NAB Show Recap: New Dimensions of Piracy and the Three Pillars of Protection
The rise of IP video distribution and OTT services has changed the face of content piracy and created new opportunities for both sides, as the same infrastructure and tools that have revolutionized video distribution and enabled an explosion of content have also been exploited by pirates for illicit redistribution. At the recent NAB Show, I had the opportunity to lead a session on how the wide-spread issue of piracy requires multi-dimensional solutions and ever-increasing technical means.
Piracy is a complex problem with no single solution or magic bullet; however, the good news is that it can typically be managed by taking into consideration four clear fronts. The first three – legal/legislative measures, education, and business models that discourage consumption of pirated content – have existed since the dawn of pay TV – while the fourth comprises of technical measures to combat piracy in line with the evolving way pirated media content is both created and consumed.
On the legal front, there are some very active organizations attacking piracy by geographical or industry sector: Europe has the Audio-visual Anti-Piracy Alliance (AAPA) and Asia has the Asia Video Industry Association (AVIA), previously known as Cable and Satellite Broadcasting Association of Asia (CASBAA). Both of these have roots going well back into the control word and card cloning eras, but more recently the Alliance for Creativity and Entertainment (ACE) set up a body in the U.S. to expand on anti-piracy activities conducted by the Motion Picture Association of America (MPAA) which represents the major Hollywood Studios. These organizations made up largely of content owners have been quite effective, especially against the big organized piracy groups often operating internationally.
They are also tackling providers of technology, including the infamous Kodi boxes, that facilitate access to pirated content and illicit redistribution. For example, ACE, which is backed by Netflix, Amazon and Disney among other members, has stepped up its offensive against individuals supplying repositories and Kodi "add-ons" that can deliver unauthorized movies, TV shows and live programming feeds. ACE secured one major victory in September 2018 when TickBox, a firm accused in the U.S. of selling streaming devices enabling illegal access to TV channels and other video content illegally, agreed to pay $25 million and cease all piracy-related activities.
The second anti-piracy front of education has also assumed a new dimension in the IP era because content can be stolen so subliminally through so-called IPTV packages dressed up as being legitimate. With professional packaging, marketing and convenient billing via a credit card or PayPal, it may not be immediately clear that a service is illegal. Consumers can easily be – and often are – in denial that they are accessing pirated content. There is therefore a pressing need to raise greater awareness that these models are illegal and bring risk of prosecution, as well as cause damage to the content industry. At the same time education has another audience - regulators, policymakers and prosecutors who until now have often shied away from chasing pirates, deterred by the complexities involved, unclear regulations and the difficulty in securing convictions.
Education is closely allied to the business model, which should encourage legitimate content consumption through a range of packages that collectively appeal to people with different attitudes and abilities to pay. In the case of pay TV, casual sharing of passwords among friends and family to OTT services has emerged as a significant cause of revenue loss over the last few years, particularly in the context of live sports streaming. Although some services limit access to just two or three simultaneous streams, friends will often share these packages among themselves when for example they support different teams in a sporting league and so do not tend to watch the same events.
Now, some video technology vendors have come up with a product targeting customers who share their credentials. The idea is to apply a combination of gentle stick with attractive carrot, making users aware that the activity has been detected while offering affordable upgrades to packages that make this legitimate, even spiced with offers to add value to the sharing in some way. This is likely to prove more effective than just warning the customer that unusual account activity has been detected and shutting down access temporarily until passwords have been changed, which just disrupts the sharing and possibly alienates paying customers.
Then there is the fourth front of technical defenses and that of course is where the traditional video revenue protection vendors come into play. Such measures can be sub-divided under the three pillars of prevention, monitoring and traceability.
For many years, pay-TV security was largely about prevention, involving authentication of users or devices, management of entitlements and content encryption. It was implemented using conditional access (CA) or digital rights management (DRM) in its core to prevent leakage of content to unauthorized users during transport and storage.
The second technical layer of monitoring is the most recent addition to the revenue security armory. It has become increasingly important for obtaining early warnings of attacks and clues to changing or evolving methods of piracy. This is possible because monitoring does not just entail looking for stolen content on the web but also tracking the behavior of every subscriber. Leading content protection providers are in a position to analyze millions of transactions in each operator head-end, eventually spanning hundreds of pay-TV operators worldwide. They can then apply machine learning techniques to identify patterns of anomalous behavior, piracy or security attacks (see example below.) Monitoring also complements the third pillar of traceability because unless a breach can be either detected or even predicted in the first place, no further investigation is necessary.
Traceability is the third technical pillar which again has become essential in the era of content redistribution because visibility over specific streams is otherwise lost when they leave an operator’s network to traverse the general internet. Without traceability, there would then by no way of tracking these illicit streams back to their source so that actions such as takedown can be invoked. Forensic watermarking, which had already been deployed fairly successfully in digital cinema for identifying theatres from which pirated “camcorded” copies had originated, was quickly identified as the only available mechanism for labelling and subsequently identifying illicit streams imperceptibly to the user.
Furthermore, all of these defenses are playing increasingly within a larger security framework orchestrated from the cloud. This enables monitoring to be combined with machine learning to enhance the innate protection against threats that are either unknown or have not yet occurred, through detection of signals of those attacks. The other advantage of deploying security in the cloud is that software can be updated, and patches issued quickly, automatically and globally so that vulnerabilities can be extinguished everywhere as soon as possible.
A layered security system like the Verimatrix Secure Cloud can be deployed as a SaaS with the ability to gain early warnings of attack by monitoring suspicious behavior on a global scale. Our Secure Cloud supports the three pillars of security by enabling flexible access to VCAS and Verspective software solution stacks of any configuration and scale with additional forensic video watermarking and anti-piracy monitoring capabilities to further prevent revenue leakage. Such activity would otherwise be difficult or impossible to detect purely by traditional security systems deployed on an internal data center.
I encourage you to read my full paper, “The Changing Face of Piracy,” for a more in-depth look at the three pillars, including a close examination of acceleration, attacks and challenges affecting forensic watermarking. You can also visit the Verimatrix website to learn more about our Secure Cloud and our monitoring and forensic watermarking solutions.