Theme images by MichaelJay. Powered by Blogger.

Monday, 30 March 2015

Secrecy on the Set: Hollywood Embraces Digital Security



SAN FRANCISCO — For years, Lulu Zezza has played one of the toughest roles in Hollywood.
Ms. Zezza, who has managed physical production on movies like “The Reader” and “Nine,” also oversees the digital security of everything that goes into the making of a film on set, including budgets, casting, shooting schedules and scripts.
Not all that long ago, keeping tabs on Hollywood secrets was pretty simple. Executives like Ms. Zezza could confiscate a crew member’s company-issued computer or cellphone once shooting ended.
But personal smartphones that receive company emails, and apps that store data on cloud computers? That is not so easy to manage if your co-workers aren’t willing to play along.
Enter North Korea, stage left. After hackers believed to be from North Korea revealed embarrassing emails and other personal details at Sony Pictures late last year, Hollywood studios — like so many businesses in other industries before them — realized they had better find a better way to protect their most sensitive files.
And people like Ms. Zezza, who were once considered paranoid because they worried about mundane security measures like passwords and encryption, suddenly looked prescient.
“Post-Sony, getting people to cooperate with me has been a completely different experience,” Ms. Zezza said. “Everyone gets that life has to change.”
Hollywood has turned to a new class of technology companies, with names like WatchDox, IntraLinks and Varonis, that for the last few years have been offering ways to manage the data slipping into employees’ personal smartphones and Internet storage services. They wrap individual files with encryption, passwords and monitoring systems that can track who is doing what with sensitive files.
“Hollywood is finally asking itself, ‘What’s our modern strategy for managing our information?’ ” said Aaron Levie, chief executive at Box, an online file storage provider that works with several major Hollywood studios.
Venture capitalists have taken notice of the interest. In 2014, eight companies that help manage the security of documents raised $136 million in financing, more than five times the $25 million raised in 2013, according to Dow Jones VentureSource. They are aiming for a slice of the $665 million that American businesses spent on data-loss prevention last year. Gartner, the research company, expects that figure to surpass $1 billion by 2017.
Movie studios, of course, have always been a little paranoid.
The most sensitive Hollywood scripts were — and, in many cases, still are — etched with watermarks, or printed on colored and even mirrored paper to thwart photocopying.
Letter spacing and minor character names were switched from script to script to pinpoint leakers. Plot endings were left out entirely. The most-coveted scripts are still locked in briefcases and accompanied by bodyguards whose sole job is to ensure they don’t end up in the wrong hands.
But over the last decade, such measures have begun to feel quaint. Watermarks can be lifted. Color copiers don’t care what color a script is. Even scripts with bodyguards linger on a computer server somewhere.
And once crew members started using their personal smartphones on set, “people started leaving with everything they had created for us,” Ms. Zezza said. “We had the movie in our possession, but none of the documents or drawings from the creative process.”
Years before the attack on Sony, Ms. Zezza had a memorable encounter with hackers after the studio she was working with announced a deal with Ubisoft, the video game maker, to adapt “Assassin’s Creed” for the big screen. The production company was soon besieged by hacking attempts.
“We were no longer worried about an assistant at an agency photocopying our script; we were dealing with sophisticated computer hackers who were extremely serious about finding out how we were turning their favorite game into a script,” recalled Ms. Zezza.
It was a call to action. As Ms. Zezza searched for ways to protect sensitive data, she settled on WatchDox. The service gives file creators the ability to manage who can view, edit, share, scan and print a file, and for how long. If hackers steal the file off someone’s computer, all they will see is a bunch of encrypted characters.
Her biggest challenge, however, wasn’t hackers. It was co-workers. “Nobody wanted to use it,” Ms. Zezza said. “The first year was unbelievably painful. I was teased mercilessly.”
That was, of course, before the hacking at Sony. Now some Hollywood studios are removing their movie editing software from the Internet so hackers cannot get to it, said Ray Rothrock, the chief executive of RedSeal, a security start-up.
For years, oil companies have been doing something similar with their pipelines — a process known as “air-gapping”— so that if hackers breach their internal network, they can’t use that access to blow up a pipeline. Now, Mr. Rothrock said, Hollywood is doing the same to combat theft.
At WatchDox, demand from Hollywood studios has surged over the last three months, said Adi Ruppin, the chief technology officer. The company, which is based in Palo Alto, Calif., has for some time been working with people like Oren Peli, the producer and screenwriter behind the “Paranormal Activity” film franchise.
“Beyond a certain level, nothing is 100 percent foolproof, but now we know there are measures that make it 99 percent,” Mr. Peli said. “I’m a little paranoid, but it’s justified.”
In 2009, a 43-page outline of Mr. Peli’s coming film, “Area 51,” leaked online. Mr. Peli had relied on traditional techniques, like watermarking, or would even change words or names of minor characters in each version of a script to thwart leakers.
But when Mr. Peli started preparing for his next project, the “Chernobyl Diaries,” a 2012 horror film about tourists stranded at the site of the nuclear power plant disaster, he began searching for digital ways to protect the project. He started using WatchDox.
“If I decide I actually don’t want someone to read something, I can revoke their access later, or decide after the fact to allow them to print it,” Mr. Peli said.
As a bonus, “If I tell someone the script will expire in three days, they are more incentivized to read it.”
Some studios are demanding new features to suit their needs.
Mr. Levie said Box, which already stores vast amounts of data for businesses, has been investing in new tools that allow owners to control who can view their data and on what devices. It also manages who can edit material and even how long they can do it. Mr. Levie said the company would start adding invisible watermarking to files this spring.
One of the quirkier features WatchDox has added is a spotlight view that mimics holding a bright flashlight over a document in the dark. Everything beyond the moving circular spotlight is unreadable. The feature makes it difficult for anyone peering over your shoulder — or a hacker pulling screen shots of your web browser — to read the whole document.
Mr. Peli said the feature was a little too paranoid for his taste.
Mr. Ruppin said he recently received a complaint from a WatchDox customer with a decidedly different concern.
“The customer thought the spotlight radius should be smaller,” he said.

No comments: