New Market Found Tracing Illegal Swaps
By CHRISTOPHER KEOUGH
Staff Reporter
Hired to help track illegal sharing of copyrighted music files, a small North Hollywood software firm has found that some legitimate good has come from Napster.
Two-year-old Vidius Inc., backed by $6.5 million in venture capital, got its first big break when the Recording Industry Association of America and the Motion Picture Association of America contracted it to use its tracking technology to get a snapshot of file trading activity on the Internet.
“We started to log what was being hosted, requested and shared on the peer-to-peer networks,” said Derek Broes, chairman and chief executive. “What we found was astonishing.”
Broes was surprised to find that in swapping files employees also were providing access, wittingly or not, to scads of confidential and proprietary information on their company networks.
It wasn’t just corporations. Among the networks supporting significant peer-to-peer participants were the Social Security Administration and the U.S. Department of Defense. Broes said he immediately recognized that something was wrong.
“It posed a major problem because there would be no way to block (the files) if they were available in the distribution system,” he said. “A bigger issue and larger security flaw is that individuals can share the most confidential information of an organization and the administration would never know.”
That’s when it occurred to Broes there was an opportunity to give businesses a way to protect its proprietary data.
The company tweaked its software, called Port Authority, to give corporate officials the power to “safeguard” information stored on the company network. Once protected, the information cannot be sent out of the network.
Unhackable
Rather than adding something to a digital file to mark it as protected, Port Authority uses what’s called contextual psychophysical extraction. The process takes a digital fingerprint of the file that is stored on its server.
When the document moves through the server on its way out of the network, the Port Authority server recognizes the signature and blocks the exit. The server sends a message to the author of the document that someone tried to send it out of the system.
Because nothing is embedded in the file, there is nothing to hack or break. Broes said it not possible to cut and paste the text into another e-mail message or system.
When Broes took the results from the peer-to-peer monitoring exercise to the companies that were hosting thousands of files, some of them containing illicit materials such as kiddie porn, many executives reacted with ambivalence.
Broes thinks they will wake up when they realize their company secrets also are available for the taking. “They could bury their head about the kiddie porn, but they can’t bury their head about their own proprietary information,” he said.
Vidius spent the past year in development of Port Authority and released the first version Feb. 1. So far, the company has sold six licenses for the new product.
Licenses for the software range from $750 per month per user station to $300,000 annually for an entire company.
Thomas Lindeman, lead program manager for Microsoft Corp.’s Content Security Server Platform Group, said he’s especially interested in how the monitoring technology can be applied to Microsoft’s digital rights management servers. The digital rights servers create software that provides the key that protects e-books. Lindeman said Vidius can provide the follow-up service to make sure the protections are successful.
Vidius was backed by CAP Ventures Inc. of Norwell, Mass., STI Ventures of the Netherlands and Lexington Ventures. The company had revenues for the first time in the fourth quarter last year, booking $250,000 in deals from the entertainment companies.
