I often read marketing material from Online Brand or Content Protection vendors, especially some of the newer ones, that make IP rights enforcement sound very straightforward.

In some scenarios, given the correct processes are followed, this can be the case—using eBay’s VERO program or similar offerings from the major legitimate platforms, counterfeit listings can be removed very quickly. Similarly, IP infringing digital content found on social media sites such as Facebook or YouTube can be either blocked via their own rights protection technology or removed via a proscribed process in real-time.

However, this only represents a proportion of the infringements and, during my time in the industry working across a very large number of clients in different sectors, I would say that, outside of basic marketplace listings, around 50% of IP infringements are located on sources that are totally non-compliant, i.e., they consistently and deliberately ignore any form of cease and desist process. These may be anything from websites selling infringing merchandise to streaming services running on non-compliant hosts and many other issues in between. Anyone doubting the prevalence of this should just Google “DMCA ignored hosting” to see how large the demand is !

In my opinion, for the biggest rights owners such as sports leagues, broadcasters, pharmaceutical, automotive and luxury goods manufacturers this is the biggest challenge they face in OBP today as this is where the sophisticated infringers, who do the most harm, run their businesses.

A real-life example of the scale of this challenge is that, despite huge sums being spent by the English Premier League and its broadcasters on anti-piracy solutions, it is still relatively easy to consume pirated EPL content today.

Options for dealing with “the other 50%”

There are several ways that rights owners and their agencies have attempted to handle non-compliant sites and hosts:

Investigation/Law Enforcement

In order for law enforcement to take any action against a site or platform, a certain amount of data has to be collected so that the digital assets are tracked to human beings against whom action can be taken, and there is proof of their non-compliance to legitimate notices. This requires a certain amount of digital and physical investigation work to compile an evidence pack that can be taken to law enforcement, who may or may not take it any further, dependent on location and scale of the infringements.

Major brands often, therefore, hire investigation firms or use their OBP provider to compile this information which is then passed to law enforcement. In the last few years, it has become understood that this sort of criminality is used to fund both organised crime and terrorism, so there has been increasing interest from police forces in much of the western world with the FBI, Europol and PIPCU (Met Police) all running programs against this genre of infringer.

This type of action has increased as the profile of online crime has grown, but it is still the case that law enforcement only has the time and resources to become involved in a tiny proportion of rights infringement issues, so even though this may be effective in some highly visible situations, this path does not really represent a holistic solution to the issue in general.

Litigation

A variation on the above theme is to use the evidence to litigate either where significant assets reside in a compliant jurisdiction (e.g., websites that rely on domains within the .com registry) or against a visible provider that is seen to be involved in multiple infringements.

Over the last decade, a number of very high-profile cases have been filed by rights owners in US courts against the owners of vast numbers of sites selling counterfeits (sometimes 10,000 plus!). One of the first of these was brought by The North Face versus a number of Chinese entities in the Southern District of New York in 2010, resulting in $78m in damages being awarded. More importantly, they gained the digital assets involved i.e., domain names and payment accounts—the large number of these and the seized funds in those accounts made this highly cost-effective and formed a template that was followed by many others, especially in the apparel and luxury goods sector.

Unfortunately, over time, infringers learnt to move the monies more rapidly, and the ability to self-fund this sort of litigation program has largely evaporated, leaving it as an expensive and time-consuming path to tread.

In 2018, the Premier League did eventually win its case versus Ecatel, a Netherlands-based hosting provider which was found to have been unresponsive to notifications about illegal streaming of sports via its servers. However, the case took some years to reach this conclusion and may have been a moral victory, but by then, Ecatel had actually been dissolved, and the same service moved elsewhere.

In general, litigation has the disadvantages that it is costly and slow and is more often used as a demonstration that a given rights owner is vigorous in defence of their brand than as a truly effective remedy.

Technology solutions

There are technical means to unilaterally cut off access to sites that are illegally breaching rights. One of these is barring access via the collaboration of consumer ISPs such that the IP addresses of offending services are blocked for a period of time (e.g., during the broadcast of a sports event) to any household whose broadband service is provided by one of the participating ISP’s. This has been used effectively in the UK by both the Premier League and UEFA in terms of digital content and Richemont for luxury goods, but it suffers the limitations of being geographically limited as well as costly in terms of getting the blocking order passed by the courts and agreed to by the consumer ISP’s.

The other technological solution specific to digital piracy is Forensic Watermarking—this is based on the fact that any illegal broadcast stream originates from an original consumer source, so if you can watermark each individual consumer’s stream, you can find out which one is being illegally re-broadcast and cut it off at source.

This is an expensive solution to deploy, as each consumer needs to be uniquely identified but works well technically and will be successful if the company deploying it is the sole distributor of the content. However, consider a global sports event or tier one movie, which will be licensed by many broadcasters—unless all of them apply the solution, it is likely that the pirates will find a source to distribute that is not marked and so this is actually far from being the “silver bullet” that its proponents sometime claim.

High Value Target Analysis

It is now well accepted that much of the serious criminality perpetrated online is via well-organised groups, who run a sophisticated business using skilled technical and marketing staff just like any other.

These groups will usually drive their sales across many websites, social media profiles, marketplace listings and all the routes to market that any e-commerce team would employ. Using a mixture of technology and human analysis, providers are able to tie these online artefacts together and identify the groups that represent “high value targets” in the sense that if they could be de-commissioned in some way, the impact on the level of infringement would be very significant.

However, while many OBP providers can deliver a lot of data about these targets, they are not generally able to make it actionable, and so the rights owner still only has options such as litigating or depending on law enforcement teams, with the attendant issues mentioned above.

HVT analysis, therefore, is important in the sense of identifying the perpetrators of the “other 50%,” but it does not in itself represent a full remedy.

Disruption

One alternative that is gaining favour is “disruption,” and it is important to understand that this does not mean some sort of cyber warfare or DDOS attacks where nefarious means are used to harm the infringer’s site.

Rather, this means thinking of the infringer as a business with a brand and P&L, just like any other competitor, and the objective, therefore, becomes to damage the brand and increase their cost of operation, such that the business suffers but only by recourse to legitimate means.

This starts with detailed analysis of the infringer’s value chain—ISPs, hosting providers, technology employed, route to market (i.e., where do they publicise and sell the illegal service), and payment options. It is then possible to take a number of actions that impair the value chain, e.g., flagging the illegal activity to relevant providers so that they withdraw their service or marking the sites as suspicious or fraudulent. Consumers using the service then see pop-up warnings, which in turn may cause the infringer to switch services or change some of the technology they have deployed. If this is done often enough, it results in repeated changes to usability and harm to the end-user experience.

Similarly, negative feedback could be posted on social platforms where the illegal site is advertised such that doubt is created in the eye of the potential customer, and the online brand is damaged.

In addition, payment services are a key component of the chain in any business and so identifying the routes a criminal group has to take payment for the illicit content and then taking steps to get the seller blacklisted by these or merchant acquirers is another path that will impair their viability.

These are, individually, all actions that I have discussed with rights owners many times previously and are occasionally taken on a somewhat ad hoc basis as the opportunities arise. However, I have recently identified a UK solutions provider, XCyber Group, that is pioneering an offering to carry this out in a systematic and consistent fashion such that the offending services are repeatedly and significantly targeted in terms of both the reputation and cost of delivery. XCyber calls this Systematic Lawful Disruption (SLD), and it is based on their prior experience in working against significant terrorist groups and other work they carried out for state intelligence.

I was so interested in this as a unique alternative in terms of taking unilateral action against non-compliant sites that I helped author a paper on the topic that was recently presented at the MESA Content Protection Summit. In my opinion, this is a very significant additional weapon that can be used to deal with the huge number of non-compliant actors that now represent the greatest threat to rights owners.

Summary

As mentioned at the start, OBP vendors tend to focus on the ease of removal of marketplace listings and illegal content on legitimate platforms, but this is only part of the problem. As these processes have become slicker and services from many suppliers handle them cost-effectively, the large-scale infringers have moved their businesses to places that are harder to reach and invested in a supply chain based upon non-compliance.

This means that for the more sophisticated rights owners, in particular, this is exactly where the battleground has to be fought today, and I am increasingly convinced that a rights protection program needs to be bifurcated into “bread and butter” solutions for handling the basic issues at as low a cost as can be achieved and then another segment of budget allocated to dealing with the more resilient infringers that are actually doing the most long term damage.

This requires both a significant portion of the budget and executive sponsorship as none of the remedies outlined above is either simple or cheap, but I now consider this is the key area of focus for rights owners once they have the basics in place.

I hope you have found this short article interesting, feel free to reach out to me at [email protected] if you require further assistance around this topic.