Is content protection software a crucial security step that stops facilities' projects getting leaked or an unnecessary and costly response from a paranoid industry?

As file-based workflows become common in the post-production industry, opinions vary enormously as to the value of spending thousands on content protection software to combat piracy.

The question is, is a TV show any more vulnerable in its digital form than it would be if some hairy bloke on a Suzuki 600 delivered it to clients as a Digibeta?

And in the worst-case scenario, if a TV show or film is illegally copied during that fragile time in which it is being created, how much damage might this actually do to the final product?

The Motion Picture Association of America puts the worldwide financial losses of Hollywood studio content as a result of online piracy at $2.3bn in 2005.

While the association doesn't break down where in the chain content is being illegally copied, the studios have tended to combat the problem at the distribution stage, developing applications to block content from being distributed free on peer-to-peer file-sharing sites such as BitTorrent.

However, some claim the problem with this approach is that it tackles piracy far too late down the line, while others argue that, by blocking peer-to-peer networks, owners may be cutting off valuable distribution opportunities and limit business models (see sidebar).

Tom Ohanian, chief strategist at software company Signiant, makes the case for investment in content protection much earlier in the chain, at the production and post-production stages.

“As more and more media is produced, stored and transported digitally and as sequences or whole projects are sent back and forth over networks, intellectual property protection becomes critical,” he says.

Tapeless trackers
Digital asset management software such as Signiant and rival products such as Aspera help accelerate, track and manage the movement of content over public and private networks and protect it while it's in transit by scrambling and encoding information in a secure wrapper until it reaches the client.

Some isolated incidents relating to the mismanagement of content during the production stage are cited by Ohanian to back the case for content protection at the production stage.

When the film American Gangster, for example, was mishandled during the post-production cycle, HD assets from the film were pirated.

Says Ohanian: “The distributors were forced to release it 10 days before it was scheduled to appear in the cinemas, which interfered with the film's marketing process.”

Universal's high-profile feature The Hulk was reportedly the victim of a similar hijacking in 2003 when unfinished CG sequences of the central character were leaked online.

Ohanian also makes the case for other editorially sensitive genres such as news - one of Signiant's clients being BBC News' New York branch, which uses the software to transport footage from the field back to the newsroom.

“They don't want that content to be available to their competitors, who could trump them. They are very worried about hackers and people compromising or diverting their content,” he says.

What kind of impact these breaches - or potential breaches - of security have had on the UK production community, and whether there is a market for content protection software at this stage, is less clear.

Once you take away content of little or no interest to hackers (Heir Hunters, anyone?) there are a limited number of UK facilities to sell content protection software to, as only a small number of post facilities deal with film, first-run dramas and international co-productions.

William Sargent, chief executive of Framestore, the visual effects house that recently completed 226 shots of Warner Bros' latest Batman movie, The Dark Knight, believes effects sequences are of little commercial value to hackers.

“The clips we are working on often come with no sound. When you are talking about part of a sequence, it has significantly less commercial value than the finished product,” he argues.

Sargent adds that, while the facility does take security seriously and uses “various encryption and access technologies” to make sure files are secure, it is normally the content owner, rather than the post facility, that sets up the online security system.

“It does vary from client to client but in most cases we deliver to a secure client website and it is the content owner who provides the security set-up,” he says.

Lucrative leaks?
However, surely on editorially sensitive, high-profile projects such as Batman and Doctor Who (pictured, right), there's money to be made by opportunists from revealing future storylines and unmasking early versions of new villains by illegally copying clips?

Head of Mill TV Will Cohen, who manages the post on Doctor Who, thinks not. “No one who works here is likely to ruin their careers for the sake of selling a£500 story to the newspapers,” he says.

“The truth is that illegal copies of things appeal to a very small number of people - the kind who doesn't have any friends and who wants to be the first to have seen something,” Cohen adds.

Doctor Who is posted digitally but is still, like most UK TV programmes, delivered on tape, and was the victim of a widely reported piracy incident prior to the first programme airing in 2005.

The leak did not occur during the post stage however. It was traced back to the machine room at co-production partner CBC after an operator took a copy of it from the Digibeta master and posted it on the peer-to-peer network BitTorrent.

“The person in question lost his job and career but ultimately that leak did not harm the show,” says Cohen. “The truth is that about 30 people in geekland watched an unfinished version while everyone else watched it at 7.30pm that Saturday. And, as a result of the leak, the show got even more publicity,” he adds.

However, as rights holders become increasingly reliant on the international value of their shows to make a return on their investment, some are placing stringent demands on their suppliers.

US broadcaster and co-producer HBO requires all its post-production partners to be vetted, with spots checks carried out by ex special forces security consultants.

An HBO-compliant facility must adopt access control technologies, advanced CCTV kit, and ensure there is no suite containing any device that would allow someone to physically record something.

Ideally HBO would also like a facility to search all visitors before entering its premises to check for mobile phones and memory sticks - although many in the UK have stopped short of carrying out this request through fear of upsetting other clients.

These measures may seem a little harsh - some would say paranoid - but Shane Warden, joint managing director of Pepper, an HBO-approved facility, empathises with the client.

“If that is the client's attitude then as a service provider we need to respect it. If you are working on the second series of Lost or 24 and you look at the value of their DVD and international sales then you start to take the issue more seriously,” he says.

Warden adds that investing in measures to ensure a facility's physical and networking security is watertight is a small price to pay compared with dealing with a litigious client whose security has been breached.

“Most facilities couldn't stand up financially to being sued but, in the event of a leak, this could well happen,” he warns.

Encrypting content
Adrian Bull, chief technology officer at Ascent Media, another HBO-approved site, adds that the facilities group simply wouldn't get the work if it had any weak spots in its system.

The facility is currently working on the new Bond film, Quantum of Solace and Disney's The Prince of Persia. It uses Aspera to encrypt and deliver content and also gets involved in the watermarking of finished content.

“A facility of our scale has to take these matters seriously,” he says.

But even fans of tighter security have not been able to implement all the content protection software available to them. While Pepper was an early adopter of Signiant, and Warden admires what the technology can do, he admits that his facility has yet to be able to exploit its full potential.

This is because the majority of its clients and its clients' clients - the main UK broadcasters - do not yet have the means to accept masters digitally. A tape and a motorcycle courier are still the preferred delivery method for many.

“It's a bit like being the only person with a mobile phone and you are waiting until all the studios have the other end of the line,” says Warden.

Ohanian admits: “The product seems to be finding more of a use where a facility and a broadcaster already have the means to transport material back and forth digitally - as in the case of a broadcaster and a playout facility or among facilities which regularly outsource to international branches.”

Another hurdle for facilities wishing to use content protection software is cost. While clients may be demanding tighter security, they're not always willing to pay for it. Ohanian himself points out that it can take up to 20% longer to send a file if you chose to encrypt and encode it and clients aren't always willing to be charged for this extra time. But, he adds, it may be prudent just to grit your teeth and swallow the extra cost.

“Some people think that it's not worth incurring a cost which can't be passed onto the customer, but no one wants to be in the newspapers as the facility which leaked the next Harry Potter.”

Using DRM as part of your online business model
Broadcasters, along with the music and film industries, are combating piracy at the point of release by instituting digital rights management (DRM), watermarking or conditional access systems to prevent viewing by unauthorised parties.

Don't be too restrictive
The problem with this strategy, argues Jon Folland, co-founder and managing director of Nativ, is that placing heavy DRM restrictions on content (forbidding it to be posted on sites such as BitTorrent or even You Tube, for example) may work against rights owners by cutting off valuable distribution channels, especially those used by younger viewers. “Some owners are in danger of locking down too much content,” he warns.

Folland's company is working with broadcasters such as MTV, Channel 4 and the BBC's iPlayer, ensuring they can deliver video content to any consumer device. He adds: “For TV it's still early days. People are not sure what users are prepared to pay. Film and VoD may be easier to price but TV over the internet is currently either ad-led or free to view.”

In this context, Folland believes that content owners should think of their business model first, and then use DRM technology as a means of protecting and enforcing this.

Staying in control
Ronny Golan, co-chief executive and co-founder of Hiro, has adopted a similar approach in marketing the company's Hiro software, which protects and personalises advertising in video downloads.

Whether the user chooses to download content from a peer-to-peer network, a social network or even from a friend's CD, Hiro software prevents ads from being skipped or fast forwarded. The technology also offers broadcasters a locking solution that means content is destroyed after a certain period - ideal if the broadcaster only has the rights to distribute recently viewed footage online.

Says Golan: “Any solution for the internet needs to take into consideration peer-to-peer and social networking. Rather than block these channels, the question is how can a broadcaster take advantage and monetise these channels?”