A small cybersecurity startup based in Irvine, California, is promising the Holy Grail for the entertainment industry -- a secure way to share videos, films, contract documents, and other sensitive files.
The aim is to help Hollywood address its piracy problem, but the startup’s reputation may make it difficult to convince customers that it can be trusted with their lifeblood assets – their intellectual property.
Secure Channels, Inc. is best known for claiming in 2015 that it had unbreakable encryption – a claim that exemplified the type of marketing tactics that reportedly cost it a lot of credibility in the cybersecurity community – and for the founder's six-year prison sentence for running a $210 million financial scam when he was at the head of a different company.
Now it promises digital rights management technology that will allow people to, say, open up video files and edit them -- but not save copies of those files if they don't have permission to do it.
"You'll have those attributes built in, embedded in the content," Richard Blech, the CEO at Secure Channels, who got out of prison in 2007, told Data Center Knowledge in an interview.
He declined to provide any details about how these protections will actually work in practice without locking the users into a particular set of software.
For example, Adobe allows users to do some editing of PDF documents – such as filling out forms -- but only when Adobe applications are used to open them.
Blech says film editors will be able to open and edit video files using programs like Final Cut Pro, but the only way to make unapproved copies will be to point a camera at the computer screen.
He did not explain how Secure Channels would do this, or what would keep a user from simply running screen capture software to record whatever is showing on the display.
"A full disclosure of trade secrets detailing our proprietary specific methods for embedding, tracking, and managing the large and unique files is not possible," said Thomas Fryer, the company's CTO.
The title of the new service can be somewhat misleading. It's called the "Entertainment Security Operations Center," but a "security operations center" is typically a group of security professionals who monitor a company's networks and respond to cyberattacks.
While there are companies who do provide SOCs as a service, Secure Channel's ESOC will not be one of these managed security services providers; it will simply offer secure file sharing and encrypted email.
It will have an Outlook plugin for sending encrypted email and mobile apps for iOS and Android smartphones.
In addition to the encrypted email feature, what sets it apart from other file sharing platforms is that people have to be verified members in order to use the platform.
According to Blech, people who want to use the service will have to go through an intensive verification process to prove that they are who they say they are.
"It will be a very stringent identity proofing method," he said. "It will be done by securely uploading real identification, such as a driver's license or passport, plus a phone call verification by one of the ESOC concierges. And depending on how large the company is, there might be a personal visit in addition to the secure document verification."
He admits that the process isn't as simple as, say, signing up for a PayPal account.
But when it comes to movie distribution, there are millions of dollars at stake, he said. "If there's an extra step in the process to ultimately secure the production, I think that is worthwhile."
Blech said that the new service will be launched at Sundance film festival next year and will be available starting in February. Pricing hasn't been determined yet, he added.
The entertainment industry needs this service, according to chief brand officer Deirdre Murphy, because too many companies are still relying on insecure channels, including physically shipping files and documents.
"Everything is outsourced," said Murphy, who will be running business operations for the new ESOC. "You're constantly handing over your very expensive large project to someone who has zero guarantees to protect it."
As an indicator of interest, one of the partners in the project is Shaun Redick, producer of this year's successful horror film "Get Out" and founder of Movie Package Company, LLC.
He's also the first client, Murphy added.
As to why film studios should trust Secure Channels with their files given Blech's criminal history, the company blamed the $210 million fraud case at his previous company on rogue employees.
"Richard regrets this 20-year-old incident in his life and has learned the importance of hiring trustworthy employees committed to integrity," a Secure Channels spokesman said.
That integrity may have been missing when the company's website was set up, since, at the time of this writing, the site included unauthorized copies of reports from a well-known cybersecurity research firm, Ponemon Institute. Visitors could download the reports after giving up contact information.
According to a Ponemon spokesperson, those reports were posted without permission.
“We did not authorize the use of the reports on their website,” said the spokesperson. “If a company wants to share our report, we require that they link to the sponsor of the research for downloading the study.”
Secure Channels said that it did, in fact, have Ponemon's permission to distribute the two research reports.
“Ponemon absolutely authorized the use of their material,” said a Secure Channels spokesperson, but seemed to be confusing offering actual copies of the reports with simply providing links to other sites where the reports can be found.
“Secure Channels Inc. has received the links to the studies from Ponemon and will have this updated and corrected on their new website in the coming days,” he said.
An improperly sourced research report on a website would not normally be a big deal – except that in this case, the company is looking to get into the business of protecting intellectual property and should be aware of the nuances involved.