When Italy passed new law on July 14, many believed that when the new Serie A football season began on August 8, IPTV pirates would draw their last breaths as legal football platforms burst back to life.
In the event, none of these things happened. For various reasons, Italy’s new blocking system wasn’t ready and was never likely to have been. Initial technical meetings on security matters, even blocking itself, still hadn’t taken place.
A meeting eventually went ahead on September 7; telecoms regulator AGCOM turned up, as did the government’s cybersecurity experts. Also in attendance, anti-piracy groups FAPAV and SIAE, representatives from the football league, plus Amazon and Google.
Those who didn’t take part included cloud providers, satellite broadcasters, and VPN companies. According to DDay.it, AGCOM told the meeting that more companies need to participate in the project and everyone needed to “hurry because there is a deadline to meet.”
With the new season now five weeks old, the new deadline remains unclear. As recently as late August, insiders said that the system would be up and running late September or early October. That isn’t going to happen, but there will be another technical meeting in October to talk about what should happen when it eventually does.
Piracy Shield: It Does What It Says
One thing running to schedule is the system’s name. Telecoms regulator AGCOM has opted for the self-explanatory brand ‘Piracy Shield’ accompanied by a shield-shaped fingerprint logo with Piracy Shield written on the front. A splash of pink perfectly matching the theme on TorrentFreak rounds things off nicely.
Interestingly, Italian tech news site DDAY managed to obtain some screenshots of Piracy Shield. Whether they depict the software in action isn’t clear but from a presentation perspective they are pretty basic, to say the least.
Information on how the system will operate also falls short of expectations, at least when compared to the media hype of the last few weeks and the inherently technical nature of sophisticated pirate IPTV operations.
“The platform will be automatic, and is a sort of Content Management System that manages tickets. Nothing sophisticated or complex,” DDAY reports.
“Rightsholders will have access to the dashboard via an account and will be able to create a new ticket where they enter a name, the IPs or domain names to block, and the digital proof, then a screenshot.”
Get it Right in 60 Seconds
The report suggests that once a ticket has been created, there will be just 60 seconds to cancel it. Once that time has expired, the blocking request will be sent to AGCOM where an unspecified automated system will first check to ensure that all fields have been populated as required.
While it would make more sense to fix deficiencies before they’re submitted to AGCOM, DDAY reports that AGCOM will not check any blocking requests before it validates them.
Once validated, AGCOM will instruct all kinds of online service providers to implement blocking. Consumer ISPs, DNS providers, cloud providers and hosting companies must take blocking action within 30 minutes, while companies such as Google must block or remove content from their search indexes.
Automation and APIs
Given that an entirely manual system would be hilariously inadequate, Piracy Shield will be accessible through APIs. These will allow rightsholders to automatically create tickets which, according to DDAY, will trigger an automatic block with no human intervention whatsoever.
Whether there are provisions for quickly correcting errors or taking action in the event of inadvertent overblocking is unclear. DDAY reports that during the meeting on September 7, someone asked who is responsible for the blocking ‘whitelist’ containing domains or IP addresses that should never be blocked because they’re crucial for the functioning of the internet.
“[At] the moment there appears to be no plans in this sense,” DDAY reports.
Similar concerns noted that while IP address and domain blocking will be executed immediately, subsequent unblocking for even legitimate reasons will be subjected to an extended manual process.
Don’t Worry About Security…..
When an unnamed person asked if it was possible to see Piracy Shield’s source code, the question was reportedly “glossed over” with assurances that other people will carry out penetration tests. That the source won’t be made available is standard practice for anti-piracy companies; they have a product and ‘trade secrets’ to guard.
That raises the question of who developed Piracy Shield. Media reports last month indicated that Serie A bought it and then gave it to AGCOM as a gift. We couldn’t find any mention of the developer, so we turned to the screenshots published by DDAY for any potential clues, preferably something unique.
Impossible to find using regular reverse image search engines, it appears the Piracy Shield ‘fingerprint’ logo doubles as a favicon. Chinese ‘internet-of-things’ search engine FOFA indexes favicons and from there it was trivial to see where Piracy Shield had a web presence recently.
SP Tech appears to be a reference to SP Tech S.R.L, a brand protection, content monitoring, anti-piracy startup that has strong rightsholder connections in Italy and whose name appears in numerous industry piracy reports.
FOFA helpfully links an SP Tech website to AGCOM thanks to this code snippet, which also mentions Piracy Shield to round things off.
