CEA, IT Companies Urge FCC to View Downloadable Security Skeptically

Given cable’s unreliability in meeting previous deadlines -- including failure to comply with its “specific obligation” in July 2004 to support CableCARD devices -- CEA said the FCC shouldn’t assume a “vague prediction” of national DCAS deployment will meet the expectations set out in the Commission’s 2nd Report and Order. CEA said it had argued against the FCC’s extending its integration ban on cable set-tops to July 2007 because there was little evidence cable deliver a DCAS solution by then. NCTA’s own “projected schedule” for DCAS deployment a year later “shows this was an understatement,” CEA said. Comments filed jointly by 2 coalitions of IT and CE companies agreed with CEA that, while cable submitted DCAS to convince the FCC to extend the integration ban another year, the current NCTA proposal doesn’t justify that extension.

In the end, the Commission granted the one-year extension on the condition that cable a file progress report by Dec. 1 on DCAS development and a schedule for its deployment. In that report, delivered to the FCC a day early, NCTA told the Commission that the feasibility of DCAS was proven, but it would require much work before it could be made available commercially. The NCTA report said a “secure key distribution system” at the heart of DCAS would include a microprocessor embedded in the set- top or DTV; a keying and programming facility that can install secret keys in the microprocessor; system authentication functionality; and ways “to identify and track secure microprocessors so they may be properly validated by a trusted authority when they connect to a network.” NCTA said construction would begin first quarter this year on the keying facility, which is expected to go online by 3rd quarter. Development of ASIC chips for commercial products will be complete by late 2007, and testing on finished devices is expected by early 2008 in preparation for a July launch that year, NCTA said.

CEA said even NCTA’s prediction of a July 2008 deployment date “falls far short of a commitment, representation or demonstration that competitive entrant devices, or indeed any devices, will be able to operate on cable systems by July of 2008 by relying on DCAS.” The NCTA “gives no specific assurance” of complying with an integration ban “as to any date,” CEA said.

Despite NCTA’s efforts to portray CableCARD progress, CEA said the actual “record is sad and disappointing” and “validates” the Commission’s finding in its decision that only an integration ban “will produce real equality” between MSO-leased set-tops and those sold at retail by CE makers. The 80,000 or more CableCARDs deployed account for barely 2% of the 2.8 million CableCARD-ready DTVs sold, CEA said. The “acknowledged refusal” of some MSOs to promote CableCARDs is only one reason for their low penetration, CEA said. That the software and firmware support provided by local MSOs and their national vendors have been “technically deficient and/or unreliable” is another important shortcoming, CEA said. Upgrades were necessary for individual DTV models, some due to “non- standard test conditions at CableLabs,” CEA said. Even so, it’s clear that many MSOs launched their CableCARD support efforts with firmware, software and systems support inadequate for the “full and proper operation of any CableCARDs or TV that relied on CableCARDs,” CEA said. Moreover, CEA said, because CableCARDs “were, and remain, relatively rare on cable systems, the ‘back end’ channel authorization and billing systems of several local cable operators belonging to their most prominent MSOs were not, and have not been, adapted to support ordering and installation in CableCARD homes.”

Even where there have been no technical problems, CableCARD customers can’t receive the channels they have subscribed to, CEA alleged. CE makers’ field reps “have seen this time and time again,” even in MSOs where these problems have been well reported, CEA said. The result is that it has been difficult for CE makers and retailers to market the CableCARD feature with any confidence of assuring customer satisfaction, CEA said: “It remains a much safer course to market a ‘monitor’ and to urge the customer to obtain a set-top box -- even where a customer would be content only with the entertainment offerings supported by a CableCARD.” The statement seemed to represent CEA’s first outright suggestion since the CableCARD requirement took effect July 2004 that CE makers and retailers had thrown in the towel on CableCARD.

CEA said it can’t comment on the DCAS specifications because it or most of its members haven’t seen them. Samsung is presumed to be one exception, as the company signed a DCAS license agreement with CableLabs the day before NCTA filed its progress report at the FCC. Answers to key DCAS licensing questions also are absent from NCTA’s report, including the identities “of all responsible parties who will hold veto power over the use of licensed products,” CEA said. CEA’s understanding is that viewing the DCAS specs requires signing an NDA with Comcast -- not CableLabs -- and firms “must, sight unseen, agree to certain intellectual property grantback provisions in so doing,” it told the Commission. CEA and its members have been told the specs won’t be available for public inspection or discussion until mid-2006 at the earliest,” it said. NCTA and its members “can’t have it both ways,” CEA said. “Either its DCAS proposal is fully spelled out and ready for a public airing,” sufficient for an FCC evaluation, or it isn’t, and “the evidence that it isn’t is overwhelming,” CEA said.

Approval of the DCAS proposal in its current form “would not be in the public interest,” said a coalition of IT companies that filed jointly. The companies -- ATI Technologies, Dell, Hewlett-Packard and Intel -- said the NCTA report proposes content protection robustness rules so unnecessarily stringent “they would severely impede computer industry participation in the market for digital television navigation devices with no corresponding gain in content security.” Like CEA, the IT firms said NCTA’s “failure to provide important information regarding the logistics of DCAS licensure makes it nearly impossible for interested industry participants to comment on other aspects of the DCAS plan.”

The various “shortcomings” in the NCTA report “put consumers at risk of diminished choices without providing any corresponding benefit to content providers,” they said: “Consumers increasingly expect their personal computers to have the capability of displaying video content received via cable and the Internet. They are not expecting - nor should they be forced to endure - dramatic increases in the price of computers that incorporate this functionality. Unfortunately, under the NCTA’s current proposal, that is exactly what consumers will experience.” The IT companies urged that the FCC “not further delay the integration ban, but invite the NCTA to address the issues raised in this and other filings” provided by computer manufacturers.

DCAS is most flawed, the IT companies said, is in (1) defining the PCI Express interface, a critical part of a personal computer’s internal architecture, as a “user accessible bus” over which unencrypted controlled content may not travel, and (2)requiring the interface between discrete decryption engines and discrete video decoders be encrypted, regardless of the robustness of the interface. Both these features, if applied to devices that will implement DCAS or to devices that will connect to DCAS- compliant devices, “would negatively impact consumers without providing any benefits to the cable industry or their content suppliers,” they said. Compliance would require PC makers “to alter internal system architecture at great cost, and ultimately consumers will receive equipment that is more expensive and less flexible.”

Dell, HP and Intel joined Sony Electronics in a filing to say that although they generally support the move to truly downloadable security, they can’t support the NCTA proposal “because that regime will not result in a truly competitive market for cable-compatible navigation devices. Instead, it will effectively preclude the makers of multi-function devices like personal computers from participation in that market.” Because the NCTA doesn’t provide a “reasonable alternative” to the impending integration ban deadline of July 1, 2007, the Commission should inform the cable industry “that it must comply with that deadline,” they said.

At the same time, the companies said, they continue to support the development of a truly downloadable content security mechanism. “In the interests of developing such a regime, the Commission should inform the cable industry that it will entertain a further submission that revises the downloadable security model to ensure that all consumer product manufacturers have reasonable access to that market segment,” they said. “The Commission also should urge the cable industry to discuss future downloadable access specifications with interested parties from the consumer electronics and personal computer industries, so as to facilitate a truly competitive market segment for cable-compatible navigation devices.”