CableCARD In-Depth

Atvtg writes "Ars Technica has an excellent article on CableCARD, and where it's heading. After discussing the history of the initiative and some of the technical details, they cover how CableCARD may meet its end shortly after the launch of 2.0 (the bi-directional spec) because of DCAS. The real surprise, however, is that CableLabs, which controls the CableCARD spec, has to certify computers to use CableCARDs for DVRs and the like. Ars points out that the upshot of this is that it will not be possible to build your own DVRs using CableCARDs. Will this kill the DIY market?"

Um, as a consumer there isn't much appeal

[jandrese]

So, the industry has been working on these cards since 1997 or so. The biggest hurdle seems to be how to encrypt the video stream umpteen times because they're dead paranoid about hackers. As a result, 8 years later, the technology is ready but is already outdated because consumers started demanding more from their cable provider (thank you TiVo) and the 1997 designed cards couldn't handle it.

Oh, the industry says, lets fix that in the 2.0 release. So they begin work on it. Unfortunatly, that's still vapor and it looks like the 2.0 release might be ready just about the time it's getting killed off by yet another technology.

Why does it take so long to develop these things? Well, a big reason is that they have to figure out new and exciting places to encrypt the datastream again. Also, there is a requirement to make it as annoying to the end user as possible by denying them the use of their DVRs and making it so you have to buy your computer from an OEM if you want to watch TV on it. At the end of the day, if the technology actually takes off, it will probably be hacked anyway (probably with mod chips/special remote codes for TVs and DVRs that enable the output regardless of state of the no-copy flag).

Basically, this is a technology that the cable companies didn't want to implement in the first place (Congress forced them to), and they've done everything in their power to make it unappealing to the end user to discourage adoption and let them extend the deadline passed by Congress and the FCC for as long as possible. It's also an example of DRM concerns basically killing what would otherwise be a pretty decent product.

DIY? No it will just move up a step

[Marxist+Hacker+42]

How BeyondTV looks like they may get around it is by having Haupage create a capture card computer with a USB 2.0 interface- thus they'll only need to certify the periphereal.....

Re:DIY

[jmp_nyc]

The DIY crowd will just record off the analog out, it's really at the "good enough" state anyway.

Not for HDTV. The advantage of cablecard is that it allows the device to directly access the compressed digital signal. Analog out is just fine for recording SDTV. If you want to record unencrypted HDTV, you won't get very much bang for your storage buck...
-JMP

Re:Short Answer, no

[spacefrog]

RTFA before posting. I know it's against the slashdot creedo, but read the damned article, man!

"That's right--only new PCs from certified vendors will accept a CableCARD. You can forget about buying a copy of Vista and an OCUR to roll your own solution--as ATI told us, their product will only be available in OEM systems, no doubt because of the certification issue."

Re:DIY

[plover]

The DIY crowd will just record off the analog out, it's really at the "good enough" state anyway.

Not an option. My cable box doesn't have an analog out for HDTV. It has an HDCP stream coming over the HDMI cable.

I was perfectly happy with my analog-based ReplayTV, but it was relegated to the "little" TV once I got an HDTV set. I had to pay to lease the Comcast DVR cable box since it's the only game in town for recording HDTV. However, it sucks -- the software is more buggy than the ReplayTV software ever was, and the interface is much less friendly than the ReplayTVs. Plus, with the cable company firmly in control, they don't let me do things like "hide" unwanted channels. Like I'm ever going to watch QVC, or why I'd want to skip over 60 pay-per-view sports slots that I'll never watch?

Yes, my TV has a CableCard slot, and yes, it's most likely going to sit there unused forever. I want a DVR more than I want "one less component".

I'm thinking of buying an HDCP decoder so I can build my own DVR using the cable box anyway. But those decoders are still about 400 euros.

Re:Short Answer, no

[Otto]

"as ATI told us, their product will only be available in OEM systems, no doubt because of the certification issue."

Which means that somebody buys the OEM parts in bulk and sells them individually. Licensing be damned, people find a way around silly restrictions like this.

If there's no actual technological problem, then the DIYers will make it happen.

Re:Layer upon layer of encryption sounds so much..

[djohnsto]

Umm, it's not layer upon layer. It's the same encryption with different keys at different times. One set of keys for the cable transmission. One set of keys from the cable-card to the host decoder. One set of keys from the decoder to the display device (if the decoder is not in the display device). None of them are weak encryption. The HDCP system used from the decoder to the display device has been in use for about 3 years, no one has cracked it yet.

Having said all that, I'm not really looking forward to our digital future. :(

Re:Short Answer, no

[InsaneGeek]

Microsoft Vista received certification but it requires a "Trusted Computing" compliant PC. i.e. a PC that is hardened to basically an appliance level. Anything going in or out must conform to certain specifications anything modified and the system will no longer. You will not be able to just buy an OEM system and modify it to your own will. Some things will be allowed: install your own apps, etc but any incoming encrypted content saved has to be encrypted on disk using physical on board chips to decrypt, anything going out will either be down-rezed to 480p or have a properly talking 5C/HDCP encryption device on the other end.

The chips themselves are only allowed to be sold to companies who have a certified solution. You can't get the chips in bulk, you can't even buy them without a license. Unless you can rip the basic equivalent of the CPU off a motherboard, solder it onto a DIY device and then create your own drivers for it you are not going anywhere. Theoretically I could rip off a 5C chip off an existing JVC deck (they've been out for a few years) try to reverse engineer it and slap it onto my own specially created circuit board, but I can tell you it ain't happening.

OCAP developed before DCAS

[gordona]

The article gets most things right, except the part regarding OCAP--the middleware layer that permits interoperability. OCAP was developed long before DCAS and its purpose was not to enable DCAS but to enable retail interoperability. The CableCard enabled set top boxes or TVs to operate on any network, because SA networks, used primarily by Time Warner Cable, are not compatible with Motorola networks (used primarily by Comcast). The CableCard removes the network dependencies from the receiver. Along with a variety of other features, OCAP enables the network independent receiver to actually be able to tune to programs on specific network, because the electronic program guide data is proprietary to the network. Thus, the cable operator will write a specific application that will run on top of the OCAP middleware on any receiver on its network that will decode the proprietary guide data to enable an interactive program guide for program selection.

Re:DIY

[object88]

The DIY crowd will just record off the analog out,...

What makes you think there will be an analog out? They're going to digitally encode the signal going from the converter into the television, or whatever other device, to prevent exactly that. Are you sure you read the article? Let's quote said article:

So far, so good, right? Now we have a clear MPEG-2 stream ready for viewing--which is why the CableCARD re-encrypts the signal using the keys that it has already exchanged with the host device. This is to prevent hackers from using the CableCARD to decrypt the signal and then outputting it in a clear and easy-to-capture format. The newly-encrypted signal is passed to the host, which (if it's a TV) decrypts the signal using the shared key it has generated with the CableCARD and displays the stream for your viewing pleasure.

"But what about a DVR?" you ask, and with good reason. The cable company did not build all this encryption into the product only to see it thwarted by a digital video recorder that outputs an unencrypted HDTV signal to the television. Therefore, if the host device is not a display device, it is required to encrypt the video stream yet again for transmission to another device.

CableCards extend the cable monopoly

[MrFlibbs]

The really annoying thing about cablecards is that they were supposed to break the cable company's monopoly on set-top boxes. But as the article says, the existing 1.0 cablecard spec sucks so badly it makes the cable company's STB the only viable option for almost all users. With a cablecard inserted in your TV, you must live with these limitations:

1) No interactive menu.
2) No pay-per-view.
3) No DVR. (No HD DVR at all, and even SD recording requires that you route the TV outputs into your recording device and back in through an unused input. This is both ugly and inconvenient.)

Meanwhile, the cable company can rent you a box that does all of these things, including HD recording. The crappy cablecard 1.0 spec guarantees there will be no competition. Essentially, the intention of opening the STB market up to competion has been completely circumvented.

Although the article points out that things will get better in 2008, the cable companies will still be in control since they'll own the software you must run to decrypt the signal. It might be possible to use your (OEM-only) PC of choice with your (certified Trusted Computing) software of choice, but the content providers will still be calling the shots.

Not so simple (was: Re:Um, as a consumer...)

[hormiga]

Not so simple.

OCAP defines a set of APIs, but it is not dependent on CableCard or on DCAS. There is some independence from the underlying security implementation.

CableCard is technically difficult, which has led to delays. However, the main reason DCAS will supplant CableCard is that it's cheaper, and it probably will be more secure. Cheaper is better for everyone.

Like most other DRM security schemes, DCAS is being designed in secret without open peer review. Some of those other schemes are known to be broken, some are incorrectly assumed not to be broken, and some are ludicrously close to being broken. The soft DCAS model may stay ahead of crackers only because it can change mechanisms in the field, not because it is inherently more secure. It will remain a cat and mouse game.

The MSOs (cable companies) make their money by selling premium content and services. They don't make much from basic TV. For years, they have been at the mercy of the hardware oligopoly selling cable boxes and headend equipment. Even within the product line of a single vendor, there are severe incompatibilities. This equipment is expected to last decades in the field (the low price customers get the old equipment), and it must be supported. This leaves MSOs at the mercy of only a few vendors selling incompatible equipment, depreciating as innovation accelerates. To sell the premium content and services, they need new equipment, but don't like being locked in to the hardware oligopoly.

The idea behind OCAP is a platform to enable portable applications on a variety of platforms, which will enable the MSOs to sell more content and services. This would break the hardware oligopoly. Also, it would allow the cable companies to get out of the hardware business, because the customers will be able to buy equipment at retail, and the MSOs won't be stuck with an inventory of aging STBs.

Historically, this grew out of an idea from the late 1980s, to make STBs like telephones: you can plug any telephone into any phone jack, and it works. You buy your phones at retail. STBs should be the same way: you should be able to buy your STB at a store, and it should work with any cable equipment.

This is both good and bad for the hadware oligopoly. On the one hand, it breaks their lock on their customer base. On the other hand, it allows them to encroach on the customer base of the few competitors they have. The result is that STB vendors want to keep a lock on the existing customers so they offer premium features that aren't portable (don't run under OCAP) while offering OCAP to satisfy minimal requirements. Being typical firms, they are risk averse, since the legal and economic structure penalizes genuine competition, so the focus is mostly on preserving existing standards while taking baby steps toward meeting new ones. While at each vendor they talk about existing competitors, though, the real threat is from foreign electronics companies: when the standards become open, then which companies dominate the consumer markets?

Everyone is being dragged kicking and screaming into the new regime: content providers are terrified of having their product stolen, the oligopoly sees new competitors just over the hill, the politicians are anxious not to lose some of their biggest bribe givers (a.k.a. contributors and supporters), and consumers are losing their fair use rights in the bargains begin made.

Cable boxes aren't rocket science, but they aren't as simple as cell phones, either. There is a lot happening in a state of the art STB. However, one of the reasons they are as difficult to get right as they are, is that they are based on the secret, internal, proprietary standards of the oligopoly. You can build a missile or computer or a nuclear bomb or a lot of other complicated things from information lying around in books or on the internet, but you can't interoperate with the oligopoly's equipment except through license agreements and NDAs. You can't just hire an average real time systems engineer

Less FUD, more truth

[teebob21]

Finally! A topic on /. that I have some experience with!! As a cable technician, I deal with this particular headache at lease 10 times a week.

Cablecards are an example of what happens when Congress decrees that a certain service provider must provide the service Congress's way, instead of letting the service provider do it in a way that is guaranteed to work. CableLabs created the cards with a specific set of requirements for the firmware for correct operation. Some companies (LG for example) wrote their TV firmware along the direct specification. Other companies, such as Sony, Sharp and Mitsubshi took the liberty to write their firmware however they damn well pleased. In fact, we have an entire binder full of TV makes and models with known firmware issues.

I've never seen a problem using a Cablecard in an LG TV; it's pretty much plug it in, wait for the authorization numbers to display on screen and call them into the office for initialization. If I had the cash for a flat panel plasma to hang in my living room, it would be an LG, and I would get a Cablecard for it. Other brands, however, present a wide variety of issues. For example, any channel in our lineup that uses a 64 QAM data stream will no properly display on a Mitsubishi TV.

Another problem is in the specifications: Cablecards are one-way devices. They do not operate along the return path, which means no Video-on-Demand, no interactive pay-per-view, and so on. You're also stuck with the interactive guide that your TV firmware came with. Troubleshooting these ALWAYS requires a truck roll, because since they are one-way only, we can't hit them from the office to return an error message like we can with our DCTs. (We use the exact same boxes shown in TFA).

In response to some of the comments made about a MSO-issued settop box, we don't charge the monthly equipment fee for our digital equipment to milk more money out of customers; we do it to attempt to break even. A typical MSO loses anywhere between $75 to $100 per average digital subscriber due to failure to use common sense. Last week, I replaced a $500 DVR for a woman (at no cost to her) who had started putting her old newspapers on top of the box. It eventually overheated and died. I asked her why she had put them there, and she said, "Because my computer monitor got too hot with them on top of it, and I didnt want that to burn up." And just today, I replaced $700 of equipment for a family that had moved. They put their equipment in a box in the kitchen, and proceeded to improperly attach a dishwasher hose and flooded their own house.

Anyhow, back on topic, cable companies will try to steer you away from the Cablecards to their equipment because they know it will work. If our equipment isnt working, we replace it and make it work. With Cablecards, we are stuck trying to make third-party firmware play nice with someone's TV.