Download ADDENDUM B - WikiLeaks

yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

This Addendum B is attached to and a part of that certain Feature Film Offer dated
January 7, 2013 (the “Agreement”), between Sony Pictures Television Inc. (“Licensor”),
on the one hand, and E! Entertainment Television, LLC and G4 Media LLC (collectively,
“Licensee”), on the other hand. All defined terms used but not otherwise defined herein
shall have the meanings given them in the Agreement.
General Content Security & Service Implementation
Content Protection System. The Licensed Picture delivered to, output from or stored
on a device must be protected by a content protection system that includes digital rights
management, conditional access systems and digital output protection (each of which
shall be consistent with industry practice, but in no event less than the level of security
required hereunder) (such system, the “Content Protection System”).
The Content Protection System shall:
be approved in writing by Licensor (including any upgrades or new versions,
which Licensee shall submit to Licensor for approval upon such upgrades or
new versions becoming available, which approval Licensor shall not
unreasonably withhold), and
be fully compliant with all the compliance and robustness rules associated
therewith, and
use only those rights settings, if applicable, that are approved in writing by
The Content Protection System is considered approved without written Licensor
approval if it is either Microsoft WMDRM and meet the associated compliance and
robustness rules or is an implementation of one of the content protection systems set
forth immediately below approved by the Digital Entertainment Content Ecosystem
(DECE) for UltraViolet services, and said implementation meets the compliance and
robustness rules associated with the chosen UltraViolet content protection system,
provided however, (h) and (l) shall only be permissible when used with connected
devices without any digital output(s) unless supplemented with another . The DECEapproved content protection systems from the list below are:
a. Marlin Broadband
b. Microsoft Playready
c. CMLA Open Mobile Alliance (OMA) DRM Version 2 or 2.1
d. Adobe Flash Access 2.0 (not Adobe’s Flash streaming product)
e. Widevine Cypher ®
f. Adobe Flash Access (v.3) using HDS
g. Motorola Secure Media DRM
h. Two way, mutually authenticated SSL
i. Fairplay
j. Marlin MS3
Akamai HDS
One way SSL in conjunction with an additional device authentication
AES 128 bit (equivalent or better) encrypted HTTP Live Streaming (HLS)
Verimatrix ViewRight Web
For the avoidance of doubt.
Unencrypted streaming of licensed content is prohibited
Unencrypted downloads of licensed content is prohibited.
Generic Internet Streaming Requirements
The requirements in this section 2 apply in all cases.
Streams shall be encrypted using AES 128 (as specified in NIST FIPS197) or other robust, industry-accepted algorithm with a cryptographic
strength and key length such that it is generally considered
computationally infeasible to break.
Encryption keys shall not be delivered to clients in a cleartext (unencrypted) state.
The integrity of the streaming client shall be verified by the streaming
server before commencing delivery of the stream to the client.
Licensee shall use a robust and effective method (for example, short-lived
and individualized URLs for the location of streams) to ensure that
streams cannot be obtained by unauthorized users.
Microsoft Silverlight
The requirements in this section “Microsoft Silverlight” only apply if the Microsoft
Silverlight product is used to provide the Content Protection System.
Microsoft Silverlight is approved for streaming if using Silverlight 4 or later
Flash Streaming Requirements
The requirements in this section “Flash Streaming Requirements” only apply if the
Adobe Flash product is used to provide the Content Protection System.
Adobe Flash Access 2.0 or later versions of this product are approved for
Adobe RTMPE is NOT approved by Licensor and SHALL NOT be used to
protect Licensor content.
Apple http live streaming
The requirements in this section “Apple http live streaming” only apply if Apple http live
streaming is used to provide the Content Protection System.
Http live streaming on iOS devices may be implemented either using
applications or using the provisioned Safari browser.
The URL from which the m3u8 manifest file is requested shall be unique
to each requesting client.
The m3u8 manifest file shall only be delivered to requesting
clients/applications that have been authenticated in some way as being an
authorized client/application.
The streams shall be encrypted using AES-128 encryption (that is, the
METHOD for EXT-X-KEY shall be ‘AES-128’).
The content encryption key shall be delivered via SSL (i.e. the URI for
EXT-X-KEY, the URL used to request the content encryption key, shall be
a https URL).
Output of the stream from the receiving device shall not be permitted
unless this is explicitly allowed elsewhere in the schedule. No APIs that
permit stream output shall be used in applications (where applications are
The client shall NOT cache streamed media for later replay (i.e. EXT-XALLOW-CACHE shall be set to ‘NO’).
iOS implementations (either applications or implementations using Safari
and Quicktime) of http live streaming shall use APIs within Safari or
Quicktime for delivery and display of content to the greatest possible
extent. That is, implementations shall NOT contain implementations of
http live streaming, decryption, de-compression etc but shall use the
provisioned iOS APIs to perform these functions.
iOS applications, where used, shall follow all relevant Apple developer
best practices and shall by this method or otherwise ensure the
applications are as secure and robust as possible.
Security updates
Licensee shall have a policy which ensures that clients and servers of the
Content Protection System are promptly and securely updated in the
event of a security breach (that can be rectified using a remote update)
being found in the Content Protection System and/or its implementations
in clients and servers.
Licensee shall have a policy which ensures that clients and servers of the
Content Protection System are promptly and securely updated with
updates received from the provider of the Content Protection System.
Filtering Licensor Content from Un-trusted Sources
Where the Licensed Service supports upload of user-generated content,
Licensed Service shall prevent the unauthorized delivery and distribution of
Licensor’s content from un-trusted sources (for example, user-generated / useruploaded content) using an industry standard content filtering technology.
Account Authorization.
Content Delivery. Unless the service is free and available to unregistered
users, content shall only be delivered from a network service to a single
user with an account using verified credentials. Account credentials must
be transmitted securely to ensure privacy and protection against attacks.
Services requiring user authentication:
The requirements in this sub-section do not apply if services do not
require any user authentication.
The credentials shall consist of at least a User ID and password of
sufficient length to prevent brute force attacks.
Licensee shall take reasonable steps to prevent users from sharing
account access.
PVR Requirements.
Any device receiving playback licenses must not
implement any personal video recorder capabilities that allow recording, copying,
or playback of any protected content except to allow time-shifted viewing on the
recording device or as explicitly allowed elsewhere in this agreement.
Removable Media. The Content Protection System shall prohibit recording of
protected content onto recordable or removable media, except in an encrypted
form or as explicitly allowed elsewhere in this agreement.
Digital Outputs.
11.1. The Content Protection System shall prohibit digital output of decrypted
protected content. Notwithstanding the foregoing, a digital signal may be
output if it is protected and encrypted by High Definition Copy Protection
(“HDCP”) or Digital Transmission Copy Protection (“DTCP”).
11.2. Exception Clause for Standard Definition, Uncompressed Digital
Outputs on Windows-based PCs and Macs running OS X or higher):
HDCP must be enabled on all uncompressed digital outputs (e.g. HDMI,
Display Port), unless the customer’s system cannot support HDCP (e.g.,
the content would not be viewable on such customer’s system if HDCP
were to be applied)
Upscaling: Device may scale the Licensed Picture in order to fill the screen of
the applicable display; provided that Licensee’s marketing of the Device shall not
state or imply to consumers that the quality of the display of any such upscaled
content is substantially similar to a higher resolution to the Licensed Picture’s
original source profile (i.e. SD content cannot be represented as HD content).
Embedded Information
Watermarking. The Content Protection System or playback device must not
remove or interfere with any embedded watermarks or other embedded
information in licensed content.
Notwithstanding the above, any alteration, modification or degradation of such
copy control information and or watermarking during the ordinary course of
Licensee’s distribution of licensed content shall not be a breach of this
Embedded Information Section.
The Content Protection System shall take affirmative, reasonable measures to
restrict access to Licensor’s content to within the territory in which the content
has been licensed.
Licensee shall periodically review the geofiltering tactics and perform upgrades to
the Content Protection System to maintain “industry standard” geofiltering
Without limiting the foregoing, Licensee shall utilize geofiltering technology in
connection with each Customer Transaction that is designed to limit distribution
of the Licensed Picture to Customers in the Territory, and which consists of (i) IP
address look-up to check for IP address within the Territory, and (unless the
service is free) (ii) a non-IP based geofiltering mechanism, such as checking that
the institution which provided a user credit card or bank account is in Territory..
Network Service Protection Requirements.
All licensed content must be protected according to industry best practices at
content processing and storage facilities.
Access to content in unprotected format must be limited to authorized personnel
and auditable records of actual access shall be maintained.
All facilities which process and store content must be available for Licensor
audits, which may be carried out by a third party to be selected by Licensor, upon
the request of Licensor.
Content must be returned to Licensor or securely destroyed pursuant to the
Agreement at the end of such content’s license period including, without
limitation, all electronic and physical copies thereof.
Security and Territorial Breach
“Security Breach” shall mean a condition that results, or in Licensor’s reasonable, good faith
opinion is likely to result in, (i) the unauthorized availability of any Licensed Picture licensed
hereunder as a result of a breach in the content protection measures specified in this Schedule C,
(ii) a circumvention or failure of Licensee’s (or its affiliates’) secure distribution system,
geofiltering technology or physical facilities, which condition(s) may, in the reasonable good faith
judgment of Licensor, result in actual, material harm to Licensor, or (iii) a failure of any of
Licensee’s affiliates to implement the requirements set forth herein or the level of content
protection security otherwise required pursuant to the Agreement.
“Territorial Breach” shall mean a Security Breach that creates a risk that any of the Licensed
Pictures will be delivered to persons outside the Territory, where such delivery outside the
Territory may, in the sole good faith judgment of Licensor, result in actual, material harm to
Suspension Notice. Licensee shall use commercially reasonable efforts to notify Licensor upon
learning of the occurrence of any Security Breach or Territorial Breach, and shall provide Licensor
with specific information describing the nature and extent of such occurrence. Licensor shall
have the right to suspend the availability (“Suspension”) of its Licensed Pictures on the
platform(s) where such films are being made available at any time during the applicable License
Periods in the event of a Security Breach or Territorial Breach by delivering a written notice to
Licensee of such suspension (a “Suspension Notice”). Upon its receipt of a Suspension Notice,
Licensee shall take steps immediately to remove the affected Licensed Pictures or make the
Licensed Pictures inaccessible from such platform(s) as soon as commercially feasible (but in no
event more than three (3) calendar days after receipt of such notice). With respect to suspension
pursuant to subsections 19(i) and 19(ii) above, Licensor shall exercise its Suspension rights
against Licensee only insofar as Licensor exercises such right fairly against all other similarlysituated licensees of similar content in the Territory that are using the same compromised
security solution/DRM and any suspension notice delivered to Licensee shall only be effective if it
describes with reasonable specificity the reasons for such Suspension. Licensor’s sole remedy
against Licensee or the owner of any Licensed Service relating to a Security Breach or a
Territorial Breach shall be as set forth in this Section 21 (other than where Licensee and/or an
owner of a Licensed Service fails to comply with any of the requirements set forth in this Section
Reinstatement/Termination. If the cause of the Security Breach that gave rise to a Suspension
is corrected, repaired, solved or otherwise addressed in the sole, reasonable judgment of
Licensor, the Suspension shall terminate upon written notice from Licensor and Licensee’s right
to make the Licensed Pictures available on the platforms affected by the Security breach or
Territorial Breach shall immediately resume.