It's a tricky security problem: how do you let your wedding guests take photos, but make sure none of the photos leak? If you're George Clooney, you collect everyone's phone and give each of them a burner phone just for the occasion, to be tossed away once the big day is over. It's an expensive way around the problem, sure, but if you're a movie star, it's a small price to pay.
The bigger question, tossed around in security circles, is how all this actually worked. Supposedly, Clooney's people had access to all of the photos taken with the burner phones, so they would know who took which photos and would be able to trace back any leaks that came out. Vogue had bought exclusive photography rights to the wedding (donating the fee to charity), so Clooney had reason to be protective of the photos. But as some in the security world have noted, it may not have been an airtight system.
Otherwise, seems simple to elude: Text/email photo to yourself, scrub metadata, delete text and photo from phone, and sell that puppy.— Kashmir Hill (@kashhill) September 29, 2014
Of course, from a security perspective, the race is hard to win anyway. If someone was really dead-set on leaking that million-dollar wedding photo to TMZ, they could have just smuggled in a camera of their own. If the burner phones worked — and Clooney's photo embargo has held, so far — it may be more due to well-behaved guests than airtight infosec.