Tag: piracy

Study Shows Piracy Losing Premium Ad Revenue

Among the standard responses to any proposal to mitigate online piracy is an insistence that it just cannot be stopped.  Perhaps not entirely. But it can be starved.  That was the underlying goal of SOPA, but people decided the criminal sites deserved the money they were making because freedom.

As many readers know, the piracy universe is still largely supported by advertising.  The majority of the ads on many sites are “non-premium,” which is a polite way of saying sleazy.  These are usually promos for snake-oil products, VPNS to hide your identity so you can pirate more, and “dating” services offering men the opportunity to spend hundreds of dollars to exchange sexy emails with Sabrina in Odessa, who is more likely to be Todd in Duluth.

Research varies with regard to how much premium vs non-premium advertising supports particular sites, but major advertisers have been working for a few years now to bring their own contribution closer to zero. Although the total amount of premium advertising on pirate sites represents a small fraction of the US digital ad buy of over $60 billion/year, the advertisers view the presence of their brands on these sites as generally bad for business.   In addition to representing waste and lack of transparency in the digital advertising ecosystem; appearing on pirate sites associates their brands with criminal activity and spammy advertising; and it associates their brands with the increasing risk that visitors to pirate sites will stumble into malware.

In February of 2015, the major advertisers launched the Brand Integrity Program Against Piracy, led by the Trustworthy Accountability Group (TAG). As described in this post written at the time, the program was designed to establish protocols to certify suppliers and partners that work to mitigate exposure to risky entities with the ultimate aim of keeping premium brand dollars out of the pockets of pirate site owners.  A new report released today by EY indicates that these efforts seem to be working. From the report …

“If the industry were taking no quality-control steps and digital piracy operators served only premium advertisers, we estimate those operators could earn $213m annually from digital ads. In actuality, they earned an estimated $111m from those ads in 2016. The difference of $102m is a strong indication that quality-control efforts are having a significant effect.”

The study is based on analysis of 672 websites with a “high degree of infringing content that also serve advertising.”  Again, these numbers are fairly small as a portion of overall digital advertising, but they are more significant relative to revenue estimates for the piracy market overall.  For instance, this post from May 2015 cites a Digital Citizens Alliance study of just under six hundred infringing sites earning total revenue of $209 million of which $149 million came from major brand advertising.  So, if these quality-control efforts by the advertisers have legitimately denied over $100 million to piracy sites, that’s significant enough to begin to have a market effect.

If this trend continues, I suspect a few things will happen in the relatively near future.  The site operators earning well under a million dollars in revenue will probably get out of the piracy business because these sites represent fairly low-level investments designed to pick up the easy money of advertising “remnants” that fall through the cracks in the digital advertising system. The more entrenched and higher-yield sites will presumably become more dependent on spammy ads and malware, both of which are designed in one way or another to fleece users.

While it’s true that many committed pirate site users are sophisticated enough to avoid these hazards, it must also be true that plenty of users are unsophisticated enough for the scammers and hackers to be on these sites at all.  Thus, if pirate sites are further delegitimized by starving them of premium ad dollars and, as a result, they become more hazardous in the minds of, say, parents who think their teens are engaged in a harmless activity, there is decent chance the sites may lose their less-sophisticated user base.  At that point, the value to the snake-oil advertiser disappears.

If every pirate site user were savvy enough to avoid malware and sleazy ads, the only revenue model left is direct payment.  Many sites do receive subscription and donation revenue; but then of course, the lion’s share of more casual users who access these sites do so because they’re not in the habit of paying for the media they consume.  So, maybe it isn’t possible to stop piracy, but it does seem quite possible to starve it down to a more manageable size.  In the meantime, these efforts by the advertising industry should help reveal piracy for what it is—an illegal business, not a social movement.

Malware Suggests Search Plays a Major Role in Piracy

Image by stefanocar75

Copyright holders have long insisted that search results play a substantial role in driving users toward pirate sites.  Google and piracy advocates have generally countered that search does not drive much traffic to illegal sites because the people who consistently use infringing sites know what they’re doing and will go directly to the content they’re seeking.  This is a reasonable assumption to make about the population of committed infringers out there, but one fact that refutes this premise is the extraordinary volume of malware (a 1-in-3 chance) on infringing sites.  Because malware isn’t there to catch the experienced visitor—it’s there to catch the unsuspecting individuals who may not even realize they’re using illegal sites when they first visit.

For those who don’t know how it works, it goes like this:  A user is interested in watching Moonlight.  If he types “Moonlight” into Google Search, the second-tier results will be links that read “Watch Moonlight Online for Free,” all of which are directed to infringing sites.  If the user actually types “Watch Moonlight” into the search field, then the first-tier results will be infringing links. And quite often, Google will automatically suggest words that prompt the user toward an infringing site. For instance, if the user logically adds the word “movie” (because moonlight is a word and not just a title), then Google will complete the thought with “online,” which then yields top results with links to “watch moonlight movie online” via an infringing site.

Google and the piracy apologists are almost certainly correct that many avid visitors to infringing sites are fairly sophisticated users; they have VPNs, ad-blockers, security software, etc. to avoid detection and malware.  But if these were the only kind of visitors landing on these sites, then the underground market in malware-based trade would not be nearly so robust as it is.

As described in this 2015 post about a report called Digital Bait, commissioned by Digital Citizens Alliance and conducted by RiskIQ, a sophisticated “crimeware economy” exists on the Darknet, where criminals buy and sell goods and services used exclusively for preying on users. To use a blunt example, if a teenage girl visits an infringing site, she has up to a 30% chance of contracting malware. That malware may be a Remote Access Trojan (RAT), which gives fairly unsophisticated hackers control of her computer, including her webcam.  Then, her IP address may be sold in this black market to people who want to spy on teenage girls in their bedrooms. In many cases, a user doesn’t even have to consume the infringing content in order to infect a device. The promise of “free content” may be draw the user into a dead-end malware trap.

If all traffic to pirate sites truly comprised only the knowledgeable users, then the criminals would not have a financial incentive to deploy so much malware on sites that infringe, or promise to infringe, copyrighted content.  The very existence of prevalent malware is an indication that a substantial number of users who have no idea what they’re doing are visiting these sites, which logically leads to the conclusion that search must play a significant role in driving users toward these sites and into the hands of criminals.

Notice that, in this context, we don’t even need to address the subject of copyright infringement, let alone get bogged down in all the tedious rhetoric about free speech.  If Google’s top search results are indeed putting users in harm’s way, this is a consumer protection issue for the Fair Trade Administration and/or State Attorneys General.  And, in fact, Digital Citizens Alliance, after releasing its 2016 report Enabling Malware, began presenting its findings to the AGs.

Yes, it is likely true that once a user—even a fairly unsophisticated teenager—is aware of sites where free content is available, he will probably revisit those sites directly without going through a search engine. But even this kind of anecdotal assumption does not mean the role of search is insignificant, not least because the illegal nature of pirate sites means that they have a tendency to disappear and reappear as authorities in various regions shut them down.  A 2013 study indicated that 19% of the traffic to infringing sites could be directly attributable to search, and if that number were wrong by half, it would still represent billions of visits per year.

Consumers have a right to know the nature of their vulnerabilities when using any product or service, and they have a right to demand that U.S. companies take every reasonable step to mitigate exposure to risk.  To date, Google has refused to take even the obvious step of demoting known infringing sites in their search results, let alone to alter the way in which auto-complete may drive consumers toward these sites.

Google does now feature the legal channels for consuming media, including their own services like YouTube and Google Play, which is a good step but not likely sufficient to protect consumers as hackers become more sophisticated and more ambitious.  In fact, one likely consequence of advertisers becoming more effective at keeping their brands off pirate sites is that the criminals will depend more on the “crimeware economy” to make money through infringing content as a means to deliver malware.

Google is getting a lot of pushback lately—from the EU’s anti-trust decision, from the advertisers, and from the Canadian Supreme Court this week in the Equustek case. (More on that shortly.)  I would not be surprised if the State AGs and other consumer-protection agencies begin to take a more active interest in the relationship between search, piracy, and malware.

EU Court of Justice Ruling – A New Chapter?

Photo by alexskopje Pond5

This week, the Court of Justice of the European Union concluded what any rational observer would conclude about websites that make large volumes of unlicensed copyrighted works available to the public — that their owners know exactly what they’re doing and why they’re doing it.  A Netherlands-based foundation that protects copyright interests argued in the nation’s Supreme Court that two ISPs could be ordered to block access to The Pirate Bay.  That court referred the case to the EU Court of Justice for interpretation under the EU Copyright Directive.

Among the long-standing defenses employed by pirate site owners attempting to thread their operations through statutory imperfection, is the claim that they do not upload infringing copies of works to their servers. Their users upload the files.  Even if you’re the most pro-piracy individual in the world, there is nothing about that kind of reasoning that should pass the smell test, and now the EU has wrinkled its nose and declared that making works available in the manner that The Pirate Bay does “may constitute an infringement of copyright.” A decision published two days ago states the following:

“Whilst it accepts that the works in question are placed online by the users, the Court highlights the fact that the operators of the platform play an essential role in making those works available. In that context, the Court notes that the operators of the platform index the torrent files so that the works to which those files refer can be easily located and downloaded by users. ‘The Pirate Bay’ also offers — in addition to a search engine — categories based on the type of the works, their genre or their popularity. Furthermore, the operators delete obsolete or faulty torrent files and actively filter some content.”

If it walks, talks, and looks like an infringing enterprise, it’s probably an infringing enterprise.  Further, the EU Court decision offers a statement that may have considerable ramifications for site owners who have consistently sought to appeal to safe harbor provisions, based on the assumption that they are ignorant about what users do on their platforms.

“… it is clear from the Hoge Raad’s [Supreme Court of the Netherlands] decision that the operators of ‘The Pirate Bay’ cannot be unaware that this platform provides access to works published without the consent of the rightholders. [sic]”

Not only does this have implications for sites like TPB that are dedicated to piracy, but also to service providers and search engines that provide access to those sites as well as legal platforms that earn “unintentional” revenue from infringement. Most prominently, of course, I’m referring to YouTube, which has unquestionably profited from hosting unlicensed material while remaining shielded by safe harbors. The EU Court’s rational conclusion that site owners cannot be nearly so deaf, dumb, and blind as they claim, may prove to be a major threshold moment for counter-piracy efforts around the world.

In fact, the day before that decision was published, a new global initiative was announced by 30 major content creators, including old names like MGM and new names like Hulu.  The Alliance for Creativity and Entertainment (ACE) calls itself a “new global coalition dedicated to protecting the dynamic legal market for creative content and reducing online piracy.”

Stressing the importance of legal frameworks to foster the growth and maintenance of new platforms for accessing a diverse range of filmed entertainment, the Alliance states in its press release that it will “conduct research, work closely with law enforcement to curtail illegal pirate enterprises, file civil litigation, forge cooperative relationships with existing national content protection organizations, and pursue voluntary agreements with responsible parties across the internet ecosystem.”

While piracy advocates continue to claim (and not without precedent) that they will always find a way to keep infringing, 2017 may prove to be the year when we start to see much better cooperation among major rights holders and the major online platforms. It has certainly been the year when many parties (e.g. advertisers) have finally rejected the traditional claim by the internet industry that the web operates best as a self-governing universe.  And it seems that many users are coming to realize that platforms are already governed plenty by their owners in the service of their own financial interests.

Not Just About Piracy

Google and other platforms have strongly resisted demoting, removing, or de-indexing links to content that is defamatory, illegal, or otherwise harmful—even when courts have ordered companies to do so. “Digital rights” organizations have consistently taken what can be described as a maximalist position in blindly defending liability shields in both the DMCA and the CDA—even to the extent that the EFF apparently saw no reason for exception in the face of evidence that Backpage.com may have been supporting the trafficking of minors in the sex trade.

As levels of violence and extremism continue to grow, both American and European leaders have already indicated a desire to make online platforms more responsible for policing their sites; and this pendulum can absolutely swing too far in the wrong direction. As technologist Jaron Lanier warned this week on NPR, we do not want to give private corporations like Google too much power to “police” the web because they are not subject to oversight as government agencies are.  This is a much larger topic for future posts, but at the same time, it is known that enterprise-scale piracy intersects with other forms of criminal activity—particularly the malware trade.

Historically, whenever trends like those we’re seeing this year begin to write a new narrative, government turns to the industry in question with an ultimatum—that they can clean up their own act or Congress will do it for them. Given the present chaos in Washington, including specifically at the Department of Justice, predicting where exactly U.S. policy on countering illegal online activity is heading is a murky prospect at best.  Nevertheless, this EU Court decision; the recent mood of major advertisers toward Google; this new ACE coalition; and a perceptible shift in sensibility among users who feel that platforms need to be more proactive to counter hate crime, harassment, and violence all suggest that the internet industry may be about to become better partners in addressing some of the negative effects their business models have created.