Editing Pirate decryption (section)

==Counter-piracy techniques==
A number of strategies have been used by providers to control or prevent the widespread pirate decryption of their signals.

One approach has been to take legal action against dealers who sell equipment which may be of use to satellite pirates; in some cases the objective has been to obtain lists of clients in order to take or threaten to take costly legal action against end-users. Providers have created departments with names like the "office of signal integrity" or the "end-users group" to pursue alleged pirate viewers.

As some equipment (such as a computer interface to communicate with standard ISO/IEC 7816 smartcards) is useful for other purposes, this approach has drawn strong opposition from groups such as the [[Electronic Frontier Foundation]]. There have also been US counter-suits alleging that the legal tactics used by some DBS providers to demand large amounts of money from end-users may themselves appear unlawful or border on extortion.

Much of the equipment is perfectly lawful to own; in these cases, only the misuse of the equipment to pirate signals is prohibited. This makes provider attempts at legal harassment of would-be pirates awkward at best, a problem for providers which is growing due to the Internet distribution of third-party software to reprogram some otherwise legitimate free-to-air DVB receivers to decrypt pay TV broadcasts with no extra hardware.

US-based Internet sites containing information about the compromised [[encryption]] schemes have also been targeted by lawyers, often with the objective of costing the defendants enough in legal fees that they have to shut down or move their sites to offshore or foreign Internet hosts.

In some cases, the serial numbers of unsubscribed smartcards have been [[blacklisted]] by providers, causing receivers to display error messages. A "hashing" approach of writing arbitrary data to every available location on the card and requiring that this data be present as part of the decryption algorithm has also been tried as a way of leaving less available free space for third-party code supplied by pirates.

Another approach has been to load [[malicious code]] onto smartcards or receivers; these programs are intended to detect tampered cards and maliciously damage the cards or corrupt the contents of [[non-volatile]] memories within the receiver. This particular [[Trojan horse (computing)|Trojan horse]] attack is often used as an ECM ([[Electronic countermeasures|electronic countermeasure]]) by providers, especially in North America where cards and receivers are sold by the providers themselves and are easy targets for insertion of [[Backdoor (computing)|backdoor]]s in their computer [[firmware]]. The most famous ECM incident was the "Black Sunday" attack launched against tampered DirecTV "H" on January 21, 2001.<ref>{{cite news|url = https://abcnews.go.com/Technology/story?id=98990&page=1|title = DirecTV Strikes Back at Hackers|date = January 27, 2001|work = [[ABC News (United States)|ABC News]]|accessdate = October 15, 2024}}</ref> It intended to destroy the cards by overwriting a non-erasable part of the cards internal [[computer storage|memory]] in order to lock the processor into an [[endless loop]].

The results of a provider resorting to the use of malicious code are usually temporary at best, as knowledge of how to repair most damage tends to be distributed rapidly by hobbyists through various [[Internet]] forums. There is also a potential legal question involved (which has yet to be addressed) as the equipment is normally the property not of the provider but of the end user. Providers will often print on the smartcard itself that the card is the property of the signal provider, but at least one legal precedent indicates that marking "this is mine" on a card, putting it in a box with a receiver and then selling it can legally mean "this is not mine anymore". Malicious damage to receiver firmware puts providers on even shakier legal ground in the unlikely event that the matter were ever to be heard by the judiciary.

The only solution which has shown any degree of long-term success against tampered smartcards has been the use of digital [[renewable security]]; if the code has been broken and the contents of the smartcard's programming widely posted across the Internet, replacing every smartcard in every subscriber's receiver with one of different, uncompromised design will effectively put an end to a piracy problem. Providers tend to be slow to go this route due to cost (as many have millions of legitimate subscribers, each of which must be sent a new card) and due to concern that someone may eventually crack the code used in whatever new replacement card is used, causing the process to begin anew.

Premiere in Germany has replaced all of its smartcards with the Nagravision Aladin card; the US DirecTV system has replaced its three compromised card types ("F" had no encryption chip, "H" was vulnerable to being reprogrammed by pirates and "HU" were vulnerable to a "glitch" which could be used to make them skip an instruction). Both providers have been able to eliminate their problems with signal piracy by replacing the compromised smartcards after all other approaches had proved to provide at best limited results.

[[Dish Network]] and [[Bell Satellite TV]] had released new and more tamper-resistant smart cards over the years, known as the ROM2, ROM3, ROM10, ROM11 series.  All these cards used the [[Nagravision|Nagravision 1]] access system.  Despite introducing newer and newer security measures, older cards were typically still able to decrypt the satellite signal after new cards were released (A lack of [[EEPROM]] space on the ROM2 cards eventually led to them being unable to receive updates necessary to view programming).  In an effort to stop piracy, as by this point the Nagravision 1 system had been thoroughly reverse-engineered by resourceful hobbyists, an incompatible [[Nagravision|Nagravision 2]] encryption system was introduced along with a smart card swap-out for existing customers.  As more cards were swapped, channel groups were slowly converted to the new encryption system, starting with [[pay-per-view]] and [[HDTV]] channels, followed by the premium movie channels.  This effort culminated in a complete shutdown of the Nagravision 1 datastream for all major channels in September 2005.  Despite these efforts to secure their programming, a software hack was released in late August 2005, allowing for the decryption of the new Nagravision 2 channels with a [[DVB-S]] card and a [[Personal computer|PC]]. Just a few months later, early revisions of the Nagravision 2 cards had been themselves compromised. Broadcast programming currently{{When|date=November 2010}} uses a [[simulcrypt]] of Nagravision 2 and Nagravision 3, a first step toward a possible future shutdown of Nagravision 2 systems.

=== Litigation ===
Various groups have been targeted for lawsuits in connection with pirate decryption issues:
* In 2006, a decision in ''Snow v. DirecTV'' preserved the right of a private website owner to prohibit DirecTV from accessing an otherwise-public website run by plaintiff Michael Snow to serve anti-DirecTV activists.<ref>{{cite web|url=https://www.eff.org/cases/snow-v-directv-0 |title=Snow v. DirecTV |date=September 21, 2012 |publisher=Electronic Frontier Foundation |access-date=October 15, 2015}}</ref>
* DirecTV (as the euphemistically-named "End Users Group") had engaged in widespread [[spamigation|litigation against its own subscribers]]<ref>{{cite news|author=CHICAGO TRIBUNE |url=https://www.baltimoresun.com/2003/11/30/directv-accuses-thousands-of-signal-theft/ |title=DirecTV accuses thousands of signal theft |newspaper=Baltimore Sun |date=November 30, 2003 |access-date=October 15, 2015}}</ref> on the pretext that users who owned both a smartcard programmer and a DirecTV subscription were presumed to be using the equipment to unlock extra channels on the system.<ref>{{cite news|url=https://www.chicagotribune.com/2003/11/23/directv-in-hot-pirate-pursuit/ |title=DirecTV in hot 'pirate' pursuit |newspaper=[[Chicago Tribune]] |date=November 23, 2003 |access-date=October 15, 2015}}</ref><ref>{{cite web|url=https://www.theregister.co.uk/2003/07/17/directv_dragnet_snares_innocent_techies/ |title=DirecTV dragnet snares innocent techies |website=The Register |access-date=October 15, 2015}}</ref> A hundred thousand users were harassed with repeated and legally-questionable demands seeking thousands of dollars per user.<ref>{{cite news|last=Soto |first=Onell R. |url=http://www.utsandiego.com/uniontrib/20040815/news_1b15directv.html |title=DirecTV lawsuits target piracy |newspaper=[[San Diego Union-Tribune]] |date=August 15, 2004 |access-date=October 15, 2015}}</ref>
* In 2004's [[Timeline of Electronic Frontier Foundation actions#2001-2004|''DirecTV v. Treworgy'']], the [[Electronic Frontier Foundation]] helped establish that DirecTV cannot sue individuals for "mere possession" of smart-card technology,<ref>{{cite news|url=https://www.latimes.com/archives/la-xpm-2004-jun-16-fi-directv16-story.html |title=Court Restricts DirecTV Lawsuits |newspaper=[[Los Angeles Times]] |date=June 16, 2004 |access-date=October 15, 2015}}</ref> forcing the company to drop its "guilt-by-purchase" litigation strategy.<ref>{{cite web|author=Kevin Poulsen |url=http://www.securityfocus.com/news/8925 |title=Court clips DirecTV piracy suits |publisher=Securityfocus.com |date=June 16, 2004 |access-date=October 15, 2015}}</ref><ref>{{cite web|author=Fred von Lohmann |url=https://www.eff.org/deeplinks/2004/06/directv-double-play |title=DirecTV Double Play |publisher=Electronic Frontier Foundation |date=June 15, 2004 |access-date=October 15, 2015}}</ref>
* "NagraStar" (a joint venture of Nagravision/Kudelski and DishNetwork/Echostar) has also targeted US end users with legal threats and demands for money.
* EchoStar, as parent of [[Dish Network]], has sued manufacturers of [[FTA receiver]]s, claiming that the manufacturers were aware of or complicit in the distribution of aftermarket software which unlocks channels transmitted with compromised encryption schemes. The company has also sued operators of websites which published information about the security issues.
* DirecTV has used the [[Digital Millennium Copyright Act]] and the [[Federal Communications Act]] to target developers and distributors of software that allowed users to hack DirecTV's older generation access cards. One 2006 settlement in US federal case ''DirecTV and NDS vs. Robert Lazarra'' ended in a one million dollar out-of-court settlement.<ref>{{cite web|url=http://www.satellitetoday.com/telecom/2006/12/11/directv-nds-reach-piracy-lawsuit-settlement/ |title=DirecTV, NDS Reach Piracy Lawsuit Settlement |publisher=Satellite Today |date=December 11, 2006 |access-date=October 15, 2015}}</ref>
* In 2009, the US Ninth Circuit court ruled in ''DirecTV, Inc v. Hoa Huynh, Cody Oliver'' against DirecTV's claim that inserting a smart card into preexisting television equipment constitutes "assembling" a pirate device. DirecTV cannot sue on this theory, dismissing DirecTV's attempt to punish individuals twice for a single offense and upholding a lower court decision that 47 U.S.C., section 605(e)(4) does not apply to individuals owning interception devices solely for personal use. This decision protects legitimate security researchers.<ref>{{cite book|title=DirecTV, Inc., plaintiff-appellant v. Hoa Huynh, defendant-appellee DirecTV, Inc., plaintiff-appellant v. Cody Oliver : on appeal from the United States District Court for the Northern District of California : brief of amicus curiae Electronic Frontier Foundation favoring affirmance (eBook, 2005) |publisher=[WorldCat.org] |date=November 30, 2005 |oclc = 755040093}}</ref>
* DirecTV sued its smartcard vendor NDS, accusing News Data Systems of “breach of contract, fraud, breach of warranty and misappropriation of trade secrets” for its role in designing the now compromised H- and HU- series cards.<ref name="nbcflap">{{cite news|last=Sullivan |first=Bob |url=http://www.nbcnews.com/id/3078546/ns/technology_and_science-tech_and_gadgets/t/pay-tv-piracy-flap-intensifies/ |archive-url=https://web.archive.org/web/20160304141041/http://www.nbcnews.com/id/3078546/ns/technology_and_science-tech_and_gadgets/t/pay-tv-piracy-flap-intensifies/ |url-status=dead |archive-date=March 4, 2016 |title=Pay-TV piracy flap intensifies |publisher=NBC News |date=October 1, 2002 |access-date=October 15, 2015}}</ref>
* Canal+ and [[EchoStar]] have also sued NDS, alleging that the company [[reverse engineering|reverse-engineered]] and leaked information about their providers' rival encryption schemes.<ref name="nbcflap"/><ref>{{cite news|author=The Bryant Park Project |url=https://www.npr.org/templates/story/story.php?storyId=89990938 |title=An Amazing Lawsuit: Direct TV vs. Dish Network |publisher=[[National Public Radio]] |date=April 28, 2008 |access-date=October 15, 2015}}</ref>
* Québécor-owned [[cable television]] operator Videotron sued [[Bell Satellite TV]] on the grounds that free signals from compromised satellite TV encryption unfairly cost the cable company paid subscribers. After multiple appeals and rulings against Bell, Québécor and [[TVA Group]] were ultimately awarded $141 million in 2015.<ref name="rc-bell-videotron">{{cite news|url=http://ici.radio-canada.ca/nouvelles/Economie/2015/10/15/002-videotron-bell-expressvu-cour-supreme-refuse-entendre-appel.shtml |title=Bell ExpressVu devra verser des millions à Vidéotron |publisher=Radio-Canada |date=May 22, 2015 |access-date=October 15, 2015}}</ref>

One of the most severe sentences handed out for satellite TV piracy in the United States was to a [[Canadians|Canadian]] businessman, Martin Clement Mullen, widely known for over a decade in the satellite industry as "Marty" Mullen.

Mullen was sentenced to seven years in prison with no parole and ordered to pay DirecTV and smart card provider NDS Ltd. US$24 million in restitution. He pleaded guilty in a [[Tampa, Florida]] court in September 2003 after being arrested when he entered the United States using a British passport in the name "Martin Paul Stewart".

Mr. Mullen had operated his satellite piracy business from Florida, the Cayman Islands and from his home in London, Ontario, Canada. Testimony in the Florida court showed that he had a network of over 100 sub-dealers working for him and that during one six-week period, he cleared US$4.4 million in cash from re-programming DirecTV smartcards that had been damaged in an electronic counter measure.

NDS Inc. Chief of Security John Norris pursued Mullen for a decade in three different countries. When Mullen originally fled the United States to Canada in the mid-1990s, Norris launched an investigation that saw an undercover operator (a former Canadian police officer named Don Best) become one of Mullen's sub-dealers and his closest personal friend for over a year. In summer of 2003 when Mullen travelled under another identity to visit his operations in Florida, US federal authorities were waiting for him at the airport after being tipped off by Canadian investigators working for NDS Inc.

However, the [[NDS Group]] were accused (in several lawsuits) by Canal+ (dismissed as part of an otherwise-unrelated corporate takeover deal) and Echostar (now Dish Network) of hacking the Nagra encryption and releasing the information on the internet.  The jury awarded EchoStar $45.69 actual damages (one month's average subscription fee) in Claim 3.

[[Bell Satellite TV]] (as Bell ExpressVu) was sued by [[Vidéotron]], a Québécor-owned rival which operates [[cable television]] systems in major [[Québec]] markets. Québécor also owns TVA, a broadcaster. Bell's inferior security and failure to replace compromised smartcards in a timely fashion cost Vidéotron cable subscribers, as viewers could obtain the same content for free from satellite under the compromised Nagra1 system from 1999 to 2005; pirate decryption also deprived TVA's [[French language]] news channel LCN of a monthly 48¢/subscriber fee.  The [[Superior Court of Quebec]] awarded [[Canadian dollar|$]]339,000 and $262,000 in damages/interest to Vidéotron and TVA Group in 2012. Québec's Appeal Court ruled these dollar amounts "erroneus" and increased them in 2015; despite an attempt to appeal to the [[Supreme Court of Canada]], a final award of $141 million in damages and interest was upheld.<ref name="rc-bell-videotron"/>