The FCC-appointed Downloadable Security Technology Advisory Committee (DSTAC) is closing in on a deadline to offer recommendations for a CableCARD replacement, but there's no consensus in sight.

Mari Silbey, Senior Editor, Cable/Video

July 9, 2015

6 Min Read
Desperately Seeking a CableCARD Replacement

With just two months to go until the FCC's September deadline, members of the Downloadable Security Technology Advisory Committee (DSTAC) are still at odds over what to recommend as a replacement for the outdated and largely ineffective CableCARD solution.

The US government passed a law late last year ending the separable security requirement -- the so-called CableCARD mandate -- for cable set-tops. The FCC immediately followed that action by forming the DSTAC and giving the committee the task of developing recommendations for a new downloadable security solution by September 4.

The goal in creating a far-reaching downloadable security solution is to make it easier for third-party devices like retail DVRs and other video equipment to access traditional pay-TV services. That same mandate was behind the development of the CableCARD, but now the industry is being asked to extend the scope of its vision even further. In addition to making the security solution downloadable -- a move designed to simplify installation for consumers -- DSTAC members are charged with including both satellite and telecom TV providers in their development of recommendations. CableCARD technology, in contrast, applies only to the cable industry. (See FCC Panel Debates CableCARD Successor and FCC Suffers Content Security's Growing Pains.)

The Federal Communications Commission (FCC) 's intent with the downloadable security initiative is a noble one. However, the latest DSTAC meeting this week proved that some of the challenges involved may simply be insurmountable.

For example, one working group within the DSTAC suggested that downloadable video security might need to be integrated into the embedded software system of a retail device. However, Matthew Chaboud, a senior software engineer at Amazon Lab126, which is a research and development subsidiary of Amazon.com Inc. (Nasdaq: AMZN), pointed out in no uncertain terms that the consumer electronics (CE) industry won't allow third-party code to be downloaded into a retail device's trusted execution environment. Chaboud said that downloading security keys isn't a problem, but that CE companies simply won't allow service providers to download actual executable code into that environment for decrypting video signals.

"Presumably I would not be afforded the opportunity to fully inspect any code," said Chaboud, noting that the software would be proprietary. And he added that CE companies wouldn't be willing just to trust service providers and vendors who promise the security code won't cause any harm.

Dr. Joseph Weber, CTO for the service provider unit of TiVo Inc. (Nasdaq: TIVO), pointed out that the industry avoided this particular issue with CableCARD because there were two trusted environments involved; one in the consumer device and one in the CableCARD security module.

Want to know more about the pay-TV market? Check out our dedicated video services content channel here on Light Reading.

In addition to complications on the retail hardware side, there are also difficulties that stem from a widely varying pay-TV provider landscape. The video delivery systems already deployed by providers make it difficult,if not impossible, to come up with a single security solution that fits everywhere. Bruce McClelland, president of network and cloud and global services for Arris Group Inc. (Nasdaq: ARRS), noted that "the objective is to find a uniform solution." But both he and Jay Rolls, CTO for Charter Communications Inc. , acknowledged that perfect uniformity would likely not be achieved.

As an antidote to the problem of defining a single solution, Brad Love, chief technologist for Hauppauge Digital Inc. , recommended some kind of translation mechanism -- a "virtual headend or bridge device" -- that could output different conditional access technologies into a standardized format. That idea, reminiscent of the FCC's earlier AllVid initiative, could work, but it would be burdensome to service providers, and it also wouldn't be a clean answer for everyone. Some operators, like Dish Network LLC (Nasdaq: DISH) and AT&T Inc. (NYSE: T), would likely still need additional external hardware to manage the television tuning function, which is handled differently in satellite and IPTV networks than it is in cable systems. (See All About the FCC's AllVid.)

For all of the technical complexity of the DSTAC's task, the business problems may prove even more intractable. After five months of debate, committee members are still arguing about how to define basic pay-TV service. Traditional operators contend that their service isn't just the video streams they provide, but also elements like the interactive program guide, interactive features like headline tickers and community service features like emergency alerts.

In reviewing the use cases for downloadable security technology, one DSTAC working group outlined the issues involved in the "tuning and viewing of a linear channel" and used the headline ticker feature as a sample component within that use case.

However, Amazon's Chaboud suggested that the inclusion of a headline ticker as part of the description of an engineering use-case for something as basic as the TV tuning function was ridiculous, calling it "way off the path" from what the group should be examining. Adding a little more color to the argument, Chaboud said the group might as well put "bake a potato" on the list.*

Amazon is also one of the companies that sent a letter to the FCC in May stating that the agency shouldn't allow the advisory committee to develop recommendations in a way that would create a "walled-garden approach" to pay-TV services. In other words, retail companies should be able to develop their own added-value features on top of pay-TV content without having to include all of the elements -- like headline tickers -- that pay-TV providers would like to define as fundamental to their services.

Service providers counter that CE companies are trying to address issues outside the scope of the DSTAC's mission. In a letter to the FCC in April, all of the major US pay-TV providers and several critical vendors in the industry cautioned that the DSTAC was "veering into areas that are well outside its statutorily-defined charter."

The next and final DSTAC meeting is scheduled for August 4, at which time the committee should be ready to put the finishing touches on its recommendations. However, it's hard to believe that the group will reach a consensus by then. The different factions in the DSTAC are still worlds apart.

— Mari Silbey, Senior Editor, Cable/Video, Light Reading

*Note: The section of text referencing the TV tuning use case was edited slightly after initial publication for purposes of clarity.

About the Author(s)

Mari Silbey

Senior Editor, Cable/Video

Mari Silbey is a senior editor covering broadband infrastructure, video delivery, smart cities and all things cable. Previously, she worked independently for nearly a decade, contributing to trade publications, authoring custom research reports and consulting for a variety of corporate and association clients. Among her storied (and sometimes dubious) achievements, Mari launched the corporate blog for Motorola's Home division way back in 2007, ran a content development program for Limelight Networks and did her best to entertain the video nerd masses as a long-time columnist for the media blog Zatz Not Funny. She is based in Washington, D.C.

Subscribe and receive the latest news from the industry.
Join 62,000+ members. Yes it's completely free.

You May Also Like