Can we deliver pay-per-view videos securely on the internet?
September 2, 2008 6:54 AM   Subscribe

It absolutely cannot be done. If you send data to a person's computer they can copy it even if they need to do frame-by-frame screen captures and record the audio from the line out.
posted by Inspector.Gadget at 7:04 AM on September 2, 2008 [2 favorites]

...just want to make videos of our safety workshops available over...

The concern is that one person might buy it and then use something like Replay Media Catcher to download it and then distribute it to others for free.

These two statements contradict each other. You don't need to worry about corporate espionage so long as you stick your brand inside your video, a la the little bug on every television network out there. Similarly, teenagers (the ones who actually have the time and inclination to go out of their way to pirate video) will have almost zero interest in your source material.

I spent the better part of a year thinking about this very question for a few clients. Ultimately, the answer became "sell them uniquely-generated links to the videos, eg http://example.com/video/(md5 string that gets ignored by your webserver)/video.mov" and don't worry about DRM.

The amount of time you spend thinking about this is directly proportional to the disappointment you'll feel when (not if) someone breaks your encryption scheme. With the uniquely-generated-links method, at least you can selectively turn off that url on your webserver.
posted by mark242 at 7:07 AM on September 2, 2008

Inspector.Gadget is correct.

If you can see the video you can record it.

There are deterrents but no perfect solution.
posted by alhadro at 7:08 AM on September 2, 2008

This may not be too helpful, but with further digging, I'm sure you can find it. I remember reading about a company that scans the internet and compares videos against a central database to see if there has been copyright infringement. As Inspector.Gadget indicated, there is no way to absolutely prevent this, but you can try enforcement.
posted by perpetualstroll at 7:08 AM on September 2, 2008

I'd also add that litigating copyright infringement is a losing strategy for a small company in a niche industry. You will spend more on legal fees than you will lose in potential business. This assumes, of course, that people outside your normal business contacts would actually be interested in your content. What would be their angle?
posted by Inspector.Gadget at 7:13 AM on September 2, 2008

The concern is that one person might buy it and then use something like Replay Media Catcher to download it and then distribute it to others for free.

One person? There are thousands of people doing this and there is no way to stop determined pirates from consuming and distributing your material without paying.

Do like musicians do: use the Internet as a marketing tool to book live performances.
posted by three blind mice at 7:25 AM on September 2, 2008

I work in online educational video and speak from experience on this one. You have to 1) put a bug up (which can be covered or cropped out), 2) have a relationship to the video that requires additional steps (like ours are done through a school, and people watch them to get school credit; you can bootleg them, but you wouldn't get credit), and 3) relax about it: if you build a bigger lock, people will always figure out how to build a better lockpick.
There are a lot of companies that make money off online video and I'm sure that all of them have reached peace with the idea that some of it will be bootlegged, but for the most part, regular people will pay to watch it and enough of them to pay my rent.
posted by history is a weapon at 7:27 AM on September 2, 2008

DRM will only upset your customers. Your competitors must already know (or soon will) of your approach. Just as you have innovated, they will as well.

That being said -- Any "solution" you implement, I would play on my laptop with a TV out into a VCR.
posted by SirStan at 7:34 AM on September 2, 2008

Also Inspector.Gadget has a good point that the cost of litigation would likely be prohibitive, and I think the concern here is more that competitors might get access to our intellectual property as our approach to safety (particularly in the aviation industry) is fairly unique.

So is your concern focused on your copyrighted videos, some sort of patented business method, both, or something else? You and/or your boss need to speak to an attorney with experience handling both IP and trade secrets. IANAL, and from my layman's/outsider perspective on your company and its intellectual property, the copyright infringement that might occur seems to pale in comparison to the other problems your business would face if its methods were widely distributed.
posted by Inspector.Gadget at 7:37 AM on September 2, 2008

The question for your company is:

"Given that there is absolutely no way to deliver video to end users in such a way that it can't be captured by those users, what are our priorities? Is the initial distribution worth the certainty that we can't control the distribution beyond that point?"

We can't answer *that* question for you, but if you can come up with any insight on it before reporting back to the bosses, it may soften the blow of delivering the answer they don't want to hear (which is "it can't be done").

The porn inductry, btw, has happily accepted that all files, streams, etc. can be captured and shared, and a common response is to use that sharing to their advantage by adding advertising (notice how many porn clips floating around on the web, pro clips on xtube, etc., contain the URL or at least the name of the company that produced/released the clip).
posted by kalapierson at 7:38 AM on September 2, 2008

I think the concern here is more that competitors might get access to our intellectual property as our approach to safety (particularly in the aviation industry) is fairly unique.

Er...

There are two possibilities here.

One is that your process/techniques/whatever are patented, in which case you're fine. Obviously.

The other is that you're trying to keep them as secrets. Which works okay when, say, you're not letting anybody access the magic computer that builds your widgets, or something, or hiding the source code to your ninja-software; you can at least stall the reverse-engineering process. But you're talking about making videos telling people how to use your process. You can't keep that secret. The whole point of it is that it's not a secret, that the entire industry hears about DoublePlaySuperSafety (tm) and goes, OMG, we have to have that!

Your cat is going to be out of the bag. Your system is going to be known to the world. This is what you want. Either you protect your business position by patenting things, or you use branding and the like to create an impression - true or not - that you're the only guys who can really train anyone to use YOUR system. But you cannot have Secret Training that you're giving to people who don't even work for your company.
posted by Tomorrowful at 7:39 AM on September 2, 2008 [1 favorite]

Ultimately, there is no technical solution to this problem. As security guru Bruce Schneier famously said, "trying to make digital files uncopyable is like trying to make water not wet". So if it's really important to keep your videos secret, the best thing you can do is probably to make your buyers sign an enforceable NDA.

If you really feel like being draconian, give every copy a unique watermark so if they do get leaked, you can track the pirated copies back to their source. Since you mentioned that your litigation budget isn't very big, this might be more effective as a deterrent than anything else.
posted by teraflop at 8:47 AM on September 2, 2008

I agree with the answers so far, especially the first two.

Regarding podcasts: iTunes only points to the RSS feed you show them, the content is all on your own server. In other words, there's no protection whatsoever provided by podcasting.
posted by lothar at 8:49 AM on September 2, 2008

Does your laptop have a TV Out? Mine does. I can plug a VCR into the TV Out of a laptop and record the video that it's playing. There, DRM broken with a technology worth 5$ on ebay.

Does your desktop have a TV In? Mine does. I can plug the laptop's TV Out into the desktop's TV In and record what's playing. That's quite convenient, since the process produces a file that can be uploaded to the web immediately. DRM broken again.

Some desktop computers have both a TV Out and a TV In. These can record themselves simply by plugging a 3 inch long wire from one port to the next. That's convenient when you are trying to break DRM.

If all these methods sound like too much trouble, you can always aim a video camera to the screen. Or you could install Replay Media Catcher, or any other descent screen capture program.

But most people just wait until some wiz kid reimplements the de-scrambling that the official player implements. That usually takes between a few years and 12 hours, from the day the format is released to the day the unofficial de-scrambler is available on the web.

Saying a media file is encrypted is an abuse of terminology. DRM are always scrambled, never encrypted. Encryption is a process that makes a file inaccessible to attacker you are trying to protect yourself against -- in this case, it is your client, who may leak the video to your competitor. However, if the media file was encrypted, your clients wouldn't be able to play it. Scrambling merely make the resulting file hard to play, in the sense that it is hard for a programmer to write a play for the format. Which why non-official players for DRM formats take a while to show up on the net.
posted by gmarceau at 9:14 AM on September 2, 2008

It sounds like you're tangling up two different questions here. Unfortunately (for you) the answer to both is "you can't," but it's probably important to think of them as discrete problems moving forward.

1) Can I distribute clips online and have them not be copied & redistributed?

Realistically no, for all the reasons mentioned above. Also for the reasons above, it's unlikely that elite pirates are going to be bootlegging safety videos with an extremely limited audience.

2) How do we keep our proprietary training methods safe?

This is the much more difficult question, which sort of got buried above. Right now, if all you're doing is teaching live sessions, then you have at least a little assurance that you're training your target audience directly (and that your competitors aren't sneaking into your sessions and stealing your techniques). However, whether or not you have ironclad DRM, there's nothing to stop a competitor from (legally) buying a video off your web site, and just watching it and taking notes to copy your methods. This seems to me like a much, much bigger flaw in the system than any DRM issues, unless you were planning to (for example) sell video licenses only to groups that had previously paid for in-person training.
posted by range at 10:49 AM on September 2, 2008

I'm still not exactly sure what you're offering.

Are you training your own employees in satellite offices?

If that's true, then either set it up like a video conference in the office, or just mail the other office a DVD. The only real way to prevent copying is to take control of both ends of a transmission, you certainly can't let people do this in their homes.

Though no one cares. No one wants to bootleg what you have. They might want to copy your business model, but no DRM is going to stop them from doing that.
posted by Ookseer at 12:40 PM on September 2, 2008

If the people watching the videos must be employees of the company involved, and be at work in one of their facilities, maybe you could restrict access by domain. If they're looking at the website from an address which resolves to your-customer.com, they see it, but if they're coming from another domain, they can't.

Doesn't solve your copying problem, but it restricts access somewhat.
posted by AmbroseChapel at 11:43 PM on September 2, 2008

« Older Where to get hair straightened...   |   I have recently dived into the... Newer »

This thread is closed to new comments.