If you want to know what keeps the Hollywood majors awake at night, it’s Internet piracy and illegal DVD-burning – particularly in Europe. Look no further than the European website of the Motion Picture Association of America.

“The key piracy issues in Europe are Internet piracy, particularly illegal downloading from P2P [peer-to-peer] systems, imports of pirate DVDs from Asia, the manufacture of pirate DVDs in Russia and their export to other European markets, and increased burning of DVD-Rs and CD-Rs in countries across the region.”

Internet piracy in Europe

In fact, the MPAA warns that “Internet piracy is growing at a faster rate in Europe than anywhere else worldwide.” They attribute this dire state of affairs to “rapid broadband take-up, weak laws in certain instances, and lenient public and official perceptions.” Note that pay-TV theft doesn’t even warrant a mention.

One might reasonably expect the studios to require a secure technical approach to content protection in the PC/Internet environment that mirrors the one required by pay-TV systems. Paradoxically, this does not appear to be the case.

Take as an example the emerging “legitimate” broadband movie downloading services operated by Europe’s two most prominent pay-TV operators, BSkyB and Canal+. The Hollywood studios happily allow variants of cardless systems such as the Microsoft Windows DRM to protect their premium movie content.

When is software security appropriate?

There is reason to be less concerned if it is only the content that is being protected and not the means of distribution. Hence a system to protect content stored on a device with no connections to the outside world might be able to afford to be relatively weak, whereas a satellite signal must be strongly protected.

It is abundantly clear that piracy of content on the Internet is a significant problem. In addition, the experience of software-based systems indicates that it would not be wise to enable copying between devices that are connected to the Internet without using that same connectivity to enhance the security of the system if it is not possible to use a hardware-based security solution.

Security for download services

It is strange that in the absence of any such security measures, Hollywood studios seem quite relaxed about the PC and Internet environment. Thus Canalplay, the download service offered by Canal+, uses a version of the Microsoft DRM to support the porting of downloaded movies to a portable media player (PMP). The same service supports a download-to-own model which allows the purchased movie to be recorded onto a DVD – a technological process which, according to the studios, embodies at least one of the most potent sources of film piracy -- DVD burning. Connect the PC to a peer-to- peer network and distribution is also enabled.

Following this logic of acceptability, if it’s permissible to copy content between a PC and a portable media player, then copying and distributing content from a set-top box would pose no problems for the studios.

In fact, no such digital copying facilities are offered by either BSkyB or Canal+ through their digital TV set-top boxes, despite the enabling technologies having been demonstrated by conditional access providers for several years. Indeed, in the world of pay-TV users may be barred from storing or recording content even on a VCR, let alone connecting a set-top box to a PC.

Whether or not this is at the studios’ insistence is anybody’s guess. But the evidence indicates that the major players in Hollywood exhibit unwarranted paranoia about premium content “leakage” from set-top boxes – when these devices appear to be far more controlled and protected than PCs which are connected to the Internet.

Take the issue of the “analog hole.” This is where a digital television set-top box includes an analog output which could be used to feed an allegedly high-quality video stream to a PC for subsequent illegal copying and distribution.

According to Jim Williams, the MPAA’s Vice President of Television and Video Systems Standards, in an interview with New Media Markets, “European pay-TV operators that choose to include unsecured, high-definition analog outputs on their HD set-top boxes will likely disadvantage themselves when negotiating to provide high-value content to their customers.”

The logic is difficult to understand considering that many European PC download services are allowing the downloading of HD movies onto PCs, but the MPAA doesn’t seem to be pressing for the banning of analog outputs on PCs.

Surely the studios are being inconsistent. By definition, a stolen analog pay-TV copy is less of a piracy threat than an illegal digital copy downloaded to a PC and burnt to a DVD or distributed using one of the many peer-to-peer systems. Nevertheless, Hollywood insists on a stronger approach to security on the former than the latter.

Time to look at security again?

This differential approach is puzzling. One can argue that pay-TV penetration is higher than broadband PC penetration, so it should be subjected to stricter controls.

According to the MPAA’s figures, pay-TV theft isn’t what costs the studios the most money; the Internet and DVD piracy do. Research it commissioned last year found that the major US motion picture studios lost $6.1 billion to piracy worldwide in 2005. Sixty-two percent of that loss resulted from piracy of hard goods such as DVDs, and 38 percent from Internet piracy.

Broadcast pay-TV systems also face increased risks as the Internet comes to the living room and with it a much increased threat from attacks such as “control word” distribution. It is probably time to re-examine the security models everyone has become so familiar with and to take advantage of the very connection that brings both new content – and new threats -- to the home.

It’s about time to take notice of the elephant in the room.

Barry Flynn is Principal Consultant for Farncombe Technology, a UK consulting firm offering expertise in pay-TV conditional access technology.