A tech and ops debate at the MENA Anti-Piracy Conference

With the threat of piracy evolving alongside the rapid pace of innovation, protection of valuable content has become far more fundamental than ever before. If broadcasters are to combat illegal content distributors, they must rely on advanced mechanisms and create windows of disruption to oust pirates from their position. This was echoed by the tech panellists at the BroadcastPro ME Anti-Piracy Conference last month.

Titled ‘Fighting Back: Using Technology to Shield Media Assets’, the second panel discussion, moderated by Ahmed Abbas of DigiSay, addressed the need to shield media assets using technology. The panellists for this session were Dr Guillaume Forbin, Director of Platform and Content Security at OSN; Sumit Suri, MD & CTO of U-TO Solutions; Dr Naser Refaat, CTO of Rotana Media Group; and Frank Poppelsdorf, VP of Product Management at Irdeto.

Abbas opened the discussion by asking Poppelsdorf to elaborate on how Trusted Execution Environments (TEE) and conditional access have been used in a scalable way at Irdeto.

Poppelsdorf said: “We deliver a cardless solution to operators, in order to reduce the logistical costs related to smart cards, but we also ensure maximum security for their content by implementing a dedicated execution environment in the chipset. Some people think that TEE is secure enough for cardless CA solutions, but in fact this is untrue in common practice.”

According to him, a digital rights management (DRM) system can be secure enough on a TEE because of its two-way connection.

“In such a scenario, the stream is easily traceable. However, within a DTH or a satellite environment, where there is more than one signal to many streams, providers might struggle to detect piracy if a TEE used by a cardless CA client is breached. Irdeto focuses on ensuring the highest level of security in the hardware of their cardless solution, to protect operators from piracy,” he added.

Abbas then turned to Dr Forbin, asking him to elucidate OSN’s strategy and security approach.

“It’s crucial to deploy state-of-the-art security to make sure STBs, apps or other receiving devices – including third-party distribution devices – are well protected. There are several ways to protect devices and premium content, but adopting a comprehensive approach addressing all distribution end points and investing in the best technology to combat piracy are essential to protect a distribution platform,” he stated.

Forbin added that OSN has created its own solutions to help detect and take down pirated materials.

“The OSN approach includes advanced piracy detection and enforcement tools, usage of the best possible technologies to protect the OSN platform and devices, but also anti-fraud measures to deter pirates from accessing and redistributing OSN premium content.”

When asked to propose the most efficient method for companies to track down pirates, Suri of U-TO Solutions said: “Taking down all the pirates at one go is a Herculean task. It’s about categorising a piece of content as illegal and trying to cause disruption within it. Take for example a live event. If I’m able to cause disruption during a live event and create an inconsistent experience for users, they’re going to want to look for alternatives.”

While disruption remains key for service providers, he stated that there are “ways and means of creating an inconsistent user experience” that compel users to seek a reliable, legitimate service.

“That doesn’t imply making them pay a premium for it – if you can create disruption, you can get users to move to a legal platform.”

The panel then discussed the effectiveness of blockchain in combating piracy.

Dr Refaat endorsed it, stating that “pirates won’t be able to enter the sub-coding of websites”, but pointed out that blockchain requires “sophisticated integration”. He explained that an STB with a TEE has a separate CPU, RAM and OS for a TEE workload environment which can be fully or partially utilised. Furthermore, TEE systems can be optimally integrated with blockchain DRM systems, and can be used to store an authorised list of members to validate the network’s users’ safety and securely.

“DRM blockchain doesn’t use the CPU of STBs, but TEE. This implies that if a hacker were to use an STB, he would not be able to use the fully combined CPU powers. He will have a bad quality experience. But if his access is TEE authorised, he will have a quality experience. Unfortunately, some STB manufacturers and integrators don’t maximise the potential of the TEE OS, or use only a part of its RAM or TEE CPU power. Going forward, we can list vendors that use TEE efficiently in the market. It’s going to take some time to build awareness for the big guys to implement such solutions.”

Poppelsdorf commented at this point that in the past, “it was about trying to compromise the link between smart card and chipset, but now we’ve moved to cardless solutions, making it even harder for hackers”.

“Now pirates have largely moved to illegal content distribution on the internet, so we’re focused on finding pirate sources using watermarking technology.”

Citing panellists’ previous points relating to the crucial need to trace the source of pirated content and then employ effective measures, Poppelsdorf said: “To end the cat and mouse chase between provider and pirate, you need to have secure countermeasures in place. The security of STBs today can be at an extremely high level when you have a high-quality conditional access system and a secure execution environment for it. If you put the bar low, then piracy can occur. But beyond having secure STBs, you still need to be active against content redistribution piracy.”

Suri added that the paradigm has shifted from peer-to-peer sites to illegal streaming services,

and recommended a multi-tiered approach to dealing with piracy.

“For us, piracy is not just about identifying content; it’s about going behind the scenes and identifying the source of that piracy and shutting it down at a crucial moment. AI helps build that social profile to track down pirates. If we build common threads across YouTube, Vimeo and Dailymotion, we can identify the commonality between them. So when I’m pulling one of them down, I can pull the entire chain down, making sure that I can have a reasonable window of disruption.”

Dr Refaat seconded Suri, stating that AI can play a big role in fighting piracy.

“Presently, there is no DRM platform that will enable us as a technologist to deal with pirates. To fight pirates, we need to rely on metadata, cast a wide search net with AI and use blockchain to cause disruption.”

The moderator asked whether the tech industry had a way to identify illegal sources of content, and Dr Refaat said Rotana uses MUSO.

“It helps us locate where our online content is available illegally. If we see a certain illegal platform distributing our content, we take it down. However, this process could be simplified if we had a platform that has metadata that we can easily use to combat piracy,” he pointed out.

“Currently, there is no central platform that deals with the certification and registration process of the legality of films, documentaries, clips and news feeds. If we manage to build a central platform responsible for the ownership and rights certifications, we can take that metadata to the technologists, which will enable them to help us protect data. But such a platform is absent in the Middle East.”

Suri added that metadata plays a key role in this exercise.

“U-TO is steering towards something similar, with our entire focus being content-centric. Whether it’s trying to work with the marketability of content ordetecting where there’s piracy, metadata serves as the starting point. We use metadata to identify a potential link, then trace our way backwards using fingerprinting to identify an audio-visual match on that, so it’s a tiered process.”

Dr Refaat said this would be most practical if the broadcasters collaborated.

“Ideally, all the studios – Rotana, OSN, MBC and the rest – must register into, say, one rights management system. This would be difficult because for a rights management system, we need a platform based on blockchain, part of which implies the management system will own all the processes. Content studios typically don’t like to share the cost with X, Y, Z. The only way I see everyone coming in is if we have a system that serves as a true central rights registration and ownership certification platform.”

Suri commented that this is “a two-step process that involves creating a sense of responsibility and then allowing contracts to tie itself around”.

From here, the moderator asked the panellists about balancing cost and ROI.

Dr Forbin commented that in terms of piracy detection and enforcement, OSN undertook the work internally, as it needed to protect a large collection of assets that were under threat on several distribution channels, “such as the web, illicit IPTV STBs, social media or pirated FTA channels”.

“Investing in our own anti-piracy tools was a cost-effective way to address piracy. On the platform security side of things, conditional access system DRMs or technologies such as watermarking have a cost, but these are key to combating pirates, controlling the OSN distribution network and complying with rights holders’ content protection requirements.”

Poppelsdorf pointed out that the feasibility of investing in security is equally important.

“The main cost burden is usually borne by the operator. In the past, operators often preferred to install security on-site, such as a licensed DRM system in their data centre. We’re now being asked to help operators move such operations into the cloud. From their point of view, it’s the same level of security or more, at a shared cost. Having bespoke OTT services has become too expensive. What we’re providing is a few key security capabilities in the cloud, including multi-DRM management and even watermarking. You can tick the boxes you want, and you’re basically done in terms of protecting your content.”

He explained that since operators seek to reduce their costs, it’s necessary for security service providers to offer complete coverage for the OTT part and for broadcast conditional access. According to him, a trusted security partner can enable operators to outsource non-strategic tasks and save costs.

Commenting on the need for an efficient monitoring system, Suri said: “India is in an enviable position where they’ve invested in a team consisting of broadcasters and OTT providers to do this work. We operate out of one to a thousand channels in many different countries; we use ten different measures about how things are done. It’s about the value of the content. We operate with our partners to identify and monitor the content. It’s not about monitoring a thousand hours of content; it’s about the hundred where piracy is rampant that need to be monitored. It’s about time we go back and work with operators on a strategy about what is critical. It’s about time we say the infrastructure is created and five to ten people can use the same infrastructure for cost balance.”

While agreeing that the proposed ways to balance costs raised by his co-panellists were essential, Dr Refaat raised a pertinent regional challenge.

“The question to ask is how worthy is the content for protection and the cost of going legal. Netflix has 118m subscribers in 190 countries, nearly 6,000 movie titles, 1,000 drama series and makes $19bn a year. Rotana has approximately 2,000 movie titles. Where’s the comparison? Netflix has the assets to protect its vast receivable revenue, while smaller MENA platforms don’t. Only if this market is legally regulated with a proper blockchained central registration and rights certification platform can we genuinely increase our security measures,” he commented.

The discussion concluded with Abbas summing up some of the protection strategies for key media assets, tools to disrupt pirates and new ways to harness technology to manage security efficiently.