One of the major challenges of the digital cinema era is its inherent vulnerability to content theft. While piracy was possible in the film era, it’s much more pervasive and much less cumbersome today. That the incidents of global theft increased dramatically during the pandemic should come as no surprise. People worldwide were trapped in their homes and searched everywhere online for entertainment. And they found stolen content in numbers that are astonishing. In 2018 the Motion Picture Association launched the Trusted Partner Network to establish security benchmarks and a site security assessment to prevent content leaks and piracy. In the beginning the goal, as one executive said, was “to keep pace with an industry where security threats are more insidious and sophisticated, and work in the cloud has become the new norm.” Then COVID-19 hit. As the pandemic slowly, but surely begins to ease, the TPN has once again begun to make strides. Last April, the network announced that it is “expanding its program to better serve the media and entertainment industry as it continues to grow globally and in complexity, and now conducts much of its business in the cloud.” Then, in August 2022 it selected Technology, Media, and Telecommunications Insights to build, implement and support the new security assessment platform. More upgrades were announced last week. I recently spoke, via email, with TPN president Terri Davies about all that and about the challenges she faces today and in the future. Here is that conversation:
Digital Cinema Report: The TPN has said that software piracy is on the rise and ransomware attacks continue to be prevalent, adding that in the U.S. alone, the content and distribution sectors are losing billions of dollars annually to digital content theft. Do you have any exact figures to share here?
Terri Davies: The Alliance for Creativity and Entertainment, or ACE, is the Motion Picture Association’s anti-piracy arm. Based on an ACE analysis, there were 159.6 billion visits to film and TV piracy sites globally in 2021, up sharply from 32.5 billion visits in 2018. The financial losses associated with this amount of digital piracy cannot be overstated. The Digital Citizens Alliance and Nagra reported in 2020 that piracy operators make more than $1 billion in illegal subscriptions in the U.S. alone. This doesn’t include revenue from the sale of illegal devices and advertising on piracy sites. International piracy sites also have an impact on the U.S. economy, which loses at least $30 billion each year and at least 230,000 jobs to operators in other countries that illegally distribute content produced in the U.S. and/or who have U.S.-based subscribers.
DCR: Why is TPN important to our readers?
TD: TPN is a global program that works to protect content in all stages of development. TPN launched in 2018 and last year came under the full management of the MPA. TPN is important to both service providers and content owners because they can centrally share information related to security status for independent risk-based decision making. The initiative leverages the MPA Content Security Best Practices to assess and communicate the security status of service providers to the content owner community and raise the bar for content security in general. We work with industry stakeholders throughout the supply chain. With the introduction of Application and Cloud Best Practices and an updated TPN assessment, we now cover content security, including software applications, at every stage of development, from pre-script to screen.
DCR: What successes has TPN had since it began in 2018?
TD: TPN launched in 2018 to meet the industry’s need to standardize and centralize content security – and to ensure the security of content. Growth in the first year was impressive. Due to COVID, in 2022, our priorities expanded to keep pace with increased security threats, evolving technology, an increasingly complex supply chain and to quickly address the accelerated migration of content to the cloud.
We worked closely with multiple global content owners, service providers, and assessor partners to gather their views and input. Their feedback, combined with our own strategic initiatives, have enabled us to meet several key milestones. They include publishing the updated TPN site and cloud assessor qualifications last summer, publishing the MPA Content Security Best Practices v5.0 to include App/Cloud Security last fall, and launching our new custom-built technology platform (TPN+) and updated TPN program and membership model this month.
DCR: After announcing TPN would be rolling out its enhanced program last April, last week you launched your upgraded program and new TPN+ platform. Tell us about that.
TD: Our enhanced TPN program serves as an essential community ecosystem for monitoring, validating, and managing security risk and compliance. We’re proud of the work we’ve done to address the changes in our industry. Content owner members now have a source of truth for content security information to help with their independent, risk-based decision-making when choosing service providers. In turn, service providers, including software application providers, use the TPN+ platform to participate in assessments or self-reporting to communicate and manage their cloud-based and site security status.
TPN+ is our newly revamped platform for member companies, which provides standardization, greater flexibility, and enhanced multi-layered transparency to global content owners and service providers.
DCR: Who can belong to the TPN, and what are the costs?
TD: TPN membership is open to content owners, service providers and assessors. Content owners and service providers can range from individual contributors to large-scale, global companies.
Our new, multi-tiered membership model is designed to make the TPN program more accessible to the greater community. Details on our membership tiers and pricing can be found at https://www.ttpn.org/membership/
DCR: How many companies currently belong to the TPN?
TD: Since TPN’s inception in 2018, more than 1,000 service providers have joined, and new members join each day. The weeks leading up to the launch of our upgraded program and new TPN+ platform was incredibly exciting as we had a steady stream of early adopters join.
DCR: How many of those companies are based in the United States?
TD: The U.S. represents 36 percent of the total membership.
DCR: Where are the other companies based?
TD: Current TPN membership covers 26 different countries, and the list is growing.
DCR: What do they get for their membership?
TD: One of the big industry challenges we wanted to solve was accelerating a service provider’s ability to report their security status to the content owners.
With the new membership model, service providers are part of the TPN registry and can self-manage multiple layers of information through enhanced functionality. They have access to a comprehensive content security platform that allows for efficient communication and measurement of their security preparedness. The platform introduces self-attestation of non-TPN certifications and self-reporting via the TPN questionnaire, which leverages the MPA Content Security Best Practices v5.0. TPN also offers members different levels of security status and assessment, indicated by blue or gold TPN shield icons, which are assigned for either self-reported or third-party assessed reporting.
Content owner members now have a centralized resource for researching and selecting secure service providers. They can access a service provider’s profile, view their self-reported and third-party assessed security status, and any associated remediation items and status. Gold-level content provider members have additional benefits, including prioritization of remediation items.
TPN also manages a third-party accredited TPN Assessor program through which member service providers and content owners can easily view an assessor’s accreditation status. We have introduced a grading system to provide transparency around an Assessor’s years of audit and media and entertainment experience, as well as their experience and performance in the TPN program.
DCR: Last August the MPA selected TMT (technology, media, and telecommunications) Insights to build, implement, and support the new security assessment platform for the Trusted Partner Network. How has that relationship benefited TPN members?
TD: We worked with TMT Insights to build the new TPN+ platform from the ground up. TMT Insights’ dynamic back-end solution and user-friendly front-end is a game-changer for content owners, service providers, and our third-party assessment community. It has simplified the processes and centralized a vast amount of data and information. The platform was designed based on cybersecurity best practices to function as a community framework. It greatly improves communications between all stakeholders.
DCR: What’s next for the TPN?
TD: One of our key priorities is to serve as a community network driving a continuous improvement program that benefits all stakeholders. We’d like to see content owners, service providers, assessors, and the industry join forces under the shared goal of improved security preparedness, awareness, and anti-piracy measures across the entire media supply chain. Providing value is important to us. We will continue the conversation with our members and industry stakeholders to keep evolving and addressing the challenges ahead with the most innovative, advanced solutions.