When threat models collide

| | Comments (0) | TrackBacks (0)

Roger Ebert has often written negatively about 3D - he believes it's basically a mistake and audiences don't care about it.

But this is interesting: apparently the advent of 3D projectors is severely cutting the amount of light that reaches the screen because projectionists are not changing out the 3D lenses for 2D screenings as they should. (There are also, as Ebert writes in his blog entry on the subject other reasons: theaters deliberately reduce the wattage to projectors thinking the bulbs will last longer). The result is dim, murky images, reducing still further the reasons to choose to go to theaters to see movies rather than stay home and wait to see them on DVD in a setting you can control. Either that, or you go to Roger Ebert's Film Festival because the screenings there are the best in the world.

But this bit from that entry, quoted from Ty Burr in the Boston Globe struck me as a great example of the issues we frequently talk about in security and usability.

Ty Burr writes: "So why aren't theater personnel simply removing the 3-D lenses? The answer is that it takes time, it costs money, and it requires technical know-how above the level of the average multiplex employee. James Bond, a Chicago-based projection guru who serves as technical expert for Roger Ebert's Ebertfest, said issues with the Sonys are more than mechanical. Opening the projector alone involves security clearances and Internet passwords, 'and if you don't do it right, the machine will shut down on you.' The result, in his view, is that 'often the lens change isn't made and audiences are getting shortchanged'."

Hollywood is making a trade-off here: believing that 3D and digital are the new technologies that will get people back into theaters BUT believing that anything not locked down will be copied and redistributed without payment, the studios et al have opted to secure the projectors. Understandable. But in doing so, they've made it difficult for the people running the projectors to do their jobs properly. So they don't, and the long-term consequence will be the alienation of customers and loss of revenues. I'm sure there were better solutions to how to design projectors securely, but, as so often, when the designers developed the projector's security, they failed to consider who would be using it, their level of technical capabilities, and their own internal risk model ("If I do this complicated and difficult thing and make a mistake the projector will lock up and the screening will have to be canceled and I'll probably get fired.") The upshot is poor design that defeats the purpose. We see this all the time in security systems, where by imposing security requirements that make it harder for people to do their jobs they come up with workarounds. Normally the consequence is poorer security - the guy who props the access-coded door open because otherwise he has to keep getting up to open it, or the post-it notes with passwords written on them pasted to doors and computer screens. In this case, the consequence is unhappy customers and, likely, eventually, loss of business. (For which they will blame file-sharing.)

So in this case, Hollywood's threat model of losing revenues through unauthorized copying and redistribution overpowered its *other* threat model of losing business to home entertainment systems and Blu-Ray. At the projector level, I'd have thought the latter was the worse threat.

0 TrackBacks

Listed below are links to blogs that reference this entry: When threat models collide.

TrackBack URL for this entry: http://www.pelicancrossing.net/cgi-sys/cgiwrap/wendyg/managed-mt/mt-tb.cgi/335

Leave a comment

About this Entry

This page contains a single entry by Wendy M. Grossman published on May 25, 2011 3:33 PM.

Ebertfest 2011 - Sunday was the previous entry in this blog.

Thoughts after YRS2011 is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.