By Steve Hawley
We continue and conclude our conversation with Chris Odgers, beginning with how a studio might protect itself against cyberattacks. Attacks on IT and communications infrastructure – not to mention against media providers – by commercial and industrialized pirates and even by nation-state actors has become well documented. Mr. Odgers worked in Business Technology roles for 20+ years at Warner Bros. and later with WarnerMedia, and is presently an industry consultant (Read Part 1).
Cloud as a game-changer
The migration of video production and distribution to the cloud has also increased the media industry’s focus on security. Before the cloud, content could be delivered to a secure facility and transferred to an air-gapped network (isolated away from outside connectivity), but with the cloud, correct systems configuration is key. It’s critical to have a formal content onboarding process with role-based access.
According to Mr. Odgers, “When you’re dealing with preproduction materials, everything may be watermarked individually, and you give each vendor as little as possible to work with, so if they are doing foreign language dubbing, they may get a copy of the movie that only has mouths in it.” This way, a translator can see the mouths moving and hear the dialog, but the material they have is of far lesser value than a complete copy of the content.
Attack points that concern the Studios
For a studio, a major concern is camcording of a theatrical release, in which case, a digital cinema watermark can allow tracing back to where and when it happened. A watermark on an electronic release can also be used to identify the distribution channel. Content may also be stolen at the HDMI output of a pay TV or streaming consumer device, which is why the studios typically demand the latest version of HDCP for their most important content.
To minimize the likelihood of theft within a video service platform, studios also expect pay TV operators and online video providers to use industry-accepted conditional access and digital rights management platforms, which support a wide array of usage models and devices.
In a piracy investigation, the focus is on initially how the pirate obtained the copy. Investigators want to know whether the pirate hacked the physical device and obtained the compressed content, which would be bit-for-bit identical to the source material, or whether the content has been transcoded, resulting in a degrading of the quality.
Bit-by-bit comparison between the original source material and pirated copy can also help narrow the range of leakage points. For example, comparing the suspect copy with the original source from a streaming video provider can help determine whether it was stolen from a device with a compromised DRM system, or perhaps the backend before it was even encrypted. If there is no watermark, it may indicate that the copy came from a Blu-ray disc.
Attention to detail
If there’s any one take-away from my conversations with Chris Odgers, it was the importance of attention to detail. While distribution licenses might seem to have little bearing on anti-piracy, they are the vehicles that provide the specific guidance.
One example is ensuring that distribution is limited to the licensed geographic territory (geofiltering). While it helps to know an end user’s IP address when doing territory verification, another useful check is to verify that a credit card used for payment has a billing address and/or was issued by a bank in the licensed territory. However, IP addresses can be insufficient because the user may be using a VPN to mask their true location, unless the IP address is checked against a very recent “blacklist” of VPN provider IP addresses. The address should be checked not only when a user logs into a service, but also during streaming, in case the user drops the VPN to improve their streaming performance.
Another example applies to UHD content. “Not only should there be a requirement for HDCP 2.2 protection support at the video output, but there’s a particular bit setting that needs to be specified in the agreement, so if someone takes that output and runs it through an HDMI repeater, the HDCP protection isn’t downgraded to Version 1.X.”
Actions against instances of piracy have become selective over time, giving priority to ‘industrialized piracy’ conducted by commercial actors. “That’s not to say that a studio won’t pursue an individual who posts a pre-release screener online, but that’s a different scenario than we saw 15-20 years ago, when the music industry got so much negative press around numerous lawsuits against minors for music sharing.”
Furthermore, licensees tend to be very diligent in adhering to business terms and protecting content. “It’s really rare to have a case where a distributor violates material licensing terms because it can jeopardize their license.”
Piracy Monitor thanks Chris Odgers for his perspectives. In upcoming articles, we’ll be speaking with others for a look at the concerns of sports leagues and broadcasters.