At various times, comments have been made about the over-the-top nature of digital cinema security. 50% of the DCI specification is descriptive of how the security system operates. It follows that the majority of DCI compliance testing is concerned over the behavior of security operations.
In general, the thinking that surrounds digital security has changed significantly over the past 20 years. In the 90’s, papers were written describing the complex ways that security systems would have to evolve to prevent a chaotic future. Humans being capable of anything but orderly behavior, those papers are now an artifact of an older time. There was once a time when there were those who wished to take digital cinema down a complex path of digitally-managed contracts tied with digital rights. To the credit of industry executives, that path was abandoned almost as quickly as it began.
For a security system to work, some people have to be trusted. In fact, the goal of any well-designed security system is to minimize the number of people that must be be trusted. This is why 50% of the DCI spec is concerned with security – it eliminates the need to trust exhibitors. In turn, this frees exhibition management of the responsibility of safe-guarding movies, beyond the monitoring of illegal camcording.
Some of the thinking that says DCI security is over-the-top is due to the way security is handled in the production and post-production stage. Responding to a discussion about security, one manufacturer of memory boards told the story of how fresh shots of a major blockbuster were loaded on his company’s cards outside of the US, and carried by hand from overseas to Burbank. Surely there was encryption applied, you say? It turns out that there was none. The content was stored and ferried in the clear. But the people carrying the content were trusted.
However surprising this may seem, the system works. The corollary joke in the production and post-production industries is that security is managed by guns. But it’s also has strong incentives to minimize the number of people that must be trusted. For example, forensic marking is often applied before content leaves a facility. If the courier of the content is up to no good, everyone will eventually know. In turn, this puts considerable pressure on the vendor to make sure that no leaks occur. If security is about minimizing the number of people that must be trusted, then it is to the advantage of the vendor to trust content with the least number of people. In digital cinema, this is precisely the kind of pressure that is avoided with the exhibitor. The studio doesn’t have to trust the exhibitor, and the exhibitor doesn’t have to trust its employees. Instead, pressure is placed on the manufacturer to comply with the DCI specification in its digital cinema equipment.
There has been question as to whether the “circle of trust” in digital cinema can sustain itself. Manufacturers were strongly incentivized to achieve DCI compliance in digital cinema equipment due to guarantees signed for virtual print fee subsidies. But sales driven by virtual print fees are almost history, and studios must now take a different tact, through diligence and the refusal of decryption keys to non-compliant equipment. For this process to work properly, the manufacturer must be trusted, requiring close relationships between manufacturers and studios. Trust is most often nurtured through active participation in industry groups, such as ISDCF and SMPTE. This not only provides a means for peer review, it also provides an effective mechanism for studios to engage with the vendors. Savvy manufacturers know that trust raises the barrier to entry for competition. In turn, sustaining a high barrier to entry is incentive to remain in the trusted circle and produce DCI-compliant equipment.
This publication has veered on the question of the ability of the industry to maintain DCI compliance long into the future. But the analysis just presented says that the process now in place works, and should continue to do so.