Content Security Vendors Fight Digital Pirates

The Internet is a sea of skirmishes between owners of copyrighted digital content and those who build software to reproduce and distribute that content without the permission of the owners. The content owners--music companies, e-book distributors and movie studios--have an ally in the battle for protecting their content. They are increasingly turning to digital content security vendors, companies that create digital rights management (DRM) software and digital watermarking systems. IP mediation vendors, too, are quickly learning there is a role for them in tracking users, managing service level agreements and measuring quality of service to determine premiums and discounts. Those mediation vendors can also help verify payment and gather customer information that helps content providers manage bandwidth as well as track the distribution of unauthorized content.

Where the Battle Begins

To understand why online content providers are worried about unauthorized copying of their content, one must first take a look at human behavior.

If you’ve ever rented a video from a local video store, chances are you’ve seen that FBI warning against copying the video. But there you are, sitting on the couch, as your second VCR records away. Unless you plan on opening a bootleg video store, however, chances are you won't get in trouble for recording the video.

In fact, the person most likely to sell pirate videos is the video storeowner himself. The Motion Picture Association of America (MPAA) has said the most prevalent form of copyright piracy in the United States is the back-to-back copying of videocassettes. It estimates that 10 percent of the 25,000 to 35,000 video retail outlets in the United States deal in pirated videocassettes, stealing more than $250 million from movie studios.

So now, fast-forward to the controversy over the Napster Internet peering program, which lets anyone download music without paying a penny to the musicians and producers who wrote, performed, recorded and distributed the music. The software, written in a matter of months, created a “subscriber” base of astounding proportions: at last count, the service had at least 40 million users. The music industry battled Napster in court to halt the service, which the industry says is costing it millions in lost sales. Individual bands, most notably Metallica, have hired a company that developed a bounty hunter program that rides through the Internet and identifies users who illegally download the band’s music.

Fahrenheit Entertainment, which distributes country music recordings, plans to begin selling copyright-protected CDs later this year by using encryption technology from SunComm, a company based in Phoenix. If it works, SunComm’s technology would be the first to stop the copying of CDs and their free distribution over the Internet. Nearly all of the music shared on the Internet through Napster and other sites comes from CDs, which are copied (or “ripped”) as MP3 files. Other music distributors have tried anti-piracy software to protect CDs, most notably BMG Germany. But the company halted the project last year after customers complained that CDs embedded with the technology wouldn’t work on their players.

The Secure Digital Music Initiative, which includes the Big Five music distributors, is developing standards for digital watermarks installed on CDs that would let copyright holders trace illegal copies. The group also wants to create devices that refuse to play unauthorized copies. But for the most part, CDs remain unprotected, especially those sold in retail outlets.

Content Security Vendors Have Growing Opportunity

The theft of online copyrighted material—whether from DVDs, CDs or the nascent Web streaming industry—is creating fertile ground for content protection developers. Such software, which includes DRM systems, digital watermarking and other technology—will eventually do more than block the unauthorized from gaining access. Developers are working out ways to record usage, and if integrated with mediation systems, determine payments in the value chain. Some content protection systems will send automated warnings to would-be pirates who grab content off a peering network. In some cases, content providers can send their content to the DRM vendor, which then encrypts the content and assigns each customer a key that enables the user to decrypt and download the music or video. Protecting copyrighted online streaming content is for the most part in the development stages, says Alan Weintraub, research director for GartnerGroup.

“DRM for video streaming is so immature right now, only a handful of vendors have implementations out there,” Weintraub says. “There aren’t a lot of substantial dollars right now. This year has been a year of education. Very few are using video DRM.”

Pirating Internet Video: The New Frontier

What Napster accomplished in the music industry is now possible in the online video market. End users, equipped with similar peering software, can capture and distribute copyrighted streaming videos. Knowing the damage that Napster (and the similar Gnutella network) wreaked on the music industry, the MPAA has vowed to battle streaming piracy through lawsuits and, eventually, through the use of DRM technology.

Jack Valenti, head of the MPAA, has been less than timid in his war against content pirates. “If we have to file a thousand lawsuits a day, we’ll do it. It’s less expensive than losing control of your creative networks.” At least that’s how he’s quoted on the InfoAnarchy.com site.

The entertainment industry pegs its legal arguments on the 1998 Digital Millennium Copyright Act (DMCA). The federal law prohibits the “manufacturing, importing or offering to the public, providing or otherwise trafficking” in an unlawful circumvention device. In short, if it can beat the software and give users unauthorized access to protected digitized material, it’s illegal. And the movie and music recording studios continue to lobby Congress to toughen the DMCA for newer Internet realities.

A ‘Konspiracy’?

A sampling of the names of video swapping sites—Scour, Konspire and Ohaha—offer a glimpse of the peering community’s philosophy. Using a similar version of peering software used to manipulate MP3 files, users at PCs can download video content from other users’ PCs without buying licensing rights. So far, Warner Brothers, Disney, Universal and other studios are not ready to stream full-length feature films to the home over broadband and charge for them. “People want to be able to access movies over the Internet, and we and along with other studios plan to give them the chance,” says an attorney for a major movie studio. “The position that we take is that there is consumer interest and we want to provide a secured, legitimate and easy- to-use means to satisfy that interest.”

But DVDs of the studios’ copyrighted movies have fallen victim to DeCSS, a software utility that lets users decrypt DVD content and distribute it at will over the Internet.

Another technology, DivX, lets users at PCs download compressed, high-quality movies from the Web in just a few hours, compared to the full day required when using a dial-up connection. And because these movies are digitized, they can be copied thousands of times without losing their original quality. These video pirate software programs are bad news for the studios that want to protect streaming content, such as first-run movies and other feature films they hope to eventually deliver to the home over broadband.

Billing and DRM Closely Tied

“The areas of DRM and billing are really closely tied,” says Sanjay Swamy, senior director of market development at Portal. “The bottom line is people need to be paid royalties for their intellectual property. DRM allows you to protect that content so it can only be used within specific guidelines.” DRM systems, when tied to mediation systems, can be used to support various business models. For instance, the customer may order three movies and view them at leisure over 24 hours, order a single movie for one viewing, or pay a month’s subscription for unlimited access to a movie library.

Portal, which develops Infranet, partners with InterTrust Technologies Corp., developer of the MetaTrust utility, a DRM platform that InterTrust licenses to content providers, application builders, and financial and usage clearinghouses. Infranet supports the creation and management of customer accounts; development and pricing, and performs activity tracking, rating and billing. The two companies support Magex, a DRM clearinghouse in Britain.

A Strategy for Controlling Access

According to Swamy, here’s how their integration works: The consumer goes to the content provider’s Web site and is presented several pricing plans: Order one movie for 24 hours for $6.95, pick three films for $15, etc. The customer enters a credit card number or other method of payment (the content provider may, upon a credit check, for instance, determine the customer is trustworthy enough to bill monthly). The payment is automatically entered into Portal’s Infranet billing system. The customer then chooses the content he wants, and Portal takes the payment for the content. Infranet then notifies the InterTrust system that the specific piece of content has been paid for. Armed with this information, InterTrust issues the license key and notifies Infranet that the license has been issued. Infranet can then make the remittances to streaming partners.

At this point, the customer can download the encrypted content using the encryption key, which is stored locally on the user’s PC. The download contains not just the encrypted content, but the key too, which performs the decryption. The DRM and billing systems sit at the DRM clearinghouse’s servers—in this case, Magex. The caching server is typically used to distribute the encrypted content files.

Maintaining a digital content customer billing information on servers is as important to customer service as it is in traditional telecommunications customer service operations. At 10 a.m., you’ve ordered your movies or music for the day, but your PC freezes and crashes at noon. Somehow your PC no longer contains the decryption key you need to access what you’ve paid for. “If the billing system has your information, you can call customer service, tell them what happened, and they can do a database dip and validate, authenticate and reissue a key,” Swamy says.

Billing Systems and Tracking SLAs

Billing vendors can also take advantage of the DRM market by developing functionality to manage and track service level agreements for content providers and content distributive networks, says Bob Bell, product strategist for Geneva. But such a task is not without challenges.

The terms and conditions associated with the QoS in each content event can vary, Bell says. And those variations—such as credits, surcharges and premiums—need to be factored into the rating and billing process, he says. For instance, a content provider may contract with a CDN for a specified level of bandwidth. One example, a streamed speech from a CEO to his company’s top investors. The CDN, which manages the network, sets those slots aside based on the SLA. But what happens when things don’t go as planned?

Bell explains: “Let’s say the host Web site plans to Webcast a speech to 50 people. The Web site sends an e-mail notice to 50 users that at 3 p.m., this CEO can be heard at a certain Web site. The Web site contracts with the streaming vendor to make that content available to 50 concurrent users.

“But let’s say 100 people attempt to make that connection. When the event is oversubscribed—beyond what was provisioned and what was agreed in the contract—instead of denying service, it often will be provided anyway.” The streaming host vendor can then impose a surcharge or a premium for accommodating the extra users. Mediation systems linked to the event have to match the SLA to what actually happens and determine and record the surcharge. Geneva’s mediation platform can also measure some QoS issues to determine whether users might be owed discounts or should pay a higher premium, Bell says.

One Key, One User?

“DRM is more than just encryption,” says Portal's Swamy. DRM systems can nab the person to whom the original user sends the music or video. “You can use digital watermarks, a packaging of business rules that let you determine if the key was tampered with, although it takes significant skill to mess with the key,” he says. “But it’s been done in the past. When author Steven King distributed his online serial “Riding the Bullet” in a secure Adobe Acrobat format, somebody broke the key and posted it on the Internet.” Other systems contain business rules that recognize when the PC user tries to send an MP3 file to another user. “If I try to send it to a friend, they click on it, and a Magex window pops up and says to the friend, ‘Here are our prices, you’re welcome to listen to it.’ It actually can help you grow your market, and you can make it a positive experience,” Swamy says.

Some messages aren’t so positive, however. Scour Exchange puts the responsibility for copyright infringement clearly in the laps of its peering partners—in other words, the person at the PC:

“You are ultimately responsible for the material you download. You are also ultimately responsible for the material you choose to upload and share with others. You are the one who will likely be principally liable for downloading and or sharing infringing material. [Scour Exchange] users are solely responsible for their conduct and for ensuring that it comports with all applicable laws, including all copyright laws. Failure by an SX user to comply with state, federal and/or foreign laws regarding copyrights and other intellectual property rights could expose such SX users to civil and criminal liability, including fines and jail time.”

Napster’s site also warns users of their copyright infringement liability, reserving the right to terminate the accounts of users who repeatedly infringe on the copyrights, or other intellectual property rights, of others.

Internet Bounty Hunters

But if peering downloaders think they’re safe to pirate a free MP3 file (or 20) in the privacy of their den, they’re wrong. NetPD.com, a digital copyright protection company, offers software that searches the Internet like a bounty hunter, sniffing out people who’ve downloaded copyrighted material. (Note: Another company called NetPD is not associated with the Napster controversy, as stated on its Web site). NetPD.com, the bounty hunter company, says it monitors more than “10 million illegal MP3 files on Web and FTP server sites, and another group of 40 million MP3 files held by Internet communities for which no royalties have been paid.”

Metallica hired NetPD.com to beat the bushes for anyone who downloaded its tunes. The band in May delivered 13 boxes of legal documents identifying the user names of people who allegedly made the band’s songs available online. The group demanded that Napster block those users from the music-sharing service. Though Napster cautioned that some users may have been mistakenly implicated, it still agreed to cut 317,700 members from the service.

But some bands and record labels consider sites like Napster and Gnutella as a great way to capture new listeners. For instance, Napster in December banned from its site subscribers who had downloaded Rage Against The Machine. When those fans tried to log on, they were directed to a site saying they had been identified as possible copyright infringers. In a twist that highlights the division in the music community about peering content software, Rage Against The Machine apologized to its fans and sought to have them reinstated to the service.

Added Ammunition: Digital Watermarks

Blue Spike, which develops the Giovanni electronic watermarking system, specializes not in encryption and decryption, but in embedding electronic tags into digital content. Because it’s embedded into the content itself, it requires no additional storage space. The message is usually quite small, often a short numbered identifier that can be mapped to any other kind of information—the composer’s name, the studio musicians who recorded the composition, or the name and e-mail of the consumer who bought a copy of the recording. Although invisible and inaudible, watermarks can be read by a computer with the proper decoding software. “The Giovanni system is essentially a watermarking cipher, which is key-based,” says Scott Moscowitz, Blue Spike’s CEO. “All security exists with the key. The embedding and the key generation are fairly open; it’s the art of hiding something in plain view. The reason we do this is that [the user] knows a particular piece of media has been tagged by our system, and any attempt to remove the tag leads to the degradation of the media itself.”

Digital watermarking has advantages over simply tagging identifiers and encrypting content, Moscowitz says. “You can put hundreds of watermarks in one song. In one video stream, you can put a thousand watermarks. You can embed thousands of pieces of information, such as for whom the content is intended, payment information, usage rights, duration, time stamp, and digital signatures.”

IP addresses in the watermarks are also effective in creating audit trails. “If you have a way of linking the activity of a particular user and the data the user is seeking, you’re closing on the audit trail,” he says. Giovanni also lets CDNs, through tagging the information through the stream, collect information on edge servers and determine network demand.

Battle Lines Still Drawn

In spite of the increasing sophistication of content protection software, programmers and proponents of a “free” Internet are hard at work. Wrapster, for instance, disguises file-sharing software for the Napster community by cloaking files in a legitimate looking MP3 header. This allows one to hide sensitive information in MP3 format, or transfer it using Napster, or store it on MP3 storage sites. UnWrapper is a program for Windows that allows users to then extract the Wrapster files.

Though the Wrapster site claims it has suspended further projects, for now, it has left its downloadable MP3 chameleon software available on its site.

As more software developers create peer-to-peer networks for the express purpose of exchanging copyrighted music, video and other content, entertainment companies aren’t about to give up their war of words, or legal challenges. Billing and mediation vendors have plenty of opportunities to enter the fray and make a little money.