> they will be able to decrypt every other film that they have a KDM for and we should expect to see more DCP releases.
If you have individually encrypted copies, it would be stupid to not also individually watermark them on the content level. With a bit of targeted key invalidation, this could well be contained to a one time breach.
There is just one encrypted copy, with one key. But that key has many copies, each encrypted with a different copy. The device takes its private key, and uses it to acquire the "master" key, which is then used to decrypt the media.
Of course, every movie release has its own "master" key.
Even AACS on bluray discs can have multiple different copies of some parts of the video to watermark different sets of device keys. I know footage from theaters can be watermarked too, so I'd be very surprised if this distribution method didn't also have some kind of identification.
If you have individually encrypted copies, it would be stupid to not also individually watermark them on the content level. With a bit of targeted key invalidation, this could well be contained to a one time breach.