Copyright owner groups are asking the UK government to do more to stop pirates from operating anonymously online. In a submission led by the MPA and supported by the IFPI, BBC, Premier League, and others, a multi-year investigation into file-hosting giant Openload. This is an example of what can go wrong when online services don’t check their consumers.
In response to the House of Lords Committee on the Fraud Act of 2006 and Digital Fraud’s request for evidence. Different companies, groups, and organizations have given their ideas on how the UK can stop the rise in fraud.
The discussion ended last month, and one of the submissions was led by the MPA with help from the BBC. Apart from that, BPI, BSkyB, Premier League, FACT, IFPI, ITV, Publishers Association, and UK Music also supported it.
The submission paints a picture of companies trying to fight back against piracy (and, by extension, Fraud). But running into trouble when they try to find their targets.
Absence of Reliable Information
The MPA says that for commercial-scale pirates like IPTV providers and streaming platforms to work, they need access to legal services. These includes online hosting, advertising, payment processing, and e-commerce platforms. During an investigation, these legal services could be important sources of information, but it doesn’t always work out that way.
“[T]he problem frequently comes down to the fact that the online intermediaries providing the business infrastructure that enables the operation of the illicit service cannot supply any information that allows for the verification of the illegal service provider. That, or the information they can provide has clearly been stolen, falsified, or is incomplete or otherwise misleading,” the MPA writes.
“The ease with which nefarious actors can remain anonymous in their underlying business transactions actively facilitates both digital piracy and potentially other crimes perpetrated online, including acts of digital fraud.”
Piracy-as-a-Service
The MPA says that the lack of correct information helps so-called Piracy-as-a-Service (PaaS) platforms grow. These include ready-made templates for pirate streaming sites and databases with tens of thousands of movies and TV shows. Also, dashboards and infrastructure for IPTV, and video hosting services that hide links to illegal content.
People who want to get into the piracy business find it much easier to do so with these services. Pirate platforms can sometimes be ready in minutes instead of taking days or weeks. The MPA says this leads to even more fraud. That’s why the government should help by making strict Know Your Business Customer (KYBC) rules.
The Electronic Commerce Regulations of 2002 spell out how to reach this goal, but there is no enforcement right now. Copyright holders would like to see an amendment that makes those who don’t comply with the law face penalties. This would hopefully lead to more proper research and give rightsholders access to accurate information about pirates.
“Introducing a KYBC obligation on intermediaries that provide internet services to others would require those intermediaries to ascertain and verify the identity details of their commercial customers, irrespective of their location, before any business can be conducted between the two,” MPA adds.
The submission includes summaries of investigations where a sound KYBC system could have helped rightsholders. One example is so bad that it’s almost unbelievable from an accounting and tax perspective.
Openload: “Dead End” in a multi-year investigation into Anonymous
Openload was one of the biggest file-hosting sites on the Internet. Still, it suddenly shut down in 2019 with little warning, taking Streamango. That was a big deal because it got more traffic than Hulu, HBO Go, and Sky.
After the first chaos, the Alliance for Creativity and Entertainment said they were to blame for the sites going down. “The operator behind both pirate operations will have to stop operating the services and pay a significant damage award,” the announcement added.
No one knows if they paid for the damages. But in comments to the UK government, the MPA says that the Openload investigation didn’t go as planned. Because KYBC didn’t take any responsibility.
“After a multi-year, resource-intensive investigation by MPA, this service was revealed to be hosted in and operated from within the European Union (EU), with infrastructure from EU service providers,” the MPA explains.
“When the MPA obtained a court order directing the EU hosting provider to identify its customer for Openload and two other pirate services, we hit a dead end: the listed customer was a defunct Hong Kong shell entity.”
MPA Frustration Begins in France, Ends in Asia
TorrentFreak saw documents from 2020 that said the three sites were Openload, Streamango, and RapidVideo. A file-hosting site that shut down in 2019 just days after the other two. All three sites seem to have used the same hosting company. The MPA described the documents as a “global hyper-scale cloud provider”. It includes 300,000 servers in 28 data centers across 19 countries.
In August 2019, the High Court in Lille, France, ordered the Host to give overall information. Information includes “allowing identification of the people” who made and ran the three sites. Under a KYBC system like the one the MPA wants to see put in place, that should have been possible. In the end, nothing happened at all like that.
The MPA doesn’t name the Host, but it was almost certainly OVH, which is based in France. At the time, responsive documents given to the MPA showed that the three services paid a whopping 19 million euros in hosting fees. The Host sent the bill money to Openload and Streamango through a PayPal account. This was linked to an advertising company in Costa Rica or with credit cards that could not be tracked.
Wrong Data
A business address that Openload gave to the hosting company was a “dead end” in Hong Kong for the MPA.
In what looks like a reply, the Host told the MPA ,”The data received from our client are purely verbal. So, [Host] has nothing that could be used to prove its authenticity. In a message from another hosting company in Germany, it was said that the information it had on file was provided by the customer and hadn’t been checked for accuracy.
“The introduction of KYBC obligations in the UK would address this failure by forcing UK-based intermediaries to know exactly who their business customers are,” the MPA’s submission continues.
“In MPA’s experience, concerted action on transparency in the UK and EU would have the added effect of significantly degrading the quality of the infringing services that pirate operators based overseas can provide to UK consumers by forcing them to use lower quality infrastructure based outside of Europe.”
