The Discussion Paper from the EUIPO Observatory sets out the challenges faced by online intermediaries in relation to the use of their services for live event piracy, as well as good practices to prevent such use.

The Paper notes that live event piracy raises new challenges for IP rights holders, online intermediaries and law enforcement authorities since the value of the events lies in their live nature. Mitigating the damage is therefore more difficult, as the timeframe for doing so is short.

The Paper focuses on:

1. the most recent developments at Member State level to counter live event piracy, which mainly consists of obtaining internet blocking injunctions against Internet Access Providers (IAPs) to block access to illegal websites or streaming servers; and
2. technical intermediaries that are positioned further upstream in the live content streaming process, in particular Dedicated Server Providers (DSPs) and Content Delivery Networks (CDNs).

The Paper looks at three models of live event piracy:

1. subscription-based IPTV services
2. open IPTV services; and
3. open web stream services that mainly rely on advertising revenues.

The Paper explains that piracy service operators use different techniques to pirate legitimate live event streams, bypassing the protection mechanisms typically put in place to protect premium live content. Some also use obfuscation techniques to avoid identification or make it more difficult to identify the servers they use. Some of these techniques make use of legitimate services meant to optimise or protect content distribution, such as CDNs or Distributed Denial of Service (DDoS) protection services.

In some instances, piracy services also put in place resilience strategies to withstand and recover from enforcement measures, including setting up “mirror websites” where their services can be reached under different domain names, or “fallback IT infrastructure” where their services can be reached under a different IP address.

Live event piracy operators also make use of offshore hosting providers registered in countries with more lenient regulation, but use onshore technical infrastructure to optimise content delivery. In recent years Piracy as a Service (PaaS) has developed, which lowers the entry barriers to set up, operate and monetise piracy services and support live streaming of content.

The challenge for IP rights holders and online intermediaries is to quickly limit economic loss, while also ensuring against “overblocking” to preserve the rights of third parties. Those that need to monitor a broad range of sources of illegal streams need to review quickly the streams identified to verify that they are infringing and identify their sources. This requires sophisticated systems and significant technical resources as these operations need to be performed in real-time during the live event. Then, there is the challenge of devising the most effective and balanced enforcement measures to be used at hosting, domain name or IP address level.

The Paper examines:

• content removal or blocking at hosting provider level —effective where the host cooperates with rights holders to support near-instant take down, but less effective against sophisticated piracy operators who can quickly reinstate their services by switching to “fall-back IT-infrastructure”, including different IP addresses, with the same or additional hosts;
• domain name blocking or seizure — this prevents end users from obtaining the IP address(es) of a piracy service, and can be implemented via domain name registration services, which is a lengthy process, or by using DNS resolvers that can block a domain by not returning its correct IP address, although in both cases this can be circumvented by piracy services switching to an unblocked domain name; and
• IP blocking at IAP level — this consists of an IAP prohibiting or diverting data transmission between its users and the IP address of an internet service, which can be useful against piracy services that do not rely on domain names for their activities (e.g. streaming servers feeding a piracy app).

As for good practices the Paper looks at recent developments in Member States:

• live blocking injunctions: already applied in Ireland, Malta, the Netherlands and Portugal;
• court order followed by administrative intervention: in 2021, France established a new procedure specifically to tackle illicit broadcasting of sports events, whereby, following a court order to block the illicit broadcasting of a sports competition, the French Administrative body for the regulation of audiovisual and digital communication (Arcom) can, for the duration of the injunction and at the request of the rights holder, require ISPs to update its blocking measures against new piracy services as they appear;
• administrative orders: administrative authorities in Greece and Portugal have the authority to issue orders obliging IAPs to end the live event piracy in issue; and
• voluntary procedures with intervention from an administrative body: in Portugal, a rights holder can notify the infringing website to the Inspectorate General for Cultural Activities (IGAC), which notifies the Portuguese IAPs and requests that the domain name in question be blocked in the shortest possible time for a duration of two hours, or until the event ends.

The Paper also examines good practices from DSPs and CDNs to act against live event piracy or support the identification of the actual source of the illegal stream, including:

• DSPs reserving the right in their terms and conditions to block or remove IP-infringing content and to suspend or terminate the provision of their services;
• DSPs using specific Know Your Business Customers (KYBC) requirements;
• cooperation between DSPs and rights holders on near instant take down, e.g. streamlined notice and take down processes and trusted flaggers programmes;
• cooperation with CDNs on identifying hosting providers to prevent obfuscation of the origin server’s IP address by piracy services using a CDN by introducing abuse reporting systems to provide information on the hosting provider and, for trusted flaggers only, information on the origin IP address of the piracy service.

In addition, the Paper looks at the good practices developing to demonetise piracy services by working with:

• advertising intermediaries: the WIPO Alert database provides advertisers and online ads intermediaries a list of illegal websites; and
• payment services: agreements between rights holders and payment services to terminate the account of illegal IPTV services or to block access to IPR-infringing websites that have been ruled illegal by a court.

Finally, the Paper examines cooperation with law enforcement authorities to effectively investigate and dismantle the criminal groups behind live event piracy services. To read the Discussion Paper in full, click here.