Winter 2010

Tools of the Trade

New, existing and yet-to-be-invented technology offers hope for fighting Internet theft.

BY MILO YIANNOPOULOS

The Piracy Problem - Tools of the Trade

As technology evolves, new and better tools are becoming available to combat Internet theft and protect intellectual property. Online theft is not going to go away, but now content creators can protect their work and help ensure a fair deal for themselves and paying consumers.

If something is visible or audible on a computer, it can be copied. It only takes one computer-literate pirate to make a single unprotected copy of a film or TV program for it to become available to everyone on the Internet, free of charge. The only barrier to entry for prospective file-sharers is mastery of a simple set of computer programs designed specifically to find and share music and video. It really is as simple as “point” and “click.”

It’s true that the Internet has enabled copyright infringement on an unprecedented scale: millions of illegally pirated files are now available for download to anyone with a broadband connection. But this doesn’t mean that the battle against Internet theft can’t and shouldn’t be fought and—to some extent—won. Here is a brief survey of the tools that are out there and how they can be used to protect your work.

Digital Rights Management (DRM)

Historically, this has been the most common form of digital copy protection, but to date it has not been particularly effective. DRM describes a set of rules or controls embedded within the content itself that are designed to prevent unauthorized viewing or listening—for example, by preventing playback on devices that are not owned by the purchaser (this is how Apple’s FairPlay system, used in its iTunes Store, operates). In reality, digital media files employing DRM can have that protection stripped away by experienced thieves in a matter of minutes. The content can then be duplicated an unlimited number of times, with no reduction in quality, as if there had been no protection applied at all.

Every widely used DRM system has been rapidly defeated by pirates. The Content Scrambling System (CSS), introduced in 1996 by the DVD Forum, has been practically useless since 1999. The Advanced Access Content System (AACS) for HD-DVD and Blu-ray discs was “cracked” in December 2006: the first unprotected HD movie appeared on peer-to-peer file-sharing sites, complete with audio options and special features, less than two weeks later. DVD region codes, another attempt to limit international piracy, can be circumvented very easily on a modern computer—not to mention using one of a widely available range of multi-region DVD players.

DRM is sometimes perceived as reducing the value of a paid product, for example when a piece of software needs to “phone home” via the Internet in order to be installed or operated. This occasionally results in inconveniences to legitimate customers if, for instance, authentication servers are offline or the user is not connected to the Web.

Nonetheless, DRM is still widely used as an extra layer of deterrence. It forms part of an integrated toolkit of anti-piracy technologies, but should never be considered a complete means of protection in itself.

The Broadcast Flag

A flag consists of a small amount of invisible data hidden in a broadcast signal that can give instructions to televisions and other receiving equipment. Originally developed by Fox Broadcasting in 2001, the broadcast flag required that all HDTVs obey a specification determining whether the recording of a particular stream was permitted. Fox’s version never caught on, but an updated version of this technology, known as Content Protection and Copy Management (DVB-CPCM) is currently being developed, and may in the future provide significantly more sophisticated, cross-platform control. DVB-CPCM promises to offer a consistent set of permissions across different technologies, making it easier for end users to understand what they are permitted to do with purchased works. But the technology isn’t there yet.

Content Identification

Digital Fingerprinting and Watermarking are forms of metadata added to legitimately purchased files. They can be useful in providing prosecution evidence, but are not complete protection mechanisms in themselves.

The MPAA estimates that 75 percent of online theft is committed by 15 percent of online thieves, a “hard core” of determined criminals who share, in some cases, tens of thousands of copyrighted works with others. Watermarking enables law enforcement agencies to track pirated material to a single file from a single individual: identifiable data is embedded in content. It is not detectable by humans but readily identified by content recognition systems. Even if a film is recorded in the cinema with a camcorder, rights holders can still detect the watermark and identify the origin of the recording.

Fingerprinting technology, which searches for a particular few seconds of music or piece of dialogue and matches it against a database of copyrighted works, is employed by YouTube to great success. YouTube’s implementation can catch works as they are uploaded, and prevent them from ever appearing on the site.

Finally, other kinds of metadata are occasionally inserted in legal downloads by online music stores. The metadata may, for example, contain the purchaser’s name and e-mail address. Should the purchaser choose to share that file illegally, it is easily traced back to him or her.

Streaming

In the last few years, streaming services such as Spotify, Hulu, the BBC’s iPlayer and YouTube have seen exponential increases in user numbers. Research conducted for Trendstream’s Global Web Index shows that downloading content is much less attractive when that content is available instantly via streaming.

“Thanks to the rise of online services, the environment has been created where you can stream almost all the content you would ever want. Why pirate when you can stream?” says Tom Smith, Trendstream’s managing director.

It’s worth remembering that streaming services don’t generally work when you’re not connected to the Internet, and that streaming doesn’t entirely prevent unauthorized copies: software packages like Audio Hijack Pro enable users to “rip” audio from any playback or streaming source and store a copy of it on their local computer, which can then be shared with others. Although these apparently complex procedures are becoming part of daily life for computer-literate teens, industry associations like FACT are now investing heavily in advertising campaigns to educate young people about the potential consequences of illegal downloading. Streaming services can be presented as an alternative to piracy, and can encourage users to enjoy content in a safe, legal environment.

Legal Action

The Digital Millennium Copyright Act (DMCA), which criminalized the production and distribution of technology that allows users to circumvent copy protection, has been largely ineffective in protecting DRM systems. Online theft continues to flourish using peer-to-peer technologies (direct transfers of data between individual users) such as BitTorrent. But the DMCA has led to successful prosecutions, which act as a powerful deterrent to those who would continually and consciously steal, or enable others to steal.

Legal action against the owners of torrent sites or organized pirates can take the form of takedown notices (formal requests for the offending material to be removed from the Internet, authorized by the DMCA), cease-and-desist letters or court filings. Although site owners, who make money facilitating online theft, are often reluctant to comply with demands, successes have been achieved in the courts this year: in October, the Stockholm District Court banned two of The Pirate Bay’s founders from operating the well-known torrent search site.

Network Monitoring and “Pollution”

On behalf of copyright holders, operatives—either fully automated or systems that include a human overseer—can pose as downloaders by appearing to offer or “seed” files to others. They can then record the IP addresses of those who accept transfers of copyrighted works for subsequent legal action. An IP address is usually sufficient to narrow the search down to a single computer or household and file a claim. This practice has been used extensively by the Recording Industry Association of America.

Another method is so-called “network pollution,” whereby rights holders either upload entirely fake files, which purport to be a movie or music album but are not, or join a peer-to-peer network and deliberately send bad data to other users instead of the expected portions of the file. The former method can even be used to convey a message to would-be thieves: Madonna’s record label employed the tactic a few years ago, when, instead of sending garbage in place of American Life, they sent a different kind of audio track. It consisted of the star angrily demanding: “What the f--- do you think you’re doing?” followed by a period of silence. (As if to confirm the synergies between various forms of illegal behaviors on the Internet, the star’s website was hacked shortly afterwards in revenge.)

While the second method of network pollution, in which portions of a file are substituted for bad data by rights holders posing as users, does not stop the process entirely (modern torrent programs can identify bad portions and seek to replace them), it can slow it down significantly so that pirates abandon the download in frustration.

Copyright holders should not underestimate the power of the human element as complements to these technological systems. They are “some of the most useful tools available to us,” according to Eddy Leviten of the UK’s Federation Against Copyright Theft (FACT). FACT makes extensive use of such human tools to surf torrent sites looking for illegal material, infiltrate forums where illegal activity is being discussed and generally familiarize themselves with the pirating ecosystem. These people surfing the net can report specific instances of infringement, and, in some cases, assist in identifying offenders. This practice is already commonplace and in many areas where people work on similar deterrents.

Deep Packet Inspection

There is one emerging technology that promises to offer significant and automated protection to copyright holders: Deep Packet Inspection (DPI). DPI is already in use by Internet Service Providers (ISPs) to prevent viruses, spam and all kinds of content delivery that, if left unchecked, would completely impede the ability of the Interent to operate and could even bring it to a standstill.

Nonetheless, the use of DPI has become a highly politicized and emotional issue in regard to privacy concerns. People have expressed concerns about the “big brother” potential it might have to intrude into their personal activity. Also, since it effectively consists of monitoring users’ activity on the Internet, DPI-based behavioral targeting, which advertisers use to create strategic ads that are relevant to individual users, has raised some concerns about privacy. But DPI is, in itself, not the danger; how it’s used and by whom is the real question. DPI is still very much in its infancy and a great deal depends on how it is deployed and what protections are put in place. Here’s how it works:

DPI is not another copy protection system. Nor is it even primarily designed to protect copyright holders’ interests. But it can and does perform those functions, and could be a key technology in a new era on the Internet. DPI works by examining the “packets” of data traveling throughout the system and identifying their contents.

If the contents are identified as movies or music, the software can compare it against a database of copyrighted works. For the music and motion picture industries, the impact of DPI is obvious: it can filter traffic to remove illegal content, including copyrighted material. In other words, if copyrighted content is being illegally shared, it can be flagged by the Internet service provider, which can then notify the appropriate individuals. In theory, if the system identifies a peer-to-peer file transfer that contains copyrighted works, say fragments of movies or music, it could simply prevent the transfer from occurring by blocking those packets. This analysis happens in real time, with no loss of speed for end users.

DPI also makes it possible for content to be prioritized according to its urgency. For example, DPI technology can ensure that crucial transfers are not delayed by file-sharers who overload the network by swapping large music or video files.

In order to perform its function, DPI drills deep into the data packet. Why is such deep inspection utilized? One reason is that ever more complex tools of infringement are emerging all the time. For instance, Put.io, a new file-sharing service, offers to stream torrents directly into their servers, rather than into users’ computers, which means much faster downloads and no firewall restrictions. The potential for copyright abuse is tremendous.

DPI is not without its issues and it obviously comes with certain caveats. But used responsibly, and in conjunction with other technology, it could be another highly effective tool in the arsenal against piracy.

Summary

A combination of monitoring strategies and legal protections, along with providing alternative and legal ways to consume content as possible, seems to be the best way to approach piracy.

No technology is a complete solution in itself; there is no silver bullet. Given the ever-changing nature of the Internet, it is clear that some technologies remain to be fully developed, and many remain to be invented. But there are a growing set of tools available which, when used as part of a combined assault on illegal activity, can offer significant protection to those whose work is being stolen without regard for its economic worth or the creative talent that went into making it.

Internet Theft
As part of the Guild’s effort to keep members informed about the complex issues of Internet theft, the Quarterly has run an ongoing series of stories on the subject.
More from this issue