Video piracy is predicted to cost $52bn in lost revenue by 2022. Content creators and technology providers need to fight more effectively than ever before
Words by David Davies
In the course of this interview, Akamai director of media product marketing, Ian Munford, refers to the battle against piracy as a “silent war”. It’s hard to disagree as the number of ‘fronts’ in this war continues to expand with the use of online video services increasing constantly around the world.
At the most fundamental level, content creators face two categories of risk: relatively casual, between-consumer sharing of content; and extensive, criminally-organised piracy operating on a national or international scale. Although the nature of impact is different, collectively they pose a massive challenge – especially at a time when new production techniques and formats are contributing to accelerating cycles of investment, especially for conventional broadcasters.
There is no shortage of research to illustrate the scale of the problem. According to a Digital TV Research report, video piracy will cost the industry $52 billion in lost revenue by 2022. Another study, undertaken by Parks Associates, forecasts that in 2021 $9.9bn of pay TV revenues and $1.2 bn of OTT revenues will be sacrificed to credentials-sharing alone.
By its very nature, the problem is – and will remain – a moving target. “As companies deploy technology to prevent attacks in one area of their business, threat actors will find another way of achieving their goals,” notes Munford.
So, for content creators and their technology partners there is a continual need to pursue an effective dual strategy: ensuring they suppress existing threats, and working to add capabilities that allow potential emerging risks to be conquered.
Josh Smith, director of the TV Services Division at football governing body FIFA, underlines the extent to which major organisations must take an all-encompassing approach to content protection, that also takes account of the changing viewing patterns of sports fans.
“FIFA, like all premium sports rights holders, takes content protection and piracy concerns very seriously,” says Smith. “We work with a number of leading companies in the areas of satellite encryption, internet streaming and social media rights protection to ensure that FIFA’s IP is well-protected across all content delivery mechanisms. As these evolve – eg 5G – we expect fan expectations to increase; they will want to be able to see content whenever/wherever they like, and FIFA is working hard to ensure that fans find legitimate content as quickly and efficiently as possible.”
The organisation has extensive ‘where to watch’ promotions on its own and third-party platforms, and works with broadcasters “to minimise the number of steps” required for fans to access official content. “The nature of content protection for premium sports,” adds Smith, “will always be an evolving challenge that is best addressed with a combination of market-leading anti-piracy technologies, alongside innovative initiatives to serve fans with legitimate content in an efficient way.”
Among the leading vendors currently addressing informal sharing is video software provider Synamedia, whose Credentials Sharing Insight solution was launched at CES 2019. Citing research by Magid that 26% of millennials share passwords for video streaming services, Synamedia has responded by devising a solution that uses AI, behaviour analytics and machine learning to identify, monitor and analyse credentials-sharing activity across streaming accounts. Unusual activity can be monitored and addressed, including by upselling to accounts whose sharing exceeds a predefined threshold. The solution can also be used to detect and shut down large-scale, ‘for-profit’ sharing.
Credentials Sharing Insight is the latest addition to Synamedia’s VideoGuard portfolio, which is used to secure pay TV operators’ broadcast and streaming content, services and revenues worldwide. And Avigail Gutman, Synamedia’s director of intelligence and security operations, indicates that delivering content protection is inherently an evolving business – particularly as piracy has morphed into a more extensive ecosystem.
“In the old days, a pirate network included someone at the top of the pyramid who was entrepreneurial,” she says. “Hackers would create some software illegitimately and there would be a network of dealers who would sell pirated devices. It was a challenge, but if you could take down the top of the pyramid [technically or legally] everything under it would crumble. Now it’s much more of an ecosystem in which not all of the players are pirates; there may be legitimate businesses involved who are not aware there is illegitimate activity happening in their realm.”
By way of example, Synamedia video security product manager, Rinat Burdot, points to legitimate cloud services handling the content, or mainstream payment services who process fees. As a result, there has to be a significant emphasis on making official providers aware of the problem, as well as action aimed at “demotivating every player in the chain”.
An evolution As download tech develops, so too will viewers’ expectations of how and where they can access paid-for content
Beating the bots
In terms of specific current cyber threats, Munford alludes to DDoS attacks, ransomware attacks, phishing attacks on IT systems – and bots: “In October last year, Akamai identified and prevented more than 196 million bot attacks aimed at the professional video industry in one day!”
Moreover, the reasons behind these attacks can vary dramatically – ranging from “organised gangs stealing viewer information for a profit, through to nation state attacks for more political reasons”.
As a leading content delivery network and cloud service provider, it is clear that Akamai pursues a truly holistic approach – Munford describes it as a “zero trust philosophy” – to planning and executing content protection.
“The goal of the approach is to prevent any service disruption, loss of data and, of course, content,” he explains. “To illustrate this approach, we advise customers to look at infrastructure security solutions like firewalls, DDoS protection, bot protection and origin-shielding solutions to safeguard against different types of infrastructure security issues.
“We also suggest customers look at viewer data protection technologies like customer identity management, privacy controls and fraud protection to safeguard sensitive and personally identifiable information (PII) data.
“Last but not least they would need content protection solutions, such as tokenisation, media encryption, geo or IP-based restrictions to safeguard themselves against content piracy and link sharing, and to ensure rights obligations are met.”
All this should enable users “to discover pirates or thieves, prevent their activity and enforce the right action”, says Munford.
Mix and match Combatting piracy requires a mix of solutions for providers and content creators, such as bot protection
A dissenting voice?
If the long-term outlook appears bleak, some observers do believe there is cause for optimism.
A technical representative of a European broadcaster who wished to remain anonymous observes: “Since online access to video content has become much easier and affordable – think Amazon Prime, Netflix and Apple – and content piracy protection on online platforms, such as YouTube and Facebook, has become much tougher, the effort of finding an illegal copy is often much higher than the immediate costs to legally obtain a copy. Additionally, user side copy protection of satellite, terrestrial and cable feeds has become more effective through better encryption (NAGRA, etc), digital interfaces (HDMI 2.0 with HDCP instead of analogue signals) and multi-DRM strategies.”
The history of piracy tells us that, even if one aspect of the problem is reduced or even beaten, a new facet swiftly emerges. The urge of some people to steal or share content they do not own seems unlikely to disappear any time soon, meaning content creators will always welcome new initiatives that can help them safeguard their assets.
Confronting ‘bad actors’
A recent example cited by Akamai’s Ian Munford illustrates the kind of action that can be required to combat full-scale network attacks: “A well-known broadcast network became the subject of a credential stuffing attack in which hundreds of malicious login attempts were successful because they were masquerading as legitimate traffic. These logins gave the bad actors access to user accounts and the network’s premium content. Of course, when a criminal organisation gets access to viewer accounts, their details will be exploited for a range of purposes. Details could be used to directly pirate content, sold on the dark web, or be used for direct financial gain.
“At the time, the network did not have the proper safeguards in place to defend against this type of attack. In extremely short order, Akamai was able to work with the network on an emergency deployment of our Bot Manager Premier (BMP) solution, which can detect bot activity being disguised as human interactions. Once live, BMP immediately detected nearly 300 bots and subsequently denied more than 1,000 malicious login attempts. Not only did BMP prevent any further malicious logins, bot traffic dropped dramatically once it was recognised that Akamai was denying the traffic.”
This article originally featured in the July 2019 issue of FEED magazine.