It seems like for the last few years, on an almost monthly basis, we are alerted to some major company getting “hacked,” and all of our credit card and private information is stolen- major box retailers, healthcare providers, and even two of the three major credit companies. Couple that with the Edward Snowden NSA revelations, and the celebrity nude photo leaks, and there’s a lot of reason to err on the side of caution to protecting your professional and private assets (let alone if you’re filming a person in conflict with their own country, like Aung San Suu Kyi). Client projects often require filmmakers to handle sensitive information- whether for internal use, or under embargo for a scheduled release- and we sometimes film talent saying or doing things not meant for public release. Though most filmmakers and production houses handle client assets with care, we’re now fortunately in a time when software and hardware-based encryption is cheap, plentiful, and has a negligible effect to production workflows.
Here are a few steps to increase the security of your production data.
- Format and re-format your storage.
At the start of every production, there will be the flash media that the camera live-records to, and where you’ll put your media to send to the Edit Bay. Unfortunately no camera live-encrypts footage as it’s being shot (at least no professional production camera), so you’ll only be able to prep the drives you use for offloading and backing up your data.
Some hackers have been able to break into the encryption of a hard drive by accessing the root structure, which would be like termites invading wood beams before construction on a house has even begun. When you order a new drive, you should plan for 2-4 days (depending on the size of the drive) to completely format and re-format the drive multiple times- essentially forcing every bit to uniformly be a “1,” then be a “0;” all 1-6 terabytes. Three times is typical, though seven times will be enough if you have the time available (it will take the better part of a week just to get through this step if you have a 6TB drive).
Disk Utility on MacOSX can do this, DBAN can do this as well.
- Encrypt your storage from the beginning.
It’s important that encryption has been set up before any useful data has been put into the drive, so the next step is to immediately select and install an encryption option. MacOSX has FileVault 2 installed into the operating system, so the computer’s performance will take a negligible hit when in use. VeraCrypt is an open-source encryption program that is also great and easy to use.
- Create unique keys and passwords, and store them in secure places.
Most hackers do not bother attempting to decrypt the encrypted data directly, but instead try to guess what would be the user’s password. Passwords like “p@ssw0rd,” and “abc123” are so common, and easy for an automated program to attempt, that breaking into your data will take seconds, no matter how strong the encryption program. Also, using a complex password in more than one location, (if “Tr0ub4dor&3” is your email password and your hard drive encryption key, and your email password was hacked somewhere else, your email password will be the first guess of a hacker), is just as bad as a poor password.
Create unique, long passwords of random characters- upper case, lower case, numbers, and punctiation characters- and save them in a password vault like LastPass or 1Password. These are two apps that can retrieve your password on your phone, so writing the password down on a Post-It note for convenience won’t be necessary.
- Add additional security measures wherever possible.
A security protocol used for years by major security companies and banks has recently been adopted to smartphones, and is being utilized for website logins. 2-Factor Authentication verifies your identity by two factors: something you know (your password), and something you have (your smartphone, which most people always have with them). You can enable 2-Factor Authentication for many major websites, like Google, Facebook, and Amazon, and there are some apps that allow you to install two-factor authentication on your own system. 2-Factor Authentication will not be ideal for sharing drives and assets among multiple parties, so will be best used in post-production for archive, or client approval (if you’ve set up your own server, you can add 2-factor to the client login options).
Most filmmakers already apply professionalism and care in handling client assets and confidential information, but encryption in video production should quickly become standard in handling all projects. Fortunately, the tools available for even the most basic encryption are easy to use, free, and convenient in practical use-cases between Producers and clients. Security is typically ignored or under-recognized until something goes wrong, but with just these four simple points, you can prevent most possible problems.
Sure enough, a few days after posting this, Bittorrent has updated Bittorrent Sync to include an Encrypted Folder that allows users to work off of an “encrypt at rest” folder. I’ve already shared finished assets to clients with Bittorrent Sync (when the file sizes were so large that the upload wait times on FTP and Dropbox were going to last ~12 hours), but now I have to try the app as a cloud-based workflow to edit remotely when they use video editing as an example:
An example use case for the encrypted folder is using Sync to share cuts of a promotional video with a client. You can create a folder with the edited cuts on two machines A and B using a Read-Write key. This way you can edit on multiple machines and have the data in the folder automatically sync… It can then be used as an offsite backup and ensure availability of the files in case your machines are offline. Finally, you can provide the Read-Only key to your client so they can see the videos, but not modify or delete them.
How great is that? Not only can you share assets with clients quickly, easily, and with secure encryption, but can even perform live edits with your own footage, so long as you have a steady connection.