REJECT MPAA BID TO TINKER WITH TIVOGUARD, TIVO URGES FCC
If the FCC bows to MPAA pressure to impose impractical restraints on the already-secure TiVoGuard digital output protection technology, it would “contradict” the Commission’s goals in the DTV broadcast flag proceeding and foster a result that wouldn’t be very consumer-friendly. So said TiVo in a white paper filed at the FCC in defense of its bid to win Commission certification of TiVoGuard as an authorized content protection technology for broadcast flag -- one of several technologies for which such certification is being sought.
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
The MPAA and its member companies have been urging the FCC to reject that bid for months, most recently in meetings June 25 with the Commission’s Media Bureau, according to an ex parte filing. Although the MPAA has praised TiVoGuard as “a promising technology” with “a strong level of security” and the ability to be upgraded if hacked, it also has fatal flaws “that preclude authorization of the technology at this time” for broadcast flag. In particular, TiVoGuard would fail to “sufficiently protect” against the unauthorized Internet redistribution of “marked” and “unscreened” content because it lacks so-called “distance-based limitations” that would confine the redistribution of such content to within the 4 walls of a home network, the MPAA has told the Commission in recent filings.
TiVo has responded by standing firm in its defense of TiVoGuard. In a filing at the FCC accompanying the white paper, it said the system “relies on proven authentication and encryption methods to ensure that content flows in a usable form only between a very few devices registered with TiVo under one customer’s credit card. Any method based on standard “TCP/IP” Internet protocol to “constrain” content to an arbitrary “local environment” such as a home network would compromise TiVoGuard so it will be “either inherently insecure or will frustrate consumers’ use and enjoyment of DTV,” TiVo told the Commission. Moreover, it said, MPAA’s efforts to depict the potential harm that could come from a TiVoGuard authorization are based “on a series of unspecific and unsupported claims that, at best, are outside the scope of this proceeding.”
As for the white paper itself, it discusses 2 methods that could be used to further limit where each “packet” of TiVo content may travel, but only to show those remedies wouldn’t be practical and are unnecessary, given that TiVoGuard already is robust. One method, called “TTL” (for “time to live"), is information embedded in a packet header that determines how many “hops” a packet is allowed to make, the paper says. Each time a packet passes through a router or other device, it counts as one hop. The router subtracts a value of one from the packet’s TTL with each passthrough. When the values within a TTL reach zero, the packet is deleted by the next router it encounters.
Setting the TTL value in a packet header to a low number, such as 5, may seem on face value like “a logical way to prevent a packet from traveling too far from home,” the paper says. However, the TTL easily can be defeated or manipulated to make the method useless in preventing massive redistribution of the content over the Internet, it says. For example, it’s “quite easy” to modify a router so it adds values to the TTL rather than subtracting from them, it says: “A router that adds a large number to the TTL of each packet would substantially increase the distance the packets are allowed to travel, thereby defeating the TTL method.” In another vulnerability of TTL, it says, a packet programmed for a small number of hops can be “encapsulated” within another. “A packet that is thus hidden can travel incognito until it reaches its destination,” making it “relatively simple” to redistribute content across the Internet without authorization, the paper says.
A 2nd method, “RTT” (for “round trip time"), is an estimate of the time a packet would need to hop from one router to another and for the sender to receive an acknowledgment that the transfer has taken place, the paper says. It theoretically would be possible to use RTT to determine whether a given packet originated within a give home network, it says: “Any packet whose actual travel time exceeded the expected RTT would be from outside the home network. An RTT-based security method would send a packet to a receiving device, time its actual round trip travel and compare the result to the anticipated RTT.” Any arriving packet falling outside the anticipated RTT parameters would be rejected, thereby thwarting its redistribution.
However, “in the real world, RTT is an unreliable way to estimate the distance between 2 devices in a network,” the paper says. Many factors can slow network performance within a home and prolong a packet’s travel time, it says. A packet traveling between 2 devices within a home might take long enough that it would appear to have come from outside the home. Any such packet might well be rejected, and “this would frustrate consumers’ use and enjoyment of DTV,” the paper says. Contrarily, it says, nationwide broadband networks are now fast enough “that a packet traveling far outside the home might return quickly enough to appear to have remained within the home network,” and be accepted, compromising the security of the system.