IBC 2017

IBC Reflections: Irdeto’s Lucas Catranis on Protecting Sports Media From Piracy

OTT, esports pose specific challenges to security

Security is one of the hottest topics on the mind of every sports-media organization these days. Incidents from ransomware extortion schemes like the leaking of HBO’s Game of Thrones episodes to the pirating of live streams of major sports events like the Mayweather-McGregor PPV fight have pushed security high up on priority lists.

With that in mind, SVG sat down with Lucas Catranis, director, product marketing, cybersecurity services, Irdeto, during the recent IBC 2017 to discuss how the Irdeto 360 platform is helping sports-media organizations weather the piracy storm. Catranis also addressed the piracy threat posed by social-media platforms, security as it relates to the burgeoning esports industry, the potential of ransomware to affect sports content, the need to educate the M&E industry more about piracy, and what security trends he sees for 2018.

Irdeto’s Lucas Catranis: With [live streaming], you want minimal impact to the quality of the video, but what’s most important for live sports is detecting as fast as you can.”

What are some of the highlights at the Irdeto booth at IBC 2017?
We’ve got a demo upstairs of our Just in Time Watermarking for OTT, which is a new approach to watermarking, and how you integrate watermarking for OTT providers. It provides rapid detection in under two minutes to be able to detect the watermark and terminate a stream. I think that’s a high point for us, and it’s something that a lot of the folks who are coming in are really impressed with.

We’ve taken all the technology we’ve been using for studios, and we’ve turned it into something that’s more lightweight and adaptive for live streaming. With a studio film, we have to have that impeccable quality because the golden eyes [monitoring systems] are watching everything looking for watermark artifacts. With [live streaming], it’s all about speed. Of course, you want minimal impact to the quality of the video, but what’s most important for live sports is detecting as fast as you can.

How do major sports events spur piracy, and how can content owners battle this?
When you’re dealing with major events, most anti-piracy work is done with automated crawling, and then it’s reinforced by having security analysts to do real-time actions. Every customer has different rules of engagement. Some people want to do more automated notice sending. We’re really high on quality here so we like to make sure that any notice we send out is a valid notice and something you can follow up on.

We have a compliance team that’s constantly working with ISPs. Compliance is a hard game to play; that’s why you have watermarking, source ID, and a lot of different things to supplement it. But, during a live event like [the Mayweather-McGregor fight on PPV], it’s much more critical to have a security partner that’s working for you, because who knows how long it’s going to last: the fight could have been two minutes or could have been an hour. There’s so much value in keeping those streams off the big UGC [user-generated–content] and social-media platforms.

How has the ubiquity of social media made it easier to pirate live sports content, and how is Irdeto battling this piracy?
I think Facebook, Twitter, YouTube, and those other platforms really need to step their game up. I think they’re making it a little too cumbersome for the people that own the rights to enforce and to get [illegal streams] taken down in real time. We can supplement and integrate with those platforms to help our rightsholders.

Facebook is very stringent about some of their crawling policies, so we have to deploy a lot more manual [tools] during the course of an event. But [Facebook is] pretty good about actually taking [illegal streams] down when they’re notified.

These big platforms that have millions of or a billion users are more concerned about bringing traffic in and selling their own ads than they are about how valid the actual content is in terms of a licensing standpoint. They want to get the rights owners to monetize on their platform, but that doesn’t mesh with the agreements that have been in place over the years. What we try to do is use our people, resources, and relationships to put pressure on them and also reach out to them to be better at responding to our customers’ requests. That’s a lot subtler than just putting a tool in place to do it; it takes a lot more massaging.

With the esports market projected to explode in the coming years, how much of a concern is piracy to this burgeoning market?
[Esports broadcaster] Twitch has been very good when it comes to [piracy]. Twitch did a full integration with us because the quality of our notices is so high they’ve given us real-time takedown capabilities on their platform.

There’s also a lot of sharing of streams on Discord [voice/text platform]. Discord’s becoming so big, but a lot of people aren’t even aware it exists. We know it’s happening and are already monitoring Discord closely, so we can be a lot more proactive. I think that’s a strong suit for us.

In looking at [the esports industry], I think there are still questions about the rights and how much money those rights are worth. There are some groups that have made investments in esports, but they’re still relatively minimal compared to the premier sports [properties]. But there is no question that [esports] is building a significant millennial audience. We also realize that [esports fans] tend to have a bit of a different attitude about content consumption than folks who’ve grown up with pay-TV dominance. So we will be monitoring esports closely as it evolves over the next few years.

There has been a lot of talk about the threat of ransomware following attacks on Sony, HBO, and others. Do you see ransomware as a threat to sports content?
One of the things we do best is monitor darknet threats for our customers. We provide them with what we call Cyber Intelligence, which is a service customized to the specific client’s platform and the potential threats they have. On a regular basis, we’ll make mitigation recommendations and point out specific issues. We’ve done penetration testing for different companies, looking at their video infrastructure, identifying holes, giving them the tools that they need to fix their issues so that they don’t have the same type of exposure and attack surface as the folks that are paying attention to it.

When you look at the attacks that have happened to some of the big studios, there’s a big difference in that content and live sports content. Yes, clips and highlights are valuable, but it’s not like an unreleased blockbuster movie: if it goes out [illegally], $200 million-$300 million is lost. In terms of live content, I could see more traditional cybersecurity, such as finding ways to use ransomware to try to extort companies so they don’t have access to their computer systems. But I would not say that [ransomware] is as significant a threat to sports as it is to the studios.

How does Irdeto work to educate the U.S. M&E market about piracy and its dangers?
We’re doing a lot more in this area; it’s growing pretty significantly. One of the things I think that’s interesting about the U.S. is, people think it’s a sure market when it comes to understanding piracy. But it’s actually still quite immature in terms of people’s understanding of piracy. You still have a lot of free-to-air agreements in place. People don’t see piracy for what it is [the way] they do in Europe and other parts of the world.

We’ve done much on the education front the last couple years, showing people the Kodi devices and other pirate set-top boxes. We’re starting to see a lot of the operators in the States realizing that they need to get more secure and get better insight into what’s happening. So we focused a lot of our team on building an analytics and business-intelligence platform that would give the operators a deeper understanding of how big piracy is, who it’s impacting, and where it’s coming from. I think that’s the first step. The next step is to take action.

What opportunities for Irdeto and trends in the security market do you foresee in 2018?
We’ve got a lot of traction right now in the U.S. cable-operator market. They have the most at stake because they have premium content. And we’re an operator’s company. We work to help the operator succeed; it’s what we do.

I think the question in the past for [cable operators] was, Why do I invest this money in this service; I don’t really see a return on investment. Now we see people looking at it from a standpoint of, if you don’t invest in the proper piracy control and watermarking and analytics and [business-intelligence] services, you’re absolutely looking at losing subscribers, increased churn, and you may never get those people back.

The other interesting thing I think we’ve seen recently is the emergence of pirated OTT feeds. In the past, [piracy] was all coming from set-top boxes or free-to-air cable. Today, much more is coming from OTT platforms, which don’t have complex conditional-access systems to get watermarking in place. With OTT, it’s a lot simpler and a lot cleaner to put something like watermarking in. And that is what people have to do to secure their content.

We are talking to some of the U.S. leagues as well. It’s important to help them see what we see: it’s not just [piracy] in the States with Kodi; it’s also attacks that we’re seeing in other parts of the world. All of that gets shared so quickly on forums and blogs and darknet sites, so you have to be very careful.

We can help [leagues] monitor all this because we collect so much data now. We’re collecting over 700 TB worth of data on a monthly basis just about piracy and the different pirate ecosystem platforms like Kodi, streaming, and peer-to-peer streaming. For us, that data has a lot of value. We might not be able to extract all of it right now, but, in the future, we will have a baseline so that we can compare, see growth patterns, and look into stuff. We’ll be happy we have that data going forward.

Password must contain the following:

A lowercase letter

A capital (uppercase) letter

A number

Minimum 8 characters