Since the dawn of the internet, massive online theft of movies, music, TV shows and other copyright works has been a persistent and growing problem. For instance, the online analytics firm MUSO recently reported there were 300 billion visits to piracy sites in 2017. And that “TV is the most regularly consumed pirated content, with 106.9 billion visits, followed by music (73.9 billion visits) and film (53.2 billion visits).”
The latest threat is the emergence of “piracy boxes” — easy to use set-top boxes akin to legitimate streaming devices like your Apple TV or Roku box, but configured with apps to facilitate piracy instead of legitimate access to your favorite films and TV shows. These devices are aggressively marketed by their sellers as substitutes for cable, satellite and streaming services like Netflix and Amazon Prime Video. Adoption of these devices has exploded. In 2017, online analytics firm Sandvine reported that 6.5 percent of North American households — 7 million homes — have at least one device configured for piracy.
But what piracy box sellers neglect to tell consumers is they’re inviting real danger into their homes by using these devices. For instance, there is a well-documented connection between piracy and malware. In a 2015 report, consumer group the Digital Citizens Alliance concluded that “one out of every three content theft sites contained malware.”
It should come as no surprise then that in a new study, DCA found that these piracy devices represent an enormous opportunity for hackers and other bad actors. Indeed, DCA investigators “observed malware from the piracy apps stealing user names and passwords, probing user networks and surreptitiously uploading data without consent.”
Perhaps most troubling, the report explains that “by plugging the device into a home network, (consumers) are enabling hackers to bypass the security (such as a router’s firewall) designed to protect their system. If apps on the box or that are later downloaded have malware, the user has helped the hacker past network security,” thereby potentially giving hackers access to sensitive personal information and control of an ever-increasing array of connected home appliances and devices.
The danger appears to be far from theoretical. In a concurrent consumer poll about piracy box adoption DCA found that “of those who said they didn’t have a piracy device in their home, 7 percent reported an issue with malware. Of those who said they did have a piracy device in their home, 44 percent reported an issue with malware.”
It’s also worth noting the lack of integrity in the piracy box supply chain. Legitimate device makers like Apple and Roku have negotiated contractual obligations with content providers over security specifications and audits. Moreover, these companies have hugely valuable brands and reputations, and every incentive to ensure the integrity of their devices for both their content supplier partners and consumers. Piracy device sellers have none of these incentives.
It doesn’t take too much imagination to see where this could lead. Last year Bloomberg Businessweek reported that Chinese intelligence agents had planted malicious chips on Apple and Amazon’s hardware — a charge they unequivocally deny.
It seems like Chinese intelligence operatives would be far better served by installing malicious chips on piracy boxes — most of which are manufactured in China — that are then distributed to millions of American homes by shady illegal vendors. Perhaps they already have begun to do so.
So where do we go from here? For starters, piracy box sellers and app developers must be brought to justice. Targeted prosecutions by the Department of Justice could serve as an important deterrent to would-be “entrepreneurs” looking to profit at the expense of creators and innovators in the legitimate creative economy.
What’s more, the Federal Trade Commission should build on an April 2017 blog warning consumers about the dangers of piracy and malware by further exploring this issue, including during hearings about competition and consumer protection in the 21st century.
Last, Congress and the administration should take seriously the cybersecurity threat these devices represent and explore ways to diminish their proliferation — either through industry cooperation or legislation if necessary.
It’s becoming increasingly clear that the online world has all the same problems as the analog world — and then some. As a society we have a lot of work to do to clean up the internet. An easy place to start is low hanging fruit such as blatantly illegal piracy device sellers that are a real threat to consumers, creators, innovators, and our security.
