Q&A: Mark Mulready, VP, cyber-services, Irdeto on the evolving threat to content revenue security

Mark Mulready

DTVE: How much impact has streaming had on the extent of piracy and how big a problem would you say piracy currently presents?

MM: Streaming piracy continues to be the predominant threat to the industry. It comes in various forms. Pirated content is across social media and it is available as video-on-demand, direct downloads, via live streaming sites and through apps and streaming devices available via online market places. Recent studies show that the problem is getting bigger.

I’m co-president of the Audiovisual Anti-Piracy Alliance. We did a study on illicit IPTV in Europe, which is just one of about five delivery methods of illegal content. We estimated that the industry lost US$3.21 billion in 2021 alone due to consumers using these illicit services. The pirates themselves were estimated to have gained over US$1 billion from this activity and the study indicated that 17 million Europeans engaged in consuming illicit content this way.

Another recent study focused on Germany from Vaunet found that 5.9 million people in Germany watched illegal live TV streams in 2022, roughly double the 2018 figure. One interesting thing about this study was that 91% of users said they would switch to legal services if they couldn’t access the illegal ones, and 45% said they would be willing to pay.

DTVE: How has the nature of piracy changed over the last couple of years or so?

MM: Piracy and cybercrime are constantly evolving. In the last five years or so it has all been about streaming piracy. In the last couple of years attention has focused on OTT platforms, which were originally more focused on achieving scale, and maybe didn’t have security as a priority. Pirates quickly learned to exploit weaknesses, often piggy-backing on the operators’ own infrastructure. There are obviously well-known things like password sharing that Netflix has now started to crack down on. You have disabling of stream concurrency limits, and you have the standard piracy technique of ripping and restreaming OTT content. DRM key harvesting and redistribution is a good business model because pirates don’t have to pay to host the content.

DTVE: How big a challenge are forms of cybercrime other than direct content theft to video service providers?

MM: In the last four months ransomware incidents have actually decreased to some extent but there is still a lot of cybercrime. Any broadcaster or operator is vulnerable, particularly to the kind of sophisticated phishing and hacking attacks that we are starting to see. We are involved in educating organisations and doing this as a service to show how to minimise the risks.

DTVE: What challenges are presented by the theft of live content and what do service providers need to do to combat this?

MM: The challenge is essentially one of scale and speed, because the value of live content is highest during the live event itself. Effective online piracy detection and enforcement, requires a technological capability to ingest thousands of pirate streams and very quickly analyse those streams to see if you can detect the source, for example if there is watermarking embedded. Those content sources which are detected can then be switched off. The remaining streams are subject to takedown notices to remove as many as possible during the live event.

Previously we were able to find signposts on the open internet about where the live streams would be made available. Now we need to gather intelligence from open and closed sources. We also help our customers use things like YouTube Content ID and fingerprinting technologies that the social media platforms are already active with. Another important area is that there are hosting companies that either respond very slowly or don’t respond at all to requests to remove pirated content, so our compliance team will reach out to those non-compliant companies to try to get them to act quicker. In some cases it may be necessary to start building a case for legal action against those entities and the people operating them.

DTVE: What more needs to be done at and industry and governmental level to combat piracy and content theft, and how much progress is being made?

MM: There is a gap between the harm being caused and the regulatory and legislative response. We would like to see that gap reduce. We spend a lot of effort informing government and regulators about the nature and extent of the problem. One of the greatest challenges we face is the length of time it takes intermediaries like those hosting companies to remove access to pirated content.

For our industry the Digital Services Act was disappointing because it does not clarify the notion of “the expeditious removal of content”, which is a very nebulous term. Another great challenge is that, even if we do build a case against a hosting company or a pirate website, quite often the registration information for those companies is fake. We were hoping that the EC would do more on that front.

The good news is that there has been cooperation from law enforcement agencies. Interpol has the Stop Online Piracy Project (I-SOP) and Europol also has a dedicated team that has supported numerous actions in recent years. The US IPR Centre has also been very active in recent times. It’s complicated because pirates operate across jurisdictions, but there has been some significant cases which show good co-operation between law enforcement and industry.

DTVE: What are the major tools that service providers need to deploy to minimise the threat posed by piracy, and what balance needs to be struck between preventing piracy in the first place and pursuing those responsible once content theft has occurred?

MM: You need to prevent and detect. To prevent, you need content encryption and DRM, the basics. You need concurrent stream management, code protection and platform hardening techniques. To detect, you also need VPN and proxy detection, and you need to be able to revoke devices. We have also developed good techniques with data analytics using AI and ML to detect anomalous behaviour. You need watermarking, and you need online piracy detection so that once content is being redistributed you can track it back to source. Finally, you need to be able to take down illicit content at speed and scale, and for the most problematic pirates, undertake criminal and civil enforcement.

For legitimate service providers, protecting the brand is also important because a lot of pirate subscriptions are being sold on social media and ecommerce sites. Unfortunately, there is no magic cure and I think everyone understands that. You now have a whole generation of kids who have grown up thinking it’s just fine to take whatever you like from the internet. We must help them understand the value of intellectual property and why it’s worth protecting and paying for.

This is sponsored content.