add a comment
Piracy of live-streamed sports events ceased to be “inside baseball” (pun intended) for the media industry last weekend with HBO’s broadcast of the Floyd Mayweather-Manny Pacquiao boxing match in the US market. Even in the mainstream media (such as here and here), it seems that the public’s ability to watch the fight online for free in close to real time got more attention than the fight itself.
This is why protection of live sports event streams is a growth area in the field of anti-piracy technology today. Broadcasters like HBO pay huge sums of money for exclusive rights to live sports; therefore they have big incentives to protect the streams from infringement. Recent articles in re/code and Mashable attempted — with limited success — to explain how HBO’s stream was massively pirated and how that piracy could possibly have been curtailed.
Both articles focused on the many pirated streams of the fight that were available on the Periscope app, which allows users to broadcast video in real time from their iOS devices, and is owned by Twitter. As Peter Kafka at re/code explained (accurately enough), it’s not possible to use fingerprint-based systems like Google’s Content ID with live event streams. Such systems depend on a service provider getting a copy of the content in advance so that it can take a “fingerprint” — a shorthand numerical representation of it — and use that to flag attempted user uploads of the same content later. By definition, no advance copy of a live event exists, so fingerprinting can’t be used.
Furthermore, just because a single service uses fingerprinting to block unauthorized uploads doesn’t mean that other services do. YouTube might block an upload thanks to Content ID, but that doesn’t prevent a user from putting the same file up on BitTorrent or a cyberlocker.
However, it is possible to use watermarks to flag content. HBO could insert watermarks into the live video as it goes out the door. Watermarks are much more efficient to detect and calculate than fingerprints, and a well-designed watermark can be detected even if the content is “camcorded” from a TV screen.
Two things can happen with watermarks. First, a cooperating service could agree to detect the watermark and block the content — or do something else, such as allow the content through, play an ad, and share the revenue with the rights holder, as Google does with Content ID. Second, a piracy monitoring service could detect watermarks of streams out in the wild (including on Periscope) and rapidly serve takedown notices on the services that are distributing the unauthorized streams, meaning that the services need not do anything proactive.
Given what Christina Warren at Mashable experienced (camcorded streams appearing on Periscope and then disappearing later), the latter probably happened. Several streaming providers and anti-piracy services use watermarks to aid detection of unauthorized copies of live streams. In the Caribbean market, for example, Netherlands-based pay-TV platform provider Cleeng carried the pay-per-view broadcast of the fight for Sportsmax TV, and it’s likely that Cleeng used its live-stream watermarking technology to protect the content. (Another anti-piracy provider, Irdeto, has similar technology but admitted to Bloomberg that it wasn’t working on the fight. That leaves Friend MTS as my guess for the provider that monitored the fight in other geographies such as Europe and North America.)
It is also possible to automate the process more fully by embedding so-called session-based watermarks that contain identifiers for the user accounts or devices that are receiving the content legally — such as set-top boxes receiving HBO over cable or satellite services. Session-based watermarks are used today with movies released in early windows in high definition, and Hollywood would like them to be used in all 4K/UHD movie distributions.
With session-based watermarks, a monitoring service can (in many cases) determine the device from which the unauthorized stream originated and inform the pay-TV provider, which can then shut off the signal to that device. The entire process would require no human intervention and take just a few seconds.
But with Periscope-style camcording, this could lead to the following interesting situation: Alice invites some friends over to watch the fight on her big-screen TV and pays the $100 fee to HBO through her cable company. Everyone sits down, and the fight starts. Bob pulls out his iPhone and fires up Periscope. A few seconds later, the TV goes blank or displays a warning message about possible copyright infringement. Alice calls her cable company and finds herself on hold, waiting behind the hundreds or thousands of other furious customers to whom the same thing happened.
Ergo I don’t believe HBO is able to require session-based watermarking to protect its live events through pay-TV providers. The situation with live sports is different from early-window HD movies: movies have already been in theaters (where they have been camcorded), and users value the timeliness of Periscope-style camcords for live events more than their often questionable quality.
What also clearly did not happen is that HBO made a deal with Twitter to detect the watermarks and block the live Periscope streams. As both the Mashable and re/code articles note, Twitter/Periscope experienced a ton of traffic before, during, and after the event, much of which was “second-screen” in nature, such as commentary on the fight and the fighters. Yet Google’s Content ID showed that a service provider could be willing to detect copyrighted materially proactively if given sufficient incentive. If the likes of HBO can find sufficient incentives — cross-promotion, ad revenue share, or something else — then the Periscopes of the world might be inclined to follow in Google’s footsteps.
Forbes: The Myth of Cord Cutting February 8, 2015Posted by Bill Rosenblatt in Business models, Uncategorized, United States, Video.
1 comment so far
In my latest piece in Forbes, I examine the idea of “cord cutting” in light of recent announcements from Viacom, Time Warner, and DISH Network of over-the-top (OTT) streaming video services that enable people in the US to watch pay TV channels without a pay TV subscription. Cord cutting means cancelling one’s subscription to cable or satellite TV and just getting TV programming over the Internet (or broadcast).
My research turned up two findings that were surprising (at least to me) and support a conclusion that cord cutting is mostly a myth. The first finding is that most people are unlikely to save money on programming if they pay for the increasing number of subscription OTT video services at their expected monthly prices. The second is that most American broadband subscribers get their TV and Internet services from the same company, and there isn’t really such a thing as a broadband Internet company that doesn’t also provide TV; therefore “cord cutting” in most cases really means “calling your cable or phone company and changing to a cheaper service plan.” I also conclude that, economically, cord cutting is a wash for everyone involved, particularly if the FCC is unsuccessful in its new attempt to pass meaningful net neutrality regulations.
As always, I eagerly welcome your feedback.
Ghosts in the UltraViolet Machine September 24, 2014Posted by Bill Rosenblatt in Business models, Music, Publishing, Services, Video.
add a comment
A few brief items of interest this week. First is a reminder about Copyright and Technology London 2014 next Wednesday – there’s still time to register! We have a great lineup of keynote speakers, including Shira Perlmutter, Maria Martin-Prat, and Dominic Young of the Copyright Hub, as well as panels on hot issues such as ISP responsibility for policing infringement and content protection for “4K” video content. I look forward to seeing some of you in London next week.
Apple and Amazon Add UltraViolet-Style Family Accounts
Amazon and Apple recently announced the addition of “family accounts” for sharing content. These enable up to six users who share a billing address to link accounts and get access to each other’s content, including e-books, apps, music, and video. Apple’s Family Share is a feature of the new version of its mobile operating system, iOS 8, while Amazon’s Family Library feature is expected to launch later this Fall.
The primary difference between the two is that Apple Family Share enables the sharing of all videos downloaded from iTunes while Amazon only allows sharing of video streamed via Amazon Prime Instant Video, as opposed to videos purchased by non-members of Amazon Prime. (In other words, this is yet another gambit to entice more users into Amazon’s US $99/year Prime service.) Some websites have commented that Amazon’s service does not allow sharing of purchased music, while Apple’s does; but this is a bit silly given that music downloaded from both services is DRM-free.
It’s not particularly surprising that Hollywood studios have given both Amazon and Apple the rights to extend purchases to family accounts. That’s because the rights are similar to those that the studios already extend for the same types of content under UltraViolet usage rules. In fact, the availability of family access to video content from two of the biggest digital movie retailers eats into the advantages that UltraViolet offers. (UltraViolet’s principal retail partners are Nook (Barnes & Noble), Target, and Best Buy).
More surprising is that one of these retailers decided it was worth the development effort to add this feature (causing the other to add it as well); perhaps this is a sign that UltraViolet is catching on? Either way, this is yet another example of how the mainstreaming of digital content products and services has exposed deficiencies in the rights that users get to digital content compared to physical products such as DVDs (not to mention print books) and has led to innovation. I would expect a similar announcement from Google Play in time for the holiday shopping season.
Garth Brooks Launches GhostTunes
Finally, a minor hypestorm erupted in the music industry recently over the beta launch of GhostTunes, a new digital music retail site spearheaded by country music superstar — and longtime digital holdout — Garth Brooks. Contrary to initial reports, GhostTunes does not only sell albums; it also sells single tracks — though only at artists’ or labels’ discretion. Purchased music is available in an online locker and can be streamed or downloaded as DRM-free MP3s. Some items are multi-album packages that contain multimedia items, in the vein of Apple’s iTunes LP.
Many musical artists will surely like GhostTunes’ willingness to sell single tracks only if the artist permits it. The recorded music industry has been looking for ways to prop up the sales of albums in the digital age — just as UltraViolet was originally intended to help Hollywood studios prop up sales of movies while all of the growth is in streaming. According to RIAA statistics, single track sales accounted for about 1% of unit volume when the iTunes Music Store opened in 2003 and have grown to over 80% today.
Yet GhostTunes looks like it is shaping up to be the music industry’s Pluto Nash moment: an expensive undertaking whose primary function is to cater to the whims of a big influential star rather than to be successful as a business. Although GhostTunes is billed as an “artist-friendly” retail site, there’s little reason for anyone to go there other than the exclusive availability of Garth Brooks’s music in digital form… legally. The music selection comes from all three major labels but is limited: the press release touts “a million tracks” (compared to more than 20 million on iTunes or Spotify), while the site itself appears even more limited to a few dozen releases in each of several genres. The highlight of the current catalog is a bundle of a dozen albums plus a concert video from Brooks himself for $30.
GhostTunes received a moderate amount of attention two weeks ago, ranging from neutral and factual to critical and skeptical. The press release contains a combination of vague hype (“music fans and artists deserve more”) and either falsehoods or anachronisms (“Just as it seemed fans would be left buying music in an increasingly more restrictive configuration without the ability to take the music they purchase anywhere they please, GhostTunes.com offers a new way.”)
It’s hard to see what GhostTunes can possibly offer that isn’t available on iTunes or Amazon — other than low prices for album bundles — but we’ll see what it does offer when (or if) it goes from beta to full launch.
add a comment
Registration for Copyright and Technology London 2014 is now live. An earlybird discount is in place through August 8. Space is limited and we came close to filling the rooms last time, so please register today!
I am particularly excited about our two keynote speakers — two of the most important copyright policy officials in the European Union and United States respectively. Maria Martin-Prat will discuss efforts to harmonize aspects of copyright law throughout the 28 EU Member States, while Shira Perlmutter will provide an update on the long process that the US has started to revise its copyright law.
We have made one change to the Law and Policy track in the afternoon: we’ve added a panel called The Cloudy Future of Private Copying. This panel will deal with controversies in the already complex and often confusing world of laws in Europe that allow consumers to make copies of lawfully-obtained content for personal use.
The right of private copying throughout Europe was established in the European Union Copyright Directive of 2001, but the EU Member States’ implementations of private copying vary widely — as do the levies that makers of consumer electronics and blank media have to pay to copyright collecting societies in many countries on the presumption that consumers will make private copies of copyrighted material. Private copying was originally intended to apply to such straightforward scenarios as photocopying of text materials or taping vinyl albums onto cassette. But nowadays, cloud storage services, cyberlockers, and “cloud sync” services for music files — some of which allow streaming from the cloud or access to content by users other than those who uploaded the content — are coming into view regarding private copying.
The result is a growing amount of controversy among collecting societies, consumer electronics makers, retailers, and others; meanwhile the European Commission is seeking ways to harmonize the laws across Member States amid rapid technological change. Our panel will discuss these issues and consider whether there’s a rational way forward.
We have slots open for a chair and speakers on this panel; I will accept proposals through July 31. Please email your proposal(s) with the following information:
- Speaker’s name and full contact information
- Chair or speaker request?
- Description of speaker’s experience or point of view on the panel subject
- Brief narrative bio of speaker
- Contact info of representative, if different from speaker*
Finally, back over here across the Atlantic, I’ll note an interesting new development in the Aereo case that hasn’t gotten much press since the Supreme Court decision in the case a couple of weeks ago. Aereo had claimed that it had “bet the farm” on a court ruling that its service was legal and that “there is no Plan B,” implying that it didn’t have the money to pay for licenses with television networks. Various commentators have noted that Aereo wasn’t going to have much leverage in any such negotiations anyway.
As a result of the decision, Aereo has changed tactics. In the Supreme Court’s ruling, Justice Breyer stated that Aereo resembled a cable TV provider and therefore could not offer access to television networks’ content without a license. Now, in a filing with the New York district court that first heard the case, Aereo is claiming that it should be entitled to the statutory license for cable TV operators under section 111 of the copyright law, with royalty rates that are spelled out in 17 U.S.C § 111(d)(1).
In essence, Aereo is attempting to rely on the court for its negotiating leverage, and it has apparently decided that it can become a profitable business even if it has to pay the fees under that statutory license. Has Barry Diller — or another investor — stepped in with the promise of more cash to keep the company afloat? Regardless, in pursuing this tactic, Aereo is simply following the well-worn path of working litigation into a negotiation for a license to intellectual property.
*Please note that personal confirmation from speakers themselves is required before we will put them on the program.
Supreme Court’s Aereo Decision Clouds the Future July 3, 2014Posted by Bill Rosenblatt in Law, United States, Video.
add a comment
The Supreme Court has rendered various decisions that serve as rules of the road for the treatment of copyrighted works amid technological innovation. Universal v. Sony (1984) established the legality of “time shifting” video for personal viewing as well as the “substantial noninfringing uses” standard for new technologies that involve digital media. MGM v. Grokster (2005) took the concept of “inducing infringement” from patent law and applied it to copyright, so that services that directly and explicitly benefit from users’ infringement could be held liable. UMG v. Veoh (2011) taught that network service operators have no duty to proactively police their services for users’ infringements. These rulings are reasonably clear signposts that technologists can follow when contemplating new products and services.
Unfortunately, Justice Stephen Breyer’s ruling last week in ABC v. Aereo won’t be joining that list. He ruled against Aereo in a 6-3 majority that united the Court’s liberals and moderates. Justice Antonin Scalia’s forceful dissent described the problems that this decision will create for services in the future.
Several weeks ago, at the Copyright Clearance Center’s OnCopyright conference in NYC, Rick Cotton — former General Counsel of NBC Universal — predicted that the Supreme Court would come down against Aereo in a narrow decision that would avoid impact on other technologies. He got it right in terms of what Justice Breyer may have hoped to accomplish, but not in terms of what’s likely to happen in the future.
Instead of establishing principles that future technology designers can rely on, the Court simply took a law that was enacted almost 40 years ago to apply to an old technology, determined that Aereo resembles that old technology, and concluded that therefore the law should apply to it. The old technology in question is Community Access Television (CATV) — transmissions of broadcast television over cable to reach households that couldn’t receive the broadcasts over the air.
Justice Breyer observed that Congress made changes in the copyright law, with the Copyright Act of 1976, in order to stop CATV providers from being able to “free ride” on broadcast TV signals; he found that that Aereo was similarly free-riding and therefore ought to be subject to the same law.
Just in terms of functionality, the decision makes little sense: CATV was created to enable broadcast television to reach new audiences, while Aereo (nominally, at least) enabled an existing audience for broadcast TV to watch it on other devices and in other locations. In that respect, Aereo is more like the “cloud sync” services for music like DoubleTwist and MP3Tunes that popped up in the late 2000s, which automatically copied users’ MP3 music files and playlists across all of their devices. More on that analogy later.
More broadly, the Court’s decision is unlikely to be helpful in guiding future technologies; all it offers is a “does it look like cable TV?” test based on fact-specific interpretations of the public performance right in copyright law. Justice Breyer claimed that his opinion should not necessarily have implications for cloud computing and other new technologies, but that doesn’t make it so.
As Justice Scalia remarked in his dissent, “The Court vows that its ruling will not affect cloud-storage providers and cable television systems … , but it cannot deliver on that promise given the imprecision of its result-driven rule.” Justice Scalia felt that Aereo exploited a loophole in the copyright law but that it should be up to Congress instead of the Supreme Court to close it.
In fact, Justice Scalia agreed with the Court’s opinion that Aereo probably violates copyright law. But he stated that the decision the Court was called upon to make — regarding Aereo’s direct infringement liability and whether the TV networks’ request for a preliminary injunction should be upheld — wasn’t an appropriate vehicle for determining Aereo’s copyright liability, and that the Court should have left well enough alone. Instead, Justice Scalia offered that Aereo should be more properly held accountable based on secondary liability — just as the Court did in Grokster — and that a lower court could well reach such a finding later in the case after the preliminary injunction issue had been settled.
Secondary liability means that a service doesn’t infringe copyrights itself but somehow enables end users to do so. Of course there have been many cases where copyright owners have sued tech companies on the basis of secondary liability and forced them to go out of business (e.g., Napster, LimeWire), but there have been many others where lawsuits (or threats of lawsuits) have resulted in mutually beneficial license agreements between copyright owners and the technology companies.
And that brings us back to “cloud sync” services for music. DoubleTwist was built by Jon Lech Johansen, who had become notorious for hacking the encryption system for DVDs in the late 1990s. MP3Tunes was developed by Michael Robertson, who was equally notorious for his original MP3.com service. Cloud sync services enabled users to make copies of their music files without permission and didn’t share revenue (e.g., from advertising or premium subscriptions) with copyright owners. DoubleTwist, MP3Tunes, and a handful of similar services became moderately popular. In addition to their functionality, what MP3Tunes and DoubleTwist had in common was that they were developed by people who had first built blatantly illegal technology and then sought ways to push the legal envelope more gently.
Later on, Amazon, Apple, and Google followed the same latter path. They built cloud sync capabilities into their music services (thereby rendering small third-party services like DoubleTwist largely irrelevant). Amazon and Google launched their cloud sync capabilities without taking any licenses from record companies; record companies complained; confidential discussions ensued; and now everyone’s happy, including the consumers who use these handy services. (Apple took a license for its iTunes Match feature at the outset.)
The question for Aereo is whether it’s able to have such discussions with TV networks; the answer is clearly no. The company never entertained the possibility that it would have to (“there is no Plan B“), and its principal investor, video mogul Barry Diller, isn’t going to pump more money into the company to pay for licenses.
Of course, TV networks are cheering the result of the Supreme Court’s decision in Aereo. But it doesn’t help them in the long run if the rules of the road for future technologies are made cloudier instead of clearer. And Aereo would eventually have been doomed anyway if Justice Scalia had a majority.
Disney and Apple’s UV FUD March 26, 2014Posted by Bill Rosenblatt in Business models, Technologies, United States, Video.
add a comment
Last month Disney launched Disney Movies Anywhere, a service that lets users stream and download movies from Disney and associated studios on their Apple iOS devices. You can purchase movies on the site or from the App Store app and stream them to any iPhone, iPad, or iPod Touch. You can also get digital copies and streaming access with purchases of selected DVDs and Blu-ray discs. And you can connect your iTunes account to your Disney Movies Anywhere account so that you can gain similar streaming and download access to your existing Disney iTunes purchases.
A couple of things about Disney Movies Anywhere are worth discussing. First, this is yet more evidence of the strong bond between Disney and Apple, a relationship formed when Disney acquired Pixar from Steve Jobs, who became a Disney board member and the company’s largest shareholder.
More particularly, this service is a way for Apple to experiment with video streaming services without attaching its own brand name. Disney Movies Anywhere works with only iOS devices, and there’s little indication that it will add support for Android or other platforms. For whatever reason, Apple has shied away from streaming media services until quite recently (with iTunes Radio and the latest iteration of Apple TV).
More importantly, Disney Movies Anywhere is the first implementation of Disney’s KeyChest — a rights locker architecture that is similar to UltraViolet, the technology backed by the other five major Hollywood studios. The idea common to both KeyChest and UltraViolet is that when you purchase a movie, you’re actually purchasing the right to download or stream it from a variety of sources; the rights locker maintains a record of your purchase.
One of the main motivations behind UltraViolet was to prevent content distributors or consumer electronics makers from dominating the economics of the digital video supply chain in the way that Apple dominated music downloads (and Amazon may dominate e-books), and thus from being able to dictate terms to copyright owners. By making it possible for users to buy digital movies from one retailer and then download them in other formats from other retailers, the five studios hoped to create a level playing field among retailers as well as interoperability for users. UltraViolet has several retail partners, including Target, Walmart (VUDU), and Best Buy (CinemaNow).
The problem with these technology schemes is that it is very hard to make them into universal standards. Just about every software technology we use settles down to twos or threes. In operating systems, it’s all twos: Windows and Mac OS for desktops and laptops; Android and iOS for mobile devices; Unix/Linux and Windows for servers. Other markets are similar: in relational databases it’s Oracle/MySQL (Oracle Corp.), DB2 (IBM), and SQL Server (Microsoft); in music paid-download formats it’s MP4-AAC (Apple) and MP3 (Amazon); in e-books (in the US, at least) it’s Amazon, Barnes & Noble, and Apple iBooks. Antitrust law prevents a single technology from dominating too much; market complexity prevents more than a handful from becoming roughly equal competitors.
It would be a shame if this also became true for rights lockers for movies and TV shows. It does not help the studios if consumers get one flavor of “interoperability” for movies from all but one major studio and another flavor for movies from Disney. Disney surely remembers the less-than-stellar success of its last solo venture into digital movie distribution: MovieBeam, which launched around 2004 and lasted less than four years.
And that brings us back around to Apple. The only plausible explanation for this bifurcation is that Apple is really in charge here. UltraViolet is not just an “every studio but Disney” consortium; it is also an “every technology company but Apple” initiative. The list of technology companies participating in UltraViolet is huge, though Microsoft occupies a particularly important role as the source of the UltraViolet file format and the first commercial DRM to be approved for use with the system. In other words, the KeyChest/UltraViolet dichotomy is shaping up to look very much like Apple vs. the Microsoft-led Windows ecosystem, or Apple vs. the Google-led Android ecosystem.
Still, the market for digital video is still in relatively early days, and things could change quite a bit — especially if consumers are confused by the choices on offer. (Coincidentally, there’s a good overview of this confusion and its causes in today’s New York Times.) UltraViolet is enjoying only modest success so far — compared, say, to Netflix or iTunes — and the introduction of Disney Movies Anywhere is unlikely to help make rights lockers any clearer to consumers.
In that respect, the UltraViolet/KeyChest dichotomy also has a precedent in the digital music market. Back in 2001-2002, the (then) five major record labels lined up behind two different music distribution platforms: MusicNet and pressplay. MusicNet was backed by Warner Music Group, EMI, BMG, and RealNetworks, while pressplay was backed by Sony Music and Universal Music Group. MusicNet was a wholesale distribution platform that made deals with multiple retailers; pressplay was its own retailer. In other words, MusicNet was UltraViolet, while pressplay was Disney Movies Anywhere. Yet neither one was successful; both suffered from over-complexity (among other things). Apple launched the much easier to use iTunes Music Store in 2003, and few people remember MusicNet or pressplay anymore.*
In other words, there are still opportunities for new digital video models to emerge and disrupt the current market. And consumer confusion is a great way to hasten the disruption.
*The two music platforms did survive, in a way: MusicNet is now MediaNet, a wholesaler of digital music and other content with many retail partners; pressplay was sold to Roxio, rebranded as Napster (the legal version), and resold to Rhapsody, where it still exists under the Napster brand name outside of the US.
MovieLabs Releases Best Practices for Video Content Protection October 23, 2013Posted by Bill Rosenblatt in DRM, Standards, Video.
As Hollywood prepares for its transition to 4k video (four times the resolution of HD), it appears to be adopting a new approach to content protection, one that promotes more service flexibility and quicker time to market than previous approaches but carries other risks. The recent publication of a best-practices document for content protection from MovieLabs, Hollywood’s R&D consortium, signals this new approach.
In previous generations of video technology, Hollywood studios got together with major technology companies and formed technology licensing entities to set and administer standards for content protection. For example, a subset of the major studios teamed up with IBM, Intel, Microsoft, Panasonic, and Toshiba to form AACS LA, the licensing authority for the AACS content protection scheme for Blu-ray discs and (originally) HD DVDs. AACS LA defines the technology specification, sets the terms and conditions under which it can be licensed, and performs other functions to maintain the technology.
A licensing authority like AACS LA (and there are a veritable alphabet soup of others) provides certainty to technology implementation including compliance, patent licensing, and interoperability among licensees. It helps insulate the major studios from accusations of collusion by being a separate entity in which at most a subset of them participate.
As we now know, the licensing-authority model has its drawbacks. One is that it can take the licensing authority several years to develop technology specs to a point where vendors can implement them — by which time they risk obsolescence. Another is that it does not offer much flexibility in how the technology can adapt to new device types and content delivery paradigms. For example, AACS was designed with optical discs in mind at a time when Internet video streaming was just a blip on the horizon.
A document published recently by MovieLabs signals a new approach. MovieLabs Specification for Enhanced Content Protection is not really a specification, in that it is in nowhere near enough detail to be usable as the basis for implementations. It is more a compendium of what we now understand as best practices for protecting digital video. It contains room for change and interpretation.
The best practices in the document amount to a wish list for Hollywood. They include things like:
- Techniques for limiting the impact of hacks to DRM schemes, such as requiring device as well as content keys, code diversity (a hack that works on one device won’t necessarily work on another), title diversity (a hack that works with one title won’t necessarily work on another), device revocation, and renewal of protection schemes.
- Proactive renewal of software components instead of “locking the barn door after the horse has escaped.”
- Component technologies that are currently considered safe from hacks by themselves, including standard AES encryption with minimum key length of 128 and version 2.2 or better of the HDCP scheme for protecting links such as HDMI cables (earlier versions were hacked).
- Hardware roots of trust on devices, running in secure execution environments, to limit opportunities for key leakage.
- Forensic watermarking, meaning that content should have information embedded in it about the device or user who requested it.
Those who saw Sony Pictures CTO Spencer Stephens’s talk at the Anti-Piracy and Content Protection Summit in LA back in July will find much of this familiar. Some of these techniques come from the current state of the art in content protection for pay TV services; for more detail on this, see my whitepaper The New Technologies for Pay TV Content Security. Others, such as the forensic watermarking requirement, come from current systems for distributing HD movies in early release windows. And some result from lessons learned from cracks to older technologies such as AACS, HDCP, and CSS (for DVDs).
MovieLabs is unable to act as a licensor of standards for content protection (or anything else, for that matter). The six major studios set it up in 2005 as a movie industry joint R&D consortium modeled on the cable television industry’s CableLabs and other organizations enabled by the National Cooperative Research Act of 1984, such as Bellcore (telecommunications) and SEMATECH (semiconductors). R&D consortia are allowed, under antitrust law, to engage in “pre-competitive” research and development, but not to develop technologies that are proprietary to their members.
Accordingly, the document contains a lot of language intended to disassociate these requirements from any actual implementations, standards, or studio policies, such as “Each studio will determine individually which practices are prerequisites to the distribution of its content in any particular situation” and “This document defined only one approach to security and compatibility, and other approaches may be available.”
Instead, the best-practices approach looks like it is intended to give “signals” from the major studios to content protection technology vendors, such as Microsoft, Irdeto, Intertrust, and Verimatrix, who work with content service providers. These vendors will then presumably develop protection schemes that follow the best practices, with an understanding that studios will then agree to license their content to those services.
The result of this approach should be legal content services for next-generation video that get to market faster. The best practices are independent of things like content delivery modalities (physical media, downloads, streaming) and largely independent of usage rules. Therefore they should enable a wider variety of services than is possible with the traditional licensing authority paradigm.
Yet this approach has two drawbacks compared to the older approach. (And of course the two approaches are not mutually exclusive.) First is that it jeopardizes the interoperability among services that Hollywood craves — and has gone to great lengths to preserve in the UltraViolet standard. Service providers and device makers can incorporate content protection schemes that follow MovieLabs’ best practices, but consumers may not be able to interoperate content among them, and service providers will be able to use content protection schemes to lock users in to their services. In contrast, many in Hollywood are now nostalgic for the DVD because, although its protection scheme was easily hacked, it guaranteed interoperability across all players (at least all within a given geographic region).
The other drawback is that the document is a wish list provided by organizations that won’t pay for the technology. This means that downstream entities such as device makers and service providers will treat it as the maximum amount of protection that they have to implement to get studio approval. Because there is no license agreement that they have to sign to get access to the technology, the downstream entities are likely to negotiate down from there. (Such negotiation already took place behind the scenes during the rollout of Blu-ray, as player makers refused to implement some of the more expensive protection features and some studios agreed to let them slip.)
Downstream entities are particularly likely to push back against some of MovieLabs’s best practices that involve costs and potential impairments of the user experience; examples include device connectivity to networks for purposes of authentication and revocation, proactive renewal of device software, and embedding of situation-specific watermarks.
Surely the studios understand all this. The publication of this document by MovieLabs shows that Hollywood is willing to entertain dialogues with service providers, device makers, and content protection vendors to speed up time-to-market of legitimate video services and ensure that downstream entities can innovate more freely. How much protection will the studios will ultimately end up with when 4k video reaches the mainstream? It will be very interesting to watch over the next couple of years.
Comcast Adds Carrots to Sticks August 9, 2013Posted by Bill Rosenblatt in Fingerprinting, Services, Video.
1 comment so far
Variety magazine reported earlier this week that Comcast is developing a new scheme for detecting illegal file downloads over its Internet service. When it detects a user downloading content illegally, it will send a message to the user with links to legal alternatives, including from sources that aren’t Comcast properties. This scheme would be independent of the Copyright Alert System (CAS) that launched in the United States earlier this year.
What a difference the right economic incentives make. Comcast has significant incentive for offering carrots instead of sticks: it owns NBC Universal, a major movie studio and TV network. This means that Comcast has incentives to protect content revenue, even if it comes from third parties like iTunes, Netflix, or Amazon. In addition, if Comcast protects its own network from infringers, it has a stronger position from which to negotiate content distribution deals for its own Xfinity-branded services from other major studios.
Comcast will most likely use the same monitoring services as content owners — like NBC Universal, whose people are collaborating on the design of this (as yet unnamed) system — use to detect allegedly infringing downloads. It will be able to send messages to users in close to real time — in contrast to CAS, which processes data about detected downloads through a third party before they get sent to users.
This scheme is reminiscent of one of the earliest uses of fingerprinting technologies in a commercially licensed service: around 2005, a P2P file-sharing network called iMesh cut a deal with the major record labels (or at least some of them). They would allow iMesh to operate its network with audio fingerprinting (supplied by Audible Magic, still a leader in the field). The fingerprinting technology would detect attempts to upload copyrighted music to the network and block them. Instead, iMesh offered copyrighted music files supplied by the labels, encrypted with DRM, for purchase. Given that several other P2P file-sharing networks (such as LimeWire) continued to operate at the time without such restrictions, iMesh wasn’t much of a success.
Comcast is hoping to get other ISPs to adopt similar schemes, presumably both as a service to major content owners and in hopes that this anti-piracy feature doesn’t drive users to its competitors. But that gambit is unlikely to succeed. Of the four other major ISPs in the US — AT&T, Cablevision, Time Warner Cable, and Verizon — none are corporate siblings to major content owners. (Time Warner Cable was spun off from Time Warner in 2009, though it retains the name.) In other words, they won’t have the right incentives.
In contrast, France’s HADOPI scheme is supposed to steer people to legal alternatives by simply giving those services a “seal of approval” that they can use themselves. What Comcast has in mind ought to be more effective. In the world of movies and TV shows, it would be that much more effective if legal services were to offer content with anything like the completeness of record label catalogs offered through legal music services. But that’s another story for another day.
Content Protection for 4k Video July 2, 2013Posted by Bill Rosenblatt in DRM, Technologies, Video, Watermarking.
As Hollywood adepts know, the next phase in picture quality beyond HD is something called 4k. Although the name suggests 4k (perhaps 4096) pixels in the vertical or horizontal direction, its resolution is actually 3840 × 2160, i.e., twice the pixels of HD in both horizontal and vertical directions.
4k is the highest quality of image actually captured by digital cinematography right now. The question is, how will it be delivered to consumers, in what timeframe, and how will it be protected?
Those of us who attended the Anti-Piracy and Content Protection Summit in LA last week learned that the answer to the latter question is unknown as yet. Spencer Stephens, CTO of Sony Pictures, gave a brief presentation explaining what 4k is and outlining his studio’s wish list for 4k content protection. He said that it was an opportunity to start fresh with a new design, compared to the AACS content protection technology for Blu-ray discs, which is 10 years old.
This is interesting on a couple of levels. First, it implies that the studios have not predetermined a standard for 4k content protection; in contrast, Blu-ray discs were introduced in the market about three years after AACS was designed. Second, Stephens’s remarks had the flavor of a semi-public appeal to the community of content protection vendors — some of which were in the audience at this conference — for help in designing DRM schemes for 4k that met his requirements.
Stephens’s wish list included such elements as:
- Title-by-title diversity, so that a technique used to hack one movie title doesn’t necessarily apply to another
- Requiring players to authenticate themselves online before playback, which enables hacked players to be denied but makes it impossible to play 4k content without an Internet connection
- The use of HDCP 2.2 to protect digital outputs, since older versions of HDCP have been hacked
- Session-based watermarking, so that each 4k file is marked with the identity of the device or user that downloaded it (a technique used today with early-window HD content)
- The use of trusted execution environments (TEE) for playback, which combine the security of hardware with the renewability of software
From time to time I hear from startup companies that claim to have designed better technologies for video content protection. I tell them that getting studio approval for new content protection schemes is a tricky business. You can get studio technology executives excited about your technology, but they don’t actually “approve” it such that they guarantee they’ll accept it if it’s used in a content service. Instead, they expect service providers to propose the technology in the context of the overall service, and the studios will consider providing licenses to their content in that broader context. And of course the studios don’t actually pay for the technology; the service providers or consumer device makers do.
In other words, studios “bless” new content protection technologies, but otherwise the entire sales process takes place at arms’ length from the studios. In that sense, the studios act somewhat like a regulatory agency does when setting guidelines for compliance with a regulation such as HIPAA and GLB (for information privacy in healthcare and financial services respectively). The resulting technology often meets the letter but not the spirit of the regulations.
In this respect, Stephens’s remarks were a bit of fresh air. They are an invitation to more open dialog among vendors, studios, and service providers about the types of content protection that they may be willing to implement when it comes time to distribute 4k content to consumers.
In the past, such discussions often happened behind closed doors, took the form of unilateral “unfunded mandates,” and/or resulted in implementations that plainly did not work. As technology gets more sophisticated and the world gets more complex, Hollywood is going to have to work more closely with downstream entities in the content distribution chain if it wants its content protected. Spencer Stephens’s presentation was a good start in that direction.
Copyright Alert System Launches in U.S. February 25, 2013Posted by Bill Rosenblatt in Fingerprinting, Law, Music, Video.
With today’s launch of the Copyright Alert System (CAS) by the Center for Copyright Information, the United States joins the list of countries that have adopted a so-called graduated response system for educating Internet users about online copyright infringement and taking steps to punish repeat offenders. The CAS is finally launching after a few months’ delay, part of which was supposedly due to the effects of Sandy, the mega-storm that hit the northeast U.S. late last year. Other graduated response countries include France, New Zealand, and South Korea; the United Kingdom is currently struggling with its own implementation.
The CAS is a partnership between music and video content owners on the one hand and major ISPs on the other. The content owner representatives include not just the majors (RIAA and MPAA) but also the Independent Film and Television Alliance (IFTA) and American Association of Independent Music (A2IM). On the ISP side, membership includes the five largest providers: AT&T, Verizon, Time Warner Cable, Comcast, and Cablevision. Book and game publishers are not involved at this point.
The CAS is run by Jill Lesser, a tech policy veteran with deep experience on both the content and ISP sides. It has an advisory board whose principal function seems to be to curb abuses: it includes advocates for looser copyright laws (Gigi Sohn of Public Knowledge) and user privacy (Jules Polonetsky of the Future of Privacy Forum).
The CAS works similarly to other graduated response regimes: copyright owners employ infringement monitoring services, which can identify copyrighted works as users send them around the Internet using fingerprinting and other content recognition technologies. The monitoring services send notices to ISPs, which issue warning messages to users. The warnings get stronger with repeat infringements.
ISPs can opt to punish repeat alleged offenders by such means as throttling bandwidth and making users watch videos about copyright. (ISPs already have policies for terminating repeat infringers’ accounts, which they must have in order to maintain their eligibility for the DMCA safe harbor.)
Where the CAS differs from other graduated response systems is that it is not tied to law enforcement. The arrangement between content owners and ISPs is voluntary. ISPs will not terminate or suspend users’ Internet accounts, nor will they pass information about infringements on to copyright owners. Another difference is that the CAS is not being funded through taxes or levies on Internet service (although funding sources are confidential).
In other words, the CAS is a more purely educational approach than France’s HADOPI or other systems. Analysis of the CAS’s results will therefore be more useful in determining how successful education by itself can be in getting people to respect copyright. The hope is that education will do more than draconian statutory damages or blunt-instrument legislation.
Given how little effect those approaches have had, it may not be difficult to declare the Copyright Alert System a relative success in the years to come. As it is now, it seems like quite a reasonable system: it raises awareness about the importance of copyright by using advanced Internet technologies instead of relegating enforcement to outmoded nontechnical legal means; it is permeated with references to legal content sources; and it doesn’t cost users a thing.