Piracy on the high seas has been a flourishing business for many centuries.

Some of the obvious reasons for its success and continuance are the oceans' vastness and the lack of any national, international or maritime police force capable of regularly preventing piracy or apprehending the pirates.

The internet is similarly vast and policing it is proving equally difficult. The International Intellectual Property Alliance has estimated that the piracy in 56 countries of U.S. music, films, books and other intellectual content cost U.S. companies some $9.2 billion in 2002. The International Federation of the Phonographic Industry, a London-based group representing 1,500 record companies worldwide, recently estimated that 95 percent of music sales in China are attributable to piracy.

All internet-based publishers of subscription newsletters and magazines are concerned about how many of their subscribers are illegally copying the material and selling or freely distributing their wares to non-subscribers.

Is this the likely trend for all intellectual property 'sales' in the near future?

Internet piracy is also having a detrimental effect on corporate networks as peer-to-peer pirated content traffic continues to overwhelm them. The most voracious consumers of bandwidth are music and video.

Furthermore, there is the issue of an organization's legal liabilities as employees use corporate networks for illegal downloads of content. A brochure recently published jointly by the Recording Industry Association of America (RIAA) and the Motion Picture Association of America (MPAA) reveals that, in April 2002, an Arizona company entered into a $1 million settlement with the recording industry. The settlement was to compensate for the company's employees having accessed and distributed thousands of songs using company equipment. The brochure urges companies to crack down on employees' copyright infringements - or face legal consequences.

Internet content piracy is a big issue for the electronic communications' industry - web downloads and email are often the vehicles by which content is moved out of its owner's organization and used, sold or shared with others.

Organizations need to protect themselves against employees who download illegal copies of songs, images, software, etc. They must also make the protection of their intellectual property a similarly high priority. They will be looking towards technology companies to provide them with tools to help them. No doubt organizations are also urging governments to frame and administer legislation to deter and punish the pirates. Industry bodies, both new and existing, also have a big role to play in acting as a forum for co-operation in dealing with piracy.

Technology

One development that will help to curb the growth of internet piracy is the creation of a legitimate commercial market for content. This depends on the existence of certain conditions. There needs to be a simple payment mechanism for buying content, and software must be deployed to prevent employees from illegally downloading content. There must also be a failsafe method for securing proprietary content which organizations do not want to become available externally at any price. Digital Rights Management (DRM) and e-policy based email content security are two of the approaches being tried and developed in this arena.

Web content security is about much more than merely blocking access to certain web sites and protecting against web-borne viruses. It should also define a web usage policy - as part of an overall e-policy - in relation to an employee's business functions, including what is or is not acceptable content in web pages, downloads and uploads and web-based email.

Digital Rights Management (DRM) is seen by many as the answer to digital piracy and a gateway for entertainment companies to venture profitably into digital distribution. DRM employs cryptographic technologies to protect and manage access to copyrighted content. Although DRM solutions have been around for a while, lack of interoperability and standardization have contributed to a slow take-up by the market.

Another approach to dealing with the problem is to prevent copyrighted content from leaving your organization by email at the internet gateway. This is done by having all outgoing emails and attachments checked against keywords that indicate confidentiality breaches. Once a keyword is found and the email transmission has been rejected, the pirate sender can be identified and such policies and procedures as are in place can be activated to deal with the offender.

This approach enables organizations to check an email's source and destination, dismantle the contents into raw data, and filter the results against company-defined policy. It performs lexical scanning for keywords, which indicate confidentiality breaches or offensive language; it can also quarantine defined file types, block email based on file types and add legal disclaimers.

As regards copyrighted images, products are able to identify and block confidential images and intellectual property images embedded in email and attachments. Known images are 'fingerprinted' and stored in SQL or MSDE databases. Outbound email and attachment images can be checked against these confidential/intellectual property images and, if detected, their transmission outside the organization is denied.

Regulation

In the U.S., the Digital Millennium Copyright Act (DMCA) was passed in 1998. It basically makes it illegal to copy proprietary content for almost any reason. There are some exceptions to the rule - but very few.

Such strict regulation is thought by some to threaten the laudable aims of interoperability, innovation and the empowerment of consumers. The DMCA is being used by a variety of technology companies to prevent the existence of any alternative supplier of a technology or compatible technology.

Some have also argued that, as technology is changing so rapidly, the best regulatory fixes should be short-term ones.

The RIAA has been very active in the U.S. in trying to prosecute companies who are facilitating trades of millions of unprotected MP3 files. The RIAA has recently won a ruling to try one such service provider - Kazaa - in a Californian court. It doesn't make it any easier that Kazaa is based on the Pacific island of Vanatu.

However, the RIAA, the Business Software Alliance and the Computer Systems Policy Project agreed in January 2003 to work together to create technology to curb content piracy - instead of pursuing legislation.

As for Europe, the European Parliament has issued a directive against internet piracy within the European Union. Further directives are planned by the EU in an attempt to implement the same World Trade Organization treaties that brought about the DMCA in the U.S., although any such directives are likely to include a transitional period until 2012.

The relevant U.K. legislation includes the Copyright, Design and Patents Act 1998. The Act does not come into force until 2003 and will help domestic law enforcement agencies, such as Customs and Excise and Trading Standards, to reduce digital piracy by making it a criminal offence to circumvent any copy protection system used by the rights holder to prevent the distribution of unauthorized copies. The Act allows for the making of a recording of a broadcast or a cable program for private and domestic use to enable it to be viewed or listened to at a more convenient time. The question yet to be tested in the U.K. courts is whether the internet is a form of cable program service, to which the home recording exception therefore applies.

"We have not found any reported cases in the U.K. on preventing the development of anti-copyright protection software and devices," says Gayle Curry, solicitor at Morgan Cole. There was the recent Easyinternetcafe case, although that related to facilitating file sharing. In that case, the Easyinternetcafe was successfully prosecuted for allowing its users to download songs onto CD. It was done in the full knowledge of the café owners. This case is not directly connected to the aim of the DMCA.

The closest applicable case in Europe was the Jon Johansen case in Norway. Norwegian prosecutors, acting largely at the behest of the MPAA, claimed that Johansen was illegally sharing a program called DeCSS, which circumvented the copyright protection on DVDs, so that he could play them back on his computer. Johansen was found not guilty. The judge dismissed prosecution arguments that Johansen intended to aid and abet DVD piracy."

Corporate Anti-Piracy Approaches

  • Organizations must establish policies and procedures that prevent their employees from both stealing and leaking content, whether ignorantly or maliciously.
  • Software that blocks access to undesirable web sites and filters inappropriate file types and file downloads should be installed.
  • Email filtering software - to prevent content entering or leaving the organization - must be installed.
  • Policies on content downloads must be explained to employees and they must be made aware of their own personal liabilities and those of their employer.
  • It is prudent to put a limit of the amount of storage for content that any one employee can have on their desktop at any one time.
  • Confidential and intellectual property content must be identified and policies and technology (if and when available) put in place to prevent the content leaving the organization.
  • Organizations must constantly audit whether their policies and technologies are effective in preventing content piracy.

Regulation may eventually help organizations and technology is constantly evolving to assist in preventing and detecting content piracy. However, similarly, the pirates are often technologically savvy themselves and are quick to combat the hurdles put in their way by new technology.

The internet content piracy landscape is a dynamic one and organizations must employ eternal vigilance to protect their intellectual property and ensure that they themselves are not illegally harboring other organizations' intellectual property.

Paul Rutherford is chief marketing officer for Clearswift (www.clearswift.com).