Meetups

Encryption, DRM & C2PA Provenance, what we learned at Qualabs Tech Meetup

Encryption, DRM & C2PA Provenance, what we learned at Qualabs Tech Meetup

Summary

"The latest Qualabs Tech Meetup explored the challenges of encryption, DRM inefficiencies, and media authenticity in the AI era highlighting innovations like Envelope Key Management and C2PA. This recap covers the key insights and solutions shared by David Eisenbacher & Fabian Cancela."

We gathered once again for another edition of the Qualabs Tech Meetup, moderated by Nicolás Levy. This time, the spotlight was on video security and content authenticity, two topics more relevant than ever in today’s hyper-connected, AI-augmented media world.

The session, “Encryption, DRM & C2PA Provenance”, featured two standout talks from David Eisenbacher, CEO of EZDRM, and Fabián Cancela, Media Solutions Manager at Qualabs.

Rethinking DRM and Embracing Envelope Encryption

David Eisenbacher opened the meetup with a bang. In a highly detailed and engaging presentation, he broke down the misconceptions around DRM and explained why video platforms are misusing it as a “wrench” to solve encryption problems it wasn’t meant to solve.

David walked us through the fundamentals of encryption just hiding what you're trying to present” and emphasized the distinction between encryption and DRM:

“DRM is not Digital Encryption Management. It's Digital Rights Management. It's about access, not encryption.” - David Eisenbacher

Today, many platforms embed encryption keys within DRM licenses. But David made it clear: this approach is bloated, inefficient, and risky, especially as platforms try to scale across a fragmented ecosystem of devices, from legacy smart TVs to brand-new tablets.

So… what’s the fix? Envelope Key Management

David proposed decoupling DRM and encryption by introducing an Envelope Encryption architecture—essentially, two separate requests:

  • One for the DRM license (rights, playback, restrictions)
  • One for the content encryption key (actual decryption)

Why it works:

  • Granular key control (per-user, per-region, per-device)
  • Lighter compute cost at the edge, thanks to math-based encryption instead of license-based workflows
  • Compatibility even with older hardware: “This worked on my 12-year-old Tizen smart TV.”
  • High scalability: No need to re-issue licenses just to rotate a key

“If you’re using the same key for everyone, you’re giving everyone the same lock. You just need one leak.”

David even referenced post-quantum encryption support as possible when encryption is decoupled from license frameworks that limit cipher choice.

David talked how envelope encryption was tested under worst-case scenarios assigning a unique encryption key to every segment of audio and video and still performed seamlessly. “If it works on that old TV, it’ll work on pretty much everything.”

He closed with an analogy to HTTPS adoption: "At first, it was expensive and slow. Now it’s table stakes. We're seeing the same with encryption in video."

Fighting fake news with C2PA and media provenance

Fabián’s talk shifted the focus from delivery to credibility a growing concern in a world flooded with manipulated media.

He opened with a deepfake-like fake news clip banning asado and truco in Uruguay, using humor to make a real point: “The speed at which synthetic media is created has outpaced our ability to verify it.”

Enter C2PA: The Content Credentials Standard

C2PA (Coalition for Content Provenance and Authenticity) is an open standard for attaching signed provenance metadata to media assets, developed by Adobe, Microsoft, BBC and others.

Fabián explained how it works:

  1. Content is created or captured.
  2. A manifest is generated, describing:
    1. Who created it
    2. What device was used
    3. Location, timestamp
    4. Modifications (AI, color correction, cropping)
  3. The manifest is digitally signed and bundled or linked to the asset.

The idea is to track the content’s entire life from camera to consumer so users, platforms, and journalists can verify its authenticity.

VOD vs. LIVE: Provenance in Motion

While C2PA is relatively straightforward in VOD workflows, applying it to live streaming introduces a whole new level of complexity. In live environments, content is generated and consumed in real time, segment by segment.

“It’s not enough to verify that a segment has provenance you need to confirm it belongs to the stream you were already watching.”

Fabián used a great analogy: “It’s like a card suddenly appearing in the middle of a game you have to make sure that card actually belongs to the deck you’ve been playing with.”

In live streaming, it's essential to validate not only the authenticity of each video segment, but also its continuity and contextual relevance to the live session. This adds new technical requirements around segment-level signing, cryptographic anchoring, and real-time manifest injection without increasing latency.

Not One-Size-Fits-All: Designing Provenance Like ABR

One of the key takeaways from Fabián’s talk is that there won’t be a universal model for provenance different use cases will require different levels of verification.

“Potentially, we will design our provenance the same way we design our ABR ladders. We pick the right profile that best satisfies the dominant constraint of the specific live workflow such as audit depth, startup time, device budget, or ad-insertion flexibility.” - Fabian Cancela 

Just like we choose encoding profiles for different devices and bandwidth conditions, provenance profiles will need to be adapted to each type of content flow:

  • Lightweight, fast-start profiles for mobile users or social platforms.
  • High-integrity, audit-focused profiles for journalism, regulatory compliance, or enterprise environments.

The future of media trust will depend not on a silver bullet, but on choosing the right tools for the right workflow.

Final Takeaways

This meetup wasn’t just a technical deep dive it was a clear call to modernize how we think about video security and authenticity.

  • David Eisenbacher showed us how traditional DRM strategies are hitting their limit, and how envelope key management can scale security while reducing risk.
  • Fabián Cancela reminded us that trust in content is now just as important as protecting it and C2PA is a serious step forward in that fight.

Whether you’re building a new streaming service, handling sensitive video archives, or working in news and journalism, the future of video depends on both protection and trust and this meetup gave us tools for both.

See you at the next Qualabs Tech Meetup!

A big thank you to David, Fabián, and Nicolás Levy for making this event possible, and to all who attended both in person and online.

🔗 Full video replay available on the MonteVIDEO Tech YouTube channel

Subscribe and be part of the Qualabs’ community!

A newsletter delivering cutting-edge tech updates, industry innovations and unique experiences from Qualabs' perspective!

Stay up to date on the latest trends and stories shaping video tech.

Check our last editions!

Touchpoints that Matter: Building Lasting Relationships Beyond Transactions

Touchpoints that Matter: Building Lasting Relationships Beyond Transactions

Micaela Hornblas

Micaela Hornblas

Head Growth & Marketing
The Shadow Resource Model: Building Resilient Dedicated Teams at Qualabs

The Shadow Resource Model: Building Resilient Dedicated Teams at Qualabs
Contribute with purpose: Why Summer Project is changing how we build in video tech

Contribute with purpose: Why Summer Project is changing how we build in video tech
view all posts!

Want to know more?

TALK TO OUR SPECIALISTS!
  • Email: info@qualabs.com
  • Phone: +598 2708 5252
  • Address: Av. Brasil 2371, Montevideo, Uruguay

©2025. All rights reserved