Colleges Need to Safeguard Video in a Standards-Based World
We are duty-bound to protect our educators’ intellectual property and, even more importantly, to protect the privacy of our students, who may be required to produce videos as a graded activity in their coursework. Video can be an intensely personal form of expression and a powerful weapon in the hands of a technologically savvy school bully. Responsible stewardship of a video-hosting service used for educational media requires state-of-the-art countermeasures against piracy.
Maintaining content security means simply keeping the toothpaste in the tube: You limit access to a piece of media to just those people who are authorized to view it and to just when they’re authorized to view it. The traditional defensive strategy relies on three features of prevention. First, keep anyone from seeing the content by password protecting access to a page containing a piece of media. Beyond that first line of defense, the next task is to keep people who do have access from sharing it with others. Third, prevent the more common act of downloading the video so it can be re-hosted on an unprotected service.
Pre-HTML5, we offered these protections by means of end-to-end proprietary technology, typically a real-time messaging protocol (RTMP) media server and a custom-compiled video player running in a Flash Player browser plug-in. All of this was opaque to standard browser-based debugging tools, and idiosyncrasies built into any given RTMP host and player setup protected it against general-purpose RTMP ripping tools. The most likely way that the content would be compromised is by the old-fashioned technique: recording the screen with a video camera.
Based on vanilla HTTP, these content delivery methods are easily inspected and spoofed with standard browser debugging tools. Since these delivery protocols are “standards-based” by definition, there’s little room to carve out idiosyncratic protection-by-obfuscation schemes to protect your small-potatoes host from the standard HTTP Live Streaming (HLS)-ripping tools built to attack the big players. In other words, if you’re doing what everyone else is doing, then you can’t make yourself a nuisance to those who would attack those you’re imitating. Absent investment in a DRM scheme for your school, that’s the best we can hope for, and truthfully, what we’ve relied on all along—that we can outlast the attackers’ patience and keep the targets moving.
To that end, an appealing strategy is to eschew the dominant HTTP media delivery protocols in favor of a cross-browser, bidirectional, streaming transport mechanism, namely encrypted websockets. We know that websockets can support the scale needed for educational media delivery, because we saw RTMP hold up well at our predictable scales. There are at least two commercial media server platforms already offering media streaming over websockets to MediaSource objects: EvoStream and Unreal Media. Neither promote the technology for improved content security; they say it’s for RTMP-quality startup latency. But using a persistent, bidirectional connection also restores RTMP’s benefits of better QoS, faster seek-times, and opportunities to add idiosyncratic security challenges for maintaining the connection.
[This article appears in the June 2017 issue of Streaming Media Magazine as "Protecting Content in a Standards-Based World."]
Over half of higher education institutions now have a video solution integrated with their learning management solution, and video use is growing across the board.
Technical snafus can disrupt lectures and frustrate instructors. For strong results, colleges and universities need to think about training ahead of time.
Video advocates must continually work with (sometimes reluctant) professors to understand the power of video and to find a simple way to deliver it to students who are using a variety of equipment, software, and internet connection speeds.