The Podcasting Industry Still Hasn’t Dealt With Security Threats

Which doesn't mean podcasters would pay to stop a leak

This is what hackers mean by an “endpoint.” Pixabay

Content is king, but it’s also slippery.

Earlier this week, news broke that the first 10 episodes of Netflix’s Orange Is The New Black had been released early on torrent sites. This is obviously painful for the subscription video giant because the women’s prison show has been one of its most popular properties. Netflix doesn’t share a lot of numbers, but its executives do often say that making it easy for customers to come and go is part of their business model.

It stands to reason that they see a big uptick in returning customers right before a piece of popular original content comes out. So releasing most of the season for free could hurt revenue.

There’s another, smaller but growing industry that relies on building buzz around content and releasing it on a predictable schedule, increasing demand as shows progress: podcasting. The most recent survey from Edison research suggests that 24 percent of Americans listen to podcasts on a monthly basis, and 44 percent of podcast listeners fall into the 18-34 year old age group.

Most podcasts are given away for free (though not all), but that doesn’t mean they want their work to go out early or to go on channels they don’t control. Additionally, branded content has been one of the most successful areas for revenue growth, as we have previously reported. When a big brand hires a company to produce programming that extols its virtues, it wants to control every facet of its distribution.

So we wondered: have podcasting companies thought through security practices to make sure episodes don’t get stolen early?

The industry has a lot in common with the original video industry. In particular, people work in different places, files get shared and different professionals work on different pieces of the overall production. One editor cuts it down, someone else might optimize the sound and another person comes in to add sound effects or music. The more offices a show gets shared with, the more chances a cybercriminal has to steal it.

“In short, file exchanges with production companies and client are largely done via Google Drive and Dropbox,” Corey Coates, a manager at podcast production company Podfly, wrote the Observer in an email. “From there, many production houses use Adobe Creative Cloud for collaboration with show runners, engineers, and producers.” Other sources with knowledge of the industry confirmed Coates’ account.

Coates added that some Podfly clients require sharing files using their own proprietary software, especially if they have regulatory compliance consers. Filesharing may be secure, but the Netflix hack showed that the computer a vendor downloads a file to still might not be.

The Observer reached out to many of the biggest companies in podcasting, both original content companies and producers for hire. Most of them did not reply. One of the newer companies, Brooklyn’s Two-Up Production which makes Limetown, sent us a candid reply, which we suspect reflects the general state of security in podcasting.

Co-founder Zack Akers wrote the Observer in an email that it had just begun thinking about more serious security protocols (perhaps as recently as our query). “We have started the process of making sure all our IP is stored on a private server with two-step verification as a bare minimum going forward,” he wrote, “but there will be more precaution taken beyond that, especially in light of recent events.”

The Observer has talked with companies whose technology may fit this kind of threat, but we’ve not had demonstrations of either. Both Vera and Sndr offer products that secure files at a distance. They claim to be able to place permissions on any file without creating additional friction for the end user. If a breach should occur and someone loses control of a file, both systems claim to be able to track the stolen copies and remove permissions. Once that happens, the files turn into encrypted blocks of nonsensical data, the digital equivalent of a brick.

“The actual economic impact of a breach is not super significant,” Erik Diehn, CEO of E.W. Scripps subsidiary Midroll Media, told the Observer in a phone call. While the industry is profitable and growing, the cost for losing any one show is not so great that his company has focused on adding steps into the production process to better secure content.

Midroll owns Earwolf, one of the most prominent podcasting networks, which makes shows like Sklarboro Country and Yo, is This Racist? It also produced a branded show for Casper, featuring comedian Chris Gethard. Despite the fact that it has responsibility for some of the medium’s best titles, Midroll’s threat model focuses more on protecting its customers, particularly user data for people using its podcasting app, Stitcher, especially the payment information for premium subscribers.

But if Earwolf had some shows stolen, it would probably do the same thing Netflix did, Diehn guessed: work with the police and refuse to pay. An early release would hurt, but it wouldn’t endanger the company. While he expects the day will come when a podcast could be worth as much to a network as Orange Is The New Black is worth to Netflix today, that future has not yet arrived.

And even then, they probably still wouldn’t pay.

 

 

 

The Podcasting Industry Still Hasn’t Dealt With Security Threats