Mastering Internet Video: A Guide to Streaming and On-Demand Video | WebReference

Mastering Internet Video: A Guide to Streaming and On-Demand Video

Mastering Internet Video: A Guide to Streaming and On-Demand Video

This chapter, titled "Video Security and Digital Rights Management", is excerpted from the new book, "Mastering Internet Video: A Guide to Streaming and On-Demand Video," authored by Damien Stolarz, ISBN 0-321-12246-1, copyright 2005 by Pearson Education, Inc. To learn more, visit

How to Control Your Internet Video Distribution

In This Chapter

So far we have discussed the various technical aspects of compressing, encoding, and distributing video. But we have not yet dealt with an even more fundamental question: Should you distribute your video online? Movie industry figures often comment that they have watched the experience of the music industry with Napster and its successors and they are determined not to find themselves in a similar predicament. When a movie studio invests $50 million in the production and marketing of a film, it wants to be quite sure the work is not going to be passed around Kazaa and BitTorrent like so many MP3s.

The Hope of Digital Rights Management

The sheer file size of a feature length movie (which can range up to several gigabytes), coupled with the unreliability of P2P users' connections, initially limited the odds that more than a few dedicated pirates would watch a movie online rather than enjoy the high-resolution of a DVD. That has changed. Downloading a full, high-resolution movie today on a fast broadband connection now takes a matter of minutes.

Not all of the people reading this book, however, want to distribute a feature length movie for a major studio. Perhaps you are an entrepreneur who has created a new kid's series. You have no contract with Nickelodeon, but you'd like to sell the shows to families over the Internet. You're not expecting to quit your day job from your Internet TV show, but at the same time, if your shows do turn out to be popular, you want to be paid.

Or perhaps you have a series of films that are extremely valuable to a select business audience. Businesses pay a lot of money for your videos, and you'd like to be able to deliver online so you can deliver to a bigger audience and decrease your turnaround time.

Or perhaps your company just wants to make sure that footage of your CEO's cheerleading speech doesn't wind up as fodder for an Internet joke (Steve Ballmer's "developers, developers, developers" speech comes to mind).

In all these cases, we're looking at the field of digital rights management (DRM), the ability to charge for content and restrict the use of your content.

This sounds simple in principle. However, foolproof DRM can be difficult to implement.

One example of a compromised DRM system is the copy protection in DVD players. Around October 1999, one of the companies that knew the secret passwords for the Content Scrambling System (CSS) used on DVDs accidentally leaked the information. The security of DVD copy protection relied on all the participating companies keeping that information secret, and once it was out, all DVDs could have the video "ripped" into the computers like audio CDs using a program called De-CSS.

Another example is the first two versions of Microsoft's online content security software. MS DRM version 1 and MS DRM version 2 were analyzed by computer programmers and found to be vulnerable to attack in 1999 and 2001, respectively. In slang terminology, this cracking of the two systems meant that content protected by these methods could be extracted with special software written for that purpose. Subsequent Microsoft DRM solutions have taken a more "big picture" approach to the problem and have plugged some of the holes that that allowed these earlier systems to be compromised, but the difficulty in making an unbreakable system remains.

Why is so DRM so difficult to make secure? The main reason why is the kind of control that is sought requires the cooperation of every network and device in the system. In computer encryption, a chain really is only as strong as its weakest link, and a single poorly secured piece of software or network equipment can compromise the security of the whole system. And encryption is only part of the picture. As you will see, encryption usually assumes that both parties can keep the data secret from prying eyes, but in DRM, the content provider gives data to a user and tries to prevent the user from sharing that content in un-authorized ways. Even if it were possible to absolutely guarantee the video security, such measures might be self-defeating if the system is so complicated or so restrictive that end users won't jump through the hoops necessary to get the content.

To understand the challenges of absolute copy protection, we take you now to Los Angeles where Mickey, a content producer, strives to implement DRM solutions, and Joe, a movie fan, and his friend look for work-arounds. It was the freest of times; it was the least secure of times.

A Tale of Two Consumers...or How to Feel Like You Are Protecting Content When You Are Not



A well-appointed high-rise conference room. At the table sit STUDIO EXECUTIVES in expensive suits, jackets off, no ties. At one end of the table sits MICKEY, the only computer guy in the room.


I put the video files on a web page protected by a password e-commerce site. Now users have to pay for them before they watch them.


Jack sits at his computer in a cramped, tangled-wire room with a huge computer monitor and a widescreen HDTV next to it. A brown leather sofa sits 4 feet from the TV. Jack is surfing a website, pulls out his credit card, types in his numbers, and then turns on his widescreen television. We briefly see the same movie playing on the TV and the computer. Jack bursts out laughing uncontrollably. Jack picks up his cell phone and calls Joe.


(to JOE'S voice mail)

Hey man, this is Jack, I bought this movie and it's freaking hilarious, I emailed it to you. Catch you later.


Joe's immaculately organized and well lit home office contains a small desk in the corner where the computer's dust cover has been removed so that Joe can log on to check his email. After retrieving the email, he clicks the video file, and it begins to play a Michael-Moore-esque collection of unflattering quotes of the president. JOE watches through, chuckles, and then shuts down his computer and puts the dust cover on.


(to himself)

Heh, that was funny.

Hack #1: Password Protection

Passwording the site, but not securing the content fails because the content can be downloaded and then redistributed by the first person who pays for the content and downloads it, as shown in Figure 7-1.

Figure 7-1: A subscriber can pay once for content, then share it with his non-paying friends.


MICKEY stands presiding over the conference table, commanding the rapt attention of a group of men in suits.


... so what I've installed is a streaming media server. Now, we are streaming the video files to the user after they pay for the content. With this technology, the files are never stored on the user's hard drive. Each user has to pay for the content before they watch it. And because of the streaming server, the user can't save the files to disk, and he has to come back to our site to view it, which means more community ...



(to Joe on his cell phone)

Man, this is so bogus! You have to keep coming back to this site to watch this movie... You have to be connected to the Internet any time you want to watch it.


What I'd really like to do, if this is possible, Jack, is watch it while I'm on the airplane. I'm going to be flying to Buffalo and the business class has a power adapter for my laptop.


I can do it, but I have to get a special program that saves it to disk. I will email it to you if I can get it to work.


Thanks a lot. Ok I have to get back to work.

Created: March 27, 2003
Revised: May 24, 2004