Slashdot Mirror
Open Cable Standard Not So Open
Mike Hicks writes "A few days ago, I heard about the FCC approving new rules for standardizing digital cable in the US. This involved using a set top box or tuner integrated into a TV along with a smart card (much like digital satellite services). Unfortunately, it looks like the standard (believed to be OpenCable) is meant to tightly control the hardware and software that can be used, probably making any open-source implementation very difficult if not impossible. I seem to be having a case of deja vu"
TiVo is fine. You should be surprised to learn that the TiVo from DirecTV is a one box solution - it does the decryption and recording all by itself. TiVo is careful not to piss off the networks, cable providers, and FCC so they are able to market products like this. Hopefully they'll be able to release something like the combo unit for digital cable once it becomes standardized.
OpenCable uses MHP for its middleware, it's based on Java and all the specs are available from ETSI, open implementations should be possible, of course this is only part of OpenCable but if everything is encrypted to start with it doesn't matter if you can implement open versions, you're stuffed (until its broken).
I hear ya. I have a DCT2000 and it's the worst piece of garbage ever made. You can make your own PVR for them though. Check out http://www.mythtv.org. Someone in the forums there figured out how to talk to a DCT2000 using the serial data port.
Also, most cable systems aren't using an open standard on their digital cable right now.
no but they are using a compatable standard.....
Comcast and Charter both use the motorola system.
and parts of Time Warner also use it.
Do not look at laser with remaining good eye.
While I agree, there are a rather large number of people who can't get satellite due to the birds being obstructed by landscape, buildings, or orientation (the latter mostly if you're in an apartment/condo). I'm one of them -- you have no idea how much I'd like to ditch my cable company or how long I've wanted to.
I've had DirecTV installers come out to my house twice... both times they said the sats were obscured by trees. Which trees? Well, since they gave me different answers I don't know. I'd be willing to cut down the trees in the way (70-80' tall southern pine), but I'm not going to cut down more than I need to. I know the direction and inclination of the sats, but that really doesn't help much -- there's a half dozen or so trees that could be an issue and a vague compass reading isn't going to help.
So I, and many others, are stuck with cable.
There's also the issue that this is going to be very harmful to the satellite business -- in a few years you'll be able to use cable directly with your TV, no box. Sat. vendors will still be using boxes, and they're a serious negative for the public both in expense and increased complexity. Both Echostar and DirecTV have already lambasted the new standard for being set without their input.
Look, here's the deal. In the United States, the Set-Top Box (STB) market is dominated by Motorola and Scientific Atlanta. Between the 2 of them, they have about 90% of the total STB sales here. This is for mostly historical reasons, but the way they hold onto it now is that they have monopolies on the conditional access (content protection) systems, which are hardwired into the boxes.
The cable companies (Comcast, Time Warner, et al) want to open up the standards provided to set top box manufacturers so that consumer electronics companies (Sony, Samsung, et al) can compete with Moto and SA for the business, driving the prices for STBs down. STBs are one of the largest capital costs/subscriber acquisition costs for a cable company. The secondary goal (beyond lower STB prices) is moving the STB purchase into the retail chain, so that cable companies don't have to carry that burden unless they want to). The way they plan to do that is a conditional access module in the form of a PCMCIA card (more or less), which the user purchases or leases from their cable company, and repurchases or leases if they move with the STB they own.
So "Open" is only "Open compared to the current system, which is completely closed." It doesn't mean what the typical slashdot reader would think it does.
I want to explain something to you....
if you call motorola and ask "can I buy a DCT 5000? they will say NO.
they only sell to cable TV companies.
Cable TV companies DO NOT sell the boxes.
therefore, if you buy a Digital Cable TV box such as the DCT 3000 or the DCT 5000 then YOU BOUGHT STOLEN GOODS and therefore it's illegal for you to own it.
Unless in canada the laws say you can buy all the stolen goods you want.... if so can you go rob a few people for me? I'm looking for some video equipment...
The cable companies can't do it either. Just like the satellite setup, the cable company broadcasts all channels to all users, and it's the set top box that does the decoding.
(That's how the "digital cable descramblers" -- the ones that purport to let you watch PPV for free -- work. You order the PPV as normal, and they block the set top from sending the notification back to the cable company -- but the cable box still descrambles the show.)
Even with the cable modem, all cable modems will receive packets for other cable modems in the same area; they just ignore them. The laid cable simply doesn't have the capacity to send to one user directly.
It is not illegal for you to own a digitial cable box. However, the manufacturers of digitial boxes do not sell to consumers, and cable companies have so far only been renting boxes to customers. Therefore, it is very difficult to own a digital cable box legally, but the act itself is not illegal.
This is presuming that your cable company hasn't disabled the serial port.
Mine has.
Otherwise I could use my TiVo to change channels via serial port, which is an officially supported feature in Series2 boxes, and a (fairly trivial) hack in Series 1 boxes.
Explain to me HOW it costs them $55/mo to send me 70 channels?
simple.. 4.8 billion dollars in the headend in equipment.
EVERY ONE of those channels you bitch about FORCES the cable company to pay for "carry rights" from $100.00 a month to over $1500.00 a month per X subscribers for the popular stations. and then you have channels like Discovery that REQUIRE you carry the other 10 crap channels of theirs if you carry Discovery.
It's fricking expensive. and it's a fricking legal nightmare as well as PHB's trying to see how much more they can squeeze out of the customers just so they look like they do something at the company.
bottom line? Get a DISH + DSL if you can. Espically in a Comcast area.....
spoken anon by a insider... I wouldnt have my companies services if I didnt get them for free.. It's horribly overpriced.
In the UK, we have Smartcards tied to the customer, plugged into the set-top box. I believe that it is impossible for the Set top box (STB) to decrypt the signal comming in, without accessing the key from the smartcard. The smartcard is fed encrypted packets that the STB cann't understand, but these packets are decrypted and recognised by the card to mean things like 'Active channel' or 'suspend service', or 'Key for the next 10 seconds on this channel is xxxx'.
With this setup, I can't see why open source can't be used. The only way the open source program can decrypt a particular channel, is by access to the key, which it does by querying the card. This card is under full control of the cable/satellite services, who will still be able to dictate if you are able to watch a channel or not.
Now, if you had full control over the box's hardware, how difficult could it be to rig something up that grabs any channel you want it to?
Very difficult if the system is setup correctly and you have two-way communication plus neighborhood segmentation.
Step 1. Encrypt each block of channels on a neighborhood by neighborhood basis.
Step 2. Distribute smart cards with unique private keys signed by the cable company.
Step 3. Change channel block keys once per hour.
Step 4. Setup key distribution system whereby the cable box requests a new channel block decryption key once per hour using its private key to sign a request.
This system makes it fairly difficult to steal cable. If you try to clone someone else's cable box private key, the cable company will see a duplicate channel block key request.
You can't modify your cable box to ask for say, the HBO channel block key because your private key itself won't be authorized by the key distribution servers at your cable company.
You could setup an online key distribute system to dup your key out to other people in your neighborhood, but it would be limited to people in your neighborhood (since other neighborhoods have different keys).
Hell, this is how the wireless encryption/authentication WPA/802.1x EAP-TLS works come to think of it (minus the smart card itself since technically it isn't needed for anything but a handy storage device).
Of course I could be missing something obvious.
The world is neither black nor white nor good nor evil, only many shades of CowboyNeal.
No, you've missed the point! I wrote the email that was quoted in this article, so I have a vested interest in clearing this up.
OpenCable has gone through great lengths to decouple the decoding/display/application stuff from decryption and access control mechanism. Encryption and Access Control is handled by the cable company's POD (Point Of Deployment) module which will take the form of a removable PCMCIA card or similar. Each cable company could implement different encryption and access control systems by using different POD modules, so even if one system is hacked there would be others.
The main point here, though, is that you're not handing the "hackers" the "keys" to the decryption system any more than you are by giving them a modern digital cable box. It's just a shame to build a system that would otherwise be so perfect for an open-source implementation and then lock it down due to DRM (instead of technological) concerns.
Chris
The only thing that has somewhat stemmed the cable TV piracy problems is that it's illegal for you to own a Digital Cable box. if you bought one off ebay then you bought stolen goods.
Not hardly. Various cable operators in the US and Canada offer cable boxes to their customers in lieu of rental (my old one, ATTBI in Boston, certainly sold DCT2000's for about 300 a pop).
Anyone who sells their rental cable box instead of returning it gets hit for the cost, again about 300 bucks (even for decrepit power-surged General Instrument boxen).
So don't believe the propaganda, and read the Telecommunications Act from '96 for yourselves, okay?
> My comment can be quoted whenever, wherever, so long as you bloody well provide attribution! >
CableLabs(R) OpenCableTM
Confidential Information Access Agreement
In consideration of being given access to certain non-public information relating to the development of a new generation of
set-top boxes that are interoperable that is (1) is marked "confidential," (2) resides in the vendor-only partition of the web
site, www.opencable.com (3) is designated as subject to this agreement, or (4) is oral information that is later confirmed in
writing as Information hereunder (the "Information"), the undersigned (the "Recipient") agrees as follows:
THE RECIPIENT AGREES THAT THE INFORMATION WILL BE KEPT CONFIDENTIAL AND SHALL NOT BE
DISCLOSED BY THE RECIPIENT IN ANY MANNER WHATSOEVER, IN WHOLE OR IN PART, AND SHALL NOT
BE USED OTHER THAN IN CONNECTION WITH THE CABLELABS OPENCABLE PROJECT. The Recipient shall be
responsible for any breach of this confidentiality by its affiliates, agents, employees, representatives, former affiliates, former
agents, former employees, and former representatives resulting from the Recipient's disclosure. Moreover, the Recipient
shall agree to transmit the Information only to its affiliates, agents, employees, and representatives who need to know the
Information for the purpose of participating in the CableLabs OpenCable Project and who are informed of the confidential
nature of the Information. Information shall not include information which: (i) was lawfully in the possession of the
Recipient prior to the Recipient receiving it hereunder, as shown by files of the Recipient in existence at the time the
Recipient received it, and at a time when the Recipient was under no obligation to CableLabs or any of its member
companies to keep such information confidential; (ii) is or becomes available in the public domain through no act of the
Recipient that violates this Agreement; (iii) is received by the Recipient from a third person or entity that is not known by the
Recipient to be sharing such information in violation of rights of CableLabs; (iv) is developed by or on behalf of the
Recipient without any use of the Information; (v) is at any time furnished to a third party by CableLabs without restrictions
on the third party's rights to disclose; or (vi) is used or disclosed by the Recipient in any manner after the third anniversary of
first receiving the Information. Recipient shall have the burden of proving the applicability of any of the exceptions in the
immediately preceding sentence that the Recipient claims may apply. Notwithstanding the above, the Recipient may disclose
the Information when and as required by law or regulation, provided that the Recipient first notifies the CableLabs in
sufficient time to allow for an opportunity to contest such required disclosure. Recipient shall observe and abide by all
policies of CableLabs, including the CableLabs Safety Manual, Handbook of Antitrust Guidelines, and the "Rules of
Engagement" as available on the CableLabs website and/or posted in the CableLabs laboratories, and such policies are
hereby are incorporated by reference in this Agreement.
While the Information provided is believed to be reliable, no representation is made by CableLabs as to the accuracy or
completeness of such Information. Each Recipient is urged to make its own evaluation of the Information provided. BY
RECEIPT OF THIS INFORMATION, THE RECIPIENT AGREES THAT CableLabs SHALL HAVE NO
RESPONSIBILITY FOR ANY MIS-STATEMENTS OR OMISSION OF FACT OR FOR ANY OPINION EXPRESSED
AND THE RECIPIENT RELEASES AND FULLY INDEMNIFIES CableLabs FROM ANY LIABILITY IN
CONNECTION WITH LOSS OR DAMAGES SUFFERED BY THE RECIPIENT RESULTING FROM THE
RECIPIENT'S USE OF THE INFORMATION PROVIDED.
Be careful that you're not buying one of the retarded EZD discs for $5. For those who don't know, an EZD is a self-destructing DVD that is only watchable for 48 hours after the disc comes into contact with oxygen. They're being marketed as the end of late fees (rental market). I think the stupid [Circuit City] DIVX discs were better, and they sucked. At least with DIVX the discs didn't go bad, so you don't have hordes of people throwing them out.
This is just taking the authentication module out of the digital box and standardizing it. This way, a costumer can purchase whatever set top box they want and use it with any cable company. Additionally, costumers will have the option to purchase televisions with digital tuners built in so they don't have to have an external box cluttering their entertainment center.
If you can create an opensource box that will communicate with the card as well as modulate and demodulate MPEG-II QAM and QPSK signals, go to it.
As for the copy protection issue: headends have planned for this for a long time. The option already exists in the headend's interface to copy protect a stream and has been there for years. I'd assume the reason they don't currently use it is due to the backlash they'd get from their customers.
Now opinionated, I would really love to know who the hell watches cable television on their PC's.
College students. TV cards are significantly cheaper than TV's, and it frees up a lot of space in your dorm room. A lot of rooms end up with one person having a TV and the other a TV card. Or even a TV and both having a TV card.
Also, I prefer using my computer instead of a VCR. Much easier than dealing with tapes.
Because if it's open spource, then the user has full access to all the code, and the data on the smartcard. With all this information, piracy will be trivial.
Not the data on the smartcard - that plugs into the POD, and the POD handles all the decryption.
there is something called encryption. Open standards do not mean you have all the keys to unencrypt anything you want.
There are two issues:
Having an open-source host doesn't directly help with (1) - you still can only watch channels that your POD will descramble. However, since you can compare the inputs & outputs, it may make it easier to reverse-engineer a POD so that you can do this.
However, an open-source implementation makes (2) trivial - you get the complete unencrypted compressed video signal. This is what the cable companies are worried about.
Don't blame the hardware, the problem with the DCT-2000 is software. I have two DCT-2000s at home with Comcast/ATTBI/Mediaone and they ARE terribly slow changing channels. A buddy of mine has a DCT-2000 in Rhode Island with Cox cable, which uses an entirely different software suite than Comcast and it flies. His DCT-2000 is comparable to DirectTV when it comes to changing channels.
From what I understand, these boxes are upgradable and can run a variety of different OSes, including (gasp!) Windows CE. I am not sure which OS Comcast (or Cox) uses, but it may be the difference.
While your posting does sorta fit the off-topic category, I must applaud your stand. My family is strongly considering a move close to yours. Our cable bill is over $40 now and to be perfectly honest, we are lucky if we watch 10 out of the 40-50 channels that are provided on a regular basis. We are very close to pulling the plug and saving the $400+ a year.
We would still enjoy local sporting events when televised (can you say rabbit ears), and movies but the rest is really unneeded.
See you outside.