Harry Potter and the Spoiler of Secrets

The Editing and Design Stage
Scholastic would not return calls and emails about the security in place for this period. But a detailed -- if somewhat breathless -- account of the security process appeared on Time magazine's Web site on June 27, complete with a timeline documenting the basic chain-of-possession for Rowling's drafts from her home in Scotland to her American editors in New York and back again.

What the Time story doesn't tell us is that Time's parent company, Time Warner, has a huge stake in the Harry Potter franchise. Warner Bros. Studios produces the Harry Potter films and the media behemoth also distributes them.

Security guru and Counterpane CTO Bruce Schneier suspects that when it comes to the hype surrounding 'Deathly Hallows' security, the hype may be a lot more important to the owners of the franchise than the security.

"There not going to lose any money over this, it's just going create buzz," said Schneier, referring to the original bit torrent leak. "But you have to pretend like you care, because it's all marketing."

At the very least, the Time magazine article should probably be taken with a grain of salt.

That said, several details emerge from the Time story. For most of this period, very few people had access to drafts of what would become the 'Deathly Hallows' manuscript. These included Rowling herself, her main American editor Arthur A. Levine, her continuity editor Cheryl Klein, Scholastic lawyer Mark Seidenfeld, artist Mary GrandPre and a few others. In delivering drafts from Rowling to this small group of people and back again, the publishers apparently decided that using human couriers carrying printed pages was safer than sending files over the Internet.

But the fact that this method worked -- there's no evidence anything was leaked during this period -- doesn't mean it was the smartest from a security standpoint.

On at least two separate occasions, according to Time, Scholastic flew individuals to the U.K. to collect hard copies from Rowling in person. But this approach may actually have been less secure, as a practical matter, than electronic delivery. Though it may seem counterintuitive, the physical documents were probably more likely to be lost, stolen, or copied in transit than an encrypted digital file sent over the Internet.

"Securing that type of information within a digital communication is something that's pretty easily achieved today," said Devin Redmond, director of security products and strategy at Websense, a vendor of data leak protection and Web filtering software. "I couldn't see the security benefit in sending someone in person. They may have had some specific reason for doing that, but I don't see it."

The Time piece doesn't detail the stage at which the Scholastic team began working in a digital format to prepare the final manuscript for print, or what kind of IT security was in place to protect this process, if any.

But ChannelWeb has learned that Scholastic is still in the process of investigating different data leak prevention software options, leaving it unclear what IT precautions it may have in place now.

"From a prospects level, we have been in talks with Scholastic," a spokesperson for data leak protection vendor Vontu told CRN. "They're definitely investigating solutions right now, but we don't think they have a vendor in place. They may be 'piecemealing' or using other kinds of security."

NEXT: The Printing Stage