The cable industry has changed its tune about plug-and-play. As written, the FCC's plug-and-play order has too many security loopholes, the likes of which hackers are just waiting to jump through, the National Cable Telecommunications Association (NCTA) contends.
In a petition filed with the FCC just after Christmas, the NCTA requested "reconsideration or clarification" of the order. Specifically, the cable lobby seeks tighter testing and PSIP requirements for plug-and-play compliant devices.
Under the current order, such devices are supposed to have a slot for a CableCARD, the cable industry's trademarked moniker for its point-of-deployment (POD) security component. CableCARD is a PCMCIA-sized successor to the set-top box, and is intended to provide conditional access without all those costly truck rolls.
Any plug-and-play device - from a digital TV set to a DVR -- can be a "host" to a CableCARD, and it is this POD-host interface that concerns the NCTA. Where the set-top is a proven bulwark of security, the POD-host interface could end up being the techno-equivalent of the a couple of bungee cords and a tarp.
That's because, the NCTA petition states, the FCC's order requires only that plug-and-play devices be tested by any independent lab with personnel "knowledgeable" in the Joint Test Suite defined by CableLabs. What's more, the order doesn't even require that a device pass the test or be certified before it hits the market, but rather that it be retested should it fail. It also allows for a sort of legacy certification for any device manufactured after the first device passes muster. That is, if a company gets a DVR certified, a subsequently manufactured DTV would be automatically certified.
The NCTA emphasized that the viability of the entire cable business was at stake.
"The importance of making this system work cannot be overstated," the NCTA stated. "CE manufacturers have never before built integrated DTVs with digital cable set-top box functionality built inside, and they have never been responsible for protecting the copy control signals and business models that make the industry work."
The petition went on to contend that only CableLabs could provide a competent and appropriate testing ground for new plug-and-play devices.
"The testing and certification of 'plug and play' products is not one that may be satisfied in a garage," NCTA attorneys wrote in a fit of creative pique. "CableLabs was an obvious selection for testing and certification."
The NCTA requested three clarifications regarding PSIP (Program System Information Protocol), an ATSC voluntary standard that includes important data about a broadcaster's DTV signal. The first involves rewriting the rule prohibiting cable operators from carrying more than 12 hours of PSIP event information. The second has to do with language that could require cable operators to correct ATSC noncompliant PSIP data provided by programmers. The third is a dictate that cable operators must describe all services in the PSIP stream, instead of just audio/video services carried in-the-clear.
"NCTA suggests slight changes of working to clarify the rules' intention and avoid misunderstanding," the association told the FCC.
