What can studios do to protect themselves when high-profile recordings get leaked?
When music gets leaked — when a track escapes the possession of its handlers before it’s officially released for sale — it can be embarrassing, as when Britney Spears’ untuned vocals for ‘Alien’ found their way onto the Internet. But it’s also part of what’s estimated to be the $12.5 billion annual cost of music piracy. While leaks of pre-release music resulting in substantial consequences have been with us since roughly the 1970s, they remain a huge problem today, especially at a time when so much of the industry’s revenue comes from a much smaller collection of recordings. Hence the level of panic when snippets of Adele’s album 25 were leaked before its official release last November.
Leaks can come from a lot of places, often as a result of someone in an entourage or posse being careless (or malicious) with a file, or the familiar trope of the disgruntled employee in the record-label mailroom. Unfortunately, though, recording studios tend to attract an undue amount of suspicion. Given their role in the creation of music, this may not be that surprising, and certainly more than a few tracks have illicitly escaped from studios over the years. But those incidents are far fewer than one might suspect, if for no other reason than that most astute studio owners recognise that they would be in the crosshairs early on in the event of a leak.
Studio owners and managers have developed protocols to help prevent leaks. These involve things as simple as locking storage rooms and limiting access to recording and mix areas, to more sophisticated methods that include detailed documentation of the chain of custody of hard drives and computers.
However, a more formal solution for this is possible. The Content Delivery & Security Association (CDSA) advocate “responsible delivery and storage of entertainment, software and information content”. They are the successors to the International Recording Media Association (IRMA), which managed content protection and anti-piracy programs for CD and DVD manufacturing plants and film studios. For a fee, the IRMA and later the CDSA would evaluate a facility and its workforce, make recommendations to enhance their security, train workers in security procedures and provide certification of compliance with their protocols.
For the past two years, the CDSA have been experimenting with a version of this service for recording studios. The Music Recording Studio Security program (MRSSP) visits studios to perform an assessment of their ability to secure and protect physical and digital media assets. A CDSA auditor visits the facility and after an assessment identifies areas of concern, offers training on addressing them and then determines if the facility has properly implemented their recommendations. The CDSA will then issue a certificate of compliance, renewable once a year upon a subsequent inspection.
The MRSSP remains a pilot program at this point, funded initially by one of the major record labels as a trial (Chris Johnson, the CDSA’s global director of anti-piracy & compliance programs, could not yet disclose which one it is because the program is still being evaluated). But the initial round of facilities is noteworthy, including Doppler Studios in Atlanta, Sterling Sound and Jungle City in New York, hip-hop destination Mixstar Studios in Virginia Beach, and Studios At The Palms in Las Vegas.
Zoe Thrall, the director of Studios At The Palms for their entire 11-year history and before that the major domo at The Hit Factory in Manhattan, says the auditing process, which the studio underwent in 2014, entailed few changes to the procedures she already had in place, such as never allowing the Pro Tools rigs to be connected online except to update software, and keeping a log of access and custody as part of a project’s work order. In fact, she cannot recall having to show the certificate of compliance to any client. Rather, she says, “I think of it like an insurance policy,” there in the event that the studio’s handling of any content is ever called into question. She also agrees that the audit process itself was beneficial in that it raised awareness of the need to keep content secure, a useful refresher course in common sense when it comes to handling something as ephemeral as a data file — especially one that also comes with a statutory $150,000 penalty for willful or negligent misuse if you’re found liable.
Over at Doppler Studios in Atlanta, co-owner Joe Neil has derived a similar, mostly perceptual benefit from the certification. “So far, the only record label to appreciate it has been Sony,” he told me. But, he adds more significantly, Doppler do a good bit of ADR for film and television, “and we point [the certification] out to the film companies,” who presumably take notice. Piracy and leaks also plague the cinema business, and the stakes in that industry are considerably higher than those in the music business.
The audit isn’t cheap — the fee will be $6000 for the initial assessment and $3600 for renewals — and at those prices the program likely won’t get many takers outside of the highest echelons of the commercial studio world. However, as Johnson points out, volume discounts could become available (perhaps through trade organisations), and compared to the cost of being prosecuted for an infringement, the cost doesn’t seem unreasonable. “We’re very hopeful that once we have closed out the best way forward for the program, the support will grow very quickly,” Johnson said in an email.
If it doesn’t, the scheme will at least have defined the idea in a highly structured and logical way, and more importantly it will have produced a base set of guidelines and best practices for studios’ security and the content held in their custody. For studios in the line of fire in the complex world of content, this could be a useful sort of bulletproof vest.