The fight against piracy has scored some significant wins in the past 12 months.
Digital Broadcast speaks to some of the top conditional access vendors to assess just how long the pirates might remain sunk.
The evolution of the pay TV industry is having serious consequences for the companies providing the conditional access (CA) products that protect the content they have invested in from being accessed illegally.
The emergence of a growing number of IPTV and hybrid architecture networks has created a market for software based CA systems, rather than the smartcard based hardware systems that have dominated previously.
As well as the pressure created from the number of operators opting for software systems, hardware only manufacturers have also had to content with codeword sharing – a successful form of piracy that as until recently running rampant – as well as the technological challenges created form having to keep up with the new services that operators want to provide their viewers.
“From a global perspective, I believe that the future of smartcard-based pay TV systems is fairly limited,” says Pierre Hunter, VP sales EMEA, Verimatrix. “The company has seen its customers replacing them in one of two ways: either with secure low cost system-on-chip security in set top boxes (STB) and increasingly with the deployment of hybrid network topologies. Smartcards will be favoured by traditional broadcast only operators in satellite environments. Ultimately, new deployments of this technology will be phased out.”
Albert Tzulman, SVP, sales and marketing at CA provider Logiways, is less pessimistic.
“Smartcard-based CA systems are still the best solution to secure content, especially on a one-way broadcast system,” he says.
“Software-only CA can be efficient for a connected STB, but it is also easier for hackers to upgrade these boxes. There are now on the market some hardware solutions – such as USB dongles – to add security on top of software-based CA. The future solution is probably the new generation of software CA linked with IC security features.”
At present as long as both one-way and two-way networks remain in wide use it is likely demand for both hard- and software systems will continue.
“Both sides have their advantages and disadvantages and the industry needs to give operators the choice of what best fits their particular operation,” says Christopher Schouten, advanced products marketing director, Irdeto.
In addition to its hardware solutions for one-way networks, Irdeto also claims to make the only software only system without a return path.
“There have not been any software based solutions other than the one we launched last year that is sufficient to address the needs of a one-way broadcast networks and that because most of the software systems today have been predicated on the presence of an IP return path,” says Schouten. “In situations where that IP return path is available then a software solution is superior from a logistics perspective but in the millions and millions of legacy devices that are out there on one way networks smart cards will continue to play a crucial role in content protection now and for the foreseeable future.”
Schouten also makes the point that the presence of a broadband network determines whether the option of using a return path based system is present, noting that this is an issue outside of the main urban centres in the Middle East.
Latens has a different background to many of its contemporaries in the CA industry as it has always been a software-based developer since its inceptionn in 2003. The company continues to be bullish on its prospects moving forward.
“At the time of our launch, existing CA providers said [software based CA] was not safe and would not be accepted by the operators. Latens has seen all its competitors follow its example in respect to software security for IPTV,” says Andrew Pons, marketing manager, Latens. “Gradually more are following the example of using software only CA for one-way broadcasts. Therefore given that smartcard piracy is rampant in the Middle East it can only be a question of time before smartcards are no longer part of a CA solution.”
As well as a technological advantage, Pons also says that the business model behind software based security also creates extra incentives for the system to withstand attacks from pirates
“There are three parties in the piracy war,” explains Pons, “the hackers, the operator and the CA supplier. If a smartcard system is hacked the hackers win because they are now able to distribute the CA keys around the world using the internet. The supplier of the smartcard CA also wins because the operator requires a new smartcard solution, which is good business for the supplier.
“The operator on the other hand loses, first it has to make a loss on the subscribers that are now paying the hacker instead of the operator, and it has to pay the smartcard supplier to develop a new set of cards that are supposedly safer. This can take up to two years meaning it is constantly losing revenue,” he says.
Using a software-based system means that a “virtual” card swap-out can be done almost instantly in the event of a hack. The incentive to be hacked, thus triggering a new card and hardware deployment is therefore removed.
Regardless of the system proposed, the operators and the vendors need to be able to beat the existing forms of piracy in order to make any kind of progress. But who is winning the battle at present?
“The pirates are winning, because piracy is still increasing,” says Logiways’ Tzulman. “Even if hackers need more and more sophisticated infrastructure, they also have more and more customers. CA systems are regularly hacked and updates are immediately available on internet.
There is no unhackable system. It’s all about time. As a CA vendor we sell time to our customers, time before effective piracy is developed and they lose revenue. Hackers are more and more organised; they are international crime organisations with worldwide connections. The sophisticated labs, required to hack some CA systems, cost more than $15 million. It is a very profitable business for them,” he notes.
“Core security technology is developing rapidly but any CA vendor that claims their system is unhackable should probably feel distinctly uncomfortable,” says Verimatrix’s Hunter. “There is huge money behind piracy but companies like Verimatrix also help to enable the even larger revenue stream behind legitimate content consumption and are working diligently to stay at least one step ahead of the pirates.”
Hunter’s Verimatrix colleague Steve Christian, the firm’s VP of marketing, agrees.
“Content piracy is still big business. But it would be extremely unrealistic of anyone to make any claim about any security system being unhackable for all time. In general, we tend to describe the world of security as an arms race,” says Christian. “A small but important set of key security systems vendors are pitted against a wide range of amateur and professional forms of attack. The important thing in any such continuing fight is to try and stay at least one step ahead of the latest threats and to be proactive about changes to your strategy and implementations in order to reduce the impact of any security issues that do emerge.”
Irdeto’s Schouten is far more optimistic about the industry’s progress against the pirates, particularly in the Middle East.
“I definitely feel that we are wining the piracy war at this point, but not purely on the basis of technology,” he says. “There is a strong cooperation required between us and our customers and the local authorities in regions around the world. You can see through our cooperation with associations like Arabian Anti-piracy Alliance (AAA) in the Middle East and with local and regional regulatory authorities that we can win battles,” Schouten points to the recent example of the UAE Telecommunications Regulatory Authority blocking code word sharing internet traffic in the country.
“It’s a combination of technology, cooperation, legislation, regulation and enforcement. We would never assume that we permanently had the upper hand, we have to be vigilant. It is a game of cat and mouse. With the first generation of technology more than 15 years ago perhaps, the CA industry put it out in the field and started counting its money without realising that this was going to be of that nature.
“The industry learned that lesson a long time ago and now it can never afford to sit back and assume that it has won,” concludes Schouten.
With so many solutions available on the market testimonials and third-party testing can is critical.
“For any commercially significant conditional access or content protection solution, the content owner’s acceptance and belief in your brand is crucial,” says Verimatrix’s Hunter. “Access to content is one axis of differentiation, and having a strong track record and a proactive engagement with content owners is important to gain their confidence and facilitate licensing agreements for their content. It is vital for operators to select a CA partner that has a good relationship with the major studios and broadcast content sources and that can support the specifics of the various revenue models that they intend to deploy.”
TRA takes action in THE UAE
The UAE became the first country to protect pay TV channels’ rights on the internet after the Telecommunications Regulatory Authority (TRA) took action to block keyword sharing.
In collaboration with both the country’s telecoms providers, the TRA successfully blocked keyword sharing data transferred on its network. It is thought to be the first time that such an operation has succeeded anywhere in the world.
“The UAE gives utmost importance to Intellectual Property to ensure the most advantageous economic environment through supporting owners of property rights. This step will protect consumers against this type of fraud and it will limit infringement of Intellectual Property Rights and violation of federal laws,” said H.E. Mohammed Al Ghanim, director general of the TRA.
A warning was also issued that the unlawful use of telecom services can harm consumers and the national economy and it urges consumers to take caution while purchasing satellite receivers to ensure their legitimacy.
Closing the loopholes
Christine Maury-Panis, executive VP, general counsel, Viaccess and VP of the industry lobby, APOEC discusses some of the legal and legislative issues underpinning successful anti-piracy efforts.
In recent times, loopholes in the legal definition of piracy, where the rules are only applicable to devices that are pirated as such, like fake cards and not devices becoming illegal once downloaded, have come to light. This has meant it has become increasingly difficult to track down and prosecute these boxes as downloading most of the time occurs at home, even if it is very clear to the community that these so called “free to air” boxes are widely bought because they are easy to install pirate firmware on.
Europe has been widely believed to be ahead of the rest of the world, having developed the first valid approach to tackle the issue of piracy 10 years ago, thanks to legislation protecting all access control systems, thus standing separately to copyright legislation – the only legal recourse in many countries for prosecution.
This was brought into effect in the European Directive issued in 1998 which covers both broadcasting (TV and radio) and interactive services using some form of CA system. This Directive was intended to be applicable in any of the 27 full member countries, however, sentences for offenders can still vary substantially between countries.
Moreover, the law needs to be reviewed now in light of a number of necessary improvements, not least the need to be able to encompass within the definition of pirate material these devices that have two sorts of use.
In addition to technological innovation and legal actions, there is a third frontier to tackle the issue of piracy that relates to removing or reducing the commercial incentive. Vendors of CA systems are required to develop and support new business models that allow operators to generate more revenue from new content and new ways in which is it is delivered to subscribers.
Awareness about the subject of piracy has to be further shared at all levels, at courts, customs, police, governmental and institutional levels, and last but not least at consumer level. New innovative business models are needed to accompany this awareness and educate end-users.
AEPOC is pushing international cooperation, which is vital to mounting a more effective defence against global TV piracy. The group is backing joint actions gathering all CA providers and pay TV operators in Europe and are present on the commissions where the directive is reviewed.
Collaboration on an international level and solidarity between the members of an association is imperative in successfully tracking down and bringing to justice the highly developed sub-culture and value chain of suppliers, financers and distributors that is at the heart of pay TV piracy. Finding proof has always been the key stumbling block.
To entrap the whole industrially organised worldwide network behind the hackers will require a concrete effort to reverse engineer the hackers’ methods. This is why it is necessary that all the anti-piracy associations worldwide join forces and share their investigations and experience.