tools exist to filter out placement on malicious sites, but brands have to opt-in. Brands should be worried to place their advertisement in such sites as they are sometimes also hosting malwares.

The culture of piracy: A European perspective (VERSTEEG G., Rights Alliance)

He explained the historical rationales why much piracy went from Sweden (Kazaa, The Pirate Bay…)  He asked that there should be a transactional VOD release window concurrent with Theatrical and Home windows.   The price could be dynamic, starting high and decreasing with time.

Being European, I did not see what was specifically European.   It was more his opinion.

What’s the forecast for securing the cloud? (panel)

According to me, the worst session.   No serious discussion on actual security of the cloud.   No discussion of hybrid clouds.  No precise definition of cloud (even no mention of NIST definition).  It seemed even to me that there was a consensus that implementations in cloud would be more secure than today’s implementations.

The topic is far more complex than the simplified vision drawn during the panel.

Leave a Reply

Your email address will not be published. Required fields are marked *