It is for good reason that video services like Netflix, Hulu, Google Play Movies and Amazon Prime Video don’t allow some smartphones¹ to stream movies or TV shows at higher resolutions. Digital Rights Management (DRM) is built into many devices and protects these services with this lockout in order to discourage piracy of these video files from illegal download and redistribution. For those media companies operating in the online streaming space, the Google-owned DRM system Widevine Level 3 (L3) is a well-known commodity in the battle against content theft, but as this article underscores, it is not effective when used on its own. Enter watermarking technology, which must go hand-in-hand with DRM, with the two systems working together to provide complete protection.
L3 is also Widevine’s least secure security level. Used in many devices playing back media the L3 security executes in software, not hardware, making it reversible and bypassable. For example: by hijacking calls in web browsers’ Encrypted Media Extensions (EME) Widevine’s content keys can be decrypted and streams using L3 can play back incredibly easily.
Obviously Friend MTS doesn’t provide DRM solutions for customers, but we do care passionately that DRM is a key component of a service’s anti-piracy solution. You shouldn’t do subscriber-level watermarking until you have DRM robustly in place. Also DRM is not a ‘set and forget’ – so you have to continually review your anti-piracy solution as pirates adapt. For example: security advisories from DRM providers need to be taken seriously and action must be taken in a timely manner.
This vulnerability that allows media encryption keys to be disclosed has prompted an interesting and entirely expected response from many: that the solution is not in trusting the client device, but in adding server-side, edge-switched subscriber watermarking.
As CEO of the company that’s behind the world’s most deployed and actively used subscriber watermarking system, one would expect my company to join the bandwagon in promoting the technology in a moment of limelight. After all, we’re active daily in millions of devices and performing millions of extractions a month for companies worldwide. However, nothing could be further from the truth.
Friend MTS takes a fundamentally different approach to content protection, in that we are as focused as much on the outcome as we are on the technology to achieve it. It’s not enough for us to make snazzy sales pitches about how our smarts and our tech alone are the solution to all your piracy woes.
Instead, we delve inside and find out what’s really going on. In fighting content theft, much like playing the game of chess, we seek to understand not just what pirates are doing right now, but what their next move will be, and the move after that.
So, rather than immediately react to this disclosure by trying to convince prospects that we have the goose that laid the golden egg, and revel in a short-term gain, we’re looking at it differently. We’re using this opportunity to remind everyone that expecting watermarking alone to provide any semblance of security without properly securing the media transmission with a sound implementation of DRM is a foolish notion. What’s needed is an up front strategy to secure content, that integrates DRM, watermarking/monitoring and player security to produce a real solution to the problem of content piracy as highlighted in the following series of How To Trust Your Player articles and Fireside Chats.
DRM and watermarking – and indeed all security technologies – are complex systems that from time to time will be subject to successful attacks. The iterative ‘cat and mouse’ nature of circumventing circumvention is inherent in all security. While safety nets are a useful backup, one needs to be circumspect about the robustness of that net and carefully evaluate how much safety it actually provides.
Watermarking and DRM set out to solve fundamentally different problems, but they’re nevertheless very interconnected as noted in our Beyond DRM Article Series. DRM’s goal is to ensure that playback is possible only by authorised/legitimate customers, on legitimate playback devices and/or in legitimate playback software. Watermarking protects from that point onwards, where content thieves take content from a legitimate player by whatever means, and retransmit it into unauthorised (aka pirate) services.
Yes, as much as one might think that DRM prevents unauthorised capture/retransmission, it’s also unrealistic to expect that watermarking will in any way protect the playback. Further, one is sorely wrong in expecting that watermarking will continue to provide protection if the DRM is compromised. The two systems must work together to provide complete protection, and the failure of either one will let the other side down.
Those setting out to steal your content are sophisticated and skilful. They can and will analyse and identify weaknesses in security schemes. As logical and elegant as a technology, technique or system may seem, it’s critical to ask about where that technology, technique or system is and has been deployed, how it has held up against real-world attacks, and what adaptations have taken place to maintain security through recent phases.
Understand that there’s no such thing as an attack-proof security system. The mark of an expert in content protection is as much in how they react when the inevitable happens as in the design of their product in the first place.
So, as attractive as claims about server-side, edge-switched, A/B variant and substitution watermarking may be (see Watermarking Quick Facts Sheet), with far-reaching claims about working to protect against piracy even with unmodified players/devices or compromised DRM systems, stop for a moment and think. If you’re serious about the security of your content, and your revenue, take a step back and investigate further. As much as I would love to shout from the rooftops about how the world needs our technology, the reality is that you need DRM, watermarking and monitoring to be working to provide the safety that you require.
¹devices known to have root compromises.
Friend MTS Limited
Eleven Brindleyplace, 2 Brunswick Square
UK: +44 121 633 5750
US: +1 267 382 4280
© 2020 Friend MTS Limited | All Rights Reserved