By Steven Hawley, Piracy Monitor
Human nature keeps coming up with new ways to beat the system, especially when there’s demand for it. Everyone wants to see their favorite sports team win the match and go on to win the season. Especially if you can carry live coverage right to your seat in the stadium. And if your favorite provider happens not to have an app for that, your average sports fan can easily find it. And pay less for it. And that’s a problem.
Adding to that concern is that the problem is a moving target. Sure, the rights-holder can offer a live video app, but it takes time to develop, secure and test. Sure, the rights-holder can report an illegal stream to the authorities and in some cases, get it blocked – but before the match is over? Sure, the rights holder can limit the number of users per household with access to an account. But piracy’s still a problem.
Piracy Monitor sat down with Mark Mulready for an update on where the threats are coming from these days, and what’s being done about it. In addition to his years of experience in law enforcement and the legal industry, Mark is head of Cyber-services and anti-piracy for Irdeto, a security technology provider that’s part of Africa’s largest media company, and served for eight years as Co-President of AAPA (the Audiovisual Anti-Piracy Alliance), the UK-based, European-focused organization.
Illegal access to streaming
Looking at the more traditional threats, streaming providers have cracked down on password sharing by detecting and enforcing the number of people or devices accessing an account.
But in response, access fraud has moved upstream in the delivery chain. “ The pirates have shifted their focus to CDN leeching,” said Mr. Mulready. Streaming service providers are being exploited by commercial pirates that create scripts which extract the access keys from digital rights management (DRM) platforms. They then redistribute the keys to enable others to access the content.
“In addition to enabling unauthorized access, the other challenge is that these pirate users are sitting on the same CDN as the legitimate subscribers and therefore are consuming excess bandwidth,” he said. “In essence, this leeching off of the CDN reduces – or even eliminates – the cost of transport for the pirate, and illegal rebroadcast still occurs because security practices have been bypassed.”
Evolving best-practices
“If you think about the history of OTT (aka streaming), security was not the highest concern with early implementations. Instead, streaming was a land grab. As streaming businesses have matured, providers have been more cyber-security aware, they have been putting stronger security in place to prevent leaching, leaking and password sharing,” said Mr Mulready. “We’re still early in the journey because there are still satellite-IP hybrid boxes in which the traditional chip-sets are compromised and control-word sharing is still an issue. But the pure IP-video side has steadily improved.”
Legislative remedies
Anti-piracy itself has also evolved. One example is site blocking, which is increasingly important and now supported by law in more than 60 countries globally. But blocking is more than a legislative project: blocking must happen quickly, while an event is in progress; or why bother? In Italy, all eyes are on the country’s Piracy Shield, an incident ticketing system which notifies ISPs of infringing streams and gives them 30 minutes to block those streams.
“Now AGCOM is proposing to extend Piracy Shield to include DNS proxies and piracy over VPNs” said Mr Mulready; “because that’s the reality of how pirates circumvent blocking today. It may be a work in progress but holds a lot of promise. Another legislative example is a recent bill introduced to the US congress by Zoe Lofgren, which also includes obligations for DNS resolvers and would be run through the US court system. Both of these look like excellent models to reduce access to piracy online” he said.
The impact of AI
‘Artificial intelligence’ has actually been in use for service protection since long before it was called ‘AI.’ “Modern security platforms use multiple models to detect and flag anomalous use – such as thousands of attempts using the same password, or an impossible number of requests for the same programming – so the video provider can deal with it; such as by stopping the stream or by forcing the user to reset their password.
“Some pirates offer scripts, commercially, to give access to DRM keys from various streaming providers. With AI, a platform can gather intelligence about scripts that pirates use and then use AI to recognize when a script is running,’ said Mr. Mulready.
[ End of Part 1 – Click here for Part 2 ]
Note: Irdeto is a supporting sponsor of Piracy Monitor. However, Piracy Monitor maintains editorial independence and makes no vendor endorsements.
