- Tools & Templates
- Security Jobs
- Data Protection
- Identity & Access
- Business Continuity
- Physical Security
- Security Leadership
Dirty Trailers, Cheap Tricks
This morning, the New York Times has a nice story on gateways to online movie trailers that contain adult content. Trailers online will be preceded by colored tags, just like the green one you see in theaters that indicates the preview is acceptable for anyone watching. A yellow tag indicates the trailer may include PG-13ish content and a red one indicates an R-rated trailer, as it does in theaters, though red tags are rarely used in theaters.
The trailers that appear on the studios' movie sites, the story said, also have time of day restrictions, ostensibly viewable only between 9 p.m and 4 a.m.
Marilyn Gordon of the Motion Picture Association of America was quoted saying, “We want to protect children. That is our job."
Which is laughable.
Using an honor system gateway in which authorization is based on trusting the consumer entering the data is, putting it mildly, a joke.
Take the red-tag, R-rated preview available now for the movie Superbad. This is its gateway:
Note the disclaimer at the bottom which says I must be 18 and have a valid driver's license for some third-party company to verify my information against public records. Why does this company have access to government records about me? And how does it distinguish one John Smith against another? Questions for another day because, as you'll see, I don't think the fact I supposedly authorized this act means that it actually happened.
I gave the sonypictures.com trailer gateway a full test. First, I tried to enter no information at all and hit enter. It told me to enter information in each field. Good. Then I just put in a birth date--not mine but one within the age requirement--to see if that's all it was really looking for, but it still asked me for a name and ZIP code. Good. (For security anyway, bad in the sense that the ancillary function of the gateway could be to collect a demographic profile, most likely for marketing purposes, though the disclaimer at the bottom says Sony will not do so).
So I added a fake name, John Doe, and fake ZIP (99999) along with a valid DOB. This time it popped to a screen that said, try again, like this:
I never received a message that said, explicitly, the age you entered is too young to view this material, or the ZIP code you entered does not exist. The message only told me my information "cannot be processed" which sounds almost more like an accident or traffic congestion more than a security stop. It would have been helpful to know why my request could not be processed.
At any rate, the checkpoint seemed to check for a valid DOB and against a list of valid ZIPs; that's better than many gateways which will take 00000 and 99999 as ZIPs. So finally, I put in a fake name, a fake but valid DOB and a valid ZIP code that wasn't mine, like this:
And the trailer played, starting with the red tag:
That meant that either it was just looking for the DOB and a valid ZIP or that this VeriFAC company was able to locate a John Doe born on August 8, 1920 in some government record it accessed, as the disclaimer told me I had authorized it to do. I'm going to go ahead and guess that VeriFAC didn't check any records. What's more, all this took place today, at 10 a.m. EDT! So much for the time restrictions on viewing racy material.
Just as a final proof I'm not making this up, here's a screen grab of the actual trailer playing:
Interestingly, I tried again and made myself one year older. Like this:
Guess what? It denied me access to the trailer and told me to try again. I tried several more dates before 1920 and kept getting the try again screen. Whoever designed the gateway had determined that you can be too old to view adult material as well as too young, and 88 years old is the cut-off. Nonogenarians fight for your rights!
Actually, what they've probably done is decide that so few 90-year olds are surfing the net for R-Rated trailers that anyone entering such a date is likely to be underage or a snarky liar (like me!). And they're probably right.
But so what? The key takeaway here is that if I were 13, I could easily access the red-tag trailer. The gateway trusts that the person entering data is honest. Imagine if at theaters all you had to do to get into a Rated-R movie was say you were 50 years old, even if you were four-ten and a hundred and six pounds with pimples. "You say you're 50? Okay, go on in."
What's more, it's trivial stuff to simply download the trailer and then make it available to others sans gateway, on your own website, or on a peer-to-peer network. It may be illegal but so is downloading copyrighted music on p2p networks and that's happening every second of every day.
The chief executive of a watchdog group Common Sense Media says in the story, "The crux of it will be, how good are the safeguards?"
They are perfectly useless.
Then the question becomes, why bother with an easily defeated security measure at all? What's the point? The second half of the quote from MPAA's Gordon offers clues. After she said the MPAA wanted to protect children she added: "We also want to be able to allow our distributors more flexibility in their marketing materials.”
As the Times story points out, since the FCC's blasting of Hollywood in 2000, when it claimed it marketed inappropriate material to children, red-tag trailers have virtually disappeared from theaters. The Internet, where the audience is vast in ways a few thousand dark rooms never will be, is a place and a chance to start injecting trailers with more adult content again in hopes those flashes of violence and nudity in the previews will promise the person watching the trailer "there's more where that came from" and draw them into the theaters.
Security gateways on movie trailers could even be thought of, insidiously, as a way to market to a teen audience. Like those Parental Advisory - Explicit Lyrics stickers on CDs that were meant as a security safeguard. Instead, they served as a way to market to kids--Your parents don't want you to hear this--because it was an easily bypassed security measure. Now we have online trailers and the security gateways are meant to protect children, but really don't they beckon them? And when the teens come, all they have to do is fib about their age to get access, apparently at any time of day.
It seems like "We want to protect children" really means, We want to give the appearance that we've made an effort to protect children. If they really wanted to protect children, they wouldn't use the honor system as the sole safeguard standing between previews filled with sex and violence and Internet-savvy kids who can, in a matter of seconds, beat the impotent little system.
Thanks to cloud computing, your business data is everywhere and being accessed by everyone. Making the wrong decision to protect your data can result in high costs, increased risk and executive exposure. View this live webinar on cloud security and the evolving data center, and learn why a data-centric approach to security is the best bet for today's virtual environment.
- Redefine Business Portability
- Prevent Mobile Devices from Loading Dangerous Code
- Expanding Your Security Perimeter: Common Sense for Navigating Today's Threat Landscape
- Fighting Fraud Videos: IBM Intelligent Investigation Manager
- IBM Intelligent Investigation Manager: Online Product Demo
- Webinar: IBM IIM for Fraud, Abuse and Waste in Government