Harry Potter and the Spoiler of Secrets

If Scholastic has been tight-lipped about their security practices, the printer of the books takes inscrutability to new heights of absurdity.

"I'm sorry, but we have no comment regarding any title that we may or may not be producing. We have no comment regarding any security practices that we may or may not use or contemplate," emailed Doug Fitzgerald, executive VP of marketing and corporate communications at R.R. Donnelly, in a reply to queries about the printer's role in securing the book's contents.

But several media reports name Chicago-based R.R. Donnelly as the U.S. printer of 'Harry Potter and the Deathly Hallows', and ChannelWeb's own investigation leads us to believe that the books were printed at the company's Crawfordsville, Ind. plant.

Furthermore, a source in Crawfordsville presents compelling evidence that whatever security practices R.R. Donnelly may or may not have used, they worked.

"I live on the railroad tracks, and during the month of June the tracks were shaking four or five times a night," said Jim Amidon, the director of public affairs at Wabash College, a small all-men's university in Crawfordsville. "I can tell you there has been almost no rail traffic in the past two weeks, so I'd guess the books are out in the warehouses."

Going by Amidon, this means the first bit torrent leak happened about two weeks after the books left the R.R. Donnelly plant. Someone involved in the book's printing may have sat on their prize for a couple weeks before posting it on the Internet, but it seems more likely that the theft occurred during the distribution phase.

As for security at the plant, Amidon described a tightly controlled environment, where employees weren't allowed to bring in cell phones. Brent Rubeck, owner of Crawfordsville Computers, said employees working on the Harry Potter book used special entrances during the project.

"They don't strip search the employees, but the count the paper that's going into the machines. They don't let them take in lunch pails," Rubeck said, relating what friends who work at the plant had told him.

Rubeck, whose business provides IT services and sales for the Crawfordsville area, said he wasn't aware of any outsourced IT security conducted at the plant. Guessing at how R.R. Donnelly might have locked down their systems during the Potter print run, he said he would have gone as simple as possible.

"You would keep very few copies on a flash drive. Not stored on any servers anywhere, not on any network. I don't care if it's encrypted. Somebody there's got a password. Somebody would download a copy just to bring it home to read it themselves," he said.

Without knowing precisely how R.R. Donnelly runs its production and print processes, information security experts could only offer general guidance for best preventing a leak from the IT side of the house. They argue that the best strategy is a three-layered approach encompassing a document management system, a digital rights management (DRM) system, and data leak prevention (DLP) software.

Document management systems are designed to provide version control and collaboration functionality, but also serve as a secure, access-controlled electronic repository for all of the various drafts and edits. DRM systems are designed to protect entire documents, acting as a "wrapper" that prevents unauthorized users from opening them or legitimate ones from copying them. DLP software focuses on the data in a document rather than the document itself -- while a DRM system might prevent someone from e-mailing a word processor file containing a chapter, for example, DLP software might prevent them from sending an e-mail in which they've retyped a few key paragraphs.

"You have document software for creating, editing, collaborating on the content," said Steve Roop, Vontu's vice president of products and marketing. "You have DRM to protect a specific document that happens to be 769 pages long and 2.5 megs. You have DLP to protect the content of the individual pages and the plotlines."

Meanwhile, media reports painted security measures taken at the U.K. printing plant as decidedly more low-tech -- supposedly the British printers made floor workers labor with the lights turned down to unreadably dim during the Harry Potter run.

NEXT: The Distribution Stage