Your browser is not supported. Please update it.

28 November 2019

VO accidentally says “anti-piracy is easy, you don’t need us”

There is no hiding from the exacerbation of piracy – with 2019 seeing illegal practices wreak havoc, particularly on live sports and none more so than beIN Sports. With the arrival of new content formats, new hacking techniques and a shifting trend from open to closed piracy, we turned to Viaccess-Orca this week for some advice on how to weather future piracy storms.

During a webinar called Defining and Executing a Piracy Management Strategy, it wasn’t long before Faultline had a bone to pick. While laying out a three-step process to anti-piracy strategy, Viaccess-Orca’s CSO Dr. Guillaume Forbin, formerly of OSN and Disney, casually said that operators could easily build an anti-piracy intelligence system in-house to identify weaknesses within their TV architecture. If that’s the case, then what does VO bring to the piracy fight?

VO’s Director of Marketing Security, Kevin Le Jannic, swooped in, backtracking on precisely how “easy” it is to build an anti-piracy intelligence system. He pointed to a topic not covered anywhere else in the webinar, such as the arduous process of registering on various anti-piracy forums and uncovering what’s really behind a pirate offering. Critically, he said all this without addressing exactly how VO, with all its years of experience in conditional access security, is adapting its product portfolio to tackle increasingly intelligent content piracy set ups.

To answer this ourselves, as VO didn’t, we have to dive into what the Orange-owned company describes as the anti-piracy toolbox. Clearly today, CAS and DRM systems are not enough, which is why operators and broadcasters need software techniques like watermarking, password sharing identification, geoblocking and VPN detection, as well as physical assets such as a security operations center, educational efforts and the means to pursue legal actions.

From a holistic perspective, we see an industry torn between prevention versus takedown. While something like geoblocking is a must-have for prevention, watermarking is the most called-upon technique for removing illicit streams.

But unlike a full anti-piracy intelligence system, watermarking is hard to deploy, according to VO (finally, some answers), noting that illegitimate set tops based on card sharing can decrypt satellite feeds and bypass watermarking. For this, the webinar highlighted the importance of renewability in the watermarking cycle, specifically in the protection of live sports. Once a watermark is activated in the operations center from CAS/DRM commands (across IP-connected devices and cable or DTH set tops), a video crawler is used, and data is passed to a watermark extractor for analysis of video extracts. Here, the watermark is detected, and the source of the illicit stream identified, from where the operations center can go about revoking devices, as shown in the diagram.

Of course, the process of removing an illegal website is a challenge in itself. Without the sufficient data to prove content is being pirated, difficulties will arise, and maintaining close ties with local authorities certainly helps here.

That said, Jannic referenced Sky and BT in the UK which recently combined IP blocking and watermarking, while working tightly with local bodies, in a project resulting in a 7% to 12% reduction in use of illegal sites.

Circling back to Forbin’s three-pronged anti-piracy strategy, he outlined Risk Assessment, Security Monitoring and Remediation as the cure to a problem which has robbed Qatar-based beIN Sports of $1 billion at the hands of professional content piracy outfit beoutQ, including some $440 million in revenues in France alone, costing 300 staff their jobs.

Forbin spent most time covering the risk assessment stage, including identifying threats, objectives and the tools available, while security monitoring is mostly about ensuring sufficient data is collected to tackle pirates, at the same time making sure to protect at the content level as well as the pure security level.

Remediation meanwhile involves implementing CAS/DRM countermeasures, IP/domain blocking, DMCA (The Digital Millennium Copyright Act) takedown, legal actions, and reinforcing legal actions.

The most notable takeaway from the webinar was not anything that Viaccess-Orca said, but what it didn’t say. Faultline sat through an hour-long presentation and even offered the vendor the chance to fight its corner, yet not once was one of its own products or services mentioned.

A missed opportunity to plug and brag. Notably, parent company Orange is now using security agents from VO within both its legacy Linux-based set tops and new Android TV set top from Sagemcom. The latter is using powerful hardware-based content protection mechanisms.

Outside of its comfort zone, VO formed an intriguing partnership earlier this year with French research institute b<>com to tackle redistribution of illegal services through the development of unique watermarking for tracking pirates. This involved building a flexible tracking algorithm enabling digital marking of video streams (including 4K) regardless of what device is used, with VO contributing its expertise in content protection and pirate stream analysis.

Another opportunity was missed in providing an update on this partnership, as well as the breach detection techniques which had recently been developed when we last spoke to VO back in February in Mobile World Congress. This allows operators to surface anomalies, revoke devices and even help customers take pirates to court. Of course, there were time constraints but there’s no glossing over the missed sales pitch.

As for what to look out for, Jannic warned that new hacking techniques designed to trick anti-piracy algorithms into seeing or not seeing things will becomes more prolific, as will the transition of piracy from open to closed, for example content sharing proliferating within closed WhatsApp groups which are encrypted.

We’ll be eyeing an overdue update from VO in the new year.