ADDENDUM B CONTENT PROTECTION REQUIREMENTS AND OBLIGATIONS This Addendum B is attached to and a part of that certain Feature Film Offer dated January 7, 2013 (the “Agreement”), between Sony Pictures Television Inc. (“Licensor”), on the one hand, and E! Entertainment Television, LLC and G4 Media LLC (collectively, “Licensee”), on the other hand. All defined terms used but not otherwise defined herein shall have the meanings given them in the Agreement. General Content Security & Service Implementation Content Protection System. The Licensed Picture delivered to, output from or stored on a device must be protected by a content protection system that includes digital rights management, conditional access systems and digital output protection (each of which shall be consistent with industry practice, but in no event less than the level of security required hereunder) (such system, the “Content Protection System”). The Content Protection System shall: (i) be approved in writing by Licensor (including any upgrades or new versions, which Licensee shall submit to Licensor for approval upon such upgrades or new versions becoming available, which approval Licensor shall not unreasonably withhold), and (ii) be fully compliant with all the compliance and robustness rules associated therewith, and (iii) use only those rights settings, if applicable, that are approved in writing by Licensor. The Content Protection System is considered approved without written Licensor approval if it is either Microsoft WMDRM and meet the associated compliance and robustness rules or is an implementation of one of the content protection systems set forth immediately below approved by the Digital Entertainment Content Ecosystem (DECE) for UltraViolet services, and said implementation meets the compliance and robustness rules associated with the chosen UltraViolet content protection system, provided however, (h) and (l) shall only be permissible when used with connected devices without any digital output(s) unless supplemented with another . The DECEapproved content protection systems from the list below are: a. Marlin Broadband b. Microsoft Playready c. CMLA Open Mobile Alliance (OMA) DRM Version 2 or 2.1 d. Adobe Flash Access 2.0 (not Adobe’s Flash streaming product) e. Widevine Cypher ® f. Adobe Flash Access (v.3) using HDS g. Motorola Secure Media DRM h. Two way, mutually authenticated SSL i. Fairplay j. Marlin MS3 k. l. m. n. 1. Akamai HDS One way SSL in conjunction with an additional device authentication AES 128 bit (equivalent or better) encrypted HTTP Live Streaming (HLS) Verimatrix ViewRight Web Encryption. For the avoidance of doubt. 2. 1.1. Unencrypted streaming of licensed content is prohibited 1.2. Unencrypted downloads of licensed content is prohibited. Generic Internet Streaming Requirements The requirements in this section 2 apply in all cases. 3. 2.1. Streams shall be encrypted using AES 128 (as specified in NIST FIPS197) or other robust, industry-accepted algorithm with a cryptographic strength and key length such that it is generally considered computationally infeasible to break. 2.2. Encryption keys shall not be delivered to clients in a cleartext (unencrypted) state. 2.3. The integrity of the streaming client shall be verified by the streaming server before commencing delivery of the stream to the client. 2.4. Licensee shall use a robust and effective method (for example, short-lived and individualized URLs for the location of streams) to ensure that streams cannot be obtained by unauthorized users. Microsoft Silverlight The requirements in this section “Microsoft Silverlight” only apply if the Microsoft Silverlight product is used to provide the Content Protection System. 3.1. 4. Microsoft Silverlight is approved for streaming if using Silverlight 4 or later version. Flash Streaming Requirements The requirements in this section “Flash Streaming Requirements” only apply if the Adobe Flash product is used to provide the Content Protection System. 4.1. Adobe Flash Access 2.0 or later versions of this product are approved for streaming. 4.2. Adobe RTMPE is NOT approved by Licensor and SHALL NOT be used to protect Licensor content. 5. Apple http live streaming The requirements in this section “Apple http live streaming” only apply if Apple http live streaming is used to provide the Content Protection System. 6. 5.1. Http live streaming on iOS devices may be implemented either using applications or using the provisioned Safari browser. 5.2. The URL from which the m3u8 manifest file is requested shall be unique to each requesting client. 5.3. The m3u8 manifest file shall only be delivered to requesting clients/applications that have been authenticated in some way as being an authorized client/application. 5.4. The streams shall be encrypted using AES-128 encryption (that is, the METHOD for EXT-X-KEY shall be ‘AES-128’). 5.5. The content encryption key shall be delivered via SSL (i.e. the URI for EXT-X-KEY, the URL used to request the content encryption key, shall be a https URL). 5.6. Output of the stream from the receiving device shall not be permitted unless this is explicitly allowed elsewhere in the schedule. No APIs that permit stream output shall be used in applications (where applications are used). 5.7. The client shall NOT cache streamed media for later replay (i.e. EXT-XALLOW-CACHE shall be set to ‘NO’). 5.8. iOS implementations (either applications or implementations using Safari and Quicktime) of http live streaming shall use APIs within Safari or Quicktime for delivery and display of content to the greatest possible extent. That is, implementations shall NOT contain implementations of http live streaming, decryption, de-compression etc but shall use the provisioned iOS APIs to perform these functions. 5.9. iOS applications, where used, shall follow all relevant Apple developer best practices and shall by this method or otherwise ensure the applications are as secure and robust as possible. Security updates 6.1. Licensee shall have a policy which ensures that clients and servers of the Content Protection System are promptly and securely updated in the event of a security breach (that can be rectified using a remote update) being found in the Content Protection System and/or its implementations in clients and servers. 6.2. 7. Licensee shall have a policy which ensures that clients and servers of the Content Protection System are promptly and securely updated with updates received from the provider of the Content Protection System. Filtering Licensor Content from Un-trusted Sources Where the Licensed Service supports upload of user-generated content, Licensed Service shall prevent the unauthorized delivery and distribution of Licensor’s content from un-trusted sources (for example, user-generated / useruploaded content) using an industry standard content filtering technology. 8. Account Authorization. 8.1. Content Delivery. Unless the service is free and available to unregistered users, content shall only be delivered from a network service to a single user with an account using verified credentials. Account credentials must be transmitted securely to ensure privacy and protection against attacks. 8.2. Services requiring user authentication: The requirements in this sub-section do not apply if services do not require any user authentication. The credentials shall consist of at least a User ID and password of sufficient length to prevent brute force attacks. Licensee shall take reasonable steps to prevent users from sharing account access. 9. PVR Requirements. Any device receiving playback licenses must not implement any personal video recorder capabilities that allow recording, copying, or playback of any protected content except to allow time-shifted viewing on the recording device or as explicitly allowed elsewhere in this agreement. 10. Removable Media. The Content Protection System shall prohibit recording of protected content onto recordable or removable media, except in an encrypted form or as explicitly allowed elsewhere in this agreement. Outputs 11. Digital Outputs. 11.1. The Content Protection System shall prohibit digital output of decrypted protected content. Notwithstanding the foregoing, a digital signal may be output if it is protected and encrypted by High Definition Copy Protection (“HDCP”) or Digital Transmission Copy Protection (“DTCP”). 11.2. Exception Clause for Standard Definition, Uncompressed Digital Outputs on Windows-based PCs and Macs running OS X or higher): HDCP must be enabled on all uncompressed digital outputs (e.g. HDMI, Display Port), unless the customer’s system cannot support HDCP (e.g., the content would not be viewable on such customer’s system if HDCP were to be applied) 12. Upscaling: Device may scale the Licensed Picture in order to fill the screen of the applicable display; provided that Licensee’s marketing of the Device shall not state or imply to consumers that the quality of the display of any such upscaled content is substantially similar to a higher resolution to the Licensed Picture’s original source profile (i.e. SD content cannot be represented as HD content). Embedded Information 13. Watermarking. The Content Protection System or playback device must not remove or interfere with any embedded watermarks or other embedded information in licensed content. 14. Notwithstanding the above, any alteration, modification or degradation of such copy control information and or watermarking during the ordinary course of Licensee’s distribution of licensed content shall not be a breach of this Embedded Information Section. Geofiltering 15. The Content Protection System shall take affirmative, reasonable measures to restrict access to Licensor’s content to within the territory in which the content has been licensed. 16. Licensee shall periodically review the geofiltering tactics and perform upgrades to the Content Protection System to maintain “industry standard” geofiltering capabilities. 17. Without limiting the foregoing, Licensee shall utilize geofiltering technology in connection with each Customer Transaction that is designed to limit distribution of the Licensed Picture to Customers in the Territory, and which consists of (i) IP address look-up to check for IP address within the Territory, and (unless the service is free) (ii) a non-IP based geofiltering mechanism, such as checking that the institution which provided a user credit card or bank account is in Territory.. Network Service Protection Requirements. 18. All licensed content must be protected according to industry best practices at content processing and storage facilities. 19. Access to content in unprotected format must be limited to authorized personnel and auditable records of actual access shall be maintained. 20. All facilities which process and store content must be available for Licensor audits, which may be carried out by a third party to be selected by Licensor, upon the request of Licensor. 21. Content must be returned to Licensor or securely destroyed pursuant to the Agreement at the end of such content’s license period including, without limitation, all electronic and physical copies thereof. Security and Territorial Breach 1. “Security Breach” shall mean a condition that results, or in Licensor’s reasonable, good faith opinion is likely to result in, (i) the unauthorized availability of any Licensed Picture licensed hereunder as a result of a breach in the content protection measures specified in this Schedule C, (ii) a circumvention or failure of Licensee’s (or its affiliates’) secure distribution system, geofiltering technology or physical facilities, which condition(s) may, in the reasonable good faith judgment of Licensor, result in actual, material harm to Licensor, or (iii) a failure of any of Licensee’s affiliates to implement the requirements set forth herein or the level of content protection security otherwise required pursuant to the Agreement. 2. “Territorial Breach” shall mean a Security Breach that creates a risk that any of the Licensed Pictures will be delivered to persons outside the Territory, where such delivery outside the Territory may, in the sole good faith judgment of Licensor, result in actual, material harm to Licensor. 3. Suspension Notice. Licensee shall use commercially reasonable efforts to notify Licensor upon learning of the occurrence of any Security Breach or Territorial Breach, and shall provide Licensor with specific information describing the nature and extent of such occurrence. Licensor shall have the right to suspend the availability (“Suspension”) of its Licensed Pictures on the platform(s) where such films are being made available at any time during the applicable License Periods in the event of a Security Breach or Territorial Breach by delivering a written notice to Licensee of such suspension (a “Suspension Notice”). Upon its receipt of a Suspension Notice, Licensee shall take steps immediately to remove the affected Licensed Pictures or make the Licensed Pictures inaccessible from such platform(s) as soon as commercially feasible (but in no event more than three (3) calendar days after receipt of such notice). With respect to suspension pursuant to subsections 19(i) and 19(ii) above, Licensor shall exercise its Suspension rights against Licensee only insofar as Licensor exercises such right fairly against all other similarlysituated licensees of similar content in the Territory that are using the same compromised security solution/DRM and any suspension notice delivered to Licensee shall only be effective if it describes with reasonable specificity the reasons for such Suspension. Licensor’s sole remedy against Licensee or the owner of any Licensed Service relating to a Security Breach or a Territorial Breach shall be as set forth in this Section 21 (other than where Licensee and/or an owner of a Licensed Service fails to comply with any of the requirements set forth in this Section 21). 4. Reinstatement/Termination. If the cause of the Security Breach that gave rise to a Suspension is corrected, repaired, solved or otherwise addressed in the sole, reasonable judgment of Licensor, the Suspension shall terminate upon written notice from Licensor and Licensee’s right to make the Licensed Pictures available on the platforms affected by the Security breach or Territorial Breach shall immediately resume.