Movie insiders and file sharing

The MPAA blaming file sharers for the studios' online problems is a lot like the RIAA using kiddie porn to smear file sharing when its members' lyrics comprise some of the most offensive porn to be found anywhere.

That's one of the thoughts one can draw from a new AT&T Labs report which hangs much of the blame for online movie trading on 'insiders' instead of p2p movie fans.

When the $150 million Jolly Green Giant went online two weeks before its official release date in June, it wasn't a bunch of frenzied file-sharers who were responsible. Nor were crews of p2p freaks with mini-cams stuffed under their raincoats the people who uploaded The Hulk onto the networks.

It happened through insider connections.

Lorrie Cranor is principal technical staff member at AT&T Lab's Secure Systems Research program and together with four other people, she studied how unauthorized copies of movies are being distributed online.

"Part of the reason we were looking was because we suspected there would be some insider leaks," she told us, "but not so many."

Of a total of 285 movies she and her team sampled, 77% were leaked by industry insiders.

Moreover, only 5% first appeared after their DVD release date on a web site that indexes file sharing networks, indicating that consumer DVD copying currently represents a relatively minor factor compared with insider leaks, says Cranor in Analysis of Security Vulnerabilities in the Movie Production and Distribution Process, the paper which flowed from the research.

Working with Cranor were AT&T's Simon Byers, Dave Kormann, Patrick McDaniel and Eric Cronin from the University of Pennsylvania.

In the meanwhile, but not at all incidentally, a movie screener is usually a DVD sent to movie critics and censors before the public sees it, and to other insiders for other purposes. MPAA boss Jack Valenti would, for example, be able to send (or have sent) a screener to someone he wanted to see a movie before it's official release. Naturally, distribution is carefully controlled - or so Hollywood would have us believe.

In fact, they're all over the place and indeed, anyone who's done their own online research will have noticed a significant number of movie downloads are clearly-marked 'screener' and they frequently have "Property of *****" appearing intermitently at the bottom of the screen as the movie unfolds.

But screeners aren't the only problem. Promo copies of movies are available weeks before they're in the cinemas. Same thing for the videos and DVDs which appear in rental stores once the movies have made their millions through the box-offices. And of course, studio employees see movies as they go through the editing and final production processes.

In short, there are literally hundreds of ways a copy can get onto the street and online, file sharers being way down the list of possiblities.

In conclusions, the paper has this to say:

"[...] the movie industry ought to treat everybody within its influence equally, from studio executives and investors, down through movie editors, truck drivers and out to the critics. Such elementary procedures as audit trails of custody would seem to be in order. While we expect that this is already done to some extent, it must be applied evenly and without preference. Our study shows a large amount of insider leakage. Hence, we argue that current mitigation techniques are insufficient. Given the revenue losses claimed by the industry, spending more money and effort on internal controls is appropriate.

"Movie artifacts are handled by a limited number of employees in a controlled manner during production and through much of the distribution process. In the later stages of distribution, content is handled by a large and mostly anonymous community. Securing the former environment is difficult but tractable. Securing the latter is nearly impossible. Hence, focusing efforts on insider threats addresses the most costly leakage, and represents the best opportunity for success."

Are you paying attention, Jack?

Go here for a copy. It'll hold you spell-bound.

But back to The Hulk, how did Kerry Gonzalez, the guy ultimately nailed for "posting the purloined film on the Internet" come unglued?

He, reportedly obtained a video of a pre-release 'work print' from a friend, who in turn got it from an employee of a Manhattan print advertising firm that was promoting the movie, says the paper, also stating:

"Although Gonzalez used software to black out the security tags before posting the film to the Internet, studio officials were reportedly able to identify the source of the leak from the remnants of these tags. The FBI was also able to track the uploaded copy to Gonzalez through his Internet Service Provider."

Jon Newton