Q&A: Christopher Levy, CEO, BuyDRM
With nearly a half-century of streaming industry observations, experience, and expertise between them BuyDRM CEO Christopher Levy and Help Me Stream Research Foundation Founder Timothy Fore-Siglin gathered at Streaming Media Connect 2025 for a richly detailed, insightful, and wide-ranging interview on the state of content protection technology and strategy. The discussion covered various aspects of digital rights management (DRM) and its role in combating streaming piracy.
Key topics included the evolution of DRM technologies, the importance of watermarking, and the challenges posed by organized piracy. The session also addressed the technical and financial implications of implementing DRM and watermarking solutions, particularly for live events and high-value content. Audience questions highlighted practical concerns about DRM implementation, key rotation, and the impact of VPNs on content security. Their conversation underscored the ongoing need for innovation and robust security measures in the streaming industry to protect content and ensure fair access.
What follows is a partial transcript of the discussion, edited for space and clarity. The full interview video is available here.
Timothy Fore-Siglin: When we all first started in the industry, the technical challenge was just to get the content delivered. I remember early things like the Victoria’s Secret live streams that broke the internet. Once we got past that technical hurdle of getting it delivered, then came the question of how to protect particular types of content. What are the types of content that normally require the most protection, both back then and also as you come to the current day?
Christopher Levy: We started ClickHear Productions back in ’96 and then sold it to Navisite and launched the first multi-CDN in 2000. That was about the apex moment of [peer-to-peer] file sharing; Kazaa and LimeWire were just smoking along and our good friend Michael Robinson had launched MP3.com and the whole media and entertainment industry had realized that we had let the genie out of the bottle and quickly Microsoft and Sony and Reciprocal and Intertrust were lined up to solve the problems right away. Shortly thereafter, Google acquired Widevine and [transformed it] from an appliance-based security for video to a cloud- and software-based platform. Each one of the tech operators had to roll out A DRM, and shortly thereafter, Steve Jobs wrote his tome “Let DRM Die” and then Apple went on to become the largest distributor of DRM content in the world.
To jump from there to now, the mandatory areas are primarily studio- and major operator-licensed content, and specific large sporting events. And DRM is now the prolific technology in streaming music; it allows you to download those playlists and play them offline.
So in a weird kind of way, DRM did end up being the standard for the music industry, but I think the main thing that happened in that period was that we went from low-bitrate video to 4K multi-format video with different adaptive bitrates inside of it for the different presentation sets necessary. And today that’s where the lion’s share of DRM is being used: encrypting higher-quality video content and early release, new release content. One cool thing about DRM becoming a consumer mass technology is that technologists at large—Apple, Google, Microsoft, and all of their partner ecosystems like BuyDRM and others—had to make it go away, if you know what I mean. Remember when we used to talk about the license acquisition window in the Windows Media Player and Flash had its own license acquisition window, and everybody was like, "I don’t want to do this. They’re reading my email." It was good to see at least in that period that DRM has become just another transparent security technology that’s not a hindrance generally to consumers.
Fore-Siglin: Today, when we look at AVOD and FAST—which is some on-demand and playlist as well as live—where does DRM play with those models?
Levy: We’ve run Sony Crackle and worked with Tubi TV for many, many years, and we power Samsung TV Plus exclusively, so we have customers that are doing AVOD and FAST. Because it’s ad-supported, there’s server-side ad insertion and scripting. There’s datalytics that have to be captured. We went through that whole period of spam bots and fake ads, and so I think now when you look at FAST and AVOD, digital rights management’s role is twofold. One, to be sure that they’re able to gather the datalytics to confirm that people are actually watching the content. Second, to drive them back to that massive long-tail and evolving-tail catalog of content.
Fore-Siglin: You mentioned server-side ad insertion or SSAI, which makes it possible to stitch ads directly into the content and allow a seamless stream to go out to the end user. Translating that model to watermarking, there’s been a move to do edge-side insertion of watermarking as opposed to origin-side. Is this similar to server-side vs. client-side ad insertion from a financial standpoint?
Levy: It’s easier to protect one linear stream that’s being encrypted that at the point of origin has the ad inserted into the bitstream. If you’re rolling along playing a premium piece of content and then all of a sudden in the background your player is caching an ad stream and then the player stops what it’s doing, cuts over to the ad stream, and then comes back. that’s harder to protect. There are a lot more moving parts, and a lot more opportunity for latency and failure. That’s how server-side ad insertion came into play and that’s why DRM works so well on AVOD and FAST.
Pivoting out of that, when you move into high-value gate crashing—live sporting events like cricket or European football or the NFL—it’s important to be able to do the watermarking at the edge because you’re just not capable of fetching back from the origin through your network to the edge server through a cache, a unique stream for each user.
Around 2021, with everybody locked in their homes and people not able to go to the theaters and more time to mingle and dingle in people’s stuff and learn tools and talk online, we saw piracy start to really peak. A lot of the conditional access service companies who also offered DRM, partnered with the market-leading content delivery networks to move that watermarking function to the edge. Typically, these premium live sports are subscription events that people pay to get. In that model they’re just shifting the compute resource instead of stuffing ads, they’re moving it to the edge to do the A/B watermarking.
For premium paid live sports and entertainment model, that’s the model that works the best. The cons to it are that now that you’re running the watermarking on the CDN as an edge function, you’ve increased your cost per unit to deliver the content because now you’ve got to pay the watermarking vendor for the use of their technology at the edge. You’ve got to pay the CDN for the compute functions that are running the watermarking at the edge. You have some additional storage costs because you’re transmitting two different versions of the movie files to the edge where they’re being randomly using an algorithm spliced back together.
So you shift the cost center from inserting the ads on the server side to doing the watermarking at the edge. Based on the shift in the business model where the user’s actually paying for the content, that makes sense.
Fore-Siglin: You mentioned A/B watermarking, which is essentially two separate versions of the stream that are stitched together. Without going into too much technical detail, how does the player understand whether it’s getting a proper stream from that A/B stitch?
Levy: Generally, there are a couple different approaches to watermarking in our industry. There’s a server-side approach where the watermark is done at the origin, and there’s an edge or A/B approach. With all these technologies, when you upload a file, the file is scanned to find an optimal place to insert the forensic watermarks.
With the server-side or origin approach, the watermark is being written into the file at the moment the user requests it. Then, using server-side tokens or whatever CDN authentication mechanism is in place, that stream is validated and delivered to the user and then they get a DRM license and they play the content back.
It’s a little different in the A/B world. Just like the name implies, you’re taking two slightly different versions of a movie and an algorithmic packager at the edge is randomly grabbing different chunks, reformulating them into a stream, and then the edge of the CDN is delivering a stream that is unique to that user.
Later on, if a user were to take that stream and recapture it or rebroadcast it and there’s a variant that’s available, it gets run through a detector. No matter what the watermarking company vendor is, somewhere in there, they can find the watermark that was put into the file. Typically, it is in the form of a hash, which then the client can go back and look in their database and say, "Oh, for that unique watermarking session on Akamai, this user got this stream. That hash equates to John Doe 126 and he’s in Pennsylvania." That’s A/B.
A third approach that is extremely popular—and in my opinion, the only one that’s viable long-term for big live gate crash events—is like what Friend MTS does. I don’t normally mention vendor-specific things, but I have no stake in Friend MTS. The way that they do client-side watermarking is, the bitstream is transported over a VPN down to the player on the user side, and then the user’s player actually watermarks the content on their device. The higher the quality of the content (SD, HD, UHD, or 4K), the more secure the payload is in the player that the vendor is using from MTS to protect the content. Those are the three different approaches that are in place today. And the A/B watermarking one probably has the potential to affect the industry the most.
Fore-Siglin: But it’s probably going to have to be recalculated in terms of how the financial models are structured.
Levy: There is probably going to have to be more of a revenue share model, a collapsed single cost per user per month, or a seat model because right now a lot of the models don’t really pair up. You might be paying your watermarking vendor per user per month, but you might be paying your CDN per edge session, and if a user comes back and watches the same show 100 times, it could take us back to the early days of CDNs when we didn’t know how to price. Are we pricing bandwidth or transfer? Are we pricing how wide the pipe is or how much water goes through the pipe? That’s kind of how I think watermarking is right now. For the A/B approach to really take off, it probably needs to be refactored as a business.
Fore-Siglin: When you talk about live sporting events and live music events, how big do you need to be, or how premium does your content need to be to do things like edge-side, A/B watermarking, versus just saying, “If my content gets pirated, it gets pirated?”
Levy: That’s not one of those decisions I like to be in the room on the customer side, but I think it’s kind of well-known. When we look at all these cricket matches because of the millions of users they have, they’re going to have to continue to use watermarking to eliminate these organized crime rings. Some of the bigger cast companies that are still in business talk about this a lot.
There are three levels of piracy. There’s casual piracy: I forward my friend my Netflix credentials, or I download a Netflix movie and I send it to my friend and my friend won’t be able to watch it..
Then there’s organized piracy: Five or six kids that are studying computer sciences at an Ivy League school get access to a new build of Chrome or Android, and they find some security hole and they’re going to write a bunch of tools and then six months from now release the tools just so they can say they did it.
The real threat is organized piracy, or ring piracy. This type of piracy mostly affects European football and cricket, those types of massive gate-crash events. It happens when pubs and small operators get a stream, replicate it in a small closet data center. Watermarking is really the only way you’re going to find out who is actually redistributing your content and cutting into your top line and your bottom line.
What it comes down to is, if you’re a Hotstar, a European football league, a UFC, or an F1, you need to start looking at these technologies more and more because watermarking with DRM is the only way to absolutely nail a pirate.
Fore-Siglin: One of the things that was fascinating in the conversations that we had on a panel back in mid-2024 where we talked about these different levels of piracy was the fact that those very commercial pirates were not only rerouting the stream and attempting to steal it, but also pushing DDoS attacks back at the primary broadcaster so that even legitimate users couldn’t watch it from the primary broadcaster. They had to go to one of the pirated sites. That was just shocking to me. But I guess if you’re building a criminal enterprise, you might as well build it in a way that guarantees that you get a revenue stream.
Levy: These are intelligent pirates who realize you can’t fight a war on two fronts. So if you’re busy trying to keep your site up with DDoS attacks and you’re spending all your energy on denying that, you’re probably losing focus on the back door and the maintenance, and the CDN leaching.
When they do these types of attacks, they’re doing it to distract you, to get you to consume resources within your organization just to defend having the stream up. When you do that, it takes money out of your budget to actually fight piracy. If you’re having to pay CloudFlare more for DDoS during a live event and you have a fixed budget--which you typically do because these are subscription services--then you have less money to flex on fighting piracy. They know that, so they try to drag you into these two-faced battles and hope that you’ll pick the DDoS battle and spend all your time and money and energy there, and then they’ll get access to one or two live streams and theft them.
Fore-Siglin: One last question about using edge compute for watermarking: Does that increase the latency in any way for the live event getting to the customer versus if they’re doing origin-based watermarking?
Levy: On live sporting events, the only approach that we’ve seen actually work that is cost-approachable is the client-side watermarking approach. Let’s say that Hotstar were to go all in on Akamai using a well-known A/B watermarking kit. It is going to add some latency, and it’s going to add some complexity, but it’s going to drive the costs up tenfold. That’s why on big gate-crash live events, client-side watermarking is the only viable approach because you’re using the user’s compute to do the watermarking, the stream is basically VPN-protected anyway, and the stream is encrypted inside the VPN tunnel, which is also encrypted. So I still fall back to that.
Learn more about BuyDRM at https://buydrm.com/.
(512)377-1340 | 2303 RR 620 S., SUITE 160-155, AUSTIN, TX 78734 | INFO@KEYOS.COM | BUYDRM.COM | BUYDRM
This article is Sponsored Content
Related Articles
For ad-supported streams, one of the many benefits of server-side ad insertion (SSAI) is the ability to protect the stream against piracy by encrypting it at the point of origin when the ad is already inserted in the bitstream. Bu for premium sports streams that are subject to what BuyDRM CEO Christopher Levy calls "high-value gate-crashing"—sophisticated piracy ring-level content theft—watermarking at the edge has become "the model that works the best," Levy says, as he enumerates the reasons for a growing shift to edge-side watermarking in this interview with Streaming Media's Tim Siglin at Streaming Media Connect 2025.
16 Mar 2025
We spoke with BuyDRM CEO and co-founder Christopher Levy about how his company is keeping up with the demand, how CMAF is changing the video landscape, and how watermarking and DRM are working hand-in-hand to thwart piracy.
05 Nov 2020
Companies and Suppliers Mentioned